]> pere.pagekite.me Git - homepage.git/blob - blog/archive/2010/08/08.rss
Generated.
[homepage.git] / blog / archive / 2010 / 08 / 08.rss
1 <?xml version="1.0" encoding="ISO-8859-1"?>
2 <rss version='2.0' xmlns:lj='http://www.livejournal.org/rss/lj/1.0/'>
3 <channel>
4 <title>Petter Reinholdtsen - Entries from August 2010</title>
5 <description>Entries from August 2010</description>
6 <link>http://people.skolelinux.org/pere/blog/</link>
7
8
9 <item>
10 <title>Debian Edu roaming workstation - at the university of Oslo</title>
11 <link>http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</link>
12 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html</guid>
13 <pubDate>Tue, 3 Aug 2010 23:30:00 +0200</pubDate>
14 <description>
15 &lt;p&gt;The new roaming workstation profile in Debian Edu/Squeeze is fairly
16 similar to the laptop setup am I working on using Ubuntu for the
17 University of Oslo, and just for the heck of it, I tested today how
18 hard it would be to integrate that profile into the university
19 infrastructure. In this case, it is the university LDAP server,
20 Active Directory Kerberos server and SMB mounting from the Netapp file
21 servers.&lt;/p&gt;
22
23 &lt;p&gt;I was pleasantly surprised that the only three files needed to be
24 changed (/etc/sssd/sssd.conf, /etc/ldap.conf and
25 /etc/mklocaluser.d/20-debian-edu-config) and one file had to be added
26 (/usr/share/perl5/Debian/Edu_Local.pm), to get the client working.
27 Most of the changes were to get the client to use the university LDAP
28 for NSS and Kerberos server for PAM, but one was to change a hard
29 coded DNS domain name in the mklocaluser hook from .intern to
30 .uio.no.&lt;/p&gt;
31
32 &lt;p&gt;This testing was so encouraging, that I went ahead and adjusted the
33 Debian Edu scripts and setup in subversion to centralise the roaming
34 workstation setup a bit more and avoid the hardcoded DNS domain name,
35 so that when I test this tomorrow, I expect to get away with modifying
36 only /etc/sssd/sssd.conf and /etc/ldap.conf to get it to use the
37 university servers.&lt;/p&gt;
38
39 &lt;p&gt;My goal is to get the clients to have no hardcoded settings and
40 fetch all their initial setup during installation and first boot, to
41 allow them to be inserted also into environments where the default
42 setup in Debian Edu has been changed or as with the university, where
43 the environment is different but provides the protocols Debian Edu
44 uses.&lt;/p&gt;
45 </description>
46 </item>
47
48 <item>
49 <title>Autodetecting Client setup for roaming workstations in Debian Edu</title>
50 <link>http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</link>
51 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</guid>
52 <pubDate>Sat, 7 Aug 2010 14:45:00 +0200</pubDate>
53 <description>
54 &lt;p&gt;A few days ago, I
55 &lt;a href=&quot;http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html&quot;&gt;tried
56 to install&lt;/a&gt; a Roaming workation profile from Debian Edu/Squeeze
57 while on the university network here at the University of Oslo, and
58 noticed how much had to change to get it operational using the
59 university infrastructure. It was fairly easy, but it occured to me
60 that Debian Edu would improve a lot if I could get the client to
61 connect without any changes at all, and thus let the client configure
62 itself during installation and first boot to use the infrastructure
63 around it. Now I am a huge step further along that road.&lt;/p&gt;
64
65 &lt;p&gt;With our current squeeze-test packages, I can select the roaming
66 workstation profile and get a working laptop connecting to the
67 university LDAP server for user and group and our active directory
68 servers for Kerberos authentication. All this without any
69 configuration at all during installation. My users home directory got
70 a bookmark in the KDE menu to mount it via SMB, with the correct URL.
