<html>
<head>
<title>Petter Reinholdtsen</title>
- <link rel="stylesheet" type="text/css" media="screen" href="style.css">
- <link rel="alternate" title="RSS Feed" href="index.rss" type="application/rss+xml">
+ <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
+ <link rel="alternate" title="RSS Feed" href="http://people.skolelinux.org/pere/blog/index.rss" type="application/rss+xml">
</head>
<body>
<div class="title">
<h1>
- <a href="">Petter Reinholdtsen</a>
+ <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
</h1>
<div class="entry">
- <div class="title"><a href="Thoughts_on_roaming_laptop_setup_for_Debian_Edu.html">Thoughts on roaming laptop setup for Debian Edu</a></div>
- <div class="date">2010-04-28 20:40</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html">2 Spykee-roboter i hus, nå skal det lekes</a></div>
+ <div class="date">2010-08-18 13:30</div>
<div class="body">
-<p>For some years now, I have wondered how we should handle laptops in
-Debian Edu. The Debian Edu infrastructure is mostly designed to
-handle stationary computers, and less suited for computers that come
-and go.</p>
-
-<p>Now I finally believe I have an sensible idea on how to adjust
-Debian Edu for laptops, by introducing a new profile for them, for
-example called Roaming Workstations. Here are my thought on this.
-The setup would consist of the following:</p>
+<p>Jeg kjøpte nettopp to
+<a href="http://www.spykee-robot.com/">Spykee</a>-roboter, for test og
+leking. Kjøpte to da det var så billige, og gir meg mulighet til å
+eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
+ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
+en liten stabel på lager som de ikke hadde klart å selge ut etter
+fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
+vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
+det blir morsomt å se hva vi får ut av dette.</p>
+
+<p>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
+og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
+jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
+mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
+Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
+firmwaren. :)</p>
<ul>
-
- <li>During installation, the user name of the owner / primary user of
- the laptop is requested and a local home directory is set up for
- the user, with uid and gid information fetched from the LDAP
- server. This allow the user to work also when offline. The
- central home directory can be available in a subdirectory on
- request, for example mounted via CIFS. It could be mounted
- automatically when a user log in while on the Debian Edu network,
- and unmounted when the machine is taken away (network down,
- hibernate, etc), it can be set up to do automatic mounting on
- request (using autofs), or perhaps some GUI button on the desktop
- can be used to access it when needed. Perhaps it is enough to use
- the fish protocol in KDE?</li>
-
- <li>Password checking is set up to use LDAP or Kerberos
- authentication when the machine is on the Debian Edu network, and
- to cache the password for offline checking when the machine unable
- to reach the LDAP or Kerberos server. This can be done using
- <a href="http://www.padl.com/OSS/pam_ccreds.html">libpam-ccreds</a>
- or the Fedora developed
- <a href="https://fedoraproject.org/wiki/Features/SSSD">System
- Security Services Daemon</a> packages.</li>
-
- <li>File synchronisation with the central home directory is set up
- using a shared directory in both the local and the central home
- directory, using unison.</li>
-
- <li>Printing should be set up to print to all printers broadcasting
- their existence on the local network, and should then work out of
- the box with CUPS. For sites needing accurate printer quotas, some
- system with Kerberos authentication or printing via ssh could be
- implemented.</li>
-
- <li>For users that should have local root access to their laptop,
- sudo should be used to allow this to the local user.</li>
-
- <li>It would be nice if user and group information from LDAP is
- cached on the client, but given that there are entries for the
- local user and primary group in /etc/, it should not be needed.</li>
-
+<li><a href="http://en.wikipedia.org/wiki/Spykee">Wikipedia-oppføring</a></li>
+<li><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html">Nedlasting av firmware-kilden</a></li>
</ul>
-
-<p>I believe all the pieces to implement this are in Debian/testing at
-the moment. If we work quickly, we should be able to get this ready
-in time for the Squeeze release to freeze. Some of the pieces need
-tweaking, like libpam-ccreds should get support for pam-auth-update
-(<a href="http://bugs.debian.org/566718">#566718</a>) and nslcd (or
-perhaps debian-edu-config) should get some integration code to stop
-its daemon when the LDAP server is unavailable to avoid long timeouts
-when disconnected from the net. If we get Kerberos enabled, we need
-to make sure we avoid long timeouts there too.</p>
-
-<p>If you want to help out with implementing this for Debian Edu,
-please contact us on debian-edu@lists.debian.org.</p>
</div>
<div class="tags">
- Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="Great_book___Content__Selected_Essays_on_Technology__Creativity__Copyright__and_the_Future_of_the_Future_.html">Great book: "Content: Selected Essays on Technology, Creativity, Copyright, and the Future of the Future"</a></div>
- <div class="date">2010-04-19 17:10</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html">Rob Weir: How to Crush Dissent</a></div>
+ <div class="date">2010-08-15 22:20</div>
<div class="body">
-<p>The last few weeks i have had the pleasure of reading a
-thought-provoking collection of essays by Cory Doctorow, on topics
-touching copyright, virtual worlds, the future of man when the
-conscience mind can be duplicated into a computer and many more. The
-book titled "Content: Selected Essays on Technology, Creativity,
