Tabla de contenidos
Traducción:
2007 José L. Redrejo Rodríguez
2009-2012, 2015 Rafael Rivas
2010, 2012-2013 Norman Garcia
2021 Adolfo Jayme Barrientos
2021 Eulalio Barbero Espinosa
Este es el manual de la versión 11 «Bullseye» de Debian Edu.
La versión en https://wiki.debian.org/DebianEdu/Documentation/Bullseye es un wiki que se actualiza con frecuencia.
Las Traduccionesson parte del paquete
debian-edu-doc
que puede ser instalado en
un servidor web, y que está disponible online.
Debian Edu, también conocido como Skolelinux, es una distribución Linux basada en Debian que brinda un entorno listo para implantar en una red escolar. Fue pensada para funcionar en un entorno de tipo cliente-servidor. Los servidores y los clientes son elementos de sóftwer que interactúan entre sí. Los servidores brindan la información que requieren los clientes para funcionar. Cuando se instala un servidor en una máquina y su cliente en otra, ambas se conocen como el servidor y el cliente, por extensión del concepto.
Los capítulos sobre requisitos de hárdwer y de red y sobre la arquitectura contienen detalles básicos del entorno.
Inmediatamente después de la instalación, el servidor de la escuela ejecutará todos los servicios necesarios para que la red escolar sea funcional (vea el siguiente capítulo detalles de la arquitectura de esta configuración), y estará lista para agregar usuarios y equipos vía GOsa², que una interfaz de usuario web cómoda, o cualquier otro editor de LDAP. Un ambiente de carga por red es preparado usando PXE/iPXE , así, después de la instalación inicial del servidor principal desde CD, Blu-ray o unidad USB, las otras computadoras pueden ser instaladas a través de la red, esto incluye "estaciones de trabajo itinerantes" (pueden ser llevadas fuera de la red escolar, usualmente laptops o netbooks) y carga por PXE/iPXE para computadoras sin disco duro como los tradicionales clientes ligeros.
Múltiples aplicaciones educativas como GeoGebra, Kalzium, KGeography, GNU Solfege y Scratch, han sido incluidas en el escritorio predeterminado, el cual puede fácilmente ser extendido casi ilimitadamente, vía el universo Debian.
Debian Edu / Skolelinux es una distribución de Linux, hecha por el proyecto Debian Edu. Siendo una distribución mezclada de Debian es un sub-proyecto oficial de Debian
Lo que esto significa, es que Skolelinux es una versión de Debian que proporciona un ambiente "out of the box" de una red escolar completamente configurada.
El proyecto Skolelinux fue fundado en Noruega el 2 de julio de 2001, y casi a la vez Raphaël Hertzog iniciaba el proyecto Debian Edu en Francia. Desde el 2003, ambos proyectos trabajaron unidos, aunque los nombres permanecieron separados. «Skole» y (Debian-)«Educativo» son dos términos bien conocidos en estas regiones.
Actualmente, el sistema se utiliza en muchos países alrededor del mundo.
Esta sección del documento describe la arquitectura de red y los servicios proporcionados por una instalación Skolelinux.
La figura es un esquema propuesto de la topología de red. La configuración predeterminada de Skolelinux asume que hay un (y sólo uno) servidor principal, y permite incluir tanto servidores LTSP (con clientes ligeros y/o estaciones sin disco asociados) como estaciones de trabajo. El número de estaciones de trabajo puede ser tan grande o pequeña como se quiera (desde ninguno a muchísimos). Lo mismo para los servidores LTSP, cada uno de los cuales está en una red separada, de forma que el tráfico entre los clientes ligeros y su servidor no afecte al resto de los servicios de red. LTSP se explica en detalle en el capítulo relacionado con HowTo
La razón por la que sólo puede haber un servidor principal en cada red es que el servidor principal proporciona DHCP, y sólo puede haber una máquina haciendo eso en cada red. Es posible trasladar servicios del servidor principal a otras máquinas configurando el servicio en otra máquina, y posteriormente, actualizando la configuración de DNS para que apunte al alias DNS de ese servicio a la máquina correcta.
In order to simplify the standard setup of Skolelinux, the Internet connection runs over a separate router, also called gateway. See the Internet router chapter for details how to set up such a gateway if it is not possible to configure an existing one as needed.
El DHCP en el servidor «Tjener» sirve la red 10.0.0.0/8, en la que recibirá un menú de PXE boot done podrá seleccionar si instalar un servidor nuevo / estación de trabajo, iniciar un cliente delgado, estación sin disco, prueba de memoria o iniciar desde disco local.
This is designed to be modified; for details, see the related HowTo chapter.
DHCP on the LTSP servers only serves a dedicated network on the second interface (192.168.0.0/24 and 192.168.1.0/24 are preconfigured options) and should seldom need to be changed.
La configuración de todas las subredes es almacenada en LDAP.
Una red Skolelinux necesita un servidor principal (también llamado "tjener" que significa "servidor" en Noruego) que por defecto tenga la dirección IP 10.0.2.2 y sea instalado seleccionando el perfil servidor principal. Es posible (pero no requerido) seleccionar e instalar también los perfiles de servidor LTSP y estación de trabajo al perfil de servidor principal.
Con la excepción del control de los clientes ligeros, todos los servicios se configuran inicialmente en un ordenador central (el servidor principal). Debido a razones de rendimiento, el servidor(es) LTSP debe ser una máquina separada (aunque se pueden instalar juntos en la misma máquina los perfiles de servidor principal y servidor LTSP). Todos los servicios tienen un nombre de DNS y se ofrecen únicamente sobre IPv4. Los nombres de DNS para los servicios hacen fácil el traslado a máquinas individuales de cada uno de ellos. Tan sólo hay que parar el servicio en el servidor principal, y cambiar la configuración de DNS para apuntar a la nueva ubicación del servicio (que, evidentemente, debe configurarse antes en esa máquina).
Para garantizar la seguridad, siempre q ue se transmitan contraseñas por la red, se hace en canal encriptado. Por tanto, no se envía ninguna contraseña en texto plano.
Abajo se encuentra una lista de los servicios que se tienen por defecto en una red Skolelinux, con el nombre de DNS en cada servicio, Si es posible, todos los archivos de configuración harán referencia al servicio por su nombre (sin el nombre del dominio), haciendo más fácil para las escuelas el cambio de dominio (si se tiene un dominio DNS) o la dirección IP que utilizan.
Tabla de servicios | ||
Descripción de servicios |
Nombre común |
Nombre de servicio DNS |
Registros centralizados |
rsyslog |
syslog |
Sistema de Nombre de Dominio |
DNS (BIND) |
domain |
Configuración automática de equipos |
DHCP |
bootps |
Sincronización de reloj |
NTP |
ntp |
Directorios de usuarios vía sistema de archivos de red |
SMB / NFS |
homes |
Correo Electrónico |
IMAP (Dovecot) |
postoffice |
Servicio de Directorio |
OpenLDAP |
ldap |
Administración de usuarios |
GOsa² |
--- |
Servidor Web |
Apache/PHP |
www |
Respaldo Central |
sl-backup, slbackup-php |
backup |
Caché Web |
Proxy (Squid) |
webcache |
Impresión |
CUPS |
ipp |
Inicio de sesión remoto seguro |
OpenSSH |
ssh |
Configuración Automática |
CfEngine |
cfengine |
Servidor(es) LTSP |
LTSP |
ltsp |
Monitoreo de servicios y equipos, reportes de fallas, histórico vía web. Reportes de fallos vía correo. |
Munin, Icinga y Sitesummary |
sitesummary |
Personal files for each user are stored in their home directories, which are made available by the server. Home directories are accessible from all machines, giving users access to the same files regardless of which machine they are using. The server is operating system agnostic, offering access via NFS for Unix clients and via SMB2/SMB3 for other clients.
Por defecto, el correo está configurado para envío local (dentro de la escuela), aunque se puede configurar el envío a todo Internet si la escuela tiene una conexión a Internet fija. Los clientes están configurados para enviarcorreo al servidor (usando 'smarthost'), y los usuarios pueden acceder a su correo personal mediante IMAP.
Todos los servicios usan el mismo nombre de usuario y contraseña, gracias a la base de datos centralizada para autenticación y autorización de usuarios.
Para incrementar el rendimiento al acceder frecuentente a los mismos sitios de internet hay un proxy que cachea localmente los archivos (Squid). Junto al bloqueo de tráfico web en el router este también permite el control de acceso a Internet individualmente para cada puesto.
La configuración de red en los clientes se hace automáticamente con DHCP. Los clientes normales reciben direcciones IP en el rango privado 10.0.0.0/8, y los clientes LTSP se conectan a su servidor LTSP mediante la subred separada 192.168.0.0/24 (esto asegura que el tráfico de los clientes LTSP no interfiera con el resto de los servicios de red).
El registro de sucesos está centralizado, de forma que todas las computadoras envían sus mensajes al servidor. El servicio syslog está configurado para aceptar sólo mensajes entrantes desde la red local.
Por defecto, el servidor de DNS está configurado con un dominio para uso interno (*.intern), contra un servidor de DNS real ("externo") que puede configurarse. El servidor de DNS actua como un caché de DNS, de forma que todos los puestos de la red pueden usarlo como su servidor de DNS principal.
Los alumnos y profesores pueden publicar sitios web. El servidor web proporciona mecanismos para autenticar los usuarios, y para limitar el acceso a páginas individuales y subdirectorios a ciertos usuarios y grupos. Los usuarios pueden crear páginas web dinámicas, ya que el servidor web puede ejecutar programas del lado del servidor.
Information on users and machines can be changed in one central location, and is made accessible to all computers on the network automatically. To achieve this a centralised directory server is set up. The directory will have information on users, user groups, machines and groups of machines. To avoid user confusion there won't be any difference between file groups and network groups. This implies that groups of machines which are to form network groups will use the same namespace as user groups.
La administración de los usuarios y servicios se hace mediante web, y sigue estándares establecidos. Son funcionales en los navegadores que incluye Skolelinux. Es posible delegar algunas tareas a usuarios o grupos de usuarios mediante los sistemas de administración.
