SUSE Linux Enterprise Server

AuthorsJörg Arndt, Steve Bearnson, Stefan Behlert, Frank Bodammer, James Branam, Volker Buzek, Klara Cihlarova, Catherine Craft, Olaf Dabrunz, Stefan Dirsch, Olaf Donjak, Roman Drahtmüller, Thorsten Dubiel, Torsten Duwe, Thomas Fehr, Stefan Fent, Werner Fink, Jakub Friedl, Kurt Garloff, Joachim Gleißner, Todd Grant, Carsten Groß, Andreas Grünbacher, Berthold Gunreben, Franz Hassels, Andreas Jaeger, Jana Jaeger, Denise Jewkes, Klaus Kämpf, Andi Kleen, Hubert Mantel, Lars Marowsky-Bree, Chris Mason, Johannes Meixner, Lars Müller, Matthias Nagorni, Anas Nashif, Siegfried Olschner, Edith Parzefall, Peter Pöml, Thomas Renninger, Hannes Reinecke, Scott Rhoades, Thomas Rölz, Heiko Rommel, Tanja Roth, Marcus Schäfer, Thomas Schraitle, Kay Sievers, Klaus Singvogel, Frank Sundermeyer, Elisabeth Tobiasson, Hendrik Vogelsang, Klaus G. Wagner, Rebecca Walter, Christian Zoz
Legal Notice

Contents

About This Guide
1. Feedback
2. Documentation Updates
3. Additional Documentation
4. Documentation Conventions
I. Deployment
1. Planning for SUSE Linux Enterprise
1.1. Considerations for Deployment of a SUSE Linux Enterprise Server
1.2. Deployment of SUSE Linux Enterprise Server
1.3. Running SUSE Linux Enterprise Server
2. Deployment Strategies
2.1. Deploying up to 10 Workstations
2.2. Deploying up to 100 Workstations
2.3. Deploying More than 100 Workstations
3. Installation with YaST
3.1. IBM System z: System Start-Up for Installation
3.2. System Start-Up for Installation
3.3. The Boot Screen
3.4. Language Selection
3.5. IBM System z: Hard Disk Configuration
3.6. License Agreement
3.7. System Analysis
3.8. Time Zone
3.9. Installation Summary
3.10. Configuration
3.11. Graphical Login
4. Remote Installation
4.1. Installation Scenarios for Remote Installation
4.2. Setting Up the Server Holding the Installation Sources
4.3. Preparing the Boot of the Target System
4.4. Booting the Target System for Installation
4.5. Monitoring the Installation Process
5. Automated Installation
5.1. Simple Mass Installation
5.2. Rule-Based Autoinstallation
5.3. For More Information
6. Advanced Disk Setup
6.1. LVM Configuration
6.2. Soft RAID Configuration
7. System Configuration with YaST
7.1. YaST Language
7.2. The YaST Control Center
7.3. Software
7.4. Hardware
7.5. System
7.6. Network Devices
7.7. Network Services
7.8. AppArmor
7.9. Security and Users
7.10. Miscellaneous
7.11. YaST in Text Mode
7.12. Update from the Command Line
7.13. SaX2
7.14. Troubleshooting
7.15. For More Information
8. Updating SUSE Linux Enterprise
8.1. Updating SUSE Linux Enterprise
8.2. Installing Service Packs
8.3. Software Changes from Version 9 to Version 10
II. Administration
9. OpenWBEM
9.1. Setting Up OpenWBEM
9.2. Changing the OpenWBEM CIMOM Configuration
9.3. For More Information
10. Multipath IO
10.1. Supported Hardware
10.2. System Configuration
10.3. Software Configuration
10.4. Using the Devices
11. Mass Storage over IP Networks—iSCSI
11.1. Setting Up an iSCSI Target
11.2. Configuring iSCSI Initiator
12. High Availability under Linux
12.1. Important Terms
12.2. A Sample Minimum Scenario
12.3. Components of a High Availability Solution
12.4. The Software Side of High Availability
12.5. Clustering
12.6. For More Information
13. Installing a Heartbeat 2 Cluster Using YaST
13.1. Hardware Requirements
13.2. Software Requirements
13.3. Shared Disk System Requirements
13.4. Installing Heartbeat 2
13.5. Additional Information
14. Oracle Cluster File System 2
14.1. Overview of OCFS2
14.2. Creating an OCFS2 Volume
14.3. Mounting an OCFS2 Volume
