cf. http://developer.skolelinux.no/~ozmund/slxubuntu.html

Suggestion: Rename page to -> FremdDistro

Integration of Ubuntu into Skolelinux/Debian-Edu

German Version: /AufDeutsch

BitteUebersetzen English -> Deutsch -- KurtGramlich 2005-11-13 19:35:30

BitteTesten ob das funktioniert

Running Ubuntu 5.04 as a Skolelinux 1.0 workstation

WARNING! This is not official, just some work I did to experiment.

I do not recomend to use it in production. This is not a good way of doing things, It's just an ugly hack.

All below is done on the ubuntu workstation, except the netgroup step which can be done from any browser.

  1. Install Ubuntu 5.04
  2. modify '/etc/apt/sources.list' to include universe
    • the 'libnss-ldap' package is in universe
  3. Run 'apt-get update'
  4. Run 'apt-get install libnss-ldap libpam-ldap autofs autofs-ldap nfs-common'
    • I just accepted the standard values in the configuration, since I'm going to use config files from a Skolelinux 1.0 workstation later. {i}

  5. replace the file '/etc/libnss-ldap.conf' with a Skolelinux 1.0 workstation '/etc/libnss-ldap.conf' {i}

  6. replace the file '/etc/pam_ldap.conf' with a Skolelinux 1.0 workstation '/etc/pam_ldap.conf' {i}

  7. replace the file '/etc/nsswitch.conf' with a Skolelinux 1.0 workstation '/etc/nsswitch.conf' {i}

  8. replace the directory '/etc/ldap/' with a Skolelinux 1.0 workstation '/etc/ldap/'
  9. replace the directory '/etc/pam.d/ with a Skolelinux 1.0 workstation '/etc/pam.d'
    • make symbolic links for gdm and xscreensaver (tips: look at kdm and kscreensaver).
  10. Run 'mkdir /tjener'
  11. remove the file '/etc/auto.master'
  12. replace the file '/etc/default/autofs' with a Skolelinux 1.0 workstation '/etc/default/autofs' {i}

  13. replace the file '/etc/init.d/autofs' with a Skolelinux 1.0 workstation '/etc/init.d/autofs' {i}

    • I don't know what goes wrong with the ubuntu version, but the slx version works with slx mainserver.
  14. put your ubuntu workstation in the workstation netgroup, using WLUS ('https://tjener.intern:10000')

  15. Run '/etc/init.d/autofs restart'


If I remember correctly, it's using self-signed certificates. Try cut'n'paste this into a terminal as root: echo "TLS_REQCERT allow" >> /etc/ldap.conf

This will enable your client to work with ldapservers using self-signed certificates.

Another thing. The commonName in the server-certificate is maybe ldap.intern and not just ldap - so contacting the server by hostname 'ldap.intern' might also solve your problem - since you always should contact the ssl-/tls-enabled server by the (set) of commonName(s) it uses.

You can check any ssl-certificate service by using the utils in OpenSSL.

E.g.: openssl s_client -showcerts <hostname>:<port>   which would print out all certificates in the certificate-chain the the remote service holds.

The s_client command has other nice options you can play with as well.



Uptdated Howto by Klaus-Ade for Sarge (incl. conf-files)

Last year in July, I wrote a *very* quick guide on integrating a "foreign" Linux distribution into the Skolelinux/Debian ldap/autofs setup, here:

Lately people have told me that they haven't had any success following the instructions in that mail.

So, I though I'd try following those instructions myself, and see how well that goes, success, and here is how. (I might add that this Howto worked very nice also on a normal Debian Sarge worksation.)

Last time I used a Knoppix installed to hardrive as "foreign" Linux distribution, this time I'll use Ubuntu 5.10, I will not comment on Ubuntu itself.

The server is based on Skolelinux/debian-edu pr05, which is Sarge based.

First on the Ubuntu machine, you must enable the universe package repository, by adding/uncommenting these lines to your /etc/apt/sources.list

deb http://no.archive.ubuntu.com/ubuntu breezy universe 
deb http://security.ubuntu.com/ubuntu breezy-security universe

Then do your apt-get update

You need some packages installed on Ubuntu for all this to work:

apt-get install autofs-ldap ldap-utils libldap2 libnss-ldap libpam-ldap nscd

Also install ssh, as that is very handy to have installed, and Ubuntu doesn't install it as default:

apt-get install ssh

Just press [Enter] and accept whatere default you are presented with regarding ldap and so on, we will take care of the configuration files later.

