CipUX 3.2.12 Installation Guide for Debian-Edu/Skolelinux: This is based on the English CipUX 3.2.10 installation guide, which includes the work of many contributers:
- Georg Damm (hints to change WLUS-users to CipUX-users,
- correction of backup restore, additional configuration step for samba)
- Christian Gatzemeier (div. corrections and alternatives)
- Ralf Gesellensetter (warning)
- Martin Herweg (install on pr06,image-deploy for fat clients)
- Christian Külker (first draft)
- Jürgen Leibner (correct /etc/pam_ldap.conf)
- Michael Stamm (LDAP schema include place)
- Ludger Sicking (typo)
- Radi Wieloch (errors, numbers, orthography, grammar)
- Patrick Willam (several checks, "wording", aptitude, backup, minor enhancements)
[The English source of the document is the original source. If you translate this document, please make a note at this point, where the original can be found.]
- Note
Please leave the main-document without wikification. It will go 1:1 outside this wiki (into CipUX packages and other places). When doing changes it's a good idea to keep the style, too. Thanks!
CipUX 3.2.12 installation guide
for Debian-Edu/Skolelinux 2.0
Original by
Christian Külker
2006-10-08
License GPL
History:
Based on the English installation guide for CipUX 3.2.10
rev.: date: name: description
0.1 2006-10-08 Christian Külker first draft
Contents
========
1 Introduction
2 Preparation
2.1 Add cipux Repository to your sources.list file
2.2 Back up the LDAP Server
3 Base System Setup
3.1 Installation of the CipUX Base Packages
3.2 Add a Schema to the LDAP Server
3.3 Save the LDAP Server Password into a File
4 Populate the LDAP Server
5 Install other CipUX Packages
5.1 Installation of cipux-rpc Package (>= 3.2.10)
5.2 Installation of cipux-samba Package (>= 3.2.12)
5.3 Installation of cipux-cat-webmin Package
5.3.1 Webmin Configuration
5.3.2 Configuration with CAT
5.4 Installation of cipux-deploy Package (>= 3.2.9)
5.4.1 Command Line Configuration
5.4.2 Further Configuration with CAT
5.5 Installation of cipux-cat-moodle Package (after 3.2.10)
5.6 Installation of cipux-client Package (after 3.2.14)
5.7 Installation of cipux-notifier Package (after 3.2.14)
5.8 Installation of cipux-profile Package (after 3.2.12)
6 Additional Features
6.1 Quota configuration
7 Step-through installation without Samba, with RPC
1 Introduction
================
This manual is for the installation of CipUX 3.2.12 on a freshly
installed Debian-edu/Skolelinux 2.0 with main server profile
and eventually additionally installed terminal server profile.
To install CipUX you will also need a working Internet connection!
*============================[ WARNING ]============================*
|| ||
|| WARNING: Do not use CipUX on a productive Debian-edu/Skolelinux ||
|| system, if you have already added users by means of WLUS ||
|| (webmin-ldap-user-simple)! ||
|| The installation will not delete your users, but this is not a ||
|| migration manual, and therefore the resulting LDAP database is ||
|| going to be unusable for a productive environment. ||
|| ||
*===================================================================*
Almost all(!) steps in this installation manual have to be done on
the machine which has been installed with the main server profile!
This machine identifies itself by the name "tjener".
The only(!) steps that may also be done by using another machine
are the few ones that are done by using a web-browser.
Conventions used in this manual:
CTRL press the control key
CTRL-c press the control key, hold it down, and press the c key
$ you may execute this command as any user
# you have to execute this command as root user
[01] .. [xx] are command and output numbers and are used for
references, they are not intended to be written.
(01) .. (xx) are also command and output numbers and are used
for optional references.