14.4. Additional Information
15. Access Control Lists in Linux
15.1. Traditional File Permissions
15.2. Advantages of ACLs
15.3. Definitions
15.4. Handling ACLs
15.5. ACL Support in Applications
15.6. For More Information
16. RPM—the Package Manager
16.1. Verifying Package Authenticity
16.2. Managing Packages: Install, Update, and Uninstall
16.3. RPM and Patches
16.4. Delta RPM Packages
16.5. RPM Queries
16.6. Installing and Compiling Source Packages
16.7. Compiling RPM Packages with build
16.8. Tools for RPM Archives and the RPM Database
17. System Monitoring Utilities
17.1. Debugging
17.2. Files and File Systems
17.3. Hardware Information
17.4. Networking
17.5. The /proc File System
17.6. Processes
17.7. System Information
17.8. User Information
17.9. Time and Date
18. Working with the Shell
18.1. Getting Started with the Bash Shell
18.2. Users and Access Permissions
18.3. Important Linux Commands
18.4. The vi Editor
III. System
19. 32-Bit and 64-Bit Applications in a 64-Bit System Environment
19.1. Runtime Support
19.2. Software Development
19.3. Software Compilation on Biarch Platforms
19.4. Kernel Specifications
20. Booting and Configuring a Linux System
20.1. The Linux Boot Process
20.2. The init Process
20.3. System Configuration via /etc/sysconfig
21. The Boot Loader
21.1. Selecting a Boot Loader
21.2. Booting with GRUB
21.3. Configuring the Boot Loader with YaST
21.4. Uninstalling the Linux Boot Loader
21.5. Creating Boot CDs
21.6. The Graphical SUSE Screen
21.7. Troubleshooting
21.8. For More Information
22. Special Features of SUSE Linux Enterprise
22.1. Information about Special Software Packages
22.2. Virtual Consoles
22.3. Keyboard Mapping
22.4. Language and Country-Specific Settings
23. Virtual Machine Server
23.1. System Requirements
23.2. Benefits of Virtual Machines
23.3. Terminology
23.4. Virtual Machine Modes
23.5. Virtual Machine Server
23.6. Setting up the Virtual Machine Server
23.7. Creating Virtual Machines
23.8. Managing Virtual Machines
24. Printer Operation
24.1. Workflow of the Printing System
24.2. Methods and Protocols for Connecting Printers
24.3. Installing the Software
24.4. Configuring the Printer
24.5. Configuration for Applications
24.6. Special Features in SUSE Linux Enterprise
24.7. Troubleshooting
25. Dynamic Kernel Device Management with udev
25.1. The /dev Directory
25.2. Kernel uevents and udev
25.3. Drivers, Kernel Modules, and Devices
25.4. Booting and Initial Device Setup
25.5. Debugging udev Events
25.6. Influencing Kernel Device Event Handling with udev Rules
25.7. Persistent Device Naming
25.8. The Replaced hotplug Package
25.9. For More Information
26. File Systems in Linux
26.1. Terminology
26.2. Major File Systems in Linux
26.3. Some Other Supported File Systems
26.4. Large File Support in Linux
26.5. For More Information
27. The X Window System
27.1. X11 Setup with SaX2
27.2. Optimizing the X Configuration
27.3. Installing and Configuring Fonts
27.4. OpenGL—3D Configuration
28. Authentication with PAM
28.1. Structure of a PAM Configuration File
28.2. The PAM Configuration of sshd
28.3. Configuration of PAM Modules
28.4. For More Information
29. Power Management
29.1. Power Saving Functions
29.2. APM
29.3. ACPI
29.4. Rest for the Hard Disk
29.5. The powersave Package
29.6. The YaST Power Management Module
30. Wireless Communication
30.1. Wireless LAN
IV. Services
31. Basic Networking
31.1. IP Addresses and Routing
31.2. IPv6—The Next Generation Internet
31.3. Name Resolution
31.4. Configuring a Network Connection with YaST
31.5. Managing Network Connections with NetworkManager
