Debian
Setting the hostname
Make sure the file /etc/hostname contains the short hostname. Then run /etc/init.d/hostname.sh
Make sure the file `/etc/hosts* contains a line with the fqdn (first), then short hostname, alongside the static IP, e.g. 192.168.1.100 or if using DHCP, the hostnames should be alongside 127.0.0.1 or 127.0.1.1. Example...
127.0.0.1 localhost.localdomain localhost
127.0.1.1 myhostname.localdomain myhostname
#-or-
192.168.1.100 myhostname.localdomain myhostname
To ensure domain functionality (highly recommended) make sure the file /etc/resolv.conf has a search or domain line..e.g.
domain localdomain
#-or even-
search localdomain example.com
Finally, the hostname command can be used to set (transiently) the hostname and also to check it.
set the current hostname (doesn't survive reboot, see above)
hostname myhostname
show the current hostname (this should show just the short name)
hostname
show the fully-qualified hostname (FQDN)
hostname -f
Using backports
Subscribing to backports can help when you need a newer version of something that is otherwise unavailable.
Consider this as an alternative to compiling software packages yourself.
See https://www.backports.org/Instructions
Building backports
You can also build your own backports. See Debian Backporting
Apt shortcuts
Drop these into ~/.bashrc for some easy shortcuts.
https://ubuntuforums.org/showthread.php?p=4653207%7C1
alias aptup="sudo apt-get update && sudo apt-get upgrade"
alias aptget="sudo apt-get install"
alias aptrm="sudo apt-get remove"
alias aptsearch='sudo apt-cache search'
alias aptinfo='sudo apt-cache policy'
Updating the system
apt-get is a tool to update your system. Use as follows (be root or prepend sudo):
apt-get update
apt-get dist-upgrade
Now it's a good idea to point apt-get at your closest/fastest Debian mirror. Here's how to achieve that.
apt-get install apt-spy
apt-spy -d sarge -s us -e 7 -n 3 -w /etc/apt/sources.list
Now the fastest apt repositories will be shown in /etc/apt/sources.list
apt is a little easier to use than apt-get for certain things.
apt search somename
apt show somename
apt show -a somename
apt install somename
apt update
apt dist-upgrade
To reconfigure a package after it has been installed...
dpkg-reconfigure package
Example, to reset the time zone
dpkg-reconfigure tzdata
Cleanup
This command will clean up unused/unneeded packages from your system.
apt-get autoremove --purge
Troubleshooting
Problem: apt-get does not allow update
W: GPG error: [http://mirrors.kernel.org](http://mirrors.kernel.org) etch Release: The following signatures couldn't be verified
because the public key is not available: NO\_PUBKEY A70DAF536070D3A1 NO\_PUBKEY B5D0C804ADB11277
W: You may want to run apt-get update to correct these problems
Solution: See http://www.backports.org/dokuwiki/doku.php?id=instructions
Problem: This message appears in /var/log/syslog:
Jun 3 08:58:43 crid40876 modprobe: FATAL: Could not load /lib/modules/2.6.18-6-amd64/modules.dep: No such file or directory
Solution: To (re)generate the modules.dep file...
/lib/modules/2.6.18-6-amd64
depmod -a
Problem: apt-get update returns an error:
Reading package lists... Error!
E: Dynamic MMap ran out of room
...
Solution: Put the following setting in /etc/apt/apt.conf
APT::Cache-Limit "20000000";
Problem: apt-get upgrade reports "packages have been kept back"
Explanation: this is caused by missing package dependencies.
Solution: run apt-get dist-upgrade instead. This will install the missing dependent packages, as will be shown below **The following NEW packages will be installed:
...
**
Quotas
A nice guide to setting up disk quotas can be found here.
LDAP authentication
To get authentication working against LDAP (OpenLDAP).
- Instal the openssl, libnss-ldap and libpam-ldap packages. You probably also want nscd.
apt-get install openssl libnss-ldap libpam-ldap nscd
- Setup /etc/ldap.conf as appropriate. e.g.
host ldap1.example.org
port 636
base dc=example,dc=org
ssl on
tls_checkpeer no
tls_ciphers HIGH:MEDIUM:+SSLv2:RSA
pam_password crypt
- Fixup /etc/libnss-ldap.conf and /etc/ldap/ldap.conf as follows
mv /etc/libnss-ldap.conf /etc/libnss-ldap.conf.orig
ln -s /etc/ldap.conf /etc/libnss-ldap.conf
mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig
mv /usr/share/libnss-ldap/ldap.conf /usr/share/libnss-ldap/ldap.conf.orig
ln -s /etc/ldap.conf /usr/share/libnss-ldap/ldap.conf
mv /usr/share/libpam-ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf.orig
ln -s /etc/ldap.conf /usr/share/libpam-ldap/ldap.conf
- Setup nsswitch
Change the following entries in /etc/nsswitch.conf. files might now say compat and that's OK. The point is, you want to append ldap for the three services shown.
passwd: files ldap
group: files ldap
shadow: files ldap
- Check that nss can see the LDAP server
getent passwd username
username:x:12345:100:Some User:/usr/home/username:/bin/tcsh
This means nsswitch(5) is working as expected. If nothing is produced and you know username is setup as a posixUser, try looking in /var/log/auth.log for clues, or use wireshark and/or strace to ascertain what the problem is.
- Setup pam configuration
echo "auth sufficient /lib/security/pam\_ldap.so use\_first\_pass debug" >> /etc/pam.d/common-auth
echo "account sufficient /lib/security/pam\_ldap.so" >> /etc/pam.d/common-account
- Test it out by, for instance, ssh-ing to the server Hint: turn on debugging using
LogLevel DEBUGin/etc/ssh/sshd_configand restart ssh/etc/init.d/ssh restart
Other things to try, login from the console, su - username. If these work, you know the pam config is OK.
A great way to troubleshoot from the server-side is to enable logging (via syslog). In slapd.conf put:
loglevel 256
Then in syslog.conf put:
#LDAP
local4.\* /var/log/slapd.log
Then restart syslogd and slapd.
Note: in my environment it was necessary to NOT use rootbinddn or binddn in the ldap.conf. YMMV.