Para evitar algunos problemas con NFS, y hacer más simple la depuración de errores, es necesario sincronizar los relojes de todas las máquinas. Para lograr esto, el servidor Skolelinux tiene configurado un servidor NTP, y todas las estaciones y clientes se configuran para sincronizar sus relojes con el servidor. El servidor debe sincronizar su propio reloj mediante NTP con alguna de las máquinas disponibles en Internet para asegurarse de que toda la red tenga la hora correcta.
Las impresoras se conectan donde sean necesarias, bien directamente en la red, o conectadas a un servidor, estación de trabajo o servidor LTSP El acceso a las impresoras se puede controlar para los usuarios de acuerdo con el grupo al que pertenezcan, y puede hacerse con cuota y control de acceso a las impresoras.
Una red Skolelinux puede tener muchos servidores LTSP, que pueden ser instalados seleccionando el perfil servidor LTSP.
EL servidor LTSP está configurado para recibir los registros de los clientes ligeros y reenviarlos al servidor central.
Please note:
LTSP diskless workstations are using the programs installed on the server.
The client root filesystem is provided using NFS. After each modification to
the LTSP server the related image has to be re-generated; run
debian-edu-ltsp-install --diskless_workstation
yes
on the LTSP server.
Una configuración de cliente ligero permite a un PC ordinario funcionar como un terminal (X). Esto significa que la computadora arranca desde el servidor a través de la red (usando network-PROM o PXE) sin usar el disco duro local. La configuración de cliente ligero ahora usa X2Go, porque la LTSP ha dejado de apoyar.
Los clientes delgados son una buena forma de usar máquinas viejas, de poca capacidad, ya que los programas se ejecutan en el servidor LTSP. Funciona así: El servicio usa DHCP y TFTP para conectarse a la red y arrancar desde la red. Después, se monta el sistema de archivos vía NFS desde el servidor LTSP, y finalmente el cliente de X2Go se inicia.
Una estación sin disco, ejecuta todas las aplicaciones localmente, sin necesidad de un S.O instalado. Esto significa que las máquinas cliente arrancan vía PXE sin ejecutar el software instalado en un disco duro local.
Las estaciones sin disco son una forma excelente para reutilizar hardware reciente, con el mismo costo bajo de mantenimiento que los clientes ligeros. Las aplicaciones son administradas y mantenidas en el servidor, sin necesidad de instalaciones en los clientes. Los directorios de los usuarios y las configuraciones de sistema son almacenadas en el servidor.
Todas las máquinas Linux que se instalan con el instalador de Skolelinux se
pueden administrar desde una computadora central, es decir el servidor. Se
puede acceder a todas las máquinas por SSH y, por tanto hay acceso completo
a todos los puestos. Como root primero es necesario ejecutar
kinit
para obtener un TGT de Kerberos.
Toda la información de los usuarios se guarda en un directorio LDAP. Las actualizaciones de las cuentas de usuario se hacen contra esta base de datos, que es la que usan los clientes para autenticarse.
Actualmente hay dos medios de instalación: instalación por red y BD. Ambos medios pueden ser cargados desde memorias USB.
La idea es poder instalar un servidor desde cualquier medio una sola vez e instalar los demás clientes por la red arrancando mediante la red.
Solo la instalación en red necesita acceso a Internet durante la instalación.
The installation should not ask any questions, with the exception of desired language, location, keyboard and machine profile (Main Server, Workstation, LTSP Server, ...). All other configuration will be set up automatically with reasonable values, to be changed from a central location by the system administrator subsequent to the installation.
Cada cuenta de usuario de Skolelinux tiene asignada una sección del sistema de archivos en el servidor de archivos. Esta sección (directorio home) contiene los archivos de configuración del usuario, documentos, correos electrónicos y páginas web. Algunos de los archivos deberían tener acceso de lectura para otros usuarios del sistema, algunos podrían ser de lectura para todos a través de Internet, y algunos no deberían ser accesibles por nadie que no fuera el usuario.
Para asegurar que todos los discos serán utilizados para directorios de
datos de los usuarios o directorios compartidos, pueden poseer nombres
únicos entre todas los ordenadores durante la instalación al ser montados
como /skole/host/directory/
. Inicialmente,
un directorio es creado en el servidor de archivos,
/skole/tjener/home0/
en el que todas las
cuentas de usuarios son creadas. Más directorios pueden ser creados cuando
sea necesario acomodar grupos de usuarios particulares o patrones
particulares de uso.
Para habilitar el acceso compartido de archivos según el sistema de permisos de UNIX, los usuarios necesitan ser parte de un grupo compartido adicional (como "students") así como al grupo inicial al que pertenecen de manera predeterminada.Si los usuarios tienen una umask apropiado para hacer artículos de nueva creación para compartir archivos en grupos accesibles (002 o 007), y si los directorios que están trabajando en son setgid para asegurar que los archivos hereden el grupo de la propiedad correcta, el resultado es controlada entre el miembros de un grupo.
The initial access settings for newly created files are a matter of
policy. The Debian default umask is 022 (which would not allow group-access
as described above), but Debian Edu uses a default of 002 - meaning that
files are created with read access for everybody, which can later be removed
by explicit user action. This can alternatively be changed (by editing
/etc/pam.d/common-session
) to a umask of
007 - meaning read access is initially blocked, necessitating user action to
make them accessible. The first approach encourages knowledge sharing, and
makes the system more transparent, whereas the second method decreases the
risk of unwanted spreading of sensitive information. The problem with the
first solution is that it is not apparent to the users that the material
they create will be accessible to all other users. They can only detect this
by inspecting other users' directories and seeing that their files are
readable. The problem with the second solution is that few people are likely
to make their files accessible, even if they do not contain sensitive
information and the content would be helpful to inquisitive users who want
to learn how others have solved particular problems (typically configuration
issues).
Hay diferentes formas de usar una solución Skolelinux. Puede instalarse en un sólo PC o en una amplia región con muchas escuelas operadas centralmente. Esta variedad de configuraciones hace una gran diferencia en la forma de configurar las cosas dependiendo de los elementos de red, servidores y puestos de cliente.
El propósito de los diferentes perfiles es explicado en el capítulo Arquitecturas de red.
If LTSP is intended to be used, take a look at the LTSP
Hardware Requirements wiki page.
Las computadoras ejecutando Debian Edu / Skolelinux deben tener procesadores, ya sea de 32 bits (Debian arquitectura 'i386', procesadores más antiguos son compatibles 686) o 64 bits (arquitectura Debian «amd64») procesadores x86.
Los clientes delgados pueden funcionar con 256 MB de RAM y 400 MHZ de procesador, aunque se recomienda más RAM y procesadores de mayor velocidad.
Para estaciones de trabajo, terminales tontas e instalaciones individuales, PC's con velocidad de 1500 MHz y 1024 Mb de RAM son los requerimientos mínimos, para ejecutar navegadores modernos y LibreOffice 2048 Mb de RAM son recomendados.
El requerimiento mínimo de espacio depende del perfil que sea instalado.
combinado servidor principal + servidor LTSP: 60 GiB (más espacio adicional para cuentas de usuario).
servidor LTSP: 40Gb
Estación de trabajo, o independiente: 30 Gb
Los servidores LTSP necesitan dos tarjetas de red cuando la arquitectura de red por defecto es usada.
eth0 conectada a la red principal (10.0.0.0/8),
eth1 is used for serving LTSP clients.
Las laptops son estaciones de trabajo móviles, por lo que tienen los mismos requerimientos de las estaciones de trabajo regulares.
Una lista de hardware probado esta en https://wiki.debian.org/DebianEdu/Hardware/ . Esta lista no está
completa
https://wiki.debian.org/InstallingDebianOn es un esfuerzo para documentar el proceso de instalación, configuración y uso de Debian en hardware específico. Por lo tanto los potenciales compradores sabrán si su hardware es soportado y los propietarios podrán saber como obtener el máximo de sus equipos.
Se aplican las siguientes reglas cuando se usa la arquitectura de red por defecto:
Necesita exactamente, un servidor principal, el tjener.
Puede tener hasta cientos de estaciones de trabajo en la red principal.
Puede tener muchos servidores LTSP en la red principal; dos subredes diferentes son preconfiguradas (DNS, DHCP) en LDAP, aunque pueden agregarse más.
Puede tener cientos de clientes ligeros y/o estaciones de trabajo sin disco en cada red de servidores LTSP.
Puede tener cientos de otras computadoras que tendrán direcciones IP asignadas de manera dinámica.
Para acceder a Internet necesita un enrutador/pasarela (ver más abajo).
Un enrutador/pasarela conectado a Internet en la interfaz externa y con la dirección IP 10.0.0.1 y máscara de red 255.0.0.0 en la interfaz interna, es necesario para conectarse a internet.
El enrutador no debería ejecutar un servidor DHCP, puede ejecutar un servidor DNS, aunque no es necesario y no será usado.
In case you already have a router but are unable to configure it as needed (eg because you are not allowed to do so, or for technical reasons), an older computer with two network interfaces can be turned into a gateway between the existing network and the Debian Edu one.
A simple way is to install Debian Edu on this computer; select 'Minimal' as profile during installation.
After installation, run
/usr/share/debian-edu-config/tools/configure-edu-gateway
--firewall <yes|no>
which will make the following
changes:
Adjust the /etc/network/interfaces file.
Change the hostname permanently to 'gateway'.
Remove superfluous scripts.
Enable IP forwarding and NAT for the 10.0.0.0/8 network.
Install a firewall (optional).
Si necesita algo para un enrutador empotrado, o un punto de acceso le recomendamos usar OpenWRT, así podrá usar también el firmware original. Utilizar el firmware original es más fácil, utilizar OpenWRT le proporciona más opciones y control. Revise la web de OpenwRT para una lista completa del hardware soportado.
Es posible usar una configuración diferente de red (existe un proceso documentado para hacer esto), pero si usted no tiene una infraestructura de red preexistente, le recomendamos abstenerse de hacerlo, y mantener la configuración predeterminada de la arquitectura de red.
We recommend that you read or at least take a look at the release notes for Debian Bullseye before you start installing a system for production use. There is more information about the Debian Bullseye release available in its installation manual.
Please give Debian Edu/Skolelinux a try, it should just work.
It is recommended, though, to read the chapters about hardware and network requirements and about the architecture before starting to install a main server.
