]> pere.pagekite.me Git - homepage.git/blob - blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
projects / homepage.git / blob
? search:


d25ddb7ed80dfd87e30aa2bba7af1d1a9f3f4025
[homepage.git] / blog / Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html
1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
4 <head>
5 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
6 <title>Petter Reinholdtsen: Autodetecting Client setup for roaming workstations in Debian Edu</title>
7 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/style.css" />
8 <link rel="stylesheet" type="text/css" media="screen" href="http://people.skolelinux.org/pere/blog/vim.css" />
9
10
11 </head>
12 <body>
13 <div class="title">
14 <h1>
15 <a href="http://people.skolelinux.org/pere/blog/">Petter Reinholdtsen</a>
16
17 </h1>
18
19 </div>
20
21
22 <div class="entry">
23 <div class="title">Autodetecting Client setup for roaming workstations in Debian Edu</div>
24 <div class="date"> 7th August 2010</div>
25 <div class="body"><p>A few days ago, I
26 <a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
27 to install</a> a Roaming workation profile from Debian Edu/Squeeze
28 while on the university network here at the University of Oslo, and
29 noticed how much had to change to get it operational using the
30 university infrastructure. It was fairly easy, but it occured to me
31 that Debian Edu would improve a lot if I could get the client to
32 connect without any changes at all, and thus let the client configure
33 itself during installation and first boot to use the infrastructure
34 around it. Now I am a huge step further along that road.</p>
35
36 <p>With our current squeeze-test packages, I can select the roaming
37 workstation profile and get a working laptop connecting to the
38 university LDAP server for user and group and our active directory
39 servers for Kerberos authentication. All this without any
40 configuration at all during installation. My users home directory got
41 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
42 In short, openldap and sssd is correctly configured. In addition to
43 this, the client look for http://wpad/wpad.dat to configure a web
44 proxy, and when it fail to find it no proxy settings are stored in
45 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
46 configured to look for the same wpad configuration and also do not use
47 a proxy when at the university network. If the machine is moved to a
48 network with such wpad setup, it would automatically use it when DHCP
49 gave it a IP address.</p>
50
51 <p>The LDAP server is located using DNS, by first looking for the DNS
52 entry ldap.$domain. If this do not exist, it look for the
53 _ldap._tcp.$domain SRV records and use the first one as the LDAP
54 server. Next, it connects to the LDAP server and search all
55 namingContexts entries for posixAccount or posixGroup objects, and
56 pick the first one as the LDAP base. For Kerberos, a similar
57 algorithm is used to locate the LDAP server, and the realm is the
58 uppercase version of $domain.</p>
59
60 <p>So, what is not working, you might ask. SMB mounting my home
61 directory do not work. No idea why, but suspected the incorrect
62 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
63 the cause. These are not properly configured during installation, and
64 had to be hand-edited to get the correct Kerberos realm and server,
65 but SMB mounting still do not work. :(</p>
66
67 <p>With this automatic configuration in place, I expect a Debian Edu
68 roaming profile installation would be able to automatically detect and
69 connect to any site using LDAP and Kerberos for NSS directory and PAM
70 authentication. It should also work out of the box in a Active
71 Directory environment providing posixAccount and posixGroup objects
72 with UID and GID values.</p>
73
74 <p>If you want to help out with implementing these things for Debian
75 Edu, please contact us on debian-edu@lists.debian.org.</p>
76 </div>
77
78 <div class="tags">Tags: <a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu</a>, <a href="http://people.skolelinux.org/pere/blog/tags/english">english</a>, <a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug</a>.</div>
79
80
81 </div>
82
83
84
85
86 <div id="sidebar">
87
88
89
90 <h2>Archive</h2>
91 <ul>
92
93 <li>2013
94 <ul>
95
96 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/01/">January (11)</a></li>
97
98 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/02/">February (9)</a></li>
99
100 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/03/">March (9)</a></li>
101
102 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/04/">April (6)</a></li>
103
104 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/05/">May (9)</a></li>
105
106 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/06/">June (10)</a></li>
107
108 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/07/">July (7)</a></li>
109
110 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/08/">August (3)</a></li>
