From af83e2531f6e63693b192cb64974b4187fa10cc5 Mon Sep 17 00:00:00 2001 From: HappyBasher Date: Mon, 27 Oct 2025 14:18:53 +0100 Subject: [PATCH 1/7] add libpam-krb5 to package dependencies. --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 77de2f5..80ed873 100644 --- a/debian/control +++ b/debian/control @@ -1,12 +1,12 @@ Source: linuxmuster-linuxclient7 Section: linuxmuster Priority: optional -Maintainer: Dorian Zedler , Andreas Till +Maintainer: Dorian Zedler , Thomas Schmitt Build-Depends: debhelper (>= 5.0.0) Standards-Version: 5.0.0 Package: linuxmuster-linuxclient7 Architecture: all -Depends: python3, python3-ldap, cifs-utils, ldb-tools, bind9-host, ipcalc, hxtools, network-manager, krb5-user, keyutils, samba, sssd, sssd-tools, libsss-sudo, adcli, libpam-sss, sudo, realmd, cups (>= 2.3.0), coreutils +Depends: python3, python3-ldap, cifs-utils, ldb-tools, bind9-host, ipcalc, hxtools, network-manager, krb5-user, libpam-krb5, keyutils, samba, sssd, sssd-tools, libsss-sudo, adcli, libpam-sss, sudo, realmd, cups (>= 2.3.0), coreutils Description: Package for Ubuntu clients to connect to the linuxmuster.net 7 active directory server. Conflicts: linuxmuster-client-adsso, linuxmuster-client-adsso7, ni-lmn-client-adsso From e96637b920ce8c70847fb651850cf9bb62c66345 Mon Sep 17 00:00:00 2001 From: HappyBasher Date: Mon, 27 Oct 2025 14:20:16 +0100 Subject: [PATCH 2/7] add full path of linuxmuster-linuxclient7. --- etc/profile.d/99-linuxmuster-linuxclient7.sh | 2 +- .../linuxmuster-linuxclient7/scripts/executeHookWithEnvFix.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/etc/profile.d/99-linuxmuster-linuxclient7.sh b/etc/profile.d/99-linuxmuster-linuxclient7.sh index 9b025a6..ab5b0f5 100755 --- a/etc/profile.d/99-linuxmuster-linuxclient7.sh +++ b/etc/profile.d/99-linuxmuster-linuxclient7.sh @@ -1,2 +1,2 @@ -scriptDir=$(linuxmuster-linuxclient7 get-constant scriptDir) +scriptDir=$(/usr/sbin/linuxmuster-linuxclient7 get-constant scriptDir) source $scriptDir/executeHookWithEnvFix.sh onLogin \ No newline at end of file diff --git a/usr/share/linuxmuster-linuxclient7/scripts/executeHookWithEnvFix.sh b/usr/share/linuxmuster-linuxclient7/scripts/executeHookWithEnvFix.sh index db35bde..4af1657 100755 --- a/usr/share/linuxmuster-linuxclient7/scripts/executeHookWithEnvFix.sh +++ b/usr/share/linuxmuster-linuxclient7/scripts/executeHookWithEnvFix.sh @@ -1,7 +1,7 @@ # This script calls the desired hook and sources the temporary env # file afterwards to apply environment changes from lmn-export and lmn-unset -scriptDir=$(linuxmuster-linuxclient7 get-constant scriptDir) +scriptDir=$(/usr/sbin/linuxmuster-linuxclient7 get-constant scriptDir) if [ ! -f $scriptDir/$1 ]; then echo "Unknown hook: $1!" @@ -10,7 +10,7 @@ if [ ! -f $scriptDir/$1 ]; then fi export LinuxmusterLinuxclient7EnvFixActive=1 -tmpEnvFile=$(linuxmuster-linuxclient7 get-constant tmpEnvironmentFilePath) +tmpEnvFile=$(/usr/sbin/linuxmuster-linuxclient7 get-constant tmpEnvironmentFilePath) rm -f $tmpEnvFile From aa98701df386a790dec940b0bbbeca677a0f519c Mon Sep 17 00:00:00 2001 From: HappyBasher Date: Mon, 27 Oct 2025 14:21:56 +0100 Subject: [PATCH 3/7] add krb5 to pam configuration. --- .../python3/dist-packages/linuxmusterLinuxclient7/setup.py | 4 ++-- .../linuxmuster-linuxclient7/templates/common-session | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/usr/lib/python3/dist-packages/linuxmusterLinuxclient7/setup.py b/usr/lib/python3/dist-packages/linuxmusterLinuxclient7/setup.py index 85994fe..a8b2ba7 100644 --- a/usr/lib/python3/dist-packages/linuxmusterLinuxclient7/setup.py +++ b/usr/lib/python3/dist-packages/linuxmusterLinuxclient7/setup.py @@ -246,9 +246,9 @@ def _prepareNetworkConfiguration(domain): def _preparePam(): # enable necessary pam modules logging.info('Updating pam configuration ... ') - subprocess.call(['pam-auth-update', '--package', '--enable', 'libpam-mount', 'pwquality', 'sss', '--force']) + subprocess.call(['pam-auth-update', '--package', '--enable', 'krb5', 'libpam-mount', 'pwquality', 'sss', '--force']) ## mkhomedir was injected in template not using pam-auth-update - subprocess.call(['pam-auth-update', '--package', '--remove', 'krb5', 