-Copyright, and the Future of the Future" is available with few
-restrictions on the web, for example from
-<a href="http://craphound.com/content/">his own site</a>. I read the
-epub-version from
-<a href="http://www.feedbooks.com/book/2883">feedbooks</a> using
-<a href="http://www.fbreader.org/">fbreader</a> and my N810. I
-strongly recommend this book.</p>
+<p>I found the notes from Rob Weir on
+<a href="http://feedproxy.google.com/~r/robweir/antic-atom/~3/VGb23-kta8c/how-to-crush-dissent.html">how
+to crush dissent</a> matching my own thoughts on the matter quite
+well. Highly recommended for those wondering which road our society
+should go down. In my view we have been heading the wrong way for a
+long time.</p>
</div>
<div class="tags">
- Tags: <a href="tags/english">english</a>, <a href="tags/fildeling">fildeling</a>, <a href="tags/nuug">nuug</a>, <a href="tags/opphavsrett">opphavsrett</a>, <a href="tags/personvern">personvern</a>, <a href="tags/sikkerhet">sikkerhet</a>, <a href="tags/web">web</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="Kerberos_for_Debian_Edu_Squeeze_.html">Kerberos for Debian Edu/Squeeze?</a></div>
- <div class="date">2010-04-14 17:20</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html">No hardcoded config on Debian Edu clients</a></div>
+ <div class="date">2010-08-09 20:15</div>
<div class="body">
-<p><a href="http://www.nuug.no/aktiviteter/20100413-kerberos/">Yesterdays
-NUUG presentation</a> about Kerberos was inspiring, and reminded me
-about the need to start using Kerberos in Skolelinux. Setting up a
-Kerberos server seem to be straight forward, and if we get this in
-place a long time before the Squeeze version of Debian freezes, we
-have a chance to migrate Skolelinux away from NFSv3 for the home
-directories, and over to an architecture where the infrastructure do
-not have to trust IP addresses and machines, and instead can trust
-users and cryptographic keys instead.</p>
-
-<p>A challenge will be integration and administration. Is there a
-Kerberos implementation for Debian where one can control the
-administration access in Kerberos using LDAP groups? With it, the
-school administration will have to maintain access control using flat
-files on the main server, which give a huge potential for errors.</p>
-
-<p>A related question I would like to know is how well Kerberos and
-pam-ccreds (offline password check) work together. Anyone know?</p>
-
-<p>Next step will be to use Kerberos for access control in Lwat and
-Nagios. I have no idea how much work that will be to implement. We
-would also need to document how to integrate with Windows AD, as such
-shared network will require two Kerberos realms that need to cooperate
-to work properly.</p>
-
-<p>I believe a good start would be to start using Kerberos on the
-skolelinux.no machines, and this way get ourselves experience with
-configuration and integration. A natural starting point would be
-setting up ldap.skolelinux.no as the Kerberos server, and migrate the
-rest of the machines from PAM via LDAP to PAM via Kerberos one at the
-time.</p>
-
-<p>If you would like to contribute to get this working in Skolelinux,
-I recommend you to see the video recording from yesterdays NUUG
-presentation, and start using Kerberos at home. The video show show
-up in a few days.</p>
+<p>As reported earlier, the last few days I have looked at how Debian
+Edu clients are configured, and tried to get rid of all hardcoded
+configuration settings on the clients. I believe the work to be
+mostly done, and the clients seem to work just fine with dynamically
+generated configuration.</p>
+
+<p>What is the point, you might ask? The point is to allow a Debian
+Edu desktop to integrate into an existing network infrastructure
+without any manual configuration.</p>
+
+<p>This is what happens when installing a Debian Edu client here at
+the University of Oslo using PXE. With the PXE installation, I am
+asked for language (Norwegian Bokmål), locality (Norway) and keyboard
+layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
+accept to reformat the hard drive (yes), if I want to submit info to
+popcon.debian.org (no) and root password (secret). After answering
+these questions, the installer goes ahead and does its thing, and
+after around 50 minutes it is done. I press enter to finish the
+installation, and the machine reboots into KDE. When the machine is
+ready and kdm asks for login information, I enter my university
+username and password, am told by kdm that a local home directory has
+been created and that I must log in again, and finally log in with the
+same username and password to the KDE 4.4 desktop. At no point during
+this process did it ask for university specific settings, and all the
+required configuration was dynamically detected using information
+fetched via DHCP and DNS. The roaming workstation is now ready for
+use.</p>
+
+<p>How was this done, you might wonder? First of all, here is the
+list of things that need to be configured on the client to get it
+working properly out of the box:</p>
+
+<ul>
+<li>IP address/netmask and DNS server.</li>
+<li>Web proxy URL.</li>
+<li>LDAP server for NSS directory information (user, group, etc).</li>
+<li>Kerberos server for PAM password checking.</li>
+<li>SMB mount point to access the network home directory. (*)</li>
+<li>Central syslog server to send syslog messages to. (*)</li>
+<li>Sitesummary collector URL to submit info to central server. (*)</li>
+</ul>
+
+<p>(Hm, did I forget anything? Let me knew if I did.)</p>
+
+<p>The points marked (*) are not required to be able to use the
+machine, but needed to provide central storage and allowing system
+administrators to track their machines. Since yesterday, everything
+but the sitesummary collector URL is dynamically discovered at boot
+and installation time in the svn version of Debian Edu.</p>
+
+<p>The IP and DNS setup is fetched during boot using DHCP as usual.