Asegúrese de leer el capítulo Iniciando con
Debian Edu de este manual, ya que explica como iniciar sesión por
primera vez.
amd64
and
i386
are the names of two Debian
architectures for x86 CPUs, both are or have been build by AMD, Intel and
other manufacturers. amd64
is a 64-bit
architecture and i386
is a 32-bit
architecture. New installations today should be done using
amd64
.
i386
should only be used for old hardware.
The netinst iso image can be used for installation from CD/DVD and USB flash drives and is available for two Debian architectures: amd64 or i386. As the name implies, internet access is required for the installation.
Once Bullseye has been released these images will be available for download from:
Esta imagen ISO tiene un tamaño aproximado de 5 GB y puede utilizarse para la instalación de máquinas amd64 o i386, también sin acceso a Internet. Al igual que la imagen netinst puede ser instalada en memorias USB o discos de tamaño suficiente.
Once Bullseye has been released these images will be available for download from:
Detailed instructions for verifying these images are part of the Debian-CD FAQ.
Sources are available from the Debian archive at the usual locations, several media are linked on https://get.debian.org/cdimage/release/current/source/
When you do a Debian Edu installation, you have a few options to choose from. Don't be afraid; there aren't many. We have done a good job of hiding the complexity of Debian during the installation and beyond. However, Debian Edu is Debian, and if you want there are more than 57,000 packages to choose from and a billion configuration options. For the majority of our users, our defaults should be fine. Please note: if LTSP is intended to be used, choose a lightweight desktop environment.
Typical school or home network with Internet access through a router providing DHCP:
Installation of a main server is possible, but after reboot there will be no Internet access (due to primary network interface IP 10.0.2.2/8).
See the Internet router chapter for details how to set up a gateway if it is not possible to configure an existing one as needed.
Connect all components like shown in the architecture chapter.
The main server should have Internet connection once bootet the first time in the correct environment.
Typical school or institution network, similar to the one above, but with proxy use required.
Add 'debian-edu-expert' to the kernel command line; see further below for details how this is done.
Some additional questions must be answered, the proxy server related one included.
Network with router/gateway IP 10.0.0.1/8 (which does not provide a DHCP server) and Internet access:
As soon as the automatic network configuration fails (due to missing DHCP), choose manual network configuration.
Enter 10.0.2.2/8 as host IP
Enter 10.0.0.1 as gateway IP
Enter 8.8.8.8 as nameserver IP unless you know better
The main server should just work after the first boot.
Offline (no Internet connection):
Use the BD ISO image.
Make sure all (real/virtual) network cables are unplugged.
Choose 'Do not configure the network at this time' (after DHCP failed to configure the network and you pressed 'Continue').
Update the system once bootet the first time in the correct environment with Internet access.
Several desktop environments are available:
Xfce has a slightly bigger footprint than LXDE but a very good language support (106 languages).
KDE and GNOME both have good language support, but too big a footprint for both older computers and for LTSP clients.
Cinnamon is a lighter alternative to GNOME.
MATE is lighter than the three above, but is missing good language support for several countries.
LXDE has the smallest footprint and supports 35 languages.
LXQt is a lightweight desktop environment (language support similar to LXDE) with a more modern look and feel (based on Qt just like KDE).
Debian Edu as an international project has chosen to use Xfce as the default desktop environment; see below how to set a different one.
When installing a system with profile Workstation included, a lot of education related programs are installed. To install only the basic profile, remove the desktop=xxxx kernel command line param before starting the installation; see further below for details how this is done. This allows one to install a site specific system and could be used to speed up test installations.
Please note: If you want to install a desktop environment afterwards, don't use the Debian Edu meta-packages like e.g. education-desktop-mate because these would pull in all education related programs; rather install e.g. task-mate-desktop instead. One or more of the new school level related meta-packages education-preschool, education-primaryschool, education-secondaryschool, education-highschool could be installed to match the use case.
For details about Debian Edu meta-packages, see the Debian Edu packages overview page.
Menú de arranque del instalador en hardware de 64 bits
Instalador gráfico usa el instalador GTK donde puede usar el ratón.
Instalar realiza la instalación en modo texto.
Opciones avanzadas > brinda un submenú con opciones más detalladas que puede elegir
Ayuda brinda algunos consejos sobre como usar el instalador; vea la captura de pantalla a continuación.
Regresar.. lo lleva de nuevo al menú principal.
Instalación experta gráfica le da acceso a todas las opciones disponibles en modo gráfico.
Modo de rescate gráfico lo convierte en un disco de rescate para tareas de emergencia.
Instalación automática gráfica necesita un archivo preconfigurado.
Instalación experta le da acceso a todas las opciones disponibles en modo texto.
Modo de rescate lo convierte en un disco de rescate para tareas de emergencia.
Instalación automática en modo texto; necesita un archivo preconfigurado.
Help screen
Está pantalla de ayuda se explica por si sola y habilita las teclas <F> en el teclado para tener ayuda más detallada en los temas descritos.
Add or change boot parameters for installations
In both cases, boot options can be edited by pressing the TAB key in the boot menu; the screenshot shows the command line for Graphical install.
Puede utilizar un servicio proxy HTTP existente en la red para agilizar la
instalación del servidor principal desde CD. Agregue
mirror/http/proxy=http://10.0.2.2:3128/
como un parámetro adicional de carga.
Si ya tiene instalador el perfil de servidor principal en una computadora, futuras instalaciones se podrían hacer vía PXE, ya que utilizará automáticamente el proxy del servidor principal.
To install the GNOME desktop environment
instead of the default Xfce desktop
environment, replace xfce
with
gnome
in the
desktop=xfce
parameter.
To install the LXDE desktop environment
instead, use desktop=lxde
.
To install the LXQt desktop environment
instead, use desktop=lxqt
.
To install the KDE Plasma desktop
environment instead, use desktop=kde
.
To install the Cinnamon desktop
environment instead, use desktop=cinnamon
.
And to install the MATE desktop
environment instead, use desktop=mate
.
Recuerde los requerimientos del sistema y asegúrese que tenga al menos dos tarjetas de red (NIC) si planea configurar un servidor de clientes ligeros.
Elige el idioma (para la instalación y el sistema instalado).
Elige un lugar que normalmente sería el lugar donde vives.
Seleccione una disposición de teclado (la predeterminada para su país es la mejor opción).
Elige el(los) perfil(es) de la siguiente lista:
Main Server
Este es el servidor principal (tjener) para su escuela, el cual provee todos los servicios preconfigurados listos para trabajar. ¡Usted solo debe instalar un servidor principal por escuela! este perfil no incluye una interfaz gráfica para el usuario. Si usted desea una interfaz gráfica, debe seleccionar la opción de estación de trabajo, o servidor LTSP para agregarla.
Workstation
Una computadora que inicia desde su disco duro, y funciona con todos los programas y dispositivos localmente como una computadora común, pero el usuario será autenticado por el servidor principal, donde los archivos de los usuarios y las configuraciones para escritorio son guardados.
Roaming workstation
Same as workstation but capable of authentication using cached credentials, meaning it can be used outside the school network. The users' files and profiles are stored on the local disk. For single user notebooks and laptops this profile should be selected and not 'Workstation' or 'Standalone' as suggested in earlier releases.
Servidor LTSP
Un servidor para clientes ligeros (y estaciones sin disco), también suele ser llamado servidor LTSP. Clientes sin disco duro, inician y utilizan aplicaciones desde el servidor. Estas computadoras necesitan al menos, dos tarjetas de red, mucha memoria e idealmente más de un procesador o núcleo. Vea el capítulo relacionado a clientes de red para mayor información en este tema. Seleccionar este perfil también habilita el perfil de estación de traSbajo (aún si no es seleccionado), un servidor LTSP siempre puede ser utilizado como estación de trabajo.
Standalone
Una computadora común que puede funcionar sin un servidor (esto quiere decir, que no necesita estar en la red). Incluye laptops.
Minimal
Este perfil instalará los paquetes básicos y configurará la computadora para integrarse en la red Debian Edu, pero sin ningún servicio ni aplicaciones. Es útil como plataforma para servicios simples manualmente migrados desde el servidor principal.
Los perfiles Servidor principal, Estación de trabajo y Servidor LTSP son preseleccionados. Estos perfiles pueden ser instalados en una misma computadora si desea instalar el llamado servidor principal combinado. Esto significa que el servidor principal será un servidor LTSP y también será usado como una estación de trabajo. Esta es la opción prederterminada, ya que asumimos que la mayoría de la gente lo querrá. Tenga en cuenta que debe tener dos tarjetas de red instalado en la computadora que se va a usada como servidor principal combinado o como servidor de clientes ligeros para que pueda ser útil después de su instalación.
Seleccione "si" o "no" para particionamiento automático. Este consciente que al seleccionar sí, ¡se eliminarán todos los datos en el disco duro!, al seleccionar no, se requerirá más trabajo y necesitará que las particiones requeridas sean creadas y tengan suficiente espacio.
Por favor, seleccione "sí" para enviar información a https://popcon.debian.org/ para permitirnos saber que paquetes son
populares y deberían de mantenerse para futuras versiones. Usted no esta
obligado a hacerlo, pero es la manera más fácil de que colabore.
Espere. Si en los perfiles seleccionados se incluye Servidor LTSP, entonces el instalador tardará un poco mas al final "Finalizando la instalación - Ejecutando debian'edu'profile'udeb....."
Después de introducir la contraseña de root, se le solicitará crear una cuenta de usuario normal "para tareas no administrativas". Para Debian Edu esta cuenta de usuario es muy importante: es la cuenta que se usará para administrar la red Skolelinux.
La contraseña para este usuario debe
tener una longitud de al menos 5
caracteres y y debe ser
diferente del nombre de usuario username, de los contrario, el ingreso al sistema
no será posible (aunque el instalador acepte una contraseña menor).
Wait again in case of a combined main server after rebooting the system. It will spend quite some time generating the SquashFS image for diskless workstations.
In case of a separate LTSP server, the diskless workstation and/or thin client setup needs some manual steps. For details, see the Network clients HowTo chapter.
Most likely you will want to use the 'Roaming workstation' profile (see above). Be aware that all data is stored locally (so take some extra care over backups) and login credentials are cached (so after a password change, logins may require your old password if you have not connected your laptop to the network and logged in with the new password).
