On Wed, Mar 04, 2015 at 06:38:43PM +0530, uday bhatye wrote:
>
> remaining things in the file are like
>
> [libdefaults]
> default_realm = reached
> ...
> ....
> ....
>
> [domain_realm]
> intern = reached
> .intern = reached
IIRC these 'reached' entries are created if name resolution is too slow
or failing. Then the last word of some error output like 'no servers
could be reached' is put into the file instead of the right server name.
> I used http://ftp.skolelinux.org/skolelinux-cd/debian-edu-7.1+edu0-USB.iso
> with verified checksum for install but no internet connection during
> install.
Most probably the missing internet connection is the reason for the
failing name resolution. If i remember correctly I faced the same
problem some time ago.
> Now many users are using the system
Great.
> If something has went wrong in install, is there any way to detect/correct
> it before it comes to jessie upgrade?
Run 'debian-edu-test-install' and check the output. But I'm almost sure
that this 'reached' issue is the only wrong thing.
You should be able to create the correct file this way:
(1) Enter the LTSP chroot: ltsp-chroot -a i386
(2) Run '/usr/share/debian-edu-config/tools/sssd-generate-config -k > /etc/krb5.conf
(3) Run 'exit' to leave the chroot.
The content of /opt/ltsp/i386/etc/krb5.conf should be like this:
---------------------------------------------------------------------------
# Generated using /usr/share/debian-edu-config/tools/sssd-generate-config -k
[libdefaults]
default_realm = INTERN
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following encryption type specification will be used by MIT Kerberos
# if uncommented. In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).
# default_tgs_enctypes = des3-hmac-sha1
# default_tkt_enctypes = des3-hmac-sha1
# permitted_enctypes = des3-hmac-sha1
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
fcc-mit-ticketflags = true
[realms]
INTERN = {
kdc = kerberos
admin_server = kerberos
}
[domain_realm]
intern = INTERN
.intern = INTERN
[login]
krb4_convert = true
krb4_get_tickets = false
----------------------------------------------------------
Wolfgang