1.1. Mailing lists Belonging to the Skolelinux/Debian-edu Project[id=maillists]

Sometimes when you are really stuck, and have no idea how to solve your problem, or maybe you don't even know how to formulate your problem, then it can be very comforting to know that there are several mailing lists out there dedicated to helping you.

There are various mailing lists out there, targeted at different types of users, and in different languages. Have a look at the web page http://developer.skolelinux.no/mailinglister.html

Have a look at Section 13.3 for help on setting up and configuring the mail client KMail.

1.2. IRC Chat Channel Skolelinux/Debian-edu[id=irc]

Eine weitere Möglichkeit Hilfe zu erhalten, stellen die IRC Chat Räume von Skolelinux/Debian-edu dar. Die Nutzer und Entwickler tummeln sich vornehmlich in den Räumen: #debian-edu, #skolelinux, #skolelinux.de auf dem Server irc.debian.org. Wobei in den beiden erstgenannten Räumen vornehmlich auf Englisch und im letztgenannten auf Deutsch kommuniziert wird.

Another place to get help is via IRC, channel: #skolelinux (IRCnet (irc.pvv.ntnu.no, irc.ifi.uio.no, irc.uib.no)). At the moment, this one is for Norwegian-speakers only.

Have a look at Section 13.5 for help on setting up and configuring the IRC-client KSirc.

1.3. Inviting a Skolelinux/Debian-edu Knowledgeable Person into Your Computer [id=sshtunnel]

As long as your Skolelinux/Debian-edu computer has network connection, it possible for someone else to remotely login to your computer with SSH and help you.

First you need to create a user. Refer to Section 12.3 for creating one. In the following, I assume that this newly-created user for this purpose has the username sshhelp. On the machine where your helping hand is logged in, you must also be able to login. Your helping hand must supply you with a username for this purpose; I will assume this username is helper. If the person that is going to help you is logged into a machine with the IP number 127.217.148.238, then you use the command

ssh 127.217.148.238 -R 2100:localhost:22 -l helper

ssh -l sshhelp -p 2100 localhost

The authenticity of host 'bla bla (bla.bla)' can't be established.
RSA key fingerprint is 32:0e:ef:60:f9:26:41:78:75:10:56:a4:29:23:0a:3e.
Are you sure you want to continue connecting (yes/no)?

Please have a look at the manual page for SSH,man ssh, or write man:ssh in the address field in the browser/file manager Konqueror, so that you understand the different options used in the commands above. If you are reading this document online with Konqueror then just click here man:ssh

1.4. Permanent Backdoor into a Skolelinux/Debian-edu Machine with an SSH Tunnel [id=backdoor]

There are places where the one in charge of the network is not you, and where this someone who is in charge of the network has blocked incoming SSH connections. If we could login to our server from anywhere, then our life as administrator would be very comfortable indeed. To overcome such showstoppers in the network, we have included in Skolelinux/Debian-edu a script, that sets up an SSH tunnel, similar to the one in Section 1.3, but with an added feature; no need for a helper on the other side, the script handles this for us. This script is located in the package debian-edu-config and once this package is installed, the script is found in /etc/init.d/open-backdoor. This script needs some information from you to run correctly:

RPORT=this is the port that you will be using on the remote machine that you use.
RHOST=this is the DNS name, or IP number to the remote machine that you use.  
RUSER=this is the username on the remote machine that you use.

RPORT=2100
RHOST=127.217.148.238
RUSER=help

When you have supplied the necessary parameters RPORT, RHOST and RUSER, you need to setup and configure the necessary SSH keys for the script, so that the script can setup the SSH tunnel automatically for you, without the intervention by a helping hand in Section 1.3. You must login as the user root on the machine where the backdoor-script is running; this can be a server, workstation or thin client server- your choice. Then you must run the command

ssh-keygen -t dsa

scp -p /root/.ssh/id_dsa.pub RUSER@RHOST:~RUSER

cat id_dsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Now, you should be able to start the backdoor script with the command /etc/init.d/open-backdoor start , and with the command

ssh -l RUSER -p RPORT localhost

Now is definitely the time to brush up your knowledge of scp, man scp or write man:scp in the address field in Konqueror.

(Man-in-the-Middle Attack)!

If you have a backdoor script running on many different Skolelinux/Debian-edu machines, then you will experience a frequent warning when trying to login to localhost @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is ba:bc:68:4c:0b:72:4b:89:d3:04:00:c3:ab:8b:b8:98. Please contact your system administrator. Add correct host key in /home/klausade/.ssh/known_hosts to get rid of this message. Offending key in /home/klausade/.ssh/known_hosts:2 RSA host key for localhost has changed and you have requested strict checking. Host key verification failed This is nothing to get scared about. It just means that you must delete (in this case line 2) the line in the file /home/klausade/.ssh/known_hosts containing localhost

1.5. More In-Depth Linux Documentation[id=linuxdoc]

There is an enormous amount of written material about every aspect concerning Linux and GNU. Online you'll find full in-depth books with +1000 pages, and shorter 1/2 DIN A4 pages. Your local bookstore should probably have at least 100 Linux relevant book titles available.

SSH(1)                  System General Commands Manual                  SSH(1)

NAME
     ssh - OpenSSH SSH client (remote login program)

SYNOPSIS
     ssh [-l login_name] hostname | user@hostname [command]

     ssh [-afgknqstvxACNPTX1246] [-b bind_address] [-c cipher_spec]
         [-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec]
         [-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R
         port:host:hostport] [-D port] hostname | user@hostname [command]

DESCRIPTION
     ssh (SSH client) is a program for logging into a remote machine and for
     executing commands on a remote machine.  It is intended to replace rlogin
     and rsh, and provide secure encrypted communications between two
     untrusted hosts over an insecure network.  X11 connections and arbitrary
     TCP/IP ports can also be forwarded over the secure channel.

     ssh connects and logs into the specified hostname.  The user must prove
     his/her identity to the remote machine using one of several methods
     depending on the protocol version used:

---

1.5.3. The Linux Documentation Project [id=tldp]

More in-depth books and guides are located in "The Linux Documentation Project"- all in English,as well as other languages.

The Linux Documentation Project

A lot of already available documentation is ready to be installed on your Skolelinux/Debian-edu machine. Have a look at what is available with apt-cache search ldp and also apt-cache search documentation|more scroll down the list with the spacebar, and install what you find interesting with the command apt-get install packagename if I wanted to install the package doc-linux-html I would issue the command apt-get install doc-linux-html look at section FIXME

---

1.5.4. Manuals for OpenOffice.org[id=OOdoc]

The Norwegian Board of Education (Læringssenteret) have published small, handy manuals, in Norwegian for the different components of OpenOffice.org, such as Writer, Impress, Calc, Draw and the HTML-editor.

These manuals can be downloaded individually, or together (211 pages), from the Board of Education's web page at OpenOffice.org user manual

This kind of OpenOffice.org material also exists in your language.

3.1. Hardware[id=coyotehardware]

A short summary of needed hardware for making Coyote Linux for Skolelinux/Debian-edu:

Should parse the contents somehow from Section 2.1, should be no need to write the same thing twice.

3.2. Placement of the firewall/router in a Skolelinux/Debian-edu Network[id=coyoteplacement]

Although I keep mentioning the necessary firewall/router and Coyote Linux in the same sentences, that doesn't mean that you must use Coyote Linux for this purpose. You can use a dedicated router from any commercial manufacturer you like, or something similar to Coyote Linux such as FloppyFirewall, Gibraltar. It's just that I personally prefer Coyote Linux. You must just remember that whatever firewall/router you use, it must be configured like A

The firewall/router has a defined role in the Skolelinux/Debian-edu network. Without it, the network will not function optimally.

Coyote Linux has two network cards, each having different roles. One network card is to be connected to the existing network, so that it gets connected to the Internet. In Coyote Linux, this network interface is called WAN, eth1, Internet. The other card, which is to be connected to your Skolelinux/Debian-edu network is called LAN, eth0, LAN network. This card is connected either directly to the Skolelinux/Debian-edu mainserver with a crossover cable (for small networks), or via a switch making a so-called 10.0.2/23-backbone network.

Don't mix up the different roles of eth0 and eth1 in Coyote Linux and Skolelinux/Debian-edu

A similar diagram with an overview of a complete Skolelinux/Debian-edu network is available in Section 4.1

FIXME, should be translated.

3.3. Creation of a Coyote Linux Floppy[id=makefloppy]

Basic Configuration of the firewall/router

• Regardless if you choose to create the Coyote Linux floppy on a Linux or Windows machine, the following configuration must be used. This also applies to any other firewall/router than Coyote Linux

  1. local network interface:

     
     IP Address: 10.0.2.1
     Netmask:    255.255.254.0
     Broadcast:  10.0.3.255
     Network:    10.0.2.0
     

  2. Install the Big Pond login software? [y/n]:n

     Press "n"

     I think this refers to some extra stuff you need if you happen to get net access from the provider Big Pond, but I'm not really sure. Anybody know?

  3. Do you want to enable the Coyote DHCP-server [y/n]: n

     Press "n"

     Since Skolelinux/Debian-edu already has a DHCP-server running, you must disable the DHCP-server on your firewall/router, and on any other machines you want to integrate into your Skolelinux/Debian-edu-network. Having two DHCP-servers on the same network usually doesn't work very well.

1. After you have downloaded the Coyote Linux source files, you need to unpack them. You must be superuser root to unpack them.

   tar zvxf coyote-2.06.tar.gz
   cd coyote
   ./makefloppysh

   If a new version of Coyote Linux exists at the time you read this, then you must replace the version 2.06 in the commands above with the version number you have downloaded.

2. When creating a Coyote Linux on a Linux machine, these are the questions asked, and the answers you should give:

   1. Coyote floppy builder script v2.9
      
      Please choose the desired capacity for the created floppy:
      
      1) 1.44MB (Safest and most reliable but may lack space needed for
                 some options)
      2) 1.68MB (Good reliability with extra space) - recommended
      3) 1.72MB (Most space but may not work on all systems or with all
                 diskettes)
      
      Enter selection:2
      

      Choose here what is recommended «1.68MB»

   2. Please select the processor type in the destination Coyote Linux system:

      Choose «2) 486dx or better (has a math co-processor)» if you use a relatively new machine (newer than 486), if you make the wrong choice here you machine will not boot.

      This question isn't present in newer versions of Coyote Linux, since the support for machines without a math co-processor has been removed

   3. Please select the type of Internet connection that your system uses.
      
      1) Standard Ethernet Connection
      2) PPP over Ethernet Connection
      3) PPP Dialup Connection
      
      Enter Selection: 
      

      Here you would normally choose option 1)

   4. Configuring system for Ethernet based Internet connection.
      By default, Coyote uses the following settings for the local network
      interface:
      
      IP Address: 192.168.0.1
      Netmask:    255.255.255.0
      Broadcast:  192.168.0.255
      Network:    192.168.0.0
      
      Would you like to change these settings? [Y/N]: y
      Enter local IP Address [192.168.0.1]: 10.0.2.1
      Enter local Netmask [255.255.255.0]: 255.255.254.0
      Enter local Broadcast [192.168.0.255]: 10.0.3.255
      Enter local network number [192.168.0.0]: 10.0.2.0
      

      These network settings for the local network must be changed, see A

   5. Does your Internet connection get its IP via DHCP? [y/n]:
      

      Answer yes(y) or no(n), according to you network configuration.

      If you do not get IP via DHCP, you need to fill in some information:

      Please enter the information for your static IP configuration
      Internet IP Address:
      Internet Subnet Mask [255.255.255.0]:
      Internet Broadcast [Enter = Default]:
      Internet Gateway Address:
      Domain Name:
      DNS Server 1:
      
      DNS Server 2 (optional):
      

   6. Enter your DHCP hostname:

      Normally you can leave this one blank

   7. Install the Big Pond login software? [y/n]:

      I think this refers to some extra stuff you need if you happen to get net access from the provider Big Pond, but I'm not really sure. Anybody know?

   8. Do you want to enable the Coyote DHCP server? [y/n]: n
      

      Here you must answer «n»!

   9. If you don't know what a DMZ is, just answer NO
      Do you want to configure a De-Militarized Zone? [Y/N]: n
      

      Here can press just «n»

   10. You now need to specify the module name and parameters for your network cards.
       
       If you are using PCI or EISA cards, leave the IO and IRQ lines blank.
       
       Enter the module name for you local network card:
       

       This is the tricky part, knowing what kind of driver modules to use for your network cards; even knowing what kind of network cards you have is sometimes difficult. Have a look at Section 3.12 for an overview of available driver modules. Remember to not use the ending .o when writing what driver module to use.

       I prefer newer cards from 3Com. Almost all of them use the driver module 3c59x.

   11. Syslog server address:
       

       This you can leave blank.

       It should be possible to use the Skolelinux/Debian-edu mainserver as Syslog server, but I haven't tried this yet. The address to use would then be 10.0.2.2

3. You must now insert a floppy in the machine. Remember to turn the write protection off. The creation of the floppy will take a few minutes.

