Differences between revisions 3 and 4
Revision 3 as of 2008-10-20 17:49:36
Size: 7092
Comment: typo
Revision 4 as of 2008-10-20 18:54:33
Size: 7313
Comment: update status
Deletions are marked like this. Additions are marked like this.
Line 19: Line 19:
||<#7fa0cf>0||<#7fa0cf>Basic infrastructure      ||<#cf7fa0>accomplished|| ||<#7fa0cf>0||<#7fa0cf>Basic infrastructure ||<#cf7fa0>partly accomplished||
Line 21: Line 21:
||0.2 || Install Skolelinux ||<#a0cf7f> installed ||
||0.3 || create image (t0) from Skolelinux ||<#cf7fa0>link to t0 ||
||0.4 || Functional test of Skolelinux: Can Clients join domain? ||<#cf7fa0> yes ||
||0.5 || If yes: create image (t1) ||<#cf7fa0> restored ||
||0.6 || If yes: restore to image (t0) ||<#cf7fa0> yes ||
||0.7 || Is t0 OK? ||<#cf7fa0> yes ||
||0.8 || yes t0 is OK: install SVN CipUX                       ||<#cf7fa0> installed  ||
||0.9 || if t0
OK: create image (t2) from Skolelinux SVN CipUX ||<#cf7fa0> link to t2 ||
||0.10|| Pam should already be configured ||<#a0cf7f> OK ||
||0.2 || Install Skolelinux ||<#a0cf7f>installed  ||
||0.3 || create image (t0) from Skolelinux ||<#cf7fa0>link to t0 missing ||
||0.4 || Functional test of Skolelinux: Can Clients join domain? ||<#a0cf7f>yes  ||
||0.5 || If yes: create image (t1) ||<#a0cf7f>restored  ||
||0.6 || If yes: restore to image (t0) ||<#a0cf7f>yes  ||
||0.7 || Is t0 OK? ||<#a0cf7f>yes  ||
||0.8 || yes t0 is OK: install packages CipUX ||<#a0cf7f>installed ||
||0.9 || if t0 OK: create image (t2) from Skolelinux
SVN CipUX ||<#cf7fa0>link to t2 missing ||
||0.10|| Pam shoul
d already be configured ||<#a0cf7f>OK          ||
Line 35: Line 35:
||2.1 || create that account via LDIF with relevant samba attr. || created ||
||2.2 || The account has all samba entries || yes ||
||2.3 || The account has all CipUX entries || yes ||
||2.4 || save LDIF in SVN || link ||
||2.5 || add "cipadmin" to "admins" via LDIF || added ||
||2.6 || save the LDIF in SVN || link ||
||2.7 || "cipadmin" can be used to add win clients to domains || yes ||
||2.1 || create that account via LWAT with relevant samba attr. ||<#a0cf7f>created ||
||2.2 || The account has all samba entries ||<#a0cf7f>yes ||
||2.3 || The account has all CipUX entries ||<#a0cf7f>yes ||
||2.4 || save LDIF in SVN ||<#cf7fa0>link ||
||2.5 || add "cipadmin" to "admins" via LDIF ||<#a0cf7f>added ||
||2.6 || save the LDIF in SVN ||<#cf7fa0>link ||
||2.7 || "cipadmin" can be used to add win clients to domains ||<#a0cf7f> yes ||
Line 43: Line 43:
||3.1 || The trust account for CipUX under DebianEdu is cn=admin      || OK ||
||3.2 || Can cn=admin access all needed attributes: check ACL. || yes ||
||3.3 || Create a different cipux-storage-structure.conf || created ||
||3.4 || Change relevant RDN in this file ou=User -> ou=People  || OK ||
||3.1 || The trust account for CipUX under DebianEdu is cn=admin,ou=People ||<#a0cf7f>OK ||
||3.2 || Can cn=admin access all needed attributes: check ACL. ||<#a0cf7f>yes ||
||3.3 || Create a different cipux-storage-structure.conf ||<#a0cf7f>created ||
||3.4 || Change relevant RDN in this file ou=User -> ou=People ||<#a0cf7f>OK ||
Line 48: Line 48:
||3.6 || create a seperate cipux-storage-access.conf || created ||
||3.7 || change the Tree in this file: || OK ||
||3.8 || change or check the URL in this file || OK ||
