]> pere.pagekite.me Git - homepage.git/blob - blog/index.html
Generated.
[homepage.git] / blog / index.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html>
4 <head>
5 <title>Petter Reinholdtsen</title>
6 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css">
7 <link rel="alternate" title="RSS Feed" href="http://people.skolelinux.org/pere/blog/index.rss" type="application/rss+xml">
8
9 </head>
10 <body>
11
12 <div class="title">
13 <h1>
14 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
15
16 </h1>
17
18 </div>
19
20
21
22 <div class="entry">
23 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Robot__reis_deg___.html">Robot, reis deg...</a></div>
24 <div class="date">2010-08-21 22:10</div>
25 <div class="body">
26 <p>I dag fikk jeg endelig tittet litt på mine nyinnkjøpte roboter, og
27 har brukt noen timer til å google etter interessante referanser og
28 aktuell kildekode for bruk på Linux. Det mest lovende så langt er
29 <a href="http://ispykee.toyz.org/">ispykee</a>, som har en
30 BSD-lisensiert linux-daemon som står som mellomledd mellom roboter på
31 lokalnettet og en sentral tjeneste der en iPhone kan koble seg opp for
32 å fjernstyre roboten. Linux-daemonen implementerer deler av
33 protokollen som roboten forstår. Etter å ha knotet litt med å oppnå
34 kontakt med roboten (den oppretter et eget ad-hoc wifi-nett, så jeg
35 måtte gå av mitt vanlige nett for å få kontakt), og kommet frem til at
36 den lytter på IP-port 9000 og 9001, gikk jeg i gang med å finne ut
37 hvordan jeg kunne snakke med roboten vha. disse portene. Robotbiten
38 av protokollen er publisert av produsenten med GPL-lisens, slik at det
39 er mulig å se hvordan protokollen fungerer. Det finnes en java-klient
40 for Android som så ganske snasen ut, men fant ingen kildekode for
41 denne. Derimot hadde iphone-løsningen kildekode, så jeg tok
42 utgangspunkt i den.</p>
43
44 <p>Daemonen ville i utgangspunktet forsøke å kontakte den sentrale
45 tjenesten som iphone-programmet kobler seg til. Jeg skrev dette om
46 til i stedet å sette opp en nettverkstjeneste på min lokale maskin,
47 som jeg kan koble meg opp til med telnet og gi kommandoer til roboten
48 (act, forward, right, left, etc). Det involverte i praksis å bytte ut
49 socket()/connect() med socket()/bind()/listen()/accept() for å gjøre
50 klienten om til en tjener.</p>
51
52 <p>Mens jeg har forsøkt å få roboten til å bevege seg har min samboer
53 skrudd sammen resten av roboten for å få montert kamera og plastpynten
54 (armer, plastfiber for lys). Nå er det hele montert, og roboten er
55 klar til bruk. Må få flyttet den over til mitt vanlige trådløsnett
56 før det blir praktisk, men de bitene av protokollen er ikke
57 implementert i ispykee-daemonen, så der må jeg enten få tak i en mac
58 eller en windows-maskin, eller implementere det selv.</p>
59
60 <p>Vi var tre som kjøpte slike roboter, og vi har blitt enige om å
61 samle notater og referanser på <a
62 href="http://wiki.nuug.no/grupper/robot/">NUUGs wiki</a>. Ta en titt
63 der hvis du er nysgjerrig.</p>
64 </div>
65 <div class="tags">
66
67
68
69 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/robot">robot</a>.
70
71 </div>
72 </div>
73 <div class="padding"></div>
74
75 <div class="entry">
76 <div class="title"><a href="http://people.skolelinux.org/pere/blog/2_Spykee_roboter_i_hus__n___skal_det_lekes.html">2 Spykee-roboter i hus, nå skal det lekes</a></div>
77 <div class="date">2010-08-18 13:30</div>
78 <div class="body">
79 <p>Jeg kjøpte nettopp to
80 <a href="http://www.spykee-robot.com/">Spykee</a>-roboter, for test og
81 leking. Kjøpte to da det var så billige, og gir meg mulighet til å
82 eksperimentere uten å være veldig redd for å ødelegge alt ved å bytte
83 ut firmware og slikt. Oppdaget at lekebutikken på Bryn senter hadde
84 en liten stabel på lager som de ikke hadde klart å selge ut etter
85 fjorårets juleinnkjøp, og var villig til å selge for en femtedel av
86 vanlig pris. Jeg, Ronny og Jarle har skaffet oss restbeholdningen, og
87 det blir morsomt å se hva vi får ut av dette.</p>
88
89 <p>Roboten har belter styrt av to motorer, kamera, høytaler, mikrofon
90 og wifi-tilkobling. Det hele styrt av en GPL-lisensiert databoks som
91 jeg mistenker kjører linux. Firmware-kildekoden ble visst publisert i
92 mai. Eneste utfordringen er at kontroller-programvaren kun finnes til
93 Windows, men det må en kunne jobbe seg rundt når vi har kildekoden til
94 firmwaren. :)</p>
95
96 <ul>
97 <li><a href="http://en.wikipedia.org/wiki/Spykee">Wikipedia-oppføring</a></li>
98 <li><a href=http://www.spykeeworld.com/spykee/US/freeSoftware.html">Nedlasting av firmware-kilden</a></li>
99 <li><a href="http://wiki.nuug.no/grupper/robot">prosjektwiki hos NUUG</a></li>
100 </ul>
101 </div>
102 <div class="tags">
103
104
105
106 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/robot">robot</a>.