3.4. Upgrading to Newer Versions of Coyote Linux[id=clupgrade]

This chapter should be moved to after the introductions to available commands in Coyote Linux

Coyote Linux is a product that is in active development and maintenance, just like Skolelinux/Debian-edu. That means that new versions are released quite often, with new features and security fixes. Especially because of the security fixes, you should always use the latest stable version of Coyote Linux

Since Coyote Linux runs solely from floppy, there is no system, per se, to upgrade. You must create a totally new floppy, as in Section 3.3. To make this process as easy as possible, there are some simple things to keep in mind.

1. Finding out what kind of network cards you have: If you have forgotten what kind of network cards you use and didn't write it down somewhere, then you can use the command lsmod to list all loaded driver modules that are in use. Maybe that way you'll remember which network cards you have.

   coyote# lsmod
   Module                  Size  Used by
   3c509                   7732   2
   ip_nat_quake3           1768   0 (unused)
   ip_nat_mms              2608   0 (unused)
   ip_nat_h323             2060   0 (unused)
   ip_nat_amanda            876   0 (unused)
   ip_nat_irc              1904   0 (unused)
   ip_nat_ftp              2384   0 (unused)
   ip_conntrack_quake3     1848   1
   ip_conntrack_mms        2704   1
   ip_conntrack_h323       2065   1
   ip_conntrack_egg        2280   0 (unused)
   ip_conntrack_amanda     1488   1
   ip_conntrack_irc        2672   1
   ip_conntrack_ftp        3440   1
             
   

   In this listing of loaded modules you see that the network card 3Com509 is in use, twice. For a list of supported modules, look in Section 3.12

   It would be best to write down somewhere what network cards you use in the machine.

2. What kind of port forwarding do you have?

   Information about your port forwarding rules, if you have made any, is in the file /etc/coyote/portforwards

   
   coyote# more /etc/coyote/portforwards
   port Y 10.0.2.2 tcp 2333 22 # Example - Secondary SSH
   

3.5. Coyote Linux Bootup[id=clboot]

There are two network card in your Coyote Linux, one (LAN) is connected to the Skolelinux/Debian-edu server, either directly with a crossover cable, or via a switch, the other (WAN) is your network connection. Sometimes it can be a bit difficult to determine which of your network cards is which, especially if they are both of the same brand. The procedure I use to determine which card is which, is to use a crossover cable and connect it to the network card in the Skolelinux/Debian-edu main server. First I start the Coyote Linux without any cable in the network cards, then I use the crossover cable to connect Coyote Linux with the Skolelinux/Debian-edu main server. Then I login to the main server and try to ping the Coyote Linux machine with the command ping 10.0.2.1 or alternatively try to ping the main server from Coyote Linux with the command logged in at Coyote Linux ping 10.0.2.2. When you get an answer, like 64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=1.84 ms , then you have found the network card on the Coyote Linux that is to be labelled as LAN. Then we know that the other network card is WAN. This procedure will only work as long as you have managed to configure the LAN network card properly, as indicated during boot by the line LAN network: UP It's normal that you see WAN network: down at this point, since you have booted without any cables in the network cards. Once you have determined the role of each network card, then you reboot with all the cables connected.

Boot your Coyote Linux, making sure the Coyote Linux floppy is in the floppy drive, and that the machine has been configured in BIOS to boot from floppy.

Generating DSS keys- this will take several minutes on a slow system.

If all goes well, you will see the Coyote Linux text-based login screen. You will recognise that all has gone well when you see the magic words

LAN network: UP
WAN network: UP

In this screenshot, both network cards are defect.

FIXME, replace with a screenshot where network cards work.

3.6. Coyote Linux Command Line Login[id=cllogin]

You can now login using the command line, with the username root, and empty password, which is the only user available in Coyote Linux. The first thing you must do is to set the root password for your Coyote Linux[8]

If you don't set any password on your Coyote Linux, then anybody can gain access to it by going to the address http://10.0.2.1:8180

You must set the root password, also called the system password, immediately for Coyote Linux!

coyote login: root

This what you see when login to Coyote Linux the Menu;

The first thing you must do, is change the root password. Choose 2) Change system password, do so by pressing «2» then press ENTER

You choose a password, minimum 5 characters, maximum 8 characters, which you type twice. Be aware that there is no output to the screen when you type the password, in case someone is looking over your shoulder.

Password changed.
Updating webadmin password...

Press ENTER to return to system menu.

If this is the feedback you get from Coyote Linux, then you have successfully changed the root password.

Since Coyote Linux runs from floppy, and stores everything in RAM, which is lost when you reboot Coyote Linux, you must save this new password to the floppy. Do this by choosing w) Write configuration to disk

Your new password is saved to the Coyote Linux floppy when you see this:

Backup script complete. Press ENTER to return to menu.

All changes you have made to Coyote Linux, are now saved to the floppy.

You can now reboot Coyote Linux, and you will see that the new password is in use. You can reboot Coyote Linux by pressing the ON/OFF-button on your Coyote Linux machine, or by choosing r) Reboot system from the Coyote Linux Menu.

If you have managed to get both network cards working, and Coyote Linux have a network connection, then you don't need to login using the command line anymore. In the future, you can use your web browser to login to Coyote Linux, look at Section 3.7

When choosing q) quit you will end up at the command line in Coyote Linux if you need to go back to the Coyote Linux Menu, then type menu and press ENTER.

See Section 3.9 for a list of a few useful commands you can use from the command line in Coyote Linux

3.7. Coyote Linux Web Administrator[id=clgui]

Coyote Linux has a nice and well-functioning web administrator that lets you perform almost all day-to-day operations. Point your web browser to the address http://10.0.2.1:8180

At this address you will be met by the Coyote Linux web administrator. Click on the link, and then write in the username root and the password you made, refer to Figure 3-16

All options and choices are done in the Main Menu to the left.

1. Show configuration

   Choosing this will give you the status of your network cards, the IP addresses they have, uptime of Coyote Linux, load and such.

2. LAN configuration

   Here you have the option of changing the configuration of the LAN network card, the one that goes to the Skolelinux/Debian-edu network.

   Don't change anything here! Doing so will severely reduce the performance of your Skolelinux/Debian-edu network.

   	FIXME
   	Should parse the contents of change_ip_setup in here, later.

   Leave the values as they are, refer to A.

3. Internet configuration

   Here you have the chance of changing the values of your WAN network card, the one that goes to Internet. If you get a new ISP, or go from getting your IP address assigned by DHCP to having a static IP address, then this is the place to change that kind of information with no need for creating a new Coyote Linux floppy from scratch. See 2.c

4. DHCP configuration

   This gives you the chance to configure the DHCP-server that comes with Coyote Linux.

   Do not enable the DHCP-server in Coyote Linux! See 2.h

5. Administrative Configurations

   Here you can enable/disable services such as DNS, SSH, webadmin.

6. Optional Configs

   This is where you can change things such as the NTP-server (external machine that keeps accurate time. I use the value Remote Time Server:ntp.uio.no, and Time Zone: CET to keep the clock in my Coyote Linux accurate. It should be possible to use mainserver as NTP-server.

7. Port Forwarding

   Here you can change and enable port forwarding on Coyote Linux. This is a very practical and neat feature in a Skolelinux/Debian-edu network. Since Coyote Linux stops and blocks most connections, even passing SSH, it's nice to be able to use port forwarding and that way still get past Coyote Linux with incoming SSH-connection to the Skolelinux/Debian-edu network.

   With this port forwarding rule

   
   Yes       TCP     Any     22      10.0.2.2        22      No        SSH straight into Mainserver
   

   all SSH-connections coming to Coyote Linux will be redirected to the Skolelinux/Debian-edu main server. If this is advisable in your network, you must decide.

8. Firewall Configuration

   Here you can setup and configure the firewall rules in Coyote Linux. There are plenty of ready-made rules that you can use as examples.

9. System password

   Here you can change the root password, also known as the system password in Coyote Linux, just like you did using the command line in Section 3.6.

10. Configuration file

    This is the file that contains all your configurations.

11. Backup configuration

    If you have made any changes in Coyote Linux, then you must remember to write them to floppy, by choosing this Main Menu item, otherwise your changes will be gone when you reboot Coyote Linux. There is a red warning at the bottom of the screen whenever you make changes to Coyote Linux without having them written to the floppy.

12. Reboot system

    When you need to reboot Coyote Linux, you can do so from this Main Menu item. You will have to reconfirm this option.

    
        Are you sure you want to reboot 
                      the system?
    
    
    

3.8. Login via SSH[id=clssh]

Sometimes it might be necessary to login to Coyote Linux when there is no web browser available, or if you prefer to use the command line. Then you can use ssh to connect to Coyote Linux.

If you are logged in to a machine in the Skolelinux/Debian-edu network, then you use

ssh -l root 10.0.2.1

If you are outside of the Skolelinux/Debian-edu network, you must replace the value 10.0.2.1 with the appropriate value as seen for network card WAN in i. In this case, it would be

ssh -l root 192.168.1.10

You will be met by almost the same choices as when logged into the Coyote Linux web administrator, but presented in a text-based menu.

                Coyote Linux Gateway -- Configuration Menu


  1) Edit main configuration file         2) Change system password
  3) Edit rc.local script file            4) Custom firewall rules file
  5) Edit firewall configuration          6) Edit port forward configuration

  c) Show running configuration           f) Reload firewall
  r) Reboot system                        w) Write configuration to disk

  q) quit                                 e) Exit
  ----------------------------------------------------------------------------
  Selection:

You have almost the same options as when logged into the Coyote Linux web administrator, see Section 3.7 for a brief description of the different choices.

When choosing q) quit you will end up at the command line in Coyote Linux if you need to go back to the Coyote Linux Menu, then type menu and press Enter.

If you see this when trying to login to Coyote Linux:

klaus@tjener:~$ ssh 10.0.2.1 -l root
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
34:b7:a3:9b:06:4c:e2:30:1b:0d:03:45:7b:22:b7:dd.
Please contact your system administrator.
Add correct host key in /skole/tjener/home0/klaus/.ssh/known_hosts to get rid of this message.
Offending key in /skole/tjener/home0/klaus/.ssh/known_hosts:27
RSA host key for 10.0.2.1 has changed and you have requested strict checking.
Host key verification failed.

Then it is most likely because you had previously logged into a different machine with the IP address 10.0.2.1, or you have changed a network card in Coyote Linux, or it is really a man-in-the-middle attack. The solution is to remove the offending key, in this case it's line number 27, in file /skole/tjener/home0/klaus/.ssh/known_hosts.

3.9. Useful Commands in Coyote Linux[id=clcommands]

Useful commands in Coyote Linux.

• ping

  Useful to find out if the network is working. This command will see if there is any connection to Skolelinux/Debian-edu main server

  coyote# ping -c5 10.0.2.2
  PING 10.0.2.2 (10.0.2.2): 56 data bytes
  64 bytes from 10.0.2.2: icmp_seq=0 ttl=64 time=0.9 ms
  64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=0.5 ms
  

• coyote#uptime

  This command gives you the time Coyote Linux has been running since last boot.

  coyote# uptime
    2:37pm  up 80 days,  7:55, load average: 0.00, 0.00, 0.00
  

• coyote#dmesg

  This command prints the information that the Linux kernel has found on your machine, things such as amount of RAM, CPU, network cards. If the output from dmesg is too much for the size of your screen, then you can pipe the output to the pager 'more', and use SPACE to read it all,

  dmesg|more

• coyote#ifconfig

  Shows verbose information about your network cards.

  
  coyote# ifconfig
  eth0      Link encap:Ethernet  HWaddr 00:50:DA:43:7A:E9
            inet addr:10.0.2.1  Bcast:10.0.3.255  Mask:255.255.254.0
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:27541711 errors:0 dropped:0 overruns:0 frame:0
            TX packets:34408201 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:100
            RX bytes:4029268333 (3842.6 MiB)  TX bytes:2039998168 (1945.4 MiB)
            Interrupt:14 Base address:0x8000
  
  eth1      Link encap:Ethernet  HWaddr 00:90:27:74:66:3B
            inet addr:193.116.174.121  Bcast:193.156.179.127  Mask:255.255.255.128
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:34739492 errors:0 dropped:0 overruns:0 frame:0
            TX packets:25470323 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:100
            RX bytes:2060262113 (1964.8 MiB)  TX bytes:3837976022 (3660.1 MiB)
            Interrupt:12 Base address:0x1000
  
  lo        Link encap:Local Loopback
            inet addr:127.0.0.1  Mask:255.0.0.0
            UP LOOPBACK RUNNING  MTU:16436  Metric:1
            RX packets:83 errors:0 dropped:0 overruns:0 frame:0
            TX packets:83 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:9112 (8.8 kiB)  TX bytes:9112 (8.8 kiB)
  
  

• coyote#lsmod

  This command lists loaded driver modules- useful to see which driver modules are used by the network cards.

  
  coyote# lsmod
  Module                  Size  Used by
  eepro100               17516   1
  3c59x                  24408   1
  mii                     1852   0 [eepro100]
  ip_nat_quake3           1608   0 (unused)
  ip_nat_mms              2448   0 (unused)
  ip_nat_h323             2044   0 (unused)
  ip_nat_amanda           1020   0 (unused)
  

  In this listing, you'll see that the network card driver modules Intel pro100 and 3com series 3c59x which include 3c590, 3c595, 3c900, 3c905 are loaded. See Section 3.12

• coyote#route

• coyote#traceroute

  Useful to trace the route a network packet takes; a nice way to find out where the problem really lies.

