Comment: add nscd netgroup issue.
improve netgroup caching info.
|Deletions are marked like this.||Additions are marked like this.|
|Line 16:||Line 16:|
|* Mounting of homedirs fails randomly. This is probably due to buggy nscd netgroup caching (DebianBug:791562). As a workaround disable netgroup caching in /etc/nscd.conf and remove /var/cache/nscd/netgroup.||* Mounting of homedirs fails randomly. This is probably due to buggy nscd netgroup caching (DebianBug:791562). As a workaround disable netgroup caching (on tjener) in /etc/nscd.conf and remove /var/cache/nscd/netgroup.|
See also the release notes.
Status of Debian Edu "Jessie"
Most resources moved to git, see SVN2Git Migration Status page - also see bugs tagged with the debian-edu usertagging.
- As the local repo is gone for now and all packages are in Debian proper, use one of these two images:
Changes from Wheezy to Jessie
Known problems we must fix
Mounting of homedirs fails randomly. This is probably due to buggy nscd netgroup caching (791562). As a workaround disable netgroup caching (on tjener) in /etc/nscd.conf and remove /var/cache/nscd/netgroup.
Known problems, we would like to fix
- Upgrade from wheezy should be made easier (related fixes have been committed to d-e-config branch 'upgrade-tmp'):
It takes up to 15 minutes for an updated system hostname to take effect (780461).
The hostname script fails to update LTSP server hostname (783087).
Installations done using the two available images differ in installed packages - though it's not sure whether this is fixable or by design.
Fixed in git, needs upload to unstable
shutdown-at-night fails to shut the system down if gdm is used. This is caused by gdm now running a special gnome-session as greeter (and no longer gdm-simple-greeter). Using xlsclient to tell a greeter gnome-session from a normal gnome-session seems to be impossible. (787566).
Known problems, unlikely to be fixed for jessie
Usability issue: The default browser Iceweasel fail to show files with MIME types text/* (like for example diffs or source code) in the browser, and instead pop up a dialog only offering to save the file or pass it on to an external program (600266). This make it hard for users to look at fairly normal text documents. Chromium show text/* files in the browser.
- USB sticks with some ISO images (like the Debian Edu netinst one) dd'ed to don't work (user doesn't get notified, filemanager doesn't show the stick, fdisk can't access the device due to a possibly wrong partition table). [So this is rather an ISO file problem.]
- slbackup-php: It is not possible to log into the web service using the root password. This is caused by the new sshd configuration: root access with password is now disabled by default. A workaround has been documented in the manual how to get the gui working temporarily.
- SMTP reject email from cron on all other machines, and refuse email from everyone without a kerberos ticket.
The command 'net time' causes a segmentation fault (760781) [fixed in samba-common-bin/4.1.17+dfsg-4 (testing)].
The installer accept weak user passwords for the first user which are rejected by Kerberos and make it impossible to log in after boot. We should extend d-i to allow us to reject passwords kerberos is going to reject. (364526)
Reported problems, not/no longer reproducible
- The source image is 16gb in size. That's probably 12gb too big. We can ignore this as currently all packages are in Jessie proper.
Fixed in unstable (related packages accepted in unstable)
- currently none.
Fixed + done (related packages migrated to jessie)
The build-client-opts preseeding in defaults.thin-client-server breaks PXE installs including profile thin-client-server (781515). Fixes addressing this issue have been committed to d-e-config branch 'ltsp-related' and to d-e-install.
- After upgrade from wheezy squid should be migrated to squid3 (related fixes have been committed to d-e-config branch 'squid-related'):
- Add share/debian-edu-config/tools/migrate-squid-to-squid3.
Adjust cf/cf.squid to run this script (779649).
Unblock request needed for debian-installer-netboot-images to fix PXE installs (782267).
Setting up the LTSP chroot fails, if the netinst or usbstick ISO files are used to set up a combined server in a virtualbox environment (780591). Installation on real hardware using a USB stick (with BD ISO image) works.
shutdown-at-night fails to shut the system down if gdm is used. This is caused by the gdm3 greeter running a gnome-session as user '(unknown)' (775608), pre-approval unblock request (777527).
debian-edu-pxeinstall has to be adjusted to work with debian-installer-8-netboot-* (776763).