Después de instalar desde una imagen USB / Blu-ray,
/etc/apt/sources.list
contendrá fuentes de
esa imagen. Si tiene conexión a Internet, le sugerimos agregar las
siguientes lineas para que las actualizaciones de seguridad disponible se
puedan instalar:
deb http://deb.debian.org/debian/ bullseye main deb http://security.debian.org bullseye-security main
A netinst installation (which is the type of installation our CD provides) will fetch some packages from the CD and the rest from the net. The amount of packages fetched from the net varies from profile to profile but stays below a gigabyte (unless you choose to install all possible desktop environments). Once you have installed the main-server (whether a pure main-server or combi-server does not matter), further installation will use its proxy to avoid downloading the same package several times from the net.
Es posible copiar directamente las imágenes
.iso
de CD/DVD/BD a una unidad USB (también
conocido como "memoria USB") e iniciar desde ellos. Solamente ejecute un
comando como este, ponga el nombre del archivo y la ruta al dispositivo que
desee instalar.
sudo cat debian-edu-amd64-XXX.iso >
/dev/sdX
To determine the value of X, run this command before and after the USB device has been inserted:
lsblk -p
Please note that copying will take quite some time.
Dependiendo de la imágen seleccionada, la unidad USB se comportará como un CD o Blu-ray.
For this installation method it is required that you have a running main
server. When clients boot via the network, an iPXE menu with installer and
boot selection options is displayed. If PXE installation fails with an error
message claiming a XXX.bin file is missing, then most probably the client's
network card requires nonfree firmware. In this case the Debian Installer's
initrd must be modified. This can be achieved by executing the command:
/usr/share/debian-edu-config/tools/pxe-addfirmware
on the server.
This is how the iPXE menu looks with the Main-Server profile only:
This is how the iPXE menu looks with the LTSP Server profile:
To install a desktop environment of your choice instead of the default one, press TAB and edit the kernel boot options (like explained above).
Esta configuración permite iniciar a las estaciones sin disco y clientes ligeros a través de la red principal. A diferencia de las estaciones de trabajo y servidores LTSP las estaciones de trabajo sin disco no necesitan ser agregadas a LDAP con GOsa².
Más información acerca de los clientes de red puede ser encontrada en el capítulo clientes de red.
La instalación PXE utiliza un archivo de preconfiguración para debian-installer, que puede ser modificado y solicitar más paquetes para instalar.
Una línea como esta debe ser agregada
atjener:/etc/debian-edu/www/debian-edu-install.dat
d-i pkgsel/include string my-extra-package(s)
La instalación PXE usa el archivo
/srv/tftp/debian-edu/install.cfg
y el
archivo de preconfiguración
/etc/debian-edu/www/debian-edu-install.dat
.
Estos archivos pueden modificarse para ser ajustados a la configuración
usada durante la instalación y así evitar las preguntas cuando se realicen
instalaciones por red. Otra manera de lograr esto es agregar configuraciones
extras a los archivos
/etc/debian-edu/pxeinstall.conf
y
/etc/debian-edu/www/debian-edu-install.dat.local
y ejecutar /usr/sbin/debian-edu-pxeinstall
para actualizar los archivos generados.
Más información puede ser encontrada en el manual del instalador Debian.
Para desactivar o cambiar el uso del proxy cuando instale vía PXE, necesita
cambiar las lineas que contengan
mirror/http/proxy
,
mirror/ftp/proxy
y
preseed/early_command
en el archivo
tjener:/etc/debian-edu/www/debian-edu-install.dat
. Para desactivar el uso de proxy cuando instale, anteponga
el signo '#' al inicio de las primeras dos lineas y elimine
"export http_proxy="http://webcache:3128";
" de la última linea.
Some settings can not be preseeded because they are needed before the
preseeding file is downloaded. These are configured in the PXELINUX-based
boot arguments available from
/srv/tftp/debian-edu/install.cfg
.
Language, keyboard layout and desktop environment are examples of such
settings.
Crear CDs, DVDs o Blu-rays personalizados es bastante fácil, ya que se utilizamos el debian installer, el cual es de diseño modular, y posee otras características útiles.La Preconfiguración le permite definir las respuestas a las preguntas realizadas regularmente.
Así que todo lo que necesitas hacer es crear un archivo de preconfiguración con sus respuestas (esto se describe en el apéndice del manual del instalador de Debian) y remasterizar el CD/DVD
El modo de texto y modo gráfico de instalación son idénticos, sólo la apariencia es diferente. El modo gráfico le ofrece la oportunidad de utilizar un ratón y por supuesto, el modo gráfico se ve mucho mejor y más moderno. A menos que el hardware presente problemas con el modo gráfico, no hay razón para no usarlo.
So here is a screenshot tour through a graphical 64-bit Main Server + Workstation + LTSP Server installation and how it looks at the first boot of the main server and a PXE boot on the LTSP client network (thin client session screen - and login screen after the session on the right has been clicked).
During installation of the main server a first user account was created. In
the following text this account will be referenced as "first user". This
account is special, as the home directory permission is set to 700 (so
chmod o+x ~
is needed to make personal web
pages accessible), and the first user can use
sudo
to become root.
See the information about Debian Edu specific file system access configuration before adding users; adjust to your site's policy if needed.
Después de la instalación, las primeras cosas que necesita hacer como usuario son:
Entra en el servidor.
Agregar usuarios con GOsa²
Add workstations with GOsa².
Como agregar usuarios y estaciones de trabajo es descrito con más detalle a continuación. Por favor, lea este capítulo completamente. Abarca como realizar estos pasos mínimos correctamente, además de otras cosas que probablemente todos necesitan hacer.
There is additional information available elsewhere in this manual: the New features in Bullseye chapter should be read by everyone who is familiar with previous releases. And for those upgrading from a previous release, make sure to read the Upgrades chapter.
If generic DNS traffic is blocked out of your network and you need to use
some specific DNS server to look up internet hosts, you need to tell the DNS
server to use this server as its "forwarder". Update
/etc/bind/named.conf.options and specify the IP address of the DNS server to
use.
El capítulo HowTo describe más trucos, pistas y algunas preguntas de uso frecuente.
GOsa²es una herramienta de administración web, que le ayudará a administrar algunas de las partes importantes de su configuración de Debian Edu. Podrá administrar (agregar, modificar o eliminar) estos principales grupos:
Administración de usuarios
Administración de grupos
NIS Netgroup Administration
Administración de computadoras
Administración DNS
Administración DHCP
Para acceder a GOsa², necesita el servidor principal Skolelinux y una computadora con un navegador web, puede ser el mismo servidor principal si se instaló como un servidor combinado (servidor principal + servidor LTSP + estación de trabajo).
If you (probably accidentally) installed a pure main-server profile and don't have a client with a web-browser handy, it's easy to install a minimal desktop on the main server using this command sequence in a (non-graphical) shell as the user you created during the main server's installation (first user):
$ sudo apt update $ sudo apt install task-desktop-xfce lightdm education-menus ### after installation, run 'sudo service lightdm start' ### login as first user
Desde un navegador web, utilice https://www/gosa para acceder a GOsa² e ingrese por primera vez.
Si está utilizando una computadora nueva con Debian Edu Bullseye, el certificado de seguridad del sitio web será reconocido por el navegador.
Caso contrario, obtendrá un mensaje de error sobre certificado SSL equivocado. Si sabe que solamente usted se encuentra conectado a la red, acepte e ignórelo.
After logging in to GOsa² you will see the overview page of GOsa².
Next, you can choose a task in the menu or click any of the task icons on the overview page. For navigation, we recommend using the menu on the left side of the screen, as it will stay visible there on all administration pages offered by GOsa².
In Debian Edu, account, group, and system information is stored in an LDAP directory. This data is used not only by the main server, but also by the (diskless) workstations, the LTSP servers and other machines on the network. With LDAP, account information about students, teachers, etc. only needs to be entered once. After information has been provided in LDAP, the information will be available to all systems on the whole Skolelinux network.
GOsa² es una herramienta de administración que usa LDAP para almacenar su información y provee una estructura jerárquica por departamento. Para cada "departamento" puede agregar cuentas de usuario, grupos, sistemas, grupos de red y demás. En dependencia de la estructura de su institución, puede usar la estructura en GOsa²/LDAP para transferir su estructura organizacional al árbol de datos LDAP del servidor principal Debian Edu.
A default Debian Edu main server installation currently provides two "departments": Teachers and Students, plus the base level of the LDAP tree. Student accounts are intended to be added to the "Students" department, teachers to the "Teachers" department; systems (servers, workstations, printers etc.) are currently added to the base level. Find your own scheme for customising this structure. (You can find an example how to create users in year groups, with common home directories for each group in the HowTo/AdvancedAdministration chapter of this manual.)
En dependencia de la tarea que desee realizar (administrar usuarios, grupos, sistemas, etc) GOsa² le mostrará una vista diferente en el departamento seleccionado (o el nivel básico).
En primer lugar, haga clic en "Usuarios" en el menú de navegación de la izquierda. El lado derecho de la pantalla cambiará para mostrar una tabla con las carpetas de departamento para "Estudiantes" y "maestros" y la cuenta GOsa² Administrador (el primer usuario creado). Por encima de esta tabla se puede ver un campo llamado Base que le permite navegar a través de su estructura de árbol (mueva el ratón sobre esa zona y aparecerá un menú desplegable) y seleccione una carpeta de base para sus operaciones previstas (por ejemplo, la adición de un nuevo usuario).
Al lado de ese elemento de navegación de árbol se puede ver el menú "Acciones". Mueva su ratón sobre este ítem y un submenú aparecerá en la pantalla; seleccione "Crear", y luego "Usuario". Desde aquí será guíado por el asistente de creación de usuarios.
Lo más importante es el agregar un perfil (nuevoestudiante o nuevoprofesor) y el nombre completo del usuario (ver imágen)
As you follow the wizard, you will see that GOsa² generates a username automatically based on the real name. It automatically chooses a username that doesn't exist yet, so multiple users with the same full name are not a problem. Note that GOsa² can generate invalid usernames if the full name contains non-ASCII characters.
If you don't like the generated username you can select another username
offered in the drop-down box, but you do not have a free choice here in the
wizard. (If you want to be able to edit the proposed username, open
/etc/gosa/gosa.conf
with an editor and add
allowUIDProposalModification="true"
as an
additional option to the "location definition".)
When the wizard has finished, you are presented with the GOsa² screen for your new user object. Use the tabs at the top to check the completed fields.
After you have created the user (no need to customise fields the wizard has left empty for now), click on the "Ok" button in the bottom-right corner.
As the last step GOsa² will ask for a password for the new user. Type that
in twice and then click "Set password" in the bottom-right corner. Some characters may not be allowed as part of the password.
If all went well, you can now see the new user in the user list table. You should now be able to log in with that username on any Skolelinux machine within your network.
To modify or delete a user, use GOsa² to browse the list of users on your system. On the middle of the screen you may open the "Filter" box, a search tool provided by GOsa². If you don't know the exact location of your user account in your tree, change to the base level of the GOsa²/LDAP tree and search there with the option marked "Search in subtrees".
When using the "Filter" box, results will immediately appear in the middle of the text in the table list view. Every line represents a user account and the items farthest to the right on each line are little icons that provide actions for you: edit user, lock account, set password and remove user.
Una nueva página se mostrará donde podrá modificar la información pertinente al usuario directamente, cambiar su contraseña y modificar la lista de grupos a los que pertenece.
Los estudiantes pueden cambiar sus contraseñas ingresando a GOsa² son sus propios usuarios. Para facilitar el acceso a GOsa², un acceso directo llamado Gosa se encuentra en el menú escritorio (o en configuración del sistema). Una sesión de estudiante tendrá una versión mínima de GOsa² que solamente le brinda acceso a la hoja de información del usuario y a la opción de cambio de contraseña.
Los profesores que ingresan con sus propios nombres de usuarios, tienen privilegios especiales en GOsa². Ellos poseen una vista con más privilegios y pueden cambiar la contraseña de todas las cuentas de estudiantes. Esto puede ser muy practico durante clases.
Para establecer una nueva contraseña para el usuario
Busque el usuario que desea modificar, tal como se explicó anteriormente
Haga clic en la flecha al final del usuario
En la siguiente página, puede escribir la nueva contraseña
¡Tenga cuidado con las consecuencias a la seguridad, debido a la facilidad de las contraseñas!
Es posible crear usuarios masivamente con GOsa² usando un archivo CSV, que
puede ser creado con un software de hoja de cálculo
(localc
por ejemplo). Se deben proveer, al
menos, datos para los siguientes campos: uid, last name (sn), first name
(givenName) y password. Asegúrese de no duplicar datos en el campo uid. Note
que la revisión de duplicados debe incluir los registros ya existentes en
LDAP (que puede ser obtenido ejecutando getent passwd | grep
tjener/home | cut -d":" -f1
en la linea de comando).
These are the format guidelines for such a CSV file (GOsa² is quite intolerant about them):
Use "," como separador de campos
Do not use quotes
El archivo CSV no debe contener un encabezado (no debe tener el nombre de la columna)
El orden de los campos no es relevante, y puede ser definido en GOsa² durante la importación masiva
Los pasos para importe masivo son:
Haga clic en el enlace "LDAP Manager" en el menú de navegación a la izquierda
Haga clic en la pestaña "Importar" al lado derecho de la pantalla
Busque en su disco local el archivo CSV con la lista de usuarios que desea importar
Eliga una plantilla de usuarios disponible que se aplicará durante la importación masiva (como NewTeacher o NewStudent)
Haga clic en el botón "Importar" en la esquina inferior derecha
Es una buena idea el hacer pruebas antes, de preferencia con un archivo CSV con usuarios ficticios, que pueden ser eliminados después.
Same applies to the password management module, which allows to reset a lot of passwords using a CSV file or to re-generate new passwords for users belonging to a special LDAP subtree.
La gestión de grupos es muy similar a la gestión de usuarios.
Puede ingresar un nombre y una descripción por grupo. Asegúrese de elegir el nivel correcto en el árbol LDAP cuando cree un nuevo grupo.
Adding users to a newly created group takes you back to the user list, where you most probably would like to use the filter box to find users. Check the LDAP tree level, too.
Los grupos incluidos en el manejo de grupos, son también grupos regulares de Unix, así que pueden utilizarse también para los permisos de archivos.
Machine management basically allows you to manage all networked devices in your Debian Edu network. Every machine added to the LDAP directory using GOsa² has a hostname, an IP address, a MAC address and a domain name (which is usually "intern"). For a fuller description of the Debian Edu architecture see the architecture chapter of this manual.
Diskless workstations and thin clients work out-of-the-box in case of a combined main server.
Workstations with disks (including separate LTSP servers) have to be added with GOsa². Behind the scenes,
both a machine specific Kerberos Principal (sort of
account) and a related keytab file (containing a key
used as password) are generated; the keytab file needs
to be present on the workstation to be able to mount users' home
directories. Once the added system has been rebooted, log into it as root
and run
/usr/share/debian-edu-config/tools/copy-host-keytab
.
To create Principal and keytab file for a system already configured with GOsa², log in on the main server as root and run
/usr/share/debian-edu-config/tools/gosa-modify-host <hostname> <IP>
Please note: host keytab creation is possible for systems of type workstations, servers and terminals but not for those of type netdevices. See the Network clients HowTo chapter for NFS configuration options.
To add a machine, use the GOsa² main menu, systems, add. You can use an IP address/hostname from the preconfigured address space 10.0.0.0/8. Currently there are only two predefined fixed addresses: 10.0.2.2 (tjener) and 10.0.0.1 (gateway). The addresses from 10.0.16.20 to 10.0.31.254 (roughly 10.0.16.0/20 or 4000 hosts) are reserved for DHCP and are assigned dynamically.
To assign a host with the MAC address 52:54:00:12:34:10 a static IP address
in GOsa² you have to enter the MAC address, the hostname and the IP;
alternatively you might click the Propose
ip
button which will show the first free fixed address in
10.0.0.0/8, most probably something like 10.0.0.2 if you add the first
machine this way. It may be better to first think about your network: for
example you could use 10.0.0.x with x>10 and x<50 for servers, and
x>100 for workstations. Don't forget to activate the just added
system. With the exception of the main server all systems will then have a
matching icon.
If the machines have booted as thin clients/diskless workstations or have
been installed using any of the networked profiles, the
sitesummary2ldapdhcp
script can be used to
automatically add machines to GOsa². For simple machines it will work out of
the box, for machines with more than one mac address the actually used one
has to be chosen, sitesummary2ldapdhcp -h
shows usage information. Please note, that the IP addresses shown after
usage of sitesummary2ldapdhcp
belong to the
dynamic IP range. These systems can then be modified to suit your network:
rename each new system, activate DHCP and DNS, add it to netgroups (see
screenshot below for recommended netgroups), reboot the system
afterwards. The following screenshots show how this looks in practice:
root@tjener:~# sitesummary2ldapdhcp -a -i ether-22:11:33:44:55:ff info: Create GOsa machine for am-2211334455ff.intern [10.0.16.21] id ether-22:11:33:44:55:ff. Enter password if you want to activate these changes, and ^c to abort. Connecting to LDAP as cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no enter password: ******** root@tjener:~#
A cronjob updating DNS runs every hour; su -c
ldap2bind
can be used to trigger the update manually.
Buscar computadoras para ser eliminadas, es bastante similar a buscar usuarios para eliminar, por lo que esa información no se repite aquí.
After adding a machine to the LDAP tree using GOsa², you can modify its properties using the search functionality and clicking on the machine name (as you would with users).
The format of these system entries is similar to the one you already know from modifying user entries, but the fields mean different things in this context.
For example, adding a machine to a NetGroup
does not modify the file access or command execution permissions for that
machine or the users logged in to that machine; instead it restricts the
services that machine can use on your main-server.
La instalación por defecto proporciona la Grupo de
Red
all-hosts
cups-queue-autoflush-hosts
cups-queue-autoreenable-hosts
fs-autoresize-hosts
ltsp-server-hosts
netblock-hosts
printer-hosts
server-hosts
shutdown-at-night-hosts
shutdown-at-night-wakeup-hosts-blacklist
workstation-hosts
Currently the NetGroup
functionality is
used for:
Resizing partitions (fsautoresize-hosts)
Los equipos con Debian Edu en este grupo, automáticamente acondicionarán las particiones LVM que estén próximas a quedarse sin espacio disponible.
Shutdown machines at night (shutdown-at-night-hosts and shutdown-at-night-wakeup-hosts-blacklist)
Los equipos con Debian Edu en este grupo, se apagarán automáticamente por las noches para ahorrar energía.
Managing printers (cups-queue-autoflush-hosts and cups-queue-autoreenable-hosts)
Debian Edu machines in these groups will automatically flush all print queues every night, and re-enable any disabled print queue every hour.
Blocking Internet access (netblock-hosts)
Debian Edu machines in this group will be allowed to connect to machines only on the local network. Combined with web proxy restrictions this might be used during exams.
For centralized printer management point your web browser to https://www.intern:631. This is the normal CUPS management interface
where you can add/delete/modify your printers and can clean up the printing
queue. By default only the first user is allowed but this can be changed by
adding users to the GOsa² printer-admins
group.
The package p910nd is installed by default on a system with the Workstation profile.
Edit /etc/default/p910nd
like this (USB
printer):
P910ND_OPTS="-f /dev/usb/lp0"
P910ND_START=1
Configure the printer using the web interface
https://www.intern:631
; choose network
printer type AppSocket/HP JetDirect
(for
all printers regardless of brand or model) and set
socket://<workstation ip>:9100
as
connection URI.
The default configuration in Debian Edu is to keep the clocks on all machines synchronous but not necessarily correct. NTP is used to update the time. The clocks will be synchronised with an external source by default. This can cause machines to keep the external Internet connection open if it is created when used.
Si usa conexión dialip o ISDN y paga por minuto, es posible que desee
cambiar esta configuración predeterminada.
To disable synchronisation with an external clock, the file /etc/ntp.conf on
the main server needs to be modified. Add comment ("#") marks in front of
the server
entries. After this, the NTP
server needs to be restarted by running service ntp
restart
as root. To test if a machine is using the external
clock sources, run ntpq -c lpeer
.
Because of a possible bug with automatic partitioning, some partitions might
be too full after installation. To extend these partitions, run
debian-edu-fsautoresize -n
as root. See
the "Resizing Partitions" HowTo in the administration HowTo chapter for more
information.
This section explains how to use apt
full-upgrade
.
