]> 23 May 2003 VibekeBraaten ChristianJuell Tor HaraldNordnes TrulsTeigen 2002, 2003 Vibeke Braaten, Christian Juell, Tor Harald Nordnes and Truls Teigen Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License. The document has subsequently been revised by, among others, Klaus Ade Johnstad, Petter Reinholdtsen and Harald Thingelstad. A voluntary communal effort was started in the summer of 2001 to make free software available for schools. This collaborative project has a twofold objective. On the one hand, the project aims at reducing the schools' software budgets. On the other, the project will offer software which meets the official requirements for electronic tools in Norwegian schools. The project leader and pioneer for Skolelinux is Knut Yrvin. About 30 other computer savvy persons have, without compensation, used their spare time to develop free software in order to create a Skolelinux distribution. Things needing adjustment include language so that all programs are in Bokmaal, Nynorsk and Sami , technical issues, and setup configuration to ensure the proper working of applications and services. It should be obvious from the name Skolelinux (Linux for Schools) that the software is based on Linux, which is open source or free software. This makes it possible for users and developers to modify and re-publish the source code. Such open licenses also makes it possible to translate applications to any desired language, as well as tailor the distribution to the needs of schools. The suite of programs consists of user software for workstations, services and server software. The expression ``server'' is often used in this connection. The collection of applications and services will be put together according to what is needed in order to offer pupils the electronic tools they require, and what is needed to run a network in an efficient manner. The Skolelinux project is not aimed at competing with other suppliers in the market, but will be a solid and cheap alternative to current systems. It achieves this in part because Linux will function on hardware old enough to not support other up-to-date systems. Linux is cost effective, both with regard to hardware requirements and the cost of software. Computer software changes rapidly, and pupils should be able to handle the software they will encounter in school and at work for many years to come. Therefore, it is important for the pupils to become able to make use of electronic tools in general, not just learn recepies for handling specific applications by heart. Large sections of the IT industry now agrees that open software such as Linux will form a common foundation for the majority of the tools that are used. There's simply a limit to how many times one will agree to pay for the very same basic tools that one has been using for years. It thus seems fairly certain that pupils will reencounter free, recyclable software at later points in their lives. The Skolelinux distribution also meets the requirements of the Norwegian Fiberskolen (fiber networks in schools) project, which aims to give all schools access to broadband networks. This book has been made specifically by the Skolelinux project to assist the system administrator.It should be of help in getting to know various packages and services included in the software suite. Knowing what the different parts are, and where they are, simplifies administration, maintenance and securing of the system. This book requires no more than basic knowledge of computers, i.e. the reader should have some experience using a computer, and know the difference between a mouse and a keyboard. As all applications and services are new to most people, we will take you carefully through a test installation. This is followed by a description of software packages that are worth knowing about, particularly on the server side. This book is meant to be a howto for getting started with the installation and configuration of the Skolelinux distribution. It also deals with how to administer and maintain the system. First and foremost, it is an introduction to Skolelinux which will help a system administrator in the initial phase. We have chosen to divide the book into two parts: Installation and configuration System Overview It is very important for this book to be written in an understandable manner, so that the switch from other systems will be as smooth as possible. If there is any information here that you feel is unclear, or which is missing from the book, please contact us at linuxiskolen@skolelinux.no, and we will look into it. You can choose different profiles while installation. We describe here, how to install the skolelinux main server. The central network services run on the main server. This computer can be located anywhere, for example in the basement. The services that are usually run on the main server include DNS, DHCP, CUPS, user files via NFS, and the user data via LDAP. Requirements: Hard disk space: 3 GB for the basic installation plus enough space for the user's files (for example XXX MB for each user). The computer should be able to boot from the CD-Rom. If this is not possible you will need to have a Skolelinux floppy boot disk. Check the BIOS boot sequence settings. If necessary change the settings so that the BIOS will boot from the CD-ROM first. If the BIOS does not allow the computer to boot from the CD-ROM drive, you will need to obtain or make a set of Skolelinux boot floppies (2 floppy disks). Put the current Skolelinuc installation CD-ROM in the CD drive and boot the computer. The computer will then boot into the Skolelinux installation program. Choose a Language Use the keys "arrow up" or "arrow down" to choose the line with your language. Use 'Enter' to accept the choice and to move on to the next step. You can observe the Skolelinux installer files being loaded. Choose the "Skolelinux Profile" Read the Explanation of the Skolelinux Profile choices Read the Explanation of the Skolelinux Profile choices "Continue" with 'Enter' Choose the profile Main server With "arrow up" or "arrow down" mark your choice, with the space key choose (place an "x" before) your profile, for example [x] Main-Server "Continue" with 'Enter' You can observe the kernel modules being loaded. Choose to "Automatically partition hard drives" Here you have two choices. Yes will automatically partition the hard disk. No will allow you to manually chose the sizes for the variouis partitions. BE VERY CAREFUL. Choosing "Yes", the automatic method, will delete EVERYTHING that is on your hard disk. Before choosing "Yes" be sure that there is no necessary data on the hard disk. The simple choice is "Yes" 'Enter' The hard disk will now be partitioned and Skolelinux files will be copied to and installed onto the hard disk. This will take some time. You can now "Finish the installation and reboot" The CD will be ejected and the computer will need to be rebooted. Be sure that all cd's and floppy's have been removed from the computer before the reboot takes place. Continue with 'Enter' Before the reboot takes place, enter the BIOS and change the boot sequence so that the comupter will boot from the hard disk first. Then continue the boot process. Password Setup Please read the information about password setup ver carefully. Before you enter the root account's password you should be careful to define a useful and secure password. (Currently it is difficult to change this password.) This password allows full access to the server including LDAP access. Continue with 'Enter' Enter the root password. Repeat the password to verify it. Additional program packages need to be installed and the system needs to be configured. "Configuring" the system Return the Skolelinux installation CD-ROM to the cd drive. 'Enter' to continue. Additional program packages will now be automatically installed and configured. This may take a long time. After the packages are in stalled the CD-ROM will be ejected. The basic installation of Skolelinux is now finished. You will now be presented with the login prompt "login" and can login as root with the root password. FIXME FIXME FIXME FIXME The objective of this chapter is to provide a step-by-step description of how a test installation of Skolelinux should be carried out, so that you, the system administrator, will encounter as few problems as possible. The installation itself is constructed along a cake model, where each slice of the cake is a part of the complete test system. Each slice is made up of smaller parts, an each part is described in detail. When all the slices are put together, a complete cake emerges, and we have reached our goal of having a functioning and user-friendly system. Before we start out making the cake, it is important that we have all necessary ingredients. Without these, it will be hard to follow the recipe. The main ingredients are: 1 Server computer 2 Thin client computers 1 Workstation computer 1 Printer 1 HUB or switch 5 Network cables one twisted pair crosslink cable (tp) Twisted Pair. The wires in the cable are twisted together in pairs in order to dampen the noise from other electrical equipment. for debugging 1 Existing connection to the internet (and possiby other networks). 1 Skolelinux distribution There are three different types of computers on this list. The reason for this is that they have different hardware specifications, with regard to CPU speed, memory size and type of harddrive. The server should be a relatively powerful machine, exactly _how_ powerful depends on exactly what tasks it is actually meant to fulfill. In this case the server computer will be used as a thin client server, so the specifications depend on how many thin clients it will be serving. The workstation does not need to be as powerful as the Thinclient Server. But it should have sufficient capacity, as all processing is done locally on this computer, just like on an ordinary PC. The thin clients have even less need for power, as they will exploit the server's memory (RAM) and storage capacity (harddrive). For the network which takes care of the communication between the machines, network cables are needed, as well as a hub or router. Hubs and routers are traffic controllers that make sure more than two machines can stay in touch with each other. There is also a need for a connection to the internet and any other outside networks that are to be used. This could be through an ISDN router, and ADSL router, a fixed broadband connection etc. We would like to say something about minumum specifications for the various computers and other equipment. Also known as ``hardware'' . In general, it pays to use better equipment than what is specified as the minimum requirements for a test installation. If we focus on the computers, they should all have pci/agp type video card pci type network card floppy disk drive , monitor Keyboard and mouse In addition, the thin client server computer has to have two network cards, preferably two different ones. Minmum requirements for a thin client server serving up to 4 thin clients are: Processor: 300MHz, Memory (RAM) : 256 MiB Harddrive: 2 GiB + 2 times the amount of RAM CD-ROM If more than 4 thin clients are to be served, the computer must be upgraded. A workstation should at least have: Processor: 150 MHz Memory: 64 MiB CD-ROM Minimum requirements for a thin client machine: Processor: 80 MHz Memory: 24 MiB pci/agp type video card is not necessary An isa type network card is ok (but NOT recommended!), e.g. 3com509 The minimum specifications for a HUB are: Speed: 10 Mb/s Ports: 4 Now that we have been through the computer requirements, what remains is the printer, network cables and existing connections. The printer should be a normal printer, the network cables should fit the network cards and the HUB. We assume there is an existing network at the site, which the system should be tested against. We are now done with the requirements for conducting a test installation of the Skolelinux distribution, and will proceed to the installation itself. The first slice of this cake of ours is to get Skolelinux installed on a server for the thin clients. The requirements listed above represent the absolute lower limit for hardware to be able to run the Skolelinux server. It really pays to use a machine with somewhat better specifications, to avoid