107
108 </div>
109 </div>
110 <div class="padding"></div>
111
112 <div class="entry">
113 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Rob_Weir__How_to_Crush_Dissent.html">Rob Weir: How to Crush Dissent</a></div>
114 <div class="date">2010-08-15 22:20</div>
115 <div class="body">
116 <p>I found the notes from Rob Weir on
117 <a href="http://feedproxy.google.com/~r/robweir/antic-atom/~3/VGb23-kta8c/how-to-crush-dissent.html">how
118 to crush dissent</a> matching my own thoughts on the matter quite
119 well. Highly recommended for those wondering which road our society
120 should go down. In my view we have been heading the wrong way for a
121 long time.</p>
122 </div>
123 <div class="tags">
124
125
126
127 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
128
129 </div>
130 </div>
131 <div class="padding"></div>
132
133 <div class="entry">
134 <div class="title"><a href="http://people.skolelinux.org/pere/blog/No_hardcoded_config_on_Debian_Edu_clients.html">No hardcoded config on Debian Edu clients</a></div>
135 <div class="date">2010-08-09 20:15</div>
136 <div class="body">
137 <p>As reported earlier, the last few days I have looked at how Debian
138 Edu clients are configured, and tried to get rid of all hardcoded
139 configuration settings on the clients. I believe the work to be
140 mostly done, and the clients seem to work just fine with dynamically
141 generated configuration.</p>
142
143 <p>What is the point, you might ask? The point is to allow a Debian
144 Edu desktop to integrate into an existing network infrastructure
145 without any manual configuration.</p>
146
147 <p>This is what happens when installing a Debian Edu client here at
148 the University of Oslo using PXE. With the PXE installation, I am
149 asked for language (Norwegian Bokmål), locality (Norway) and keyboard
150 layout (no-latin1), Debian Edu profile (Roaming Workstation), if I
151 accept to reformat the hard drive (yes), if I want to submit info to
152 popcon.debian.org (no) and root password (secret). After answering
153 these questions, the installer goes ahead and does its thing, and
154 after around 50 minutes it is done. I press enter to finish the
155 installation, and the machine reboots into KDE. When the machine is
156 ready and kdm asks for login information, I enter my university
157 username and password, am told by kdm that a local home directory has
158 been created and that I must log in again, and finally log in with the
159 same username and password to the KDE 4.4 desktop. At no point during
160 this process did it ask for university specific settings, and all the
161 required configuration was dynamically detected using information
162 fetched via DHCP and DNS. The roaming workstation is now ready for
163 use.</p>
164
165 <p>How was this done, you might wonder? First of all, here is the
166 list of things that need to be configured on the client to get it
167 working properly out of the box:</p>
168
169 <ul>
170 <li>IP address/netmask and DNS server.</li>
171 <li>Web proxy URL.</li>
172 <li>LDAP server for NSS directory information (user, group, etc).</li>
173 <li>Kerberos server for PAM password checking.</li>
174 <li>SMB mount point to access the network home directory. (*)</li>
175 <li>Central syslog server to send syslog messages to. (*)</li>
176 <li>Sitesummary collector URL to submit info to central server. (*)</li>
177 </ul>
178
179 <p>(Hm, did I forget anything? Let me knew if I did.)</p>
180
181 <p>The points marked (*) are not required to be able to use the
182 machine, but needed to provide central storage and allowing system
183 administrators to track their machines. Since yesterday, everything
184 but the sitesummary collector URL is dynamically discovered at boot
185 and installation time in the svn version of Debian Edu.</p>
186
187 <p>The IP and DNS setup is fetched during boot using DHCP as usual.