• coyote#showcfg

  Another command that gives information about the state of the network cards.

  
  Coyote running configuration display utility.
  
  Internet up (eth1): YES
  Local network up (eth0): YES
  
  ---------------Internet configuration------------
  IP Address  193.156.172.101 (DHCP Assigned)
  Netmask     255.255.255.128
  Gateway     193.116.172.1
  ---------------Local configuration---------------
  IP Address  10.0.2.1
  Netmask     255.255.254.0
  Broadcast   10.0.3.255
  ---------------Resolver configuration------------
  domain holmlia.gs.oslo.no
  nameserver 193.156.192.40
  nameserver 193.156.192.50
  -------------------------------------------------
  2:52pm up 80 days, 8:09, load average: 0.00, 0.00, 0.00
  
  

• coyote#free

  Use this command to see how much RAM you have in the machine, and how much is being used. This machine has 32MB of RAM.

  
  coyote# free
                total         used         free       shared      buffers
    Mem:        30860         6004        24856            0            0
   Swap:            0            0            0
  Total:        30860         6004        24856
  
  

• coyote#menu

  This commands starts the Coyote Linux Menu

  
                  Coyote Linux Gateway -- Configuration Menu
  
  
    1) Edit main configuration file         2) Change system password
    3) Edit rc.local script file            4) Custom firewall rules file
    5) Edit firewall configuration          6) Edit port forward configuration
  
    c) Show running configuration           f) Reload firewall
    r) Reboot system                        w) Write configuration to disk
  

3.10. Coyote Linux as an Ordinary DHCP-Server in a Non-Skolelinux/Debian-edu Network

Coyote Linux is a perfect candidate if you just need a DHCP-server for your network, regardless of what type of machines you have in your network- Linux, Windows or Mac.

The only thing you have to configure differently, is to enable the DHCP-server. See 2.h

A short summary of making a Coyote Linux DHCP-server:

Coyote Linux as an Ordinary DHCP-server

• Remember to answer Yes to the question «Do you want to enable the Coyote DHCP-server [y/n]:»

• Once you have your Coyote Linux DHCP-server running, you will probably need to use a different address to login to it, if you didn't change the default LAN configuration:

  
  Configuring system for Ethernet based Internet connection
  
  
  By default, Coyote uses the following settings for the local network
  interface:
  
  IP Address: 192.168.0.1
  Netmask:    255.255.255.0
  Broadcast:  192.168.0.255
  Network:    192.168.0.0
  
  Would you like to change these settings? [Y/N]: n
  
  

  then you'll have to use the address 192.168.0.1 instead of 10.0.2.1 when logging in to the Coyote Linux web administrator, see Section 3.7 and Section 3.8

  The new addresses are in this case:

  • ssh -l root 192.168.0.1

  • http://192.168.0.1:8180

3.11. Coyote Linux and different ISP[id=clisp]

I have not yet encountered an ISP that didn't work with Coyote Linux. Please tell me if you know of one.

This is list of ISP's that I know work well with Coyote Linux

• Nextgentel, Norway

• Tele2 ADSL Privat, Norway

• Tele2 ADSL Bedrift, Norway

• UPC Chello Classis, Norway

• Utdanningsetaten (The Department of Education) in Oslo (Not yet tested on InnsIKT-schools)

  Due to a strange network policy at the Department of Education in Oslo, you must make the following changes at your mainserver:

  In the file /etc/bind/named.conf change the following stanza:

  
          // forwarders {
          // By special request from the good people inside the Dept of Education in
          // Oslo:
          //      193.156.192.40;
          //      193.156.192.50;
          // Dept. of Education in Oslo  end of block
          //      0.0.0.0;
          // };
  
  

  change it to

  
             forwarders {
          // By special request from the good people inside the Dept of Education in
          // Oslo:
                  193.156.192.40;
                  193.156.192.50;
          // Dept. of Education in Oslo end of block
          //      0.0.0.0;
             };
  
  

  That means removing the comment-slashes in front of forwarders.

  If you don't do this, you will not be able to connect to the Internet due to DNS problems, and some BSD-network guy at the Department of Education will bite your head off.

  After you have made this change in /etc/bind/named.conf, you must restart bind, with

  /etc/init.d/bind9 restart

  [9]

• Telenor ADSL, Norway

• Høgskolen i Oslo (Oslo College)

  You must make the same bind changes as with the Department of Education Oslo,/etc/bind/named.conf

3.12. Supported network card and Driver Modules Used[id=clmodules]

tjener:/home/klaus/coyote/data/kernel/drivers# ls
3c501.o     ewrk3.o                ne.o
3c503.o     fealnx.o               ni5010.o
3c505.o     hp100.o                ni52.o
3c507.o     hp.o                   ni65.o
3c509.o     hp-plus.o              pcnet32.o
3c515.o     ip_conntrack_amanda.o  ppp_async.o
3c59x.o     ip_conntrack_egg.o     ppp_deflate.o
8139cp.o    ip_conntrack_ftp.o     ppp_generic.o
8139too.o   ip_conntrack_h323.o    pppoe.o
82596.o     ip_conntrack_irc.o     pppox.o
8390.o      ip_conntrack_mms.o     ppp_synctty.o
ac3200.o    ip_conntrack_quake3.o  sch_htb.o
amd8111e.o  ip_conntrack_rtsp.o    sch_ingress.o
at1700.o    ip_conntrack_talk.o    sch_sfq.o
b44.o       ip_conntrack_tftp.o    sis900.o
bsd_comp.o  ip_nat_amanda.o        slhc.o
cls_fw.o    ip_nat_cuseeme.o       smc9194.o
cls_u32.o   ip_nat_ftp.o           smc-ultra.o
cs89x0.o    ip_nat_h323.o          softdog.o
de4x5.o     ip_nat_irc.o           starfire.o
depca.o     ip_nat_mms.o           sundance.o
dgrs.o      ip_nat_quake3.o        tlan.o
dmfe.o      ip_nat_rtsp.o          tulip.o
e100.o      ip_nat_talk.o          typhoon.o
e2100.o     ip_nat_tftp.o          via-rhine.o
eepro100.o  lance.o                wd.o
eepro.o     lp486e.o               winbond-840.o
eexpress.o  mii.o                  zlib_deflate.o
epic100.o   natsemi.o              zlib_inflate.o
eth16i.o    ne2k-pci.o

---

3.12.2. The Special Case of 3Com 509 ISA network card

This is a very popular network card. My Coyote Linux has two of them, both produced in 1989, and running continuously for about 3 years in my Coyote Linux. Once you have managed to get them running, they will probably run for a long time. It's just a bit difficult sometimes to get them running.

They are ISA type, which means their IO, IRQ and such must be configured by hand, not automatically, which can be quite a challenge, especially if you use two of them in a machine.

The IO and IRQ on these cards must be configured with a old DOS-configuration program, which can be a bit hard to find these days.

This DOS-configuration program is called 3c5x9cfg.exe, and you use it like this;

1. Boot the machine into DOS, either MS-DOS or Freedos, or any other DOS variant. Using a W95 or W98 boot floppy is one way of doing it.

2. Once the machine is in DOS, insert the floppy with the program 3c5x9cfg.exe, and run it by typing 3c5x9cfg.exe using the DOS command line.

3. Once 3c5x9cfg.exe is started, then with each of your 3c509 network card, configure them with the option 'auto'

There have been reports of problems with two 3c509's in the same machine when one of the cards is a combo type, which is a type of card that has several different types of network connectors.

It's possible to find 3c5x9cfg.exe here: Ruprecht-Karls-Universität Heidelberg

3.13. Further Information about Coyote Linux[id=clinfo]

• Coyote Linux homepage

• Coyote Linux userforum, high activity

• Coyote Linux, FAQ, choose 2.x - General

• Another FAQ by Todd VerBeek

4.1. Network Architecture[id=architecture]

This section should be it's own chapter, with plenty of diagrams. The intro by pere should be used in the preface.

This is based on http://developer.skolelinux.no/arkitektur/arkitektur.html

4.2. Preparing the Machine to Boot from CD-ROM[id=bios]

Maybe your machine is already configured to boot from the CD-ROM. Start your machine with the Skolelinux/Debian-edu CD in the CD-ROM.

If you then see something similar to the screenshot in Figure 5-1, then you can skip straight to Section 5.2; otherwise, keep on reading.

If your machine has the BIOS option to boot from CD-ROM, then setting the CD-ROM as the first boot option in the BIOS may help. Later when the first stage of installation is over, you should change it back, so that the machine will boot from the hard drive.

Normally, when you turn the computer on, you will see how to enter the BIOS setup. It's usually one of the keys F1, INS, F10 or maybe DEL. Refer to your manual, or the supplier of the computer, if you aren't able to get the machine to boot from the CD-ROM.

Another option, when the machine will not boot directly from CD-ROM, or you can't gain access to the BIOS, is to use SBM(Smart Boot Manager). This is a floppy that you boot from, which makes it possible to choose to boot from the CD-ROM. SBM is included on the Skolelinux/Debian-edu CD. Have a look in the directory install on the CD. There you will find a file called sbm.bin. Transfer this file to a floppy using the utility rawrite. In Windows, you'll find rawrite in the directory install as well. Have a look at the file awrite2.txt for further info about rawrite

Do not try to simply copy sbm.bin to a floppy. That will not work. You have to use the utility rawrite

For further information about what SBM is, you should read the file README.sbm, you'll find that file in the directory install as well

If you have a running Linux system, then you mount your CD, and transfer sbm.bin with the command

dd if=/cdrom/install/sbm.bin of=/dev/fd0

4.3. A Short Description of the Profiles in Skolelinux/Debian-edu[id=profiles]

The profile description you see during installation, like in Figure 5-4 comes from the file src/debian-edu-install/debian/debian-edu-install.templates at alioth.debian.org

A Short Summary of the Different Profiles in Skolelinux/Debian-edu, and How They can be Combined

1. Main server

   All Skolelinux/Debian-edu networks must have one, and only one machine with this profile installed. You can combine this with workstation or thin client server if you like.

   Every Skolelinux network needs one, and only one machine running the 'Main Server' profile. This machine provides the (network)services (mainly file/network and LDAP), so without this machine the network does not work. Since this machine will hold all data files it will need a lot of hard disk space. Installing this option solely results in a machine without a Graphical User Interface(=GUI). If you want a GUI you'll need to include the workstation profile or thinclientserver [11]

2. Workstation

   Machines running the 'Workstation' profile are normal machines. Users logging on to a workstation are authenticated by the machine running the mainsserver profile, and have their documents and personal settings stored in home directories on the machine running the mainserver profile.

   If you want access to peripherals such as CD/DVD-players/burners, digital cameras, scanners, then this is the profile you want to install.

3. Thin client server

   Machines running the thin client server profile are able to accept thin client connections. This profile also includes the workstation profile. To prevent network congestion machines running this profile need to have two network cards. All three profiles named so far, main server, workstation and thin client server, can be installed on the same machine.

   This profile also includes the profile workstation

4. Main server + thin client server(including workstation)

   This combination of profiles, also called a combi-profile, makes it possible to setup a complete Skolelinux/Debian-edu network with Workstations and thinclients using only one server. This is an acceptable solution if you only intend to run a small Skolelinux/Debian-edu network, maybe about 10-15 thin clients and a few workstations. For bigger installations this is definitely not advisable.

5. Main server + workstation

   This combination of profiles mainly gives you a main server with a GUI. If you don't like the idea of administering your main server from the command line, then this is the combination you should choose.

6. These two profiles, 'standalone' and 'standalone-extras', are not a part of the Skolelinux/Debian-edu network. For this reason, I will not yet deal with these profiles in this document.

   Standalone and standalone-extras

   The two profiles 'standalone' and 'standalone-extras' cannot be installed on the same machine together with any of the profiles main server, workstation and thin client server

   The 'standalone' profile is experimental and not yet functioning. Machines running the 'standalone' profile are meant to be run outside the Skolelinux/Debian-edu network (e.g. in the homes of pupils and teachers) as a standalone machine.

   The 'standalone-extras' profile is complementary to the 'standalone' profile, providing extra programs for it.

5.1. Where to get the Skolelinux/Debian-edu CD-ROM[id=getcdrom]

There are basically two ways of getting the Skolelinux/Debian-edu CD-ROM. Either you download it yourself, or you get someone else to do it for you.

5.2. First Stage[id=firststage]

The installation of Skolelinux/Debian-edu is divided into two stages, referred to as firststage and secondstage. The first stage starts when the machine boots from the Skolelinux/Debian-edu CD, and ends with the first reboot. The second stage starts when the machine boots from GRUB, and ends when the installation is finished and the machine reboots for all services to properly restart. It's during the second stage that you type the root password.

firststage usually takes about 10 minutes on a relatively fast machine, while secondstage takes a bit more, about 15-45 minutes.