+When a DHCP update arrives, the proxy setup is updated by looking for
+http://wpat/wpad.dat and using the content of this WPAD file to
+configure the http and ftp proxy in /etc/environment and
+/etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
+hook to ensure that the client stops using the Debian Edu proxy when
+it is moved outside the Debian Edu network, and instead uses any local
+proxy present on the new network when it moves around.</p>
+
+<p>The DNS names of the LDAP, Kerberos and syslog server and related
+configuration are generated using DNS information at boot. First the
+installer looks for a host named ldap in the current DNS domain. If
+not found, it looks for _ldap._tcp SRV records in DNS instead. If an
+LDAP server is found, its root DSE entry is requested and the
+attributes namingContexts and defaultNamingContext are used to
+determine which LDAP base to use for NSS. If there are several
+namingContexts attibutes and the defaultNamingContext is present, that
+LDAP subtree is used as the base. If defaultNamingContext is missing,
+the subtrees listed as namingContexts are searched in sequence for any
+object with class posixAccount or posixGroup, and the first one with
+such an object is used as the LDAP base. For Kerberos, a similar
+search is done by first looking for a host named kerberos, and then
+for the _kerberos._tcp SRV record. I've been unable to find a way to
+look up the Kerberos realm, so for this the upper case string of the
+current DNS domain is used.</p>
+
+<p>For the syslog server, the hosts syslog and loghost are searched
+for, and the _syslog._udp SRV record is consulted if no such host is
+found. This algorithm works for both Debian Edu and the University of
+Oslo. A similar strategy would work for locating the sitesummary
+server, but have not been implemented yet. I decided to fetch and
+save these settings during installation, to make sure moving to a
+different network does not change the set of users being allowed to
+log in nor the passwords required to log in. Usernames and passwords
+will be cached by sssd when the user logs in on the Debian Edu
+network, and will not change as the laptop move around. For a
+non-roaming machine, there is no caching, but given that it is
+supposed to stay in place it should not matter much. Perhaps we
+should switch those to use sssd too?</p>
+
+<p>The user's SMB mount point for the network home directory is
+located when the user logs in for the first time. The LDAP server is
+consulted to look for the user's LDAP object and the sambaHomePath
+attribute is used if found. If it isn't found, the home directory
+path fetched from NSS is used instead. Assuming the path is of the
+form /site/server/directory/username, the second part is looked up in
+DNS and used to generate a SMB URL of the form
+smb://server.domain/username. This algorithm works for both Debian
+edu and the University of Oslo. Perhaps there are better attributes
+to use or a better algorithm that works for more sites, but this will
+do for now. :)</p>
+
+<p>This work should make it easier to integrate the Debian Edu clients
+into any LDAP/Kerberos infrastructure, and make the current setup even
+more flexible than before. I suspect it will also work for thin
+client servers, allowing one to easily set up LTSP and hook it into a
+existing network infrastructure, but I have not had time to test this
+yet.</p>
+
+<p>If you want to help out with implementing these things for Debian
+Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to
+detect Kerberos realm from DNS, by looking for _kerberos TXT entries
+before falling back to the upper case DNS domain name. Will have to
+implement it for Debian Edu. :)</p>
</div>
<div class="tags">
- Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="P___vegne_av_vanvitting_mange__Aftenposten_.html">På vegne av vanvitting mange, Aftenposten!</a></div>
- <div class="date">2010-03-06 21:15</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">Testing if a file system can be used for home directories...</a></div>
+ <div class="date">2010-08-08 21:20</div>
<div class="body">
-<p><a href="http://fotball.aftenposten.no/incoming/article163000.ece">Aftenposten
-melder</a> på forsiden av webavisen sin at de tror Erling Fossen
-provoserer nordlendinger med sine uttalelser på
-fotballtinget. Jeg er utflyttet nordlending, og må innrømme at jeg
-ikke kjennet så mye som et snev av provokasjon fra denne litt morsomme
-uttalelsen til Hr. Fossen. Lurer på om Aftenposten har noen kilder
-utenom redaksjonen for sin påstand om at nordledinger er provosert av
-Hr. Fossen. Må innrømme at jeg tviler på det.</p>
-
-<p>Det hele bringer tankene tilbake til Sture Hansen i Hallo i Uken.</p>
+<p>A few years ago, I was involved in a project planning to use
+Windows file servers as home directory servers for Debian
+Edu/Skolelinux machines. This was thought to be no problem, as the
+access would be through the SMB network file system protocol, and we
+knew other sites used SMB with unix and samba as the file server to
+mount home directories without any problems. But, after months of
+struggling, we had to conclude that our goal was impossible.</p>
+
+<p>The reason is simply that while SMB can be used for home
+directories when the file server is Samba running on Unix, this only
+work because of Samba have some extensions and the fact that the
+underlying file system is a unix file system. When using a Windows
+file server, the underlying file system do not have POSIX semantics,
+and several programs will fail if the users home directory where they
+want to store their configuration lack POSIX semantics.</p>
+
+<p>As part of this work, I wrote a small C program I want to share
+with you all, to replicate a few of the problematic applications (like
+OpenOffice.org and GCompris) and see if the file system was working as
+it should. If you find yourself in spooky file system land, it might
+help you find your way out again. This is the fs-test.c source:</p>
+
+<pre>
+/*
+ * Some tests to check the file system sematics. Used to verify that
+ * CIFS from a windows server do not work properly as a linux home
+ * directory.
+ * License: GPL v2 or later
+ *
+ * needs libsqlite3-dev and build-essential installed
+ * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
+*/
+
+#define _FILE_OFFSET_BITS 64
+#define _LARGEFILE_SOURCE 1
+#define _LARGEFILE64_SOURCE 1
+
+#define _GNU_SOURCE /* for asprintf() */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/file.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#ifdef TEST_SQLITE
+/*
+ * Test sqlite open, as done by gcompris require the libsqlite3-dev
+ * package and linking with -lsqlite3. A more low level test is
+ * below.
+ * See also <URL: http://www.sqlite.org./faq.html#q5 >.
+ */
+#include <sqlite3.h>
+#define CREATE_TABLE_USERS \
+ "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
+int test_sqlite_open(void) {
+ char *zErrMsg;
+ char *name = "testsqlite.db";
+ sqlite3 *db=NULL;
+ unlink(name);
+ int rc = sqlite3_open(name, &db);
+ if( rc ){
+ printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
+ sqlite3_close(db);
+ return -1;
+ }
+
+ /* create tables */
+ rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &zErrMsg);
+ if( rc != SQLITE_OK ){
+ printf("error: sqlite table create failed: %s\n", zErrMsg);
+ sqlite3_close(db);
+ return -1;
+ }
+ printf("info: sqlite worked\n");
+ sqlite3_close(db);
+ return 0;
+}
+#endif /* TEST_SQLITE */
+
+/*
+ * Demonstrate locking issue found in gcompris using sqlite3. This
+ * work with ext3, but not with cifs server on Windows 2003. This is
+ * done in the sqlite3 library.
