Novell SUSE Linux Enterprise 10 Installation and Administration

SUSE Linux Enterprise

www.novell.com10

May08,2008 Installation and Administration

Server

Installation and Administration

All content is copyright © Novell, Inc.

Legal Notice

This manual is protected under Novell intellectual property rights. By reproducing, duplicating or
distributing this manual you explicitly agree to conform to the terms and conditions of this license
agreement.

This manual may be freely reproduced, duplicated and distributed either as such or as part of a bundled
package in electronic and/or printed format, provided however that the following conditions are ful­lled:

That this copyright notice and the names of authors and contributors appear clearly and distinctively
on all reproduced, duplicated and distributed copies. That this manual, specically for the printed
format, is reproduced and/or distributed for noncommercial use only. The express authorization of
Novell, Inc must be obtained prior to any other use of any manual or part thereof.

For Novell trademarks, see the Novell Trademark and Service Mark list http://www.novell

.com/company/legal/trademarks/tmlist.html. * Linux is a registered trademark of

Linus Torvalds. All other third party trademarks are the property of their respective owners. A trademark
symbol (®, ™ etc.) denotes a Novell trademark; an asterisk (*) denotes a third party trademark.

All information found in this book has been compiled with utmost attention to detail. However, this
does not guarantee completeaccuracy. Neither Novell, Inc., SUSE LINUX Products GmbH, the authors,
nor the translators shall be held liable for possible errors or the consequences thereof.

Contents

About This Guide xv

Part I Deployment 1

1 Planning for SUSE Linux Enterprise 3

1.1 Considerations for Deployment of a SUSE Linux Enterprise . . . . . . . . 5

1.2 Deployment of SUSE Linux Enterprise . . . . . . . . . . . . . . . . . 5

1.3 Running SUSE Linux Enterprise . . . . . . . . . . . . . . . . . . . . 6

2 Deployment Strategies 7

2.1 Deploying up to 10 Workstations . . . . . . . . . . . . . . . . . . . 7

2.2 Deploying up to 100 Workstations . . . . . . . . . . . . . . . . . . 9

2.3 Deploying More than 100 Workstations . . . . . . . . . . . . . . . 16

3 Installation with YaST 17

3.1 IBM POWER: System Start-Up for Network Installation . . . . . . . . . 17

3.2 IBM System z: System Start-Up for Installation . . . . . . . . . . . . . 18

3.3 System Start-Up for Installation . . . . . . . . . . . . . . . . . . . 18

3.4 The Installation Workow . . . . . . . . . . . . . . . . . . . . . 20

3.5 The Boot Screen . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.6 Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.7 IBM System z: Hard Disk Conguration . . . . . . . . . . . . . . . . 24

3.8 Media Check . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.9 License Agreement . . . . . . . . . . . . . . . . . . . . . . . . 27