<OK> means pressing the button "OK".
vim you may use your favorite editor here
User-hint some untested advice from users
2 Preparation
===============
2.1 Add cipux Repository to your sources.list file
--------------------------------------------------
Edit the file /etc/apt/sources.list and add the following lines:
[01]
# vim /etc/apt/sources.list
deb http://debian.cipworx.org/ sid main contrib non-free
deb http://backports.cipworx.org/ sid main contrib non-free
deb http://ftp.debian.org/debian/ sarge main contrib non-free
Then switch off the proxy by typing
[02]
# export http_proxy=""
# export ftp_proxy=""
2.2 Back up the LDAP Server
---------------------------
[03]
# /etc/init.d/slapd stop
# mkdir -p /skole/backup
# tar cvzf /skole/backup/tmp_backup_ldap.tar.gz /var/lib/ldap
# /etc/init.d/slapd start
3 Base System Setup
=====================
Execute these commands as root:
[04]
# aptitude update; aptitude update
On some systems it must be done twice. (Ask a Debian guru why!)
3.1 Installation of the CipUX Base Packages
-------------------------------------------
[05]
# aptitude install cipux-common cipux-cibot
3.2 Add a Schema to the LDAP Server
-----------------------------------
Now we edit /etc/ldap/slapd.conf and add a new include line
(at the END of the other include lines):
*============================[ WARNING ]============================*
|| ||
|| WARNING: You might like CipUX so much that you probably put the ||
|| include in front of the other includes. Don't do that! ||
|| You will get errors about the unknown attribute uid. ||
|| ||
*===================================================================*
[06]
# /etc/init.d/slapd stop
[07]
# vim /etc/ldap/slapd.conf
include /etc/ldap/schema/cipux.schema
Start the LDAP server again with:
[08]
# /etc/init.d/slapd start
Check if the LDAP server starts (if you do not know how to do
that, please have a look at footnote 02).
4 Populate the LDAP Server
============================
Change the LDAP database by setting up the according CipUX
structures. This is the most challenging task in the process
and may not be easily reversible!
Run a script:
What will the script do?
- It will ask for the LDAP passoword.
On Debian-edu the already set root password is also the LDAP
password. (It's NOT a new password!)
It will execute other scripts, and they do:
- move ou=Machines,ou=People,dc=skole,dc=skoelinux,dc=no
to ou=Machines,dc=skole,dc=skoelinux,dc=no
- add ou=CipUX,ou=People,dc=skole,dc=skoelinux,dc=no
- DELETES cipadmin and CipUX roles!!! (if they exist)
- add cipadmin and default CipUX roles
*============================[ WARNING ]============================*
|| ||
|| WARNING: This script is intended to run on a 'freshly' ||
|| installed Debian-edu/Skolelinux release/ system ||
|| ||
*===================================================================*
Execute the following command:
[09]
# /usr/lib/cipux/sbin/cipux_setup -s
If an error occurs during the run of cipux_setup, you should
correct it. If it is not obvious what error occurred and how
to solve it, you might run:
# /usr/lib/cipux/sbin/cipux_maint_diagnostic
5 Install other CipUX Packages
=================================
package: status requires:
---------------------------------------------
cipux-rpc ok cipux-common cipux-cibot
cipux-samba ok cipux-common cipux-cibot
cipux-cat-webmin ok cipux-common cipux-cibot
cipux-cat-moodle (alias cipuxPHP, ask JeanCharles, Xavier)
cipux-client alpha cipux-common cipux-cibot cipux-rpc
cipux-notifier alpha cipux-common cipux-cibot cipux-rpc
cipux-deploy beta cipux-common cipux-cibot
cipux-profile alpha cipux-common cipux-cibot
5.1 Installation of cipux-rpc Package (>= 3.2.10)
-------------------------------------------------
You need the CipUX XML-RPC server if you are using the CipUX
Moodle plugins, cipux-client, or cipux-notifier.
(1) Installation:
# aptitude install cipux-rpc
(2) Run the server:
# /etc/init.d/cipuxrpcd start
(3) Stop the server:
# /etc/init.d/cipuxrpcd stop
(4) testing the installation
# /usr/lib/cipux/sbin/cipux_maint_diagnostic
5.2 Installation of cipux-samba Package (>= 3.2.10)
----------------------------------------------------
TODO
5.3 Installation of cipux-cat-webmin Package
--------------------------------------------
(1)
# aptitude install cipux-cat-webmin
(2)
# /usr/lib/cipux/sbin/cipux_maint_diagnostic
5.3.1 Webmin Configuration
----------------------------
The final thing to do is to make the Webmin module CAT
accessible for the Webmin user root and pam.