188 When a DHCP update arrives, the proxy setup is updated by looking for
189 http://wpat/wpad.dat and using the content of this WPAD file to
190 configure the http and ftp proxy in /etc/environment and
191 /etc/apt/apt.conf. I decided to update the proxy setup using a DHCP
192 hook to ensure that the client stops using the Debian Edu proxy when
193 it is moved outside the Debian Edu network, and instead uses any local
194 proxy present on the new network when it moves around.</p>
195
196 <p>The DNS names of the LDAP, Kerberos and syslog server and related
197 configuration are generated using DNS information at boot. First the
198 installer looks for a host named ldap in the current DNS domain. If
199 not found, it looks for _ldap._tcp SRV records in DNS instead. If an
200 LDAP server is found, its root DSE entry is requested and the
201 attributes namingContexts and defaultNamingContext are used to
202 determine which LDAP base to use for NSS. If there are several
203 namingContexts attibutes and the defaultNamingContext is present, that
204 LDAP subtree is used as the base. If defaultNamingContext is missing,
205 the subtrees listed as namingContexts are searched in sequence for any
206 object with class posixAccount or posixGroup, and the first one with
207 such an object is used as the LDAP base. For Kerberos, a similar
208 search is done by first looking for a host named kerberos, and then
209 for the _kerberos._tcp SRV record. I've been unable to find a way to
210 look up the Kerberos realm, so for this the upper case string of the
211 current DNS domain is used.</p>
212
213 <p>For the syslog server, the hosts syslog and loghost are searched
214 for, and the _syslog._udp SRV record is consulted if no such host is
215 found. This algorithm works for both Debian Edu and the University of
216 Oslo. A similar strategy would work for locating the sitesummary
217 server, but have not been implemented yet. I decided to fetch and
218 save these settings during installation, to make sure moving to a
219 different network does not change the set of users being allowed to
220 log in nor the passwords required to log in. Usernames and passwords
221 will be cached by sssd when the user logs in on the Debian Edu
222 network, and will not change as the laptop move around. For a
223 non-roaming machine, there is no caching, but given that it is
224 supposed to stay in place it should not matter much. Perhaps we
225 should switch those to use sssd too?</p>
226
227 <p>The user's SMB mount point for the network home directory is
228 located when the user logs in for the first time. The LDAP server is
229 consulted to look for the user's LDAP object and the sambaHomePath
230 attribute is used if found. If it isn't found, the home directory
231 path fetched from NSS is used instead. Assuming the path is of the
232 form /site/server/directory/username, the second part is looked up in
233 DNS and used to generate a SMB URL of the form
234 smb://server.domain/username. This algorithm works for both Debian
235 edu and the University of Oslo. Perhaps there are better attributes
236 to use or a better algorithm that works for more sites, but this will
237 do for now. :)</p>
238
239 <p>This work should make it easier to integrate the Debian Edu clients
240 into any LDAP/Kerberos infrastructure, and make the current setup even
241 more flexible than before. I suspect it will also work for thin
242 client servers, allowing one to easily set up LTSP and hook it into a
243 existing network infrastructure, but I have not had time to test this
244 yet.</p>
245
246 <p>If you want to help out with implementing these things for Debian
247 Edu, please contact us on debian-edu@lists.debian.org.</p>
248
249 <p>Update 2010-08-09: Simon Farnsworth gave me a heads-up on how to
250 detect Kerberos realm from DNS, by looking for _kerberos TXT entries
251 before falling back to the upper case DNS domain name. Will have to
252 implement it for Debian Edu. :)</p>
253 </div>
254 <div class="tags">
255
256
257
258 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
259
260 </div>
261 </div>
262 <div class="padding"></div>
263
264 <div class="entry">
265 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html">Testing if a file system can be used for home directories...</a></div>
266 <div class="date">2010-08-08 21:20</div>
267 <div class="body">
268 <p>A few years ago, I was involved in a project planning to use
269 Windows file servers as home directory servers for Debian
270 Edu/Skolelinux machines. This was thought to be no problem, as the
271 access would be through the SMB network file system protocol, and we
272 knew other sites used SMB with unix and samba as the file server to
273 mount home directories without any problems. But, after months of
274 struggling, we had to conclude that our goal was impossible.</p>
275
276 <p>The reason is simply that while SMB can be used for home
277 directories when the file server is Samba running on Unix, this only
278 work because of Samba have some extensions and the fact that the
279 underlying file system is a unix file system. When using a Windows
280 file server, the underlying file system do not have POSIX semantics,
281 and several programs will fail if the users home directory where they
282 want to store their configuration lack POSIX semantics.</p>
283
284 <p>As part of this work, I wrote a small C program I want to share
285 with you all, to replicate a few of the problematic applications (like
286 OpenOffice.org and GCompris) and see if the file system was working as
287 it should. If you find yourself in spooky file system land, it might
288 help you find your way out again. This is the fs-test.c source:</p>
289
290 <pre>
291 /*
292 * Some tests to check the file system sematics. Used to verify that
293 * CIFS from a windows server do not work properly as a linux home
294 * directory.
295 * License: GPL v2 or later
296 *
297 * needs libsqlite3-dev and build-essential installed
298 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
299 */
300
301 #define _FILE_OFFSET_BITS 64
302 #define _LARGEFILE_SOURCE 1
303 #define _LARGEFILE64_SOURCE 1
304
305 #define _GNU_SOURCE /* for asprintf() */
306
307 #include &lt;errno.h>
308 #include &lt;fcntl.h>
309 #include &lt;stdio.h>
310 #include &lt;string.h>
311 #include &lt;stdlib.h>
312 #include &lt;sys/file.h>
313 #include &lt;sys/stat.h>
314 #include &lt;sys/types.h>
315 #include &lt;unistd.h>
316
317 #ifdef TEST_SQLITE
318 /*
319 * Test sqlite open, as done by gcompris require the libsqlite3-dev
320 * package and linking with -lsqlite3. A more low level test is
321 * below.
322 * See also &lt;URL: http://www.sqlite.org./faq.html#q5 >.
323 */
324 #include &lt;sqlite3.h>
325 #define CREATE_TABLE_USERS \
326 "CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); "
327 int test_sqlite_open(void) {
328 char *zErrMsg;
329 char *name = "testsqlite.db";
330 sqlite3 *db=NULL;
331 unlink(name);
332 int rc = sqlite3_open(name, &db);
333 if( rc ){
334 printf("error: sqlite open of %s failed: %s\n", name, sqlite3_errmsg(db));
335 sqlite3_close(db);
336 return -1;
337 }
338
339 /* create tables */
340 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &zErrMsg);
341 if( rc != SQLITE_OK ){
342 printf("error: sqlite table create failed: %s\n", zErrMsg);
343 sqlite3_close(db);
344 return -1;
345 }
346 printf("info: sqlite worked\n");
347 sqlite3_close(db);
348 return 0;
349 }
350 #endif /* TEST_SQLITE */
351
352 /*
353 * Demonstrate locking issue found in gcompris using sqlite3. This
354 * work with ext3, but not with cifs server on Windows 2003. This is
355 * done in the sqlite3 library.
356 * See also
357 * &lt;URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html> and the
358 * POSIX specification
359 * &lt;URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html>.
360 */
361 int test_gcompris_locking(void) {
362 struct flock fl;
363 char *name = "testsqlite.db";
364 unlink(name);
365 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
366 printf("info: testing fcntl locking\n");
367
368 fl.l_whence = SEEK_SET;
369 fl.l_pid = getpid();
370 printf(" Read-locking 1 byte from 1073741824");
371 fl.l_start = 1073741824;
372 fl.l_len = 1;
373 fl.l_type = F_RDLCK;
374 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
375
376 printf(" Read-locking 510 byte from 1073741826");
377 fl.l_start = 1073741826;
378 fl.l_len = 510;
379 fl.l_type = F_RDLCK;
380 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
381
382 printf(" Unlocking 1 byte from 1073741824");
383 fl.l_start = 1073741824;
384 fl.l_len = 1;
385 fl.l_type = F_UNLCK;
386 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
387
388 printf(" Write-locking 1 byte from 1073741824");
389 fl.l_start = 1073741824;
390 fl.l_len = 1;
391 fl.l_type = F_WRLCK;
392 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
393
394 printf(" Write-locking 510 byte from 1073741826");
395 fl.l_start = 1073741826;
396 fl.l_len = 510;
397 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
398
399 printf(" Unlocking 2 byte from 1073741824");
400 fl.l_start = 1073741824;
401 fl.l_len = 2;
402 fl.l_type = F_UNLCK;
403 if (0 != fcntl(fd, F_SETLK, &fl) ) printf(" - error!\n"); else printf("\n");
404
405 close(fd);
406 return 0;
407 }
408
409 /*
410 * Test if permissions of freshly created directories allow entries
411 * below them. This was a problem with OpenOffice.org and gcompris.
412 * Mounting with option 'sync' seem to solve this problem while
413 * slowing down file operations.
414 */
415 int test_subdirectory_creation(void) {
416 #define LEVELS 5
417 char *path = strdup("test");
418 char *dirs[LEVELS];
419 int level;
420 printf("info: testing subdirectory creation\n");
421 for (level = 0; level &lt; LEVELS; level++) {
422 char *newpath = NULL;
423 if (-1 == mkdir(path, 0777)) {
424 printf(" error: Unable to create directory '%s': %s\n",
425 path, strerror(errno));
426 break;
427 }
428 asprintf(&newpath, "%s/%s", path, "test");
429 free(path);
430 path = newpath;
431 }
432 return 0;
433 }
434
435 /*
436 * Test if symlinks can be created. This was a problem detected with
437 * KDE.