31.6. Configuring a Network Connection Manually
31.7. smpppd as Dial-up Assistant
32. SLP Services in the Network
32.1. Installation over SLP
32.2. Registering Your Own Services
32.3. SLP Front-Ends in SUSE Linux Enterprise
32.4. Activating SLP
32.5. For More Information
33. Time Synchronization with NTP
33.1. Configuring an NTP Client with YaST
33.2. Configuring xntp in the Network
33.3. Setting Up a Local Reference Clock
34. The Domain Name System
34.1. DNS Terminology
34.2. Configuration with YaST
34.3. Starting the Name Server BIND
34.4. The Configuration File /etc/named.conf
34.5. Zone Files
34.6. Dynamic Update of Zone Data
34.7. Secure Transactions
34.8. DNS Security
34.9. For More Information
35. DHCP
35.1. Configuring a DHCP Server with YaST
35.2. DHCP Software Packages
35.3. The DHCP Server dhcpd
35.4. For More Information
36. Using NIS
36.1. Configuring NIS Servers
36.2. Configuring NIS Clients
37. LDAP—A Directory Service
37.1. LDAP versus NIS
37.2. Structure of an LDAP Directory Tree
37.3. Server Configuration with slapd.conf
37.4. Data Handling in the LDAP Directory
37.5. Configuring an LDAP Server with YaST
37.6. Configuring an LDAP Client with YaST
37.7. Configuring LDAP Users and Groups in YaST
37.8. For More Information
38. Samba
38.1. Terminology
38.2. Starting and Stopping Samba
38.3. Configuring a Samba Server
38.4. Configuring Clients
38.5. Samba as Login Server
38.6. Samba Server in the Network with Active Directory
38.7. Migrating a Windows NT Server to Samba
38.8. For More Information
39. Sharing File Systems with NFS
39.1. Importing File Systems with YaST
39.2. Importing File Systems Manually
39.3. Exporting File Systems with YaST
39.4. For More Information
40. File Synchronization
40.1. Available Data Synchronization Software
40.2. Determining Factors for Selecting a Program
40.3. Introduction to Unison
40.4. Introduction to CVS
40.5. Introduction to Subversion
40.6. Introduction to rsync
40.7. Introduction to mailsync
41. The Apache HTTP Server
41.1. Quick Start
41.2. Configuring Apache
41.3. Starting and Stopping Apache
41.4. Installing, Activating, and Configuring Modules
41.5. Getting CGI Scripts to Work
41.6. Setting Up a Secure Web Server with SSL
41.7. Avoiding Security Problems
41.8. Troubleshooting
41.9. For More Information
42. The Proxy Server Squid
42.1. Some Facts about Proxy Caches
42.2. System Requirements
42.3. Starting Squid
42.4. The Configuration File /etc/squid/squid.conf
42.5. Configuring a Transparent Proxy
42.6. cachemgr.cgi
42.7. squidGuard
42.8. Cache Report Generation with Calamaris
42.9. For More Information
V. Security
43. Managing X.509 Certification
43.1. The Principles of Digital Certification
43.2. YaST Modules for CA Management
44. Masquerading and Firewalls
44.1. Packet Filtering with iptables
44.2. Masquerading Basics
44.3. Firewalling Basics
44.4. SuSEfirewall2
44.5. For More Information
45. SSH: Secure Network Operations
45.1. The OpenSSH Package
45.2. The ssh Program
45.3. scp—Secure Copy
45.4. sftp—Secure File Transfer
45.5. The SSH Daemon (sshd)—Server-Side
45.6. SSH Authentication Mechanisms
45.7. X, Authentication, and Forwarding Mechanisms
46. Network Authentication—Kerberos
46.1. Kerberos Terminology
46.2. How Kerberos Works
46.3. Users' View of Kerberos
46.4. For More Information
47. Installing and Administering Kerberos
47.1. Choosing the Kerberos Realms
47.2. Setting Up the KDC Hardware
47.3. Clock Synchronization
47.4. Configuring the KDC
47.5. Manually Configuring Kerberos Clients
47.6. Configuring a Kerberos Client with YaST