From a Skolelinux/Debian-edu (in this case based on pr05) workstation take the following files/directories:

/etc/pam.d  
/etc/nsswitch.conf  
/etc/libnss-ldap.conf 
/etc/nscd.conf 
/etc/default/autofs  
/etc/init.d/autofs 
/etc/ldap 
/etc/pam_ldap.conf 
/etc/auto.master

There might be files included here, that is not necessary for making ldap/autofs work, someone should comment on that, please.

For those without a Skolelinux/debian-edu workstation, I've uploaded these files to http://www.skolelinux.no/~klaus/skolelinux.ldap.autofs.tgz

You should also take a backup copy of these files on your Ubuntu machine, before installing these files from Skolelinux/Debian-edu: this is a handy way of doing that:( \ means one long line)

tar zcvf Ubuntu.ldap.autofs.backup.tgz \
/etc/pam.d \
/etc/nsswitch.conf  \
/etc/libnss-ldap.conf \ 
/etc/nscd.conf \
/etc/default/autofs  \
/etc/init.d/autofs \
/etc/ldap \
/etc/pam_ldap.conf \
/etc/auto.master

It's almost the same way for copying these files from the Skolelinux/Debian-edu machine:( \ means one long line)

tar zcvf skolelinux.ldap.autofs.tgz \ 
/etc/pam.d \
/etc/nsswitch.conf  \
/etc/libnss-ldap.conf \ 
/etc/nscd.conf \
/etc/default/autofs  \
/etc/init.d/autofs \
/etc/ldap \
/etc/pam_ldap.conf \
/etc/auto.master

Transfer this archive Skolelinux.ldap.autofs.tgz over to the Ubuntu machine somehow, maybe with scp scp skolelinux.ldap.autofs.tgz username@ubuntumachine:~/

Become root, then unpack the archive skolelinux.ldap.autofs.tgz

tar zvxf skolelinux.ldap.autofs.tgz  -C /

Create the automount point on Ubuntu

mkdir /skole

Unless you add your Ubuntu machine to the Skolelinux/debian edu netgroups, it's won't be able to mount your home-dirs, have a look at http://www.skolelinux.no/~klaus/newnotater/x2097.html

When this is all done, reboot the Ubuntu machine.

When it starts again, you should be able to verify that ldap is working in Ubuntu by running: getent passwd and seeing all your Skolelinux/debian-edu ldap-users

Running su - username should let you become that user, and that users home-dir should now automatically be mounted from Skolelinux/debian-edu.

If the process of mounting takes very loooong, several minutes, and you simultaneously see this messages in syslog on the Ubuntu machine:

nfs warning: mount version older than kernel 
server localhost not responding, timed out
nsm_mon_unmon: rpc failed, status=-5
lockd: cannot monitor 10.0.2.2
lockd: failed to monitor 10.0.2.2

Recommended: Additionally install nfs-commom on your client: # apt-get install nfs-common

Not recommended (long delays) - not necessary if you installed nfs-commom on your client:

Then you might want to add the option nolock to ldap on your server, 
this does that on the Skolelinux/debian-edu server: 

# ldapsearch -LLLx objectClass=automount automountInformation | sed -e "s:intr tjener:intr,nolock tjener:g" | ldapmodify -xWZD  cn=admin,ou=People,dc=skole,dc=Skolelinux,dc=no

After this you must restart ldap:
# /etc/init.d/slapd restart

You should now be able to login, with you username/password and homedir from Skolelinux/debian-edu.

Please drop me an email if this works, and if this doesn't work.

There might be a more layout friendly verson of this mail included in the upcoming Sarge version of newdriftbook;

Klaus

Debian Etch

Applying this how-to in a desktop install of debian etch resulted in the dhcp client acting up. During boot it would receive and lose it's ip address. The culprint was the package "network-manager". Removing this package with "aptitude remove network-manager" fixed the problem

Sebastiaan

...Ubuntu 8.04 (Hardy Heron)... noticed following changes in ubuntu:

-libldap2 is replaced by libldap-2.4-2


Skolelinux/Ubuntu (zuletzt geändert am 2013-11-03 12:10:34 durch anonym)

Alle Inhalte in diesem Wiki stehen unter der GPL.