-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 21 Jan 2012 20:31:28 +0100 Source: debian-edu-config Binary: debian-edu-config debian-edu-config-gosa-netgroups Architecture: source all Version: 1.448 Distribution: unstable Urgency: low Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Petter Reinholdtsen <pere@debian.org> Description: debian-edu-config - Configuration files for Skolelinux systems debian-edu-config-gosa-netgroups - netgroups plugin for GOsa² Closes: 653912 655516 656752 Changes: debian-edu-config (1.448) unstable; urgency=low . [ Petter Reinholdtsen ] * Add forgotten script /usr/share/debian-edu-config/tools/pxe- add firmware to the binary package. Make script more robust. Thanks to Wolfgang Schweer for discovering the problems and proposing fixes. * Move the code inserted by cfengine into the network-manager dispatcher.d hook into its own file, to avoid upgrade problem. The code is used to update the hostname from DNS. Add code in postinst to remove the now obsolete conffile /etc/cfengine/debian-edu/cf.network-manager during upgrades. * Move pre-pkgsel and finish-install code to adjust tasksel and set up network from debian-edu-install to debian-edu-config, to make it easier to change the network configuration, avoid problems with updating the PXE installation and bringing all related configuration into the debian-edu-config package. Add breaks debian-edu-install (<< 1.521) to ensure a new version of the debian-edu-install package is used. * Make sure finish-install script do not exit too early if the entropy gathering job has exited early. * Change default gateway from 10.0.2.1 to 10.0.0.1 and update DNS A and PTR records to reflect this. * Add GOsa netdevices object for the default gateway to make it easier to change its DNS entry from GOsa. * Enable our menu overrides on standalone installations by adding MENUREORDER=true in /etc/debian-edu/config. * Extend the dynamic DHCP range on the thin client network from 200- 253 to 20-243, to handle more thin clients without any configuration. * Remove redundant and non-changable loopbacknet ipNetwork from LDAP. It is already in /etc/network, and hardwired in the kernel. * Add empty directory /etc/skel/.local/share in package as a workaround for kdelibs bug #655243. * Get rid of hardcoded IP addresses in CUPS configuration. Use @LOCAL instead of 10.0.0.0/8 and tjener instead of 10.0.2.2, to make it easier to change IP setup. * Extend the dynamic DHCP range on the backbone network from 10.0.2.100-10.0.3.242 to 10.0.16.20-10.0.31.254 (aka 10.0.16.0/20), to handle more clients without any changes to the configuration. This allow around 4k clients to get IP addresses out of the box. * Add new netgroup cups-queue-autoreenable-hosts used to re-enable stopped CUPS print queues every hour for the members of that group. Uses new tool cups-queue-autoreenable. Make tjener a member by default. * Add new netgroup cups-queue-autoflush-hosts used to get CUPS servers to flush the queue every night. Uses new tool cups-queue-autoflush to call 'cancel -a'. Enable this on the Main-server by default. * Purge network-manager in the LTSP chroot, now that bug #592479 is fixed. * Updated sitesummary2ldapdhcp: - Use the new LDAP subtree for DHCP objects. Report error and continue when failing to create DHCP object. Teach it to create GOsa server objects for new hosts. - Adjust it to search for its LDAP administrator objects instead of hardcoding the DN, and allow any admin user to be used. - Change it to only update by default, and to add new server objects when -a is used. * Add nb translation for the gosa-netgroups module. * Network blocking / exam mode: - Rewrite debian-edu-update-netblock to set new rules using iptables-restore to do this as an atomic operation to get it working on LTSP clients. - Add netgroup netblock-hosts in LDAP to list machines that should activate the network blocking and file group nonetblk used by debian-edu-update-netblock to exclude selected users from network blocking. - Add cron job to consult LDAP every 5 minutes to see if network blocking should be enabled or not. - Add /sbin to PATH in debian-edu-update-netblock to get the script working from cron. - Allow system users nslcd, openldap, xrdp, www-data, avahi, dovecot, statd and daemon full Internet access also when network blocking is in effect, to make sure system services keep working as they should. * Add --previous to msgmerge call in www/Makefile to keep previous strings when updating tranlations. Patch from David Prévot. * Rewrite build rule for the welcome page to use po4a (Closes: #655516). Patch from David Prévot. * Remove obsolete script /usr/share/debian-edu-config/tools/ldap-users.pl. * Make sure all sambaSIDs are bootstrapped using $SAMBASID and fix typo causing duplicate sambaSid. * Add backup testsuite test to detect bug #626884. * Remove closing of file descriptors when starting bind from