Here's a brief summary:
- change language for 'root' to English, German, or French
- change language for 'pam' to English, German, or French
- add CipUX Adminstration tool to 'root'
- add CipUX Adminstration tool to 'pam'
- remove 'user 'Administrate users in ldap' (WLUS) for 'root'
- remove 'user Administrate users in ldap' (WLUS) for 'pam'
If you want to use the application form feature:
- create user Webmin user 'applicationform'
- add CipUX Adminstration tool to 'applicationform'
- grant anonymous access for user 'applicationform'
to the following URLs:
/cat/applicationform.cgi
/cat/images
Here's a few details:
Start a browser
User-hint: Konqueror works using https://localhost:10000 or
https://10.0.2.2:10000, other local addresses are
currently not in the proxy exception list (should
be changed to contain .intern.) and not allowed
in the proxy.
[3]
$ mozilla-firefox
and switch off the proxy in the browser.
[4]
Edit -> Preferences -> General -> Connection Settings ...
-> "Direct connection to the Internet"-> <OK>
Enter the following URL (location, address) into the
browser's location bar:
[5]
https://localhost:10000
A certification dialog will pop up ...
[6]
select "Accept this certificate permanently"
[7]
<OK>
Another dialog appears:
"You have requested an encrypted page. The website has
identified itself correctly, and information you see or
enter on this page can easily be read by a third party."
[...]
[8]
<OK>
[9]
User name: root
Password: himitsu
<Login>
(use _your_ root password instead of "himitsu"!)
[10]
<never for this site>
[11]
go to Webmin -> Webmin Users -> root
[12]
select System -> CipUX Administration Tool
[13]
press "save" button
[14]
If you want the feature that every user can change his/her password,
you should give the "CipUX Administration Tool". As with user root
before, give the Webmin user "pam" the "CipUX Administration Tool".
[15]
If you want to use the application form module inside
your institution without password (it doesn't make sense with a password)
you have to do the following:
* create a webmin user 'applicationform'
check the box "CipUX Administration Tool"
* go back to Webmin index
* go to webmin configuration:
* go to Anonymous Module Access
anonymous user access the to URLs to the user applicationform for with
URL Path | Webmin User
--------------------------+----------------------
/cat/applicationform.cgi | applicationform
/cat/images | applicationform
5.3.2 Final Setup with CAT
--------------------------
You don't have to do this if you install cipux-profile and apply
a given profile (that is the reason why the profile-package exsists!).
But if you don't find an appropriate profile, you can setup CipUX manually.
Log into Webmin as root or cipadmin (same password)
In Webmin you have to go to
Webmin Index -> System -> CipUX Administration Tool
When you log in to CAT for the first time only the setup
module (setup.cgi) is available. You may use this as root
or cipadmin.
Follow the setup questions. After finishing the setup,
other modules will become available depending on the setup.
5.4 Installation of cipux-deploy Package (after 3.2.9)
---------------------------------------------
*============================[ WARNING ]============================*
|| ||
|| WARNING: Difficult ||
|| ||
*===================================================================*
The cipux-deploy module is still under development and
was introduced in CipUX 3.2.9. Sadly, you must have a lot of
know how these days to set up cipux-deploy. We are working
to make this easy.
# aptitude install tftpd-hpa cipux-deploy
5.4.1 Command Line Configuration
--------------------------------
Only the very basic things are written here.
Ignore the error message during install, because we run tftpd standalone,
not with inetd.
Edit the file
# vim /etc/default/tftpd-hpa
#Defaults for tftpd-hpa
RUN_DAEMON="yes"
#OPTIONS="-l -s /var/lib/tftpboot"
OPTIONS=" -l -v -v -v -c -p -U 007 -u cipux -a 192.168.0.254 -s /var/lib/tftpboot "
# id cipux
If the user user does not exist, create it now:
# groupadd -g 200 cipux
# useradd -u 200 -g 200 -d /var/lib/tftpboot -s /bin/false cipux
# chown cipux /var/lib/tftpboot/cipux
# chown cipux /var/lib/tftpboot/cipux/conf
# chown cipux /var/lib/tftpboot/cipux/script
# /etc/init.d/inetd stop
# /etc/init.d/tftpd-hpa start
* remove inetd from the default run level
* add tftpd-hpa to default run level
Probably, this should go into a different guide:
TODO: write the configuration of the imager system
TODO: write creation of an image
5.4.2 Further Configuration with CAT
------------------------------------
Log into Webmin as root or cipadmin (same password)
In Webmin you have to go to
Webmin Index -> System -> CipUX Administration Tool
When you log in to CAT for the first time only the setup
module (setup.cgi) is available. You may use this as root
or cipadmin.