capacity problems. And if the thin clients and the server are to have internet access, the server must have two network cards. Before you start installing, you connect the cable from the existing network to the upper of the two network cards. It is also important to remember that the installation is going to ERASE everything on your harddrive, so if there's anything there you'd like to keep, now is the last time to make a backup of your data. Start the computer and enter the Basic Input Output System, BIOS. Instructions on how to enter BIOS are displayed on your screen just after booting. The command for this varies between suppliers, but the most common ones use the DELETE,F1 or F2 keys. A standard message is: 'To enter setup press: 'F1' Now that you are in the BIOS, you must set the computer's BOOT sequence to start from CD-ROM. Then you save your changes and end the BIOS setup. If you are not able to start the machine from the CD-ROM player, you will have to use floppy disks. There are different floppies, depending on the reasonn you cannot start the installation directly from CD-ROM. You find them on the Skolelinux CD in the install-directory. There you will also find the program rawrite2.exe, which you need to make these floppy disks from an MS Windows machine. Make a start floppy from the file sbm.bin. On a linux/unix computer you do the following as root: dd if=/cdrom/install/sbm.bin of=/dev/fd0 'enter' On an MS Windows machine you doubleclick on rawrite2.exe, and type sbm.bin 'enter' and then a: 'enter'. You can start the installation from this floppy disk . Later, when installing the packages, you will have access to the Skolelinux CD. In this case, you need to make two floppies,root.bin and rescue.bin. You can find these files in the same place as mentioned in section , and you make them in the same way, too. The procedure for installing this way is to start out with root.bin, and then follow the instructions on the screen. After the BIOS is correctly configured, you can insert the CD in the machine and restart it. Now the installation process begin. There are two questions you have to decide on during the installation: What language will be the standard for the users of the computer, and what the function of the machine will be. There are four function options: Server LTSP-server (thin client server) Workstation Standalone for home use All of these may be combined, but there shall only be _one_ server on a network in a Skolelinux installation. Follow the instructions on the screen. Remember that you will be installing a thin client server on the machine, so that you may connect thin clients to it later. We will go through what is to be done step-by-step. What should be at the top of the menu field is indicated in bold. how the Skolelinux CD should be installed. The description here may deviate somewhat from your experience, depending on the make of your computer. In the following guidelines, the first part consist of a point in the text at the top of the screen. The next parts are the choices we have inserted in sequence. Comments to aid the readers has been added in parentheses. First part of the installation (debian-installer) Boot from CD. Push [enter] at the 'boot:' prompt, and wait for a menu with two options to appear. Select the locale for the language and region you whish to use as standard. Select what package profiles should be installed on the computer.The chosen package profiles are marked (selected). The choice of profile controls the partitioning and installation of packages. Answer 'yes' ([enter]) to the question of whether it is OK to lose all data on the harddrive. This choice will _REMOVE ALL DATA ON ALL HARDDRIVES ON THE MACHINE_!! Answer 'no' if you are not prepared to lose all data on the computer's harddrives. Answer 'Continue' when asked to remove the CD and prepare the machine for boot from hard disk. Second part of the installation (base-config) Fix any BIOS setups so that the machine boots from the harddrive. Read and understand the information regarding root password (system administrator's password).Enter desired root password twice. Follow the request to replace the CD that was removed for boot from CD, and push [enter]. Wait for information that the installation was successful, alternatively first a message that some things went wrong, followed by the confirmation that the installation was successful. Push [enter] to proceed. The installation should now be finished, and everything set up to work out-of-the-box. Log in as 'root' (system administrator), and enter the password you gave during installation. If the graphical login is not displayed, it can be started by entering /etc/init.d/kdm restart at the command prompt (followed by [enter]). If the monitor is not able to synchronize, you are returned to the text based shell. Try changing the X configuration by writing dpkg-reconfigure xserver-xfree86. Webmin is used for administering and setting up the computer. This is the tool used for adjusting network functionality, keeping track of users and a host of other tasks. Now we are going to connect to Webmin for the first time, take a peek at it, and add a few new users for the test installation. Further used of Webmin and creation of many users, e.g. a set of classes, will be described later. Warning: The root user account, which was created during installation, is the only user that is capable of modifying all of the system. This entails the power of doing whatever you want, but also brings with it great responsibility. When you're working as root, you could very well inadvertently destroy the whole system through an oversight, and it's hardly ever possible to easily restore everything from the wastebasket. This is one of the reasons we are starting out on a test installation, things may go wrong without great losses. In any case, it is very important that one: Never log in as root unless absolutely necessary, and not stay logged in any longer than what is required. Always think twice before doing anything while logged in as root. Never leave the computer while logged in as root. You do not want random passers-by to have that much power over your computer. All services on a machine that others need access to over the network work perfectly fine without anyone being logged into the machine at all. Note: All services on a machine that other need to use over the network is working fine even if no one is logged into the machine. Let me give you a real life example: No reason for worry if this is not clear at this stage. You should have a foundation for understanding what is happening towards the end of the book, so ignore the details if this is totally new. One day, as I was about to clean up a directory tree, I thought I'd remove all hidden files and directories. Hidden files and catalogs in a linux system have file names beginning with a full stop (.). Examples include .bashrc and .openoffice. As in other systems, . is the name of the present directory, and .. is the name of the parent directory in the tree. At the command prompt, I wrote rm -r .* What I forgot, was that this command not only removes what I intended to remove, but in additon removes all other files on the computer. If I had been logged in as root, I would have deleted the whole system, but fortunately, I was not. I did not have permission to delete all files on the system, which I was very happy about then and there. Nothing of consequence happened. To repeat: You should never log in as root unless absolutely necessary, and not stay logged in any longer than what is required. Always think twice before doing anything while logged in as root. Never leave the computer while logged in as root. You do not want random passers-by to have that much power over your computer. That being said, there are limits to the amount of damage you can cause through Webmin. It is not my intention here to frighten you from doing necessary work as root. The point is to not do anything without thinking first. Even walking along a regular country road is dangerous if you're not paying attention. You need to know the traffic rules to be safe in traffic. To connect to Webmin, you must open a webbrowser, e.g. Mozilla, Opera, Netscape or Konqueror. After starting a webbrowser, go to the address field and type or You will now see a login screen for Webmin. Enter the user name and password for the administrator for this computer. The user name is root, and the password is the one you gave at the start of the Skolelinux installation. If you have entered the right user name and password, you have now entered Webmin. See the section on webmin and creating of users below. If you have been following the instructions so far, you have now installed the machine profile thin client server on the computer. We are now going to add another slice of the cake, by setting up a small network of thin clients. First, we'll give an explanation of what thin clients are and how they function,followed by some instructions on what information is available and where to find it. Finally, we'll walk you through setting up two thin clients against the thin client server. For the user, a thin client functions like a workstation. The difference is that it gets its operating system and user applications from another computer, the thin client server. With this system, old hardware can be given a lease of life. In chapter on page there is a description of what is required for a thin client and for a thin client server. The configuration of thin clients is automated, but a system administrator must still do some configuration. To be able to use a machine as a thin client, we have to know some basic facts: The boot floppies that the terminal clients will use have to be adapted to the network card inside them. We therefore have to know which type of network card is in the client. As the manufacturer and label of a network card quite often is independant of the basic electronics, or chipset, it is important to note that it is the latter we are really after. Each network card comes with a unique number from the manufacturer, a so-called MAC-address, which the terminal server uses in order to recognize the computer at boot time. The MAC-address consists of six pairs of characters, separated by colons. Each terminal (thin client) will get a slightly different setting during boot, and the terminal server needs to know which machine should have which settings. It is important that the server be able to distinguish between the clients, and this is what the MAC-addresses are used for. The simplest and safest way to find the necessary information, is when there is already an operating system installed on the machine. The method used depends on the operating system in question. Linux   Networkcard: Type the command 'lspci' in a terminal window. (you must be logged in as root to do this). Among the information displayed on the screen, you'll find something like '00:0a.0 Ethernet controller: Winbond Electronics Corp W89C940'. In this example, 'Winbond Electronics Corp W89C940' is the specification for the network card on the computer. MSwindows 9x   Networkcard: Click 'Start', then 'Settings' and finally 'Control panel'. Under 'Network' or 'System' in the control panel you'll normally find the specifications for the network card. If you cannot find anything useful here, MSwindows NT/2000   Networkcard: Click 'Start', then 'Settings' and finally 'Control panel' Under 'Network' or 'System' in the control panel you'll normally find the specifications for the network card. The network card MAC address will appear on the display when you boot using the boot floppy disk which you will be making in section . If you use the right boot floppy, you will see something like this: 00:20:AF:9F:06:DC This is called hexadecimal numbers, numbers in the base 16 number system. . Now we have all the information we need, and can begin to create the start up floppy for the terminal client. What is needed here may be downloaded from Click to the last release, 5.0.7, select NIC/ROM suitable for the network card you have on the clients. In the example, I had 'Winbond Electronics Corp W89C940', and recognize this as 'Winbond 940'. Now download 'Floppy Bootable ROM Image' to a local directory, e.g. 