71 In short, openldap and sssd is correctly configured. In addition to
72 this, the client look for http://wpad/wpad.dat to configure a web
73 proxy, and when it fail to find it no proxy settings are stored in
74 /etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
75 configured to look for the same wpad configuration and also do not use
76 a proxy when at the university network. If the machine is moved to a
77 network with such wpad setup, it would automatically use it when DHCP
78 gave it a IP address.&lt;/p&gt;
79
80 &lt;p&gt;The LDAP server is located using DNS, by first looking for the DNS
81 entry ldap.$domain. If this do not exist, it look for the
82 _ldap._tcp.$domain SRV records and use the first one as the LDAP
83 server. Next, it connects to the LDAP server and search all
84 namingContexts entries for posixAccount or posixGroup objects, and
85 pick the first one as the LDAP base. For Kerberos, a similar
86 algorithm is used to locate the LDAP server, and the realm is the
87 uppercase version of $domain.&lt;/p&gt;
88
89 &lt;p&gt;So, what is not working, you might ask. SMB mounting my home
90 directory do not work. No idea why, but suspected the incorrect
91 Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
92 the cause. These are not properly configured during installation, and
93 had to be hand-edited to get the correct Kerberos realm and server,
94 but SMB mounting still do not work. :(&lt;/p&gt;
95
96 &lt;p&gt;With this automatic configuration in place, I expect a Debian Edu
97 roaming profile installation would be able to automatically detect and
98 connect to any site using LDAP and Kerberos for NSS directory and PAM
99 authentication. It should also work out of the box in a Active
100 Directory environment providing posixAccount and posixGroup objects
101 with UID and GID values.&lt;/p&gt;
102
103 &lt;p&gt;If you want to help out with implementing these things for Debian
104 Edu, please contact us on debian-edu@lists.debian.org.&lt;/p&gt;
105 </description>
106 </item>
107
108 <item>
109 <title>Testing if a file system can be used for home directories...</title>
110 <link>http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</link>
111 <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html</guid>
112 <pubDate>Sun, 8 Aug 2010 21:20:00 +0200</pubDate>
113 <description>
114 &lt;p&gt;A few years ago, I was involved in a project planning to use
115 Windows file servers as home directory servers for Debian
116 Edu/Skolelinux machines. This was thought to be no problem, as the
117 access would be through the SMB network file system protocol, and we
118 knew other sites used SMB with unix and samba as the file server to
119 mount home directories without any problems. But, after months of
120 struggling, we had to conclude that our goal was impossible.&lt;/p&gt;
121
122 &lt;p&gt;The reason is simply that while SMB can be used for home
123 directories when the file server is Samba running on Unix, this only
124 work because of Samba have some extensions and the fact that the
125 underlying file system is a unix file system. When using a Windows
126 file server, the underlying file system do not have POSIX semantics,
127 and several programs will fail if the users home directory where they
128 want to store their configuration lack POSIX semantics.&lt;/p&gt;
129
130 &lt;p&gt;As part of this work, I wrote a small C program I want to share
131 with you all, to replicate a few of the problematic applications (like
132 OpenOffice.org and GCompris) and see if the file system was working as
133 it should. If you find yourself in spooky file system land, it might
134 help you find your way out again. This is the fs-test.c source:&lt;/p&gt;
135
136 &lt;pre&gt;
137 /*
138 * Some tests to check the file system sematics. Used to verify that
139 * CIFS from a windows server do not work properly as a linux home
140 * directory.
141 * License: GPL v2 or later
142 *
143 * needs libsqlite3-dev and build-essential installed
144 * compile with: gcc -Wall -lsqlite3 -DTEST_SQLITE fs-test.c -o fs-test
145 */
146
147 #define _FILE_OFFSET_BITS 64
148 #define _LARGEFILE_SOURCE 1
149 #define _LARGEFILE64_SOURCE 1
150
151 #define _GNU_SOURCE /* for asprintf() */
152
153 #include &lt;errno.h&gt;
154 #include &lt;fcntl.h&gt;
155 #include &lt;stdio.h&gt;
156 #include &lt;string.h&gt;
157 #include &lt;stdlib.h&gt;
158 #include &lt;sys/file.h&gt;
159 #include &lt;sys/stat.h&gt;
160 #include &lt;sys/types.h&gt;
161 #include &lt;unistd.h&gt;
162
163 #ifdef TEST_SQLITE
164 /*
165 * Test sqlite open, as done by gcompris require the libsqlite3-dev
166 * package and linking with -lsqlite3. A more low level test is
167 * below.
168 * See also &lt;URL: http://www.sqlite.org./faq.html#q5 &gt;.
169 */
170 #include &lt;sqlite3.h&gt;
171 #define CREATE_TABLE_USERS \
172 &quot;CREATE TABLE users (user_id INT UNIQUE, login TEXT, lastname TEXT, firstname TEXT, birthdate TEXT, class_id INT ); &quot;
173 int test_sqlite_open(void) {
174 char *zErrMsg;
175 char *name = &quot;testsqlite.db&quot;;
176 sqlite3 *db=NULL;
177 unlink(name);
178 int rc = sqlite3_open(name, &amp;db);
179 if( rc ){
180 printf(&quot;error: sqlite open of %s failed: %s\n&quot;, name, sqlite3_errmsg(db));
181 sqlite3_close(db);
182 return -1;
183 }
184
185 /* create tables */
186 rc = sqlite3_exec(db,CREATE_TABLE_USERS, NULL, 0, &amp;zErrMsg);
187 if( rc != SQLITE_OK ){
188 printf(&quot;error: sqlite table create failed: %s\n&quot;, zErrMsg);
189 sqlite3_close(db);
190 return -1;
191 }
192 printf(&quot;info: sqlite worked\n&quot;);
193 sqlite3_close(db);
194 return 0;
195 }
196 #endif /* TEST_SQLITE */
197
198 /*
199 * Demonstrate locking issue found in gcompris using sqlite3. This
200 * work with ext3, but not with cifs server on Windows 2003. This is
201 * done in the sqlite3 library.
202 * See also
203 * &lt;URL:http://www.cygwin.com/ml/cygwin/2001-08/msg00854.html&gt; and the
204 * POSIX specification
205 * &lt;URL:http://www.opengroup.org/onlinepubs/009695399/functions/fcntl.html&gt;.
