SUSE Linux Enterprise Desktop 10 SP2 GNOME User Guide

SUSE Linux Enterprise

www.novell.com10 SP2

May08,2008 Deployment Guide

Desktop

Deployment Guide

All content is copyright © Novell, Inc.

Legal Notice

This manual is protected under Novell intellectual property rights. By reproducing, duplicating or
distributing this manual you explicitly agree to conform to the terms and conditions of this license
agreement.

This manual may be freely reproduced, duplicated and distributed either as such or as part of a bundled
package in electronic and/or printed format, provided however that the following conditions are ful­lled:

That this copyright notice and the names of authors and contributors appear clearly and distinctively
on all reproduced, duplicated and distributed copies. That this manual, specically for the printed
format, is reproduced and/or distributed for noncommercial use only. The express authorization of
Novell, Inc must be obtained prior to any other use of any manual or part thereof.

For Novell trademarks, see the Novell Trademark and Service Mark list http://www.novell

.com/company/legal/trademarks/tmlist.html. * Linux is a registered trademark of

Linus Torvalds. All other third party trademarks are the property of their respective owners. A trademark
symbol (®, ™ etc.) denotes a Novell trademark; an asterisk (*) denotes a third party trademark.

All information found in this book has been compiled with utmost attention to detail. However, this
does not guarantee completeaccuracy. Neither Novell, Inc., SUSE LINUX Products GmbH, the authors,
nor the translators shall be held liable for possible errors or the consequences thereof.

Contents

About This Guide xiii

Part I Deployment 1

1 Planning for SUSE Linux Enterprise Desktop 3

1.1 Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . 4

1.2 Reasons to Use SUSE Linux Enterprise Desktop . . . . . . . . . . . . . 4

2 Deployment Strategies 7

2.1 Deploying up to 10 Workstations . . . . . . . . . . . . . . . . . . . 7

2.2 Deploying up to 100 Workstations . . . . . . . . . . . . . . . . . . 9

2.3 Deploying More than 100 Workstations . . . . . . . . . . . . . . . 16

3 Installation with YaST 17

3.1 System Start-Up for Installation . . . . . . . . . . . . . . . . . . . 17

3.2 The Installation Workow . . . . . . . . . . . . . . . . . . . . . 19

3.3 The Boot Screen . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.4 Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.5 Media Check . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.6 License Agreement . . . . . . . . . . . . . . . . . . . . . . . . 24

3.7 Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.8 Clock and Time Zone . . . . . . . . . . . . . . . . . . . . . . . 25

3.9 Installation Settings . . . . . . . . . . . . . . . . . . . . . . . . 25

3.10 Performing the Installation . . . . . . . . . . . . . . . . . . . . . 30

3.11 Conguration of the Installed System . . . . . . . . . . . . . . . . 31

3.12 Graphical Login . . . . . . . . . . . . . . . . . . . . . . . . . . 38

4 Remote Installation 39

4.1 Installation Scenarios for Remote Installation . . . . . . . . . . . . . 39

4.2 Setting Up the Server Holding the Installation Sources . . . . . . . . . 48

4.3 Preparing the Boot of the Target System . . . . . . . . . . . . . . . 58

4.4 Booting the Target System for Installation . . . . . . . . . . . . . . . 68

4.5 Monitoring the Installation Process . . . . . . . . . . . . . . . . . 73

5 Automated Installation 77

5.1 Simple Mass Installation . . . . . . . . . . . . . . . . . . . . . . 77

5.2 Rule-Based Autoinstallation . . . . . . . . . . . . . . . . . . . . . 89

5.3 For More Information . . . . . . . . . . . . . . . . . . . . . . . 94

6 Deploying Customized Preinstallations 95

6.1 Preparing the Master Machine . . . . . . . . . . . . . . . . . . . 96

6.2 Customizing the Firstboot Installation . . . . . . . . . . . . . . . . 96

6.3 Cloning the Master Installation . . . . . . . . . . . . . . . . . . . 104

6.4 Personalizing the Installation . . . . . . . . . . . . . . . . . . . . 105

7 Advanced Disk Setup 107

7.1 LVM Conguration . . . . . . . . . . . . . . . . . . . . . . . . 107

7.2 Soft RAID Conguration . . . . . . . . . . . . . . . . . . . . . 113

8 System Conguration with YaST 119

8.1 YaST Language . . . . . . . . . . . . . . . . . . . . . . . . . . 120

8.2 The YaST Control Center . . . . . . . . . . . . . . . . . . . . . 120

8.3 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

8.4 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.5 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

8.6 Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 155

8.7 Network Services . . . . . . . . . . . . . . . . . . . . . . . . 156

8.8 AppArmor . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

8.9 Security and Users . . . . . . . . . . . . . . . . . . . . . . . . 160

8.10 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . 169

8.11 Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . 170

8.12 YaST in Text Mode . . . . . . . . . . . . . . . . . . . . . . . . 172

8.13 Managing YaST from the Command Line . . . . . . . . . . . . . . . 176

8.14 Update from the Command Line with rug . . . . . . . . . . . . . . 179

8.15 SaX2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

8.16 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 188

8.17 For More Information . . . . . . . . . . . . . . . . . . . . . . 189

9 Updating SUSE Linux Enterprise 191

9.1 Updating SUSE Linux Enterprise . . . . . . . . . . . . . . . . . . 191

9.2 Installing Service Packs . . . . . . . . . . . . . . . . . . . . . . 194

9.3 Software Changes from Version 9 to Version 10 . . . . . . . . . . . 204

Part II Administration 217

10 GNOME Conguration for Administrators 219

10.1 Using GConf for Defaults . . . . . . . . . . . . . . . . . . . . . 220

10.2 Customizing Menus . . . . . . . . . . . . . . . . . . . . . . . 244

10.3 Installing Themes . . . . . . . . . . . . . . . . . . . . . . . . 257

10.4 Conguring Fonts . . . . . . . . . . . . . . . . . . . . . . . . 263

10.5 MIME Types . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

10.6 Setting Screensavers . . . . . . . . . . . . . . . . . . . . . . . 266

10.7 Session Management . . . . . . . . . . . . . . . . . . . . . . . 268

10.8 Improving Performance . . . . . . . . . . . . . . . . . . . . . . 269

10.9 Hidden Directories . . . . . . . . . . . . . . . . . . . . . . . . 278

10.10 Security Note on Conguring SMB Printers . . . . . . . . . . . . . 280

10.11 Disabling GNOME Desktop Features . . . . . . . . . . . . . . . . 280

10.12 Starting Applications Automatically . . . . . . . . . . . . . . . . . 283

10.13 Automounting and Managing Media Devices . . . . . . . . . . . . . 284

10.14 Changing Preferred Applications . . . . . . . . . . . . . . . . . . 284

10.15 Managing Proles Using Sabayon . . . . . . . . . . . . . . . . . . 284

10.16 Adding Document Templates . . . . . . . . . . . . . . . . . . . 288

11 KDE Conguration for Administrators 289

11.1 Managing Proles Using the KIOSK Admin Tool . . . . . . . . . . . . 289

11.2 Managing Proles Manually . . . . . . . . . . . . . . . . . . . . 297

12 Active Directory Support 303

12.1 Integrating Linux and AD Environments . . . . . . . . . . . . . . . 303

12.2 Background Information for Linux AD Support . . . . . . . . . . . . 304

12.3 Conguring a Linux Client for Active Directory . . . . . . . . . . . . 309

12.4 Logging In to an AD Domain . . . . . . . . . . . . . . . . . . . . 313

12.5 Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . 314

13 Access Control Lists in Linux 317

13.1 Traditional File Permissions . . . . . . . . . . . . . . . . . . . . 317

13.2 Advantages of ACLs . . . . . . . . . . . . . . . . . . . . . . . 319

13.3 Denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

13.4 Handling ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . 320

13.5 ACL Support in Applications . . . . . . . . . . . . . . . . . . . . 328

13.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 328

14 System Monitoring Utilities 329

14.1 Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

14.2 Files and File Systems . . . . . . . . . . . . . . . . . . . . . . . 332

14.3 Hardware Information . . . . . . . . . . . . . . . . . . . . . . 334

14.4 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

14.5 The /proc File System . . . . . . . . . . . . . . . . . . . . . . 338

14.6 Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

14.7 System Information . . . . . . . . . . . . . . . . . . . . . . . 345

14.8 User Information . . . . . . . . . . . . . . . . . . . . . . . . 349

14.9 Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . 349

15 Working with the Shell 351

15.1 Getting Started with the Bash Shell . . . . . . . . . . . . . . . . . 352

15.2 Users and Access Permissions . . . . . . . . . . . . . . . . . . . 363

15.3 Important Linux Commands . . . . . . . . . . . . . . . . . . . . 367

15.4 The vi Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Part III System 383

16 32-Bit and 64-Bit Applications in a 64-Bit System Environment 385

16.1 Runtime Support . . . . . . . . . . . . . . . . . . . . . . . . 385

16.2 Software Development . . . . . . . . . . . . . . . . . . . . . . 386

16.3 Software Compilation on Biarch Platforms . . . . . . . . . . . . . . 387

16.4 Kernel Specications . . . . . . . . . . . . . . . . . . . . . . . 388

17 Booting and Conguring a Linux System 389

17.1 The Linux Boot Process . . . . . . . . . . . . . . . . . . . . . . 389

17.2 The init Process . . . . . . . . . . . . . . . . . . . . . . . . . 393

17.3 System Conguration via /etc/syscong . . . . . . . . . . . . . . . 401

18 The Boot Loader 405

18.1 Selecting a Boot Loader . . . . . . . . . . . . . . . . . . . . . . 406

18.2 Booting with GRUB . . . . . . . . . . . . . . . . . . . . . . . . 406

18.3 Conguring the Boot Loader with YaST . . . . . . . . . . . . . . . 416

18.4 Uninstalling the Linux Boot Loader . . . . . . . . . . . . . . . . . 420

18.5 Creating Boot CDs . . . . . . . . . . . . . . . . . . . . . . . . 420

18.6 The Graphical SUSE Screen . . . . . . . . . . . . . . . . . . . . 421

18.7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 422

18.8 For More Information . . . . . . . . . . . . . . . . . . . . . . 424

19 Special System Features 425

19.1 Information about Special Software Packages . . . . . . . . . . . . 425

19.2 Virtual Consoles . . . . . . . . . . . . . . . . . . . . . . . . . 432

19.3 Keyboard Mapping . . . . . . . . . . . . . . . . . . . . . . . . 432

19.4 Language and Country-Specic Settings . . . . . . . . . . . . . . . 433

20 Printer Operation 439

20.1 The Workow of the Printing System . . . . . . . . . . . . . . . . 441

20.2 Methods and Protocols for Connecting Printers . . . . . . . . . . . . 441

20.3 Installing the Software . . . . . . . . . . . . . . . . . . . . . . 442

20.4 Setting Up a Printer . . . . . . . . . . . . . . . . . . . . . . . 443

20.5 Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . 447

20.6 Graphical Printing Interfaces . . . . . . . . . . . . . . . . . . . . 450

20.7 Printing from the Command Line . . . . . . . . . . . . . . . . . . 450

20.8 Special Features in SUSE Linux Enterprise . . . . . . . . . . . . . . 451

20.9 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 455

21 Dynamic Kernel Device Management with udev 463

21.1 The /dev Directory . . . . . . . . . . . . . . . . . . . . . . . 463

21.2 Kernel uevents and udev . . . . . . . . . . . . . . . . . . . . . 464

21.3 Drivers, Kernel Modules, and Devices . . . . . . . . . . . . . . . . 464

21.4 Booting and Initial Device Setup . . . . . . . . . . . . . . . . . . 465

21.5 Debugging udev Events . . . . . . . . . . . . . . . . . . . . . . 465

21.6 Inuencing Kernel Device Event Handling with udev Rules . . . . . . . 466

21.7 Persistent Device Naming . . . . . . . . . . . . . . . . . . . . . 467

21.8 The Replaced hotplug Package . . . . . . . . . . . . . . . . . . . 468

21.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 469

22 File Systems in Linux 471

22.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

22.2 Major File Systems in Linux . . . . . . . . . . . . . . . . . . . . 472

22.3 Some Other Supported File Systems . . . . . . . . . . . . . . . . 477

22.4 Large File Support in Linux . . . . . . . . . . . . . . . . . . . . 478

22.5 For More Information . . . . . . . . . . . . . . . . . . . . . . 479

23 The X Window System 481

23.1 Manually Conguring the X Window System . . . . . . . . . . . . . 481

23.2 Installing and Conguring Fonts . . . . . . . . . . . . . . . . . . 487

23.3 For More Information . . . . . . . . . . . . . . . . . . . . . . 493

24 Authentication with PAM 495

24.1 Structure of a PAM Conguration File . . . . . . . . . . . . . . . . 496

24.2 The PAM Conguration of sshd . . . . . . . . . . . . . . . . . . 497

24.3 Conguration of PAM Modules . . . . . . . . . . . . . . . . . . 500

24.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 502

25 Mobile Computing with Linux 503

25.1 Laptops . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

25.2 Mobile Hardware . . . . . . . . . . . . . . . . . . . . . . . . 511

25.3 Cellular Phones and PDAs . . . . . . . . . . . . . . . . . . . . . 512

25.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 513

26 PCMCIA 515

26.1 Controlling PCMCIA Cards Using pccardctl . . . . . . . . . . . . . . 516

26.2 PCMCIA in Detail . . . . . . . . . . . . . . . . . . . . . . . . 516

26.3 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 519

27 System Conguration Prole Management 523

27.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

27.2 Setting Up SCPM . . . . . . . . . . . . . . . . . . . . . . . . . 525

27.3 Conguring SCPM Using a Graphical User Interface . . . . . . . . . . 526

27.4 Conguring SCPM Using the Command Line . . . . . . . . . . . . . 532

27.5 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 535

27.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 536

28 Power Management 537

28.1 Power Saving Functions . . . . . . . . . . . . . . . . . . . . . . 537

28.2 APM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539

28.3 ACPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540

28.4 Rest for the Hard Disk . . . . . . . . . . . . . . . . . . . . . . 547

28.5 The powersave Package . . . . . . . . . . . . . . . . . . . . . . 549

28.6 The YaST Power Management Module . . . . . . . . . . . . . . . . 557

29 Wireless Communication 563

29.1 Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . . . . 563

29.2 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

29.3 Infrared Data Transmission . . . . . . . . . . . . . . . . . . . . 584

29.4 Managing UMTS/3G Network Connections . . . . . . . . . . . . . . 587

Part IV Services 593

30 Basic Networking 595

30.1 IP Addresses and Routing . . . . . . . . . . . . . . . . . . . . . 598

30.2 IPv6—The Next Generation Internet . . . . . . . . . . . . . . . . 601

30.3 Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . 610

30.4 Conguring a Network Connection with YaST . . . . . . . . . . . . 612

30.5 Managing Network Connections with NetworkManager . . . . . . . . 627

30.6 Conguring a Network Connection Manually . . . . . . . . . . . . . 630

30.7 smpppd as Dial-up Assistant . . . . . . . . . . . . . . . . . . . . 645

31 SLP Services in the Network 649

31.1 Activating SLP . . . . . . . . . . . . . . . . . . . . . . . . . . 649

31.2 SLP Front-Ends in SUSE Linux Enterprise . . . . . . . . . . . . . . . 650

31.3 Providing Services with SLP . . . . . . . . . . . . . . . . . . . . 650

31.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 652

32 Time Synchronization with NTP 653

32.1 Conguring an NTP Client with YaST . . . . . . . . . . . . . . . . 654

32.2 Conguring xntp in the Network . . . . . . . . . . . . . . . . . . 657

32.3 Setting Up a Local Reference Clock . . . . . . . . . . . . . . . . . 657

33 Using NIS 659

33.1 Conguring NIS Clients . . . . . . . . . . . . . . . . . . . . . . 659

34 Conguring eDirectory Authentication 661

34.1 Setting Up Workstations to Use eDirectory Authentication . . . . . . . 662

34.2 Using iManager to Enable Users for eDirectory Authentication . . . . . 666

34.3 Turning Off LUM and eDirectory Authentication . . . . . . . . . . . 669

35 LDAP—A Directory Service 671

35.1 LDAP versus NIS . . . . . . . . . . . . . . . . . . . . . . . . . 672

35.2 Structure of an LDAP Directory Tree . . . . . . . . . . . . . . . . 673

35.3 Conguring an LDAP Client with YaST . . . . . . . . . . . . . . . . 677

35.4 Conguring LDAP Users and Groups in YaST . . . . . . . . . . . . . 685

35.5 Browsing the LDAP Directory Tree . . . . . . . . . . . . . . . . . 687

35.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 688

36 Samba 691

36.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 691

36.2 Starting and Stopping Samba . . . . . . . . . . . . . . . . . . . 693

36.3 Conguring a Samba Server . . . . . . . . . . . . . . . . . . . . 693

36.4 Conguring Clients . . . . . . . . . . . . . . . . . . . . . . . . 699

36.5 Samba as Login Server . . . . . . . . . . . . . . . . . . . . . . 700

36.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 701

37 Sharing File Systems with NFS 703

37.1 Installing the Required Software . . . . . . . . . . . . . . . . . . 703

37.2 Importing File Systems with YaST . . . . . . . . . . . . . . . . . . 704

37.3 Importing File Systems Manually . . . . . . . . . . . . . . . . . . 705

37.4 Exporting File Systems with YaST . . . . . . . . . . . . . . . . . . 707

37.5 Exporting File Systems Manually . . . . . . . . . . . . . . . . . . 712

37.6 NFS with Kerberos . . . . . . . . . . . . . . . . . . . . . . . . 715

37.7 For More Information . . . . . . . . . . . . . . . . . . . . . . 715

38 File Synchronization 717

38.1 Available Data Synchronization Software . . . . . . . . . . . . . . . 717

38.2 Determining Factors for Selecting a Program . . . . . . . . . . . . . 719

38.3 Introduction to CVS . . . . . . . . . . . . . . . . . . . . . . . 722

38.4 Introduction to rsync . . . . . . . . . . . . . . . . . . . . . . . 725

Part V Security 729

39 Masquerading and Firewalls 731

39.1 Packet Filtering with iptables . . . . . . . . . . . . . . . . . . . . 731

39.2 Masquerading Basics . . . . . . . . . . . . . . . . . . . . . . . 734

39.3 Firewalling Basics . . . . . . . . . . . . . . . . . . . . . . . . 736

39.4 SuSErewall2 . . . . . . . . . . . . . . . . . . . . . . . . . . 736

39.5 For More Information . . . . . . . . . . . . . . . . . . . . . . 741

40 SSH: Secure Network Operations 743

40.1 The OpenSSH Package . . . . . . . . . . . . . . . . . . . . . . 743

40.2 The ssh Program . . . . . . . . . . . . . . . . . . . . . . . . . 744

40.3 scp—Secure Copy . . . . . . . . . . . . . . . . . . . . . . . . 744

40.4 sftp—Secure File Transfer . . . . . . . . . . . . . . . . . . . . . 745

40.5 The SSH Daemon (sshd)—Server-Side . . . . . . . . . . . . . . . . 745

40.6 SSH Authentication Mechanisms . . . . . . . . . . . . . . . . . . 746

40.7 X, Authentication, and Forwarding Mechanisms . . . . . . . . . . . . 748

41 Network Authentication—Kerberos 749

41.1 Kerberos Terminology . . . . . . . . . . . . . . . . . . . . . . 749

41.2 How Kerberos Works . . . . . . . . . . . . . . . . . . . . . . . 751

41.3 Users' View of Kerberos . . . . . . . . . . . . . . . . . . . . . . 754

41.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 755

42 Encrypting Partitions and Files 757

42.1 Setting Up an Encrypted File System with YaST . . . . . . . . . . . . 758

42.2 Using Encrypted Home Directories . . . . . . . . . . . . . . . . . 761

42.3 Using vi to Encrypt Single ASCII Text Files . . . . . . . . . . . . . . 762

43 Conning Privileges with AppArmor 763

43.1 Installing Novell AppArmor . . . . . . . . . . . . . . . . . . . . 764

43.2 Enabling and Disabling Novell AppArmor . . . . . . . . . . . . . . 764

43.3 Getting Started with Proling Applications . . . . . . . . . . . . . 766

44 Security and Condentiality 773

44.1 Local Security and Network Security . . . . . . . . . . . . . . . . 774

44.2 Some General Security Tips and Tricks . . . . . . . . . . . . . . . 783

44.3 Using the Central Security Reporting Address . . . . . . . . . . . . 785

Part VI Troubleshooting 787

45 Help and Documentation 789

45.1 Using the SUSE Help Center . . . . . . . . . . . . . . . . . . . . 789

45.2 Man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

45.3 Info Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . 794

45.4 The Linux Documentation Project . . . . . . . . . . . . . . . . . 794

45.5 Wikipedia: The Free Online Encyclopedia . . . . . . . . . . . . . . 795

45.6 Guides and Books . . . . . . . . . . . . . . . . . . . . . . . . 795

45.7 Package Documentation . . . . . . . . . . . . . . . . . . . . . 796

45.8 Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797

45.9 Standards and Specications . . . . . . . . . . . . . . . . . . . . 797

46 Common Problems and Their Solutions 801

46.1 Finding and Gathering Information . . . . . . . . . . . . . . . . . 801

46.2 Installation Problems . . . . . . . . . . . . . . . . . . . . . . . 804

46.3 Boot Problems . . . . . . . . . . . . . . . . . . . . . . . . . 812

46.4 Login Problems . . . . . . . . . . . . . . . . . . . . . . . . . 815

46.5 Network Problems . . . . . . . . . . . . . . . . . . . . . . . . 822

46.6 Data Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 827

Index 841

About This Guide

This guide is intended for use by professional network and system administrators during
the actual planning, deployment, conguration, and operation of SUSE Linux Enter­prise®. As such, it is solely concerned with ensuring that SUSE Linux Enterprise is
properly congured and that the required services on the network are available to allow
it to function properly as initially installed. This guide does not cover the process of
ensuring that SUSE Linux Enterprise offers proper compatibility with your enterprise's
application software or that its core functionality meets those requirements. It assumes
that a full requirements audit has been done and the installation has been requested or
that a test installation, for the purpose of such an audit, has been requested.

This guide contains the following:

Deployment

Before you install SUSE Linux Enterprise, choose the deployment strategy and
disk setup that is best suited for your scenario. Learn how to install your system
manually, how to use network installation setups, and how to perform an autoinstal­lation. Congure the installed system with YaST to adapt it to your requirements.

Administration

SUSE Linux Enterprise offers a wide range of tools to customize various aspects
of the system. This part introduces a few of them.

System

Learn more about the underlying operating system by studying this part. SUSE
Linux Enterprise supports a number of hardware architectures and you can use this
to adapt your own applications to run on SUSE Linux Enterprise. The boot loader
and boot procedure information assists you in understanding how your Linux system
works and how your own custom scripts and applications may blend in with it.

Services

SUSE Linux Enterprise is designed to be a network operating system. SUSE®
Linux Enterprise Desktop includes client support for many network services. It
integrates well into heterogeneous environments including MS Windows clients
and servers.

Security

This edition of SUSE Linux Enterprise includes several security-related features.
It ships with Novell® AppArmor, which enables you to protect your applications
by restricting privileges. Secure login, rewalling, and le system encryption are
covered as well.

Troubleshooting

SUSE Linux Enterprise includes a wealth of applications, tools, and documentation
should you need them in case of trouble. Some of the most common problems that
can occur with SUSE Linux Enterprise and their solutions are discussed in detail.

1 Feedback

We want to hear your comments and suggestions about this manual and the other doc­umentation included with this product. Please use the User Comments feature at the
bottom of each page of the online documentation and enter your comments there.

2 Documentation Updates

For the latest version of this documentation, see the SUSE Linux Enterprise Desktop
Web site [http://www.novell.com/documentation/sled10/index

.html].

3 Additional Documentation

For additional documentation on this product, refer to http://www.novell.com/

documentation/sled10/index.html:

GNOME User Guide

A comprehensive guide to the GNOME desktop and its most important applications.

KDE User Guide

A comprehensive guide to the KDE desktop and its most important applications.

xiv Deployment Guide

Novell AppArmor Administration Guide

An in-depth administration guide to Novell AppArmor that introduces application
connement for heightened security in your environment.

For a documentation overview on the SUSE® Linux Enterprise Server product, refer
to http://www.novell.com/documentation/sles10/index.html. The
following manuals are exclusively available for SUSE Linux Enterprise Server:

Start-Up Guide

Basic information about installation types and work ows.

Architecture-Specic Information

Architecture-specic information needed to prepare a SUSE Linux Enterprise
Server target for installation.

Installation and Administration

In-depth installation and administration for SUSE Linux Enterprise Server.

Novell AppArmor Administration Guide

An in-depth administration guide to Novell AppArmor that introduces application
connement for heightened security in your environment.

Storage Administration Guide

An introduction to managing various types of storage devices on SUSE Linux En­terprise.

Heartbeat Guide

An in-depth administration guide to setting up high availability scenarios with
Heartbeat.

Novell Virtualization Technology User Guide

An introduction to virtualization solutions based on SUSE Linux Enterprise and
the Xen* virtualization technology.

Many chapters in this manual contain links to additional documentationresources. This
includes additional documentation that is available on the system as well as documen­tation available on the Internet.

About This Guide xv

4 Documentation Conventions

The following typographical conventions are used in this manual:

• /etc/passwd: lenames and directory names

• placeholder: replace placeholder with the actual value

• PATH: the environment variable PATH

• ls, --help: commands, options, and parameters

• user: users or groups

•

Alt, Alt + F1: a key to press or a key combination; keys are shown in uppercase as

on a keyboard

•

File, File > Save As: menu items, buttons

•

Dancing Penguins (Chapter Penguins, ↑Another Manual): This is a reference to a
chapter in another manual.

xvi Deployment Guide

Part I. Deployment

Planning for SUSE Linux
Enterprise Desktop

This chapter is addressed mainly to corporate system administrators who face the task
of having to deploy SUSE® Linux Enterprise Desktop at their site. Rolling out SUSE
Linux Enterprise Desktop to an entire site should involve careful planning and consid­eration of the following questions:

For which purpose will the SUSE Linux Enterprise Desktop workstations be used?

Determine the purpose for which SUSE Linux Enterprise Desktop should be used
and make sure that hardware and software able to match these requirements are
used. Consider testing your setup on a single machine before rolling it out to the
entire site.

How many workstations should be installed?

Determine the scope of your deployment of SUSE Linux Enterprise Desktop. De­pending on the number of installation planned, consider different approaches to
the installation or even a mass installation using SUSE Linux Enterprises unique
AutoYaST technology. For more information about this subject, refer to Chapter 2,

Deployment Strategies (page 7).

How do you get software updates for your deployment?

All patches provided by Novell for your product are available for download to
registered users. Register and nd the patch support database at http://www

.novell.com/suselinuxportal.

1

Do you need help for your local deployment?

Novell provides training, support, and consulting for all topics around SUSE Linux
Enterprise Desktop. Find more information about this at http://www.novell

.com/products/desktop/.

Planning for SUSE Linux Enterprise Desktop 3

1.1 Hardware Requirements

SUSE Linux Enterprise Desktop requires certain minimum hardware requirements to
be met before you can successfully install and run SUSE Linux Enterprise Desktop. A
minimum installation of SUSE Linux Enterprise Desktop containing the most basic,
essential software and a very minimalistic graphical user interface requires at least:

• Intel* Pentium* III, 500 MHz

• 256 MB of physical RAM

• 800 MB of available disk space

• 800 x 600 display resolution

For a standard installation of SUSE Linux Enterprise Desktop including the desktop
environment of your choice (GNOME or KDE) and a wealth of applications, the fol­lowing conguration is recommended:

• Intel Pentium IV, 2.4 GHz or higher or any AMD64 or Intel 64 processor

• 1–2 physical CPUs

• 512 MB physical RAM or higher

• 1024 x 768 display resolution (or higher)

1.2 Reasons to Use SUSE Linux Enterprise Desktop

Let the following items guide you in your selection of SUSE Linux Enterprise Desktop
and while determining the purpose of the installed systems:

Wealth of Applications

SUSE Linux Enterprise Desktop's broad offer of software makes it appeal to both
professional users in a corporate environment and to home users or users in smaller
networks.

4 Deployment Guide

Ease of Use

SUSE Linux Enterprise Desktop comes with two enterprise-ready desktop environ­ments, GNOME and KDE. Both enable users to comfortably adjust to a Linux
system while maintaining their efciency and productivity. To explore the desktops
in detail, refer to GNOME User Guide and KDE User Guide.

Support for Mobile Users

With the NetworkManager technology fully integrated into SUSE Linux Enterprise
Desktop and its two desktop environments, mobile users will enjoy the freedom
of easily joining and switching wired and wireless networks.

Seamless Integration into Existing Networks

SUSE Linux Enterprise Desktop was designed to be a versatile network citizen. It
cooperates with various different network types:

Pure Linux Networks SUSE Linux Enterprise Desktop is a complete Linux
client and supports all the protocols used in traditional Linux and Unix* environ­ments. It integrates well with networks consisting of other SUSE Linux or SUSE
Linux Enterprise machines. LDAP, NIS, and local authentication are supported.

Windows Networks SUSE Linux Enterprise Desktop supports Active Directory
as an authentication source. It offers you all the advantages of a secure and stable
Linux operating system plus convenient interaction with other Windows clients
and means to manipulate your Windows user data from a Linux client. Explore
this feature in detail in Chapter 12, Active Directory Support (page 303).

Windows and Novell Networks Being backed by Novell and their networking
expertise, SUSE Linux Enterprise Desktop naturally offers you support for Novell
technologies, like GroupWise, Novell Client for Linux, and iPrint, and it also offers
authentication support for Novell eDirectory services.

Application Security with Novell AppArmor

SUSE Linux Enterprise Desktop enables you to secure your applications by enforc­ing security proles tailor-made for your applications. To learn more about Novell
AppArmor, refer to http://www.novell.com/documentation/

apparmor/.

Planning for SUSE Linux Enterprise Desktop 5

Deployment Strategies

There are several different ways to deploy SUSE® Linux Enterprise. Choose from
various approaches ranging from a local installation using physical media or a network
installation server to a mass deployment using a remote-controlled, highly-customized,
and automated installation technique. Select the method that best matches your require­ments.

TIP: Using Xen Virtualization with SLED

You may use the Xen virtualization technology to test virtual instances of SUSE
Linux Enterprise Desktop prior to rolling it out to real hardware. You could also
experiment with basic Windows*-in-SLED setups. For more information about
the virtualization technology available with SUSE Linux Enterprise, refer to

http://www.novell.com/documentation/vmserver/index.html.

2.1 Deploying up to 10 Workstations

If your deployment of SUSE Linux Enterprise only involves 1 to 10 workstations, the
easiest and least complex way of deploying SUSE Linux Enterprise is a plain manual
installation as featured in Chapter 3, Installation with YaST (page 17). Manual installa-
tion can be done in several different ways depending on your requirements:

2

Installing from the SUSE Linux Enterprise Media (page 8)

Consider this approach if you want to install a single, disconnected workstation.

Deployment Strategies 7

Installing from a Network Server Using SLP (page 8)

Consider this approach if you have a single workstation or a small number of
workstations and if a network installation server announced via SLP is available.

Installing from a Network Server (page 9)

Consider this approach if you have a single workstation or a small number of
workstations and if a network installation server is available.

Table 2.1

Tasks Requiring Manual Inter­action

Details

Table 2.2

Installation Source

Installing from the SUSE Linux Enterprise Media

Installing from a Network Server Using SLP

SUSE Linux Enterprise media kitInstallation Source

• Inserting the installation media

• Booting the installation target

• Changing media

• Determining the YaST installation scope

• Conguring the system with YaST system

NoneRemotely Controlled Tasks

Section 3.1.2, “Installing from the SUSE Linux En­terprise Media” (page 18)

Network installation server holding the SUSE Linux
Enterprise installation media

Tasks Requiring Manual
Interaction

8 Deployment Guide

• Inserting the boot disk

• Booting installation target

• Determining the YaST installation scope

• Conguring the system with YaST

None, but this method can be combined with VNCRemotely Controlled Tasks

Details

Table 2.3

Installation Source

Tasks Requiring Manual
Interaction

Details

Installing from a Network Server

Section 3.1.3, “Installing from a Network Server Using
SLP” (page 19)

Network installation server holding the SUSE Linux
Enterprise installation media

• Inserting the boot disk

• Providing boot options

• Booting the installation target

• Determining the YaST installation scope

• Conguring the system with YaST

None, but method can be combined with VNCRemotely Controlled Tasks

Section 3.1.4, “Installing from a Network Source with­out SLP” (page 19)

2.2 Deploying up to 100 Workstations

With a growing numbers of workstations to install, you certainly do not want to install
and congure each one of them manually. There are many automated or semiautomated
approaches as well as several options to perform an installation with minimal to no
physical user interaction.

Before considering a fully-automated approach, take into account that the more complex
the scenario gets the longer it takes to set up. If a time limit is associated with your de­ployment, it might be a good idea to select a less complex approach that can be carried
out much more quickly. Automation makes sense for huge deployments and those that
need to be carried out remotely.

Deployment Strategies 9

Choose from the following options:

Simple Remote Installation via VNC—Static Network Conguration (page 11)

Consider this approach in a small to medium scenario with a static network setup.
A network, network installation server, and VNC viewer application are required.

Simple Remote Installation via VNC—Dynamic Network Conguration (page 11)

Consider this approach in a small to medium scenario with dynamic network setup
through DHCP. A network, network installation server, and VNC viewer application
are required.

Remote Installation via VNC—PXE Boot and Wake on LAN (page 12)

Consider this approach in a small to medium scenario that should be installed via
network and without physical interaction with the installation targets. A network,
a network installation server, network boot images, network bootable target hard­ware, and a VNC viewer application are required.

Simple Remote Installation via SSH—Static Network Conguration (page 12)

Consider this approach in a small to medium scenario with static network setup.
A network, network installation server, and SSH client application are required.

Remote Installation via SSH—Dynamic Network Conguration (page 13)

Consider this approach in a small to medium scenario with dynamic network setup
through DHCP. A network, network installation server, and SSH client application
are required.

Remote Installation via SSH—PXE Boot and Wake on LAN (page 14)

Consider this approach in a small to medium scenario that should be installed via
network and without physical interaction with the installation targets. A network,
a network installation server, network boot images, network bootable target hard­ware, and an SSH client application are required.

Simple Mass Installation (page 14)

Consider this approach for large deployments to identical machines. If congured
to use network booting, physical interaction with the target systems is not needed
at all. A network, a network installation server, a remote controlling application
such as a VNC viewer or an SSH client, and an AutoYaST conguration prole
are required. If using network boot, a network boot image and network bootable
hardware are required as well.

10 Deployment Guide

Rule-Based Autoinstallation (page 15)

Consider this approach for large deployments to various types of hardware. If
congured to use network booting, physical interaction with the target systems is
not needed at all. A network, a network installation server, a remote controlling
application such as a VNC viewer or an SSH client, and several AutoYaST con­guration proles as well as a rule setup for AutoYaST are required. If using network
boot, a network boot image and network bootable hardware are required as well.

Table 2.4

Preparations • Setting up an installation source

Drawbacks • Each machine must be set up individually

Details

Table 2.5

Simple Remote Installation via VNC—Static Network Conguration

NetworkInstallation Source

• Booting from the installation media

Remote: VNCControl and Monitoring

small to medium scenarios with varying hardwareBest Suited For

• Physical access is needed for booting

Section 4.1.1, “Simple Remote Installation via
VNC—Static Network Conguration” (page 40)

Simple Remote Installation via VNC—Dynamic Network Conguration

NetworkInstallation Source

Preparations • Setting up the installation source

• Booting from the installation media

Remote: VNCControl and Monitoring

Deployment Strategies 11

Small to medium scenarios with varying hardwareBest Suited For

Drawbacks • Each machine must be set up individually

• Physical access is needed for booting

Details

Table 2.6

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

Details

Remote Installation via VNC—PXE Boot and Wake on LAN

Section 4.1.2, “Simple Remote Installation via
VNC—Dynamic Network Conguration” (page 41)

NetworkInstallation Source

• Conguring DHCP, TFTP, PXE boot, and WOL

• Booting from the network

Remote: VNCControl and Monitoring

• Completely remote installs; cross-site deployment

Each machine must be set up manuallyDrawbacks

Section 4.1.3, “Remote Installation via VNC—PXE
Boot and Wake on LAN” (page 43)

Table 2.7

Preparations • Setting up the installation source

12 Deployment Guide

Simple Remote Installation via SSH—Static Network Conguration

NetworkInstallation Source

• Booting from the installation media

Remote: SSHControl and Monitoring

Best Suited For • Small to medium scenarios with varying hardware

• Low bandwidth connections to target

Drawbacks • Each machine must be set up individually

• Physical access is needed for booting

Details

Table 2.8

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

Drawbacks • Each machine must be set up individually

Remote Installation via SSH—Dynamic Network Conguration

Section 4.1.4, “Simple Remote Installation via
SSH—Static Network Conguration” (page 44)

NetworkInstallation Source

• Booting from installation media

Remote: SSHControl and Monitoring

• Low bandwidth connections to target

• Physical access is needed for booting

Deployment Strategies 13

Details

Section 4.1.5, “Simple Remote Installation via
SSH—Dynamic Network Conguration” (page 45)

Table 2.9

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

Details

Remote Installation via SSH—PXE Boot and Wake on LAN

NetworkInstallation Source

• Conguring DHCP, TFTP, PXE boot, and WOL

• Booting from the network

Remote: SSHControl and Monitoring

• Completely remote installs; cross-site deployment

• Low bandwidth connections to target

Each machine must be set up individuallyDrawbacks

Section 4.1.6, “Remote Installation via SSH—PXE Boot
and Wake on LAN” (page 47)

Table 2.10

Preparations • Gathering hardware information

14 Deployment Guide

Simple Mass Installation

Preferably networkInstallation Source

• Creating AutoYaST prole

• Setting up the installation server

• Distributing the prole