The Different Steps in the First Stage of Installation

1. Power up your machine, making sure it is able to boot from the CD-ROM. See Section 4.2.

   If your machine is able to boot from the CD-ROM, then you will be met by this picture:

There's not that much to do here, other than pressing ENTER[13]

"Expert" Installation[id=expert] It's possible to choose a less automatic installation, by booting with the option Press F1 for help, or Enter to boot:linux DEBCONF_PRIORITY=medium From Skolelinux/Debian-edu version RC3 it should be possible to just type Press F1 for help, or Enter to boot: expert instead. Note that the keyboard layout at this stage is set to US, which means that the keys might be placed differently than what you are used to. The equal sign (=) key is 2 keys to the left of the BACKSPACE, and the plus sign (+) key is SHIFT plus the equal key. The minus key (-) is placed 3 keys to the left of BACKSPACE. The underscore key (_) is SHIFT plus the minus key. FIXME, I really need a US-keyboard layout.

Here you must choose the language you want to use during installation. This language will be the pre-selected language for the all users. This doesn't exclude the use of any of the other available and supported languages in Skolelinux/Debian-edu. If you later want to change the default pre-selected language, have a look at the files /etc/environment, /etc/kde2/system.kdeglobals and /etc/X11/XF86Config-4, and the command update-locale-config. The command man update-locale-config will give you more information about this command, and supported languages.[14]

Notice to the right in this screenshot the #-sign. This indicates that there is more text available, but that it's not possible to display all of it in one screen. Use the Arrow UP/DOWN or PageDown and PageUp keys to scroll through the whole text.

At this point in the installation, it's possible to jump to a Virtual Terminal(VT) with the key combination ALT+Arrow LEFT/RIGHT or ALT+F1,F2,F3,F4. On F2 you have a VT where you can edit files during installation.

The necessary udeb-packages will be installed.[15] A progress bar will keep you informed about the progress.

Have a look at Section 4.3 for a short description of the various profiles.

Have a look at the sidebar Keyboard Layout for a brief explanation of the different keyboard keys used during installation.

You choose the profiles you want to install by placing a mark in front of the desired profile by using the SPACEBAR to place the mark. To navigate between the different fields, you use TAB, and when you are done, move to OK and install by pressing ENTER.

If your hard drive is not recognised, then you may need to manually load the driver module for your hard drive, SCSI-controller or your RAID-controller; do this in VT#2

After you have chosen which profile to install, the necessary packages are installed. Hopefully, you have only chosen hardware that works out-of-the-box with Skolelinux/Debian-edu.

Everything you have on your hard drives will be deleted when installing Skolelinux/Debian-edu- don't try to avoid it. Skolelinux/Debian-edu will not easily co-exist together with any other operative system.[16]

To continue with the installation, you must choose Yes.

The final packages (the Linux kernel and the bootloader GRUB)will now be installed. You now have a working minimalistic Debian system installed.

Make sure that the CD is not in the CD-ROM when you restart the machine. If you forget to remove it, the installation will start all over again.

The first stage of Skolelinux/Debian-edu installation is now finished.

In future versions of Skolelinux/Debian-edu the installation will end by making a copy on a diskette of the relevant log files made during installation, if you have a floppy drive, and if you have a diskette available. If something goes wrong during installation, you can then easily forward these log files to Skolelinux/Debian-edu-knowledgeable people. See Chapter 1. The floppy must be DOS-formated.

6.1. Second Stage

The installation of Skolelinux/Debian-edu is divided into two stages, referred to as firststage and secondstage. The first stage starts when the machine boots from the Skolelinux/Debian-edu CD, and ends at the first reboot. The second stage starts when the machine boots from GRUB, and ends when the installation is finished and the machine reboots for all services to properly restart. It's in the second stage that you type the root password.

firststage usually takess about 10 minutes on a relatively fast machine, while secondstage takess a bit more time, about 15-45 minutes.

The second stage of the Skolelinux/Debian-edu installation starts now.

Notice the countdown in the last line in this screenshot. GRUB is configured to automatically boot Skolelinux/Debian-edu after 5 seconds (in this concrete screenshot the counter has reached 4 seconds). The countdown can be stopped by pressing one of the Arrow keys. The arrow keys are also used to choose which of the available Linux kernels you want to boot. The automatic boot is very handy for booting the system unattended.

In the GRUB configuration file, /boot/grub/menu.lst you can choose to change the default value for the countdown, the appearance of the GRUB menu, the name of the different kernels to boot, set a password, etc.

In this screenshot you have two boot choices.

Debian GNU/Linux, kernel 2.4.22-1-386 
Debian GNU/Linux, kernel 2.4.22-1-386 (recovery mode)

Usually you would just boot the default kernel without making any active choices, that is the line that does not contain (recovery mode). The line containing (recovery mode) is used when you need to either do some repair or maintenance on the system, like when you need to resize the lv-partition /usr. When booting with the option (recovery mode) only a few basic services is started, no GUI. Booting with (recovery mode) is the same as Runlevel 1, which also can be reached from the command line by typing init 1 See man init.

	Password Protecting your BIOS
	Remember to also put a password on your BIOS, so that it's not possible to change the boot order and boot from floppy, CD-ROM, or only from the hard drive.

Is your Server Placed in a Public Place?

If you have placed your server, against all sane advice, in a room with public access where everybody has physical access to the machine, then I advise you to immediately set a password on GRUB. grub-md5-crypt tjener:~#grub-md5-crypt Password: Retype password: $1$xZBDT0$8uoCO9XQGpBeXKnhUoU5A This encrypted password is now ready for use in /bot/grub/menu.lst To set a password on GRUB, you open the file /boot/grub/menu.lst with your favourite editor, and add the options password and lock in appropriate places, like: password --md5 $1$xZBDT0$8uoCO9XQGpBeXKnhUoU5A title Debian GNU/Linux, kernel 2.4.26-1-386 root (hd0,0) kernel /boot/vmlinuz-2.4.26-1-386 root=/dev/hda1 ro initrd /boot/initrd.img-2.4.26-1-386 savedefault boot title Debian GNU/Linux, kernel 2.4.26-1-386 (recovery mode) lock root (hd0,0) kernel /boot/vmlinuz-2.4.26-1-386 root=/dev/hda1 ro single initrd /boot/initrd.img-2.4.26-1-386 savedefault boot In this example, it's not possible to boot any other kernel than the normal kernel. Starting the GRUB command line is also not possible, without first providing the password, of course not in encrypted form. Remember to put appropriate access rights on the file /boot/grub/menu.lst so that ordinary users can't read it. chmod 600 /boot/grub/menu.lst

While booting Skolelinux/Debian-edu you will see a lot of seemingly cryptic messages scrolling by on your screen. These are useful messages from the Linux kernel.[18]

	More or Less
	When you want to view the contents of text files, such as system configuration files, then the programs more and less, so-called pagers are useful. Have a look at Section 8.3, or just man more man less

Remember to insert the CD.

The password you are about to create, is the famous root password. With this password you will be able to do anything. Please read carefully the information provided on-screen.

This text is from skolelinux/src/rebuilds/shadow/debian/po Before proceeding, you need to set a password for 'root', the system administrative account. The root password shouldn't be easy to guess, and it shouldn't be a word found in the dictionary, or a word that could be easily associated with you, like your middle name. A good password will contain a mixture of letters, numbers and punctuation and will be changed at regular intervals. The root password is changed by running the 'passwd' program as root. Why such caution? The root account doesn't have the restrictions that normal user accounts have. A malicious or unqualified user with root access can have disastrous results. Note that you will not be able to see the password as you type it. Please enter the same root password again to verify you have typed it correctly.

Note that you will not be able to see the password as you type it. You must type it twice, the same way both times. If you do it wrong, you get another chance.

After you have created the root password, the installation of packages in the second stage starts. Remember to insert the CD in the CD-ROM drive- you will be prompted to do so if you have forgotten. The rest of the installation takes about 15-45 minutes, depending on how fast your machine is.

You may now leave the machine, and take a well-deserved break. Have a refreshing drink. The installation will be completed without any further input from you.

Here you login with

Username: root
Password:

You can use TAB to move between the fields Username and Password, and then press ENTER to login, instead of using the mouse.

---

6.1.1. Something Went Wrong...

Sometimes something goes wrong during installation. The most frequent error is the failure to automatically configure the video card when you have chosen to install a machine that includes one of the profiles workstation or ltspserver

Everything that happens during installation is logged in the file /var/log/installer.log. There is also plenty of useful information logged in the files in /var/log/debian-installer. When you need help with a problem that has occurred during installation, these files are very handy to have ready for diagnosing the problem. Always include instaler.log in your bug reports. See Chapter 1 to get help.

See the section Something went wrong... for other common failures that occur during installation.

---

6.1.2. Turning off, or Rebooting the Machine

If your video card was correctly, automatically configured, and you have a nice, blue KDM login screen, then you can reboot and shutdown your machine by choosing TURN OFF. Then you can choose to either reboot or turn off your machine.

Luckily, this is not an option in the KDM for thin clients, otherwise anybody could reboot/shutdown the server.

If you have a machine installed only with the profile mainserver, then you have to login to reboot/shutdown the machine, as in Figure 6-7, then you login as user root. Then you can shutdown your machine with either of the commands halt,init 0, shutdown and reboot with reboot or init 6

If your machine stops with the message "Power Down" on the screen when you want to turn it off, you can try to see if loading the module apm helps. Be warned that not all servers like the module apm, especially machines with several processors. Run the command modprobe apm; if the machine doesn't complain, and the machine turns itself completely off, then you can permanently add the module by running the program modconf from the command line

modconf

Then enter the line kernel/arch/i386/kernel and there choose apm. Now it should turn itself off completely.

Just remember that not all machines like apm. Why do you want to turn off your server anyway?

7.1. The Video Card Doesn't Function.

If you see a black screen with white text, like this:

and not something like in Figure 6-8, despite having installed one of the profiles workstation or ltspserver, then something went wrong with the configuration of your video card. It might help trying to manually reconfigure the video card with the command

dpkg-reconfigure xserver-xfree86

You can at any time abort this reconfiguration by pressing CTRL-C

This recipe should be sufficient to get your video card working, not perfectly working, just working.

A quick way of determining whether or not your video card is supported under Linux, is to try one of the live CDs with excellent hardware support, such as Snøfrix or Knoppix. Have a look at Section I.1

• Manage XFree86 4.x server configuration file with debconf? Answer:Yes

• Select the desired X server driver. This is most often the most difficult to answer, maybe the output from lspci can help you. Once you have found your video driver, navigate by using the TAB key on the keyboard down to OK and press ENTER

• Enter an identifier for your video card. Answer: what you like. Sometimes there is already something written there.

• Please enter the video card's bus identifier. Answer: leave it blank, that is normally just fine.

• Enter the amount of memory (in KB) to be used by your video card. Answer: Leave it blank, that is normally just fine.

• Please select the XKB rule set to use. Answer: xfree86. This is normally already there.

• Please select your keyboard model. Answer: pc104 or pc105 should be fine; there is a screen with more instructions about keyboard models.

• Please select your keyboard layout. Answer: us for US, no for Norway, de for Germany, and so on.

• Please select your keyboard variant. Answer: you could leave this blank.

• Please select your keyboard options. Answer: You could leave this blank.

• Please choose your mouse port: Answer: /dev/misc/psaux is a good choice.

• Please choose the entry that best describes your mouse. Answer: PS/2 is a safe choice.

• Emulate 3-button mouse? Answer: Yes

• Enable scroll events from mouse wheel? Answer: Yes or no, depending.

• Enter an identifier for your monitor. Answer: You can write whatever you like here.

• Is your monitor an LCD device? Answer: Only you know the answer.

• Please choose a method for selecting your monitor characteristics. Answer: Simple

• Please choose your approximate monitor size. Answer: Choose the right size for your monitor.

• Select the video modes you would like the X server to use. Answer: Use the SPACEBAR to place a star in front of each of the video modes you want. The video mode 1024x768 is normally a good choice for the highest value of video modes.

• Please select your desired default color depth in bits. Answer: 16 is a safe choice

• Select the XFree86 server modules that should be loaded by default. Answer: just answer OK to the default.

• Write default Files section to configuration file? Answer: Yes

• Write default DRI section to configuration file? Answer: Yes

Once you are done with dpkg-reconfigure, you should see something like

Wrote X server configuration to /etc/X11/XF86Config-4.

It might help to know something about what type of video card you have in your computer, the command lspci is helpful:

tjener:~# lspci
00:00.0 Host bridge: Intel Corp. 82440MX I/O Controller (rev 01)
00:00.1 Multimedia audio controller: Intel Corp. 82440MX AC'97 Audio Controller
00:02.0 VGA compatible controller: Silicon Motion, Inc. SM710 LynxEM (rev a3)
00:07.0 ISA bridge: Intel Corp. 82440MX PCI to ISA Bridge (rev 01)
00:07.1 IDE interface: Intel Corp. 82440MX EIDE Controller
00:07.2 USB Controller: Intel Corp. 82440MX USB Universal Host Controller
00:07.3 Bridge: Intel Corp. 82440MX Power Management Controller
00:0a.0 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev 80)
00:0a.1 CardBus bridge: Ricoh Co Ltd RL5c476 II (rev 80)

If you still experience problems with your video card, then have a look at Section 2.6. Perhaps you should consider installing a backported version of XFree86 4.3; not sure where that is available.

If you just need to change the depth and resolution, then you can open the file /etc/X11/XF86Config-4 with a editor from the command line like

kdesu kwrite

DefaultDepth     16

SubSection "Display"
                Depth     16
                Modes    "1024x768" "800x600" "640x480"

8.1. The Famous Command Line[id=cli]

As with most other common operating systems, almost all of your day-to-day tasks can be carried out with the mouse by click-and-point. In addition to that, you can use the famous command line to do them as well. Why would you want to use the command line? Well, it's faster and you have more control over what is going on behind the buttons, so it's an alternative.

