Setting the hostname
Make sure the file /etc/hostname contains the short hostname (not FQDN). Then run /etc/init.d/hostname.sh
Make sure the file /etc/hosts contains a line with the hostname, alongside the static IP, e.g. 192.168.1.100 or if using DHCP, the hostname should be alongside 127.0.0.1 or 127.0.1.1. Example...
127.0.0.1 localhost.localdomain localhost 127.0.1.1 myhostname.localdomain myhostname #-or- 192.168.1.100 myhostname.localdomain myhostname
To ensure domain functionality (highly recommended) make sure the file /etc/resolv.conf has a search or domain line..e.g.
domain localdomain #-or even- search localdomain example.com
Finally, the hostname command can be used to set (transiently) the hostname and also to check it.
# set the current hostname (doesn't survive reboot, see above) hostname myhostname
#show the current hostname (this should show just the short name) hostname
#show the fully-qualified hostname (FQDN) hostname -f
Subscribing to backports can help when you need a newer version of something that is otherwise unavailable.
Consider this as an alternative to compiling software packages yourself.
You can also build your own backports. See DebianBackporting
Drop these into ~/.bashrc for some easy shortcuts. ()
alias aptup="sudo apt-get update && sudo apt-get upgrade" alias aptget="sudo apt-get install" alias aptrm="sudo apt-get remove" alias aptsearch='sudo apt-cache search' alias aptinfo='sudo apt-cache policy'
Updating the system
apt-get is a tool to update your system. Use as follows (be root):
apt-get update apt-get dist-upgrade
Now it's a good idea to point apt at your closest/fastest Debian mirror. Here's how to achieve that.
apt-get install apt-spy rehash # If running on tcsh apt-spy -d sarge -s us -e 7 -n 3 -w /etc/apt/sources.list
Now the fastest apt repositories will be shown in /etc/apt/sources.list
aptitude is a little easier to use than apt-get
aptitude search somename aptitude install somename aptitude update aptitude dist-upgrade
To reconfigure a package after it has been installed...
Example, to reset the time zone
This command will clean up unused/unneeded packages from your system.
Problem: apt-get does not allow update
W: GPG error: http://mirrors.kernel.org etch Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY A70DAF536070D3A1 NO_PUBKEY B5D0C804ADB11277 W: You may want to run apt-get update to correct these problems
Problem: This message appears in /var/log/syslog:
Jun 3 08:58:43 crid40876 modprobe: FATAL: Could not load /lib/modules/2.6.18-6-amd64/modules.dep: No such file or directory
Solution: To (re)generate the modules.dep file...
/lib/modules/2.6.18-6-amd64 depmod -a
Problem: apt-get update returns an error:
Reading package lists... Error! E: Dynamic MMap ran out of room ...
Solution: Put the following setting in /etc/apt/apt.conf
Problem: apt-get upgrade reports "packages have been kept back"
Explanation: this is caused by missing package dependencies.
Solution: run apt-get dist-upgrade instead. This will install the missing dependent packages, as will be shown below The following NEW packages will be installed:
A nice guide to setting up disk quotas can be found here.
To get authentication working against LDAP (OpenLDAP).
1) Instal the openssl, libnss-ldap and libpam-ldap packages. You probably also want nscd.
aptitude install openssl libnss-ldap libpam-ldap nscd
2) Setup /etc/ldap.conf as appropriate. e.g.
host ldap1.example.org port 636 base dc=example,dc=org ssl on tls_checkpeer no tls_ciphers HIGH:MEDIUM:+SSLv2:RSA pam_password crypt
3) Fixup /etc/libnss-ldap.conf and /etc/ldap/ldap.conf as follows
mv /etc/libnss-ldap.conf /etc/libnss-ldap.conf.orig ln -s /etc/ldap.conf /etc/libnss-ldap.conf mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig mv /usr/share/libnss-ldap/ldap.conf /usr/share/libnss-ldap/ldap.conf.orig ln -s /etc/ldap.conf /usr/share/libnss-ldap/ldap.conf mv /usr/share/libpam-ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf.orig ln -s /etc/ldap.conf /usr/share/libpam-ldap/ldap.conf
4) Setup nsswitch
Change the following entries in /etc/nsswitch.conf. files might now say compat and that's OK. The point is, you want to append ldap for the three services shown. passwd: files ldap group: files ldap shadow: files ldap
5) Check that nss can see the LDAP server
getent passwd username username:x:12345:100:Some User:/usr/home/username:/bin/tcsh
This means nsswitch(5) is working as expected. If nothing is produced and you know username is setup as a posixUser, try looking in /var/log/auth.log for clues, or use wireshark and/or strace to ascertain what the problem is.
6) Setup pam configuration
echo "auth sufficient /lib/security/pam_ldap.so use_first_pass debug" >> /etc/pam.d/common-auth echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/common-account
7) Test it out by, for instance, ssh-ing to the server Hint: turn on debugging using _LogLevel DEBUG_ in /etc/ssh/sshd_config and restart ssh /etc/init.d/ssh restart
Other things to try, login from the console, su - username. If these work, you know the pam config is OK.
A great way to troubleshoot from the server-side is to enable logging (via syslog). In [=slapd.conf] put:
Then in syslog.conf put:
#LDAP local4.* /var/log/slapd.log
Then restart syslogd and slapd.
Note: in my environment it was necessary to NOT use rootbinddn or binddn in the ldap.conf. YMMV.