Using apt
is really simply. To update a
system you need to execute two commands on the command line as root:
apt update
(which updates the lists of
available packages) and apt full-upgrade
(which upgrades the packages for which an upgrade is available).
It is also a good idea to upgrade using the C locale to get English output which in cases of problems is more likely to produce results in search engines.
LC_ALL=C apt full-upgrade -y
After upgrading the
debian-edu-config
package, changed Cfengine configuration files might be available. Run
ls -ltr /etc/cfengine3/debian-edu/
to check
if this is the case. To apply the changes, run LC_ALL=C
cf-agent -D installation
.
It is important to run
debian-edu-ltsp-install
--diskless_workstation yes
after LTSP server upgrades to
keep the SquashFS image for diskless clients menu in sync.
After a point release upgrade of a system with Main
Server or LTSP Server profile,
debian-edu-pxeinstall
needs to be run to
update the PXE installation environment.
También es buena idea instalar cron-apt
y
apt-listchanges
y configurarlos para que le
envíe corre electrónico.
cron-apt
will notify you once a day via
email about any packages that can be upgraded. It does not install these
upgrades, but does download them (usually in the night), so you don't have
to wait for the download when you do apt
full-upgrade
.
Automatic installation of updates can be done easily if desired, it just
needs the unattended-upgrades
package to be
installed and configured as described on wiki.debian.org/UnattendedUpgrades.
apt-listchanges
can send new changelog
entries to you via email, or alternatively display them in the terminal when
running apt
.
Running cron-apt
as described above is a
good way to learn when security updates are available for installed
packages. Another way to stay informed about security updates is to
subscribe to the Debian
security-announce mailinglist, which has the benefit of also telling
you what the security update is about. The downside (compared to
cron-apt
) is that it also includes
information about updates for packages which aren't installed.
For backup management point your browser to https://www/slbackup-php. Please note that you need to access this site via SSL, since you have to enter the root password there. If you try to access this site without using SSL it will fail.
Note: the site will only work if you temporarily allow ssh root login on the
backup server (main server 'tjener' by default).
By default tjener will back up
/skole/tjener/home0
,
/etc/
,
/root/.svk
and LDAP to /skole/backup which
is under the LVM. If you only want to have spare copies of things (in case
you delete them) this setup should be fine for you.
Tome en cuenta que este esquema de respaldo no le protege de daños en el
disco duro.
If you want to back up your data to an external server, a tape device or another hard drive you'll have to modify the existing configuration a bit.
Si quieres restaurar un directorio, la mejor opción es usar la línea de comandos:
$ sudo rdiff-backup -r <date> \ /skole/backup/tjener/skole/tjener/home0/user \ /skole/tjener/home0/user_<date>
Esto pondrá el contenido de
/skole/tjener/home0/user
para
<date>
en el directorio
/skole/tjener/home0/user_<date>
.
Si desea restablecer un archivo, debería de ser capaz de seleccionar el archivo (y la versión) de la interfaz web y descargar solamente ese archivo.
Si desea deshacerse de los respaldos viejos, elija "Maintenance" en el menú de la página respaldo y seleccione la instantánea más vieja que desee conservar:
Los reportes de Munin están disponible en https://www/munin/. Le provee gráficos de medición en una vista diaría, semanal, mensual y anual. Además le provee ayuda al administrador de sistemas al momento de buscar cuellos de botella y el origen de problemas en el sistema.
La lista de computadoras monitoreadas por Munin es automáticamente generada,
basada en la lista de hosts reportados a sitesummary. Todos los hosts con el
paquete munin-node instalado son registrados para ser monitoreados por
Munin. Normalmente tomará un día desde que la computadora es instalada hasta
que Munin inicie a monitorear, debido a la orden de ejecución de las tareas
del cron. Para acelerar el proceso, ejecute
sitesummary-update-munin
como usuario root
en el servidor sitesummary (generalmente el servidor principal). Esto
actualizará el archivo
/etc/munin/munin.conf
.
El conjunto de mediciones es automáticamente generado en cada computadora
usando el programa munin-node-configure
,
que prueba los complementos disponibles en
/usr/share/munin/plugins/
y realiza los
enlaces simbólicos de los complementos relevantes a
/etc/munin/plugins/
.
Información sobre Munin está disponible en http://munin.monitoring.org/ .
Icinga system and service monitoring is available from https://www/icingaweb2/. The set of machines and services being
monitored is automatically generated using information collected by the
sitesummary system. The machines with the profile Main-server and
LTSP-server receive full monitoring, while workstations and thin clients
receive simple monitoring. To enable full monitoring on a workstation,
install the nagios-nrpe-server
package on
the workstation.
Por defecto Nagios no envia correos electrónicos. Esto se puede cambiar
reemplazando notify-by-nothing
por
host-notify-by-email
y
notify-by-email
en el archivo
/etc/icinga/sitesummary-template-contacts.cfg
El archivo de configuración de Icinga usado es
/etc/icinga/sitesummary.cfg
. El cron job de
sitesummary genera
/var/lib/sitesummary/icinga-generated.cfg
con la lista de equipos y servicios por monitorear.
Revisiones extras de Nagios pueden ser puestas en el archivo
/var/lib/sitesummary/icinga-generated.cfg.post
para que sean incluidas en el archivo generado.
Información sobre Icinga está disponible en https://www.icinga.com/ o en el paquete
icinga-doc
.
Aquí hay instrucciones sobre como manejar las advertencias más comunes de Icinga.
The partition (/usr/ in the example) is too full. There are in general two
ways to handle this: (1) remove some files or (2) increase the size of the
partition. If the partition is /var/, purging the APT cache by calling
apt clean
might remove some files. If
there is more room available in the LVM volume group, running the program
debian-edu-fsautoresize
to extend the
partitions might help. To run this program automatically every hour, the
host in question can be added to the
fsautoresize-hosts
netgroup.
New package are available for upgrades. The critical ones are normally security fixes. To upgrade, run 'apt upgrade && apt full-upgrade' as root in a terminal or log in via ssh to do the same.
If you do not want to manually upgrade packages and trust Debian to do a
good job with new versions, you can configure
unattended-upgrades
to automatically
upgrade all new packages every night. This will not upgrade the LTSP
chroots.
El kernel en ejecución es más viejo que el kernel más actual instalado, y un reinicio del equipo es necesario para ejecutar el kernel más nuevo instalado. Normalmente esto es urgente, ya que los nuevos kernels corrigen fallos de seguridad en Debian Edu.
The printer queues in CUPS have a lot of jobs pending. This is most likely
because of a unavailable printer. Disabled print queues are enabled every
hour on hosts that are member of the
cups-queue-autoreenable-hosts
netgroup, so
for such hosts no manual action should be required. The print queues are
emptied every night on hosts that are member of the
cups-queue-autoflush-hosts
netgroup. If a
host have a lot of jobs in their queue, consider adding this host to one or
both of these netgroups.
Sitesummary es usado para obtener información de cada computadora y enviarla
al servidor principal. La información obtenida se encuentra disponible en
/var/lib/sitesummary/entries/
. Scripts en
/usr/lib/sitesummary/
, están disponibles
para generar reportes.
Un reporte sencillo de sitesummary sin de talles se encuentra disponible en https://www/sitesummary/.
Documentación sobre sitesummary se encuentra disponible en https://wiki.debian.org/DebianEdu/HowTo/SiteSummary
Más información sobre personalizaciones de Debian Edu útil para administradores de sistema puede encontrarse en el capítulo Administración y en el capítulo Administración avanzada
Before reading this upgrade guide, please note that live updates to your
production servers are carried out at your own risk. Debian Edu/Skolelinux comes with ABSOLUTELY NO WARRANTY, to
the extent permitted by applicable law.
Please read this chapter and the New features in Bullseye chapter of this manual completely before attempting to upgrade.
Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately a bit more complicated as we modify configuration files in ways we shouldn't. However we have documented the needed steps below. (See Debian bug 311188 for more information how Debian Edu should modify configuration files.)
In general, upgrading the servers is more difficult than the workstations and the main-server is the most difficult to upgrade.
Si quiere asegurase de que después de la actualización todo va como antes, debería probarlo en un sistema de pruebas o en un sistema configurado igual que su servidor en producción. Ahí puede probar la actualización sin riesgo y ver si todo funciona como debiera.
Make sure to also read the information about the current Debian Stable release in its installation manual.
It may also be wise to wait a bit and keep running Oldstable for a few weeks longer, so that others can test the upgrade and document any problems they experience. The Oldstable release of Debian Edu will receive continued support for some time after the next Stable release, but when Debian ceases support for Oldstable, Debian Edu will necessarily do the same.
Be prepared: make sure you have tested the upgrade from Buster in a test
environment or have backups ready to be able to go back.
Please note that the following recipe applies to a default Debian Edu main server installation (desktop=xfce, profiles Main Server, Workstation, LTSP Server). (For a general overview concerning Buster to Bullseye upgrade, see: https://www.debian.org/releases/bullseye/releasenotes)
Don't use X, use a virtual console, log in as root.
If apt
finishes with an error, try to fix
it and/or run apt -f install
and then
apt -y full-upgrade
once again.
Start by making sure the current system is up-to-date:
apt update apt full-upgrade
Cleanup the package cache:
apt clean
Prepare and start the upgrade to Bullseye (new security entry):
sed -i 's/buster/bullseye/g' /etc/apt/sources.list sed -i 's#/debian-security bullseye/updates# bullseye-security#g' /etc/apt/sources.list export LC_ALL=C # optional (to get English output) apt update apt full-upgrade
apt-list-changes: be prepared for a lot of NEWS to read; press <return> to scroll down, <q> to leave the pager. All information will be mailed to root so that you can read it again (using mailx or mutt).
Read all debconf information carefully, choose 'keep the local version currently installed' unless stated differently below; in most cases hitting return will be fine.
restart services: Choose Yes.
openssh-server: Choose 'keep the local version currently installed'.
/etc/plymouth/plymouthd.conf: Choose Y.
Samba server and utilities: Choose 'keep the local version currently installed'.
Kerberos servers: Enter 'kerberos' and hit 'OK'.
/etc/default/slapd: Choose N.
/etc/cups/cups-files.conf: Choose N.
/etc/munin/munin.conf: Choose N.