206 */
207 int test_gcompris_locking(void) {
208 struct flock fl;
209 char *name = &quot;testsqlite.db&quot;;
210 unlink(name);
211 int fd = open(name, O_RDWR|O_CREAT|O_LARGEFILE, 0644);
212 printf(&quot;info: testing fcntl locking\n&quot;);
213
214 fl.l_whence = SEEK_SET;
215 fl.l_pid = getpid();
216 printf(&quot; Read-locking 1 byte from 1073741824&quot;);
217 fl.l_start = 1073741824;
218 fl.l_len = 1;
219 fl.l_type = F_RDLCK;
220 if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
221
222 printf(&quot; Read-locking 510 byte from 1073741826&quot;);
223 fl.l_start = 1073741826;
224 fl.l_len = 510;
225 fl.l_type = F_RDLCK;
226 if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
227
228 printf(&quot; Unlocking 1 byte from 1073741824&quot;);
229 fl.l_start = 1073741824;
230 fl.l_len = 1;
231 fl.l_type = F_UNLCK;
232 if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
233
234 printf(&quot; Write-locking 1 byte from 1073741824&quot;);
235 fl.l_start = 1073741824;
236 fl.l_len = 1;
237 fl.l_type = F_WRLCK;
238 if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
239
240 printf(&quot; Write-locking 510 byte from 1073741826&quot;);
241 fl.l_start = 1073741826;
242 fl.l_len = 510;
243 if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
244
245 printf(&quot; Unlocking 2 byte from 1073741824&quot;);
246 fl.l_start = 1073741824;
247 fl.l_len = 2;
248 fl.l_type = F_UNLCK;
249 if (0 != fcntl(fd, F_SETLK, &amp;fl) ) printf(&quot; - error!\n&quot;); else printf(&quot;\n&quot;);
250
251 close(fd);
252 return 0;
253 }
254
255 /*
256 * Test if permissions of freshly created directories allow entries
257 * below them. This was a problem with OpenOffice.org and gcompris.
258 * Mounting with option &#39;sync&#39; seem to solve this problem while
259 * slowing down file operations.
260 */
261 int test_subdirectory_creation(void) {
262 #define LEVELS 5
263 char *path = strdup(&quot;test&quot;);
264 char *dirs[LEVELS];
265 int level;
266 printf(&quot;info: testing subdirectory creation\n&quot;);
267 for (level = 0; level &lt; LEVELS; level++) {
268 char *newpath = NULL;
269 if (-1 == mkdir(path, 0777)) {
270 printf(&quot; error: Unable to create directory &#39;%s&#39;: %s\n&quot;,
271 path, strerror(errno));
272 break;
273 }
274 asprintf(&amp;newpath, &quot;%s/%s&quot;, path, &quot;test&quot;);
275 free(path);
276 path = newpath;
277 }
278 return 0;
279 }
280
281 /*
282 * Test if symlinks can be created. This was a problem detected with
283 * KDE.
284 */
285 int test_symlinks(void) {
286 printf(&quot;info: testing symlink creation\n&quot;);
287 unlink(&quot;symlink&quot;);
288 if (-1 == symlink(&quot;file&quot;, &quot;symlink&quot;))
289 printf(&quot; error: Unable to create symlink\n&quot;);
290 return 0;
291 }
292
293 int main(int argc, char **argv) {
294 printf(&quot;Testing POSIX/Unix sematics on file system\n&quot;);
295 test_symlinks();
296 test_subdirectory_creation();
297 #ifdef TEST_SQLITE
298 test_sqlite_open();
299 #endif /* TEST_SQLITE */
300 test_gcompris_locking();
301 return 0;
302 }
303 &lt;/pre&gt;
304
305 &lt;p&gt;When everything is working, it should print something like
306 this:&lt;/p&gt;
307
308 &lt;pre&gt;
309 Testing POSIX/Unix sematics on file system
310 info: testing symlink creation
311 info: testing subdirectory creation
312 info: sqlite worked
313 info: testing fcntl locking
314 Read-locking 1 byte from 1073741824
315 Read-locking 510 byte from 1073741826
316 Unlocking 1 byte from 1073741824
317 Write-locking 1 byte from 1073741824
318 Write-locking 510 byte from 1073741826
319 Unlocking 2 byte from 1073741824
320 &lt;/pre&gt;
321
322 &lt;p&gt;I do not remember the exact details of the problems we saw, but one
323 of them was with locking, where if I remember correctly, POSIX allow a
324 read-only lock to be upgraded to a read-write lock without unlocking
325 the read-only lock (while Windows do not). Another was a bug in the
326 CIFS/SMB client implementation in the Linux kernel where directory
327 meta information would be wrong for a fraction of a second, making
328 OpenOffice.org fail to create its deep directory tree because it was
329 not allowed to create files in its freshly created directory.&lt;/p&gt;
330
331 &lt;p&gt;Anyway, here is a nice tool for your tool box, might you never need
332 it. :)&lt;/p&gt;
333 </description>
334 </item>
335
336 </channel>
337 </rss>