+ * See also
+ * <URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
+ * POSIX specification
+ * <URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
+ */
+int test_gcompris_locking(void) {
+ struct flock fl;
+ char *name = "testsqlite.db";
+ unlink(name);
+ int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
+ printf("info: testing fcntl locking\n");
+
+ fl.l_whence = SEEK_SET;
+ fl.l_pid = getpid();
+ printf(" Read-locking 1 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 1;
+ fl.l_type = F_RDLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Read-locking 510 byte from 1073741826");
+ fl.l_start = 1073741826;
+ fl.l_len = 510;
+ fl.l_type = F_RDLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Unlocking 1 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 1;
+ fl.l_type = F_UNLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Write-locking 1 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 1;
+ fl.l_type = F_WRLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Write-locking 510 byte from 1073741826");
+ fl.l_start = 1073741826;
+ fl.l_len = 510;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ printf(" Unlocking 2 byte from 1073741824");
+ fl.l_start = 1073741824;
+ fl.l_len = 2;
+ fl.l_type = F_UNLCK;
+ if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
+
+ close(fd);
+ return 0;
+}
+
+/*
+ * Test if permissions of freshly created directories allow entries
+ * below them. This was a problem with OpenOffice.org and gcompris.
+ * Mounting with option 'sync' seem to solve this problem while
+ * slowing down file operations.
+ */
+int test_subdirectory_creation(void) {
+#define LEVELS 5
+ char *path = strdup("test");
+ char *dirs[LEVELS];
+ int level;
+ printf("info: testing subdirectory creation\n");
+ for (level = 0; level < LEVELS; level++) {
+ char *newpath = NULL;
+ if (-1 == mkdir(path, 0777)) {
+ printf(" error: Unable to create directory '%s': %s\n",
+ path, strerror(errno));
+ break;
+ }
+ asprintf(&newpath, "%s/%s", path, "test");
+ free(path);
+ path = newpath;
+ }
+ return 0;
+}
+
+/*
+ * Test if symlinks can be created. This was a problem detected with
+ * KDE.
+ */
+int test_symlinks(void) {
+ printf("info: testing symlink creation\n");
+ unlink("symlink");
+ if (-1 == symlink("file", "symlink"))
+ printf(" error: Unable to create symlink\n");
+ return 0;
+}
+
+int main(int argc, char **argv) {
+ printf("Testing POSIX/Unix sematics on file system\n");
+ test_symlinks();
+ test_subdirectory_creation();
+#ifdef TEST_SQLITE
+ test_sqlite_open();
+#endif /* TEST_SQLITE */
+ test_gcompris_locking();
+ return 0;
+}
+</pre>
+
+<p>When everything is working, it should print something like
+this:</p>
+
+<pre>
+Testing POSIX/Unix sematics on file system
+info: testing symlink creation
+info: testing subdirectory creation
+info: sqlite worked
+info: testing fcntl locking
+ Read-locking 1 byte from 1073741824
+ Read-locking 510 byte from 1073741826
+ Unlocking 1 byte from 1073741824
+ Write-locking 1 byte from 1073741824
+ Write-locking 510 byte from 1073741826
+ Unlocking 2 byte from 1073741824
+</pre>
+
+<p>I do not remember the exact details of the problems we saw, but one
+of them was with locking, where if I remember correctly, POSIX allow a
+read-only lock to be upgraded to a read-write lock without unlocking
+the read-only lock (while Windows do not). Another was a bug in the
+CIFS/SMB client implementation in the Linux kernel where directory
+meta information would be wrong for a fraction of a second, making
+OpenOffice.org fail to create its deep directory tree because it was
+not allowed to create files in its freshly created directory.</p>
+
+<p>Anyway, here is a nice tool for your tool box, might you never need
+it. :)</p>
</div>
<div class="tags">
- Tags: <a href="tags/norsk">norsk</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="After_6_years_of_waiting__the_Xreset_d_feature_is_implemented.html">After 6 years of waiting, the Xreset.d feature is implemented</a></div>
- <div class="date">2010-03-06 18:15</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html">Autodetecting Client setup for roaming workstations in Debian Edu</a></div>
+ <div class="date">2010-08-07 14:45</div>
<div class="body">
-<p>6 years ago, as part of the Debian Edu development I am involved
-in, I asked for a hook in the kdm and gdm setup to run scripts as root
-when the user log out. A bug was submitted against the xfree86-common
-package in 2004 (<a href="http://bugs.debian.org/230422">#230422</a>),
-and revisited every time Debian Edu was working on a new release.
-Today, this finally paid off.</p>
-
-<p>The framework for this feature was today commited to the git
-repositry for the xorg package, and the git repository for xdm has
-been updated to use this framework. Next on my agenda is to make sure
-kdm and gdm also add code to use this framework.</p>
-
-<p>In Debian Edu, we want to ability to run commands as root when the
-user log out, to get rid of runaway processes and do general cleanup
-after a user. With this framework in place, we finally can do that in
-a generic way that work with all display managers using this
-framework. My goal is to get all display managers in Debian use it,
-similar to how they use the Xsession.d framework today.<p>
+<p>A few days ago, I
+<a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
+to install</a> a Roaming workation profile from Debian Edu/Squeeze
+while on the university network here at the University of Oslo, and
+noticed how much had to change to get it operational using the
+university infrastructure. It was fairly easy, but it occured to me
+that Debian Edu would improve a lot if I could get the client to
+connect without any changes at all, and thus let the client configure
+itself during installation and first boot to use the infrastructure
+around it. Now I am a huge step further along that road.</p>
+
+<p>With our current squeeze-test packages, I can select the roaming
+workstation profile and get a working laptop connecting to the
+university LDAP server for user and group and our active directory
+servers for Kerberos authentication. All this without any
+configuration at all during installation. My users home directory got
+a bookmark in the KDE menu to mount it via SMB, with the correct URL.
