Re: Bug#929964: debian-edu-config: sudo fails on LTSP clients
On Tue, Jun 04, 2019 at 03:07:23PM +0200, Petter Reinholdtsen wrote: > [Wolfgang Schweer] > > During a recent test I noticed that sudo is unusable on LTSP clients. > > The LDAP server connection can't be established. > > > > While the related configuration (/etc/sudo-ldap.conf) is ok on the > > server, the LDAP URI needs to be set explicitly for clients. > > Why do the LTSP clients need this, if the non-LTSP clients do not? I haven't checked it for normal workstations, but suspect it to be needed also there (the fix will take effect on all networked machines). > Perhaps it is time to switch all clients to sssd? Yes, I guess this should be done for Bullseye. Wolfgang signature.asc Description: PGP signature
Bug#929964: debian-edu-config: sudo fails on LTSP clients
>Perhaps it is time to switch all clients to sssd? Oh yes, please... Happy to put that on my list of all the tests to do in Hamburg ;). -nik
Bug#929964: debian-edu-config: sudo fails on LTSP clients
[Wolfgang Schweer] > During a recent test I noticed that sudo is unusable on LTSP clients. > The LDAP server connection can't be established. > > While the related configuration (/etc/sudo-ldap.conf) is ok on the > server, the LDAP URI needs to be set explicitly for clients. Why do the LTSP clients need this, if the non-LTSP clients do not? Perhaps it is time to switch all clients to sssd? -- Vennlig hilsen Petter Reinholdtsen
Bug#929964: debian-edu-config: sudo fails on LTSP clients
Package: debian-edu-config Version: 2.10.65 Severity: important During a recent test I noticed that sudo is unusable on LTSP clients. The LDAP server connection can't be established. While the related configuration (/etc/sudo-ldap.conf) is ok on the server, the LDAP URI needs to be set explicitly for clients. This change fixes the bug: diff --git a/share/debian-edu-config/sudo-ldap.conf b/share/debian-edu-config/sudo-ldap.conf index ac038081..c78a1cba 100644 --- a/share/debian-edu-config/sudo-ldap.conf +++ b/share/debian-edu-config/sudo-ldap.conf @@ -2,4 +2,5 @@ # Debian Edu specific setting needed in addition to those in /etc/nslcd.conf # Providing this file allows one to leave /etc/ldap/ldap.conf untouched. # +uri ldap://ldap.intern sudoers_base ou=sudoers,dc=skole,dc=skolelinux,dc=no I've verified that this change is also valid on the server; it's just a duplicate of the related entry in /etc/nslcd.conf. Wolfgang signature.asc Description: PGP signature