'tmp'. The downloaded 'Floppy Bootable ROM Image' must now be copied to a floppy disk, like this: Linux: Type cat /tmp/eb-5.0.7-winbond940.lzdsk ' /dev/fd0/ in a terminal console. Windows 9x/NT/2000: Use the program 'RaWrite' to put the 'Floppy Bootable ROM Image' on the floppy, follow the instructions for making floppy disks as in section . The thin client server must have two network cards. One(eth0) will be connected to an existing network, and the second (eth1) will be connected to the thin clients. Connect a network cable from the second network card (eth1) in the thin client server and to a HUB. Then, use another network cables to connect the desired thin clients to the same HUB. We'll first deal with the physical connection between the thin client and the thin client server. Finally, we'll look at the necessary configuration for enabling the thin client to talk to the server. Make sure all the network cables are well connected, then put the floppy disk in the thin client. Open Webmin, 'https://127.0.0.1:10000' and log in as root. Click 'Server' and 'DHCP Server'. Then click ltsp10', which is the first thin client. Here, type the MAC address in the field 'Hardware Address' and click 'Save' at the bottom of the page. In order for the DHCP server to catch the latest changes, you have to restart the services. At the bottom of the main page for 'DHCP Server' there is a 'Start Server' button. Click on this, and you're done. Put the boot floppy in the and start the machine. As long as a PCI or AGP video card is used, these will be recognized and automatically configured. If the thin client does not boot from the floppy, you've got the wrong driver for the network card. Return to section and go through the instructions there again. /etc/dhcpd.conf /etc/ltsp/lts.conf this file is a link to /opt/ltsp/i386/etc/lts.conf, it does not matter which one you edit. You must fill in all fields for the appropriate thin client (ltspXX) concerning option128 and option129. You do this in Webmin by first clicking the relevant ltspXX, then on 'edit'. As root on the thin client server, you can type the following in a terminal console tail -f /var/log/syslog You will then see what is written to the log files. Here you'll be able to get detailed information on any errors that occur, like for instance: dhcpd-2.2.x: Multiple interfaces match the same subnet: eth0 eth1 dhcpd-2.2.x: Multiple interfaces match the same shared network: eth0 eth1 This error message says that you have an IP number conflict between the two network cards on the thin client server. You may also see things like dhcpd-2.2.x: no free leases on subnet TYNNKLIENTER dhcpd-2.2.x: DHCPDISCOVER from 00:08:a1:25:68:7f via eth1 This is an indication that you have either forgotten to enter the thin client's MAC address, or it has been entered incorrectly. Have a look at. If you get a message like this, and nothing happens for several minutes, it means the thin client cannot establish a connection to the thin client server. This may be because you have not connected the cables properly, or that the DHCP server didn't start. Check if DHCP has started by typing the command ps auxw | grep dhcpd you should then see two lines ending in .........../usr/sbin/dhcpd ..........grep dhcpd This indicates that you have chosen the wrong boot floppy from A configuration of thin clients and servers has a huge number of potential error sources. These include network interface cards that are not working, broken network cables, network cards that are not properly configured, faulty ports on the hub/switch etc. Using a TP crosslink cable, we are able to connect a thin client directly to the thin client server, without going through a hub/switch. This will eliminate some potential sources of error. This can be very useful if we are not sure which of the cards in the thin client server functions as eth0 and eth1. In this case, it is easy to test both cards using a TP crosslink cable. By using just one cable, we reduce the likelihood of the most common source of error, i.e. forgetting to connect a cable, or connecting to the wrong place. And now for the last slice of cake, the printer. We have chosen to make use of a system called Common Unix Printing Protocol, CUPS. CUPS is a network printer solution which meets today's requirements. It is based on IPP (Internet Printing Protocol), i.e. all communication between printer and user is through the network, just as for webpages. Whether you are printing from somewhere different from where the printer is located is of no importance. The system keeps track of the users, and it is not possible for other users to log into the system or print documents. To enter the CUPS administration tools, you first have to open a web browser such as Opera, Mozilla or Konqueror. Then type the following in the address field: http://localhost:631 alternatively http://127.0.0.1:631. You will then see a web interface to CUPS. In order to get CUPS to work, the correct printer must be set up. Select Do administration tasks, and enter root as user name and the root password for the computer. In the administration page there are three main options. You may add classes, inspect the printer queue, and add printers. We will not get into this in great detail, but just provide a quick howto on getting the printer to function. More in-depth explanation of CUPS can be found in chapter on page . To add a printer, select add printer. You will then see the following screen: Name: 'short name for the printer' Location: 'where the printer is' Description: 'more complete description of the printer' Enter a short name for the printer, its location, and an optional description. It's important to give the printer a name and a description that everyone can understand, to make it easy for the users to recognize it no matter where they are on the network. Thereafter, click on the continue button. If you get an error message, you will be told that the names may only contain letters, numbers and the underline character ( _ ). The next screen asks you to enter the unit that the printer will be communicating with. Examples: Parallell port USB port Network Then you have to pick the printer from a list which is presented at the end. If all the information has been entered correctly, this should now be working. Click on the printer you have set up. You will then be presented with alternatives such as ``print test page'', ``Stop printer'', ``accept jobs'', ``modify printer'', ``Configure printer'', and ``Delete printer''. To test if everything is working, you can click on ``print test page''. If things are working, the printer will now create a test page. If not, you have to select modify printer, and make necessary changes. You can also select configure printer to make detailed adjustments to the configuration. Print some text and a picture, and see how it turns out. Make adjustments ad lib! Now we have a test network set up, and it is time to charge ahead using the administrative tools. This is important in order to get a better understanding of the system. Skolelinux has choosen the tools cfengine, webmin and CUPS. cfengine: Is used during Skolelinux install. If you are in the mood for some really advanced stuff, cfengine may also be used to control the configuration of several machines from one place. webmin: Lets you control the configuration of the machine from a webbrowser cups: Printer configuration Webmin is an administrative tool with a web interface aimed at making administrative tasks secure and simple. Even though it is built to be easy to use, it can handle almost all kinds of configurations. There is a large number of options, and Webmin may appear a bit overwhelming to begin with. We have chosen to go through the most important parts, so that you will have it set up and get to know it before you go on. Webmin is installed as part of the Skolelinux server profile. To start Webmin, fire up a browser and enter the following in the address line: https://localhost:10000 or https://127.0.0.1:10000. You will then see a login page which asks you to enter user name and password. The user name is root, and the password is the one you gave during install. If you have successfully logged in to the web interface, you will see that it is divided into five main groups, ``webmin'', ``system'', ``servers'',``hardware'' and``other''. Webmin deals with the configuration of webmin functionality.It includes everything from what users are permitted to use webmin to how it should behave externally. System deals with the configuration of the system. Starting up, file system, processes, system logs, and what users and groups the system will have. Servers deals with various server applications that are installed. For instance: dhcp: Makes sure other machines connect correctly to the network, apache: Distributes webpages bind: DNS, makes sure the machines have names and not just numbers, squid: Caching of browser data, and ssh: encrypted connection Hardware deals with hardware. configuration for lilo Linuxloader, the program that displays the startup menu when booting Linux. , configuration of raid disks, partitioning of harddrives, and the clock. Other deals with anything that does not fit in the above categories. Checking of service status, command shells, overview of common commands, configuration of modules for the Perl programming language, and network access through ssh and telnet. Select system and choose Administrate users in ldap.Here you will find an overview of local groups and users. Click on Add user. You will then be taken to a registration page where you enter the user information. Full name: 'user full name' Username: 'user logon name' User_password: 'user password' Ldap_admin_password(root): 'system-password' Just like when adding users, select Administrate users in ldap. Click on the user you whish to delete, and you will see the information on the user. At the bottom on the right hand side you will find a 'delete' button. Just click on this and the user is removed. You can also choose whether the user's home directory should be deleted. This is not working in webmin. Use the command line instead. This is working in webmin. . . . Cups (common unix printing protocol) is a printing system which fulfills most needs. It is based on IPP (internet printing protocol), meaning all communication between the printer and the user is transmitted over internet The way IPP communicates is actually very similar to the way webpages are transmitted. The webbrowser sends data to the server, which starts printing and responds to the client program with updates. . It does not matter if you print from a different location from the printer, as long as the printer server allows this. Clear rules of what users, computers and network segments that have access to the services, similar to the ones applied for internet, make it impossible for others to penetrate the system and abuse the printers. Since the Skolelinux server profile has been installed, the required packages for CUPS should be in place. One method to check if it is working is to open a command shell and enter the following command: lpinfo -v You'll then get information such as: network socket network http network ipp network lpd direct parallell:/dev/lp0 If nothing is returned, or you get an error message, you have to add the correct program packages first. This is described in chapter . In order to enter the CUPS administration tool, you must open a webbrowser, such as opera or konqueror. In the addressfield, type http://localhost:631 or http://127.0.0.1:631, and you will see the CUPS webpage. CUPS must be configured with the right printer. Go to Do administration tasks and fill in the root user name and password. You will see a screen like the illustration below. One thing that has to be done is to choose the right printer. Then press the text Do administration tasks an you get asked for username and password. Then you enter the admin-pages of CUPS. You have tree options: Creating classes, examine the print que, or adding printers. You now have three options: Creating classes, examine the print que, or adding printers. We can not go into details on CUPS here, but provide a quick introduction to making the printer work. More information can be found in chapter . CUPS allows you to define classes or groups of users. This can for example be used to create a student