Apply and adjust configuration:
cf-agent -v -D installation service squid restart
Setup and configure the Icinga2 web interface:
Run apt install icinga2-ido-mysql
, always
choose No if asked by debconf.
Run
/usr/share/debian-edu-config/tools/edu-icinga-setup
Get the new Debian Edu Homeworld artwork:
apt install debian-edu-artwork-homeworld apt purge debian-edu-artwork-buster # unless Buster artwork should be kept as an alternative
Adjust Xfce panel configuration:
rm -f /etc/xdg/xfce4/panel/default.xml.cfsaved mv /etc/xdg/xfce4/panel/default.xml.dpkg-new /etc/xdg/xfce4/panel/default.xml
Cope with new LTSP and related changes:
rm -f /etc/default/tftpd-hpa # to remove no longer needed modifications rm -rf /var/lib/tftpboot # to remove no longer used tftp base directory dpkg-reconfigure -p low tftpd-hpa # first prompt: keep ''tftp'' as system account, second: change TFTP root directory to ''/srv/tftp'' # third: keep address and port, last one: enter ''--secure'' as additional option service tftpd-hpa restart rm -rf /opt/ltsp # cleanup old LTSP base directory # The next steps will need quite some execution time. debian-edu-ltsp-install --arch amd64 --diskless_workstation no thin_type bare # if 64-Bit thin client support is wanted debian-edu-ltsp-install --arch i386 --diskless_workstation no thin_type bare # if 32-Bit thin client support is wanted debian-edu-ltsp-install --diskless_workstation yes # to create diskless workstation image from the server's file system debian-edu-pxeinstall # to add PXE installation files and related iPXE menu items
Cope with move to iPXE:
Create a file ipxe.ldif with the following content:
dn: cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no changetype: modify add: dhcpOption dhcpOption: space ipxe dhcpOption: ipxe-encap-opts code 175 = encapsulate ipxe dhcpOption: ipxe.menu code 39 = unsigned integer 8 dhcpOption: ipxe.no-pxedhcp code 176 = unsigned integer 8 dhcpOption: arch code 93 = unsigned integer 16
Then run ldapadd -ZD
'cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no' -W -f
ipxe.ldif
to apply the changes.
Modify some more DHCP settings in LDAP, e.g. using an editor like ldapvi. Make sure, DHCP related entries match those contained in the /etc/ldap/gosa-server.ldif file. Entries concerned are:
81 cn=intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no 83 cn=subnet00.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no 85 cn=subnet01.intern,cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no
Cope with GOsa changes - use new gosa.conf, fix LDAP access:
cp /etc/gosa/gosa.conf /etc/gosa/gosa.conf.buster # backup
cp /usr/share/debian-edu-config/gosa.conf.template /etc/gosa/gosa.conf # new gosa.conf file
Search for adminPassword and snapshotAdminPassword in /etc/gosa/gosa.conf and replace $GOSAPWD with the random password found in /etc/gosa/gosa.conf.orig for those entries.
rm /etc/gosa/gosa.secrets
Run gosa-encrypt-passwords
Run service apache2 restart
Cope with Kerberos encryption type changes:
sed -i 's/supported_enctypes/#supported_enctypes/' /etc/krb5kdc/kdc.conf
Run service krb5-kdc restart
Cope with Samba changes:
Add first user's Samba account: smbpasswd -a <first
username>
. Once users change their password, the related
Samba account will be created.
Check if the upgraded system works:
Reboot; log in as first user and test
if the GOsa² gui is working,
if one is able to connect LTSP clients and workstations,
if one can add/remove a netgroup membership of a system,
if one can send and receive internal email,
if one can manage printers,
and if other site specific things are working.
Do all the basic things like on the main-server and without doing the things not needed. If not yet done, configure the machine to use Kerberos for mounting home directories, see the getting started chapter for details.
To upgrade from any older release, you will need to upgrade to the Buster based Debian Edu release first, before you can follow the instructions provided above. Instructions are given in the Manual for Debian Edu Buster about how to upgrade to Buster from the previous release, Stretch. Likewise the Stretch manual describes how to upgrade from Jessie.
Guía para Administración general.
Guía para Administración avanzada.
Guía para el escritorio.
Guía para clientes en red.
Guía para Samba.
Guía para enseñar y aprender.
HowTos for users
Los capítulos Iniciando y Mantenimiento describen como empezar con Debian Edu y como realizar el trabajo de mantenimiento básico. Las guías en estos capítulos, tienen también trucos y recomendaciones más "avanzadas".
Using etckeeper
, all files in
/etc/
are tracked using Git as a version control system.
Esto hace posible ver cuando un archivo es agregado, modificado o eliminado,
también ver lo que se cambió si el archivo es un archivo de texto. El
repositorio de git es guardado en
/etc/.git/
.
Cualquier cambio, es registrado cada hora, permitiendo tener un histórico de la configuración para ser extraído y revisado.
To look at the history, the command etckeeper vcs
log
is used. To check the differences between two points
in time, a command like etckeeper vcs diff
can be used.
Revise la salida de man etckeeper
para más
información.
Lista de comandos útiles:
etckeeper vcs log etckeeper vcs status etckeeper vcs diff etckeeper vcs add . etckeeper vcs commit -a man etckeeper
En un sistema recién instalado pruebe esto para ver todos los cambios realizados desde que el sistema fue instalado:
etckeeper vcs log
Vea que archivos no están siendo seguidos, o los que no están actualizados:
etckeeper vcs status
To manually commit a file, because you don't want to wait up to an hour:
etckeeper vcs commit -a /etc/resolv.conf
In Debian Edu, all partitions other than the
/boot/
partition are on logical LVM
volumes. With Linux kernels since version 2.6.10, it is possible to extend
partitions while they are mounted. Shrinking partitions still needs to
happen while the partition is unmounted.
It is a good idea to avoid creating very large partitions (over, say,
20GiB), because of the time it takes to run
fsck
on them or to restore them from backup
if the need arises. It is better, if possible, to create several smaller
partitions than one very large one.
The helper script debian-edu-fsautoresize
is provided to make it easier to extend full partitions. When invoked, it
reads the configuration from
/usr/share/debian-edu-config/fsautoresizetab
,
/site/etc/fsautoresizetab
and
/etc/fsautoresizetab
. It then proposes to
extend partitions with too little free space, according to the rules
provided in these files. If run with no arguments, it will only show the
commands needed to extend the file system. The argument
-n
is needed to actually execute these
commands to extend the file systems.
The script is executed automatically every hour on every client listed in
the fsautoresize-hosts
netgroup.
When the partition used by the Squid proxy is resized, the value for cache
size in etc/squid/squid.conf
needs to be
updated as well. The helper script
/usr/share/debian-edu-config/tools/squid-update-cachedir
is provided to do this automatically, checking the current partition size of
/var/spool/squid/
and configuring Squid to
use 80% of this as its cache size.
Logical Volume Management (LVM) enables resizing the partitions while they are mounted and in use. You can learn more about LVM from the LVM HowTo.
To extend a logical volume manually you simply tell the
lvextend
command how large you want it to
grow to. For example, to extend home0 to 30GiB you use the following
commands:
lvextend -L30G /dev/vg_system/skole+tjener+home0 resize2fs /dev/vg_system/skole+tjener+home0
To extend home0 by additional 30GiB, you insert a '+' (-L+30G)
ldapvi es una herramienta para editar la base de datos LDAP con un editor de texto en la linea de comandos.
Lo siguiente necesita ser ejecutado:
ldapvi --ldap-conf -ZD '(cn=admin)'
Nota: ldapvi
usará el editor de texto
predeterminado. Ejecutar export EDITOR=vim
en el intérprete de comandos puede configurar el entorno para tener un clon
de vi como editor.
To add an LDAP object using ldapvi, use object sequence number with the
string add
in front of the new LDAP object.
Adevertencia:
ldapvi
es una herramienta
poderosa. Sea cuidadoso y no dañe la base de datos de LDAP, la misma
advertencia aplica para JXplorer.
Using Kerberos for NFS to mount home directories is a security feature. As of Bullseye, LTSP clients won't work without Kerberos. The levels krb5, krb5i and krb5p are supported (krb5 means Kerberos authentication, i stands for integrity check and p for privacy, i.e. encryption); the load on both server and workstation increases with the security level, krb5i is a good choice and has been chosen as default.
Servidor principal
login as root
run ldapvi -ZD '(cn=admin)'
, search for
sec=krb5i and replace it with
sec=krb5 or sec=krb5p.
edit /etc/exports.d/edu.exports
and adjust
these entries accordingly:
/srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) /srv/nfs4/home0 gss/krb5i(rw,sync,no_subtree_check)
ejecute exportfs -r
This tool allows to set the default printer depending on location, machine,
or group membership. For more information, see
/usr/share/doc/standardskriver/README.md
.
The configuration file
/etc/standardskriver.cfg
has to be provided
by the admin, see
/usr/share/doc/standardskriver/examples/standardskriver.cfg
as an example.
If you prefer a GUI to work with the LDAP database, check out the
jxplorer
package, which is installed by
default. To get write access connect like this:
host: ldap.intern port:636 Security level: ssl + user + password User dn: cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
ldap-createuser-krb
is a small command line
tool to create LDAP users and set their passwords in Kerberos. It's mostly
useful for testing, though.
Since the Squeeze release in 2011, Debian has included packages formerly maintained in volatile.debian.org in the stable-updates suite.
While you can use stable-updates directly, you don't have to: stable-updates are pushed into the stable suite regularly when stable point releases are done, which roughly happens every two months.
You are running Debian Edu because you prefer the stability of Debian Edu. It runs great; there is just one problem: sometimes software is a little bit more outdated than you like. This is where backports.debian.org steps in.
Backports are recompiled packages from Debian testing (mostly) and Debian unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever this is possible) on a stable Debian distribution like Debian Edu. We recommend you to pick out individual backports which fit your needs, and not to use all backports available there.
Usar backports es sencillo:
echo "deb http://deb.debian.org/debian/ bullseye-backports main" >> /etc/apt/sources.list apt-get update
After which one can install backported packages easily, the following command will install a backported version of tuxtype:
apt install -t bullseye-backports tuxtype
Backports are automatically updated (if available) just like other packages. Like the normal archive, backports has three sections: main, contrib and non-free.
