Translation(s): none


Debian-LAN with mainserver acting as gateway.


Debian-LAN with dedicated gateway.

Debian-LAN Setup_A

Network Topology

Two variants are available:

The mainserver serves the central services to the LAN and the root file system for diskless machines. The clients mount their home directories via kerberized NFSv4.

By default the following IP addresses are used: Gateway:, mainserver:, workstations:, diskless clients This can be modified in the config space class/SERVER_A.var.

Machine Types

Details and Hints

First make sure you can ssh as root into the mainserver with the root password.

FAI nfsroot and diskless clients

The mainserver by default serves the root file system for diskless machines. After installation you need to install the FAI nfsroot (fai-setup) and the diskless' chroot by running:


The command will install the chroots for FAI and diskless machines. In addition, swaping over the network is activated and the PXE configuration prepared. Unknown machines and the disklessXX hosts will be booted as diskless clients. To update the chroots, use the same command.

/!\ The FAI classes DISKLESS_* work only on the mainserver, making the classes independent has not been done yet.

User and Machine Management

After installation of the mainserver (gateway version): Make sure your networks are connected to the right interfaces: Fixed IP address to the internal network, DHCP to the outside world (internet/router).

To install a client machine, you have to add the hardware MAC address to /etc/dhcp/dhcpd.conf. This should be done with the command:

debian-lan add2dhcp

The command lists all (non-local and not yet known) MAC addresses found in the arp cache and prompts for skipping the address, adding it as workstation or as diskless machine.

So to (mass) add machines:

Distributing Kerberos keytabs to clients: During installation of a workstation, the kerberos keytab is sent to the machine and marked with a time stamp. In case you need to repeat this procedure manually, remove the timestamp from the keytab in /etc/root/installation/ (i.e. rename it). After that, use the command:

debian-lan key2machine workstationXX

on the mainserver to copy the Kerberos keytab to workstationXX. Diskless clients and roaming machines do not need this procedure to be activated.

Adding users: Adding users in GOsa should be straight forward (use the template prepared). Lists of users can be added with the provided script add2gosa.

If you prefer not to use GOsa, use:

debian-lan adduser <list of usernames separated by spaces>


debian-lan adduser <path to file>

to add users. The file is a simple text file containing on each line a single username and optionally the user's password separated by spaces. If you omit the password, debian-lan will create a random password and append it to the user's line in the file. Note that the users created with debian-lan are inaccessible within GOsa.

Removing users: Use the command deluser in the debian-lan script.

For more details take a look at the debian-lan script itself.

Manual LDAP Modifications

Use  ldapvi -ZD 'cn=admin,dc=intern'  and the password provided in /root/installation/LDAPadminPWD to modify LDAP entries. For example switch the automount option sec=krb5i to sec=krb5p.


A dedicated backup disk is recommended. Use a class *BAK* for that case. Take a look at class/50-host-classes and disk_config/*BAK* for details.


To use a RAID1 on the server, add the class RAID and replace LVM*_A with the corresponding RAIDLVM*_A class in class/50-host-classes.

Local APT repository

By default the mainserver includes a (signed) APT repository to distribute site-specific customized packages in your DebianLAN. For details look into /var/www/debian/ This repository is added to the clients' sources.list on a FAI softupdate as soon as the publick key can be fetched. To disable this feature, remove the corresponding variables in class/SERVER_A.var and class/CLIENT_A.var.

Roaming Machines

Installation of roaming machines can be chosen from the PXE menu, when booting over the network. Users have a local home directory at /home/... where they can drop data for offline use or which they can synchronize with the Debian-LAN home directory.