IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 21 June 2021   (all times are UTC)

04:04adrianorg_ has joined IRC (adrianorg_!~adrianorg@debian/adrianorg)
04:09adrianorg has left IRC (adrianorg!~adrianorg@debian/adrianorg, *.net *.split)
04:47ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
05:30jgee has left IRC (jgee!~jgee@186.80.49.20, Ping timeout: 268 seconds)
07:23vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b, Quit: leaving)
07:55woernie has joined IRC (woernie!~werner@p50867b93.dip0.t-ipconnect.de)
07:59woernie has left IRC (woernie!~werner@p50867b93.dip0.t-ipconnect.de, Ping timeout: 265 seconds)
09:27Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, Remote host closed the connection)
09:32Vercas has joined IRC (Vercas!~Vercas@gateway/tor-sasl/vercas)
11:53shored has left IRC (shored!~shored@user/shored, Ping timeout: 265 seconds)
12:25adrianorg_ is now known as adrianorg
12:56shored has joined IRC (shored!~shored@user/shored)
13:04shored has left IRC (shored!~shored@user/shored, Ping timeout: 250 seconds)
13:04shored1 has joined IRC (shored1!~shored@user/shored)
13:26woernie has joined IRC (woernie!~werner@p5ddec80a.dip0.t-ipconnect.de)
13:57lucas_ has joined IRC (lucas_!~lucascast@177-185-133-236.dynamic.isotelco.net.br)
14:00lucascastro has left IRC (lucascastro!~lucascast@177-185-133-236.dynamic.isotelco.net.br, Ping timeout: 265 seconds)
14:49shored has joined IRC (shored!~shored@user/shored)
14:49shored1 has left IRC (shored1!~shored@user/shored, Ping timeout: 268 seconds)
16:00shored1 has joined IRC (shored1!~shored@user/shored)
16:01shored has left IRC (shored!~shored@user/shored, Ping timeout: 268 seconds)
18:16woernie has left IRC (woernie!~werner@p5ddec80a.dip0.t-ipconnect.de, Remote host closed the connection)
18:17woernie has joined IRC (woernie!~werner@p5ddec80a.dip0.t-ipconnect.de)
18:57lucas_ is now known as lucascastro
19:19woernie has left IRC (woernie!~werner@p5ddec80a.dip0.t-ipconnect.de, Remote host closed the connection)
19:21lucas_ has joined IRC (lucas_!~lucascast@189.90.44.253.jupiter.com.br)
19:22lucascastro has left IRC (lucascastro!~lucascast@177-185-133-236.dynamic.isotelco.net.br, Ping timeout: 258 seconds)
19:31lucas_ has left IRC (lucas_!~lucascast@189.90.44.253.jupiter.com.br, Ping timeout: 265 seconds)
19:35
<muhwalt>
alkisg: how is /etc/group updated on the client? `ltsp image` or `ltsp initrd` ?
19:35
<alkisg>
ltsp initrd
19:35
and reboot
19:35
<muhwalt>
I have an ldap user I want to add to the sudo group, and I'm either being really dumb, or it's not working
19:35
reboot the client, right?
19:36
<alkisg>
Yes
19:36
Does your information come from /etc/group, or from ldap?
19:36
<muhwalt>
I added the user to /etc/group
19:36
<alkisg>
If you're using ldap on the client, there's no need to update /etc/group at all
19:36
<muhwalt>
the user comes from ldap
19:36
<alkisg>
Then /etc/group isn't used
19:36lucascastro has joined IRC (lucascastro!~lucascast@189.90.44.253.jupiter.com.br)
19:37
<alkisg>
On the client, if you run `getent passwd`, do you see your ldap users, or your /etc/passwd only?
19:37
type `getent passwd` and `cat /etc/passwd`, and compare
19:37
Same for `getent group` and `cat /etc/group`
19:37
<muhwalt>
I only see /etc/passwd
19:38
<alkisg>
> On the client, if you run getent passwd, do you see your ldap users, or your /etc/passwd only?