The kdm login no longer seem to run the scripts in /etc/X11/Xsession.d/, causing robustness fixes to not be applied in the default setup. This for example causes ~/.xsession-errors to fill up the user disk, no sensible explainatin to show up when the home directory is missing, our desktup-profiles menues (educational overrides) to not take effect, and possibly no ssh-agent to be running. [It seems to be that the scripts in Xsession.d are run, but 09debian-edu-missing-home doesn't work due to changed kdm behaviour (774392).]
The first user created in LDAP can log in, but the second and third can not. Changing "Password Storage" for these in GOSA from default ssha to sha and re-assigning a password helped. See mailing list. [Most probably due to 'dbnosync' set to true in slapd.conf. This should have been fixed at the time the issue was reported, but the fix had been applied to the wrong file in git (slapd-debian-edu.conf instead of slapd-squeeze_debian-edu.conf) (774610).]
- d-e-config 1.816 which contains these changes has been uploaded to unstable and unblocked, waiting for migration to jessie
dovecot no longer creates ssl certificate (772162, 772163). Certificate creation and enabling of ssl is now done using cfengine/shellcommand and according script.
Workstations are not able to NFS mount home0 from the tjener, even if they are in the workstation-hosts netgroup granting access (772342). This is most probably caused by nslcd not daemonizing reliably (759544), which seems to have been due to 755039 (fix is in jessie) in network-manager causing long times (up to about 30 seconds) to raise the network interface. 622394 and 771943 might play a role as well.
New systems don't get the hostname configured in GOsa². This is caused by Network-Manager using a wrong (hardcoded) 'arping' path (755039). As a workaround execute 'update-hostname-from-ip' on the new system.
- *needs confirmation*: the fixed network-manager package has arrived in jessie, so this should be fixed. is it? Yes.
PXE installation ask for mirror, while it should use the same mirror as the server used when it was installed. (770302)
slbackup-php: a configuration file is missing. The default backup server should be 'backup', not 'localhost' (769806).
Workstations (and probably other profiles) have a race condition where autofs starts before the eth0 interface is up. the syslog confirm that dhclient completes after autofs/automount complain in the log that it is unable to reach the LDAP server. This causes user home directories to be unavailable after boot. 769443 Is this systemd related? It seems to have been a problem in the past as well, see: https://bugs.launchpad.net/ubuntu/+source/autofs5/+bug/733914 Maybe network performance plays a role, too. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710490 Workaround in debian-edu-config implemented (dhclient hook sript).
Kerberos/LDAP startup with systemd is unreliable (758992). This seems to affect diskless workstations as well (homedir not mounted).
Duplicate entries in /etc/udev/rules.d/70-persistent-net.rules for the network card on a Thinkpad X200 caused eth0 to be missing when installing a workstation, making it impossible to log in after installation. etckeeper show that the duplicate entry originates from d-i before pre-pkgsel.d. It was present before debian-edu-config was installed by d-i. (765577) Workaround implemented in debian-edu-config (pre-pkgsel script).
Grub ask users to enter /dev/ path to hard drive on a single hard drive machine (712907) (763580), fixed in grub-installer version 1.98, reintroduced on purpose in version 1.99. Workaround implemented in debian-edu-config (pre-pkgsel script).
Usability issue: the KDE file manager fail to play Ogg Theora videos recorded by gtk-recordmydesktop because file report mime type "application/ogg" instead of "video/ogg" (762561). Video players and processors like vlc (762564), gnome-mplayer (762565), mpv (763173), advene (763174) and handbreak (763175) should be updated to list video/ogg as a supported MIME type. The dragonplayer and kaffeine package already support video/ogg.
- The wrong Nagios configuration is used on the server. The autogenerated Nagios configuration do not seem to be enabled.
- Shutdown/reboot of the main server takes longer due to a default setting in squid3 (shutdown_lifetime 30 seconds). [documented in manual]
ssh root login with password is no longer the default: '?PermitRootLogin yes' has been replaced with '?PermitRootLogin without-password'. [documented in manual]
The munin clients do not allow the munin server to talk to them (Denying connection from: ::ffff:10.0.2.1 in /var/log/munin/munin-node.log. This is caused by the systemd service being different from the init.d script (764594).
LTSP no longer installs. Probably due to 765738 affecting i386.
Recently made LDAP entries get lost if the system is rebooted or powered off (764225). As a workaround stop slapd before shutting the system down. [This issue seems to be unreprocubible now. Feedback?]