'mkhomedir', '--force']) + subprocess.call(['pam-auth-update', '--package', '--remove', 'mkhomedir', '--force']) return True diff --git a/usr/share/linuxmuster-linuxclient7/templates/common-session b/usr/share/linuxmuster-linuxclient7/templates/common-session index 970624b..95ac488 100644 --- a/usr/share/linuxmuster-linuxclient7/templates/common-session +++ b/usr/share/linuxmuster-linuxclient7/templates/common-session @@ -35,7 +35,8 @@ session required pam_permit.so # See "man pam_umask". session optional pam_umask.so # and here are more per-package modules (the "Additional" block) -session required pam_unix.so -session optional pam_sss.so -session optional pam_systemd.so +session optional pam_krb5.so minimum_uid=1000 +session required pam_unix.so +session optional pam_sss.so +session optional pam_systemd.so # end of pam-auth-update config From 427f99a9dd50a307e91cff8c5f20bfb58f65d865 Mon Sep 17 00:00:00 2001 From: HappyBasher Date: Mon, 27 Oct 2025 14:22:43 +0100 Subject: [PATCH 4/7] extend krb5 configuration. --- .../templates/krb5.conf | 25 ++++++++++++++++--- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/usr/share/linuxmuster-linuxclient7/templates/krb5.conf b/usr/share/linuxmuster-linuxclient7/templates/krb5.conf index 414931f..2f98b4d 100644 --- a/usr/share/linuxmuster-linuxclient7/templates/krb5.conf +++ b/usr/share/linuxmuster-linuxclient7/templates/krb5.conf @@ -4,7 +4,24 @@ # [libdefaults] - default_realm = @@realm@@ - default_ccache_name = FILE:/tmp/krb5cc_%{uid} - ticket_lifetime = 24h - renew_lifetime = 7d + default_realm = @@realm@@ + dns_lookup_realm = false + dns_lookup_kdc = false + default_ccache_name = FILE:/tmp/krb5cc_%{uid} + ticket_lifetime = 24h + renew_lifetime = 7d + udp_preference_limit = 0 + rdns = false + +[realms] + @@realm@@ = { + admin_server = @@serverHostname@@ + kdc = @@serverHostname@@ + } + +[domain_realm] + .@@domain@@ = @@realm@@ + +[logging] + # Log everything to syslog. Default is severity of ERR and facility of AUTH. + default = SYSLOG From 35dea4ad6de1c7df6e447acd4b843e28cb5538e8 Mon Sep 17 00:00:00 2001 From: HappyBasher Date: Mon, 27 Oct 2025 14:23:18 +0100 Subject: [PATCH 5/7] update nsswitch.conf. --- usr/share/linuxmuster-linuxclient7/templates/nsswitch.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/share/linuxmuster-linuxclient7/templates/nsswitch.conf b/usr/share/linuxmuster-linuxclient7/templates/nsswitch.conf index aa7fbdf..7205a55 100644 --- a/usr/share/linuxmuster-linuxclient7/templates/nsswitch.conf +++ b/usr/share/linuxmuster-linuxclient7/templates/nsswitch.conf @@ -3,8 +3,8 @@ # WARNING! All changes to this file will be overwritten by linuxmuster-linuxclient7 setup and upgrade! # -passwd: files systemd sss -group: files systemd sss +passwd: compat sss +group: compat sss shadow: files sss gshadow: files From 04c84d902c68d2af400e97b8544039c67e9cb91c Mon Sep 17 00:00:00 2001 From: HappyBasher Date: Mon, 27 Oct 2025 14:24:00 +0100 Subject: [PATCH 6/7] change security to ads in smb.conf. --- usr/share/linuxmuster-linuxclient7/templates/smb.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/share/linuxmuster-linuxclient7/templates/smb.conf b/usr/share/linuxmuster-linuxclient7/templates/smb.conf index aac5bec..61fd007 100644 --- a/usr/share/linuxmuster-linuxclient7/templates/smb.conf +++ b/usr/share/linuxmuster-linuxclient7/templates/smb.conf @@ -7,6 +7,6 @@ client signing = yes client use spnego = yes kerberos method = secrets and keytab -security = user +security = ads tls verify peer = ca_and_name tls cafile = /var/lib/samba/private/tls/@@domain@@.pem From 55b501760a6c12af502a86d5fd9e4b9fbc5ceba4 Mon Sep 17 00:00:00 2001 From: HappyBasher Date: Mon, 27 Oct 2025 14:26:51 +0100 Subject: [PATCH 7/7] update changelog. --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1b6d478..c9bdce5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +linuxmuster-linuxclient7 (1.1.0) lmn73-testing; urgency=medium + + * implemented debian 13 compatibility. + + -- Thomas Schmitt Fri, 24 Oct 2025 13:21:21 +0200 + linuxmuster-linuxclient7 (1.0.11) lmn73; urgency=medium * Merge pull request #76 from ks98/master, fixes mount problems with Kerberos after cifs-utils update.