class and a teacher class, where the student class has a limited print quota, whereas the teachers enjoy unlimited printing. It is also possible to check the status of print jobs and take actions like cancelling erroneous printouts or cleaning the print que after a printer has crashed. Og foerst og fremst; man kan legge til og stille inn skrivere. To add a printer, select add printer. You will then see the following screen: Name: 'short name for the printer' Location: 'where the printer is' Description: 'more complete description of the printer' Fill in these fields and click continue. Note that the first two fiels may contain only letters, numbers and underscore. Then you'll see a window asking you to choose the unit the printer is connected to. Is it a USB port, a parallel port, or something else? Then you have to pick the printer from a list that is given at the end. If all information has been entered correctly, things should now been working. Try printing a test page. KlausJohnstad I use in this example a printer connected to the parallel port of the thin client, the thin client has the name of ltsp050, and the MACaddress/hardware ethernet of it's networkcard is 00:20:AF:9F:06:DC First you need to add the MAC address to the file /etc/dhcpd.conf, the stanza should in this case look like this: host ltsp050 { hardware ethernet 00:20:AF:9F:06:DC; fixed-address 192.168.0.50; filename "/tftpboot/lts/vmlinuz-2.4.19-ltsp-1"; #filename "/tftpboot/lts/pxelinux.0"; #option option-128 e4:45:74:68:00:00; #option option-129 "NIC=3c509"; } Make sure that you replace the MACaddress/hardware ethernet with the one that your card has, make also sure that filename matches what you have on your system. Then you need to add the print capability's to this particular thin client, in the file /opt/ltsp/i386/etc/lts.conf add the following lines: [ltsp050] PRINTER_0_DEVICE =/dev/lp0 PRINTER_0_TYPE =P Notice that P means printer type Parallel, other options are also available, you might want to add other special options to this thin client, if needed. Now it's time to restart the thin client, it is not necessary to restart the server. The thin client is now ready to serve as a printserver, but first we need to configure the printer. This is best done by logging in as root on the server. Then start a Printersetupprogram, e.g. by going into K-menuControl CenterSystemPrinting Manager there you click on the symbol that looks like a magicians wand, you will then be greeted by the Add printer Wizard, press Next, then choose Network Printer (TCP), press Next, then enter into Setting, there you replace 10.0.2 with 192.168.0 since the printer is attached to a thin client, then OK, then Scan, the printer attached to the thin client should now show up as available. Choose this printer, and then set it up according to your manufacturer and model. The Testpage doesn't come. Maybe you specified a too high Resolution, try first with 150ppt. The manufacturer and model of my printer doesn't show up in the driverdatabase. Look at to see if your printer is supported under Linux. In order to avoid loosing important data and for privacy protection, any computer network needs to have secure administrative policies and routines in place. According to the security expert Lars Bahner, 80% of computer security has to do with good routines, with only 20% related to technology. Adding new functionality is relatively simple compared to the continuos effort that must go into keeping the network secured. Data security is also regulated by laws, and the management of an organization is responsible for ensuring compliance with the law. . . . [Knut Yrvin] Jonas thinks unencrypted X traffic is a problem on thin clients as it is possible to intercept the root password. Others agree. I would not recommend logging in as root on thin clients. This should be avoided. That being said, interception would require: 1. Networks without switches (Skolelinux recommends switched networks) This is no obstacle, as Herman has commented. 2. That the interceptor has root access and can run sniffers If schools add computers running MS Windows to the LTSP network, as some have indicated a wish to do, the users will have such access. 3. The ability to detect the root password in a network traffic of up to 2 Mbit/s per thin client. This is not too hard, as there are software that can listen to TCP connections for 'su\n' and 'login:' and notes down the traffic surrounding these events. 4. The ability to make the thin client into a light workstation with a floppy drive (and gain access to traffic info in an unswitched network) This is not a requirement. Windows clients in the network and tampering with the switch setup suffices. 5. That users who _have_ access to the thin client network from within are the perpetrators (see the architecture document): http://developer.skolelinux.no/arkitektur/arkitektur.html.en Yes, the threat comes from within. I consider the threat to be sufficiently serious to avoid sending the root password via the LTSP network, but not great enough to banish LTSP until the traffic between server and client becomes encrypted. This is akin to the University of Oslo IT (USIT) policies, where everyone who has the root password to the controlling computer which gives access to all unix machines on campus must be in their own controlled and closed network. The root password is not to be sent across unsafe networks without establishing an encrypted connection. This warning should be added for Windows 98: WARNING: THIS MS WINDOWS 98 SYSTEM SHOULD NOT BE USED TO CONNECT TO THE SCHOOL NETWORK WHICH HAS MILLIONS OF USERS NATIONWIDE Yes, this warning should be in place. :) Jonas Smedegaard's arguments can be summarized as follows: 1. He criticizes the fact that per default, LTSP thin client network X traffic is sent unencrypted, http://www.ltsp.org/. LTSP is working on this (adding ssh should be relatively easy). 2. He thinks Skolelinux is unneccesarily insecure since X traffic can be sent unencrypted in a _closed_ network behind a firewall, where key combinations can be monitored - provided 3-5 technological hurdles have been overcome (overcoming switched network, unauthorized root access with floppy drive on the thin clients, and running sniffer software) Network When planning a network, you choose a one or a combination of media. The planning and the choices are often based on the structure of the buildings and other physical characteristics, and on security and performance requirements for the network. The main focus will be on achieving the desired functionality, security and performance in the most cost efficient manner. The next step is to choose logical topology (Ethernet, Token Ring etc.). The logical topology is commonly selected based on transfer rates, ease of administration, and often, tradition. Often, the network has to be split into several parts, for reasons of geography or traffic flow. This is done by using repeaters, hubs or concentrators, bridges, switches and routers. Quite often, there is also a need to communicate with other types of computers, using other network protocols, and in these cases we must turn to so called gateways. Bridges A bridge is used to slit a network in two (or more) logical segments. As bridges operate on the datalink layer, they have access to the physical addresses (MAC addresses) for a transmitting and receiving station. According to this definition, a bridge is able to transmit, or refrain from transmitting, data to the segment on the other side, based on these addresses and other information in the datalink layer. Bridges are choosy with regard to the traffic the let through. They are able to filter the traffic at the address level, and because of this bridges are used to divide an overloaded network into several segments. By dividing, the bridges will prevent traffic internal to a segment to burden other segments. As long as the traffic over the bridges stays relatively low, such a solution reduces the load on each segment. How a bridge works: (illustration of network, with 2 servers, and split in an upper and lower segment). Our point of departure is a network with a bridge between two segments. - Recieves all data packages on the upper segment. - Ignores all data packages addressed to nodes in the upper segment. - Transmits all other packages to the lower segment. - Executes the same functionality vis a vis packages in the lower segment. Switches A switch is a multiport, high performance bridge. A switch is able to understand physical network addresses (MAC addresses), but not logical addresses (like IP addresses). The main purpose of switches is to increase the bandwidth in high load networks through segmenting the network. A switch may be compared to a bridge, but has much better performance and comes with more ports than bridges. A switch has high performance and low price, and is mainly used when additional bandwidth is needed. There are two main types of LAN switching: Store-and-forward and cut-through. Store-and-forward is the same switch method used in bridges. Storing and forwarding means that for every incoming frame, the whole frame is read into a buffer, and an error check (CRC) is run on it before deciding whether to forward it. With cut-through-switching only the header is read, and thereby the source and destination addresses, before deciding whether to forward the frames. This is considerably faster then Store-and-forward. But because the whole frame is not read and no error check is run, there's a risk of forwarding corrupt frames, thus causing problems, retransmissions etc. Routers Because they contain more intelligence, it is obvious that routers are more work intensive than bridges and switches. The relative amount of packages they can transmit is lower than for bridges. On the other hand, they are capable of choosing much more sophisticated paths through an local network. From an administrative point of view, it is often desirable to split the network into smaller, logically grouped chunks, that are easier to handle. In an IP based network, these chunks are known as subnets. Routers are mainly used when there is a need for security and a more detailed control of the network traffic. Hubs The task of a hub is to connect several cable segments in one point. The simplest form of hub is a multiport repeater, which is exactly what its name says. It connects multiple cable segments and regenerate the signal for each segment. With Ethernet the access method Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is used. This is built around a concept called contention, in which the stations on the caple sends its data when it is convenient for them.CSMA/CD enhances this concept in that the stations first listens to the cable before sending data to it. Even so, it may be the case that two stations are listening at the same time (this often occurs at heavy traffic loads) and both regard the cable as unused and releases data to it. This results in a collision. Samba is a service which makes it possible to share a Linux filesystem and printers with Windows. It is actually the protocol SMB (Server Message Block), developed in 1987, used by Microsoft and adopted by Linux. The service consits of several components which we will return to. In the first place, the service has to be installed, if this has not been done already. Squid is an Internet proxy cache application, which can make surfing the Net seem simpler. A proxy is defined as an agent with the authority to act on behalf of others, and a chache is a storage location that hides and handles information for later use. By using Squid, surfing the Web will appear faster than what it realy is. After you have accessed a webpage, a copy will be stored locally. The next time you go to that page, it will appear much faster, as it has been downloaded already and is stored in memory. It is important to configure this service accurately, so that each page isn't stored for too long. Many webpages are updated frequently, and yesterday's paper is of little interes. Limacute handles user administration, courier handles mail reception imap and smtp. mailman is a mail service handling mailinglists etc. DSH is Distributed SHell,a small script making it possible to execute commands on clusters/multiple machines at a time. It uses a