438 */
439 int test_symlinks(void) {
440 printf("info: testing symlink creation\n");
441 unlink("symlink");
442 if (-1 == symlink("file", "symlink"))
443 printf(" error: Unable to create symlink\n");
444 return 0;
445 }
446
447 int main(int argc, char **argv) {
448 printf("Testing POSIX/Unix sematics on file system\n");
449 test_symlinks();
450 test_subdirectory_creation();
451 #ifdef TEST_SQLITE
452 test_sqlite_open();
453 #endif /* TEST_SQLITE */
454 test_gcompris_locking();
455 return 0;
456 }
457 </pre>
458
459 <p>When everything is working, it should print something like
460 this:</p>
461
462 <pre>
463 Testing POSIX/Unix sematics on file system
464 info: testing symlink creation
465 info: testing subdirectory creation
466 info: sqlite worked
467 info: testing fcntl locking
468 Read-locking 1 byte from 1073741824
469 Read-locking 510 byte from 1073741826
470 Unlocking 1 byte from 1073741824
471 Write-locking 1 byte from 1073741824
472 Write-locking 510 byte from 1073741826
473 Unlocking 2 byte from 1073741824
474 </pre>
475
476 <p>I do not remember the exact details of the problems we saw, but one
477 of them was with locking, where if I remember correctly, POSIX allow a
478 read-only lock to be upgraded to a read-write lock without unlocking
479 the read-only lock (while Windows do not). Another was a bug in the
480 CIFS/SMB client implementation in the Linux kernel where directory
481 meta information would be wrong for a fraction of a second, making
482 OpenOffice.org fail to create its deep directory tree because it was
483 not allowed to create files in its freshly created directory.</p>
484
485 <p>Anyway, here is a nice tool for your tool box, might you never need
486 it. :)</p>
487 </div>
488 <div class="tags">
489
490
491
492 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
493
494 </div>
495 </div>
496 <div class="padding"></div>
497
498 <div class="entry">
499 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html">Autodetecting Client setup for roaming workstations in Debian Edu</a></div>
500 <div class="date">2010-08-07 14:45</div>
501 <div class="body">
502 <p>A few days ago, I
503 <a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
504 to install</a> a Roaming workation profile from Debian Edu/Squeeze
505 while on the university network here at the University of Oslo, and
506 noticed how much had to change to get it operational using the
507 university infrastructure. It was fairly easy, but it occured to me
508 that Debian Edu would improve a lot if I could get the client to
509 connect without any changes at all, and thus let the client configure
510 itself during installation and first boot to use the infrastructure
511 around it. Now I am a huge step further along that road.</p>
512
513 <p>With our current squeeze-test packages, I can select the roaming
514 workstation profile and get a working laptop connecting to the
515 university LDAP server for user and group and our active directory
516 servers for Kerberos authentication. All this without any
517 configuration at all during installation. My users home directory got
518 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
519 In short, openldap and sssd is correctly configured. In addition to
520 this, the client look for http://wpad/wpad.dat to configure a web
521 proxy, and when it fail to find it no proxy settings are stored in
522 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
523 configured to look for the same wpad configuration and also do not use
524 a proxy when at the university network. If the machine is moved to a
525 network with such wpad setup, it would automatically use it when DHCP
526 gave it a IP address.</p>
527
528 <p>The LDAP server is located using DNS, by first looking for the DNS
529 entry ldap.$domain. If this do not exist, it look for the
530 _ldap._tcp.$domain SRV records and use the first one as the LDAP
531 server. Next, it connects to the LDAP server and search all
532 namingContexts entries for posixAccount or posixGroup objects, and
533 pick the first one as the LDAP base. For Kerberos, a similar
534 algorithm is used to locate the LDAP server, and the realm is the
535 uppercase version of $domain.</p>
536
537 <p>So, what is not working, you might ask. SMB mounting my home
538 directory do not work. No idea why, but suspected the incorrect
539 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
540 the cause. These are not properly configured during installation, and
541 had to be hand-edited to get the correct Kerberos realm and server,
542 but SMB mounting still do not work. :(</p>
543
544 <p>With this automatic configuration in place, I expect a Debian Edu
545 roaming profile installation would be able to automatically detect and
546 connect to any site using LDAP and Kerberos for NSS directory and PAM
547 authentication. It should also work out of the box in a Active
548 Directory environment providing posixAccount and posixGroup objects
549 with UID and GID values.</p>
550
551 <p>If you want to help out with implementing these things for Debian
552 Edu, please contact us on debian-edu@lists.debian.org.</p>
553 </div>
554 <div class="tags">
555
556
557
558 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
559
560 </div>
561 </div>
562 <div class="padding"></div>
563
564 <div class="entry">
565 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">Debian Edu roaming workstation - at the university of Oslo</a></div>
566 <div class="date">2010-08-03 23:30</div>
567 <div class="body">
568 <p>The new roaming workstation profile in Debian Edu/Squeeze is fairly
569 similar to the laptop setup am I working on using Ubuntu for the
570 University of Oslo, and just for the heck of it, I tested today how