3.10 Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . 28

3.11 Clock and Time Zone . . . . . . . . . . . . . . . . . . . . . . . 29

3.12 Installation Settings . . . . . . . . . . . . . . . . . . . . . . . . 29

3.13 Performing the Installation . . . . . . . . . . . . . . . . . . . . . 34

3.14 Conguration of the Installed System . . . . . . . . . . . . . . . . 36

3.15 Graphical Login . . . . . . . . . . . . . . . . . . . . . . . . . . 44

4 Remote Installation 47

4.1 Installation Scenarios for Remote Installation . . . . . . . . . . . . . 47

4.2 Setting Up the Server Holding the Installation Sources . . . . . . . . . 56

4.3 Preparing the Boot of the Target System . . . . . . . . . . . . . . . 66

4.4 Booting the Target System for Installation . . . . . . . . . . . . . . . 76

4.5 Monitoring the Installation Process . . . . . . . . . . . . . . . . . 81

5 Automated Installation 85

5.1 Simple Mass Installation . . . . . . . . . . . . . . . . . . . . . . 85

5.2 Rule-Based Autoinstallation . . . . . . . . . . . . . . . . . . . . . 97

5.3 For More Information . . . . . . . . . . . . . . . . . . . . . . 102

6 Deploying Customized Preinstallations 103

6.1 Preparing the Master Machine . . . . . . . . . . . . . . . . . . . 104

6.2 Customizing the Firstboot Installation . . . . . . . . . . . . . . . . 104

6.3 Cloning the Master Installation . . . . . . . . . . . . . . . . . . . 112

6.4 Personalizing the Installation . . . . . . . . . . . . . . . . . . . . 113

7 Advanced Disk Setup 115

7.1 LVM Conguration . . . . . . . . . . . . . . . . . . . . . . . . 115

7.2 Soft RAID Conguration . . . . . . . . . . . . . . . . . . . . . 123

8 System Conguration with YaST 129

8.1 YaST Language . . . . . . . . . . . . . . . . . . . . . . . . . . 130

8.2 The YaST Control Center . . . . . . . . . . . . . . . . . . . . . 130

8.3 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

8.4 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

8.5 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

8.6 Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 164

8.7 Network Services . . . . . . . . . . . . . . . . . . . . . . . . 165

8.8 AppArmor . . . . . . . . . . . . . . . . . . . . . . . . . . . 172

8.9 Security and Users . . . . . . . . . . . . . . . . . . . . . . . . 172

8.10 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . 181

8.11 Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . 182

8.12 YaST in Text Mode . . . . . . . . . . . . . . . . . . . . . . . . 185

8.13 Managing YaST from the Command Line . . . . . . . . . . . . . . . 188

8.14 SaX2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

8.15 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 197

8.16 For More Information . . . . . . . . . . . . . . . . . . . . . . 197

9 Managing Software with ZENworks 199

9.1 Update from the Command Line with rug . . . . . . . . . . . . . . 200

9.2 Managing Packages with the ZEN Tools . . . . . . . . . . . . . . . 204

9.3 For More Information . . . . . . . . . . . . . . . . . . . . . . 209

10 Updating SUSE Linux Enterprise 211

10.1 Updating SUSE Linux Enterprise . . . . . . . . . . . . . . . . . . 211

10.2 Installing Service Packs . . . . . . . . . . . . . . . . . . . . . . 214

10.3 Software Changes from Version 9 to Version 10 . . . . . . . . . . . 224

Part II Administration 239

11 OpenWBEM 241

11.1 Setting Up OpenWBEM . . . . . . . . . . . . . . . . . . . . . . 243

11.2 Changing the OpenWBEM CIMOM Conguration . . . . . . . . . . . 248

11.3 For More Information . . . . . . . . . . . . . . . . . . . . . . 268

12 Mass Storage over IP Networks—iSCSI 271

12.1 Setting Up an iSCSI Target . . . . . . . . . . . . . . . . . . . . . 271

12.2 Conguring iSCSI Initiator . . . . . . . . . . . . . . . . . . . . . 277

13 iSNS for Linux Overview 281

13.1 How iSNS Works . . . . . . . . . . . . . . . . . . . . . . . . . 281

13.2 iSNS for Linux Installation and Setup . . . . . . . . . . . . . . . . 283

13.3 Setting Up iSNS . . . . . . . . . . . . . . . . . . . . . . . . . 283

13.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 286

14 Oracle Cluster File System 2 287

14.1 O2CB Cluster Service . . . . . . . . . . . . . . . . . . . . . . . 289

14.2 Disk Heartbeat . . . . . . . . . . . . . . . . . . . . . . . . . 289

14.3 In-Memory File Systems . . . . . . . . . . . . . . . . . . . . . . 290

14.4 Management Utilities and Commands . . . . . . . . . . . . . . . . 291

14.5 OCFS2 Packages . . . . . . . . . . . . . . . . . . . . . . . . . 293

14.6 Creating an OCFS2 Volume . . . . . . . . . . . . . . . . . . . . 293

14.7 Mounting an OCFS2 Volume . . . . . . . . . . . . . . . . . . . . 298

14.8 Additional Information . . . . . . . . . . . . . . . . . . . . . . 299

15 Access Control Lists in Linux 301

15.1 Traditional File Permissions . . . . . . . . . . . . . . . . . . . . 301

15.2 Advantages of ACLs . . . . . . . . . . . . . . . . . . . . . . . 303

15.3 Denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

15.4 Handling ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . 304

15.5 ACL Support in Applications . . . . . . . . . . . . . . . . . . . . 312

15.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 312

16 RPM—the Package Manager 313

16.1 Verifying Package Authenticity . . . . . . . . . . . . . . . . . . . 314

16.2 Managing Packages: Install, Update, and Uninstall . . . . . . . . . . . 314

16.3 RPM and Patches . . . . . . . . . . . . . . . . . . . . . . . . 315

16.4 Delta RPM Packages . . . . . . . . . . . . . . . . . . . . . . . 317

16.5 RPM Queries . . . . . . . . . . . . . . . . . . . . . . . . . . 318

16.6 Installing and Compiling Source Packages . . . . . . . . . . . . . . 321