small daemon which collects information on the machines and uses a small script that exploits the collected data to remotely execute the commands via rsh or ssh (which are encrypted transfer protocols). NFS is a network sysmtem thats makes possible the sharing of a harddrive by multiple computers in a network. Thus, you can access other PCs somewhere else in the network. This is achieved by exporting a part or all of the local file system, so that a user is able to mount the file system from another computer over the network. The server program makes the file system accessible to other machines through a process called exporting. File systems that are available over the network in this way are called shared file systems. In practice, if a shared file system on machine A is mounted on machine B, it will appear to the user on B just like a local file system, and thus NFS is invisible to the users. NFS is designed to function independant of machine, operating system and transport protocols. It uses client/server architecture and consists of a client program, a server program and a protocol for communication between these. Webmin is a web based interface for system and user administration in Unix. It is designed to be functional, quick, and easy to use. It is also highly extensible because of an open and well documented application programming interface (API). Webmin is also very portable, and supports more than 25 different unix-like operating systems and linux distributions. By using a browser that supports frames and forms, you can configure user accounts, Apache, DNS, file sharing etc. Webmin consists of a simple web server and several CGI programs that update system files directly. Webmin is a unique program for the Unix world in the sense that it offers a one-to-one graphical user interface (GUI) for almost any function in a unix system. Anyone can use it because it only requires a webbrowser and is accessible from anywhere there is an internet connection. Webmin is an excellent tool for both novice and experienced system administrators. For novices, it offers a way to learn system administration in a very visual manner. SSH is a program used for logging into other machines in a network, execute commands on external machins, and for copying files between machines. It has strict authentication and provides secure communication over insecure connections. The advantages of SSH in comparison to many other similar programs is that is encrypts the connection between the two machines and forwards the X-connection (which means that it tells the other machine what computer you are using). In this way you may start X-programs without problems. When using other programs, passwords are often transmitted unencrypted. If someone listens into the network, they may therefore be able to get hold of your password. The X Window System has many weaknesses. By using SSH you can create secure X-sessions that are invisible for the users. CUPS is a network printer system for centralized management of printers. It is built on the IPP (Internet Printing Protocol) which is built on the internet protocol HTTP (HyperText Transport Protocol). This means that the data are transmitted in the same way as on the internet. You might think that this would lead to a huge traffic load and a slowdown of the network, but that is not the case.Since the program runs directly on the server, it's not affecting the clients significantly. The only thing that affects the clients is a background process, a daemon, that frequently searches for client requests. This is a very small program which only reads the commands it receives like print, cancel, pause etc. Administration of the program is very easy - since CUPS uses the same protocol as internet,It may be administered from anywhere. DNS is a distributed directory service which translates IP addresses to particular domain names. An IP (Internet Protocol) address is an identification number (such as 176.15.30.72) that a package or machine gets from its local internet service provider. This address shows affiliations on sending and receiving packages. DNS also handles email for the domain. For the domain www.skolelinux.no, the DNS server will also hadle the various email aliases created for the domain, e.g. pere@skolelinux.no. If the DNS server crashes, the domain will not be visible.... LDAP (Lightweight Directory Access Protocol) is a protocol for directory services which is used for authentication in a cetralized system. It uses the local database for storing information. E.g. if an LDAP client connects to an LDAP server with a request, the server will respond by pointing to where the requested information may be found, normally on another LDAP server. PostgreSQL is the database program that Skolelinux has elected to use. Primarily because it is free, but also because it supports most database constructs.For those who are not familiar with databases, it is a collection of logically related data, stored in tables. A school database might have tables such as employee, student, subject, class etc. This tables may be combined in order to produce desired answers to queries, by using the query language SQL. DHCP is used for allocating IP-addresses to computers in a network automatically. To use DHCP, you must install a DHCP-server on one machine, and DHCP-clients on the machines that need IP-number.When the clients start up, the DHCP-client sends a request for an IP-number. The DHCP-server picks up the request, looks at its configuration, and returns an IP-number to the client. The server also often sends information on Gateways and DNS-servers. Using a DHCP-server to allocate IP-numbers has several advantages to fixing an IP-number for every machine in the network. Here are some: IP-addressing is controlled from one machine. Good overview of allocated IP-numbers. Easy change of IP numbers. It is possible to allocate fixed IP adresses with a DHCP server Multiuser machines, such as pupil machines may easily be given an IP number, without requiring each computer to have a fixed IP address. Configuration of DNS servers and gateways are done at a central location, in stead of on every single machine. Portable computers may easily be moved between networks without reconfiguring IP address, gateway and DNS servers. Apache is the most widely used webserver in the world. It is free software distributed under an open sourve license. Version 2.0 functions under most UNIX based operating systems (such as Linux, Solaris, Digital UNIX and AIX), under other UNIX/POSIX- systemes (such as Rhapsody, BeOS, and BS2000/OSD), on AmigaOS, and on Windows 2000. According to Netcraft (www.netcraft.com), as of February 2001 60% of all webpages are served by an Apache server. Apache is integrated with the newest version of the Hypertext Transport Protocol, HTTP1.1, and free support is provided through a report system and several dedicated newsgroups. In addition, many companies offer consultancy services. AppleTalk is a network protocol which enables communication with Apple Macintosh machines in the network. It is part of Skolelinux in order not to exclude operating sytems (and thereby users). PHP (PHP: Hypertext Preprocessor) is an open source server scripting language for making dynamic webpages and internet applications. A dynamic webpage is a page tailored to the user, so that users visiting will see information pertinent to their selections. Dynamic internet applications are mainly used for commercial sites, where what is displayed is generated from a database or some other external source of information. PHP is a scripting language specifically tailored for web development, and is easily integrated with the Hypertext Markup Language (HTML). Webpages generated using PHP are treated just like static HTML pages. PHP offers a simple, universal solution for constructing webpages.PHP syntax is similar to C and Perl, making it easy to user for everyone who has basic knowledge of programminng. Because of its design, PHP code is simple to maintain and update, and because it is distributed freely and as open source, it has been widely adopted and is extremely well documented and supported. PHP4 - (PHP version 4.0) Version 4.0 includes more than 50 improvements of performance and a range of new functionality. Webbrowsers Konqueror, Opera, Mozilla Mailprogram KMail, Moxilla-mail, evolution Newsreader Knode Wordprocessor Kword, AbiWord Spreadsheet Kspread, Gnumeric Reportgenerator Lyx Database Postgresql, mysql Presentation Kpresenter Webdesign Quanta+ Teksteditor, Kwrite+kate, Gxedit Graphics Gimp, Krayon, Kontour, Sodipodi Pedagogical software Kdict, KGeo, KStars, KmPlot, celestia Chemistry gperiodic Kalzium? chemtool? Math KPercentage, KmPlot, KGeo Languages Kvoctrain, Kmessedwords Multimedia Noatun, Artsbuilder Video player Xine, noatun Music Noteedit, Kmidi Conference/Videophone Gnomemeeting Notes: - chemtool has not been thoroghly tested yet - Kalzium compiled, but did not work completely as it ought to, while gperiodic is fairly similar and works great! - KPercentage crashes at once, -KVoctrain compiles/runs, but has not been tested (must be set up) -KMessedwords must be nationalized - Gnomemeeting, which is based on H.323, is going to be hard to get to work throught firewalls. Something SIP based would possibly have been the right thing? Introduction In order to be able to administer a system, you need administrator rights. For Linux, this means being logged in as root. All functionality described here pertains to system administrtion, and thus requires root privileges. To log in as root, open a terminal console (window). This may for instance be done like this: K->system->terminal console Type: su   You will be asked for a password. Enter the root password. The needed commands are only executed in this terminal console window . Users are added and removed using webmin. If you wish to do it from the command line interface, use lynx, a text base webbrowser Just as for adding users, go to user and groups. Click the users you wish to remove, and you will see info on the user. Use the 'delete' button at the bottom, to the right to remove the user. You can also choose whether or not the user's home directory should be deleted. This is the same as what is in In order to change a user's password, type the command: passwd 'user name' Enter the new password twice. This will create a new password. Linux has a simple system for file protection. Each file is related to 3 sets of users: 'u' (for user) refers to the user himself, the owner of the file 'g' (for group) refers to other users in the same group as the user 'o' (for other) refers to all other system users. In addition, each set of users have 3 possible privileges: 'r' signifies read access. Only those with read privileges can read the file. 'w' signifies write access. Only those with write privileges can write to file. 