111
112 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/09/">September (5)</a></li>
113
114 <li><a href="http://people.skolelinux.org/pere/blog/archive/2013/10/">October (1)</a></li>
115
116 </ul></li>
117
118 <li>2012
119 <ul>
120
121 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/01/">January (7)</a></li>
122
123 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/02/">February (10)</a></li>
124
125 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/03/">March (17)</a></li>
126
127 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/04/">April (12)</a></li>
128
129 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/05/">May (12)</a></li>
130
131 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/06/">June (20)</a></li>
132
133 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/07/">July (17)</a></li>
134
135 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/08/">August (6)</a></li>
136
137 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/09/">September (9)</a></li>
138
139 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/10/">October (17)</a></li>
140
141 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/11/">November (10)</a></li>
142
143 <li><a href="http://people.skolelinux.org/pere/blog/archive/2012/12/">December (7)</a></li>
144
145 </ul></li>
146
147 <li>2011
148 <ul>
149
150 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/01/">January (16)</a></li>
151
152 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/02/">February (6)</a></li>
153
154 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/03/">March (6)</a></li>
155
156 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/04/">April (7)</a></li>
157
158 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/05/">May (3)</a></li>
159
160 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/06/">June (2)</a></li>
161
162 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/07/">July (7)</a></li>
163
164 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/08/">August (6)</a></li>
165
166 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/09/">September (4)</a></li>
167
168 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/10/">October (2)</a></li>
169
170 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/11/">November (3)</a></li>
171
172 <li><a href="http://people.skolelinux.org/pere/blog/archive/2011/12/">December (1)</a></li>
173
174 </ul></li>
175
176 <li>2010
177 <ul>
178
179 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/01/">January (2)</a></li>
180
181 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/02/">February (1)</a></li>
182
183 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/03/">March (3)</a></li>
184
185 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/04/">April (3)</a></li>
186
187 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/05/">May (9)</a></li>
188
189 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/06/">June (14)</a></li>
190
191 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/07/">July (12)</a></li>
192
193 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/08/">August (13)</a></li>
194
195 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/09/">September (7)</a></li>
196
197 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/10/">October (9)</a></li>
198
199 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/11/">November (13)</a></li>
200
201 <li><a href="http://people.skolelinux.org/pere/blog/archive/2010/12/">December (12)</a></li>
202
203 </ul></li>
204
205 <li>2009
206 <ul>
207
208 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/01/">January (8)</a></li>
209
210 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/02/">February (8)</a></li>
211
212 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/03/">March (12)</a></li>
213
214 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/04/">April (10)</a></li>
215
216 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/05/">May (9)</a></li>
217
218 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/06/">June (3)</a></li>
219
220 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/07/">July (4)</a></li>
221
222 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/08/">August (3)</a></li>
223
224 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/09/">September (1)</a></li>
225
226 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/10/">October (2)</a></li>
227
228 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/11/">November (3)</a></li>
229
230 <li><a href="http://people.skolelinux.org/pere/blog/archive/2009/12/">December (3)</a></li>
231
232 </ul></li>
233
234 <li>2008
235 <ul>
236
237 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/11/">November (5)</a></li>
238
239 <li><a href="http://people.skolelinux.org/pere/blog/archive/2008/12/">December (7)</a></li>
240
241 </ul></li>
242
243 </ul>
244
245
246
247 <h2>Tags</h2>
248 <ul>
249
