Debian

From ConShell
Jump to: navigation, search

Setting the hostname

Make sure the file /etc/hostname contains the short hostname (not FQDN). Then run /etc/init.d/hostname.sh

Make sure the file /etc/hosts contains a line with the hostname, alongside the static IP, e.g. 192.168.1.100 or if using DHCP, the hostname should be alongside 127.0.0.1 or 127.0.1.1. Example...

127.0.0.1        localhost.localdomain localhost
127.0.1.1        myhostname.localdomain myhostname
#-or- 
192.168.1.100    myhostname.localdomain myhostname


To ensure domain functionality (highly recommended) make sure the file /etc/resolv.conf has a search or domain line..e.g.

domain localdomain
#-or even-
search localdomain example.com

Finally, the hostname command can be used to set (transiently) the hostname and also to check it.

# set the current hostname (doesn't survive reboot, see above)
hostname myhostname
#show the current hostname (this should show just the short name)
hostname
#show the fully-qualified hostname (FQDN)
hostname -f

Using backports

Subscribing to backports can help when you need a newer version of something that is otherwise unavailable.

Consider this as an alternative to compiling software packages yourself.

See http://www.backports.org/dokuwiki/doku.php?id=instructions

Building backports

You can also build your own backports. See DebianBackporting

Apt shortcuts

Drop these into ~/.bashrc for some easy shortcuts. ([1])

alias aptup="sudo apt-get update && sudo apt-get upgrade"
alias aptget="sudo apt-get install"
alias aptrm="sudo apt-get remove"
alias aptsearch='sudo apt-cache search'
alias aptinfo='sudo apt-cache policy'

Updating the system

apt-get is a tool to update your system. Use as follows (be root):

 apt-get update
 apt-get dist-upgrade

Now it's a good idea to point apt at your closest/fastest Debian mirror. Here's how to achieve that.

 apt-get install apt-spy
 rehash # If running on tcsh
 apt-spy -d sarge -s us -e 7 -n 3 -w /etc/apt/sources.list

Now the fastest apt repositories will be shown in /etc/apt/sources.list

aptitude is a little easier to use than apt-get

 aptitude search somename
 aptitude install somename
 aptitude update
 aptitude dist-upgrade

To reconfigure a package after it has been installed...

 dpkg-reconfigure package

Example, to reset the time zone

dpkg-reconfigure tzdata

Cleanup

This command will clean up unused/unneeded packages from your system.

apt-get autoremove

Troubleshooting

Problem: apt-get does not allow update

W: GPG error: http://mirrors.kernel.org etch Release: The following signatures couldn't be verified
because the public key is not available: NO_PUBKEY A70DAF536070D3A1 NO_PUBKEY B5D0C804ADB11277
W: You may want to run apt-get update to correct these problems

Solution: See http://www.backports.org/dokuwiki/doku.php?id=instructions

Problem: This message appears in /var/log/syslog:

Jun  3 08:58:43 crid40876 modprobe: FATAL: Could not load /lib/modules/2.6.18-6-amd64/modules.dep: No such file or directory 

Solution: To (re)generate the modules.dep file...

/lib/modules/2.6.18-6-amd64
depmod -a

Problem: apt-get update returns an error:

Reading package lists... Error!
E: Dynamic MMap ran out of room
...

Solution: Put the following setting in /etc/apt/apt.conf

APT::Cache-Limit "20000000"; 

Problem: apt-get upgrade reports "packages have been kept back"

Explanation: this is caused by missing package dependencies.

Solution: run apt-get dist-upgrade instead. This will install the missing dependent packages, as will be shown below The following NEW packages will be installed:


Quotas

A nice guide to setting up disk quotas can be found here.

LDAP authentication

To get authentication working against LDAP (OpenLDAP).

1) Instal the openssl, libnss-ldap and libpam-ldap packages. You probably also want nscd.

aptitude install openssl libnss-ldap libpam-ldap nscd

2) Setup /etc/ldap.conf as appropriate. e.g.

 host ldap1.example.org
 port 636
 base dc=example,dc=org
 ssl on
 tls_checkpeer no
 tls_ciphers  HIGH:MEDIUM:+SSLv2:RSA
 pam_password crypt

3) Fixup /etc/libnss-ldap.conf and /etc/ldap/ldap.conf as follows

 mv /etc/libnss-ldap.conf /etc/libnss-ldap.conf.orig
 ln -s /etc/ldap.conf /etc/libnss-ldap.conf
 mv /etc/ldap/ldap.conf /etc/ldap/ldap.conf.orig
 mv /usr/share/libnss-ldap/ldap.conf /usr/share/libnss-ldap/ldap.conf.orig
 ln -s /etc/ldap.conf /usr/share/libnss-ldap/ldap.conf
 mv /usr/share/libpam-ldap/ldap.conf /usr/share/libpam-ldap/ldap.conf.orig
 ln -s /etc/ldap.conf /usr/share/libpam-ldap/ldap.conf

4) Setup nsswitch

 Change the following entries in /etc/nsswitch.conf. files might now say compat and that's OK. The point is, you want to append ldap for the three services shown.
 passwd:         files ldap
 group:          files ldap
 shadow:         files ldap

5) Check that nss can see the LDAP server

 getent passwd username
 username:x:12345:100:Some User:/usr/home/username:/bin/tcsh

This means nsswitch(5) is working as expected. If nothing is produced and you know username is setup as a posixUser, try looking in /var/log/auth.log for clues, or use wireshark and/or strace to ascertain what the problem is.

6) Setup pam configuration

 echo "auth    sufficient      /lib/security/pam_ldap.so use_first_pass debug" >> /etc/pam.d/common-auth
 echo "account     sufficient    /lib/security/pam_ldap.so" >> /etc/pam.d/common-account


7) Test it out by, for instance, ssh-ing to the server Hint: turn on debugging using _LogLevel DEBUG_ in /etc/ssh/sshd_config and restart ssh /etc/init.d/ssh restart

Other things to try, login from the console, su - username. If these work, you know the pam config is OK.

A great way to troubleshoot from the server-side is to enable logging (via syslog). In [=slapd.conf] put:

 loglevel        256


Then in syslog.conf put:

 #LDAP
 local4.*                                                /var/log/slapd.log

Then restart syslogd and slapd.

Note: in my environment it was necessary to NOT use rootbinddn or binddn in the ldap.conf. YMMV.

Helpful Links