'x' signifies execution privileges. Only those with 'x' privileges can execute a program. To show how this works, let's look at an example: server:/home/torharald# ls -l administrasjon.dvi -rw-r--r-- 1 totte totte 2136 Mar 31 21:14 administrasjon.dvi In order to change the protection of a file, you have to be logged in either as the owner of the file (i.e. the user that created the file), or as root, with all privileges to change whatever is necessary. Changing the protection of files or directories is done with the command chmod (change mode). As an example, assume that you have a file called task.dvi for which only you should have privileges. In this case, enter the command: chmod go -rw oppgave.dvi This is an order to remove read and write privileges from the file oppgave.dvi for the sets of users go(group,owner) A process is a program under execution, i.e. a designation of the program and the environment the program uses while running. A process has: A process ID (PID). This is a unique number identifying the process. All processes are started by other processes, i.e. all processes are children of other processes. At boottime, a range of processes are started. And when the login window is displayd on the screen, this is a running process. When we're logged in, we're inside a process that is a child of the login process. After installing Skolelinux, the network should be working properly. To check the network, open a webbrowser and try going to a familiar webpage, e.g. www.skolelinux.no. If you get the message Unknown host, you don't have an internet connection.There are several possible reasons for this. We'll get to these in the chapter on error handling. ping Command where you send an echo request traceroute Used to track a network-package. E.g. if you have someone who's trying to enter your machine, you can type traceroute 'ipadresse' to trace where the attack is coming from... netstat Used to check and set a configuration ifconfig The command is used to configure the network card. ifdown Shuts down the network. But with * -a, for all ifup Starts the network.But with * -a, for all KlausJohnstad There is at the moment 4 partitions of type lvm in Skolelinux: /usr /var /skole/tjener/home0 swap This partition is where your programs are installed. Resizing this partition is tricky. In order to umount this partition, you have to enter runlevel 1, and exec a shell from another partition. Notify all your users that they have to log out, then issue init 1 from the command line. Now that you are in runlevel 1, you can issue exec /bin/shor exec /bin/ash depending on your symbolik links.. You will recognize that you have another shell when you have a promt looking like this \h:w\$. If you do a mistake when writing, then you have to do a Ctrl-C and start the line all over again. First we notice the current size of our partition, df -h /usr Filesystem Size Used Avail Use% Mounted on /dev/vg_system/lv_usr 1.0G 400M 600M 40% /usr Then we umount the partition, umount /dev/vg_system/lv_usr Then we check and repair the filesystem, fsck -yf /dev/vg_system/lv_usrThe resize program e2fsadm does do a filesystem check, but for safty we do it an extra time. Then we chech how much free space we have in this volume group, vgdisplay vg_system, look for a line saying something like Free PE / Size 175 / 5.47 GB In this case we have 5.47GB free space that we can use. If we want to increase the partition with 1GB, we issue e2fsadm -L +1G /dev/vg_system/lv_usr. If we wanted to increase the partition with 100M, we would issue e2fsadm -L +100M /dev/vg_system/lv_usr, If we wanted to decrease the partition with 100M, we would issue e2fsadm -L -250M /dev/vg_system/lv_usr Due to a bugWe will shortly fix it, , we must be carefull when resizing. Make sure that you see the follwoing on your screen: resize2fs 1.27 (8-Mar-2002) Begin pass 1 (max = 2564) Extending the inode table XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Begin pass 2 (max = 160) Relocating blocks XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Begin pass 3 (max = 52) Scanning inode table XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Begin pass 5 (max = 9) Moving inode table XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX If you do not see all these XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXrolling over the sceen when you resize, then your resize wasn't sucessfull.You then have to remount the partition, then umount the partition again, and resize the partition again.When you do this second resize, make sure to only resize with 32M, because the reszie commands "remembers" that last failed command. If the resize was successfull, then we now can mount the partition, mount /usr, then we chech it's size, df -h /usr, it should in this case now look like: Filesystem Size Used Avail Use% Mounted on /dev/vg_system/lv_usr 2.0G 400M 1.6G 20% /usr When you now write init 6, after you have mounted the patrition, the machine will then reboot up into multiuser environment again. KlausJohnstad When I try to umount, it complains the the device is busy. This is because there are open files on the partition that you want to umount. If you are trying to umount /skole/tjener/home0, then make sure that all your users are logged out. If it's possible, try to resize in runlevel 1 I have resized a partition, but I don't see any difference in the free space on my partiton This is probably due to bug#439, the solution is to remember to check and repair the partiton that you want to resize before you try to resize it, with the command fsck -fy, then try to resize it again, but only increase/decrease it with 32M, that is e2fsadm -L +32M. After I have mounted the partition, and the machine starts in multiuser again, it hangs at NFS....., what shall I do? The only solution I have, is to restart the machine hard, e.g use the Reset-button, or turn of the power. This shouldn't happend if you use the command init 6, or reboot This is where the users has their homedirectories. The method used to resize this partition, is very similar to the one used when resizing /usr, infact it's easier because we don't need to go into runlevel 1, and we don't even need to start another shell, so I'll just list the commands used very briefly, and ask you to read Logg in as root, and tell all you users to log out. Chech the current size of the partition, df -h /skole/tjener/home0 Umount the partition, umount /skole/tjener/home0 Check and repair the filesystem, fsck -fy /skole/tjener/home0 Chech how much free space you have, vgdisplay vg_data Resize the partiton to desired size, e2fsadm -L +400M /skole/tjener/home0 Mount the partition, umount /skole/tjener/home0 Chech the current size of the partition, df -h /skole/tjener/home0 If the resize failed, then please read again the chapter about when resize fails on /usr, This is where the users has their homedirectories. The method used to resize this partition, is very similar to the one used when resizing /usr, infact it's easier because we don't need to go into runlevel 1, and we don't even need to start another shell, so I'll just list the commands used very briefly, and ask you to read Logg in as root, and tell all you users to log out. Chech the current size of the partition, df -h /skole/tjener/home0 Umount the partition, umount /skole/tjener/home0 Check and repair the filesystem, fsck -fy /skole/tjener/home0 Chech how much free space you have, vgdisplay vg_data Resize the partiton to desired size, e2fsadm -L +400M /skole/tjener/home0 Mount the partition, umount /skole/tjener/home0 Chech the current size of the partition, df -h /skole/tjener/home0 If the resize failed, then please read again the chapter about when resize fails on /usr, The resize of this partition follows the exact same procedure as when resizing the /skole/tjener/home0 partiition, described in section A driver floppy is a floppy disk with an ext2 file system, with a file modules.tgz. This file is unpacked from root on the installtion system. Such a modules.tgz may for instance contain a file like this: .lib/modules/2.4.19-386/kernel/drivers/scsi/aacraid/aacraid.o'. We assume you have a brand new installation of OS X on the computer you wish to connect to the Skolelinux network. We also assume that you have updated the OS to the latest version, by using the automated update functionality in OS X. These guidelines require that you have some experience with OS X. We assume that you know simple concepts and principles for OS X. You have to be logged in on the Mac as root throughout the procedure. These changes cannot be performed by an ordinary user. Root account is deactivated as default. You must activate it in the Netinfo Manager in the Security menu. Then, log in again as root. A Mac in a Skolelinux network will behave like a workstation. This makes placing it together with Linux workstations a natural choice. For more info, see http://developer.skolelinux.no/arkitektur/arkitektur.html.en In order make it work against the Skolelinux network, it is easiest to configure the computer to use DHCP to get ip address and other settings from the server. DHCP is usually activated by default in OS X. With DHCP running, you will have network access as SOMETHING LACKING. This is an advantage, because it will be easier to take the script down for setting up nfs on mac, which is done like this: Enter System options Choose Network Choose network card. This will usually be built-in Ethernet Click on the TCP/IP part. Configurer should use the With DHCP option. Click Start using Note: To check if the network is ok, run ifconfig from a terminal. en0 should have the flags UP, RUNNING. If your computer has not been networked previously, this would be a good time to update the software. You will find Software update in the System part of System options. This guide assumes you have updated OS X to the latest version. DNS is set up automatically by DHCP. If you wish to change name server, this can be done in the configuration for Network under System options. To be able to use the web proxy installed on the Skolelinnux server, do the following: Enter System options Select Network Select Proxy Tick off Webproxy Enter the ip address for server and the port of the webproxy. The ip is usually 10.0.2.2 and the port 3128. Click Apply Select Directory Access under Tools in Programs. Tick off LDAPv3. Click Configure. Location should be Automatic. Click New. Configuration Name should be tjener, Server Name or ip address should also be tjener. For LDAP Standard types, select RFC 2307(Unix). You will now get a dialog box where you must enter search path ending. Enter the following: dc=skole,dc=skolelinux,dc=no. Click OK. SSL should not be activated. Click on the Verification tab. Searching User defined path. The catalog node list should contain /LDAPv3/tjener (server). If you don't have this, click on Add and select LDAPv3/tjener. Same goes for the Contacts tab. If you don't have /LDAPv3/tjener on the catalog node list, you must click Add and select LDAPv3. Close Catalog access Go to Accounts configuration under Options Select Login choices Tick Field for name and password The easiest way to configure nfs is to run the ready-made script mac-nfs-configuration in a shell. To run this script, you must be logged in as administrator/root. It does not work for other users. NFS configuration: (the Norwegian word tjener means server) # scp root@tjener:/mac/mac-nfs-oppsett mac-nfs-oppsett # chmod u+x mac-nfs-oppsett # ./mac-nfs-oppsett Note: The script displays a notice when it has finished. You may then close the terminal window. The full script is included at the end of this document. Go to Date and time settings under Options. Select Network time Enter the server address (10.0.2.2) Tick Use network timeserver To set up a network printer in OS X, go to Programs, then Tools and select Print center Select IP-printing from the drop-down box. Enter the printer network address Select model and driver Click Add Log in to the server for workstations with ssh as root. In skolelinux, this machine is called tjener (server). Do the following: Server login: # ssh root@tjener Enter password and log in. Edit /etc/exports . This can be done by e.g. using nano (/bin/nano) or pico Edit /etc/exports: # nano /etc/exports /etc/exports: /etc/exports: the access control list for filesystems which may # be exported to NFS clients. See exports(5). # # Orginal line # /skole/tjener/home0 10.0.2.0/255.255.254.0(rw) # # Changed line /skole/tjener/home0 10.0.2.0/255.255.254.0(rw,insecure) Here we show a modified /etc/exports. You only have to add an insecure parameter. In practice, this means letting nfs use ports over 1024. As far as we know, there are no risks involved in doing this. Next we start the nfs export. Restart NFDS export: # /etc/init.d/nfs-kernel-server restart Log out from the server by typing: Logging out from server: # exit Close all the applications, and restart your Mac. Users that have been entered in LDAP should now be able to log in, as with a regular linux workstation. mac-nfs-configuration: #/bin/sh echo This script sets up automated mount of the home directories mkdir /skole ; mkdir /skole/tjener ; cd /skole/tjener ln -s /automount/skole/tjener/home0 home0 nicl / -create /mounts/fu dir /skole/tjener/home0 nicl / -create /mounts/fu type nfs nicl / -create /mounts/fu name tjener:/skole/tjener/home0 echo Done ... This section is meant to be of help when connecting computers running Microsoft Windows in a Skolelinux network. You will not find detailled explanations, as this is just meant to be an introduction to how it *can* be done. Administration of Windows is a vast theme, which is documented far better elsewhere. The autor has only had access to the english version of Windows, and