47.7. Remote Kerberos Administration
47.8. Creating Kerberos Host Principals
47.9. Enabling PAM Support for Kerberos
47.10. Configuring SSH for Kerberos Authentication
47.11. Using LDAP and Kerberos
48. Encrypting Partitions and Files
48.1. Setting Up a Crypto File System with YaST
48.2. Using vi to Encrypt Single Files
49. Confining Privileges with AppArmor
49.1. Installing Novell AppArmor
49.2. Enabling and Disabling Novell AppArmor
49.3. Getting Started with Profiling Applications
50. Security and Confidentiality
50.1. Local Security and Network Security
50.2. Some General Security Tips and Tricks
50.3. Using the Central Security Reporting Address
VI. Troubleshooting
51. Help and Documentation
51.1. Using the SUSE Help Center
51.2. Man Pages
51.3. Info Pages
51.4. The Linux Documentation Project
51.5. Wikipedia: The Free Online Encyclopedia
51.6. Guides and Books
51.7. Package Documentation
51.8. Usenet
51.9. Standards and Specifications
52. Common Problems and Their Solutions
52.1. Finding Information
52.2. Installation Problems
52.3. Boot Problems
52.4. Login Problems
52.5. Network Problems
52.6. Data Problems
52.7. IBM System z: Using initrd as a Rescue System
Index

List of Figures

3.1. IBM System z: Selecting a DASD
3.2. IBM System z: Activating a DASD
3.3. IBM System z: Overview of Available ZFCP Disks
3.4. Installation Settings
3.5. Possible Options for Windows Partitions
3.6. Resizing the Windows Partition
3.7. Installing and Removing Software with the YaST Package Manager
3.8. Proposed Setup for Network Services
3.9. Entering the Username and Password
5.1. Editing an AutoYaST Profile with the AutoYaST Front-End
5.2. AutoYaST Rules
6.1. Physical Partitioning versus LVM
6.2. Creating a Volume Group
6.3. Physical Volume Setup
6.4. Logical Volume Management
6.5. Creating Logical Volumes
6.6. RAID Partitions
6.7. File System Settings
7.1. The YaST Control Center
7.2. YaST Package Manager
7.3. Conflict Management of the Package Manager
7.4. The YaST Partitioner
7.5. Adding a PCI ID
7.6. Setting the Language
7.7. Main Window of YaST in Text Mode
7.8. The Software Installation Module
7.9. Card and Monitor Properties
12.1. A Simple High Availability Cluster
15.1. Minimum ACL: ACL Entries Compared to Permission Bits
15.2. Extended ACL: ACL Entries Compared to Permission Bits
18.1. Example of a Bash Terminal Window
18.2. The ls Command
18.3. The ls -l Command
18.4. Excerpt from a Standard Directory Tree
20.1. System Services (Runlevel)
20.2. System Configuration Using the sysconfig Editor
21.1. Configuring the Boot Loader with YaST
23.1. Virtual Machine Server and Device Drivers
23.2. Virtual Machine Definitions and Virtual Machine Monitor
23.3. VM Device Drivers
23.4. VM Server and Virtual Machines
23.5. VM Server Desktop and Three Virtual Machines
24.1. Selecting the Printer Model
27.1. The Main Window of SaX2
29.1. Scheme Selection
29.2. Overview of Existing Schemes
29.3. Configuring a Scheme
29.4. Battery Charge Level
29.5. ACPI Settings
30.1. YaST: Configuring the Wireless Network Card
31.1. Simplified Layer Model for TCP/IP
31.2. TCP/IP Ethernet Packet
31.3. Configuring a Network Card
31.4. Modem Configuration
31.5. ISDN Configuration
31.6. ISDN Interface Configuration
31.7. DSL Configuration
33.1. YaST: Configuring an NTP Client
33.2. YaST: Complex NTP Client Configuration
34.1. DNS Server Installation: Forwarder Settings
34.2. DNS Server Installation: DNS Zones
34.3. DNS Server Installation: Finish Wizard
34.4. DNS Server: Logging
34.5. DNS Server: Slave Zone Editor
34.6. DNS Server: Zone Editor (Basic)