||3.6 || create a seperate cipux-storage-access.conf ||<#a0cf7f>created ||
||3.7 || change the Tree in this file: ||<#a0cf7f>OK ||
||3.8 || change or check the URL in this file ||<#a0cf7f>OK ||
Line 53: Line 53:
||4.1 || ... if "id admins" works || OK ||
||4.2 || ... if "id cipadmin" works || OK ||
||4.3 || ... if "cipadmin" is in "admins" group || OK ||
||4.4 || ... if cipadmin can login from console (not terminal) || OK ||
||4.5 || ... if cipadmin can add a windows machines to a domain || OK ||
||4.6 || ... if he can make image (t3) || OK ||
||4.1 || ... if "id admins" works ||<#a0cf7f>OK ||
||4.2 || ... if "id cipadmin" works ||<#a0cf7f>OK ||
||4.3 || ... if "cipadmin" is in "admins" group ||<#a0cf7f>OK ||
||4.4 || ... if cipadmin can login from console (not terminal) ||<#a0cf7f>OK ||
||4.5 || ... if cipadmin can add a windows machines to a domain ||<#a0cf7f>OK ||
||4.6 || ... if he can make image (t3) ||<#a0cf7f>OK ||
Line 61: Line 61:
||5.1 || add samba LDAP configuration cipux-samba.conf ||<#cf7fa0>OK||
||5.2 || add 3 auto calc subs to CipUX::Object::Action::Create ||<#cf7fa0>OK||
||5.10|| Check if ... ||<#cf7fa0>OK||
||5.11|| ... samba user is created, if cipux-samba is installed ||<#cf7fa0>OK||
||5.12|| ... users are indentical to Skole execpt additional
CipUX attr. ||<#cf7fa0>OK||
||5.13|| ... no samba user is creaed, if cipux-samba is not installed ||<#cf7fa0>OK||
||5.14|| ... id <LOGIN> works ||<#cf7fa0>OK||
||5.15||... login with such a user on a windows (within a domain) works ||<#cf7fa0>OK||
||5.1 || add samba LDAP configuration cipux-samba.conf ||<#a0cf7f>OK||
||5.2 || commit cipux-samba.conf to SVN ||<#
cf7fa0>OK||
||5.3 || add 3 auto calc "if" to CipUX::Object::Action::Create ||<#cf7fa0>OK||
||5.4 || commit CipUX::Object::Action::Create to SVN ||<#cf7fa0>OK||
||5.10|| Check if ... ||OK||
||5.11|| ...
samba user is created, if cipux-samba is installed    ||OK||
||5.12|| ... users are indentical to Skole execpt additional CipUX attr. ||OK||
||5.13|| ... no samba user is creaed, if cipux-samba is not installed ||
OK||
||5.14|| ... id <LOGIN> works ||OK||
||5.15||... login with such a user on a windows (within a domain) works ||OK||
Line 70: Line 72:
||6.1 || add samba LDAP configuration cipux-samba.conf (if any) ||<#cf7fa0>OK|| ||6.1 || add samba LDAP configuration cipux-samba.conf (if any) ||<#a0cf7f>OK||
Line 72: Line 74:
||6.3 || TODO? ||<#cf7fa0>OK||
||6.4 || TODO? ||<#cf7fa0>OK||
||6.5 || TODO? ||<#cf7fa0>OK||
||6.10||Check if ... ||<#cf7fa0>OK||
||6.11||... samba group is created if cipux-samba is installed ||<#cf7fa0>OK||
||6.12||... groups are indentical to Skole execpt additional CipUX attr. ||<#cf7fa0>OK||
||6.13||... no samba group is creaed, if cipux-samba is not installed ||<#cf7fa0>OK||
||6.14||... group shows up in PAM ||<#cf7fa0>OK||
||6.15||... if samba group exists, it should be exported to users who are member of this group||<#cf7fa0>OK||
||6.3 || TODO? ||OK||
||6.4 || TODO? ||OK||
||6.5 || TODO? ||OK||
||6.10||Check if ... ||OK||
||6.11||... samba group is created if cipux-samba is installed ||OK||
||6.12||... groups are indentical to Skole execpt additional CipUX attr. ||OK||
||6.13||... no samba group is creaed, if cipux-samba is not installed ||OK||
||6.14||... group shows up in PAM ||OK||
||6.15||... if samba group exists, it should be exported to users who are member of this group||OK||