+In short, openldap and sssd is correctly configured. In addition to
+this, the client look for http://wpad/wpad.dat to configure a web
+proxy, and when it fail to find it no proxy settings are stored in
+/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
+configured to look for the same wpad configuration and also do not use
+a proxy when at the university network. If the machine is moved to a
+network with such wpad setup, it would automatically use it when DHCP
+gave it a IP address.</p>
+
+<p>The LDAP server is located using DNS, by first looking for the DNS
+entry ldap.$domain. If this do not exist, it look for the
+_ldap._tcp.$domain SRV records and use the first one as the LDAP
+server. Next, it connects to the LDAP server and search all
+namingContexts entries for posixAccount or posixGroup objects, and
+pick the first one as the LDAP base. For Kerberos, a similar
+algorithm is used to locate the LDAP server, and the realm is the
+uppercase version of $domain.</p>
+
+<p>So, what is not working, you might ask. SMB mounting my home
+directory do not work. No idea why, but suspected the incorrect
+Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
+the cause. These are not properly configured during installation, and
+had to be hand-edited to get the correct Kerberos realm and server,
+but SMB mounting still do not work. :(</p>
+
+<p>With this automatic configuration in place, I expect a Debian Edu
+roaming profile installation would be able to automatically detect and
+connect to any site using LDAP and Kerberos for NSS directory and PAM
+authentication. It should also work out of the box in a Active
+Directory environment providing posixAccount and posixGroup objects
+with UID and GID values.</p>
+
+<p>If you want to help out with implementing these things for Debian
+Edu, please contact us on debian-edu@lists.debian.org.</p>
</div>
<div class="tags">
- Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="Digitale_b__ker_uten_digitale_restriksjonsmekanismer__DRM__b__r_f___mva_fritak.html">Digitale bøker uten digitale restriksjonsmekanismer (DRM) bør få mva-fritak</a></div>
- <div class="date">2010-03-03 19:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">Debian Edu roaming workstation - at the university of Oslo</a></div>
+ <div class="date">2010-08-03 23:30</div>
<div class="body">
-<p>Den norske bokbransjen har
-<a href="http://www.digi.no/823912/nei-til-moms-paa-e-boker">bedt om at
-digitale bøker må få mva-fritak</a> slik papirbøker har det, og
-<a href="http://www.digi.no/836875/moms-paa-alt-digitalt-innhold">finansdepartementet
-har sagt nei</a>. Det er et interessant spørsmål om digitale bøker
-bør ha mva-fritak eller ikke, og svaret er ikke så enkelt som et ja
-eller nei.
-<a href="http://www.digi.no/836925/norske-e-boker-truet-av-moms">Enkelte
-medlemmer</a> av bokbransjen truer med å droppe den planlagte
-lanseringen av norske digitale bøker med digitale restriksjonsmekanismer
-(DRM) som de har snakket om å gjennomføre nå i vår, og det må de
-gjerne gjøre for min del.</p>
-
-<p>Papirbøker har mva-fritak pga. at de fremmer kultur- og
-kunnskapsspredning. Digitale bøker uten digitale
-restriksjonsmekanismer (DRM) fremmer kultur- og kunnskapsspredning,
-mens digitale bøker med DRM hindrer kultur og kunnskapsspredning.
-Digitale bøker uten DRM bør få mva-fritak da det er salg av bøker på
-lik linje med salg av papirbøker, mens digitale bøker med DRM ikke bør
-få det da det er utleie av bøker og ikke salg.</p>
-
-<p>Jeg foretrekker å kjøpe bøker, og velger dermed å la være å bruke
-DRM-belastede digitale bøker. Vet ikke helt hva jeg ville være villig
-til å betale for å leie en bok, men tror ikke det er mange kronene.
-Heldigvis er det mye bøker tilgjengelig uten slike restriksjoner, og
-de som vil ha tak i engelske bøker kan laste ned bøker som er
-tilgjengelig uten bruksbegresninger fra <a href="http://www.archive.org/">The
-Internet Archive</a>. Der er det pr. i dag 1 889 313 bøker
-tilgjengelig. De er tilgjengelig i flere formater. Besøk
-<a href="http://www.archive.org/details/texts">oversikten over tekster
-der</a> for å se hva de har.
+<p>The new roaming workstation profile in Debian Edu/Squeeze is fairly
+similar to the laptop setup am I working on using Ubuntu for the
+University of Oslo, and just for the heck of it, I tested today how
+hard it would be to integrate that profile into the university
+infrastructure. In this case, it is the university LDAP server,
+Active Directory Kerberos server and SMB mounting from the Netapp file
+servers.</p>
+
+<p>I was pleasantly surprised that the only three files needed to be
+changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
+/etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
+(/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
+Most of the changes were to get the client to use the university LDAP
+for NSS and Kerberos server for PAM, but one was to change a hard
+coded DNS domain name in the mklocaluser hook from .intern to
+.uio.no.</p>
+
+<p>This testing was so encouraging, that I went ahead and adjusted the
+Debian Edu scripts and setup in subversion to centralise the roaming
+workstation setup a bit more and avoid the hardcoded DNS domain name,
+so that when I test this tomorrow, I expect to get away with modifying
+only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
+university servers.</p>
+
+<p>My goal is to get the clients to have no hardcoded settings and
+fetch all their initial setup during installation and first boot, to
+allow them to be inserted also into environments where the default
+setup in Debian Edu has been changed or as with the university, where
+the environment is different but provides the protocols Debian Edu
+uses.</p>
</div>
<div class="tags">
- Tags: <a href="tags/norsk">norsk</a>, <a href="tags/nuug">nuug</a>, <a href="tags/opphavsrett">opphavsrett</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="Debian_Edu___Skolelinux_based_on_Lenny_released__work_continues.html">Debian Edu / Skolelinux based on Lenny released, work continues</a></div>
- <div class="date">2010-02-11 17:15</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html">Circular package dependencies harms apt recovery</a></div>
+ <div class="date">2010-07-27 23:50</div>
<div class="body">
-<p>On Tuesday, the Debian/Lenny based version of
-<a href="http://www.skolelinux.org/">Skolelinux</a> was finally
-shipped. This was a major leap forward for the project, and I am very
-pleased that we finally got the release wrapped up. Work on the first
-point release starts imediately, as we plan to get that one out a
-month after the major release, to include all fixes for bugs we found
-and fixed too late in the release process to include last Tuesday.</p>
-
-<p>Perhaps it even is time for some partying?</p>
-
-<p>After this first point release, my plan is to focus again on the
-next major release, based on Squeeze. We will try to get as many of
-the fixes we need into the official Debian packages before the freeze,
-and have just a few weeks or months to make it happen.</p>
+<p>I discovered this while doing
+<a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
+testing of upgrades from Debian Lenny to Squeeze</a>. A few packages
+in Debian still got circular dependencies, and it is often claimed
+that apt and aptitude should be able to handle this just fine, but
+some times these dependency loops causes apt to fail.</p>
+
+<p>An example is from todays
+<a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
+of KDE using aptitude</a>. In it, a bug in kdebase-workspace-data
+causes perl-modules to fail to upgrade. The cause is simple. If a
+package fail to unpack, then only part of packages with the circular
+dependency might end up being unpacked when unpacking aborts, and the
+ones already unpacked will fail to configure in the recovery phase
+because its dependencies are unavailable.</p>
+
+<p>In this log, the problem manifest itself with this error:</p>
+
+<blockquote><pre>
+dpkg: dependency problems prevent configuration of perl-modules:
+ perl-modules depends on perl (>= 5.10.1-1); however:
+ Version of perl on system is 5.10.0-19lenny2.
