[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Getting an edubuntu workstation to log-on to a skolelinux server successfully via LDAP

Hello everyone, and thank you to all who have helped so much already,

I'm forwarding an email I wrote to a tech support person helping me at the end of September.  I seem to be exhausting all possibilities of getting some kind of lab set up in my classroom where students' files are stored on the server.  I asked in the list earlier how to connect an edubuntu workstation to a Skolelinux network.  I forget who, but someone said to search for 'ldap skolelinux edubuntu' on google or something like that.  I did and came up with the following link:

http://omgili.com/mailinglist/debian-edu/lists/debian/org/20071226213504865haraldskolelinuxde.html  Some of it is clear, while other parts are more generic and don't deal with skolelinux specifically.  I can't find anything where it just says exactly how to do this.

Also, I have been working with a person who is with a tech support company, and he was able to have one of his friends who works on the Skolelinux project provide some directions.  I followed the directions and got the edubuntu workstation to recognize the log-in but then the screen would just go black and nothing else.  It would also ask for the password twice. The tech support guy helping me also had the same results, independent from me.  The directions are pasted a little bit below.

I'm just thinking there has to be someone who has set up edubuntu workstations that connect to a skolelinux server suceessfully.  I can follow directions pretty well, but am not able to troubleshoot LDAP connection problems because I don't yet know enough about it (and I teach 8th grade full time so I can't put as much time into this as I would like to).

I have been more successful with getting Ubuntu on individual machines, and I like the way their desktop is organized, but you can only log-in with thin or fat clients (LDAP has to be setup on its own), BUT I think the debian server is far better and has more capabilities out of the box, like LDAP and samba support.  It'd be nice if Edubuntu and Skolelinux got together to really make a powerful system for school computer labs.

Pleae refer to the directions below that the skolelinux guy provided.  Does anyone know if anything is missing from the directions, or anything else that would make an LDAP connection successful from an Edubuntu workstation to Debian Skolelinux Etch?

The directions I received are:

(This is to connect an Edubuntu workstation to a Skolelinux server via LDAP:  Myself and the tech support guy both got the same error where it recognized the log-in, but would ask for the password twice and then stall on a black screen.  Can anyone find an error with the instructions below?)

apt-get install nfs-common ldap-utils libpam-ldap libnss-ldap nscd
>
> echo "tjener:/skole/tjener/home0 /skole/tjener/home0 nfs timeo=14,intr
> 0  0" >> /etc/fstab
>
>
> Then you need to edit a few files (with Ubuntu you need to merge the
> following two or three into /etc/ldap.conf I think):
>
> cat /etc/pam_ldap.conf
> host ldap
> ssl start_tls
> bind_policy soft
> timelimit 1
> bind_timelimit 1
> base ou=People,dc=skole,dc=
skolelinux,dc=no
> ldap_version 3
> pam_filter objectclass=posixAccount
> pam_password exop
>
> cat /etc/libnss-ldap.conf
> host ldap
> base dc=skole,dc=skolelinux,dc=no
> ldap_version 3
> bind_policy soft
> timelimit 1
> bind_timelimit 1
> rootbinddn cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no
> nss_base_passwd ou=People,
> nss_base_group ou=Group,
> nss_base_netgroup ou=Netgroup,
>
> cat /etc/ldap/ldap.conf
> BASE dc=skole,dc=skolelinux,dc=no
> HOST ldap
> TLS_REQCERT never
> TLSCACERT /etc/ldap/ssl/ldap-server-pubkey.pem
>
> cat /etc/nsswitch.conf
> passwd:         files   ldap
> group:          files   ldap
> shadow:         files   ldap
> netgroup:       files   ldap
> automount:      files   ldap
> hosts:          files   dns
> networks:       files
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> cat /etc/security/group.conf
> *; *; *; Al0000-2400; audio,cdrom,floppy,fuse,plugdev,video,scanner
>
> cat /etc/pam.d/common-account
> account sufficient      pam_ldap.so
> account required        pam_unix.so
>
> cat /etc/pam.d/common-auth
> auth    optional        pam_group.so
> auth    sufficient      pam_unix.so shadow nullok_secure
> auth    required        pam_ldap.so use_first_pass
>
> cat /etc/pam.d/common-password
> password        sufficient pam_ldap.so
> password        required   pam_unix.so nullok obscure md5


---------- Forwarded message ----------

I'm attaching a copy of the config files that exist in my ubuntu client where your colleague asked me to modify in order to get the ubuntu client to authenticate to the LDAP server.  I have the Skole Debian etch LDAP server up and running so I didn't need to really modify any of the actual text he provided -- , but I think I may have edited the files incorrectly or something.

So far, the Ubuntu client allows the system to recognize the user on LDAP, but they have to enter the password twice, and then it says the home directory can't be made (but the home directory works fine on the Debian client).  So I don't know why it doesn't work on the Ubuntu client.

I like Ubuntu so much better as far as the desktop and how easy it looks for students (and how their names shows in the top right of the screen) and that firefox is ready out of the box.  So I really want to get Ubuntu clients logged on to my Skole Debian etch server (which is running fine) and everything works fine if I log-on via LDAP with a Debian client.  It's just the Ubuntu clients that are having trouble with the config files attached.

On another note, it looks like they are about to release Skole 5.0 Debian Lenny.  I downloaded the stable full DVD image from

http://ftp.skolelinux.org/

I'm not sure how close to completion it is and I haven't tried installing it yet (I did with the CD image and I got an error) so maybe the DVD will work.  Anyways, attached are the config files for my ubuntu system that I modified according to the directions from your colleage.  I'm sure I messed them up somewhere.   The first two .conf files from your last email were merged into the ldap.conf file as suggested by your colleage.

Also, can you ask him for specific instructions that I need to put in when running

libnss-ldap

I can update this via

sudo dpkg-reconfigure ldap-auth-config

But it asks for some additional information that the skole wiki doesn't fully explain.  In fact, it says 'fix me' on the wiki meaning the explanation needs to be updated.  That might be another source for why I can't log-on with ubuntu w LDAP credentials.

Thanks!

Tim
Reply to: