Getting started

/!\ FIXME: some new screenshots from the versions included in lenny should be created.

This chapter describes the first steps you need to do after the installation to get started. The minimum you need to do is:

This is described below.

The HowTo chapter describes more tips and tricks and frequently asked questions, while this chapter describes the stuff everybody needs to do.

[ATTACH]

Services running on the main server

There are several services running on the main server which can be managed via a web management interface. We'll describe each service here.

Web based management, using lwat

Lwat is a web based management tool, that will help you manage some important parts of your Debian Edu setup. You can manage this four main groups (add, modify, delete):

To access lwat point your web browser to https://www/lwat. You will get an error message, because of at least 2 facts:

When you have neglected the warnings (or fixed them...), you will see the page below with the menu fixed to the left part and the varying main part on the right. First you'll see a login screen where you can login with your admin account. If you visit this site the first time after installation, the loginname there is:

admin

and the password is the password you entered during the installation for the root account.

[ATTACH]

After login the loginarea will disappear and you can choose a task in the menu.

User Management with lwat

In Debian Edu account informations are stored in a LDAP directory and get used from there not only from the main server itself, but also from the workstations and thinclient server in the network. This way the information about students, pupils, teachers, ... only need to be entered once and are then available on all systems of the network.

To get the work done efficiently lwat will assist you on getting your users data entered to the LDAP directory.

You can add users, group them in usergroups (for example to refer the members of a class more easily), update them and remove them again. The menu entries for this are the four topmost entries (in the two topmost groups).

Adding users

To add users you only have to choose "Add" in the "Users" section of the menu. After choosing this entry you will see a form where you can enter the data of the user you want to add. The most important thing to add is the full name of your user (point one in the image). As you enter you will see, that lwat will generate a username automatically based on the realname. It automatically choses a username that doesn't exist yet, so multiple users with the same full name are not a problem. If you don't like the generated username you can change it in the corresponding field. Second you need to choose the role of your account, which is used by lwat to determine the privileges the user has for systemadministration. Currently lwat knows the following roles:

role

granted privileges

Students

Login and use the system

Teachers

Same as Students

jrAdmins

Same as Teachers, but can also change other user passwords (besides the ones of Admins)

Admins

Admins have ultimate privileges. They can add/modify/delete users/groups/machines/automounts and let windows systems join the Skolelinux domain

After choosing a suitable role you can hit the "Save" button and the user is added.

You may miss the option to set a password, that has been deactivated, but you can set an own password by modifying the user added (see below).

[ATTACH]

If all went well, you will see a short notice at the end of page with the data added to the ldap directory (also the form gets reset):

Added user: Demo User
username: demuse
password: somethingsecret

Note: it might take several minutes until the new added user's homedirectory is created. Until that is done he won't be able to log in on any workstation or thin-client.

Set passwords

/!\ FIXME: describe how to enable the feature of setting self-chosen passwords, describe how to use it, maybe add some screenshots

Search and delete users

To modify or delete a user you need to first find her using the search menu entry. You will find a form (searcharea in the screenshot) where you can enter either the realname or the username of the user. The results will show up below the form (marked as resultarea in the image). On the left of every result line there is a checkbox you can use to delete or disable on or more user with the two buttons below. If you want to modify a user, just click on it, all resulting lines are links to the modify page.

[ATTACH]

A new page will show up where you can modify information directly belonging to a user, change the password of the user (if you enabled that feature) and modify the list of groups the user belongs to.

[ATTACH]

Advanced user management

It possible to mass-create users with lwat by using a .csv file, which can be created with any good spreadsheet software (for example oocalc).

The import script expects a file formated with all data for one user on one row, with each field separated with a semicolon. The minimum information needed is the full name of the user. If fullname is not given, the script expects to have both Firstname and lastname. The maximum information it expects is "User template; Fullname; Username; Password; Additional group membership".

If a password column is missing, an easy to remember, pronounceble password will be created.

If users are put into groups, these groups have to exist, so you need to create them manually (with lwat, see below) before importing the users.

It's a good idea to do some tests first, best with a .csv file with a few fictional users, which can be deleted later.

Group Management with lwat

The mangement of groups is very similarly to the management of users. You can enter a name and a description per group. When be searching for groups you can also delete or disable all users of the groups found. From the modification page you can access all the users of that group.

The groups entered in the group management are also regular unix groups, so you can use them for file permissions too.

Group Management on the command line

Here's how:

# List existing group mapping between UNIX and Windows groups.
net groupmap list

# Add your new or otherwise missing groups:
net groupmap add unixgroup=NEW_GROUP type=domain ntgroup="NEW_GROUP"\
                 comment="DESCRIPTION OF NEW GROUP"

This is explained in more detail in the HowTo/NetworkClients chapter of this manual.

Advanced group management

Using lwat it's easy to put users in a specifig group (for example named after the year they enter or finish school) and to create all their home directories in a dedicated directory.

To achieve that, add a stanza like the following to the file /etc/lwat/admin.ini:

[2009]
ou = "ou=People,%base%"
objectClass = top posixAccount shadowAccount imapUser sambaSamAccount
homeDirectory = /skole/tjener/home0/2009/%username%
groups = none students 2009
loginShell = /bin/bash
mailMessageStore = /var/lib/maildirs/%username%

To make this work the 2009 group has to be created before adding these users.

The above stanza simply adds then on top off home0, if you want them somewhere else, using another automount, then you use lwat to add that automount, and change the homeDirectory string in admini.ini corespondingly.

Machine Management with lwat

With the machine management you can basically manage all IP based devices in your Debian Edu network. Every machine added to the LDAP directory using lwat has a Hostname, an IP-address, an MAC-address and a domain name which usually is "intern". For a more verbose description about the Debian Edu architecture see the architecture chapter of this manual.

If you add a machine, you can use an ip/hostname from the preconfigured address space. The following ip ranges are predefined:

First address

Last address

hostname

10.0.2.10

10.0.2.29

ltspserverxx

10.0.2.30

10.0.2.49

printerxx

10.0.2.50

10.0.2.99

staticxx

The addresses from 10.0.2.100 till 10.0.2.255 and 10.0.3.0 till 10.0.3.243 are reserved for dhcp and are assigned dynamically.

To assign a host with the MAC-address 00:40:05:AF:4E:C6 a static IP-address you only have to enter the MAC-address and the hostname static00, the remaining fields will be filled automatically according to the predefined configuration.

[ATTACH]

Search and delete machines

Searching for and deleting machines is quite similar to searching and deleting users, so that information is not repeated here.

Modify existing machines / Netgroup management

After adding a machine to the ldap tree using lwat, you can modify its properties using the search functionality and clicking on the right entry (as you would with users).

[ATTACH]

The form that is behind this machine links is in one way similar to the one you already know from modifying user entries, but in an other way the informations do mean different things in this context.

For example, adding a machine to a NetGroup does not modify the permissions one machine (or the users logged into that machine) has on accessing files or programs on the server. It is more that it restricts the services a machine can use on your main-server.

The default installation provides the four NetGroups printer-hosts, workstation-hosts, ltsp-server-hosts and server-hosts. Currently the NetGroup functionality is used only for NFS. The homedirs are exported by the main-server to be mounted by the workstations and the ltsp-servers. Because of security reasons only hosts within the workstation-hosts, ltsp-server-hosts and server-hosts NetGroups can mount the exported NFS shares. So it is rather important to remember to configure this kinds of machines properly in the ldap tree using lwat and configuring them to use the static IPs from ldap.

/!\ Remember to configure workstations and ldap-servers properly with lwat, or you users can't access their homedirs.

Another important part of the machine configuration is the 'Samba host' flag (in the 'Host information' area). If you plan to add existing Windows systems to the Skolelinux Samba domain, you have to add the Windows host to the ldap tree and set this flag to be able to join the Windows host to the domain. For more information about adding Windows hosts to the Skolelinux network see the HowTo/NetworkClients chapter of this manual.

DNS Management with lwat

/!\ FIXME: a chapter "DNS Management with lwat" needs to be written, or better, be incorporated in the above "machine management with lwat" chapter

More lwat documentation

The full documentation for lwat can be found at /usr/share/doc/lwat/ on the main server or online.

Printer Managment

For Printer Management point your webbrowser to https://www:631 This is the normal cups management site where you can add/delete/modfiy your printers and can clean up the printing queue. For changes where you have to login as root with your root password, you will be forced to use ssl encryption.

If you connect the printer for the first time, we suggest to run printconf as root. FIXME: explain what to do when printconf does not accomplish anything.

Clock synchronization

The default configuraiton in Debian Edu is to keep the clocks on all machines synchronous but not necessarily correct. NTP is used to update the time. The clocks will not be synchronized with an external source by default, to make sure the machines to not use external network connections active all the time. This was configured like this after a school discovered their ISDN network was up all the time, giving them a nasty extra phone bill.

To enable synchronization with an external clock, the file /etc/ntp.conf on the main-server need to be modified. The comments in front of the server entries need to be removed. After this, the ntp server need to be restarted by running /etc/init.d/ntp restart as root. To test if the server is using the external clock sources, run ntpq -c lpeer.

Extending full partitions

Because of a possible bug with automatic partitioning, some partitions might be too full after installation. To extend these partitions, run debian-edu-fsautoresize -n as root. See the "Resizing Partitions" HowTo in the administration howto chapter for more information.

CategoryPermalink