8.2. How to Edit System Configuration Files[id=kedit]

It's often nice to be able to edit system configuration files, like with grub or autopartit or bothersome videocard. For this purpose you need a tool, a text editor. We do not use things such as bold, underlining or fancy fonts in these files, so for this purpose we don't need a huge fancy application. There are already several such applications installed with your Skolelinux/Debian-edu system. Some of these are command line based, (vi, vim), while others have a graphical interface, like KEdit and emacs

Everybody should learn how to use the command line based editor vi/vim sooner or later, preferably sooner.

For starters, try using KEdit, you'll find it in K-menu->Text editors->Text editor

You should also try vi, vim. You find vim in K-menu->Text editors->Debian->Vim. Just follow the on-screen instructions.

Be warned- vi, vim are rather difficult to use in the beginning, but they're worth the effort in the long run.

kdesu kwrite

8.3. More or Less[id=moreless]

Sometimes when you issue a command, such as dpkg -l or try to view a file in a Virtual Terminal or in a shell, the output is too much for one screen display. To make it easier to read, you can "pipe" it through one of the applications more or less, like this

dpkg -l|more

The pipe is a key ( | ) on the keyboard that has two vertical lines one above the other. It often looks like a one full vertical line. On the US qwerty keyboard this symbol is usually found on the same key as the backslash (\) key (to the left of the ENTER key). On the Norwegian keyboard it's usually found on the key below F1

8.4. Installing a Kernel with Support for up to 4GB RAM and Multi-Processors[id=smp]

Due to the limited amount of space available on one CD, there is only one Linux kernel available on the Skolelinux/Debian-edu CD. So, the chosen Linux kernel is based on the lowest common denominator, which means that it should work on most kinds of hardware.

You can find out what kind of kernel you are running at the moment with the command uname -a, use this command later to verify that you have changed to a different kernel, if you choose to do so.

If you want a kernel for the newer servers with plenty of RAM and multi-processors, you must download and install it afterward, which thanks to the genius package system of Debian, is very easy to do.

Have a look at Section 8.9 for a more detailed description of apt-get and dpkg.

The keyword to look for when you want a Linux kernel with support for more RAM than LOWMEM=940M and more than one CPU, is SMP, aka Symmetric Multi-Processors. This command issued from a shell, will list available Linux kernels, ready for installation:

apt-cache search kernel-image|grep smp

kernel-image-2.4.18-1-686-smp - Linux kernel image 2.4.18 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.4.16-686-smp - Linux kernel image 2.4.16 on PPro/Celeron/PII/PIII SMP.
kernel-image-2.4.18-686-smp - Linux kernel image 2.4.18 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.4-686-smp - Linux kernel image for version 2.4 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.4-k7-smp - Linux kernel image for version 2.4 on AMD K7 SMP.
kernel-image-2.4.26-1-686-smp - Linux kernel image for version 2.4.26 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.4.26-1-k7-smp - Linux kernel image for version 2.4.26 on AMD K7 SMP.

kernel-image-2.4.26-1-686-smp - Linux kernel image for version 2.4.24 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.4.26-1-k7-smp - Linux kernel image for version 2.4.24 on AMD K7 SMP.

Once you know which kernel is the correct one for your machine, you can install it with the command

apt-get install kernel-image-2.4.26-1<your cpu>

Some prefer to first download the kernel, and then install it manually with dpkg. See Section 8.9.9. apt-get install kernel-image-2.4.26-1<your cpu>-smp --download-only dpkg -i /var/cache/apt/archives/kernel-image-2.4.26-1<your cpu>-smp

When you install the new kernel, you may see something like this:

Sætter kernel-image-2.4.26-1-k7 (2.4.24-3) op...

 You are attempting to install a kernel version that is the same as
 the version you are currently running (version 2.4.26-1-k7). The modules
 list is quite likely to have been changed, and the modules dependency
 file /lib/modules/2.4.26-1-k7/modules.dep needs to be re-built. It can
 not be built correctly right now, since the module list for the
 running kernel are likely to be different from the kernel installed.
 I am creating a new modules.dep file, but that may not be
 correct. It shall be regenerated correctly at next reboot.

 I repeat: you have to reboot in order for the modules file to be
 created correctly. Until you reboot, it may be impossible to load
 some modules. Reboot as soon as this installation is finished (Do not
 reboot right now, since you may not be able to boot back up until
 installation is over, but boot immediately after). I cannot stress
 that too much. You need to reboot soon.

Please hit Return to continue.
        

You Need to Reboot. In order for the newly-installed kernel to be taken into use, you must reboot. This is the only time you ever need to reboot your Skolelinux/Debian-edu machine, while installing other programs. There is no need for a reboot, except when installing a new kernel.

After you have installed a SMP-enabled kernel, and have rebooted your machine, you can use these commands to see if the newly-installed kernel sees all of your processors and RAM;

free
cat /proc/cpuinfo

8.5. Changing the Size of the LVM-Partitions[id=lvmresize]

You should definitely supplement this short introduction to lvm with the full in-depth documentation on LVM which is available from The Linux Documentation Project under the link LVM-HOWTO

At the moment, there are 7 partitions[19] of the lvm type in Skolelinux/Debian-edu. They are grouped in two different vg's, vg_system and vg_data:

1. /usr, see Section 8.5.1

2. /skole/tjener/home0, see Section 8.5.2

3. /skole/backup, see Section 8.5.3

4. /var, see Section 8.5.4

5. /var/opt/ltsp/swapfiles, see Section 8.5.5

6. swap

7. /var/spool/squid, see Section 8.5.7

NFS.....

---

8.5.5. Resizing /var/opt/ltsp/swapfiles[id=lvm-swapfiles]

This lv belongs to vg_system. It's only present in the profile thinclientserver

This partition contains the swapfiles for the thinclients. The size of each of these swapfiles is 32MB.[22][23]

This partition is resized similarly to /skole/tjener/home0.

A reasonable size for this partition would be 32MB times the number of thin clients you plan to have. If you try to boot more thin clients with swapfiles than you have space for in /var/opt/ltsp/swapfiles, then the thin client will not boot.

These swapfiles will be placed in /var/opt/ltsp/swapfiles, with the file names ltsp010.swap, ltsp011.swap,ltsp012.swap. If you delete these swapfiles, they will be created again next time the thin client boots.

If you want to increase /var/opt/ltsp/swapfiles with 600MB, the command would be

e2fsadm -L +600M /dev/vg_system/lv_ltsp_swap

Unless you first umount the partition /var before trying to change this partition, you will not succeed. You will then only get the message device is busy . If you see this, make sure you have first umounted /var

umount: /var/spool/squid: device is busy

# cache_dir ufs /var/spool/squid 100 16 256

---

8.5.8. Adding a New Volume(lv)[id=newlv]

For things such as video and picture, as well as users that need extra file space, you might need to create a new volume. Let's pretend you need a volume for our video footage. Let us name it video, and place it in vg_data as /dev/vg_data/lv_video, and mount it at /skole/video

First you need to find out how much space you have available in vg_data

vgdisplay /dev/vg_data

or maybe there is more space in vg_system

vgdisplay /dev/vg_system

Another option that displays the same kind of information is

pvscan

You must create the mount point /skole/video

mkdir /skole/video

Then you create the new volume

lvcreate -L 2G -n lv_video vg_data

In this example, the size is 2GB. Have a look at lvm-home0 to find out how to resize this. Then you need to make a file system

mke2fs -j /dev/vg_data/lv_video

Then add this new partition, using your favourite texteditor, to /etc/fstab, otherwise this new partition won't be mounted automatically at boot. In our example you add this line at the end of /etc/fstab

/dev/vg_data/lv_video  /skole/video          ext3    defaults                0       2

Now you test your new partition by mounting it manually with mount /skole/video. Have a look at the size with

df -h /skole/video

---

8.5.8.1. Adding the New Volume to autofs[id=newlvmautofs]

This has not yet been tested with the new LDAP schemas that comes with Skolelinux/Debian-edu 1.0.

Skolelinux/Debian-edu uses autofs to export partitions to machines that might need them, workstation and thinclientserver needs to be able to mount the users home directories. So, if you have made another home partition, for example /skole/tjener/home1 and /skole/tjener/home2 then you must make sure that they are also exported along with /skole/tjener/home0 via auofs to the needed machines. The necessary information lies in the LDAP-database, so we must add this new information the LDAP-database. This is most easily done by adding this new information to a file, and then adding the contents of this file to our LDAP-database. Let's call this file /root/video.ldif, with these contents:

dn: cn=video,ou=tjener,ou=skole,ou=Automount,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: automount
cn: video
automountInformation: -rw,rsize=8192,wsize=8192,intr tjener:/skole/video
description: /skole/video mount point

This is the info that you want to add, like this:

/etc/init.d/slapd stop
/etc/init.d/nscd stop
slapadd -l /root/video.ldif
/etc/init.d/slapd start
/etc/init.d/nscd start

In addition, this partition must be added to the export file by adding the following line to the file /etc/exports

        /skole/video @allhosts(rw) 10.0.2.0/255.255.254.0(rw)[24]
            

After that you must run exportfs -ra

8.6. Editing Host Netgroups

A "host netgroup" (hence "netgroup") can be compared to a guest list when you are inviting people to a party. You have made the guest list to avoid unwanted guests, for instance crooks. In a computer network, the guests are a bit different. They are "Internet hosts", e.g. printers, thin client servers or workstations. If these hosts are on the guest list, they are welcome to do their task on the network. If they are not, they are automatically kept out by the doorkeeper.

A netgroup thus keeps track of the guests, or "hosts" in "Internet lingo". It can also keep track of other netgroups, and this simplifies administration of, for example, access to the Internet or to a file server. It is much easier to administer groups of hosts than specifying every single host everywhere.

You have to use netgroups correctly to avoid extra administration. For example, it is useless to have a netgroup named "workstation-hosts" with 250 different hosts in it. It is better to use subgroups. The workstations could be grouped into "computerlab01-hosts", "computerlab02-hosts" and "teachers-hosts", and these could be subgroups to another netgroup named "workstation-hosts".

In the future, Skolelinux will probably use netgroups for various other tasks. Today they are used to prevent access of unwanted guests to the file server.

---

8.6.1. The Netgroup Module

To edit netgroups, you have to use Webmin. The module is named "Edit host netgroups" and is found under the "System"-tab.

Figure 8-1. Overview of Netgroups

On a newly-installed Skolelinux server, the following netgroups are added:

ltsp-server-hosts

All of the thin client servers in the network

printer-hosts

All of the printers in the network

server-hosts

All of the servers in the network. This is primarily "tjener", but if you move, for example, the backup service to another host, add that host here.

workstation-hosts

All of the groups containing workstations, or all of the workstations in a small network

all-hosts

This group contains no individual hosts, but all of the other netgroups.

	Naming Conventions
	Note that all of the netgroup names end with "-hosts". This is to make it easier to distinguish netgroups from other groups whenever necessary. We suggest you use the same naming convention.

8.7. Thin Client Setup

Each thin client has a wide range of options that can be changed on an individual thin client basis.

• Video card

• PXE-network card or regular network card

• Will it act as a print server?

• Serial, PS/2 , USB or scrollmouse?

• Do you want to enable the floppy drive, or use USB pendrives?

All these options are specified in the file /opt/ltsp/i386/etc/lts.conf, but you need to assign each thin client a static IP address. You do this by adding the MAC address of the network card in your thin client, all done in the file /etc/dhcp3/dhcpd-skolelinux.conf[25]There is also a Webmin module for this operation, https://tjener.intern:10000/dhcpd3/index.cgi

---

8.7.1. Assigning a Machine a Static IP address

After you have made any changes to /etc/dhcp3/dhcpd-skolelinux.conf, either by editing the file directly, or via Webmin, you need to restart the DHCP3-server for the changes to take affect. This is either done from the command line with /etc/init.d/dhcp3-server restart or in Webmin by pressing the button labeled 'Apply Changes'.

All servers in Skolelinux/Debian-edu, mainserver and thinclientserver, run DHCP-servers. This means that any machine, workstation, thinclient and other machines (laptops, Windows, Mac machines) will get a dynamic IP address, that is, the IP address given to the individual machine is likely to be different every time that machine connects.

In order to make your life easier, you should make these machines have a static IP address. Add their MAC addresses to the right group in the DHCP-setup.

---

8.7.1.1. Thin Clients

host ltsp010 {
        hardware ethernet     00:00:00:00:00:00;
        fixed-address         ltsp010;
        #filename              "/tftpboot/lts/vmlinuz-2.4.19-ltsp-1";
        filename              "/tftpboot/lts/pxelinux.0";
        #option option-128     e4:45:74:68:00:00;
        #option option-129     "NIC=3c509";
    }

There are already 100 places set aside for 100 thin clients in the file /etc/dhcp3/dhcpd-skolelinux.conf.

---

8.7.1.2. Workstation (Linux, Windows, Mac)

host static00 {
       hardware ethernet 00:00:00:00:00:00;
       fixed-address static00;
    }

There is 1 place set aside for a machine with a static IP address in the file /etc/dhcp3/dhcpd-skolelinux.conf. If you need more, then make more by using the one provided there as a template.