571 hard it would be to integrate that profile into the university
572 infrastructure. In this case, it is the university LDAP server,
573 Active Directory Kerberos server and SMB mounting from the Netapp file
574 servers.</p>
575
576 <p>I was pleasantly surprised that the only three files needed to be
577 changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
578 /etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
579 (/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
580 Most of the changes were to get the client to use the university LDAP
581 for NSS and Kerberos server for PAM, but one was to change a hard
582 coded DNS domain name in the mklocaluser hook from .intern to
583 .uio.no.</p>
584
585 <p>This testing was so encouraging, that I went ahead and adjusted the
586 Debian Edu scripts and setup in subversion to centralise the roaming
587 workstation setup a bit more and avoid the hardcoded DNS domain name,
588 so that when I test this tomorrow, I expect to get away with modifying
589 only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
590 university servers.</p>
591
592 <p>My goal is to get the clients to have no hardcoded settings and
593 fetch all their initial setup during installation and first boot, to
594 allow them to be inserted also into environments where the default
595 setup in Debian Edu has been changed or as with the university, where
596 the environment is different but provides the protocols Debian Edu
597 uses.</p>
598 </div>
599 <div class="tags">
600
601
602
603 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
604
605 </div>
606 </div>
607 <div class="padding"></div>
608
609 <div class="entry">
610 <div class="title"><a href="http://people.skolelinux.org/pere/blog/Circular_package_dependencies_harms_apt_recovery.html">Circular package dependencies harms apt recovery</a></div>
611 <div class="date">2010-07-27 23:50</div>
612 <div class="body">
613 <p>I discovered this while doing
614 <a href="http://people.skolelinux.org/pere/blog/Automatic_upgrade_testing_from_Lenny_to_Squeeze.html">automated
615 testing of upgrades from Debian Lenny to Squeeze</a>. A few packages
616 in Debian still got circular dependencies, and it is often claimed
617 that apt and aptitude should be able to handle this just fine, but
618 some times these dependency loops causes apt to fail.</p>
619
620 <p>An example is from todays
621 <a href="http://people.skolelinux.org/~pere/debian-upgrade-testing//test-20100727-lenny-squeeze-kde-aptitude.txt">upgrade
622 of KDE using aptitude</a>. In it, a bug in kdebase-workspace-data
623 causes perl-modules to fail to upgrade. The cause is simple. If a
624 package fail to unpack, then only part of packages with the circular
625 dependency might end up being unpacked when unpacking aborts, and the
626 ones already unpacked will fail to configure in the recovery phase
627 because its dependencies are unavailable.</p>
628
629 <p>In this log, the problem manifest itself with this error:</p>
630
631 <blockquote><pre>
632 dpkg: dependency problems prevent configuration of perl-modules:
633 perl-modules depends on perl (>= 5.10.1-1); however:
634 Version of perl on system is 5.10.0-19lenny2.
635 dpkg: error processing perl-modules (--configure):
636 dependency problems - leaving unconfigured
637 </pre></blockquote>
638
639 <p>The perl/perl-modules circular dependency is already
640 <a href="http://bugs.debian.org/527917">reported as a bug</a>, and will
641 hopefully be solved as soon as possible, but it is not the only one,
642 and each one of these loops in the dependency tree can cause similar
643 failures. Of course, they only occur when there are bugs in other
644 packages causing the unpacking to fail, but it is rather nasty when
645 the failure of one package causes the problem to become worse because
646 of dependency loops.</p>
647
648 <p>Thanks to
649 <a href="http://lists.debian.org/debian-devel/2010/06/msg00116.html">the
650 tireless effort by Bill Allombert</a>, the number of circular
651 dependencies
652 <a href="http://debian.semistable.com/debgraph.out.html">left in Debian
653 is dropping</a>, and perhaps it will reach zero one day. :)</p>
654
655 <p>Todays testing also exposed a bug in
656 <a href="http://bugs.debian.org/590605">update-notifier</a> and
657 <a href="http://bugs.debian.org/590604">different behaviour</a> between
658 apt-get and aptitude, the latter possibly caused by some circular
659 dependency. Reported both to BTS to try to get someone to look at
660 it.</p>
661 </div>
662 <div class="tags">
663
664
665
666 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian">debian</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
667
668 </div>
669 </div>
670 <div class="padding"></div>
671
672 <div class="entry">
673 <div class="title"><a href="http://people.skolelinux.org/pere/blog/First_Debian_Edu_test_release__alpha0__based_on_Squeeze_is_released.html">First Debian Edu test release (alpha0) based on Squeeze is released</a></div>
674 <div class="date">2010-07-27 17:45</div>
675 <div class="body">
676 <p>I just posted this announcement culminating several months of work
677 with the next Debian Edu release. Not nearly done, but one major step
678 completed.</p>
679
680 <blockquote>
681 <p>This is the first test release based on Squeeze. The focus of this
682 release is to test the user application selection. To have a look,
683 install the standalone profile and let the developers know if the set
684 of installed packages i.e. applications should be modified. If some
685 user application is missing, or if there are some applications that no
686 longer make sense to be included in Debian Edu, please let us know.