the name on components will then be influnced. This should be alright in most cases, since the translation of Windows has a tendency to be direct translatable our local language. Skolelinux comes with a default configuration for connecting Windows clients, using Samba. If you wish to change the configuration, we recommend the many how-tos on using Samba, which can be found under documentation at http://www.samba.org At the time of writing, some of the software for supporting windows clients is only available from a test area at the skolelinux.no ftp server. To use it requires giving apt access to the test area and running an upgrade for the whole system. See http://http://developer.skolelinux.no/info/studentgrupper/2003-macwin-integr/index.php?page=testing for a description of how to do this. As soon as the changes have been added to the standard Skolelinux distribution, this will no longer be necessary. A computer running Windows is regarded as a thick client in the Skolelinux context, and thus belongs on the main network. The only thing that needs attention in the network configuration is making sure the computer is configured to receive ip address and name services via DHCP. This is how windows is configured to do by default on a new installation. If the computer has been set up with a fixed address before, this should be changed to Allocate address automatically. When the computer has been allocated an ip address and is able to communicate with other computers on the network, it must be configured to be able to log in on the server and get access to files and printers. This is called placing the computer in the domain. The domain is the windows part of the network, controlled by the server. Skolelinux comes with a default windows domain called skolelinux. How you configure a windows client to be a member of this domain varies according to the windows version. Access to the home directory is set up automatically when the user logs on. The home directory will then appear as drive H: . All printers that have been added to CUPS on the server will be shared on the windows network, but not installed on the individual client. The practical reason behind this is that drivers are required for the particular printers on the local network. Here is a short summary of what needs to be done for the various windows versions. Windows 95 and 95A don't support password encryption, and therefore are not supported by Skolelinux for security reasons. These windows versions are the easiest to place in the domain. You can do this by changing the settings for Client for Microsoft Networks under Network in the Control panel. There is an option called Logon to Windows NT-domain, which must be activated, and the domain name skolelinux entered. After rebooting, the computer will be ready to log in to Skolelinux. In order to get Windows 2000 client to connect to the Skolelinux domain you need to make some adjustments to your server. (It was true for Skolelinux 0.41, it may not be necessary anymore with next releases). From the server side do the following: add deb ftp://ftp.skolelinux.no/skolelinux woody-test local to /etc/apt/sources.list apt-get update && apt-get install samba smbclient comment out deb ftp://ftp.skolelinux.no/skolelinux woody-test local in /etc/apt/sources.list when logged as root do smbpasswd -w admin-passwd NB: DO NOT DO THIS ON NEWER VERSIONS OF Skolelinux. then updated any already existing user password with smbpasswd -a userID add a root user within the LDAP directory smbpasswd -a root, prompt the root password From the client side do the following: go to System, Network Id, choose Properties, then update the properties with Domain Skolelinux use the root user and password as the authorized user to add the client within the Skolelinux domain Windows XP Home is a fun product that has lost an array of useful functionality, such as the ability to be placed in a domain. Microsoft has decided that a home computer does not belong in a network, and has therefore left out this possibility. Thus, Windows XP Home edition is not supported as a client in the skolelinux architecture. Windows XP Professional is based on Windows 2000, and thus the procedure for placing it in the skolelinux domain is very similar to what is described above. The only difference is that XP Pro has some security settings that don't mesh with the Skolelinux configuration. These settings must be changed before the computer can be added. This can be achieved by changing local policy, but it is simpler to change to registry entries, which can be done by running a small .reg file. When these settings have been changed, the computer can be added by following the procedure for Windows 2000. The registry key in question is: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword:00000000 To use the proxy, you must configure each webbrowser. For Internet Explorer this is done in Internet Options. For Opera, it is done in Preferences. The name of the proxy server is webcache, and the port is 3128. Since each webbrowser has its own location for storing this information, there are no simple ways to update all the machines in the network. One method that is often used is to copy the changes via the samba login-script in the shape of a .reg file or .ini (depending on the browser). Skolelinux offers several ways to make use of the mail service. Some are more appropriate for a school network than others. Which system is chosen is under the discretion of the local administrator. In many cases, one would wish to continue an existing solution. In some cases there are regulations stipulating the pupil's access to email. POP is perhaps the least appropriate solution. This protocol is the most common when checking email form an ISP. POP entails downloading the message for local storage on the user's home directory before reading it using an email application. For a school network, this would mean that the email would be stored in many different locations, both on the server and the clients. Using POP would also require the email application to be configured for every single user on the clients. IMAP is far better suited in this context. Using IMAP will result in the email application being connected to the server continuously, and just running as an interface to look at the email, which is always in the same location, on the server. In some cases, whic will also entail configuring the email application for every single user. Some email applications can however be configured to require logging in, and thus all users can have the same configuration. Web based email requires the least work with respect to Windows clients. All that is needed on the client side is a web browser. On the other hand, webmail can require greater effort to configure correctly on the server, but it is very easy to administer once it has been set up. At the same time, one is spared all the security problems with email applications on Windows (virii and worms exploit security holws). Even though a web interface can be very different from regular OS applications, experience has shown that young users easily understand how to use it. Many pupils will already have a private email account with a webbased interface (e.g. Hotmail, Yahoo). There are several package handlers for Debian GNU/Linux distribution. We'll look at the workings of one of these. At the end, we'll mention some alternative package handlers. What's most important is to understand what a package handler does and what problems it solves. A package handler keeps track of packages or programs to be loaded on the computer. These packages are made and tested for Debian so that they are installed on the machine locally. The package handler takes care of any dependencies a program might have. It also had functionality for updating the software, by downloading the latest version from the network. By using the latest version, system security is significantly increased. Before making use of the functionality of apt-get, you have to make sure the download sites are specified correctly. This is because you download files from the Internet. The address for these files must be given in the sources.list file.This file can be fount in the path /etc/apt/sources.list. If it is not there, you must create it in an editor, and include the following data: deb http://security.debian.org/ stable/updates main contrib non-free deb ftp://ftp.skolelinux.no/debian/ woody main contrib non-free deb ftp://ftp.skolelinux.no/debian-non-US/ woody/non-US main contrib non-free deb ftp://ftp.skolelinux.no/skolelinux/ woody local When the file sources.list is correct, it is possible to proceed to retrieving information about the packages and search in them, install packages and update installed packages. b To be able to retrieve information and metadata on the packages locally, type the following command: apt-get update This leads to there being a file that is downloaded locally with information and metadata on the available packages. To search through this file, another command is used: apt-cache search[Package name/word/topic] This results in a list of available packages. The structure of this list is package name - information on the content of the package. One can also find dependencies on this package by using the command: apt-cache showpkg[package name] When you have found a package that you wish to install, it can be installed by the following command: apt-get install [package name] It is important to get the package name is correct. Otherwise, you may download another program, or not get anything. If correct, the download and installation will go ahead. To automatically upgrade all installed packages to the latest version, all that is required is to enter the following command: apt-get upgrade This may take some time, particularly if it has not been done in a while. I think that this is done by a cron daemon, so there should not be a need to do this. You can find more information in the man pages if you need to learn more about apt. There are other package handlers for Debian, but apt is the most commonly used. In order for us to correct errors in the software (bugs), it is very important that it is tested by many people, and that we receive reports on the bugs discovered. Without your help, it is close to impossible for us to uncover all errors. If you find a bug, it must be reported to the error database, http://bugs.skolelinux.no as soon as possible so that we may correct it. Testing is a good way to make a contribution to flawless software, as long as the people testing provide us with bugreports. The first step on is to install the software on a computer. Check whether there any guidelines are included for the installation of the program before you begin, and follow them if that's the case. If you are not able to install the software, try again. If things come to a halt, check if newer installation guidelines are available and follow this. Maybe you made a wrong selection somewhere? If not, report to the error database according to the guidelines below. Now that the software is installed, it is time to start testing it. Just start the program, and see if it works normally. Configure the program if needed, and see if it functions normally. If errors arise, see if they are reproducible. If that's the case, report the bug to the error database in accordance with the guidelines given below. Bugreports are a tool for quality assurance and improvement of software. If the bugreports are faulty, they may be ignored by the developers because the information in the report is to tangled an inspecific. A useful bugreport had two main qualities: reproducibility and specificity. If the error is not reproducible, it's difficult for the developer to find the error, and thus to correct it. It's important to include all relevant details about the error, or it may be given a low priority. Well specified bugreports makes homing in on an error easier. Please take the time to isolate the specific circumstances that triggered the error. If appropriate, include the source code that caused the error. All bugreports that should go to Skolelinux, are reported using the webpage http://bugs.skolelinux.no. (It is possible that some errors should be reported to others. These links are listed on this page. Report the error to Skolelinux