- debian-edu-artwork: background of gdm3 login screen is not the Debian Edu one.
The Kerberos TGT is valid for 10 hours as it should be. Clicking the key symbol, the krb5-auth-dialog lacks the username; the realm is OK, though (762906).
- The cups management site 'www:631' doesn't work any longer. Remote printer management should be documented. [this issue is gone with cups 1.7.5-7 dropping socket-activation.]
Gosa allow admins to add invalid DNS names in the web interface, and the LDAP to DNS export script gladly pass them on to bind (710362), which break and take down the entire installation when the LDAP server is unknown in DNS. [Seems to be fixed in the gosa version available in jessie, see mail to bug.] ldap2zone will no longer put broken zones into production.
- On LTSP diskless workstations the homedir isn't mounted. This is caused by automounter running and blocking /skole as mountpoint for sshfs. As a workaround (to be able to test things) set RM_SYSTEM_SERVICES=autofs in /opt/ltsp/i386/etc/lts.conf.
- debian-edu-doc.git: the jessie manual is missing.
exim4-config some times fail to install, reporting "Failed to acquire random data (762103). Triggered by a bug in eatmydata, affecting all GnuTLS users. Fixed by disabling eatmydata until a fixed version enter testing.
Automatic proxy configuration fail because WPAD is ignored by the proxy command (644373)
The URL http://wpad/wpad.dat is not understood by apache and give a 404 error. It should hand out /etc/debian-edu/www/wpad.dat instead.
Started on Jessie manual, https://wiki.debian.org/DebianEdu/Documentation/Jessie
- www/sitesummary doesn't work
- Unable to find /usr/bin/rpcinfo
- pxeinstall: Unable to find PXE file /var/lib/tftpboot/pxelinux.0
Installation in Jessie is broken because acl uses bzip2 format (759327 og 759367).
Using virtual box Jessie installation is broken because hw-setup call discover-pkginstall, which hangs (760144).
- Samba/LDAP setup fails due to a failure reading SAMBASID during bootstrap.
- krb5kdc is not running.
- kadmind is not running.
- Kerberos service is not listening on kerberos/udp.
- Kerberos service is not listening on kpasswd/tcp.
- Kerberos service is not listening on kerberos-adm/tcp.
- getent failed to find file group 'students'.
- samba: missing Domain Admins in samba groupmap.
- webcache: squid is not running.
Installation of desktops fail because of a postinst bug in lilypond-doc (758787), triggered by lilypond-doc being recommended by lilypond (653263), a dependency of rosegarden, but the fix fail to propagate to testing because of build failures on powerpc and mips (760794).
Rosegarden is no longer installed. It was removed from the music task as a workaround for a bug in lilypond (758787). When lilypond build on powerpc and mips (760794), rosegarden can be reinserted in the task.
- Installing using desktop=lxde or xfce end up without any display manager enabled, thanks to preseeding shared/default-x-display-manager to kdm while lightdm is installed.
Automatic partitioning fail when reinstalling, because partman refuses to "reuse" swap partition in LVM (757818)
postoffice: postoffice service is not listening on imaps/tcp - (760604 and 760653).
- ldap-client: Not only one PAM module of krb5, ldap and sss is enabled
Installing Thin Client server fails, from ISO because the ISO is not mounted (758500) and from PXE because /proc/ is not mounted (761401).
- pxeinstall is broken due to a typo in debian-edu-pxeinstall.
debian-edu-doc.git: scripts/get_manual is broken, probably due to wiki (show content in raw/docbook layout) changes (762025).
Mostly stuff for Stretch (the release after Jessie)
- make it easier to use another, already existing, directory server, be it LDAP or AD.
- Include FAI to easily install customized machines (Skolelinux RLP and Musterösung BW use Images (why?), can we do something comparable with FAI?
- Make the installer more flexible. Make it possible to choose KDE/GNOME/all educational packages/Debian default. (Waiting several hours installing Tjener+LTSP seems to scare away testers and developers).
- Continue cleanup. What is left back in our d-e-packages that's not needed anymore? Strip down things to the necessary, we are not able to maintain more. What can and should be addressed in Debian?
- Preconfigured LXDE by default as Thin-Client?
- Preconfigured educational desktop (if chosen in the installer).
- Make it possible to choose LTSP chroot arch (i386/amd64)