687 Also, if a useful application is missing the translation for your
688 language of choice, please let us know too.</p>
689
690 <p>In addition, feedback and help to polish the desktop (menus,
691 artwork, starters, etc.) is appreciated. We would like to ship a nice
692 and handy KDE4 desktop targeted for schools out of the box.</p>
693
694 <p>The other profiles should be installable, but there is a lot more
695 work left to be done before they are ready, so do not expect to
696 much.</p>
697
698 <p>Changes compared to the lenny based version</p>
699
700 <ul>
701 <li>Everything from Debian Squeeze
702 <ul>
703 <li>Desktop environment KDE 4.4 => the new KDE desktop in
704 combination with some new artwork
705 <li>Web browser Iceweasel 3.5
706 <li>OpenOffice.org 3.2
707 <li>Educational toolbox GCompris 9.3
708 <li>Music creator Rosegarden 10.04.2
709 <li>Image editor Gimp 2.6.10
710 <li>Virtual universe Celestia 1.6.0
711 <li>Virtual stargazer Stellarium 0.10.4
712 <li>3D modeler Blender 2.49.2 (new application)
713 <li>Video editor Kdenlive 0.7.7 (new application)
714 </ul></li>
715 <li>Now using Kerberos for password checking (migration not finished).
716 Enabled for:
717 <ul>
718 <li>PAM
719 <li>LDAP
720 <li>IMAP
721 <li>SMTP (sender verification)
722 </ul>
723 </li>
724 <li>New experimental roaming workstation profile for laptops.</li>
725 <li>Show welcome page to users when they first log in. The URL is
726 fetched from LDAP.</li>
727 <li>New LXDE desktop option, in addition to KDE (default) and Gnome.</li>
728 <li>General cleanup (not finished)</li>
729 </ul>
730 <p>The following features are not working as they should</p>
731
732 <ul>
733 <li>No web based administration tool for creating users and groups. The
734 scripts ldap-createuser-krb and ldap-add-user-to-group can be used
735 for testing.</li>
736 <li>DVD installs are missing debian-installer images for the PXE boot,
737 and do not set up the PXE menu on eth0 because of this. LTSP
738 clients should still boot from eth1 on thin client servers.</li>
739 <li>The restructured KDE menu is not implemented.</li>
740 <li>The LDAP server setup need to be reviewed for security.</li>
741 <li>The LDAP directory structure need to be reworked.</li>
742 <li>Different sets of packages are installed when using the DVD and the
743 netinst CD. More packages are installed using the netinst CD.</li>
744 <li>The jackd package fail to install. This is believed to be caused by
745 some ongoing transition, and hopefully should be solved soon. The
746 jackd1 package can be installed manually for those that need it.</li>
747 <li>Some packages lack translations. See
748 http://wiki.debian.org/DebianEdu/Status/Squeeze for updated status,
749 and help out with translations.</li>
750 </ul>
751
752 <p>To download this multiarch netinstall release you can use</p>
753
754 <ul>
755 <li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
756 <li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</a></li>
757 <li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-CD.iso</li>
758 </ul>
759 <p>To download this multiarch dvd release you can use</p>
760
761 <ul>
762 <li><a href="ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">ftp://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
763 <li><a href="http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso">http://ftp.skolelinux.org/skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</a></li>
764 <li>rsync -avzP ftp.skolelinux.org::skolelinux-cd/squeeze-alpha/debian-edu-6.0.0+edua0-DVD.iso</li>
765 </ul>
766
767 <p>There is no source DVD available yet. It will be prepared when we
768 get closer to the final release.</p>
769
770 <p>The MD5SUM of these images are</p>
771
772 <ul>
773 <li>3dbf45d59f42a53518b6e3c9ec3b5eb6 debian-edu-6.0.0+edua0-CD.iso</li>
774 <li>22f2cbfce281d1c6e478be452638675d debian-edu-6.0.0+edua0-DVD.iso</li>
775 </ul>
776
777 <p>The SHA1SUM of these images are</p>
778 <ul>
779 <li>c53d1b69b40cf37cd27aefaf33f6f6a3821bedf0 debian-edu-6.0.0+edua0-CD.iso</li>
780 <li>2ec29d7db676d59d32197b05c277ffe16348376c debian-edu-6.0.0+edua0-DVD.iso</li>
781 </ul>
782 <p>How to report bugs:
783 http://wiki.debian.org/DebianEdu/HowTo/ReportBugsInBugzilla</p>
784
785 <p>Please direct replies to debian-edu@lists.debian.org</p>
786 </blockquote>
787 </div>
788 <div class="tags">
789
790
791
792 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.
