Debian
From ConShell
Contents |
Setting the hostname
Make sure the file /etc/hostname contains the hostname (not FQDN). Then run /etc/init.d/hostname.sh
Make sure the file /etc/hosts contains a line with the hostname, alongside the static IP, e.g. 192.168.1.100 or if using DHCP, the hostname should be alongside 127.0.0.1. Example...
127.0.0.1 localhost.localdomain localhost 192.168.1.100 myhostname.localdomain myhostname 192.168.1.101 otherhostname.localdomain otherhostname
To ensure domain functionality (highly recommended) make sure the file /etc/resolv.conf has a search or domain line..e.g.
domain localdomain #-or even- search localdomain example.com
Finally, the hostname command can be used to set (transiently) the hostname and also to check it.
#show the current hostname hostname # set the current hostname (doesn't survive reboot, see above) hostname myhostname #show the fully-qualified hostname (FQDN) hostname --fqdn
Using backports
Subscribing to backports can help when you need a newer version of something that is otherwise unavailable.
Consider this as an alternative to compiling software packages yourself.
See http://www.backports.org/dokuwiki/doku.php?id=instructions
Apt shortcuts
Drop these into ~/.bashrc for some easy shortcuts. ([1])
alias aptup="sudo apt-get update && sudo apt-get upgrade" alias aptget="sudo apt-get install" alias aptrm="sudo apt-get remove" alias aptsearch='sudo apt-cache search' alias aptinfo='sudo apt-cache policy'
Updating the system
apt-get is a tool to update your system. Use as follows (be root):
apt-get update apt-get dist-upgrade
Now it's a good idea to point apt at your closest/fastest Debian mirror. Here's how to achieve that.
apt-get install apt-spy rehash # If running on tcsh apt-spy -d sarge -s us -e 7 -n 3 -w /etc/apt/sources.list
Now the fastest apt repositories will be shown in /etc/apt/sources.list
aptitude is a little easier to use than apt-get
aptitude search somename aptitude install somename aptitude update aptitude dist-upgrade
To reconfigure a package after it has been installed...
dpkg-reconfigure package
Example, to reset the time zone
dpkg-reconfigure tzdata
Cleanup
This command will clean up unused/unneeded packages from your system.
apt-get autoremove
Troubleshooting
Problem: apt-get does not allow update
W: GPG error: http://mirrors.kernel.org etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A70DAF536070D3A1 NO_PUBKEY B5D0C804ADB11277 W: You may want to run apt-get update to correct these problems
Solution: See http://www.backports.org/dokuwiki/doku.php?id=instructions
Problem: This message appears in /var/log/syslog:
Jun 3 08:58:43 crid40876 modprobe: FATAL: Could not load /lib/modules/2.6.18-6-amd64/modules.dep: No such file or directory
Solution: To (re)generate the modules.dep file...
/lib/modules/2.6.18-6-amd64 depmod -a
Problem: apt-get update returns an error:
Reading package lists... Error! E: Dynamic MMap ran out of room ...
Solution: Put the following setting in /etc/apt/apt.conf
APT::Cache-Limit "20000000";
Problem: apt-get upgrade reports "packages have been kept back"
Explanation: this is caused by missing package dependencies.
Solution: run apt-get dist-upgrade instead. This will install the missing dependent packages, as will be shown below The following NEW packages will be installed:
LDAP authentication
To get authentication working against LDAP (OpenLDAP).
1) Instal the openssl, libnss-ldap and libpam-ldap packages. You probably also want nscd.
aptitude install openssl libnss-ldap libpam-ldap nscd
2) Setup /etc/ldap.conf as appropriate. e.g.
host ldap1.example.org port 636 base dc=example,dc=org ssl on tls_checkpeer no tls_ciphers HIGH:MEDIUM:+SSLv2:RSA pam_password crypt
3) Fixup /etc/libnss-ldap.conf and /etc/ldap/ldap.conf as follows
mv /etc/libnss-ldap.conf /etc/libnss-ldap.conf.orig ln -s /etc/ldap.conf /etc/libnss-ldap.conf mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig mv /usr/share/libnss-ldap/ldap.conf /usr/share/libnss-ldap/ldap.conf.orig ln -s /etc/ldap.conf /usr/share/libnss-ldap/ldap.conf mv /usr/share/libpam-ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf.orig ln -s /etc/ldap.conf /usr/share/libpam-ldap/ldap.conf
4) Setup nsswitch
Change the following entries in /etc/nsswitch.conf. files might now say compat and that's OK. The point is, you want to append ldap for the three services shown. passwd: files ldap group: files ldap shadow: files ldap
5) Check that nss can see the LDAP server
getent passwd username username:x:12345:100:Some User:/usr/home/username:/bin/tcsh
This means nsswitch(5) is working as expected. If nothing is produced and you know username is setup as a posixUser, try looking in /var/log/auth.log for clues, or use wireshark and/or strace to ascertain what the problem is.
6) Setup pam configuration
echo "auth sufficient /lib/security/pam_ldap.so use_first_pass debug" >> /etc/pam.d/common-auth echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/common-account
7) Test it out by, for instance, ssh-ing to the server
Hint: turn on debugging using _LogLevel DEBUG_ in /etc/ssh/sshd_config and restart ssh /etc/init.d/ssh restart
Other things to try, login from the console, su - username. If these work, you know the pam config is OK.
A great way to troubleshoot from the server-side is to enable logging (via syslog). In [=slapd.conf] put:
loglevel 256
Then in syslog.conf put:
#LDAP local4.* /var/log/slapd.log
Then restart syslogd and slapd.
Note: in my environment it was necessary to NOT use rootbinddn or binddn in the ldap.conf. YMMV.
Helpful Links
Categories: Debian | Linux | LDAP | Operating Systems
