Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Edubuntu User (http://www.linux-archive.org/edubuntu-user/)
-   -   LTSP5 and openLDAP, first draft in finnish (http://www.linux-archive.org/edubuntu-user/234910-ltsp5-openldap-first-draft-finnish.html)

Asmo Koskinen 01-26-2009 06:58 PM

LTSP5 and openLDAP, first draft in finnish
 
Well, here is first draft in finnish (we will translate this in english
in next week, I hope):

http://wiki.ubuntu-fi.org/LTSP5_openLDAP

Missing parts includes SSL/SASL between LTSP5-server and openLDAP-server
and NFS-server for /home. I hope we have these in next week, too.

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 01-26-2009 07:09 PM

LTSP5 and openLDAP, first draft in finnish
 
Asmo Koskinen kirjoitti:

> http://wiki.ubuntu-fi.org/LTSP5_openLDAP

Ahh,.. this is not a howto, it is more like a big picture how to system
works. But there will be also traditional copy-paste howto based on
this. That's the promise ;-).

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

David Van Assche 01-27-2009 07:47 AM

LTSP5 and openLDAP, first draft in finnish
 
Nice job. There is quite a bit of info on this at:
https://help.ubuntu.com/community/UbuntuLTSP/LTSPFatClients

as well as the official LTSP documentation... Perhaps u can use that
for the SASL and nfs part... Its been a while since I used LDAP
though, since I fell back to simply synching users between server and
chroot...

kind Regards,
David Van Assche

On Mon, Jan 26, 2009 at 9:09 PM, Asmo Koskinen <asmo.koskinen@arkki.info> wrote:
> Asmo Koskinen kirjoitti:
>
>> http://wiki.ubuntu-fi.org/LTSP5_openLDAP
>
> Ahh,.. this is not a howto, it is more like a big picture how to system
> works. But there will be also traditional copy-paste howto based on
> this. That's the promise ;-).
>
> Best Regards Asmo Koskinen.
>
> --
> edubuntu-users mailing list
> edubuntu-users@lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
>

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 01-27-2009 08:39 AM

LTSP5 and openLDAP, first draft in finnish
 
David Van Assche kirjoitti:

> https://help.ubuntu.com/community/UbuntuLTSP/LTSPFatClients
>
> Perhaps u can use that
> for the SASL and nfs part...

I didn't ;-). I have great tutor for me - Mikael Lammentausta. He did
very first installation in workshop at Valamo.
----

But here we go again. Now with NFS.

http://wiki.ubuntu-fi.org/LTSP5_openLDAP#head-820b525c439e34abdd6e012662a4fb6aead45b06

http://www.arkki.info/howto/Wiki/LTSP5-openLDAP/etc-ltsp5-nfs/
http://www.arkki.info/howto/Wiki/LTSP5-openLDAP/etc-openldap-nfs/

I have this faithful little laptop - Asus Eee 701. I have lts.conf like
this one for Eee:

[00:22:15:15:4B:4C]
X_CONF = /etc/X11/asus-eee-xorg.conf
X_COLOR_DEPTH=16
LDM_DIRECX=True
LDM_AUTOLOGIN=True
LDM_USERNAME=ltsp001
LDM_PASSWORD=edubuntu
----

1. Eee boots up.
2. Login by openLDAP.
3. There is no home for ltsp001 so openLDAP create it's on the fly in
the NFS-server, same as openLDAP-server.
4. Eee is ready to use.
5. All automagically - best for very little children.

And this is from openLDAP-server

Jan 27 10:40:18 ubuntu mountd[5394]: authenticated mount request from
192.168.1.101:1016 for /home/ltsp001 (/home)

This is from LTSP5-server

Jan 27 10:42:04 ubuntu sshd[6904]: Accepted password for ltsp001 from
192.168.1.200 port 56724 ssh2
Jan 27 10:42:04 ubuntu sshd[6925]: pam_unix(sshd:session): session
opened for user ltsp001 by (uid=0)
Jan 27 10:42:04 ubuntu sshd[6925]: pam_mount(mount.c:182) realpath of
volume "/home/ltsp001" is "/home/ltsp001"
----

Now SSl/SASL...