34.7. DNS Server: Zone Editor (NS Records)
34.8. DNS Server: Zone Editor (MX Records)
34.9. DNS Server: Zone Editor (SOA)
35.1. DHCP Server: Card Selection
35.2. DHCP Server: Global Settings
35.3. DHCP Server: Dynamic DHCP
35.4. DHCP Server: Start-Up
35.5. DHCP Server: Host Management
35.6. DHCP Server: Chroot Jail and Declarations
35.7. DHCP Server: Selecting a Declaration Type
35.8. DHCP Server: Configuring Subnets
35.9. DHCP Server: TSIG Configuration
35.10. DHCP Server: Interface Configuration for Dynamic DNS
35.11. DHCP Server: Network Interface and Firewall
36.1. NIS Server Setup
36.2. Master Server Setup
36.3. Changing the Directory and Synchronizing Files for a NIS Server
36.4. NIS Server Maps Setup
36.5. Setting Request Permissions for a NIS Server
36.6. Setting Domain and Address of a NIS Server
37.1. Structure of an LDAP Directory
37.2. YaST LDAP Server Configuration
37.3. YaST: Configuration of the LDAP Client
37.4. YaST: Advanced Configuration
37.5. YaST: Module Configuration
37.6. YaST: Configuration of an Object Template
37.7. YaST: Additional LDAP Settings
38.1. Determining Windows Domain Membership
38.2. Providing Administrator Credentials
39.1. NFS Client Configuration with YaST
39.2. NFS Server Configuration Tool
39.3. Configuring an NFS Server with YaST
41.1. HTTP Server Wizard: Default Host
41.2. HTTP Server Wizard: Summary
41.3. HTTP Server Configuration: Listen Ports and Addresses
41.4. HTTP Server Configuration: Server Modules
43.1. YaST CA Module—Basic Data for a Root CA
43.2. YaST CA Module—Using a CA
43.3. Certificates of a CA
43.4. YaST CA Module—Extended Settings
44.1. iptables: A Packet's Possible Paths
47.1. YaST: Basic Configuration of a Kerberos Client
47.2. YaST: Advanced Configuration of a Kerberos Client
51.1. The Main Window of the SUSE Help Center
51.2. Configuring the Search Function
51.3. Generating a Search Index
52.1. US Keyboard Layout
52.2. Automatic Repair Mode

List of Tables

2.1. Installing from the SUSE Linux Enterprise Media
2.2. Installing from a Network Server Using SLP
2.3. Installing from a Network Server
2.4. Simple Remote Installation via VNC—Static Network Configuration
2.5. Simple Remote Installation via VNC—Dynamic Network Configuration
2.6. Remote Installation via VNC—PXE Boot and Wake on LAN
2.7. Simple Remote Installation via SSH—Static Network Configuration
2.8. Remote Installation via SSH—Dynamic Network Configuration
2.9. Remote Installation via SSH—PXE Boot and Wake on LAN
2.10. Simple Mass Installation
2.11. Rule-Based Autoinstallation
3.1. Boot Options
4.1. F Keys During Installation
4.2. Installation (Boot) Scenarios Used in This Chapter
7.1. rug Commands
8.1. Backup Files
8.2. Commands
8.3. Log Files in /var/log
8.4. Wrapper
8.5. Split Configuration Files in /etc/sysconfig/powersave
9.1. Commands for Managing owcimomd
9.2. Port Communication Setup and Recommended Configurations
9.3. Additional Color Codes for the log.debug.format Command
14.1. O2CB Cluster Service Stack
14.2. In-Memory File Systems Used by OCFS2
14.3. OCFS2 Utilities
14.4. O2CB Commands
15.1. ACL Entry Types
15.2. Masking Access Permissions
16.1. The Most Important RPM Query Options
16.2. RPM Verify Options
18.1. Overview of a Standard Directory Tree
18.2. Simple Commands of the vi Editor
20.1. Available Runlevels
20.2. Possible init Script Options
22.1. ulimit: Setting Resources for the User
23.1. Tasks and Commands for Managing Virtual Machines
23.2. Changing Viewer Preferences
26.1. File System Types in Linux
26.2. Maximum Sizes of File Systems (On-Disk Format)
27.1. Sections in /etc/X11/xorg.conf