---

8.7.1.3. Printers

host printer00 {
       hardware ethernet 00:00:00:00:00:00;
       fixed-address printer00;
    }

---

8.7.1.4. Thin Client Servers

group {
    host ltspserver00 {
       hardware ethernet 00:00:00:00:00:00;
       fixed-address ltspserver00;
    }

klaus@tjener:$ unzip BootDisk522b.zip
Archive:  BootDisk522b.zip
  inflating: rawrite2.exe
  inflating: ebnet522.dsk
  inflating: Readme.txt
          

Jan  4 19:04:44 tjener dhcpd-2.2.x: DHCPDISCOVER from 00:00:86:4a:58:5a via eth1
Jan  4 19:04:44 tjener dhcpd-2.2.x: DHCPOFFER on 192.168.0.201 to 00:00:86:4a:58:5a via eth1
Jan  4 19:04:45 tjener dhcpd-2.2.x: DHCPREQUEST for 192.168.0.201 from 00:00:86:4a:58:5a via eth1
Jan  4 19:04:45 tjener dhcpd-2.2.x: DHCPACK on 192.168.0.201 to 00:00:86:4a:58:5a via eth1

host ltsp010 {
        hardware ethernet     00:00:86:4a:58:5a;
        fixed-address         192.168.0.10;
        #filename              "/tftpboot/lts/vmlinuz-2.4.19-ltsp-1";
        filename              "/tftpboot/lts/pxelinux.0";
        #option option-128     e4:45:74:68:00:00;
        #option option-129     "NIC=3c509";
    }

#filename              "/tftpboot/lts/vmlinuz-2.4.19-ltsp-1";

filename              "/tftpboot/lts/pxelinux.0";

option option-128     e4:45:74:68:00:00;
option option-129     "NIC=3c509";
          

[ltsp050]
PRINTER_0_DEVICE =/dev/lp0
PRINTER_0_TYPE   =P

[ltsp051]
X_MOUSE_PROTOCOL    = "Microsoft"
X_MOUSE_DEVICE      = "/dev/ttyS0"
X_MOUSE_RESOLUTION  = 400
X_MOUSE_BUTTONS     = 2
X_MOUSE_EMULATE3BTN = Y

X_MOUSE_PROTOCOL  = "imps/2"
X_MOUSE_DEVICE    = "/dev/input/mice"
RCFILE_01               = "usbdev"
            

#!/bin/sh
echo "USB Mouse Support..."
insmod usbcore
insmod usb-uhci
insmod input
insmod mousedev
insmod usbmouse
echo "USB Keyboard Support..."
insmod keybdev
insmod usbkbd

[ltsp052]
X_MOUSE_PROTOCOL   = "IMPS/2"

[ltsp053]
RCFILE_01=floppyd

[ltsp054]
XSERVER=XF86_SVGA

[ltsp060]
X_MODE_0=800x600

8.8. Do the Network Cards Work?

With the command

ifconfig

This command is also good for finding out which IP address the machine has, as well as its MAC address (which is called "HWaddr"). Another way to collect MAC addresses is to have a look at the syslog file at the time that you start up the machine whose MAC address you want to find. Then all you have to do is cut and paste. Use the command, as root, tail -f /var/log/syslog then you will see something like Jun 2 22:52:28 tjener dhcpd-2.2.x: DHCPDISCOVER from 00:02:b3:8f:66:76 via eth1 Jun 2 22:52:28 tjener dhcpd-2.2.x: DHCPOFFER on 192.168.0.13 to 00:02:53:8f:66:76 via eth1 Jun 2 22:52:29 tjener dhcpd-2.2.x: DHCPREQUEST for 192.168.0.13 from 00:02:53:8f:66:76 via eth1 Jun 2 22:52:29 tjener dhcpd-2.2.x: DHCPACK on 192.168.0.13 to 00:02:53:8f:66:76 via eth1 Use CTRL-C to stop the process.

tjener:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:04:75:81:AA:78
          inet addr:10.0.2.2  Bcast:10.0.3.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:27892 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26194 errors:0 dropped:0 overruns:0 carrier:0
          collisions:5 txqueuelen:100
          RX bytes:23495725 (22.4 MiB)  TX bytes:2810447 (2.6 MiB)
          Interrupt:11 Base address:0xdc00

eth1      Link encap:Ethernet  HWaddr 00:04:75:81:AA:FD
          inet addr:192.168.0.254  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1976176 errors:0 dropped:0 overruns:26 frame:0
          TX packets:2271670 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:486381910 (463.8 MiB)  TX bytes:1131449472 (1.0 GiB)
          Interrupt:10 Base address:0xe000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:44174 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44174 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11789085 (11.2 MiB)  TX bytes:11789085 (11.2 MiB)

If what you see is similar to the above, but you still can't get on the net, then you may have to do something with your DNS-setup. Have a look at this section in the documentaton about Coyote Linux, Section 3.11.

8.9. Administration of Packages

In order to install packages, you need to define where you want to get them from, where your package reservoir is.

You define your package reservoir in the file /etc/apt/sources.list

You can either work with package administration via the command line or with the help of a graphical application such as KPackage Section 13.6, or Webmin Section 13.1

A quick introduction to the use of the command line for working with packaqe administration is given in this section.

deb ftp://ftp.skolelinux.no/debian/ woody main contrib non-free
deb ftp://ftp.skolelinux.no/debian-non-US/ woody/non-US main contrib non-free
deb ftp://ftp.skolelinux.no/skolelinux/ woody local

These lines contain information about where you can get your packaqes.

If you add new lines to this file, then you have to update the database that contains information about what is available.

See Chapter 14 for other lines that you can add as sources for packages.

---

8.9.2. Upgrading All Installed Packages to a Newer Version

Sometimes you will see a message concerning changes (Changelog) that concerns the packages that you are about to install/upgrade, such as kdeaddons (4:3.1.0-4) unstable; urgency=low * Rebuilt against libvorbis0a (closes: #184713). * Removed alpha compile flags. * Fresh admin/ sync. -- Ben Burton <bab@debian.org> Sun, 16 Mar 2003 16:00:19 +1100 kdeaddons (4:3.1.0-2) unstable; urgency=low * First KDE3 upload to debian! * Applied Ewald Snel's patch for xine support. * Rolled the epoch to aid upgrades from the unofficial repository on ftp.kde.org.. *sigh* : Use the SPACEBAR on the keyboard to page through to the end of the message, where you will see quanta (1:3.0pr1-1) unstable; urgency=low * New upstream release. * Built for KDE3. -- Ben Burton <benb@acm.org> Wed, 4 Sep 2002 10:36:12 +1000 (END) Press the Q-key, for Quit, and then you will see Fetched 60.2MB in 11m24s (87.9kB/s) Reading changelogs... Done apt-listchanges: Do you want to continue? [Y/n]? In order to continue you must press Y, for Yes.

All of the packages that have already been installed can be upgraded to a newer version with the command

apt-get upgrade

Sometimes it's really nice to know what is actually going to happen before you start to upgrade all installed packages. It's possible that it's not the right moment for you to start downloading several large packages. Maybe you need to wait until there is more bandwidth available. If you run apt-get upgrade -s then nothing will actually happen- the upgrade will only be simulated. If there is too much information on the screen, then you can try apt-get upgrade -s|more . If it looks fine, then you run the above command again, taking away the -s On the US keyboard, the so-called pipe symbol, | is found immediately to the left of the BACKSPACE key. Use the SHIFT key to type the pipe symbol.

tjener:~# apt-cache showpkg webmin-slbackup
Package: webmin-slbackup
Versions:
0.0.7-1(/var/lib/apt/lists/ftp.skolelinux.no_skolelinux_dists_woody_local_binary-i386_Packages)
(/var/lib/apt/lists/ftp.skolelinux.no_skolelinux_dists_woody-test_local_binary-i386_Packages)
(/var/lib/dpkg/status)
0.0.6-1(/var/lib/apt/lists/ftp.skolelinux.no_skolelinux_dists_woody-test_local_binary-i386_Packages)

Reverse Depends:
  education-main-server,webmin-slbackup
  task-skolelinux-server,webmin-slbackup
Dependencies:
0.0.7-1 - webmin (0 (null)) perl (0 (null)) libcgi-application-perl (0 (null)) 
libhtml-template-perl (0 (null)) libexpect-perl (2 1.15) slbackup (2 0.0.5-1)
0.0.6-1 - webmin (0 (null)) perl (0 (null)) libcgi-application-perl (0 (null)) 
libhtml-template-perl (0 (null)) libexpect-perl (2 1.15) slbackup (2 0.0.5-1)
Provides:
0.0.7-1 -
0.0.6-1 -
Reverse Provides:

---

8.9.11. Finding Which Package a File Came From

If you want to know which package a specific package came from, the command

dpkg -S <filename>

will help you find out.

---

8.9.11.1. Unpacking the Files from a Package Without Installing Them

Maybe you have accidentally erased an important systems file, and you do not have any backup of it. What then? If you use the command

dpkg -S <filename>

you will find out which package the file originally comes from. That way you can unpack the package and get back the missing systems file.

First, you have to get the relevant .deb-package. When you have done that, you place it in the /tmpdirectory. You unpack the files in that directory with the command

dpkg -X <packagename> /tmp

which will then create the necessary directories in the /tmpdirectory and then place the files there.

Never unpack the package directly in the /-directory!

deb file:///var/www dpkg/

8.10. The Quota System for Hard Drive Space

• First, you have to install the necessary packages, if you don't already have them installed.

             apt-get install quota quotatool
  

• Then you have to enable the use of quotas on the desired partition. So you first add a line to the file /etc/fstab. Do this for the partition /skole/tjener/home0

  /dev/vg_data/lv_home0   /skole/tjener/home0     ext3    defaults,usrquota,grpquota       0       2
  

  with the flags 'usrquota' and 'grpquota' you have now enabled the use of user quotas and group quotas on the partition /skole/tjener/home0. In order to get this to take effect, you have to unmount the partition and then mount it; if necessary, reboot the machine.

• Then you have to make the databases that contain info about the quotas:

             touch /skole/tjener/home0/quota.user
              touch /skole/tjener/home0/quota.group
              chmod 600 /skole/tjener/home0/quota.user
              chmod 600 /skole/tjener/home0/quota.group
  

  After that, check that quota.user and quota.group are empty before initialising the databases:

  ls -lh /skole/tjener/home0/quota*

  will show that quota.user and quota.group have zero size. Then initialise the databases with the command

  quotacheck -avug

  after which you check that the databases are no longer zero in size

  ls -lh /skole/tjener/home0/quota*

• Then you turn on the quotas: quotaon -a

• After that you set the quotas for some of the users.

             edquota -u klaus
  

  takes you to a vi-based quota editor where you set up the quota the way you want it for klaus. If you think that quota is the one you want for all of the users, you can use the size of quota for klaus as a template for the other users. When that's done, you need to check the current status of the disk quotas,

             repquota /skole/tjener/home0
  

  gives you

  
  tjener:~# repquota /skole/tjener/home0
  *** Report for user quotas on device /dev/vg_data/lv_home0
  Block grace time: 7days; Inode grace time: 7days
                          Block limits                File limits
                          User            used    soft    hard  grace    used  soft  hard  grace
                          ----------------------------------------------------------------------
                          root      -- 1198381       0       0          12832     0     0
                          daemon    --       4       0       0              5     0     0
                          bin       --       1       0       0              1     0     0
                          man       --    1000       0       0             28     0     0
                          lp        --      81       0       0            198     0     0
                          mail      --    5233       0       0            444     0     0
                          news      --       1       0       0              1     0     0
                          proxy     --  126788       0       0           4722     0     0
                          junkbust  --       5       0       0              3     0     0
                          klaus     --    1993    1500    2000            268     0     0
                          test16    --       5       0       0              4     0     0
                          test15    --       5       0       0              4     0     0
                          test14    --       5       0       0              4     0     0
                          test13    --       5       0       0              4     0     0
  

  Here the user klaus has a softlimit of 1.5MB and a hardlimit of 2MB.

• If you have a list of usernames in the file LoginName.txt in the form jan janak janne then you can give all of them the same size of quota as klaus with the command

             for x in `cat LoginName.txt `;do edquota -p klaus $x;done
  

  If you now look at the status of the quotas, you will see that all of the users have got the same quota as klaus

  
  tjener:~# repquota /skole/tjener/home0
  *** Report for user quotas on device /dev/vg_data/lv_home0
  Block grace time: 7days; Inode grace time: 7days
                          Block limits                File limits
                          User            used    soft    hard  grace    used  soft  hard  grace
                          ----------------------------------------------------------------------
                          root      -- 1198381       0       0          12832     0     0
                          daemon    --       4       0       0              5     0     0
                          bin       --       1       0       0              1     0     0
                          man       --    1000       0       0             28     0     0
                          lp        --      81       0       0            198     0     0
                          mail      --    5233       0       0            444     0     0
                          news      --       1       0       0              1     0     0
                          proxy     --  126788       0       0           4722     0     0
                          junkbust  --       5       0       0              3     0     0
                          klaus     +-    1993    1500    2000            268     0     0
                          test16    --       5    1500    2000              4     0     0
                          test15    --       5    1500    2000              4     0     0
                          test14    --       5    1500    2000              4     0     0
                          test13    --       5    1500    2000              4     0     0
  

  If you use LDAP then you can quickly get a list of your users with the command

             
  getent passwd|grep home0|cut -d":" -f1>LoginName.txt
  

  check that LoginName.txtis the way you want it to be.