Follow the setup questions. After finishing the setup
other modules will become available depending on the setup.
5.5 Installation of cipux-cat-moodle Package (after 3.2.10)
-----------------------------------------------------------
TODO@Xavier
5.6 Installation of cipux-client Package (after 3.2.14)
--------------------------------------------------------
TODO@Benedikt
5.7 Installation of cipux-notifier Package (after 3.2.14)
--------------------------------------------------------
TODO@Benedikt
5.8 Installation of cipux-profile Package (after 3.2.12)
----------------------------------------------------------
CipUX-Profile provides some preselected values for the CipUX
system. You do not need to install a profile.
a) Installation of the profile package can be done with
# aptitude install cipux-profile
b1) You can apply the profile directly with:
# cd /usr/lib/cipux/sbin
If you want the French school profile then you do:
# ./cipux_profile_fr_school
b2) Or you can install it with cipux_setup
# cipux_setup -swP cipux_profile_fr_school
b3) Or if you are not sure what profiles are available:
# cipux_setup -swp
Then you can choose.
6 Additional Features
=========================
6.1 Quota Configuration
---------------------------
CipUX can be used with user quota. To enable quota you must have a
quota enabled kernel and quota capable file system on the users home
directory.
Example setting up quota on ext3:
Install quota:
# apt-get install quota
Use quota on home0:
# vi /etc/fstab
and change
/dev/vg_data/lv_home0 /skole/tjener/home0 ext3 defaults 0 2
to
/dev/vg_data/lv_home0 /skole/tjener/home0 ext3 defaults,usrquota,grpquota 0 2
Create the quota-files:
# touch /skole/tjener/home0/aquota.user
# touch /skole/tjener/home0/aquota.group
# chmod 600 /skole/tjener/home0/aquota.*
Remount home0 so that the changes take effect:
# mount -o remount /skole/tjener/home0/
Check the quota:
# quotacheck -avugm
Turn on quota:
# quotaon -avug
Activate quotas in CipUX by changing the following lines
# vim /etc/cipux/cipux.conf
CipUX_Quota=1
Cipux_Quota_Filesystem=/skole/tjener/home0
7 Step-through installtion without Samba, with RPC
======================================================
[01]
# vim /etc/apt/sources.list
deb http://debian.cipworx.org/ sid main contrib non-free
deb http://backports.cipworx.org/ sid main contrib non-free
deb http://ftp.debian.org/debian/ sarge main contrib non-free
[02]
# export http_proxy="";export ftp_proxy=""
# aptitude update; aptitude update
# aptitude install cipux-common cipux-cibot
[03]
# /etc/init.d/slapd stop
# vim /etc/ldap/slapd.conf
include /etc/ldap/schema/cipux.schema
# /etc/init.d/slapd start
[04]
# cipux_setup -s
# aptitude install cipux-cat-webmin
# aptitude install cipux-rpc
# /usr/lib/cipux/sbin/cipux_maint_diagnostic_pre
footnote 01):
Backup Restore (Only if you need it!)
+------------------------------------------------------------------+
| If you want to restore your LDAP data later, you may write the |
| backup back (when the LDAP server is NOT running!) with: |
| |
| |
| # /etc/init.d/slapd stop |
| # rm -r /var/lib/ldap |
| # cd / |
| # tar xvfz /skole/backup/tmp_backup_ldap.tar.gz |
| # /etc/init.d/slapd start |
+------------------------------------------------------------------+
(footnote 02):
How to check if the LDAP server is running?
$ ps ax | grep slapd | grep -v grep
This should produce output like:
2890 ? Ss 0:00 /usr/sbin/slapd -h ldap:/// ldaps:///
This means the LDAP server is running.