+dpkg: error processing perl-modules (--configure):
+ dependency problems - leaving unconfigured
+</pre></blockquote>
+
+<p>The perl/perl-modules circular dependency is already
+<a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
+hopefully be solved as soon as possible, but it is not the only one,
+and each one of these loops in the dependency tree can cause similar
+failures. Of course, they only occur when there are bugs in other
+packages causing the unpacking to fail, but it is rather nasty when
+the failure of one package causes the problem to become worse because
+of dependency loops.</p>
+
+<p>Thanks to
+<a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
+tireless effort by Bill Allombert</a>, the number of circular
+dependencies
+<a href="http://debian.semistable.com/debgraph.out.html">left in Debian
+is dropping</a>, and perhaps it will reach zero one day. :)</p>
+
+<p>Todays testing also exposed a bug in
+<a href="http://bugs.debian.org/590605">update-notifier</a> and
+<a href="http://bugs.debian.org/590604">different behaviour</a> between
+apt-get and aptitude, the latter possibly caused by some circular
+dependency. Reported both to BTS to try to get someone to look at
+it.</p>
</div>
<div class="tags">
- Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="Danmark_g__r_for_ODF_.html">Danmark går for ODF?</a></div>
- <div class="date">2010-01-29 12:00</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html">First Debian Edu test release (alpha0) based on Squeeze is released</a></div>
+ <div class="date">2010-07-27 17:45</div>
<div class="body">
-<p>Ble nettopp gjort oppmerksom på en
-<a href="http://www.version2.dk/artikel/13690-breaking-odf-vinder-dokumentformat-krigen ">nyhet fra Version2</a>
-fra Danmark, der det hevdes at Folketinget har vedtatt at ODF skal
-brukes som dokumentutvekslingsformat i Staten.</p>
-
-<p>Hyggelig lesning, spesielt hvis det viser seg at de av vedtatt
-kravlisten for hva som skal aksepteres som referert i kommentarfeltet
-til artikkelen og
-<a href="http://www.version2.dk/artikel/13693-er-ooxml-doemt-ude-her-er-kravene-til-en-offentlig-dokumentstandard">en
-annen artikkel</a> i samme nett-avis. Liker spesielt godt denne:</p>
-
-<p><blockquote> Det skal demonstreres, at standarden i sin helhed kan
-implementeres af alle direkte i sin helhed på flere
-platforme.</blockquote></p>
-
-<p>Noe slikt burde være et krav også i Norge.</p>
+<p>I just posted this announcement culminating several months of work
+with the next Debian Edu release. Not nearly done, but one major step
+completed.</p>
+
+<blockquote>
+<p>This is the first test release based on Squeeze. The focus of this
+release is to test the user application selection. To have a look,
+install the standalone profile and let the developers know if the set
+of installed packages i.e. applications should be modified. If some
+user application is missing, or if there are some applications that no
+longer make sense to be included in Debian Edu, please let us know.
+Also, if a useful application is missing the translation for your
+language of choice, please let us know too.</p>
+
+<p>In addition, feedback and help to polish the desktop (menus,
+artwork, starters, etc.) is appreciated. We would like to ship a nice
+and handy KDE4 desktop targeted for schools out of the box.</p>
+
+<p>The other profiles should be installable, but there is a lot more
+work left to be done before they are ready, so do not expect to
+much.</p>
+
+<p>Changes compared to the lenny based version</p>
+
+<ul>
+<li>Everything from Debian Squeeze
+<ul>
+ <li>Desktop environment KDE 4.4 => the new KDE desktop in
+ combination with some new artwork
+ <li>Web browser Iceweasel 3.5
+ <li>OpenOffice.org 3.2
+ <li>Educational toolbox GCompris 9.3
+ <li>Music creator Rosegarden 10.04.2
+ <li>Image editor Gimp 2.6.10
+ <li>Virtual universe Celestia 1.6.0
+ <li>Virtual stargazer Stellarium 0.10.4
+ <li>3D modeler Blender 2.49.2 (new application)
+ <li>Video editor Kdenlive 0.7.7 (new application)
+</ul></li>
+<li>Now using Kerberos for password checking (migration not finished).
