From: Petter Reinholdtsen Date: Sat, 7 Aug 2010 12:47:11 +0000 (+0000) Subject: Add link. X-Git-Url: https://pere.pagekite.me/gitweb/homepage.git/commitdiff_plain/fda196f937299486eb9daa1888f92ad1f64d6963?ds=inline Add link. --- diff --git a/blog/data/2010-08-07-edu-autoconf.txt b/blog/data/2010-08-07-edu-autoconf.txt new file mode 100644 index 0000000000..4bfb969d1c --- /dev/null +++ b/blog/data/2010-08-07-edu-autoconf.txt @@ -0,0 +1,45 @@ +Title: Autodetecting Client setup for roaming workstations in Debian Edu +Tags: english, nuug, debian edu +Date: 2010-08-07 14:45 + +

A few days ago, I +tried +to install a Roaming workation profile from Debian Edu/Squeeze +while on the university network here at the University of Oslo, and +noticed how much had to change to get it operational using the +university infrastructure. It was fairly easy, but it occured to me +that Debian Edu would improve a lot if I could get the client to +connect without any changes at all, and thus let the client configure +itself during installation and first boot to use the infrastructure +around it. Now I am a huge step further along that road.

+ +

With our current squeeze-test packages, I can select the roaming +workstation profile and get a working laptop connecting to the +university LDAP server for user and group and our active directory +servers for Kerberos authentication. My users home directory got a +bookmark in the KDE menu to mount it via SMB, with the correct URL. +In short, openldap and sssd is correctly configured. In addition to +this, the client look for http://wpad/wpad.dat to configure a web +proxy, and when it fail to find it no proxy settings are stored in +/etc/environment and /etc/apt/apt.conf. Iceweasel and KDE is +configured to look for the same wpad configuration and also do not use +a proxy when at the university network. If the machine is moved to a +network with such wpad setup, it would automatically use it when DHCP +gave it a IP address.

+ +

So, what is not working, you might ask. SMB mounting my home +directory do not work. No idea why, but suspected the incorrect +Kerberos settings in /etc/krb5.conf and /etc/samba/smb.conf might be +the cause. These are not properly configured during installation, and +had to be hand-edited to get the correct Kerberos realm and server, +but SMB mounting still do not work. :(

+ +

With this automatic configuration in place, I expect a Debian Edu +roaming profile installation would be able to automatically detect and +connect to any site using LDAP and Kerberos for NSS directory and PAM +authentication. It should also work out of the box in a Active +Directory environment providing posixAccount and posixGroup objects +with UID and GID values.

+ +

If you want to help out with implementing these things for Debian +Edu, please contact us on debian-edu@lists.debian.org.