Differences between revisions 54 and 55
Revision 54 as of 2020-12-24 23:22:47
Size: 7173
Editor: ?WolfgangSchweer
Comment: fixed cups now in unstable
Revision 55 as of 2020-12-25 21:26:49
Size: 7181
Editor: ?WolfgangSchweer
Comment: iPadOS also supports SMB2...
Deletions are marked like this. Additions are marked like this.
Line 14: Line 14:
 * Due to Samba dropping the insecure SMB1 protocol, setting up the main server as NT4-style PDC is no longer possible. Joining systems to the domain now requires a Samba AD DC setup; this isn't compliant with the existing Debian Edu infrastructure (OpenLDAP, MIT Kerberos, GOsa²). The main server is now configured as a Samba 'standalone server' with usershares for non-root users enabled. Connections to a user's home directory and to additional site specific shares (if configured) are possible for devices running Linux, Android, macOS, iOS, Chrome OS or Windows. (Android devices require a file manager with SMB2/SMB3 support, also known as LAN access. [[https://play.google.com/store/apps/details?id=com.lonelycatgames.Xplore&hl=en_US&gl=US|X-plore]] or [[https://www.ghisler.com/android.htm|Total Commander with LAN plugin]] might be a good choice.)  * Due to Samba dropping the insecure SMB1 protocol, setting up the main server as NT4-style PDC is no longer possible. Joining systems to the domain now requires a Samba AD DC setup; this isn't compliant with the existing Debian Edu infrastructure (OpenLDAP, MIT Kerberos, GOsa²). The main server is now configured as a Samba 'standalone server' with usershares for non-root users enabled. Connections to a user's home directory and to additional site specific shares (if configured) are possible for devices running Linux, Android, macOS, iOS, iPadOS, Chrome OS or Windows. (Android devices require a file manager with SMB2/SMB3 support, also known as LAN access. [[https://play.google.com/store/apps/details?id=com.lonelycatgames.Xplore&hl=en_US&gl=US|X-plore]] or [[https://www.ghisler.com/android.htm|Total Commander with LAN plugin]] might be a good choice.)

Debian Edu Installer Logo

Status of Debian Edu "Bullseye"

(development started in July 2019)

Installation

Changes

  • Due to Samba dropping the insecure SMB1 protocol, setting up the main server as NT4-style PDC is no longer possible. Joining systems to the domain now requires a Samba AD DC setup; this isn't compliant with the existing Debian Edu infrastructure (OpenLDAP, MIT Kerberos, GOsa²). The main server is now configured as a Samba 'standalone server' with usershares for non-root users enabled. Connections to a user's home directory and to additional site specific shares (if configured) are possible for devices running Linux, Android, macOS, iOS, iPadOS, Chrome OS or Windows. (Android devices require a file manager with SMB2/SMB3 support, also known as LAN access. X-plore or Total Commander with LAN plugin might be a good choice.)

  • At first boot of a combined server or a separate LTSP server the image for diskless workstation support is generated. This will take quite some time.

Hints

/!\ The ISC DHCP server doesn't work, for a workaround see information about Bug 971275 below.

(!) Instead of the default xfce desktop environment, mate, gnome, lxde, lxqt, cinnamon or kde can be used by editing the kernel desktop parameter (default: desktop=xfce).

Dropping the modules= and desktop= items from the kernel command line completely allows one to use all ISO images for stock Debian installations.

See the Bullseye manual installation chapter how to edit kernel command line parameters.

Installation media

Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places.

(Replace amd64 with i386 if an image is needed for very old 32-bit PCs.)

Download using http

Weekly builds using d-i from buster:

Daily iso-cd builds using d-i from unstable (iso-bd images are not built daily):

Download using rsync

Also recommended to update an already existing image.

  • rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/amd64/iso-cd/debian-edu-testing-amd64-netinst.iso debian-edu-testing-amd64-netinst.iso

    rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/i386/iso-cd/debian-edu-testing-i386-netinst.iso debian-edu-testing-i386-netinst.iso

    rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/amd64/iso-bd/debian-edu-testing-amd64-BD-1.iso debian-edu-testing-amd64-BD-1.iso

    rsync -v --progress cdimage.debian.org::cdimage/weekly-builds/i386/iso-bd/debian-edu-testing-i386-BD-1.iso debian-edu-testing-i386-BD-1.iso

Verify the downloaded image file

Detailed instructions for verifying these images are part of the Debian-CD FAQ.


Known problems we want to fix

  • major manual update due to LTSP and Samba changes, minor one for CUPS.

Known problems that need to be fixed elsewhere

  • The GOsa² web interface is unusable due to smarty3 bug 977604.

  • isc-dhcp-server-ldap: fails to activate the service, see 971275. Downgrading isc-dhcp-server and isc-dhcp-server-ldap to the Buster version can be used as a temporary workaround.

  • libpam-python: porting to python3 needed, see 937234.

  • debian-installer-11-netboot-{amd64,i386} packages do not exist yet.
  • X2Go doesn't register users with utmp/wtmp, see 890517. Remove the killer package (or disable the killer cron job) on the related LTSP server to avoid user sessions to be kicked out.

Known problems we fixed via workarounds, real fix needed elsewhere

  • cups service should start after nslcd service, see 977198. [Fixed in cups 2.3.3op1-4, atm in unstable]

Manual

  • Our documentation could further be improved: eg by proof-reading and improving language+grammar used, by updating outdated entries, etc


Fixed and done

  • add Bullseye artwork Homeworld.
  • GOSa²: deprecated implode() function usage with PHP 7.4 messes up GUI items, see 964600.

  • GOsa²: Fatal error when opening user list, see 941165 (also for a possible workaround).

  • GOSa²: password encryption/decryption broken with PHP 7.4, see 964318.

  • Mail server configuration is broken after Exim upgrade to exim4 4.94
  • major LTSP update in bullseye, see https://lists.debian.org/debian-edu/2019/11/msg00037.html

  • LTSP 19.x: 'ltsp image /' fails to generate usable image, see 946946. For a workaround see the bugreport. [The command stills fails but LTSP 20.x now provides a way to generate the image in case of advanced partitioning.]

  • integrate icingaweb2
  • Xfce is missing a volume control in the panel, see 913610. [Unlikely to be fixed in Buster.]

  • fetch-ldap-cert should have independent conditions for host and LTSP chroot, see 934380.

  • Fix fetch-ldap-cert to improve security, see 931413.

  • Drop obsolete code in d-i/finish-install, see 923675.

  • Fix sudo-ldap configuration, see 929964.

  • Fix LTSP related PXE configuration, see 928756.

  • Fix Firefox NFS related issue, see 930122.

  • Fix krb5 related logging configuration, see 931366.

  • Set LTSP chroot path in /etc/exports file if LTSP server has i386 arch, see 931680.

  • Include the LDAP server certificate in initial LTSP chroot image, see 932828.

  • Provide Debian Edu RootCA certificate for download, see 933183.

  • Fix loss of dynamically allocated v4 IP address, see 933580.