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 01-27-2009 01:34 PM

LTSP5 and openLDAP, first draft in finnish
 
Asmo Koskinen kirjoitti:

> But here we go again. Now with NFS.
>
> http://wiki.ubuntu-fi.org/LTSP5_openLDAP#head-820b525c439e34abdd6e012662a4fb6aead45b06

I like to idea that Eee can be both thin client and full wlan laptop. So
I have NBR in Eee: http://www.canonical.com/projects/ubuntu/nbr

I can login with local UID (asmok), but for ltsp001 (LDAP UID) I got
error messages in Eee (auth.log). Local UID has /home/asmok in
NFS-server, pam_mount works for local user.

I will double check everything, but this works from Eee?

asmok@eee:~$ ldapsearch -x -D "cn=nss,dc=ubuntu,dc=fi" -W | grep ltsp001
Enter LDAP Password:
# ltsp001, People, ubuntu.fi
dn: uid=ltsp001,ou=People,dc=ubuntu,dc=fi
uid: ltsp001
homeDirectory: /home/ltsp001
asmok@eee:~$

Anyone familiar with this information about pam_mount?

Jan 27 16:16:54 eee gdm[4667]: pam_mount(pam_mount.c:170)
conv->conv(...): Keskusteluvirhe
Jan 27 16:16:54 eee gdm[4667]: pam_mount(pam_mount.c:296) error trying
to read password
Jan 27 16:16:54 eee gdm[4667]: pam_unix(gdm:auth): auth could not
identify password for [ltsp001]
Jan 27 16:17:10 eee gdm[5258]: gkr-pam: error looking up user information
Jan 27 16:17:21 eee gdm[5258]: pam_unix(gdm:auth): check pass; user unknown
Jan 27 16:17:22 eee gdm[5258]: pam_unix(gdm:auth): authentication
failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jan 27 16:17:22 eee gdm[5258]: pam_unix(gdm:account): could not identify
user (from getpwnam(ltsp001))
Jan 27 16:18:58 eee gdm[5258]: gkr-pam: no password is available for user
Jan 27 16:19:08 eee gdm[5258]: pam_unix(gdm:session): session opened for
user asmok by (uid=0)
Jan 27 16:19:08 eee gdm[5258]: pam_mount(mount.c:182) realpath of volume
"/home/asmok" is "/home/asmok"

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 01-27-2009 08:34 PM

LTSP5 and openLDAP, first draft in finnish
 
Asmo Koskinen kirjoitti:

> I will double check everything, but this works from Eee?
>
> asmok@eee:~$ ldapsearch -x -D "cn=nss,dc=ubuntu,dc=fi" -W | grep ltsp001
> Enter LDAP Password:
> # ltsp001, People, ubuntu.fi
> dn: uid=ltsp001,ou=People,dc=ubuntu,dc=fi
> uid: ltsp001
> homeDirectory: /home/ltsp001
> asmok@eee:~$

Well, is anybody actually using gdm/pam/openldap system? I do found
nothing but lots of messages how it is not working... very same way what
I have found...

This is closest I can get.

Jan 27 22:57:32 eee gdm[4652]: pam_unix(gdm:auth): check pass; user unknown
Jan 27 22:57:32 eee gdm[4652]: pam_unix(gdm:auth): authentication
failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jan 27 22:57:32 eee gdm[4652]: pam_unix(gdm:account): could not identify
user (from getpwnam(ltsp001))
----

I really do not get it - why very same server and very same setup works
with lan/ltsp/thin client, but not with wlan/laptop...
----

I give up this one and take focus to the ssl/sasl.

Best Regards Asmo Koskinen.


--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 01-28-2009 08:54 PM

LTSP5 and openLDAP, first draft in finnish
 
David Van Assche kirjoitti:

> https://help.ubuntu.com/community/UbuntuLTSP/LTSPFatClients

Original LTSP5/openLDAP setup for thin clients works very well.