• Good commands for learning more about disk quotas for users and groups are

  • man edquota

  • man quota

  • man quotacheck

  • man quotaoff

  • man quotaon

  • man quotastats

  • man quotatool

  • man repquota

#ERRFILE=$HOME/.xsession-errors
#
## attempt to create an error file; abort if we cannot
#if touch $ERRFILE 2> /dev/null && [ -w $ERRFILE ]; then
#  chmod 600 "$ERRFILE"
#elif ERRFILE=$(tempfile 2> /dev/null); then
#  if ! ln -sf "$ERRFILE" "${TMPDIR:=/tmp}/xsession-$USER"; then
#    message "Xsession: unable to symlink \"$TMPDIR/xsession-$USER\" to" \
#             "\"$ERRFILE\"."
#  fi
#else
#  errormsg "Xsession: unable to create X session log/error file.  Aborting."
#fi
#
#exec > "$ERRFILE" 2>&1

errfile="/dev/null"
exec > "$errfile" 2>&1

10.1. Adding a Printer to a Thin Client

Before you try to add a printer in Skolelinux/Debian-edu, you should really think about this before you get a printer. So check out the web pages on linuxprinting.org to find out if your printer is supported out-of-the-box by Linux. If you have a printer that is classified as a "paperweight", then get rid of it, or use it as a door stopper.

Recipe for Setting up a Printer on a Thin Client

• Plug the printer into the thin client. This example is for a printer on a parallel port, so '/dev/lp0'

• Add the MAC address of this thin client in Webmin, for example ltsp050.

• Use a text editor to open the file /opt/ltsp/i386/etc/lts/lts.conf, and add these lines

  
  [ltsp050]
  PRINTER_0_DEVICE =/dev/lp0
  PRINTER_0_TYPE   =P
  

  If this thin client needs other configuration lines, add them here as well; maybe its video card does not allow autodetection, etc.

• Go to K-menu->Control Center->System->Printing Manager and click on "the magic wand" icon to add a printer. Click on 'Next'. Then for backend selection choose 'Network printer(TCP)'. Click on 'Next'.

• Click on 'Settings'. Instead of 10.2.0, type 192.168.0, if the printer is connected to a thin client, leave the other values as they are. Click OK. Click on the button 'Scan', and it will then search for your printer, which will take about det 30-60 seconds. In the large frame on the left, you will soon see information about the thin client that has an attached printer, choose that one, and the rest of the process of choosing printer and driver should be pretty easy, I hope. :-)

• When you try to print out a "test page", you may find that the printer reacts, but still nothing gets printed out. The printer's resolution may be set too high. Try it again with 150 ppt.

10.2. Making Possible the Use of Diskettes with a Thin Client

Get package ltsp_floppy from http://prdownloads.sourceforge.net/ltsp unpack it and run the installation script. After that, use a text editor to add this line RCFILE_01 = floppyd to the file /opt/ltsp/i386/etc/lts.conf for each thin client you want to have floppy access, or add it to [Default] if you want all of them to have it. This is an example which gives all thin clients the capability of using the local floppy drive.

[Default]
        SERVER             = 192.168.0.254
        XSERVER            = auto
        X_MOUSE_PROTOCOL   = "PS/2"
        X_MOUSE_DEVICE     = "/dev/psaux"
        X_MOUSE_RESOLUTION = 400
        X_MOUSE_BUTTONS    = 3
        USE_XFS            = Y
        XkbLayout          = no
        SEARCH_DOMAIN      = intern
        X_MOUSE_EMULATE3BTN = Y
        LOCAL_APPS         = N
        RUNLEVEL           = 5
RCFILE_01 = floppyd

drive a: file="$DISPLAY" remote 1.44m mformat_only

for dir in /skole/tjener/home0/*; do cp /tmp/.mtoolsrc $dir/; chown --reference=$dir $dir/.mtoolsrc; done

When that's done, then all of the folders in /skole/tjener/home0 will have got the file .mtoolsrc, and the ownership of the file will be the same at the one who owns the folder, otherwise the folder would be owned by root.

Remember to make the following changes in the file /etc/devfs/perms; change the line (fra 0660 til 0666)

REGISTER ^floppy/.*         PERMISSIONS root.floppy 0660

REGISTER ^floppy/.*         PERMISSIONS root.floppy 0666

I recommend the graphical program MToolsFM, apt-get install mtoolsfm. There are others, such as Konqueror, but they have some small bugs connected with the use of floppy drives with thin clients. The disadvantage with having the file .mtoolsrc in the home directory, is that you can't just get ready access to the floppy drive from the main server or workstations. I only have thin clients so I haven't looked for a solution to this, but it shouldn't be difficult to find one. (See section Section 10.2.2)

#!/bin/bash
            CLIENT=`echo $DISPLAY | tr 0-9 "-" | sed -e s/-.*//`
            if [ $CLIENT = "ltsp" ]; then
              echo 'drive a: file="$DISPLAY" remote 1.44m mformat_only' >
            ~/.mtoolsrc
            else
              echo 'drive a: file="/dev/floppy/0" 1.44m mformat_only' >
            ~/.mtoolsrc
            fi
          

10.3. Enabling the Use of a USB-Pendrive with a Thin Client

It pays to make sure that the thin client in question has the necessary driver modules. Add these lines to /opt/ltsp/i386/etc/lts.conf

[ltsp043]
MODULE_01          = "usb-uhci"
MODULE_02          = "usb-storage"
MODULE_03          = "sd_mod"
RCFILE_02 = usbpen

cp /opt/ltsp/i386/etc/rc.d/floppyd /opt/ltsp/i386/etc/rc.d/usbpen

#!/bin/bash

#
# First, since floppyd runs as nobody, make /tmp world accessible.
#

chmod 777 /tmp

#
# Second, probe for the floppy
#
modprobe usb-storage
insmod usb-storage

#
# Third, make the floppy world accessible.
#
mknod /dev/sda b 8 0
mknod /dev/sda1 b 8 1
chmod 666 /dev/sd*

#
# Finally, start floppyd.
#
floppyd -d /dev/sda1

See Section G.6 for how it is possible on a regular main server, workstation or thin client.

Total number of sectors not a multiple of sectors per track!
Add mtools_skip_check=1 to your .mtoolsrc file to skip this test

10.4. Sound on Thin Clients

Certainly! I'm listening to NRK radio on a thin client right now.

Start by downloading the package ltsp_sound

11.1. Deciding Which Directories the Users Should Have

To start with, every users get two directories created when the user is created

drwxrwx---        klaus klaus    priv
drwxrwxr-x        klaus klaus    pub

If you aren't comfortable with the idea that your users are supposed to understand the concept of a closed (priv) and an open directory (pub) in their home directories you can change this. You can either lock the directories at the top level after the users are created chmod 700 /skole/tjener/home0/*, or you can open them a little chmod 711 /skole/tjener/home0/*

If you want your users to have several directories from the start, for example the directories matematics, English, German, French, this can be done by changing a bit of the file /usr/share/webmin/ldap-users/createhomedir, by adding these lines:

# Make a directory related to the subject mathematics 
mkdir "$homedir/matematics"
chmod 0770 "$homedir/matematics"

# Make a directory related to the subject English
mkdir "$homedir/English"
chmod 0770 "$homedir/English"

# Make a directory related to the subject German
mkdir "$homedir/German"
chmod 0770 "$homedir/German"

# Make a directory related to the subject French
mkdir "$homedir/French"
chmod 0770 "$homedir/French"

11.2. Deciding the Appearance of the Program Menu

We have a little "problem"- if you can call it that- with Skolelinux/Debian-edu. Rather than too few programs installed, we have far too many. Many of the programs are not necessary for all of the users. They only get in the way and make things cluttered.

Luckily, there are ways to tailor the menu to specific groups of users. There is a program in Skolelinux/Debian-edu that does the whole job for us in a simple way. The program is called kschoolmenu, and you find it in the menu underK-menu->Preferences->System->Custom K-menus

YOu can also start kschoolmenu from the command line with the command kcmshell kschoolmenu

Making Custom Menus

• Start kschoolmenu, make your various menus and name them, for example, menu1, menu2, course

• Make your own menu-groups using the useradm-tool in Webmin; call them something like menu1, menu2, etc.

• According to which tailored menu you want your users to use, you must add the users to the appropriate menu-group. If you want the user 'perhan' to have the menu called menu1, then you add 'perhan' to the group named menu1. See Section 12.3 to find out how to create groups and users.

The results are placed in the file /var/lib/kschoolmenu, which you can edit by hand if you want. If you have several machines and you want the same menu for all of them, a quick way to do this is to copy the files from /var/lib/kschoolmenu

This is kschoolmenu the way you see it when you have started it. You see 2 windows. In the left window, you see a choice of programs that you can have in the menu. To the right, you see the menu you are about to create. Between them, you see 2 arrows which are used to move the program items to/from your menu.

Here you choose what you want to name the menu, in this case it's called menu1. Remember that you have to create a group with the same name and put all of the relevant users in that group so they can get the same menu. See Section 12.3 to find out how this can easily be done.

11.3. Automatic Start of Program at Login

There are some programs that your users surely use every time they login. So, it would be nice to be able to automatically start them up at login, instead of having to do it manually every time. This can be done by copying shortcuts to the program into the directory .kde/Autostart which is stored in the user's home directory.

An easy way to get a hold of these short cuts is to first "drag" them from the K-menu by holding down the left mouse button and then "releasing" them on the desktop background, choosing "Copy here". Then you have a so-called shortcut file in the directory Desktop. You copy this file into the directory .kde/Autostart, which will automatically start the program when the user logs on.

11.4. Message to Everyone who Logs in

There is a program, xmotd - message-of-the-day browser that makes it possible to show the contents of a file when a user logs in to the system. This is useful, for example, when you want to give information about a new printer, planned down time, etc.

If you don't have xmotd installed, then you can install it with

apt-get install xmotd

Add these lines to the file /etc/X11/Xsession

xmotd  -popdown 25 -geometry 500x500 /usr/local/motd \
-xrm "*title.label: Today's Message"" -always
        

Have a look at the manual page for xmotd for a description of the other choices. You can view the manual page from the command line with the command man xmotd.

if [ -e "/usr/local/message/$USER" ]; then
exec /usr/X11R6/bin/xmessage -file /usr/local/message/$USER &
fi
          

11.5. Giving a Message to All Users That are Logged on

If you have a machine where you have installed both main server and thin client server, then you can use a little Perl script to give a message to all users that are logged on.

#!/usr/bin/perl -w

if (@ARGV != 3){
        print "Use:\n\txwall.pl keyword time message\n";
        print "\t keyword is the word you search with\n";
        print "\t time is the time in seconds you want the message to be visible\n";
        print "\t message is the message, should be written inside quotation marks\n";
        exit (1);
}

$SIG{CHLD}="IGNORE"; # in the unlikely event a child exits before the parent

my ($procmatch, $timeout, $message) = ($ARGV[0],$ARGV[1],$ARGV[2]);

foreach $pid (split /\s/,`/bin/pidof $procmatch`) {
        my ($display, $xauthority, $homedir);
        foreach $envvar (split /\00/,`cat /proc/$pid/environ`){
                if ($envvar=~/DISPLAY=(.*)/){ $display = $1; }
        }
        foreach $var (split /\n/, `cat /proc/$pid/status`){
                if ($var =~ /Uid:\s+?(\d*?)\s+?/) { my @uid = getpwuid($1); $homedir = $uid[7]; }
        }

        if ($display){
                if (fork() == 0) {
                        $ENV{DISPLAY}=$display; $ENV{XAUTHORITY}="$homedir/.Xauthority";
                        exec("xmessage -center -timeout $timeout '$message'");
                }
        }
}

perl xwall.pl alarmd 10 "Hi! You will see this message for 10 seconds."

11.6. Automatic User Log In

This is not smart security-wise, but very nice if, for example, you have a Skolelinux/Debian-edu network at home and you are the only user. Be aware that the user in question will be able to log in without being asked to give a password.

It is possible to automatically log in a specific user on a specific thin client when it gets turned on. This is done in the file /etc/kde2/kdm/kdmrc, where the following lines are added:

[X-ltsp010:0-Core]
AutoLoginEnable=true
AutoLoginUser=klaus

[X-ltsp058:0-Core]
AutoLoginEnable=true
AutoLoginUser=susanna

[X-ltsp059:0-Greeter]
PreselectUser=Default
DefaultUser=perbart
          

11.7. Setting up Desktop, Menu bar, etc the Same for Everyone When the User is Created

There are some people who think that the appearance of the "desktop" which accompanies Skolelinux/Debian-edu is not totally optimal. Maybe you would like to give all of your users another background picture, other icons on the desktop, other icons on the K-menu and taskbar in KDE. It would be great if that could be done in such a way that everything was done once and for all in a simple fashion.

The secret lies in placing the files that you want all of your users to get when each user is created, in the correct directory, in this case in the directory named /etc/skel. If your users already exist, then see Section 10.2 og Section H.4.

