- <item>
- <title>Autodetecting Client setup for roaming workstations in Debian Edu</title>
- <link>http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</link>
- <guid isPermaLink="true">http://people.skolelinux.org/pere/blog/Autodetecting_Client_setup_for_roaming_workstations_in_Debian_Edu.html</guid>
- <pubDate>Sat, 7 Aug 2010 14:45:00 +0200</pubDate>
- <description>
-<p>A few days ago, I
-<a href="http://people.skolelinux.org/pere/blog/Debian_Edu_roaming_workstation___at_the_university_of_Oslo.html">tried
-to install</a> a Roaming workation profile from Debian Edu/Squeeze
-while on the university network here at the University of Oslo, and
-noticed how much had to change to get it operational using the
-university infrastructure. It was fairly easy, but it occured to me
-that Debian Edu would improve a lot if I could get the client to
-connect without any changes at all, and thus let the client configure
-itself during installation and first boot to use the infrastructure
-around it. Now I am a huge step further along that road.</p>
-
-<p>With our current squeeze-test packages, I can select the roaming
-workstation profile and get a working laptop connecting to the
-university LDAP server for user and group and our active directory
-servers for Kerberos authentication. All this without any
-configuration at all during installation. My users home directory got
-a bookmark in the KDE menu to mount it via SMB, with the correct URL.
-In short, openldap and sssd is correctly configured. In addition to
-this, the client look for http://wpad/wpad.dat to configure a web
-proxy, and when it fail to find it no proxy settings are stored in
-/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is
-configured to look for the same wpad configuration and also do not use
-a proxy when at the university network. If the machine is moved to a
-network with such wpad setup, it would automatically use it when DHCP
-gave it a IP address.</p>
-
-<p>The LDAP server is located using DNS, by first looking for the DNS
-entry ldap.$domain. If this do not exist, it look for the
-_ldap._tcp.$domain SRV records and use the first one as the LDAP
-server. Next, it connects to the LDAP server and search all
-namingContexts entries for posixAccount or posixGroup objects, and
-pick the first one as the LDAP base. For Kerberos, a similar
-algorithm is used to locate the LDAP server, and the realm is the
-uppercase version of $domain.</p>
-
-<p>So, what is not working, you might ask. SMB mounting my home
-directory do not work. No idea why, but suspected the incorrect
-Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be
-the cause. These are not properly configured during installation, and
-had to be hand-edited to get the correct Kerberos realm and server,
-but SMB mounting still do not work. :(</p>
-
-<p>With this automatic configuration in place, I expect a Debian Edu
-roaming profile installation would be able to automatically detect and
-connect to any site using LDAP and Kerberos for NSS directory and PAM
-authentication. It should also work out of the box in a Active
-Directory environment providing posixAccount and posixGroup objects
-with UID and GID values.</p>
-
-<p>If you want to help out with implementing these things for Debian
-Edu, please contact us on debian-edu@lists.debian.org.</p>
-</description>
- </item>
-
projects / homepage.git / blobdiff