8831
Comment: some updates
|
9658
Hint on bypassing the self signed certificate warning in Iceweasel.
|
Deletions are marked like this. | Additions are marked like this. |
Line 42: | Line 42: |
* vegar engen and gisle (apologies in advance for spelling the names wrong) were working on this | * vegar engen and gisle (apologies in advance for spelling the names wrong) were working on this * We need to put a file {{{cert_override.txt}}} in {{{/etc/iceweasel/profile/}}} with the following text: {{{ # PSM Certificate Override Settings file # This is a generated file! Do not edit. www:443 OID.2.16.840.1.101.3.4.2.1 EE:66:F2:DA:0F:DD:A1:DF:6E:99:A3:77:69:D6:02:39:DC:47:BF:B4:3D:61:DE:2F:85:9F:60:86:8F:91:A5:AF MU AAAAAAAAAAAAAAAJAAAAGgDgwHd5q3rzhTAYMRYwFAYDVQQDEw10amVuZXIuaW50 ZXJu backup:443 OID.2.16.840.1.101.3.4.2.1 EE:66:F2:DA:0F:DD:A1:DF:6E:99:A3:77:69:D6:02:39:DC:47:BF:B4:3D:61:DE:2F:85:9F:60:86:8F:91:A5:AF MU AAAAAAAAAAAAAAAJAAAAGgDgwHd5q3rzhTAYMRYwFAYDVQQDEw10amVuZXIuaW50 ZXJu }}} See attachment.<<BR>> When this file exists on a machine where a user starts Iceweasel for the '''first time''' it is copied to the users default profile directory {{{~/.mozilla/firefox/xxxxxxxx.default}}}. |
Contents
Status of the Lenny-based DebianEdu
See also DebianEdu/roadmap (and DebianEdu/Status/Etch). Check the tagged BTS bugs in unstable and testing.
Netinstaller available from rsync -av ftp.skolelinux.no::cd-lenny-test-amd64-i386-powerpc-netinst/debian-edu-amd64-i386-powerpc-NETINST-1.iso .
multiarchdvd available from rsync -av ftp.skolelinux.no::cd-lenny-test-dvd/debian-edu-amd64-i386-DVD-1.iso .
More verbose instructions how to test are available, too.
bugzilla view of issues
Issues which we need to fix for a release
LDAP SSL is broken and thus everything else fails. #1347
LDAP connection refused by ldapvi (to test, use ldapvi -Z -D cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no). The error is "ldap_start_tls_s: Connect error (-11)"
To connect use --ldap-conf option, seems related to TLS_REQCERT option in ldap.conf
Same problem with kdm, from a workstation or ltsp-server: kdm: pam_ldap: ldap_starttls_s: Can't contact LDAP server
Seems like a problem with ldapvi, investigating the source of ldapvi showed that it does not support tls properly (needs check)
Andreas Schockenhoff also commented on this: I think the ldapvi problem is not a debian edu problem because
ldapmodify works without problems.
Can the debian bug #505191 be a reason for this ?
pdnsd needs to be configured and bind kicked out. see: DebianEdu/LdapifyServices
- work in progress
Samba schema in d-e-c is out dated, new attributes required by samba (SambaLDAP)
Choose debian edu profile in text mode debian-edu expert: non-functional #1315
- Bug #508042 closed at 05 April 2005, assumed fixed at version 0.140 of cdebconf, now in unstable. Needs 0.141 as 0.140 introduced a regression. Uploaded to our lenny-test but needs to be included in initrd too.
we need to check if adding machines with lwat is enough to put them in dhcp. #1333 #499707 also see http://wiki.debian.org/DebianEdu/Lwat
Default browser (Iceweasel) refuses to connect to https://www/ by default because it do not like the self signed certificate. #1328
- vegar engen and gisle (apologies in advance for spelling the names wrong) were working on this
We need to put a file cert_override.txt in /etc/iceweasel/profile/ with the following text:
# PSM Certificate Override Settings file # This is a generated file! Do not edit. www:443 OID.2.16.840.1.101.3.4.2.1 EE:66:F2:DA:0F:DD:A1:DF:6E:99:A3:77:69:D6:02:39:DC:47:BF:B4:3D:61:DE:2F:85:9F:60:86:8F:91:A5:AF MU AAAAAAAAAAAAAAAJAAAAGgDgwHd5q3rzhTAYMRYwFAYDVQQDEw10amVuZXIuaW50 ZXJu backup:443 OID.2.16.840.1.101.3.4.2.1 EE:66:F2:DA:0F:DD:A1:DF:6E:99:A3:77:69:D6:02:39:DC:47:BF:B4:3D:61:DE:2F:85:9F:60:86:8F:91:A5:AF MU AAAAAAAAAAAAAAAJAAAAGgDgwHd5q3rzhTAYMRYwFAYDVQQDEw10amVuZXIuaW50 ZXJu
See attachment.