CipUX Samba

Status of the project:

Name:

cipux-samba

Concept:

ChristianKuelker

Programmers:

AlexejPastuchow

Status:

implentation

Start:

2008-05-22

End:

2008-10-27

Planned-release:

3.4.0

Alpha-release:

-

Beta-release:

-

Stable-release:

-

This task are for Skolelinux/Debian-Edu:

Task

Status

0

Basic infrastructure

partly accomplished

0.1

We use the hole Skolelinux LDAP tree

OK

0.2

Install Skolelinux

installed

0.3

create image (t0) from Skolelinux

link to t0 missing

0.4

Functional test of Skolelinux: Can Clients join domain?

yes

0.5

If yes: create image (t1)

restored

0.6

If yes: restore to image (t0)

yes

0.7

Is t0 OK?

yes

0.8

yes t0 is OK: install packages CipUX

installed

0.9

if t0 OK: create image (t2) from Skolelinux SVN CipUX

link to t2 missing

0.10

Pam should already be configured

OK

1

Admin Group

accomplished

1.1

Exists cn=admins,ou=Group,dc=skole,dc=skolelinux,dc=no?

yes

1.2

If no, create it with LDIF

created

1.3

save the LDIF of that account in SVN

link

2

CAT administrator "cipadmin"

accomplished

2.1

create that account via LWAT with relevant samba attr.

created

2.2

The account has all samba entries

yes

2.3

The account has all CipUX entries

yes

2.4

save LDIF in SVN

link

2.5

add "cipadmin" to "admins" via LDIF

added

2.6

save the LDIF in SVN

link

2.7

"cipadmin" can be used to add win clients to domains

yes

3

Adoption of CipUX installation on Debian-Edu

accomplished

3.1

The trust account for CipUX under DebianEdu is cn=admin,ou=People

OK

3.2

Can cn=admin access all needed attributes: check ACL.

yes

3.3

Create a different cipux-storage-structure.conf

created

3.4

Change relevant RDN in this file ou=User -> ou=People

OK

3.5

save this in SVN as an example for Debian-Edu

link

3.6

create a seperate cipux-storage-access.conf

created

3.7

change the Tree in this file:

OK

3.8

change or check the URL in this file

OK

3.9

save this in SVN as an example for Debian-Edu

link

4

Some PAM tests: check ...

accomplished

4.1

... if "id admins" works

OK

4.2

... if "id cipadmin" works

OK

4.3

... if "cipadmin" is in "admins" group

OK

4.4

... if cipadmin can login from console (not terminal)

OK

4.5

... if cipadmin can add a windows machines to a domain

OK

4.6

... if he can make image (t3)

OK

4.7

save valid machine account as LDIF in SVN

link

5

Samba Users

accomplished

5.1

add samba LDAP configuration cipux-samba.conf

OK

5.2

commit cipux-samba.conf to SVN

OK

5.3

add 3 auto calc "if" to CipUX::Object::Action::Create

OK

5.4

commit CipUX::Object::Action::Create to SVN

OK

5.10

Check if ...

OK

5.11

... samba user is created, if cipux-samba is installed

OK

5.12

... users are indentical to Skole execpt additional CipUX attr.

OK

5.13

... no samba user is creaed, if cipux-samba is not installed

OK

5.14

... id <LOGIN> works

OK

5.15

... login with such a user on a windows (within a domain) works

OK

6

Samba Groups

accomplished

6.1

add samba LDAP configuration cipux-samba.conf (if any)

OK

6.2

find a solution for exporting created groups with samba

OK

6.3

TODO?

OK

6.4

TODO?

OK

6.5

TODO?

OK

6.10

Check if ...

OK

6.11

... samba group is created if cipux-samba is installed

OK

6.12

... groups are indentical to Skole execpt additional CipUX attr.

OK

6.13

... no samba group is creaed, if cipux-samba is not installed

OK

6.14

... group shows up in PAM

OK

6.15

... if samba group exists, it should be exported to users who are member of this group

OK

Todo for Future:

=> Fuer die Zukunft muss ein neues CipUX Object oder eine CipUX Object Erweiterung in den Konfigurations Dateien erstellt werden, mit der man diese Admin Groups anlegen kann. Im Moment koennen wir das hardgecoded lassen.