+ Enabled for:
+<ul>
+ <li>PAM
+ <li>LDAP
+ <li>IMAP
+ <li>SMTP (sender verification)
+</ul>
+</li>
+<li>New experimental roaming workstation profile for laptops.</li>
+<li>Show welcome page to users when they first log in. The URL is
+ fetched from LDAP.</li>
+<li>New LXDE desktop option, in addition to KDE (default) and Gnome.</li>
+<li>General cleanup (not finished)</li>
+</ul>
+<p>The following features are not working as they should</p>
+
+<ul>
+<li>No web based administration tool for creating users and groups. The
+ scripts ldap-createuser-krb and ldap-add-user-to-group can be used
+ for testing.</li>
+<li>DVD installs are missing debian-installer images for the PXE boot,
+ and do not set up the PXE menu on eth0 because of this. LTSP
+ clients should still boot from eth1 on thin client servers.</li>
+<li>The restructured KDE menu is not implemented.</li>
+<li>The LDAP server setup need to be reviewed for security.</li>
+<li>The LDAP directory structure need to be reworked.</li>
+<li>Different sets of packages are installed when using the DVD and the
+ netinst CD. More packages are installed using the netinst CD.</li>
+<li>The jackd package fail to install. This is believed to be caused by
+ some ongoing transition, and hopefully should be solved soon. The
+ jackd1 package can be installed manually for those that need it.</li>
+<li>Some packages lack translations. See
+ http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
+ and help out with translations.</li>
+</ul>
+
+<p>To download this multiarch netinstall release you can use</p>
+
+<ul>
+<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
+<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
+<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</li>
+</ul>
+<p>To download this multiarch dvd release you can use</p>
+
+<ul>
+<li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
+<li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
+<li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</li>
+</ul>
+
+<p>There is no source DVD available yet. It will be prepared when we
+get closer to the final release.</p>
+
+<p>The MD5SUM of these images are</p>
+
+<ul>
+<li>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso</li>
+<li>22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso</li>
+</ul>
+
+<p>The SHA1SUM of these images are</p>
+<ul>
+<li>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso</li>
+<li>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso</li>
+</ul>
+<p>How to report bugs:
+http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla</p>
+
+<p>Please direct replies to debian-edu@lists.debian.org</p>
+</blockquote>
</div>
<div class="tags">
- Tags: <a href="tags/norsk">norsk</a>, <a href="tags/nuug">nuug</a>, <a href="tags/standard">standard</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="Automatic_Munin_and_Nagios_configuration.html">Automatic Munin and Nagios configuration</a></div>
- <div class="date">2010-01-27 15:15</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html">One step closer to single signon in Debian Edu</a></div>
+ <div class="date">2010-07-25 10:00</div>
<div class="body">
-<p>One of the new features in the next Debian/Lenny based release of
-Debian Edu/Skolelinux, which is scheduled for release in the next few
-days, is automatic configuration of the service monitoring system
-Nagios. The previous release had automatic configuration of trend
-analysis using Munin, and this Lenny based release take that a step
-further.</p>
-
-<p>When installing a Debian Edu Main-server, it is automatically
-configured as a Munin and Nagios server. In addition, it is
-configured to be a server for the
-<a href="http://wiki.debian.org/DebianEdu/HowTo/SiteSummary">SiteSummary
-system</a> I have written for use in Debian Edu. The SiteSummary
-system is inspired by a system used by the University of Oslo where I
-work. In short, the system provide a centralised collector of
-information about the computers on the network, and a client on each
-computer submitting information to this collector. This allow for
-automatic information on which packages are installed on each machine,
-which kernel the machines are using, what kind of configuration the
-packages got etc. This also allow us to automatically generate Munin
-and Nagios configuration.</p>
-
-<p>All computers reporting to the sitesummary collector with the
-munin-node package installed is automatically enabled as a Munin
-client and graphs from the statistics collected from that machine show
-up automatically on http://www/munin/ on the Main-server.</p>
-
-<p>All non-laptop computers reporting to the sitesummary collector are
-automatically monitored for network presence (ping and any network
-services detected). In addition, all computers (also laptops) with
-the nagios-nrpe-server package installed and configured the way
-sitesummary would configure it, are monitored for full disks, software
-raid status, swap free and other checks that need to run locally on
-the machine.</p>
-
-<p>The result is that the administrator on a school using Debian Edu
-based on Lenny will be able to check the health of his installation
-with one look at the Nagios settings, without having to spend any time
-keeping the Nagios configuration up-to-date.</p>
-
-<p>The only configuration one need to do to get Nagios up and running
-is to set the password used to get access via HTTP. The system
-administrator need to run "<tt>htpasswd /etc/nagios3/htpasswd.users
-nagiosadmin</tt>" to create a nagiosadmin user and set a password for
-it to be able to log into the Nagios web pages. After that,
-everything is taken care of.</p>
+<p>The last few months me and the other Debian Edu developers have
+been working hard to get the Debian/Squeeze based version of Debian
+Edu/Skolelinux into shape. This future version will use Kerberos for
+authentication, and services are slowly migrated to single signon,
+getting rid of password questions one at the time.</p>
+
+<p>It will also feature a roaming workstation profile with local home
+directory, for laptops that are only some times on the Skolelinux
+network, and for this profile a shortcut is created in Gnome and KDE
+to gain access to the users home directory on the file server. This
+shortcut uses SMB at the moment, and yesterday I had time to test if
+SMB mounting had started working in KDE after we added the cifs-utils
+package. I was pleasantly surprised how well it worked.</p>
+
+<p>Thanks to the recent changes to our samba configuration to get it
+to use Kerberos for authentication, there were no question about user
+password when mounting the SMB volume. A simple click on the shortcut
+in the KDE menu, and a window with the home directory popped
+up. :)</p>
+
+<p>One step closer to a single signon solution out of the box in
+Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
+also Samba. Next step is Cups and hopefully also NFS.</p>
+
+<p>We had planned a alpha0 release of Debian Edu for today, but thanks
+to the autobuilder administrators for some architectures being slow to
+sign packages, we are still missing the fixed LTSP package we need for
+the release. It was uploaded three days ago with urgency=high, and if
+it had entered testing yesterday we would have been able to test it in
+time for a alpha0 release today. As the binaries for ia64 and powerpc
+still not uploaded to the Debian archive, we need to delay the alpha
+release another day.</p>
+
+<p>If you want to help out with implementing Kerberos for Debian Edu,
