Debian
Setting the hostname
Getting the hostname right can be tricky. If hostname -f doesn't produce the fully-qualified domain name (fqdn) you probably have this misconfigured.
Rule 1: put the shortname (i.e. foo) in /etc/hostname
Rule 2: put BOTH the fqdn (i.e. foo.example.com) and short name (i.e. foo) in /etc/hosts IN THAT ORDER, to the right of the IP address.
Example...
127.0.0.1 localhost.localdomain localhost
127.0.1.1 myhostname.localdomain myhostname
# -or-
192.168.1.100 myhostname.localdomain myhostname
To ensure domain functionality (highly recommended) make sure the file /etc/resolv.conf has either a search or domain line..e.g.
domain localdomain
# -or even-
search localdomain example.com
Finally, the hostname command can be used to set (transiently) the hostname and also to check it. To set the current hostname (doesn't survive reboot, see above)
hostname myhostname
Show the current hostname (this should show just the short name)
hostname
show the fully-qualified hostname (FQDN)
hostname -f
Using backports
Subscribing to backports can help when you need a newer version of something that is otherwise unavailable.
Consider this as an alternative to compiling software packages yourself.
See https://www.backports.org/Instructions
Building backports
You can also build your own backports. See Debian Backporting
Apt shortcuts
Drop these into ~/.bashrc for some easy shortcuts.
https://ubuntuforums.org/showthread.php?p=4653207%7C1
alias aptup="sudo apt-get update && sudo apt-get upgrade"
alias aptget="sudo apt-get install"
alias aptrm="sudo apt-get remove"
alias aptsearch='sudo apt-cache search'
alias aptinfo='sudo apt-cache policy'
Updating the system
apt-get is a tool to update your system. Use as follows (be root or prepend sudo):
apt-get update
apt-get dist-upgrade
Now it's a good idea to point apt-get at your closest/fastest Debian mirror. Here's how to achieve that.
apt-get install apt-spy
apt-spy -d sarge -s us -e 7 -n 3 -w /etc/apt/sources.list
Now the fastest apt repositories will be shown in /etc/apt/sources.list
apt is a little easier to use than apt-get for certain things.
apt search somename
apt show somename
apt show -a somename
apt install somename
apt update
apt dist-upgrade
To reconfigure a package after it has been installed...
dpkg-reconfigure package
Example, to reset the time zone
dpkg-reconfigure tzdata
Package Cleanup
This command will clean up unused/unneeded packages from your system.
apt-get autoremove --purge
Another command I use often cleans up "removed but still configured" packages. These appear with the "rc" prefix in the output of dpkg -l
dpkg -l | grep ^rc | awk '{ print $2 }' | xargs sudo apt -y purge
Troubleshooting
Problem: apt-get does not allow update
W: GPG error: [http://mirrors.kernel.org](http://mirrors.kernel.org) etch Release: The following signatures couldn't be verified
because the public key is not available: NO\_PUBKEY A70DAF536070D3A1 NO\_PUBKEY B5D0C804ADB11277
W: You may want to run apt-get update to correct these problems
Solution: See http://www.backports.org/dokuwiki/doku.php?id=instructions
Problem: This message appears in /var/log/syslog:
Jun 3 08:58:43 crid40876 modprobe: FATAL: Could not load /lib/modules/2.6.18-6-amd64/modules.dep: No such file or directory
Solution: To (re)generate the modules.dep file...
/lib/modules/2.6.18-6-amd64
depmod -a
Problem: apt-get update returns an error:
Reading package lists... Error!
E: Dynamic MMap ran out of room
...
Solution: Put the following setting in /etc/apt/apt.conf
APT::Cache-Limit "20000000";
Problem: apt-get upgrade reports "packages have been kept back"
Explanation: this is caused by missing package dependencies.
Solution: run apt-get dist-upgrade instead. This will install the missing dependent packages.
Quotas
A nice guide to setting up disk quotas can be found here.
LDAP authentication
To get authentication working against LDAP (OpenLDAP).
- Instal these packages. You probably also want nscd.
apt-get install openssl libnss-ldap libpam-ldap nscd
- Setup
/etc/ldap.confwith your server host, port, etc. e.g.
host ldap1.example.org
port 636
base dc=example,dc=org
ssl on
tls_checkpeer no
tls_ciphers HIGH:MEDIUM:+SSLv2:RSA
pam_password crypt
- Fixup
/etc/libnss-ldap.confand/etc/ldap/ldap.confas follows
mv /etc/libnss-ldap.conf /etc/libnss-ldap.conf.orig
ln -s /etc/ldap.conf /etc/libnss-ldap.conf
mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig
mv /usr/share/libnss-ldap/ldap.conf /usr/share/libnss-ldap/ldap.conf.orig
ln -s /etc/ldap.conf /usr/share/libnss-ldap/ldap.conf
mv /usr/share/libpam-ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf.orig
ln -s /etc/ldap.conf /usr/share/libpam-ldap/ldap.conf
- Setup nsswitch
Change the following entries in /etc/nsswitch.conf. files might now say compat and that's OK. The point is, you want to append ldap for the three services shown.
passwd: files ldap
group: files ldap
shadow: files ldap
- Check that nss can see the LDAP server
getent passwd username
username:x:12345:100:Some User:/usr/home/username:/bin/tcsh
This means nsswitch(5) is working as expected. If nothing is produced and you know username is setup as a posixUser, try looking in /var/log/auth.log for clues, or use [wireshark](Packet Tracing) and/or strace to ascertain what the problem is.
- Setup pam configuration
echo "auth sufficient /lib/security/pam_ldap.so use_first_pass debug" >> /etc/pam.d/common-auth
echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/common-account
- Test it out by, for instance, ssh-ing to the server Hint: turn on debugging using
LogLevel DEBUGin/etc/ssh/sshd_configand restart ssh/etc/init.d/ssh restart
Other things to try, login from the console, su - username. If these work, you know the pam config is OK.
A great way to troubleshoot from the server-side is to enable logging (via syslog). In slapd.conf put:
loglevel 256
Then in syslog.conf put:
#LDAP
local4.* /var/log/slapd.log
Then restart syslogd and slapd.
Note: in my environment it was necessary to NOT use rootbinddn or binddn in the ldap.conf. YMMV.
Helpful Links
- Debian Packaging
- Debian Packages (https://packages.debian.org)
- Debian Backporting