if you are unsure where it should be reported). The Skollinux uses the bugreport system Bugzilla, which is a database where it is possible to search for reports and add new reports. The following is a description of the procedure: has the bug been reported already? Before you submit a new bugreport, you must check if this error has been registered before at http://bugs.skolelinux.no. Duplicating earlier bugreports is of no help.It is quicker to search through the database than to write a bugreport, so it pays to check if the error has already been registered. It is also possible that it has been fixed, but you don't have the latest version, or it is being tested. If you do find that the error you identified has been registred before, don't report it again, but read through the bugreport and add your comment to it. How to check whether the bug has been reported already From the main page, follow the link ``Query existing bug reports'' and write a query in line with the error you detected. If you're unsure about how to write a query, follow the guidelines under clue at the top of the page. Submitting a new bug report From the main page, follow the link ``Enter a new bug report'' log in using your email address and password. If you don't have an account, you click on the link at the bottom of the page and follow the guidelines for creating an account. In order to report bugs, you need an account, so that you may receive feedback on the handling of the error. Now that you're logged in, all that remains is to fill in the bugreport form, as described below. Where was the error found? The first fields deals with where the error was discovered, you must enter: Version: Which version of the distribution you have installed. Component: What part of the system the error arose in. Platform: What platform OS: Operating system, probably Linux How important is the error? This concerns the prioritization of bugs with regard to what is critical for the system. If a function in a little-used program does not work, it should be reported with a low priority. A serious error in a commonly used program is given a high priority. Resolution_Priority: Grade the error on a scale form P1 to P5, P1 being least critical. P2 is a normal grade. Severity: Concerns the critical condition of the error. Is it a major bug, or a trivial mistake? Who is going to follow up on this error? It is possible to state who is going to follow up on the bug and send a copy of the bugreport to any other interested parties. Assigned_To: Here it is possible to enter a developer responsible for fixing the error, or leave it blank, assigned to ``default'' ``components''. Cc: If you wish to give a copy of the error to someone else, fill in their email address here. What else can you tell the developer about the error? This is where the true bugreport is written so that the developer understands how to find the error. Some possible points of departure are included below: Summary: Is a short description of the error, about 60 characters or less. Consider the 'summary'-field as akin to the subject field in an email. Description: Here the bugreport should be written as described in What should a quality bugreport include?. Here are some points to consider: High level description of the error as you see it. What steps are needed to reproduce the error? The result of the error. What is happening? The expected result. What were you expecting to happen instead of the error? What version of the package is used? Use 'dpkg -S '/full/path/to/the/program#62;' to find out about the package in question. Then 'dpkg -l 'package name'' to see the version. What package versions are used by the problematic package? Use 'bugreport -p 'pakcage name'', and answer the questions. A template is written just befire the program is finished, which is a starting point for a bugreport. Additional information, if any. When you're done filling in everything, doublecheck if all information has been entered correctly. Then click Commit and your bugreport will be registered in the Skolelinux Bugzilla database. Normally, feedback is provided by developers concerning the error. It is possible that a developer will get in touch with the submitter if more information is needed, or if the submitter wishes to test the new version and see if the error has been corrected. Therefore, it's important that the submitter registers a functioning email address, and regularly reads email sent to this address. Skolelinux has been given a special version of the Opera webbrowser, where the advertisement banner may be changed. This is done by editing '/etc/opera6rc.fixed'. The following fields should be enterd. [brand] Branded Banner URL= Banner Path='image path' Banner HomePage='URL' 'Banner Path' is the path for a local file or URL to an external file which has to be an image (468x60 pikxles) to be displayed in the advertisement field in Opera. 'Banner HomePage' is the URL that Opera should fetch when this field is clicked on. Select tasks to install. (Navigate using the arrow keys. Select Norwegian primay school: common, Norwegian primay school: server and Norwegian primay school: server for thin clients with space so that there is a * for each of these. If you deviate from the choices we've made, your installation will be different.) Finish. Debian System Configuration. No. (Don't run dselect.) (The installation starts and you whish to continue the installation) [Enter],[Enter] Configure Xaw3dg. Ok. Configuring Binutils. Ok. Configuring Less. No. Configuring Location. C. Ok. Configuring Nfs-common. Ok. Configuring Ssh. Yes. Configuring Ssh. Yes. Configuring Ssh. Yes. Configuring Abiword-common. Ok Configuring Apt-listchanges. Yes. Configuring Apt-listchanges. Ok. Configuring Apt-listchanges. Yes. Configuring Apt-listchanges. Pager. Ok Configuring Apt-listchanges. Yes. Configuring Apt-listchanges. Root. Ok Configuring Apt-listchanges. Yes. Configuring Auctex. Yes. Paper Size Configuration. A4. Ok. Configuring Calamaris. Ok Configuring Calamaris. Web. Ok Configuring Calamaris. Web. Ok Configuring Calamaris. Web. Ok Configuring Calamaris. /var/www/calamaris/daily.html. Ok Configuring Calamaris. Squid daily. Ok Configuring Calamaris. /var/www/calamaris/weekly.html. Ok Configuring Calamaris. Squid weekly. Ok Configuring Calamaris. /var/www/calamaris/monthly.html. Ok Configuring Calamaris. Squid monthly. Ok OpenLdap configuration. Auto. Ok. OpenLdap configuration. Domain or host. Ok. OpenLdap configuration. (The name you gave your computer). Ok. OpenLdap configuration. (Type a password as for ldap) Ok. OpenLdap configuration. (Confirm the password) Ok. OpenLdap configuration. No Configuring Courier-base. Ok Foomatic Printerfilter Configuration. Parse. Ok Foomatic Printerfilter Configuration. A2ps. Ok Configuring Cvs. /var/lib/cvs. Ok. Configuring Cvs. create. Ok. Configuring Cvs. No. fetchmail-common. Ok fetchmail-common. Ok fetchmail-common. Yes. fetchmail-common. No. fetchmail-common. Ok Configuring Mozilla-browser. No. Configuring Gnuplot. No. Configuring Norwegian. Bokmaal. Ok. (We have chosen bokmaal, don't think there's any difference to the installation if nynorsk is chosen.) Configuring Kdm. Ok. Configuring Kdm. Ok. Configuring Kdm. Ok. Configuring Limacute. /var/www/limacute/. Ok Configuring Limacute. o=linpro,c=no. Ok Configuring Limacute. No. Configuring Localeconf. Yes. Configuring Localeconf. Yes. Configuring Localeconf. (Don't choose anything here). Ok. Configuring Ltsp-core-i386. Ok. Configuring Mailman-limacute. my.web.server. Ok. Configuring Ntp-simple. Ok. Configuring Ntp-simple. No. Samba Server. Yes. Samba Server. (Enter)Work group. Ok Samba Server. Yes. (We want an encrypted password) Samba Server. Ok. Samba Server. Deamons. Ok. Samba Server. No. Configuring Libnss-ldap. 127.0.0.1 Ok. Configuring Libnss-ldap. dc=example,dc=net Ok. Configuring Libnss-ldap. 3 Ok. (Ldap version 3 should be used) Configuring Libnss-ldap. No. Configuring Libnss-ldap. No. Configuring Libnss-ldap. Ok. Configuring Libpam-ldap. Yes. Configuring Libpam-ldap. No. Configuring Libpam-ldap. cn=manager,dc=example,dc=net Ok. Configuring Libpam-ldap.(Type a administrator/root password) Ok. Configuring Libpam-ldap. Ok. Configuring Libpam-ldap. crypt Ok. Configuring Webmin. Ok Configuring Webmin. (Type the name of your computer, probably filled in already) Ok Configuring Xserver-common. Yes. Configuring Xserver-xfree86. Yes. Configuring Xserver-xfree86. (Choose your video card). Ok. Configuring Xserver-xfree86. Yes. Configuring Xserver-xfree86. xfree86 Ok. Configuring Xserver-xfree86. Ok. Configuring Xserver-xfree86. (Enter your keyboard model, standard pc104, possibly you are using somethin else). Ok Configuring Xserver-xfree86. (Enter) no Ok. Configuring Xserver-xfree86. Ok. Configuring Xserver-xfree86. Ok. Configuring Xserver-xfree86. (Select mouse-port. /dev/psaux is most common as PS/2 port, /dev/tts/0 for com1, and /dev/tts/1 for com2.) Ok. Configuring Xserver-xfree86. (Select type of mouse, PS/2 works normally if you use this.) Ok. Configuring Xserver-xfree86. No. (Unless you have and LCD monitor) Configuring Xserver-xfree86. Simple. Ok. (You may choose others, but at your own risk) Configuring Xserver-xfree86. (Choose your display dimensions). Ok Configuring Xserver-xfree86. (Set your desired resolution, using space) Ok. Configuring Xserver-xfree86. (Set the desired color depth.) Ok Configuring Cupsys-bsd. No. Configuring Xawtv. No. Configuring Xawtv. No. Configuring Webalizer. /var/www/webalizer Ok. Configuring Webalizer. (Add a name to the report to be generated.) Ok (Concerning dictionaries, type ) 2, [Enter] Configuring Locales. (Use the arrow keys and select nn_NO and no_NO, with space) Ok. (Question on dictionary,type) 1, [Enter] (Question about dictionary, type) 1, [Enter] (Question about dictionary, type) 1, [Enter] (Question about dictionary, type) 7, [Enter] (Run the apacheconfig script? N[Enter] (LDAP support for php4, must add extension=ldap.so). Answer Y[Enter] Configuring Limacute. No Configuring Localeconf. No Configuring Xserver-xfree86. Yes. Configuring Xserver-xfree86. Yes Do you want to erase previously downloaded .deb files? (Answer) Yes[enter] Type [Enter] Type [Enter] You must choose one of the options below. 5 is selected. No configuration Debian system Configuration. Ok If the firewall allows it, the fileserver can be used as a mailserver. To achieve this, some manual steps must be taken: Add domain name in /etc/exim/exim.conf. This results in mail that is not meant for the domain being rejected: Find the line starting with local_domains:, the full line is probably: local_domains = postoffice.intern:intern.intern:tjener.intern:localhost Add the domain you will be using, e.g. testschool.skolelinux.no. The full line will then read: local_domains = postoffice.intern:intern.intern:tjener.intern:localhost:testschool.skolelinux.no Save the file, and if the domain is properly configured, "user@testschool.skolelinux.no" will be working. So mail will now be stored on the server. The next step is for the users to get hold of it. Start Kmail from the menu. (K -> Internet -> KMail) Choose Settings -> Configure KMail Add the right E-mail address under Identity, e.g. "user@testskool.skolelinux.no" Select Network -> Add Under account type, select IMAP Enter a name for the account, (this is the how the account identifies itself in your email application, e.g. "testschool") Enter username for the account (this is the username that will be sent to the mailserver, e.g. "user") Enter the password, which is the same as the user's password for logging in. Host should be "postoffice" Click on Save the password in the configuration file Now the user should be able to receive mail. In order to send mail, no changes should be necessary, but for the time being, the user must enter the following in KMail: Settings -> Configure KMail Select Network Select SMTP, server postoffice and port 25 The fileserver must be changed to allow forwarding of mail from the internal network: Find the line staring with host_accept_relay. The full line is probably: host_accept_relay = LOCALHOST Add :*.intern, so that the line will be this: host_accept_relay = LOCALHOST:*.intern &GFDL-FILE; http://bugs.skolelinux.no/ http://bugs.skolelinux.no/queryhelp.cgi http://bugs.skolelinux.no/bugwritinghelp.html