+please contact us on debian-edu@lists.debian.org.</p>
</div>
<div class="tags">
- Tags: <a href="tags/debian edu">debian edu</a>, <a href="tags/english">english</a>, <a href="tags/nuug">nuug</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
</div>
</div>
<div class="padding"></div>
<div class="entry">
- <div class="title"><a href="Sikkerhet__teater__og_hvordan_gj__re_verden_sikrere.html">Sikkerhet, teater, og hvordan gjøre verden sikrere</a></div>
- <div class="date">2009-12-30 16:35</div>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/Digitale_restriksjonsmekanismer_fikk_meg_til____slutte____kj__pe_musikk.html">Digitale restriksjonsmekanismer fikk meg til å slutte å kjøpe musikk</a></div>
+ <div class="date">2010-07-22 23:50</div>
<div class="body">
-<p>Via Slashdot fant jeg en
-<a href="http://www.cnn.com/2009/OPINION/12/29/schneier.air.travel.security.theater/index.html">nydelig
-kommentar fra Bruce Schneier</a> som ble publisert hos CNN i går. Den
-forklarer forbilledlig hvorfor sikkerhetsteater og innføring av
-totalitære politistatmetoder ikke er løsningen for å gjøre verden
-sikrere. Anbefales på det varmeste.</p>
-
-<p>Oppdatering: Kom over
-<a href="http://gizmodo.com/5435675/president-obama-its-time-to-fire-the-tsa">nok
-en kommentar</a> om den manglende effekten av dagens sikkerhetsteater
-på flyplassene.</p>
+<p>For mange år siden slutte jeg å kjøpe musikk-CDer. Årsaken var at
+musikkbransjen var godt i gang med å selge platene sine med DRM som
+gjorde at jeg ikke fikk spilt av musikken jeg kjøpte på utstyret jeg
+hadde tilgjengelig, dvs. min datamaskin. Det var umulig å se på en
+plate om den var ødelagt eller ikke, og jeg hadde jo allerede en
+anseelig samling med plater, så jeg bestemme meg for å slutte å gi
+penger til en bransje som åpenbart ikke respekterte meg.</p>
+
+<p>Jeg har mange titalls dager med musikk på CD i dag. Det meste er
+lagt i et stort arkiv som kan spilles av fra husets datamaskiner (har
+ikke rukket rippe alt). Jeg ser dermed ikke behovet for å skaffe mer
+musikk. De fleste av mine favoritter er i hus, og jeg er dermed godt
+fornøyd.</p>
+
+<p>Hvis musikkbransjen ønsker mine penger, så må de demonstrere at de
+setter pris på meg som kunde, og ikke skremme meg bort med DRM og
+antydninger om at kundene er kriminelle.</p>
+
+<p>Filmbransjen er like ille, men mens musikk gjerne varer lenge, er
+filmer mer ferskvare. Har dermed ikke helt sluttet å kjøpe filmer, men
+holder meg til DVD-filmer som kan spilles av på mine Linuxbokser.
+Kommer neppe til å ta i bruk Blueray, og ei heller de nye DRM-greiene
+«Ultraviolet» som be annonsert her om dagen.</p>
</div>
<div class="tags">
- Tags: <a href="tags/norsk">norsk</a>, <a href="tags/nuug">nuug</a>, <a href="tags/personvern">personvern</a>, <a href="tags/sikkerhet">sikkerhet</a>.
+ Tags: <a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling</a>, <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>.
</div>
</div>
<div class="padding"></div>
- <p style="text-align: right;"><a href="index.rss"><img src="xml.gif" alt="RSS feed" width="36" height="14"></a></p>
+ <p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14"></a></p>
<div id="sidebar">
<li>2010
<ul>
-<li><a href="archive/2010/01/">January (2)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
-<li><a href="archive/2010/02/">February (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
-<li><a href="archive/2010/03/">March (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
-<li><a href="archive/2010/04/">April (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
+
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (6)</a></li>
</ul></li>
<li>2009
<ul>
-<li><a href="archive/2009/01/">January (8)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
-<li><a href="archive/2009/02/">February (8)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
-<li><a href="archive/2009/03/">March (12)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
-<li><a href="archive/2009/04/">April (10)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
-<li><a href="archive/2009/05/">May (9)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
-<li><a href="archive/2009/06/">June (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
-<li><a href="archive/2009/07/">July (4)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
-<li><a href="archive/2009/08/">August (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
-<li><a href="archive/2009/09/">September (1)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
-<li><a href="archive/2009/10/">October (2)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
-<li><a href="archive/2009/11/">November (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
-<li><a href="archive/2009/12/">December (3)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
</ul></li>
<li>2008
<ul>
-<li><a href="archive/2008/11/">November (5)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
-<li><a href="archive/2008/12/">December (7)</a></li>
+<li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
</ul></li>
<h2>Tags</h2>
<ul>
- <li><a href="tags/3d-printer">3d-printer (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
+
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
- <li><a href="tags/amiga">amiga (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (35)</a></li>
- <li><a href="tags/aros">aros (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (40)</a></li>
- <li><a href="tags/debian">debian (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (56)</a></li>
- <li><a href="tags/debian edu">debian edu (14)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
- <li><a href="tags/english">english (23)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (8)</a></li>
- <li><a href="tags/fiksgatami">fiksgatami (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (3)</a></li>
- <li><a href="tags/fildeling">fildeling (6)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
- <li><a href="tags/kart">kart (2)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (2)</a></li>
- <li><a href="tags/lenker">lenker (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
- <li><a href="tags/ltsp">ltsp (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
- <li><a href="tags/multimedia">multimedia (5)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (72)</a></li>
- <li><a href="tags/norsk">norsk (64)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (94)</a></li>
- <li><a href="tags/nuug">nuug (70)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (14)</a></li>
- <li><a href="tags/opphavsrett">opphavsrett (12)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (15)</a></li>
- <li><a href="tags/personvern">personvern (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
- <li><a href="tags/reprap">reprap (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
- <li><a href="tags/rss">rss (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (11)</a></li>
- <li><a href="tags/sikkerhet">sikkerhet (6)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
- <li><a href="tags/standard">standard (11)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
- <li><a href="tags/stavekontroll">stavekontroll (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
- <li><a href="tags/video">video (10)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
- <li><a href="tags/vitenskap">vitenskap (1)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
- <li><a href="tags/web">web (6)</a></li>
+ <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (7)</a></li>
</ul>
projects / homepage.git / blobdiff