Everything that is placed in the directory /etc/skel will get copied to the user's home directory when the user is created. For example, if a file test.txt is placed there, then it will be put in the home directory with the correct permissions and ownership.

What we want is for everyone from the start should get a predefined setup of background, desktop, K-menu, etc in KDE. The way this is done is to make a user which serves as a template. Call this user, for example, template, see Section 12.3 to find out how to create a user. Now log in as this user and set up thing the way you want them to be. Then copy the directory that contains all of the relevant KDE configuration files into /etc/skel. You find the KDE configuration files in the directories under .kde

First create the directory /etc/skel/.kde with the command mkdir /etc/skel/.kde, then do the copying with the command cp -ar /skole/tjener/home0/mal/.kde/* /etc/skel/.kde

Everything you see in your KDE desktop environment is a setting in one or another KDE configuration file. For example, the attributes for your shortcut icons are covered in the file Desktop/something-or-other.desktop. The following is part of the contents in the shortcut for OpenOffice.org Writer

[Desktop Entry]
Comment=
Exec=/usr/bin/oowriter
Icon=ooo_writer.xpm
Name=OpenOffice.org Writer
ServiceTypes=
Type=Application

12.1. The Webmin Password

During the installation of Skolelinux/Debian-edu, see Figure 6-4 you were asked to set a password. This password is the basis for 2 different passwords. One of them you use to login to Webmin, at the same time it is also the root password. The other is the LDAP password. To change the root/Webmin password, you can either use the command line with the command passwd or you can use the program kdepasswd, which you find in K-menu->Utilities->Change Password.

12.2. Backup

There is a backup module included in Webmin. You find it under the tab "Servers" and "Skolelinux Backup", or https://tjener.intern:10000/slbackup

This is the place in Webmin where you find slbackup.

Slbackup has 5 modes of operation;

• General, Figure 12-2

• Backup details, Figure 12-3

• Restore, Figure 12-6

• Maintenance, Figure 12-8

• SSH keys, Figure 12-9

This is where you set the time that you want the backup to be done, which will then take place at that time every day.

Here you configure which machine you want to backup. You specify the IP address, together with the directories that you want to backup, and how long you want to keep a copy of the backup.

Here you set up the details for the machine that is going to do the backup. The most important detail is where the backup is going to be stored. The default backup partition is the LVM partition /skole/backup, see section Section 8.5.3. But there is nothing to stop you from setting in an extra hard drive and storing your backup there instead.

If you are observant, you may have noticed that we place the backup on the same hard drive as the one we take backup of. Stupid? Not so, if we take backups as an extra service for our users in case they accidentally delete a file. It is, of course, stupid to store your backup on the same hard drive if the purpose is to guard against a drive getting broken. Then it is wiser to set up a machine with a workstation profile, see Section 2.5, and install some really large capacity hard drives and use slbackup to make the backup external- making that machine your backup server.

What good is it to have a backup utility, if you can't put the files back that have been deleted? By choosing "Restore" you have the possibility to choose which machine you want to get the files from, as well as which file or entire directory you want to get. You can also use everything that you have taken a backup of on the machine in question.

When you have chosen which machine you want to get the backup from, then you will get to make several more choices, among which the date/time you want to restore the backu and where you want the files to be placed. To start with, it's wise to use the directory /tmp/<macinename>.

It's smart to place the files being restored in the directory /tmp/<machinename>. Everything that is stored in this directory gets deleted when the machine reboots. In addition, by placing the files there, in this temporary directory, you make sure that you don't accidentally write over the wrong files (when you replace an old file with a new one that has the same name). After you have taken out the files that you need to restore, then you must go into this directory, /tmp/<machinename>, and use a file manager, see Section 13.4, to get out the files that you want.

By choosing "maintenance" you get the possibility to delete old backups that you no longer have any use for, or place for.

In order to be able to take a backup over the network from other machines, without being asked each time for a password, SSH has been set up in such a way so that you only type in the password once.

klaus@tjener:~$ diff /etc/dhcp3/dhcpd-skolelinux.conf /tmp/tjener/etc/dhcp3/dhcpd-skolelinux.conf
217c217
<     }
---
>
225c225
<     }
---
>

---

12.2.2. Dedicated Backup Server

Slbackup is not really meant to be used in this fashion. So do this at your own risk!

By setting up a machine with a "workstation",profile Section 2.5, and installing Webmin and slbackup, you can quickly set up a very user-friendly and powerful backup machine.

apt-get install slbackup webmin-slbackup

When combined with making a backup volume, see Section 8.5.8, this is a fine way to do backups of files all the time.

By adding more backup clients, see Figure 12-3, by filling in the IP address of the machine you want to backup, for example, the IP address for the "main server" is 10.0.2.2

Be aware that taking a backup over a network can take a long time, so it is best done outside of office hours/school time.

List of times backup is available from (lokal og external):
 rdiff-backup --list-increments /skole/backup/tjener
 rdiff-backup --list-increments backup.intern::/skole/backup/tjener

List of files in a given backup ('--list-at-time now' gives the last one):
 rdiff-backup --list-at-time 2004-02-22T01:30:02-04:00 /skole/backup/tjener/etc/ltsp/

Restore files from a given time ('--restore-as-of now' gives the last one):
 rdiff-backup --restore-as-of 2004-02-22T01:30:02-04:00 /skole/backup/tjener/etc/dhcpd.conf /tmp/dhcpd.conf

--------------[ Session statistics ]--------------
StartTime 1086202803.00 (Wed Jun  2 21:00:03 2004)
EndTime 1086204514.88 (Wed Jun  2 21:28:34 2004)
ElapsedTime 1711.88 (28 minutes 31.88 seconds)
SourceFiles 56607
SourceFileSize 1625082476 (1.51 GB)
MirrorFiles 41244
MirrorFileSize 1060012665 (1011 MB)
NewFiles 15372
NewFileSize 564463215 (538 MB)
DeletedFiles 9
DeletedFileSize 65488 (64.0 KB)
ChangedFiles 344
ChangedSourceSize 667575185 (637 MB)
ChangedMirrorSize 666903101 (636 MB)
IncrementFiles 15725
IncrementFileSize 1936873 (1.85 MB)
TotalDestinationSizeChange 567006684 (541 MB)
Errors 0
--------------------------------------------------

Jun 02 21:28:36 - Successfully finished backing up client tjener
Jun 02 21:28:36 - Finished slbackup.

12.3. wlus - Webmin Ldap User Simple

There are several systems for user information and administration in Skolelinux/Debian-edu, but now we use LDAP and the utility WLUS, and not /etc/passwd and its accompanying commands such as adduser, useradd, etc.

To get access to Webmin, point your favourite web browser to the address https://tjener .intern:10000/ldap-users You can use any web browser you want. You can also connect a Mac machine and run it from there.

Because we haven't added any users yet, it would be natural for us to choose "New User(s)". But before we do that, we may want to adapt WLUS to our needs.

When you add a user in this way, the computer provides the username, and if you want, the password as well. But you can override this by ticking "Common password - Yes" and then typing in the password you want.

Remember to also choose what kind of role you want the new user to have.

This file is formatted with the different fields separated by a semicolon. You can create this file by exporting it to a semicolon-separated file from the school's database of attending pupils, or by exporting from OpenOffice/Excel, or by using a regular, simple text editor such as K-menu->Editors->Text Editor

By putting a cross in front of a user, and choosing for example "Disable Login" that user will not be allowed to login.

/usr/share/debian-edu-config/tools/passwd admin
Enter new password for user admin: 
Reenter new password: 
Enter bind password:

13.1. Webmin

Webmin is the place where you can control all of Skolelinux/Debian-edu with your web browser.

You find Webmin by pointing your web browser to https://tjener.intern:10000

13.2. OpenOffice.org

You find OOo in K-menu->OpenOffice.org->OpenOffice.org Writer

OOo can also be started from the command line with the command oowriter.

[PDF-konvertering]
Printer=SGENPRT/PDF-konvertering
DefaultPrinter=0
Location=
Comment=
Command=/usr/bin/gs -q -dNOPAUSE -sDEVICE=pdfwrite -sOutputFile="(OUTFILE)" -
Features=pdf=/skole/tjener/home0/test/pdf
Copies=1
Scale=0
Orientation=Portrait
PSLevel=0
ColorDevice=0
ColorDepth=24
MarginAdjust=0,0,0,0
PPD_PageSize=A4
PerformFontSubstitution=true
SubstFont_Arial=Helvetica
SubstFont_Times New Roman=Times
SubstFont_Cumberland=Courier
SubstFont_Timmons=Times
SubstFont_Helmet=Helvetica
SubstFont_Thorndale=Times
SubstFont_Albany=Helvetica
SubstFont_Courier New=Courier

13.3. Kmail

You find KMail under K-menu->Internet->KMail

You can also get up the K-menu by pressing ALT+F1

The first thing you see is this:

The first thing you do is to set up KMail so that you can send and receive email. Go to the menu line and click on Settings->Configure KMail...

Here you get a list of menu choices on the left. Let's start with "Identity"

This is where you fill in correct information in the fields Name, Organization, Email Address, Reply-To Addressand, if desired, Signature.

Next you have to make KMail ready for sending and receiving email. Click on Network. This depends a bit on how your Internet provider handles your mail, for example SMTP, then you must choose sendmail, or fill out the name of your SMTP-server.

Next, you must add an account so that you can get your mail. You do this by going to Incoming Mail->Add...

This is where you fill in correct information about Name (that is, what you yourself want to call this account), Username, Password, Host, Port (which is most often 110).

It's important to decide here whether you want the password to be saved in a file (as clear text), or if you don't want that, which means that the password will have to be typed in every time someone gets their email. The later is the most secure and most often recommended. The next thing you have to consider is if you want people to be able to only get a copy of the email or get their email and have it deleted form the server. If you make the first choice (not deleting the email) then the server will get filled up with email, even if you delete it locally in KMail.

IMAP is another type of account. Here you must fill in correct information about Name (what you yourself want to call the account), Username, Password, Host, Port (which is most often 143). If you aren't sure what the different fields mean, you can click on "hjelp" to get an explanation.

If you want to require confirmation before sending an email, put a cross in this box. You will then have to confirm that you really want to send an email, which can be a good thing if you just happen to accidentally hit the Send button.

People often get emails in the form of an HTML-file (which is not used any other place than on the Internet), typically from Outlook. There is a certain degree of security risk involved with these files; but by choosing clear text over HTML it can sometimes make things a bit cumbersome. By putting a cross here, it's easier to look at pictures that are sent as email.

Here you have the possiblity of choosing to empty the trash when you exit KMail, or to keep trash size below a set mimit. You can also choose a nice melody to be played when you get an email.

Exec=kmail -caption "%c" %i %m

Exec=kmail -caption "%c" %i %m -check

13.4. Konqueror, File Manager

You find the file manager in K-menu->Home Directory

Your home directory is that part of the hard drive where your files are stored. The symbol for your home directory is a house.

The file manager is, in fact, a web browser called Konqueror. In its current version, Konquerer is not a very good web browser. However, it does function great as a file manager.

I think it's nice to "see" what I've got in my files, by going to the menuView->Preview and by clicking on, for example, "Images",then you can see things a bit more clearly.

You can create new directories/folders by right-clicking somewhere in the background of the file manager. Then a menu pops up where you then choose "Create New" and "Directory". If you want to move a file into another directory, then you can simply "drag" it over to the directory in question by holding the left mouse button down while moving the file over to the directory, then releasing the button when you are over the directory. Alternatively, you can press the right mouse button (that is, right-click) on the file you want to move and a menu pops up. Click on Cut, then find the directory you want to move the file to, right-click on that directory and another menu pops up. Choose Paste and the file is transferred.

Sometimes it's good to be able to see the contents of two directories simultaneously. You can make this happen by choosing Window->Split View Left/Right. Then you can easily move files in a clear manner between directories.

13.5. KSirc

13.6. kpackage

13.7. Gimp

13.8. Opera

13.9. Mozilla

The version of Mozilla that officially accompanies Debian Woody/Skolelinux is version 1.0. This can be installed with the command

apt-get install mozilla

deb http://www.backports.org/debian stable mozilla

apt-get install mozilla

deb ftp://ftp.nerim.net/debian-marillat/ stable main
          

13.10. Kstars

13.11. Kgeo

14.1. Acrobat Reader

By using your favourite text editor to add the line

deb ftp://ftp.nerim.net/debian-marillat/ stable main

These are the necessary packages to install

tjener:~# apt-cache search acrobat
acroread - Adobe Acrobat Reader: Portable Document Format file viewer
acroread-debian-files - Debian specific parts of Adobe Acrobat Reader
acroread-plugin - Adobe Acrobat(R) Reader plugin for mozilla / konqueror

apt-get install acroread acroread-debian-files acroread-plugin

14.2. Mplayer

This is a super multimedia player, which you can use to play DVD, AVI, MPEG, WMV, etc.

This program is not included with Skolelinux/Debian-edu; it must be downloaded. To do this, you have to add the following line to the file /etc/apt/sources.list

deb ftp://ftp.nerim.net/debian-marillat/ stable main

apt-get update

apt-get install mplayer

Of course, you can use your favourite package manage instead, such as Section 13.6, or Section 13.1