16.7 Compiling RPM Packages with build . . . . . . . . . . . . . . . . . 323

16.8 Tools for RPM Archives and the RPM Database . . . . . . . . . . . . 324

17 System Monitoring Utilities 325

17.1 Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

17.2 Files and File Systems . . . . . . . . . . . . . . . . . . . . . . . 328

17.3 Hardware Information . . . . . . . . . . . . . . . . . . . . . . 330

17.4 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

17.5 The /proc File System . . . . . . . . . . . . . . . . . . . . . . 334

17.6 Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

17.7 System Information . . . . . . . . . . . . . . . . . . . . . . . 341

17.8 User Information . . . . . . . . . . . . . . . . . . . . . . . . 345

17.9 Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . 345

18 Working with the Shell 347

18.1 Getting Started with the Bash Shell . . . . . . . . . . . . . . . . . 348

18.2 Users and Access Permissions . . . . . . . . . . . . . . . . . . . 359

18.3 Important Linux Commands . . . . . . . . . . . . . . . . . . . . 363

18.4 The vi Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Part III System 379

19 32-Bit and 64-Bit Applications in a 64-Bit System Environment 381

19.1 Runtime Support . . . . . . . . . . . . . . . . . . . . . . . . 382

19.2 Software Development . . . . . . . . . . . . . . . . . . . . . . 383

19.3 Software Compilation on Biarch Platforms . . . . . . . . . . . . . . 384

19.4 Kernel Specications . . . . . . . . . . . . . . . . . . . . . . . 386

20 Booting and Conguring a Linux System 387

20.1 The Linux Boot Process . . . . . . . . . . . . . . . . . . . . . . 387

20.2 The init Process . . . . . . . . . . . . . . . . . . . . . . . . . 391

20.3 System Conguration via /etc/syscong . . . . . . . . . . . . . . . 400

21 The Boot Loader 403

21.1 Selecting a Boot Loader . . . . . . . . . . . . . . . . . . . . . . 404

21.2 Booting with GRUB . . . . . . . . . . . . . . . . . . . . . . . . 404

21.3 Conguring the Boot Loader with YaST . . . . . . . . . . . . . . . 414

21.4 Uninstalling the Linux Boot Loader . . . . . . . . . . . . . . . . . 418

21.5 Creating Boot CDs . . . . . . . . . . . . . . . . . . . . . . . . 418

21.6 The Graphical SUSE Screen . . . . . . . . . . . . . . . . . . . . 419

21.7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 420

21.8 For More Information . . . . . . . . . . . . . . . . . . . . . . 422

22 Special System Features 423

22.1 Information about Special Software Packages . . . . . . . . . . . . 423

22.2 Virtual Consoles . . . . . . . . . . . . . . . . . . . . . . . . . 430

22.3 Keyboard Mapping . . . . . . . . . . . . . . . . . . . . . . . . 430

22.4 Language and Country-Specic Settings . . . . . . . . . . . . . . . 431

23 Printer Operation 437

23.1 The Workow of the Printing System . . . . . . . . . . . . . . . . 439

23.2 Methods and Protocols for Connecting Printers . . . . . . . . . . . . 439

23.3 Installing the Software . . . . . . . . . . . . . . . . . . . . . . 440

23.4 Setting Up a Printer . . . . . . . . . . . . . . . . . . . . . . . 441

23.5 Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . 445

23.6 Graphical Printing Interfaces . . . . . . . . . . . . . . . . . . . . 448

23.7 Printing from the Command Line . . . . . . . . . . . . . . . . . . 448

23.8 Special Features in SUSE Linux Enterprise . . . . . . . . . . . . . . 449

23.9 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 453

24 Dynamic Kernel Device Management with udev 461

24.1 The /dev Directory . . . . . . . . . . . . . . . . . . . . . . . 461

24.2 Kernel uevents and udev . . . . . . . . . . . . . . . . . . . . . 462

24.3 Drivers, Kernel Modules, and Devices . . . . . . . . . . . . . . . . 462

24.4 Booting and Initial Device Setup . . . . . . . . . . . . . . . . . . 463

24.5 Debugging udev Events . . . . . . . . . . . . . . . . . . . . . . 463

24.6 Inuencing Kernel Device Event Handling with udev Rules . . . . . . . 464

24.7 Persistent Device Naming . . . . . . . . . . . . . . . . . . . . . 465

24.8 The Replaced hotplug Package . . . . . . . . . . . . . . . . . . . 466

24.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 467

25 File Systems in Linux 469

25.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 469

25.2 Major File Systems in Linux . . . . . . . . . . . . . . . . . . . . 470

25.3 Some Other Supported File Systems . . . . . . . . . . . . . . . . 476

25.4 Large File Support in Linux . . . . . . . . . . . . . . . . . . . . 477

25.5 For More Information . . . . . . . . . . . . . . . . . . . . . . 478

26 The X Window System 481

26.1 Manually Conguring the X Window System . . . . . . . . . . . . . 481

26.2 Installing and Conguring Fonts . . . . . . . . . . . . . . . . . . 488

26.3 For More Information . . . . . . . . . . . . . . . . . . . . . . 494

27 Authentication with PAM 495

27.1 Structure of a PAM Conguration File . . . . . . . . . . . . . . . . 496

27.2 The PAM Conguration of sshd . . . . . . . . . . . . . . . . . . 497

27.3 Conguration of PAM Modules . . . . . . . . . . . . . . . . . . 500

27.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 502

28 Power Management 503

28.1 Power Saving Functions . . . . . . . . . . . . . . . . . . . . . . 504

28.2 APM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

28.3 ACPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507

28.4 Rest for the Hard Disk . . . . . . . . . . . . . . . . . . . . . . 514

28.5 The powersave Package . . . . . . . . . . . . . . . . . . . . . . 515

28.6 The YaST Power Management Module . . . . . . . . . . . . . . . . 524

29 Wireless Communication 529