But I do not make this easy for me. Laptop with wlan and /home mounted
by nfs from openLDP-server ;-). Anyway, I have mixed mine (read: my
tutor's) and David's ones to the Eee laptop. I can login with local uid,
but no hope for openLDAP login.
----

I think that my very basic setup for Eee is OK.

admin-eee@eee:~$ ldapsearch -x -D "cn=nss,dc=ubuntu,dc=fi" -W | grep ltsp001
Enter LDAP Password:
# ltsp001, People, ubuntu.fi
dn: uid=ltsp001,ou=People,dc=ubuntu,dc=fi
uid: ltsp001
homeDirectory: /home/ltsp001

admin-eee@eee:~$ finger ltsp001
finger: ltsp001: no such user.
admin-eee@eee:~$
----

This is kind of weird to me.

admin-eee@eee:~$ ssh ltsp001@192.168.1.102
The authenticity of host '192.168.1.102 (192.168.1.102)' can't be
established.
RSA key fingerprint is f4:dc:d1:07:11:be:45:01:62:e5:90:37:62:db:6e:6d.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.102' (RSA) to the list of known hosts.
ltsp001@192.168.1.102's password:
Linux ubuntu 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686

Last login: Thu Jan 8 23:43:36 2009
id: ryhmä-ID:tä 10000 vastaavaa nimeä ei löydy
I have no name!@ubuntu:~$ exit
logout
Connection to 192.168.1.102 closed.
admin-eee@eee:~$
----

And of course gdm do not let me in.

Jan 28 23:23:08 eee gdm[4676]: pam_unix(gdm:auth): check pass; user unknown
Jan 28 23:23:08 eee gdm[4676]: pam_unix(gdm:auth): authentication
failure; logname= uid=0 euid=0 tty=:0 ruser= rhost=
Jan 28 23:23:08 eee gdm[4676]: pam_unix(gdm:account): could not identify
user (from getpwnam(ltsp001))
----

There is this howto, too.

https://help.ubuntu.com/community/PamCcredsHowto
----

My all gdm/pam/openldap files for Eee are here, if somebody has time to
look at them.

http://www.arkki.info/howto/Wiki/LTSP5-openLDAP/Eee-openLDAP/
----

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 02-02-2009 02:04 PM

LTSP5 and openLDAP, first draft in finnish
 
Asmo Koskinen kirjoitti:

> Original LTSP5/openLDAP setup for thin clients works very well.
> I think that my very basic setup for Eee is OK.

So I installed Fedora 10 in a fat laptop (Acer TM 6592). There is a
light at the end tunnel... Fedora 10 can do GDM/PAM/openLDAP over LAN
(eth0).

----
asmok@ubuntu:~$ ssh ltsp001@192.168.1.220
ltsp001@192.168.1.220's password:

Last login: Mon Feb 2 16:35:56 2009

-bash-3.2$ id ltsp001
uid=1001(ltsp001) gid=10000 ryhmt=10000
-bash-3.2$

-bash-3.2$ su
Salasana:
[root@fedora ltsp001]#
----

http://www.arkki.info/howto/Wiki/LTSP5-openLDAP/etc-fedora/

So what you think - is it possible to just copy those working PAM lines
from Fedora 10 to the UNR 1.0.1? Well, that is anyway my next stop...
And if not, then my trip stops here ;-).

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 02-04-2009 08:51 PM

LTSP5 and openLDAP, first draft in finnish
 
Asmo Koskinen kirjoitti:

> So what you think - is it possible to just copy those working PAM lines
> from Fedora 10 to the UNR 1.0.1? Well, that is anyway my next stop...
> And if not, then my trip stops here ;-).

It is possible ;-)

I have now a very nice test environment here at home.

* ubuntu-ltsp5 - Ubuntu 8.04.2 i386 - mount /home

* ubuntu-openldap - Ubuntu 8.04.2 i386 - exports /home

* ubuntu-eee - Ubuntu Netbook Remix 1.0.1 lpia - mount /home
- Asus Eee 701 4G

* ubuntu-laptop - Ubuntu 8.10 AMD64 - mount /home
- Acer TM 6592

I can boot both laptops as a thin client with auto login on the LAN
and also as a real laptop with same login and home on the WLAN. Just great.

One thing I still missing is securing openldap server with tsl/ssl.

That will be my last and final stop ;-).

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Asmo Koskinen 02-05-2009 05:11 AM

LTSP5 and openLDAP, first draft in finnish
 
Asmo Koskinen kirjoitti:

> I can boot both laptops as a thin client with auto login on the LAN
> and also as a real laptop with same login and home on the WLAN. Just great.

Next generation's mini/netbooks are great for this kind of use.

http://www.linuxdevices.com/news/NS2217646878.html

Best Regards Asmo Koskinen.

--
edubuntu-users mailing list
edubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/edubuntu-users


All times are GMT. The time now is 06:24 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.