[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Home directories blank in diskless workstations

On Wed, Mar 04, 2015 at 06:38:43PM +0530, uday bhatye wrote:
> remaining things in the file are like
> [libdefaults]
>         default_realm = reached
> ...
> ....
> ....
> [domain_realm]
>         intern = reached
>         .intern = reached

IIRC these 'reached' entries are created if name resolution is too slow 
or failing. Then the last word of some error output like 'no servers 
could be reached' is put into the file instead of the right server name.
> I used http://ftp.skolelinux.org/skolelinux-cd/debian-edu-7.1+edu0-USB.iso
> with verified checksum for install but no internet connection during
> install.

Most probably the missing internet connection is the reason for the 
failing name resolution. If i remember correctly I faced the same 
problem some time ago.
> Now many users are using the system

> If something has went wrong in install, is there any way to detect/correct
> it before it comes to jessie upgrade?

Run 'debian-edu-test-install' and check the output. But I'm almost sure 
that this 'reached' issue is the only wrong thing.

You should be able to create the correct file this way:

(1) Enter the LTSP chroot: ltsp-chroot -a i386
(2) Run '/usr/share/debian-edu-config/tools/sssd-generate-config -k > /etc/krb5.conf
(3) Run 'exit' to leave the chroot.

The content of /opt/ltsp/i386/etc/krb5.conf should be like this:
# Generated using /usr/share/debian-edu-config/tools/sssd-generate-config -k
	default_realm = INTERN

# The following krb5.conf variables are only for MIT Kerberos.
	krb4_config = /etc/krb.conf
	krb4_realms = /etc/krb.realms
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

#	default_tgs_enctypes = des3-hmac-sha1
#	default_tkt_enctypes = des3-hmac-sha1
#	permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
	v4_instance_resolve = false
	v4_name_convert = {
		host = {
			rcmd = host
			ftp = ftp
		plain = {
			something = something-else
	fcc-mit-ticketflags = true

		kdc = kerberos 
		admin_server = kerberos 

        intern = INTERN
        .intern = INTERN

	krb4_convert = true
	krb4_get_tickets = false


Attachment: signature.asc
Description: Digital signature

Reply to: