Getting started

This chapter describes the first steps you need to do after the installation to get started. The minimum you need to do is:

This is described below.

The HowTo chapter describes more tips and tricks and frequently asked questions, while this chapter describes the stuff everybody needs to do.


Services running on the main server

There are several services running on the main server which can be managed via a web management interface. We'll describe each service here.

Web based management, using lwat

Lwat is a web based management tool, that will help you manage some important parts of your Debian Edu setup. You can manage this four main groups (add, modify, delete):

To access lwat point your webbrowser to https://www/lwat. You will get an error message, because of atleast 2 facts:

When you have neglected the warnings (or fixed them...), you will see the page below with the menu fixed to the left part and the varying main part on the right. First you'll see a login screen where you can login with your admin account. If you visit this site the first time after installation, the loginname there is:


and the password is the password you entered during the installation for the root account.


After login the loginarea will disappear and you can choose a task in the menu.

User Management with lwat

In Debian Edu account informations are stored in a LDAP directory and get used from there not only from the main server itself, but also from the workstations and thinclient server in the network. This way the information about students, pupils, teachers, ... only need to be entered once and are then available on all systems of the network.

To get the work done efficiently lwat will assist you on getting your users data entered to the LDAP directory.

You can add users, group them in usergroups (for example to refer the members of a class more easily), update them and remove them again. The menu entries for this are the four topmost entries (in the two topmost groups).

Adding users

To add users you only have to choose "Add" in the "Users" section of the menu. After choosing this entry you will see a form where you can enter the data of the user you want to add. The most important thing to add is the full name of your user (point one in the image). As you enter you will see, that lwat will generate a username automatically based on the realname. If you don't like the generated username you can change it later. Second you need to choose the role of your account, which is used by lwat to determine the privileges the user has for systemadministration. Currently lwat knows the following roles:


granted privileges


Login and use the system


Same as Students


Same as Teachers, but can also change other user passwords (besides the ones of Admins)


Admins have ultimate privileges. They can add/modify/delete users/groups/machines/automounts and let windows systems join the Skolelinux domain

After choosing a suitable role you can hit the "Save" button and the user is added.

You may miss the option to set a password, that has been deactivated, but you can set a own password by modifying the user added.


If all went well, you will see a short notice at the end of page with the data added to the ldap directory (also the form gets reset):

Added user: Demo User
username: demuse
password: somethingsecret

Search and delete users

To modify or delete a user you need to first find her using the search menu entry. You will find a form (searcharea in the screenshot) where you can enter either the realname or the username of the user. The results will show up below the form (marked as resultarea in the image). On the left of every result line there is a checkbox you can use to delete or disable on or more user with the two buttons below. If you want to modify a user, just click on it, all result lines are links to the modify page.


A new page will show up where you can modify information directly belonging to a user, change the password of the user and modify the list of groups the user belongs to.


Advanced user management

It possible to mass-create users with lwat by using a .csv file, which can be created with any good spreadsheet software (for example oocalc).

The import script expects a file formated with all data for one user on one row, with each field separated with a semicolon. The minimum information needed is the full name of the user. If fullname is not given, the script expects to have both Firstname and lastname. The maximum information it expects is "User template; Fullname; Username; Password; Additional group membership".

If a password column is missing, an easy to remember, pronounceble password will be created.

If users are put into groups, these groups have to exist, so you need to create them manually (with lwat, see below) before importing the users.

It's a good idea to do some tests first, best with a .csv file with a few fictional users, which can be deleted later.

Group Management with lwat

The mangement of groups is very similarly to the management of users. You can enter a name and a description per group. When be searching for groups you can also delete or disable all users of the groups found. From the modification page you can access all the users of that group.

The groups entered in the group management are also regular unix groups, so you can use them for file permissions too.

Advanced group management

Using lwat it's easy to put users in a specifig group (for example named after the year they enter or finish school) and to create all their home directories in a dedicated directory.

To achieve that, add a stanza like the following to the file /etc/lwat/admin.ini:

ou = "ou=People,%base%"
objectClass = top posixAccount shadowAccount imapUser sambaSamAccount
homeDirectory = /skole/tjener/home0/2009/%username%
groups = none students 2009
loginShell = /bin/bash
mailMessageStore = /var/lib/maildirs/%username%

To make this work the 2009 group has to be created before adding these users.

The above stanza simply adds then on top off home0, if you want them somewhere else, using another automount, then you use lwat to add that automount, and change the homeDirectory string in admini.ini corespondingly.

Machine Management with lwat

With the machine management you can basically manage all IP based devices in your Debian Edu network. Every machine added to the LDAP directory using lwat has a Hostname, an IP-address, an MAC-address and a domain name which usually is "intern". For a more verbose description about the Debian Edu architecture see the architecture chapter of this manual.

If you add a machine, you can use an ip/hostname from the preconfigured address space. The following ip ranges are predefined:

First address

Last address





The addresses from till and till are reserved for dhcp and are assigned dynamically.

To assign a host with the MAC-address 00:40:05:AF:4E:C6 a static IP-address you only have to enter the MAC-address and the hostname static00, the remaining fields will be filled automatically according to the predefined configuration.


/!\ This will not configure the dhcp server. You need to configure the host statically or edit the configuration of the dhcp server by hand as shown directly below.

Assign static ip addresses with dhcp

To assign a static ip address to a host which you added to the ldap tree via lwat, you need to edit /etc/dhcp3/dhcpd.conf and run /etc/init.d/dhcp3-server restart as root.

For our example above you would, after open /etc/dhcpd3/dhcpd.conf in your favourite editor, search for the configuration section of the host static00. You should find something exactly like this:

host static00 {
  hardware ethernet 00:00:00:00:00:00;
  fixed-address static00;

You need to replace the all-zero MAC-address with the correct one of your static host. For our example host it will look like this:

host static00 {
  hardware ethernet 00:40:05:AF:4E:C6;
  fixed-address static00;

/!\ Don't forget to restart the dhcpd as described above whenever you have changed the configuration.

Search and delete machines

Searching for and deleting machines is quite similar to searching and deleting users, so that information is not repeated here.

Modify existing machines / Netgroup management

After adding a machine to the ldap tree using lwat, you can modify its properties using the search functionality and clicking on the right entry (as you would with users).


The form that is behind this machine links is in one way similar to the one you already know from modifying user entries, but in an other way the informations do mean different things in this context.

For example, adding a machine to a NetGroup does not modify the permissions one machine (or the users logged into that machine) has on accessing files or programs on the server. It is more that it restricts the services a machine can use on your main-server.

The default installation provides the four NetGroups printer-hosts, workstation-hosts, ltsp-server-hosts and server-hosts. Currently the NetGroup functionality is used only for NFS. The homedirs are exported by the main-server to be mounted by the workstations and the ltsp-servers. Because of security reasons only hosts within the workstation-hosts, ltsp-server-hosts and server-hosts NetGroups can mount the exported NFS shares. So it is rather important to remember to configure this kinds of machines properly in the ldap tree using lwat and configuring them to use the static IPs from ldap.

/!\ Remember to configure workstations and ldap-servers properly with lwat, or you users can't access their homedirs.

Another important part of the machine configuration is the 'Samba host' flag (in the 'Host information' area). If you plan to add existing Windows systems to the Skolelinux Samba domain, you have to add the Windows host to the ldap tree and set this flag to be able to join the Windows host to the domain.

More lwat documentation

The full documentation for lwat can be found at /usr/share/doc/lwat/ on the main server or online.

Printer Managment

For Printer Management point your webbrowser to https://www:631 This is the normal cups management site where you can add/delete/modfiy your printers and can clean up the printing queue. For changes where you have to login as root with your root password, you will be forced to use ssl encryption.

If you connect the printer for the first time, we suggest to run printconf as root.

Clock synchronization

The default configuraiton in Debian Edu is to keep the clocks on all machines synchronous but not necessarily correct. NTP is used to update the time. The clocks will not be synchronized with an external source by default, to make sure the machines to not use external network connections active all the time. This was configured like this after a school discovered their ISDN network was up all the time, giving them a nasty extra phone bill.

To enable synchronization with an external clock, the file /etc/ntp.conf on the main-server need to be modified. The comments in front of the server entries need to be removed. After this, the ntp server need to be restarted by running /etc/init.d/ntp restart as root. To test if the server is using the external clock sources, run ntpq -c lpeer.

Extend full partitions

Because of a bug in the automatic partition, some partitions might be too full after installation. To extend the full partitions, run debian-edu-fsautoresize -n as root. See the "Resize Partitions" HowTo in the administration howto chapter for more information.