250 <li><a href="http://people.skolelinux.org/pere/blog/tags/3d-printer">3d-printer (13)</a></li>
251
252 <li><a href="http://people.skolelinux.org/pere/blog/tags/amiga">amiga (1)</a></li>
253
254 <li><a href="http://people.skolelinux.org/pere/blog/tags/aros">aros (1)</a></li>
255
256 <li><a href="http://people.skolelinux.org/pere/blog/tags/bankid">bankid (4)</a></li>
257
258 <li><a href="http://people.skolelinux.org/pere/blog/tags/bitcoin">bitcoin (7)</a></li>
259
260 <li><a href="http://people.skolelinux.org/pere/blog/tags/bootsystem">bootsystem (12)</a></li>
261
262 <li><a href="http://people.skolelinux.org/pere/blog/tags/bsa">bsa (2)</a></li>
263
264 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian">debian (86)</a></li>
265
266 <li><a href="http://people.skolelinux.org/pere/blog/tags/debian edu">debian edu (142)</a></li>
267
268 <li><a href="http://people.skolelinux.org/pere/blog/tags/digistan">digistan (10)</a></li>
269
270 <li><a href="http://people.skolelinux.org/pere/blog/tags/docbook">docbook (10)</a></li>
271
272 <li><a href="http://people.skolelinux.org/pere/blog/tags/drivstoffpriser">drivstoffpriser (4)</a></li>
273
274 <li><a href="http://people.skolelinux.org/pere/blog/tags/english">english (218)</a></li>
275
276 <li><a href="http://people.skolelinux.org/pere/blog/tags/fiksgatami">fiksgatami (21)</a></li>
277
278 <li><a href="http://people.skolelinux.org/pere/blog/tags/fildeling">fildeling (12)</a></li>
279
280 <li><a href="http://people.skolelinux.org/pere/blog/tags/freeculture">freeculture (12)</a></li>
281
282 <li><a href="http://people.skolelinux.org/pere/blog/tags/freedombox">freedombox (2)</a></li>
283
284 <li><a href="http://people.skolelinux.org/pere/blog/tags/frikanalen">frikanalen (11)</a></li>
285
286 <li><a href="http://people.skolelinux.org/pere/blog/tags/intervju">intervju (37)</a></li>
287
288 <li><a href="http://people.skolelinux.org/pere/blog/tags/isenkram">isenkram (7)</a></li>
289
290 <li><a href="http://people.skolelinux.org/pere/blog/tags/kart">kart (18)</a></li>
291
292 <li><a href="http://people.skolelinux.org/pere/blog/tags/ldap">ldap (8)</a></li>
293
294 <li><a href="http://people.skolelinux.org/pere/blog/tags/lenker">lenker (6)</a></li>
295
296 <li><a href="http://people.skolelinux.org/pere/blog/tags/ltsp">ltsp (1)</a></li>
297
298 <li><a href="http://people.skolelinux.org/pere/blog/tags/multimedia">multimedia (25)</a></li>
299
300 <li><a href="http://people.skolelinux.org/pere/blog/tags/norsk">norsk (235)</a></li>
301
302 <li><a href="http://people.skolelinux.org/pere/blog/tags/nuug">nuug (153)</a></li>
303
304 <li><a href="http://people.skolelinux.org/pere/blog/tags/offentlig innsyn">offentlig innsyn (8)</a></li>
305
306 <li><a href="http://people.skolelinux.org/pere/blog/tags/open311">open311 (2)</a></li>
307
308 <li><a href="http://people.skolelinux.org/pere/blog/tags/opphavsrett">opphavsrett (44)</a></li>
309
310 <li><a href="http://people.skolelinux.org/pere/blog/tags/personvern">personvern (66)</a></li>
311
312 <li><a href="http://people.skolelinux.org/pere/blog/tags/raid">raid (1)</a></li>
313
314 <li><a href="http://people.skolelinux.org/pere/blog/tags/reprap">reprap (11)</a></li>
315
316 <li><a href="http://people.skolelinux.org/pere/blog/tags/rfid">rfid (2)</a></li>
317
318 <li><a href="http://people.skolelinux.org/pere/blog/tags/robot">robot (7)</a></li>
319
320 <li><a href="http://people.skolelinux.org/pere/blog/tags/rss">rss (1)</a></li>
321
322 <li><a href="http://people.skolelinux.org/pere/blog/tags/ruter">ruter (4)</a></li>
323
324 <li><a href="http://people.skolelinux.org/pere/blog/tags/scraperwiki">scraperwiki (2)</a></li>
325
326 <li><a href="http://people.skolelinux.org/pere/blog/tags/sikkerhet">sikkerhet (31)</a></li>
327
328 <li><a href="http://people.skolelinux.org/pere/blog/tags/sitesummary">sitesummary (4)</a></li>
329
330 <li><a href="http://people.skolelinux.org/pere/blog/tags/skepsis">skepsis (4)</a></li>
331
332 <li><a href="http://people.skolelinux.org/pere/blog/tags/standard">standard (43)</a></li>
333
334 <li><a href="http://people.skolelinux.org/pere/blog/tags/stavekontroll">stavekontroll (3)</a></li>
335
336 <li><a href="http://people.skolelinux.org/pere/blog/tags/stortinget">stortinget (8)</a></li>
337
338 <li><a href="http://people.skolelinux.org/pere/blog/tags/surveillance">surveillance (18)</a></li>
339
340 <li><a href="http://people.skolelinux.org/pere/blog/tags/sysadmin">sysadmin (1)</a></li>
341
342 <li><a href="http://people.skolelinux.org/pere/blog/tags/valg">valg (8)</a></li>
343
344 <li><a href="http://people.skolelinux.org/pere/blog/tags/video">video (39)</a></li>
345
346 <li><a href="http://people.skolelinux.org/pere/blog/tags/vitenskap">vitenskap (4)</a></li>
347
348 <li><a href="http://people.skolelinux.org/pere/blog/tags/web">web (28)</a></li>
349
350 </ul>
351
352
353 </div>
354 <p style="text-align: right">
355 Created by <a href="http://steve.org.uk/Software/chronicle">Chronicle v4.6</a>
356 </p>
357
358 </body>
359 </html>
Nettsider og blogg.