From ConShell
Jump to: navigation, search

Setting the hostname

Make sure the file /etc/hostname contains the short hostname (not FQDN). Then run /etc/init.d/

Make sure the file /etc/hosts contains a line with the hostname, alongside the static IP, e.g. or if using DHCP, the hostname should be alongside or Example...        localhost.localdomain localhost        myhostname.localdomain myhostname
#-or-    myhostname.localdomain myhostname

To ensure domain functionality (highly recommended) make sure the file /etc/resolv.conf has a search or domain line..e.g.

domain localdomain
#-or even-
search localdomain

Finally, the hostname command can be used to set (transiently) the hostname and also to check it.

# set the current hostname (doesn't survive reboot, see above)
hostname myhostname
#show the current hostname (this should show just the short name)
#show the fully-qualified hostname (FQDN)
hostname -f

Using backports

Subscribing to backports can help when you need a newer version of something that is otherwise unavailable.

Consider this as an alternative to compiling software packages yourself.


Building backports

You can also build your own backports. See DebianBackporting

Apt shortcuts

Drop these into ~/.bashrc for some easy shortcuts. ([1])

alias aptup="sudo apt-get update && sudo apt-get upgrade"
alias aptget="sudo apt-get install"
alias aptrm="sudo apt-get remove"
alias aptsearch='sudo apt-cache search'
alias aptinfo='sudo apt-cache policy'

Updating the system

apt-get is a tool to update your system. Use as follows (be root):

 apt-get update
 apt-get dist-upgrade

Now it's a good idea to point apt at your closest/fastest Debian mirror. Here's how to achieve that.

 apt-get install apt-spy
 rehash # If running on tcsh
 apt-spy -d sarge -s us -e 7 -n 3 -w /etc/apt/sources.list

Now the fastest apt repositories will be shown in /etc/apt/sources.list

aptitude is a little easier to use than apt-get

 aptitude search somename
 aptitude install somename
 aptitude update
 aptitude dist-upgrade

To reconfigure a package after it has been installed...

 dpkg-reconfigure package

Example, to reset the time zone

dpkg-reconfigure tzdata


This command will clean up unused/unneeded packages from your system.

apt-get autoremove


Problem: apt-get does not allow update

W: GPG error: etch Release: The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY A70DAF536070D3A1 NO_PUBKEY B5D0C804ADB11277
W: You may want to run apt-get update to correct these problems

Solution: See

Problem: This message appears in /var/log/syslog:

Jun  3 08:58:43 crid40876 modprobe: FATAL: Could not load /lib/modules/2.6.18-6-amd64/modules.dep: No such file or directory 

Solution: To (re)generate the modules.dep file...

depmod -a

Problem: apt-get update returns an error:

Reading package lists... Error!
E: Dynamic MMap ran out of room

Solution: Put the following setting in /etc/apt/apt.conf

APT::Cache-Limit "20000000"; 

Problem: apt-get upgrade reports "packages have been kept back"

Explanation: this is caused by missing package dependencies.

Solution: run apt-get dist-upgrade instead. This will install the missing dependent packages, as will be shown below The following NEW packages will be installed:


A nice guide to setting up disk quotas can be found here.

LDAP authentication

To get authentication working against LDAP (OpenLDAP).

1) Instal the openssl, libnss-ldap and libpam-ldap packages. You probably also want nscd.

aptitude install openssl libnss-ldap libpam-ldap nscd

2) Setup /etc/ldap.conf as appropriate. e.g.

 port 636
 base dc=example,dc=org
 ssl on
 tls_checkpeer no
 tls_ciphers  HIGH:MEDIUM:+SSLv2:RSA
 pam_password crypt

3) Fixup /etc/libnss-ldap.conf and /etc/ldap/ldap.conf as follows

 mv /etc/libnss-ldap.conf /etc/libnss-ldap.conf.orig
 ln -s /etc/ldap.conf /etc/libnss-ldap.conf
 mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig
 mv /usr/share/libnss-ldap/ldap.conf /usr/share/libnss-ldap/ldap.conf.orig
 ln -s /etc/ldap.conf /usr/share/libnss-ldap/ldap.conf
 mv /usr/share/libpam-ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf.orig
 ln -s /etc/ldap.conf /usr/share/libpam-ldap/ldap.conf

4) Setup nsswitch

 Change the following entries in /etc/nsswitch.conf. files might now say compat and that's OK. The point is, you want to append ldap for the three services shown.
 passwd:         files ldap
 group:          files ldap
 shadow:         files ldap

5) Check that nss can see the LDAP server

 getent passwd username
 username:x:12345:100:Some User:/usr/home/username:/bin/tcsh

This means nsswitch(5) is working as expected. If nothing is produced and you know username is setup as a posixUser, try looking in /var/log/auth.log for clues, or use wireshark and/or strace to ascertain what the problem is.

6) Setup pam configuration

 echo "auth    sufficient      /lib/security/ use_first_pass debug" >> /etc/pam.d/common-auth
 echo "account     sufficient    /lib/security/" >> /etc/pam.d/common-account

7) Test it out by, for instance, ssh-ing to the server Hint: turn on debugging using _LogLevel DEBUG_ in /etc/ssh/sshd_config and restart ssh /etc/init.d/ssh restart

Other things to try, login from the console, su - username. If these work, you know the pam config is OK.

A great way to troubleshoot from the server-side is to enable logging (via syslog). In [=slapd.conf] put:

 loglevel        256

Then in syslog.conf put:

 local4.*                                                /var/log/slapd.log

Then restart syslogd and slapd.

Note: in my environment it was necessary to NOT use rootbinddn or binddn in the ldap.conf. YMMV.

Helpful Links