ldap-debian-edu-install which was introduced to try to solve the problem before we understood the entropy hang. * Adjust www/index.html.en to become valid XHTML. Patch from David Prévot. * Migrate 'localadmin' user from /etc/passwd to the first LDAP user. Make first LDAP user a member of the teachers group to enable the KDE menu overrides. If user-setup-udeb ask for information on the first user on the Main-Server installs, use this information when setting it up the first LDAP user instead of using 'localadmin' as the username. * Add new pwdchange.desktop KDE menu option for networked profiles to make it easier for users to figure out where to change the password (Closes: #653912). Include many translations for the password changing menu entry using patch from Wolfgang Schweer. * Add workaround for #656309 in libpam-krb5 by replacing /usr/share/pam-configs/krb5 with our own version, to get passwd and all tools using it to change the kerberos password. Using PAM to change the password do not change the LDAP and Samba passwords, and should in general be avoided. Call 'pam-auth-update --package' after updating /usr/share/pam-configs/ to activate the change. * Remove the ldap-auth group intended to force users to authenticate using Kerberos. It is not used yet, and probably can't be used for its intended purpose for Squeeze as GOsa uses LDAP bind to authenticate users. * Remove now obsolete traces of super-admin user. . [ Mike Gabriel ] * Additionally to the README.unused-ldifs file all LDAP bootstrap files that are not used in D-E squeeze anymore are marked as obsolete in their file header. * Remove obsolete ldif files (files not LDAP-bootstrapped anymore on main server installation) during package upgrades. * Add global GOsa² ACL to LDAP's BaseDN that disables to manipulate gotoMode, userPassword and faiState via GOsa². Consequences: (a) The Mode and the Actions drop-down menus become inactive (read-only) for server systems. (b) Setting of root accounts on server's gets disabled. (c) FAI is not in use on a D-E network by default. All three functionalities are broken with the D-E version of GOsa² (2.6.11), so it is better to disable those options. * A host within a netgroup should always be represented by two nisNetgroupTriple values, one for (<hostname>,,), one for (<fqdn>,,), as different netgroup clients handle these differently. The GOsa² netgroups plugin also supports this. Fixing this for the netgroups in LDAP bootstrap. * Add main-server (aka tjener) to fsautoresize-hosts netgroup during LDAP bootstrap to enable automatic LVM file system resizing by default. * Set minimum password length to 5 characters (GOsa², Kerberos via policy). For Samba the default is 5, libpam-krb5 also uses 5 by default. * Replace super-admin DN by administrative group DN gosa-admins. Add initial user to this gosa-admins group. * Add Kerberos policy ,,hosts'' on main server installation. * Add gosa-create-host script as possible post-create hook for GOsa² system creation (not activated in GOsa² yet). . * Translation updates: - Updates for Italian debconf templates from Claudio Carboncini. - Updates for French web page from David Prévot. - Updates for Russian web page from Yuri Kozlov (Closes: #656752). Checksums-Sha1: be4f27b3c20ed1729d338c018b0033c07ccb4bf4 1447 debian-edu-config_1.448.dsc 4835cbe78413ed6fe7d63da8295d37f10030ece2 492738 debian-edu-config_1.448.tar.gz 7d7d1eb2a785901bcae4053662f192ca84ed1475 381242 debian-edu-config_1.448_all.deb cf62174fa5f6048c16482a834ba41293ddac8dc8 109180 debian-edu-config-gosa-netgroups_1.448_all.deb Checksums-Sha256: 6dfc38ab449b3efed917614cda257acf209e8aadc05bb64a17a60272eec974d4 1447 debian-edu-config_1.448.dsc 0283eb9175ae98a2acd4116132cc38b2b6c07a5e9fb726693a80551a8d92632a 492738 debian-edu-config_1.448.tar.gz 492cad00306f1e21dff61dbee333b905569247bd21eb7733b08557a73bf61141 381242 debian-edu-config_1.448_all.deb eaa7f45707fdac27d7b6b7e1be33f1542f3044598e7b1090648c353a1fc9a0f9 109180 debian-edu-config-gosa-netgroups_1.448_all.deb Files: 85c3388216ffb8528549ebfa631109f8 1447 misc extra debian-edu-config_1.448.dsc 592947589813cd81f72c743ba3f35a5a 492738 misc extra debian-edu-config_1.448.tar.gz 778e379660e8c6c1b7aaace3cedc01a8 381242 misc extra debian-edu-config_1.448_all.deb 9854ed08db59e2f32c9f81a36fe1198c 109180 misc extra debian-edu-config-gosa-netgroups_1.448_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iD4DBQFPGxOe20zMSyow1ykRAtEtAKCPPqHc6c59gbEDE8eHj/HPeDpJggCXSE7B evfieoSkGGE4S0uobuwN6g== =Xca0 -----END PGP SIGNATURE----- Accepted: debian-edu-config-gosa-netgroups_1.448_all.deb to main/d/debian-edu-config/debian-edu-config-gosa-netgroups_1.448_all.deb debian-edu-config_1.448.dsc to main/d/debian-edu-config/debian-edu-config_1.448.dsc debian-edu-config_1.448.tar.gz to main/d/debian-edu-config/debian-edu-config_1.448.tar.gz debian-edu-config_1.448_all.deb to main/d/debian-edu-config/debian-edu-config_1.448_all.deb