27.2. Parameters of fc-list
27.3. Supported 3D Hardware
30.1. Overview of Various WLAN Standards
31.1. Several Protocols in the TCP/IP Protocol Family
31.2. Specific Addresses
31.3. Private IP Address Domains
31.4. Various IPv6 Prefixes
31.5. Manual Network Configuration Scripts
31.6. Parameters for /etc/host.conf
31.7. Databases Available via /etc/nsswitch.conf
31.8. Configuration Options for NSS “Databases
31.9. Some Start-Up Scripts for Network Programs
37.1. Commonly Used Object Classes and Attributes
37.2. User Groups and Their Access Grants
37.3. Types of Access
40.1. Features of the File Synchronization Tools: -- = very poor, - = poor or not available, o = medium, + = good, ++ = excellent, x = available
43.1. X.509v3 Certificate
43.2. X.509 Certificate Revocation List (CRL)
43.3. Passwords during LDAP Export
51.1. Man Pages—Categories and Descriptions

List of Examples

7.1. /etc/fstab: Partition Data
8.1. List with df -h
16.1. rpm -q -i wget
16.2. Script to Search for Packages
18.1. Sample Output Showing File Permissions
18.2. Sample Output Showing Directory Permissions
20.1. A Minimal INIT INFO Block
22.1. Entry in /etc/crontab
22.2. /etc/crontab: Remove Time Stamp Files
22.3. Example for /etc/logrotate.conf
22.4. ulimit: Settings in ~/.bashrc
24.1. /etc/modprobe.conf: Interrupt Mode for the First Parallel Port
24.2. Error Message from the lpd
24.3. Broadcast from the CUPS Network Server
27.1. Screen Section of the File /etc/X11/xorg.conf
28.1. PAM Configuration for sshd
28.2. Default Configuration for the auth Section
28.3. Default Configuration for the account Section
28.4. Default Configuration for the password Section
28.5. Default Configuration for the session Section
28.6. pam_unix2.conf
28.7. pam_env.conf
28.8. pam_pwcheck.conf
31.1. Writing IP Addresses
31.2. Linking IP Addresses to the Netmask
31.3. Sample IPv6 Address
31.4. IPv6 Address Specifying the Prefix Length
31.5. /etc/resolv.conf
31.6. /etc/hosts
31.7. /etc/networks
31.8. /etc/host.conf
31.9. /etc/nsswitch.conf
31.10. Output of the Command ping
31.11. Output of the ifconfig Command
31.12. Output of the route -n Command
34.1. Forwarding Options in named.conf
34.2. A Basic /etc/named.conf
34.3. Entry to Disable Logging
34.4. Zone Entry for my-domain.de
34.5. Zone Entry for other-domain.de
34.6. File /var/lib/named/world.zone
34.7. Reverse Lookup
35.1. The Configuration File /etc/dhcpd.conf
35.2. Additions to the Configuration File
37.1. Excerpt from schema.core
37.2. slapd.conf: Include Directive for Schemes
37.3. slapd.conf: pidfile and argsfile
37.4. slapd.conf: Access Control
37.5. slapd.conf: Example for Access Control
37.6. slapd.conf: Database-Specific Directives
37.7. Example for an LDIF File
37.8. ldapadd with example.ldif
37.9. LDIF Data for Tux
37.10. Modified LDIF File tux.ldif
37.11. pam_unix2.conf Adapted to LDAP
37.12. Adaptations in nsswitch.conf
38.1. A CD-ROM Share
38.2. homes Share
38.3. Global Section in smb.conf
38.4. Setting Up a Machine Account
38.5. Automated Setup of a Machine Account
38.6. Example Script initGroups.sh
40.1. The file ~/.unison/example.prefs
41.1. Variations of Name-Based VirtualHost Entries
41.2. Name-Based VirtualHost Directives
41.3. IP-Based VirtualHost Directives
41.4. Basic VirtualHost Configuration
41.5. VirtualHost CGI Configuration
42.1. Firewall Configuration: Option 15
42.2. Access Rules
42.3. Access Rules
49.1. Output of aa-unconfined
52.1. Output of the Mount Command
52.2. chroot to the Mounted File System
52.3. Installing the IPL Record with zipl
52.4. Unmounting the File System