29.1 Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . . . . 529

Part IV Services 541

30 Basic Networking 543

30.1 IP Addresses and Routing . . . . . . . . . . . . . . . . . . . . . 546

30.2 IPv6—The Next Generation Internet . . . . . . . . . . . . . . . . 549

30.3 Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . 558

30.4 Conguring a Network Connection with YaST . . . . . . . . . . . . 560

30.5 Managing Network Connections with NetworkManager . . . . . . . . 579

30.6 Conguring a Network Connection Manually . . . . . . . . . . . . . 581

30.7 smpppd as Dial-up Assistant . . . . . . . . . . . . . . . . . . . . 597

31 SLP Services in the Network 601

31.1 Activating SLP . . . . . . . . . . . . . . . . . . . . . . . . . . 601

31.2 SLP Front-Ends in SUSE Linux Enterprise . . . . . . . . . . . . . . . 602

31.3 Installation over SLP . . . . . . . . . . . . . . . . . . . . . . . 602

31.4 Providing Services with SLP . . . . . . . . . . . . . . . . . . . . 603

31.5 For More Information . . . . . . . . . . . . . . . . . . . . . . 604

32 Time Synchronization with NTP 605

32.1 Conguring an NTP Client with YaST . . . . . . . . . . . . . . . . 605

32.2 Conguring xntp in the Network . . . . . . . . . . . . . . . . . . 609

32.3 Setting Up a Local Reference Clock . . . . . . . . . . . . . . . . . 609

33 The Domain Name System 611

33.1 DNS Terminology . . . . . . . . . . . . . . . . . . . . . . . . 611

33.2 Conguration with YaST . . . . . . . . . . . . . . . . . . . . . . 612

33.3 Starting the Name Server BIND . . . . . . . . . . . . . . . . . . 622

33.4 The Conguration File /etc/named.conf . . . . . . . . . . . . . . . 624

33.5 Zone Files . . . . . . . . . . . . . . . . . . . . . . . . . . . 628

33.6 Dynamic Update of Zone Data . . . . . . . . . . . . . . . . . . . 633

33.7 Secure Transactions . . . . . . . . . . . . . . . . . . . . . . . 633

33.8 DNS Security . . . . . . . . . . . . . . . . . . . . . . . . . . 635

33.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 635

34 DHCP 637

34.1 Conguring a DHCP Server with YaST . . . . . . . . . . . . . . . . 638

34.2 DHCP Software Packages . . . . . . . . . . . . . . . . . . . . . 649

34.3 The DHCP Server dhcpd . . . . . . . . . . . . . . . . . . . . . 650

34.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 653

35 Using NIS 655

35.1 Conguring NIS Servers . . . . . . . . . . . . . . . . . . . . . . 655

35.2 Conguring NIS Clients . . . . . . . . . . . . . . . . . . . . . . 661

36 LDAP—A Directory Service 663

36.1 LDAP versus NIS . . . . . . . . . . . . . . . . . . . . . . . . . 664

36.2 Structure of an LDAP Directory Tree . . . . . . . . . . . . . . . . 665

36.3 Server Conguration with slapd.conf . . . . . . . . . . . . . . . . 669

36.4 Data Handling in the LDAP Directory . . . . . . . . . . . . . . . . 675

36.5 Conguring an LDAP Server with YaST . . . . . . . . . . . . . . . . 679

36.6 Conguring an LDAP Client with YaST . . . . . . . . . . . . . . . . 684

36.7 Conguring LDAP Users and Groups in YaST . . . . . . . . . . . . . 693

36.8 Browsing the LDAP Directory Tree . . . . . . . . . . . . . . . . . 695

36.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 696

37 Samba 699

37.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 699

37.2 Starting and Stopping Samba . . . . . . . . . . . . . . . . . . . 701

37.3 Conguring a Samba Server . . . . . . . . . . . . . . . . . . . . 701

37.4 Conguring Clients . . . . . . . . . . . . . . . . . . . . . . . . 707

37.5 Samba as Login Server . . . . . . . . . . . . . . . . . . . . . . 708

37.6 Samba Server in the Network with Active Directory . . . . . . . . . . 709

37.7 Migrating a Windows NT Server to Samba . . . . . . . . . . . . . . 711

37.8 For More Information . . . . . . . . . . . . . . . . . . . . . . 713

38 Sharing File Systems with NFS 715

38.1 Installing the Required Software . . . . . . . . . . . . . . . . . . 715

38.2 Importing File Systems with YaST . . . . . . . . . . . . . . . . . . 716

38.3 Importing File Systems Manually . . . . . . . . . . . . . . . . . . 717

38.4 Exporting File Systems with YaST . . . . . . . . . . . . . . . . . . 719

38.5 Exporting File Systems Manually . . . . . . . . . . . . . . . . . . 725

38.6 NFS with Kerberos . . . . . . . . . . . . . . . . . . . . . . . . 728

38.7 For More Information . . . . . . . . . . . . . . . . . . . . . . 728

39 File Synchronization 729

39.1 Available Data Synchronization Software . . . . . . . . . . . . . . . 729

39.2 Determining Factors for Selecting a Program . . . . . . . . . . . . . 731

39.3 Introduction to CVS . . . . . . . . . . . . . . . . . . . . . . . 734

39.4 Introduction to rsync . . . . . . . . . . . . . . . . . . . . . . . 737

40 The Apache HTTP Server 741

40.1 Quick Start . . . . . . . . . . . . . . . . . . . . . . . . . . . 741

40.2 Conguring Apache . . . . . . . . . . . . . . . . . . . . . . . 743

40.3 Starting and Stopping Apache . . . . . . . . . . . . . . . . . . . 757

40.4 Installing, Activating, and Conguring Modules . . . . . . . . . . . . 759

40.5 Getting CGI Scripts to Work . . . . . . . . . . . . . . . . . . . . 766

40.6 Setting Up a Secure Web Server with SSL . . . . . . . . . . . . . . 769

40.7 Avoiding Security Problems . . . . . . . . . . . . . . . . . . . . 774

40.8 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 776

40.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 777

41 The Proxy Server Squid 781

41.1 Some Facts about Proxy Caches . . . . . . . . . . . . . . . . . . 782

41.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . 783

41.3 Starting Squid . . . . . . . . . . . . . . . . . . . . . . . . . . 785

41.4 The Conguration File /etc/squid/squid.conf . . . . . . . . . . . . . 787

41.5 Conguring a Transparent Proxy . . . . . . . . . . . . . . . . . . 793

41.6 cachemgr.cgi . . . . . . . . . . . . . . . . . . . . . . . . . . 796

41.7 squidGuard . . . . . . . . . . . . . . . . . . . . . . . . . . . 798

41.8 Cache Report Generation with Calamaris . . . . . . . . . . . . . . 799

41.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 800

Part V Security 801

42 Managing X.509 Certication 803

42.1 The Principles of Digital Certication . . . . . . . . . . . . . . . . 803

42.2 YaST Modules for CA Management . . . . . . . . . . . . . . . . . 808

43 Masquerading and Firewalls 819

43.1 Packet Filtering with iptables . . . . . . . . . . . . . . . . . . . . 819

43.2 Masquerading Basics . . . . . . . . . . . . . . . . . . . . . . . 822

43.3 Firewalling Basics . . . . . . . . . . . . . . . . . . . . . . . . 824

43.4 SuSErewall2 . . . . . . . . . . . . . . . . . . . . . . . . . . 824

43.5 For More Information . . . . . . . . . . . . . . . . . . . . . . 829

44 SSH: Secure Network Operations 831

44.1 The OpenSSH Package . . . . . . . . . . . . . . . . . . . . . . 831

44.2 The ssh Program . . . . . . . . . . . . . . . . . . . . . . . . . 832

44.3 scp—Secure Copy . . . . . . . . . . . . . . . . . . . . . . . . 832

44.4 sftp—Secure File Transfer . . . . . . . . . . . . . . . . . . . . . 833

44.5 The SSH Daemon (sshd)—Server-Side . . . . . . . . . . . . . . . . 833

44.6 SSH Authentication Mechanisms . . . . . . . . . . . . . . . . . . 834

44.7 X, Authentication, and Forwarding Mechanisms . . . . . . . . . . . . 836

45 Network Authentication—Kerberos 837

45.1 Kerberos Terminology . . . . . . . . . . . . . . . . . . . . . . 837

45.2 How Kerberos Works . . . . . . . . . . . . . . . . . . . . . . . 839

45.3 Users' View of Kerberos . . . . . . . . . . . . . . . . . . . . . . 842

45.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 843

46 Installing and Administering Kerberos 845

46.1 Choosing the Kerberos Realms . . . . . . . . . . . . . . . . . . . 845

46.2 Setting Up the KDC Hardware . . . . . . . . . . . . . . . . . . . 846

46.3 Clock Synchronization . . . . . . . . . . . . . . . . . . . . . . 847

46.4 Conguring the KDC . . . . . . . . . . . . . . . . . . . . . . . 847

46.5 Manually Conguring Kerberos Clients . . . . . . . . . . . . . . . 850

46.6 Conguring a Kerberos Client with YaST . . . . . . . . . . . . . . . 853

46.7 Remote Kerberos Administration . . . . . . . . . . . . . . . . . . 855

46.8 Creating Kerberos Host Principals . . . . . . . . . . . . . . . . . 857

46.9 Enabling PAM Support for Kerberos . . . . . . . . . . . . . . . . 859

46.10 Conguring SSH for Kerberos Authentication . . . . . . . . . . . . . 860

46.11 Using LDAP and Kerberos . . . . . . . . . . . . . . . . . . . . . 861

47 Encrypting Partitions and Files 865

47.1 Setting Up an Encrypted File System with YaST . . . . . . . . . . . . 866

47.2 Using Encrypted Home Directories . . . . . . . . . . . . . . . . . 869

47.3 Using vi to Encrypt Single ASCII Text Files . . . . . . . . . . . . . . 870

48 Conning Privileges with AppArmor 871

48.1 Installing Novell AppArmor . . . . . . . . . . . . . . . . . . . . 872

48.2 Enabling and Disabling Novell AppArmor . . . . . . . . . . . . . . 872

48.3 Getting Started with Proling Applications . . . . . . . . . . . . . 874

49 Security and Condentiality 881

49.1 Local Security and Network Security . . . . . . . . . . . . . . . . 882

49.2 Some General Security Tips and Tricks . . . . . . . . . . . . . . . 891

49.3 Using the Central Security Reporting Address . . . . . . . . . . . . 893

Part VI Troubleshooting 895

50 Help and Documentation 897

50.1 Using the SUSE Help Center . . . . . . . . . . . . . . . . . . . . 897

50.2 Man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . 901

50.3 Info Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . 902

50.4 The Linux Documentation Project . . . . . . . . . . . . . . . . . 902

50.5 Wikipedia: The Free Online Encyclopedia . . . . . . . . . . . . . . 903

50.6 Guides and Books . . . . . . . . . . . . . . . . . . . . . . . . 903

50.7 Package Documentation . . . . . . . . . . . . . . . . . . . . . 904

50.8 Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 905

50.9 Standards and Specications . . . . . . . . . . . . . . . . . . . . 905

51 Common Problems and Their Solutions 909

51.1 Finding and Gathering Information . . . . . . . . . . . . . . . . . 909

51.2 Installation Problems . . . . . . . . . . . . . . . . . . . . . . . 912

51.3 Boot Problems . . . . . . . . . . . . . . . . . . . . . . . . . 920

51.4 Login Problems . . . . . . . . . . . . . . . . . . . . . . . . . 923

51.5 Network Problems . . . . . . . . . . . . . . . . . . . . . . . . 929

51.6 Data Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 934

51.7 IBM System z: Using initrd as a Rescue System . . . . . . . . . . . . 946

Index 951

About This Guide

This guide is intended for use by professional network and system administrators during
the actual planning, deployment, conguration, and operation of SUSE Linux Enter­prise®. As such, it is solely concerned with ensuring that SUSE Linux Enterprise is
properly congured and that the required services on the network are available to allow
it to function properly as initially installed. This guide does not cover the process of
ensuring that SUSE Linux Enterprise offers proper compatibility with your enterprise's
application software or that its core functionality meets those requirements. It assumes
that a full requirements audit has been done and the installation has been requested or
that a test installation, for the purpose of such an audit, has been requested.

This guide contains the following:

Deployment

Before you install SUSE Linux Enterprise, choose the deployment strategy and
disk setup that is best suited for your scenario. Learn how to install your system
manually, how to use network installation setups, and how to perform an autoinstal­lation. Congure the installed system with YaST to adapt it to your requirements.

Administration

SUSE Linux Enterprise offers a wide range of tools to customize various aspects
of the system. This part introduces a few of them.

System

Learn more about the underlying operating system by studying this part. SUSE
Linux Enterprise supports a number of hardware architectures and you can use this
to adapt your own applications to run on SUSE Linux Enterprise. The boot loader
and boot procedure information assists you in understanding how your Linux system
works and how your own custom scripts and applications may blend in with it.

Services

SUSE Linux Enterprise is designed to be a network operating system. It offers a
wide range of network services, such as DNS, DHCP, Web, proxy, and authentica­tion services, and integrates well into heterogeneous environments including MS
Windows clients and servers.

Security

This edition of SUSE Linux Enterprise includes several security-related features.
It ships with Novell® AppArmor, which enables you to protect your applications
by restricting privileges. Secure login, rewalling, and le system encryption are
covered as well.

Troubleshooting

SUSE Linux Enterprise includes a wealth of applications, tools, and documentation
should you need them in case of trouble. Some of the most common problems that
can occur with SUSE Linux Enterprise and their solutions are discussed in detail.

1 Feedback

We want to hear your comments and suggestions about this manual and the other doc­umentation included with this product. Please use the User Comments feature at the
bottom of each page of the online documentation and enter your comments there.

2 Documentation Updates

For the latest version of this documentation, see the SUSE Linux Enterprise Server
Web site [http://www.novell.com/documentation/sles10/index

.html].

3 Additional Documentation

For additional documentation on this product, refer to http://www.novell.com/

documentation/sles10/index.html:

Start-Up Guide

Basic information about installation types and work ows.

Architecture-Specic Information

Architecture-specic information needed to prepare a SUSE Linux Enterprise
Server target for installation.

xvi Installation and Administration

Novell AppArmor Administration Guide

An in-depth administration guide to Novell AppArmor that introduces application
connement for heightened security in your environment.

Storage Administration Guide

An introduction to managing various types of storage devices on SUSE Linux En­terprise.

Heartbeat Guide

An in-depth administration guide to setting up high availability scenarios with
Heartbeat.

Novell Virtualization Technology User Guide

An introduction to virtualization solutions based on SUSE Linux Enterprise and
the Xen* virtualization technology.

For a documentation overview on the SUSE® Linux Enterprise Desktop product, refer
to http://www.novell.com/documentation/sled10/index.html. The
following manuals are exclusively available for SUSE Linux Enterprise Desktop:

GNOME User Guide

A comprehensive guide to the GNOME desktop and its most important applications.

KDE User Guide

A comprehensive guide to the KDE desktop and its most important applications.

Deployment Guide

An in-depth guide for administrators facing the deployment and management of
SUSE Linux Enterprise Desktop.

Novell AppArmor Administration Guide

An in-depth administration guide to Novell AppArmor that introduces application
connement for heightened security in your environment.

Many chapters in this manual contain links to additional documentationresources. This
includes additional documentation that is available on the system as well as documen­tation available on the Internet.

About This Guide xvii

4 Documentation Conventions

The following typographical conventions are used in this manual:

• /etc/passwd: lenames and directory names

• placeholder: replace placeholder with the actual value

• PATH: the environment variable PATH

• ls, --help: commands, options, and parameters

• user: users or groups

•

Alt, Alt + F1: a key to press or a key combination; keys are shown in uppercase as

on a keyboard

•

File, File > Save As: menu items, buttons

• ►amd64 ipf: This paragraph is only relevant for the specied architectures. The
arrows mark the beginning and the end of the text block.◄

►ipseries s390 zseries: This paragraph is only relevant for the specied architec­tures. The arrows mark the beginning and the end of the text block.◄

•

Dancing Penguins (Chapter Penguins, ↑Another Manual): This is a reference to a
chapter in another manual.

xviii Installation and Administration

Part I. Deployment

Planning for SUSE Linux
Enterprise

The implementation of an operating system either in an existing IT environment or as
a completely new rollout must be carefully prepared. With SUSE Linux Enterprise 10,
get a variety of new features. It is impossible to describe all the new features here. The
following is just a list of major enhancements that might be of interest.

Xen 3.0 Virtualization

Runs many virtual machines on a single server, each with its own instance of an
operating system. For more information about this technology, see the virtualization
manual on http://www.novell.com/documentation/sles10/index

.html.

YaST

Several new conguration options have been developed for YaST. These are nor­mally described in the chapters about the technology involved.

CIM Management with openWBEM

The Common Information Model Object Manager (CIMON) is a Web-based enter­prise management utility. It provides a mature management framework. See also

Chapter 11, OpenWBEM (page 241).

SPident

The management utility SPident gives an overview of the installed software base
and claries the current service pack level of the system.

1

Directory Services

Several LDAP-compliant directory services are available:

Planning for SUSE Linux Enterprise 3

• Microsoft Active Directory

• OpenLDAP

Novell AppArmor

Harden your System with the Novell AppArmor technology. This service is de­scribed in depth in Novell AppArmor Administration Guide (↑Novell AppArmor
Administration Guide).

iSCSI

iSCSI provides an easy and reasonably inexpensive solution for connecting Linux
computers to central storage systems. Find more information about iSCSI in

Chapter 12, Mass Storage over IP Networks—iSCSI (page 271).

Network File System v4

Starting with version 10, SUSE Linux Enterprise supports NFS also in version 4.
This gives you performance improvements, strong security, and a “stateful” protocol.
See also Chapter 38, Sharing File Systems with NFS (page 715).

Oracle Cluster File System 2

OCFS2 is a general-purpose journaling le system that is fully integrated in the
Linux 2.6 kernel and later. Find an overview of OCFS2 in Chapter 14, Oracle

Cluster File System 2 (page 287).

Heartbeat 2

Heartbeat 2 provides a cluster membership and messaging infrastructure. The setup
of such a cluster is described in the Heartbeat Guide.

Multipath I/O

Device mapping multipath IO features automatic conguration of the subsystem
for a large variety of setups. For details, see the chapter about multipath I/O in
Storage Administration Guide.

Linux Kernel Crash Dump

Debugging kernel-related problems is now much more comfortable when using
Kexec and Kdump. This technology is available on x86, AMD64, Intel 64, and
POWER platforms.

4 Installation and Administration

1.1 Considerations for Deployment of a SUSE Linux Enterprise

At the beginning of the planning process, you should try to dene the project goals and
needed features. This must be done individually for each project, but the questions to
answer should include the following:

• How many installations should be done? Depending on this, the best deployment
method differs. See also Chapter 2, Deployment Strategies (page 7).

•

Will the system be in a hostile environment? Have a look at Chapter 49, Security

and Condentiality (page 881) to get an overview of consequences.

• How will you get regular updates? All patches are provided online for registered
users. Find the registration and patch support database at http://www.novell

.com/suselinuxportal.

• Do you need help for your local installation? Novell provides training, support,
and consulting for all topics around SUSE Linux Enterprise. Find more information
about this at http://www.novell.com/products/

linuxenterpriseserver/.

• Do you need third-party products? Make sure that the required product is also
supported on the desired platform. Novell can also provide help to port software
to different platforms when needed.

1.2 Deployment of SUSE Linux Enterprise

To make sure that your system will run awlessly, always try to use certied hardware.
The hardware certication process is an ongoing process and the database of certied
hardware is updated regularly. Find the search form for certied hardware at http://

developer.novell.com/yessearch/Search.jsp.

Depending on the number of desired installations, it is benecial to use installation
servers or even completely automatic installations. Have a look at Chapter 2, Deployment

Planning for SUSE Linux Enterprise 5

Strategies (page 7) for more information. When using the Xen virtualization technolo-

gies, network root le systems or network storage solutions like iSCSI should be con­sidered. See also Chapter 12, Mass Storage over IP Networks—iSCSI (page 271).

SUSE Linux Enterprise provides you with a broad variety of services. Find an overview
of the documentation in this book in About This Guide (page xv). Most of the needed
congurations can be made with YaST, the SUSE conguration utility. In addition to
that, many manual congurations are described in the corresponding chapters.

In addition to the plain software installation, you should consider training the end users
of the systems as well as help desk staff.

1.3 Running SUSE Linux Enterprise

The SUSE Linux Enterprise operating system is a well-tested and stable system. Unfor­tunately, this does not prevent hardware failures or other causes for downtime or data
loss. For any serious computing task where data loss could occur, a regular backup
should be done.

For optimal security and safe work, you should make regular updates of all the operated
machines. If you have a mission critical server, you should probably run a second
identical machine where you can apply all changes for testing purposes before doing
so on the real system. This also gives you the possibility to switch machines in case of
hardware failure.

6 Installation and Administration

Deployment Strategies

There are several different ways to deploy SUSE® Linux Enterprise. Choose from
various approaches ranging from a local installation using physical media or a network
installation server to a mass deployment using a remote-controlled, highly-customized,
and automated installation technique. Select the method that best matches your require­ments.

2.1 Deploying up to 10 Workstations

If your deployment of SUSE Linux Enterprise only involves 1 to 10 workstations, the
easiest and least complex way of deploying SUSE Linux Enterprise is a plain manual
installation as featured in Chapter 3, Installation with YaST (page 17). Manual installa-
tion can be done in several different ways depending on your requirements:

Installing from the SUSE Linux Enterprise Media (page 8)

Consider this approach if you want to install a single, disconnected workstation.

Installing from a Network Server Using SLP (page 8)

Consider this approach if you have a single workstation or a small number of
workstations and if a network installation server announced via SLP is available.

2

Installing from a Network Server (page 9)

Consider this approach if you have a single workstation or a small number of
workstations and if a network installation server is available.