793
794 </div>
795 </div>
796 <div class="padding"></div>
797
798 <div class="entry">
799 <div class="title"><a href="http://people.skolelinux.org/pere/blog/One_step_closer_to_single_signon_in_Debian_Edu.html">One step closer to single signon in Debian Edu</a></div>
800 <div class="date">2010-07-25 10:00</div>
801 <div class="body">
802 <p>The last few months me and the other Debian Edu developers have
803 been working hard to get the Debian/Squeeze based version of Debian
804 Edu/Skolelinux into shape. This future version will use Kerberos for
805 authentication, and services are slowly migrated to single signon,
806 getting rid of password questions one at the time.</p>
807
808 <p>It will also feature a roaming workstation profile with local home
809 directory, for laptops that are only some times on the Skolelinux
810 network, and for this profile a shortcut is created in Gnome and KDE
811 to gain access to the users home directory on the file server. This
812 shortcut uses SMB at the moment, and yesterday I had time to test if
813 SMB mounting had started working in KDE after we added the cifs-utils
814 package. I was pleasantly surprised how well it worked.</p>
815
816 <p>Thanks to the recent changes to our samba configuration to get it
817 to use Kerberos for authentication, there were no question about user
818 password when mounting the SMB volume. A simple click on the shortcut
819 in the KDE menu, and a window with the home directory popped
820 up. :)</p>
821
822 <p>One step closer to a single signon solution out of the box in
823 Debian Edu. We already had PAM, LDAP, IMAP and SMTP in place, and now
824 also Samba. Next step is Cups and hopefully also NFS.</p>
825
826 <p>We had planned a alpha0 release of Debian Edu for today, but thanks
827 to the autobuilder administrators for some architectures being slow to
828 sign packages, we are still missing the fixed LTSP package we need for
829 the release. It was uploaded three days ago with urgency=high, and if
830 it had entered testing yesterday we would have been able to test it in
831 time for a alpha0 release today. As the binaries for ia64 and powerpc
832 still not uploaded to the Debian archive, we need to delay the alpha
833 release another day.</p>
834
835 <p>If you want to help out with implementing Kerberos for Debian Edu,
836 please contact us on debian-edu@lists.debian.org.</p>
837 </div>
838 <div class="tags">
839
840
841
842 Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>, <a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet</a>.
843
844 </div>
845 </div>
846 <div class="padding"></div>
847
848 <p style="text-align: right;"><a href="index.rss"><img src="http://people.skolelinux.org/pere/blog/xml.gif" alt="RSS feed" width="36" height="14"></a></p>
849
850 <div id="sidebar">
851
852
853
854
855
856 <h2>Archive</h2>
857 <ul>
858
859 <li>2010
860 <ul>
861
862 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
863
864 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
865
866 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
867
868 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
869
870 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
871
872 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
873
874 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
875
876 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (7)</a></li>
877
878 </ul></li>
879
880 <li>2009
881 <ul>
882
883 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
884
885 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
886
887 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
888
889 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
890
891 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
892
893 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
894
895 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
896
897 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
898
899 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
900
901 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
902
903 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
904
905 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
906
907 </ul></li>
908
909 <li>2008
910 <ul>
911
912 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
913
914 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
915
916 </ul></li>
917
918 </ul>
919
920
921
922 <h2>Tags</h2>
923 <ul>
924
925 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (11)</a></li>
926
927 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
928
929 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
930
931 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (10)</a></li>
932
933 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (35)</a></li>
934
935 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (40)</a></li>
936
937 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (56)</a></li>
938
939 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (1)</a></li>
940
941 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (8)</a></li>
942
943 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (3)</a></li>
944
945 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
946
947 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (2)</a></li>
948
949 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
950
951 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (5)</a></li>
952
953 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (73)</a></li>
954
955 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (95)</a></li>
956
957 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (14)</a></li>
958
959 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (15)</a></li>
960
961 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (10)</a></li>
962
963 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (2)</a></li>
964
965 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
966
967 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (11)</a></li>
968
969 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (3)</a></li>
970
971 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (13)</a></li>
972
973 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (1)</a></li>
974
975 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (10)</a></li>
976
977 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (1)</a></li>
978
979 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (7)</a></li>
980
981 </ul>
982
983 </div>
984
985 <p style="text-align: right">
986 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v3.7</a>
987 </p>
988 </body>
989 </html>