19:38
<muhwalt>
same for getent group
19:38
(but /etc/group)
19:38
<alkisg>
OK
19:38
That means that the client isn't using ldap
19:38
Now do the same on the server
19:38
Is the server using ldap?
19:38
<muhwalt>
it's freeipa... so... kinda ldap?
19:38
lol
19:39
there's ldap in there somewhere, from my understanding of how it works
19:39
<alkisg>
I would imagine sssd-ldap, so yeah
19:39
<muhwalt>
yeah
19:39
it uses sssd, let me check server
19:39
<alkisg>
Can you paste your /etc/pam.d/common-account ?
19:40
Sorry, common-auth
19:42
<muhwalt>
https://termbin.com/smbt
19:42
<alkisg>
There's no ldap nor sssd there
19:43
<muhwalt>
oh sorry, that might be the VM host
19:43
*someone* gave them both the same hostname
19:43
<alkisg>
:D
19:45
<muhwalt>
https://termbin.com/7neb
19:46
<alkisg>
There it is
19:46
On the server, if you run `getent passwd`, do you see different things from `cat /etc/passwd` ?
19:46
(while on the client, you said "NO" to this question, right?)
19:46
<muhwalt>
but yeah, I have an ldap user in the sudo group on the server, shows in /etc/group and works. For some reason the client /etc/group isn't updating
19:47
getent passwd shows only system local users on both client and server
19:48
<alkisg>
If you run `ltsp initrd` and reboot the client, the client /etc/group should then be the same as the server /etc/group
19:48
<muhwalt>
yeah, that's what doesn't seem to be happening
19:48
<alkisg>
Do you see any errors in any step?
19:49
<muhwalt>
just, generated ltsp.img,
19:49
and: -rw-r--r-- 1 root root 155136 Jun 21 15:48 /srv/tftp/ltsp/ltsp.img
19:49
<alkisg>
(you may also unmkinitrd ltsp.img and see the group file in there)
19:49
unmkinitramfs ltsp.img
19:49
<muhwalt>
from /srv/tftp/ltsp?
19:50
<alkisg>
Yeah copy it to some empty dir and run the command inside there
19:50
Then: find . -name group
19:50
I think it goes to /etc/ltsp/group, if I recall correctly
19:51
<muhwalt>
yeah, I see it in there
19:51
odd
19:51
with my changes
19:52
<alkisg>
If the client detects ldap, it doesn't bother with the client /etc/group
19:52
So in that case, an ltsp image / would be required (or some other script to copy it)
19:52
<muhwalt>
I have tried that as well, it still doesn't seem to update
19:52
<alkisg>
Why don't you add the sudo group to ldap, and add the sudoers there?
19:52
With the same gid
19:53
<muhwalt>
That's probably the right way to do it. I'm shoehorning freeipa into existing infrastructure, so have just been a bit hesitant
19:54
and doing it like this worked, so I didn't want to fix it until it was broke ;)
19:54
<alkisg>
Ah I got it. The user doesn't exist when pamltsp merges group, so it removes him
19:54
Back later
19:55
<muhwalt>
👍
19:55
oh, is that offensive in Greece?
19:55
obviously I mean the american version of that :|
19:55shored1 has left IRC (shored1!~shored@user/shored, Ping timeout: 258 seconds)
19:56
<alkisg>
Offensive? Nah, I don't even know which part would be offensive!
19:56
The shoehorning?
19:56
I'd need to google that one :D
19:56
<muhwalt>
Oh, the "thumbs up" emoji
19:56
maybe it didn't come through
19:56
lol
19:56
<alkisg>
oh it's fine
19:57shored has joined IRC (shored!~shored@user/shored)
20:11
<muhwalt>
ok, don't go out of the way for me on any of this. I solved it using FreeIPA's sudoer rules
20:11
so I'm fine :) thanks for looking and helping, though!
20:11
For detail: giving the LTSP server sudoer rules, which included my user, fixed the issue
20:19ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
21:55jgee has joined IRC (jgee!~jgee@186.80.49.20)