Deployment Strategies 7

Table 2.1

Installing from the SUSE Linux Enterprise Media

SUSE Linux Enterprise media kitInstallation Source

Tasks Requiring Manual Inter­action

Details

Table 2.2

Installation Source

Tasks Requiring Manual
Interaction

Installing from a Network Server Using SLP

• Inserting the installation media

• Booting the installation target

• Changing media

• Determining the YaST installation scope

• Conguring the system with YaST system

NoneRemotely Controlled Tasks

Section 3.3.2, “Installing from the SUSE Linux En­terprise Media” (page 19)

Network installation server holding the SUSE Linux
Enterprise installation media

• Inserting the boot disk

• Booting installation target

Details

8 Installation and Administration

• Determining the YaST installation scope

• Conguring the system with YaST

None, but this method can be combined with VNCRemotely Controlled Tasks

Section 3.3.3, “Installing from a Network Server Using
SLP” (page 19)

Table 2.3

Installing from a Network Server

Installation Source

Tasks Requiring Manual
Interaction

Details

Network installation server holding the SUSE Linux
Enterprise installation media

• Inserting the boot disk

• Providing boot options

• Booting the installation target

• Determining the YaST installation scope

• Conguring the system with YaST

None, but method can be combined with VNCRemotely Controlled Tasks

Section 3.3.4, “Installing from a Network Source with­out SLP” (page 20)

2.2 Deploying up to 100 Workstations

With a growing numbers of workstations to install, you certainly do not want to install
and congure each one of them manually. There are many automated or semiautomated
approaches as well as several options to perform an installation with minimal to no
physical user interaction.

Before considering a fully-automated approach, take into account that the more complex
the scenario gets the longer it takes to set up. If a time limit is associated with your de­ployment, it might be a good idea to select a less complex approach that can be carried
out much more quickly. Automation makes sense for huge deployments and those that
need to be carried out remotely.

Choose from the following options:

Simple Remote Installation via VNC—Static Network Conguration (page 11)

Consider this approach in a small to medium scenario with a static network setup.
A network, network installation server, and VNC viewer application are required.

Deployment Strategies 9

Simple Remote Installation via VNC—Dynamic Network Conguration (page 11)

Consider this approach in a small to medium scenario with dynamic network setup
through DHCP. A network, network installation server, and VNC viewer application
are required.

Remote Installation via VNC—PXE Boot and Wake on LAN (page 12)

Consider this approach in a small to medium scenario that should be installed via
network and without physical interaction with the installation targets. A network,
a network installation server, network boot images, network bootable target hard­ware, and a VNC viewer application are required.

Simple Remote Installation via SSH—Static Network Conguration (page 12)

Consider this approach in a small to medium scenario with static network setup.
A network, network installation server, and SSH client application are required.

Remote Installation via SSH—Dynamic Network Conguration (page 13)

Consider this approach in a small to medium scenario with dynamic network setup
through DHCP. A network, network installation server, and SSH client application
are required.

Remote Installation via SSH—PXE Boot and Wake on LAN (page 13)

Consider this approach in a small to medium scenario that should be installed via
network and without physical interaction with the installation targets. A network,
a network installation server, network boot images, network bootable target hard­ware, and an SSH client application are required.

Simple Mass Installation (page 14)

Consider this approach for large deployments to identical machines. If congured
to use network booting, physical interaction with the target systems is not needed
at all. A network, a network installation server, a remote controlling application
such as a VNC viewer or an SSH client, and an AutoYaST conguration prole
are required. If using network boot, a network boot image and network bootable
hardware are required as well.

Rule-Based Autoinstallation (page 15)

Consider this approach for large deployments to various types of hardware. If
congured to use network booting, physical interaction with the target systems is
not needed at all. A network, a network installation server, a remote controlling
application such as a VNC viewer or an SSH client, and several AutoYaST con­guration proles as well as a rule setup for AutoYaST are required. If using network
boot, a network boot image and network bootable hardware are required as well.

10 Installation and Administration

Table 2.4

Preparations • Setting up an installation source

Drawbacks • Each machine must be set up individually

Simple Remote Installation via VNC—Static Network Conguration

NetworkInstallation Source

• Booting from the installation media

Remote: VNCControl and Monitoring

small to medium scenarios with varying hardwareBest Suited For

• Physical access is needed for booting

Details

Table 2.5

Preparations • Setting up the installation source

Drawbacks • Each machine must be set up individually

Simple Remote Installation via VNC—Dynamic Network Conguration

Section 4.1.1, “Simple Remote Installation via
VNC—Static Network Conguration” (page 48)

NetworkInstallation Source

• Booting from the installation media

Remote: VNCControl and Monitoring

Small to medium scenarios with varying hardwareBest Suited For

• Physical access is needed for booting

Deployment Strategies 11

Details

Section 4.1.2, “Simple Remote Installation via
VNC—Dynamic Network Conguration” (page 49)

Table 2.6

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

Details

Table 2.7

Remote Installation via VNC—PXE Boot and Wake on LAN

NetworkInstallation Source

• Conguring DHCP, TFTP, PXE boot, and WOL

• Booting from the network

Remote: VNCControl and Monitoring

• Completely remote installs; cross-site deployment

Each machine must be set up manuallyDrawbacks

Section 4.1.3, “Remote Installation via VNC—PXE
Boot and Wake on LAN” (page 51)

Simple Remote Installation via SSH—Static Network Conguration

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

12 Installation and Administration

NetworkInstallation Source

• Booting from the installation media

Remote: SSHControl and Monitoring