When this file exists on a machine where a user starts Iceweasel for the first time it is copied to the users default profile directory ~/.mozilla/firefox/xxxxxxxx.default.
- PXE install is not enabled when installing from DVD. The d-i pxeinstall images are missing.
- Need to be included on the DVD: either by copying from Debian archive or by creating and updating a package whenever debian-installer in Debian is changed.
Proposed fix implemented by Petter, waiting in NEW. h01ger rejects the idea of depending on binary .debs which dont build from their .dsc packages
- h01ger plans to fix this by copying the tarballs on the DVD directly and making use of them and documenting how to update them
- Need to be included on the DVD: either by copying from Debian archive or by creating and updating a package whenever debian-installer in Debian is changed.
LTSP is not generated when installing over PXE. ltsp-client-builder logs "no CD-ROM found ! Not installing ltsp chroot" needs confirmation if still exists!
- bard aase was working on this
- debian-edu-doc: make get-orig-source fails, so no new versions can be build atm.
before the release, we need to update the release version numbers in svn://trunk/src/build/CD-administrator/CONF-lenny* and in svn://trunk/src/debian-edu-install/version #1329
Issues which we would like to fix for a release
OCS Inventory server is not installed properly, and the client do not automatically know how to connect to the server #1332.
?Browser plugin for multimedia is unable to handle some popular video sites. (pere: FIXED?) (needs list which!)
- The diskless workstation setup should be enabled by default on thin client servers. This is not yet implemented.
- We should switch to consolekit instead of obsolete libpam-foreground. Should be fixed, need verification (pere 2009-03-28).
- Popular flash sites do not work out of the box. (needs list which!)
- Squid disk usage is not dynamically scaled to match the partition size available. Hardcoded to 100 MB in the squid.conf file. Should be 90% of disk space.
- Nagios is not properly configured based on sitesummary data.
Fixed Issues
- installing german standalone installs a belgian kde UI.
Fixed with localization-config >1.03
- LWAT is unable to connet to the LDAP server. Perhaps related to the gnutls issue, or because we use a snake-oil certificate.
Works now. Problem was that the certificate of the ldapserver referenced in ldap.conf (/etc/ldap/ssl...) was not readable by the apache process.
- the profile question is garbled for some languages (eg. german) in the text installer.
Should be fixed with svn-version (needs upload to Debian)
Thin-clients fail to load: "Connection refused" - #1320
the partition sizes generated by the installer are too small, which is worked around by extending partitions during installation, but this lead to fsck on first boot because of a misfeature in online ext3 resizing. a fix is needed to make sure the minimum partition sizes are large enough to avoid resizing during normal installs. #1237
nagios3 - if you upgrade from a previous Debian Edu installation you need to run rm -rf /etc/nagios3/* ; cp -a /etc/nagios2/* /etc/nagios3/ - we need to confirm this actually works in our default setup. #1326
pkgsel failes to install octave cousing a error in the installer, when installing a thin client server profile(perhaps also workstation?) . rerunning the default selected step works. #1330 needs confirmation if still exists!
Installation doesn't find cdrom on SIS5513 IDE-chipset #1339
- drop sugar from expert mode. its not working yet.
exim4-daemon-heavy is missing for mainserver #1343
- installer: tasksel is broken (installing not needed desktop packages) - works (at least in lenny-test)
consolekit is leaking resources, need a oneline patch, http://patch-tracking.debian.net/patch/series/view/consolekit/0.3.0-2/11-unref-dbus-proxy.patch #521651 - this will either go into 5.0.1 or if it doesnt (and only gets into 5.0.2) we can upload a fixed package to our repo. Fixed in 5.0.1 (see bts and p.d.o)
New Features in Lenny
also see http://wiki.debian.org/NewInLenny
we finally have a killer feature !
nagios3 - if you upgrade from a previous Debian Edu installation you need to run rm -rf /etc/nagios3/* ; cp -a /etc/nagios2/* /etc/nagios3/ - and we need to confirm this actually works in our default setup.
- per default all .xsession-errors are truncated automatically or redirected to /dev/null, the user can disable this by creating ~/.xsession-errors-enable
The Barebone profile has been renamed to Minimal, a Sugar profile has been added.
- The name of the LDAP server isn't hardcoded anymore for NSS lookups, instead we use DNS SRV records to find it. PAM still uses the LDAP server name.
http://cdd.alioth.debian.org/edu/tasks/ is a new overview page, what tasks are available in Debian Edu.
- rsyslogd instead of syslogd
- setup PXE environment (for workstations? ltsp servers?) automatically (doesnt work for DVD installs without internet access yet) - only for i386 clients too
- dhcp3 server gets config from LDAP
- to ease installation of Debian Edu on some hardware, we include the following non-free firmwares on our installation media: firmware-bnx2, firmware-iwlwifi, firmware-qlogic. If you know of other useful and distributable firmwares, please let us know.