If you want to upgrade from one version to another (for example from Bullseye 11.1 to 11.2) but you do not have Internet connectivity, only physical media, follow these steps:
Inserte el CD/DVD/Disco Blu-ray/Dispositivo USB en la unidad y use el comando apt-cdrom:
apt-cdrom add
Para citar el manual de referencia de apt-cdrom(8):
apt-cdrom se utiliza para añadir un disco óptico nuevo a la lista de fuentes disponibles de APT. apt-cdrom examina la estructura del disco, corrige los posibles errores de grabación y verifica los ficheros de índice.
Se requiere utilizar apt-cdrom para añadir los discos al sistema APT, no se puede hacer manualmente. Además, debe insertar y analizar cada disco de un conjunto de discos por separado, para poder detectar los posibles errores de grabación.
Luego ejecute estos dos comandos para actualizar el sistema:
apt update apt full-upgrade
killer
es un script hecho en perl que
elimina trabajos en segundo plano. Trabajos en segundo plano son definidos
como procesos que pertenecen a usuarios que no tienen una sesión activa en
la computadora. Se ejecuta cada hora por un cron.
unattended-upgrades
is a Debian package
which will install security (and other) upgrades automatically. If
installed, the package is preconfigured to install security upgrades. The
logs are available in
/var/log/unattended-upgrades/
; also, there
are always /var/log/dpkg.log
and
/var/log/apt/
.
It is possible to save energy and money by automatically turning client
machines off at night and back on in the morning. The package
shutdown-at-night
will try to turn off the
machine every hour on the hour from 16:00 in the afternoon, but will not
turn it off if it seems to have users. It will try to tell the BIOS to turn
on the machine around 07:00 in the morning, and the main-server will try to
turn on machines from 06:30 by sending wake-on-lan packets. These times can
be changed in the crontabs of individual machines.
Some considerations should be kept in mind when setting this up:
The clients should not be shut down when someone is using them. This is
ensured by checking the output from who
,
and as a special case, checking for the ssh connection command to work with
X2Go thin clients.
To avoid blowing electrical fuses, it is a good idea to make sure all clients do not start at the same time.
There are two different methods available to wake up clients. One uses a
BIOS feature and requires a working and correct hardware clock, as well as a
motherboard and BIOS version supported by
nvram-wakeup
; the other requires clients to
have support for wake-on-lan, and the server to know about all the clients
that need to be woken up.
On clients that should turn off at night, touch
/etc/shutdown-at-night/shutdown-at-night
,
or add the hostname (that is, the output from 'uname
-n
' on the client) to the netgroup
"shutdown-at-night-hosts". Adding hosts to the netgroup in LDAP can be done
using the GOsa²
web tool. The clients might
need to have wake-on-lan configured in the BIOS. It is also important that
the switches and routers used between the wake-on-lan server and the clients
will pass the WOL packets to the clients even if the clients are turned
off. Some switches fail to pass on packets to clients that are missing in
the ARP table on the switch, and this blocks the WOL packets.
To enable wake-on-lan on the server, add the clients to
/etc/shutdown-at-night/clients
, with one
line per client, IP address first, followed by MAC address (ethernet
address), separated by a space; or create a script
/etc/shutdown-at-night/clients-generator
to
generate the list of clients on the fly.
Aquí tiene un ejemplo de
/etc/shutdown-at-night/clients-generator
para usar con sitesummary:
#!/bin/sh PATH=/usr/sbin:$PATH export PATH sitesummary-nodes -w
An alternative if the netgroup is used to activate shutdown-at-night on
clients is this script using the netgroup tool from the
ng-utils
package:
#!/bin/sh PATH=/usr/sbin:$PATH export PATH netgroup -h shutdown-at-night-hosts
To access machines behind a firewall from the Internet, consider installing
the package autossh
. It can be used to set
up an SSH tunnel to a machine on the Internet that you have access to. From
that machine, you can access the server behind the firewall via the SSH
tunnel.
En la instalación predeterminada, todos los servicios están ejecutándose en el servidor principal, tjener. Para mover algunos servicios a otra computadora de manera sencilla, existe un perfil mínimo de instalación disponible. Instalar con este perfil le proporcionará una computadora, que es parte de la red de Debian Edu, pero que no cuenta con un servicio ejecutándose (todavía)
Estos son los pasos que se deben seguir para configurar un servicio dedicado en una computadora:
Instale el perfil mínimo usando la opción de carga debian-edu-expert.
Instale los paquetes del servicio.
Configure el servicio.
Deshabilite el servicio en el servidor principal.
Actualice el servicio DNS (via LDAP/GOsa²) en el servidor principal.
FIXME: The HowTos from https://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.)
In this chapter advanced administration tasks are described.
In this example we want to create users in year groups, with common home directories for each group (home0/2024, home0/2026, etc). We want to create the users by csv import.
(como root en servidor principal)
Make the necessary year group directories
mkdir /skole/tjener/home0/2024
(como primer usuario en Gosa
Departamento
Main menu: goto 'Directory structure', click the 'Students' department. The 'Base' field should show '/Students'. From the drop box 'Actions' choose 'Create'/'Department'. Fill in values for Name (2024) and Description fields (students graduating in 2024), leave the Base field as is (should be '/Students'). Save it clicking 'Ok'. Now the new department (2024) should show up below /Students. Click it.
Grupo
Choose 'Groups' from the main menu; 'Actions'/Create/Group. Enter group name (leave 'Base' as is, should be /Students/2024) and 'Ok' to save it.
Planitlla
Choose 'users' from the main menu. Change to 'Students' in the Base
field. An Entry NewStudent
should show up,
click it. This is the 'students' template, not a real user. As you'll have
to create such a template (to be able to use csv import for your structure)
based on this one, notice all entries showing up in the Generic and POSIX
tabs, maybe take screenshots to have information ready for the new template.
Now change to /Students/2024 in the Base field; choose Create/Template and start to fill in your desired values, first the Generic tab (add your new 2024 group under Group Membership, too), then add the POSIX account.
Importar usuarios
Elija su nueva plantilla cuando importe el archivo csv; probarlo con pocos usuarios es lo recomendable.
Con este script, el administrador puede crear directorios en cada directorio personal de usuario y establecer los permisos de acceso y propiedad.
In the example shown below with group=teachers and permissions=2770 a user can hand in an assignment by saving the file to the folder "assignments" where teachers are given write access to be able to make comments.
#!/bin/bash home_path="/skole/tjener/home0" shared_folder="assignments" permissions="2770" created_dir=0 for home in $(ls $home_path); do if [ ! -d "$home_path/$home/$shared_folder" ]; then mkdir $home_path/$home/$shared_folder chmod $permissions $home_path/$home/$shared_folder #set the right owner and group #"username" = "group name" = "folder name" user=$home group=teachers chown $user:$group $home_path/$home/$shared_folder ((created_dir+=1)) else echo -e "the folder $home_path/$home/$shared_folder already exists.\n" fi done echo "$created_dir folders have been created"
When users insert a USB drive or a DVD / CD-ROM into a (diskless) workstation, a popup window appears asking what to do with it, just like in any other normal installation.
When users insert a USB drive or a DVD / CD-ROM into an X2Go thin client, the media is automatically mounted and it is possible to access it browsing the related folder on the Xfce desktop.
Warning: When inserted into an LTSP server USB drives and other removable
media cause popup messages on remote LTSP clients.
If remote users acknowledge the popup or use pmount from the console, they can even mount the removable devices and access the files.
Take these steps to set up a dedicated storage server for user home directories and possibly other data.
Add a new system of type server
using GOsa²
as outlined in the Getting started
chapter of this manual.
This example uses 'nas-server.intern' as the server name. Once 'nas-server.intern' is configured, check if the NFS export points on the new storage server are exported to the relevant subnets or machines:
root@tjener:~# showmount -e nas-server Export list for nas-server: /storage 10.0.0.0/8 root@tjener:~#
Here everything on the backbone network is granted access to the /storage export. (This could be restricted to netgroup membership or single IP addresses to limit NFS access like it is done in the tjener:/etc/exports file.)
Add automount information about 'nas-server.intern' in LDAP to allow all clients to automatically mount the new export on request.
This can't be done using GOsa², because a module for automount is missing. Instead, use ldapvi and add the required LDAP objects using an editor.
ldapvi --ldap-conf -ZD '(cn=admin)' -b
ou=automount,dc=skole,dc=skolelinux,dc=no
When the editor shows up, add the following LDAP objects at the bottom of the document. (The "/&" part in the last LDAP object is a wild card matching everything 'nas-server.intern' exports, removing the need to list individual mount points in LDAP.)
add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no objectClass: automount cn: nas-server automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no objectClass: top objectClass: automountMap ou: auto.nas-server add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no objectClass: automount cn: / automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
Add the relevant entries in tjener.intern:/etc/fstab, because tjener.intern does not use automount to avoid mounting loops:
Create the mount point directories using
mkdir
, edit '/etc/fstab' as adequate and
run mount -a
to mount the new resources.
Now users should be able to access the files on 'nas-server.intern' directly by just visiting the '/tjener/nas-server/storage/' directory using any application on any workstation, LTSP thin client or LTSP server.
There are several ways to restrict ssh login, some are listed here.
If no LTSP clients are used a simple solution is to create a new group (say
sshusers
) and to add a line to the
machine's /etc/ssh/sshd_config file. Only members of the
sshusers
group will then be allowed to ssh
into the machine from everywhere.
Managing this case with GOsa is quite simple:
Create a group sshusers
on the base level
(where already other system management related groups like
gosa-admins
show up).
Add users to the new group sshusers
.
Add AllowGroups sshusers
to
/etc/ssh/sshd_config.
Execute service ssh restart
.
The default LTSP diskless client setup doesn't use ssh connections. Update the SquashFS image on the related LTSP server after the ssh setup has been changed is enough.
X2Go thin clients are using ssh connections to the related LTSP server. So a different approach using PAM is needed.
Enable pam_access.so in the LTSP server's /etc/pam.d/sshd file.
Configure /etc/security/access.conf to allow connections for (sample) users alice, jane, bob and john from everywhere and for all other users only from the internal networks by adding these lines:
+ : alice jane bob john : ALL + : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24 - : ALL : ALL #
If only dedicated LTSP servers are used, the 10.0.0.0/8 network could be dropped to disable internal ssh login access. Note: someone connecting his box to the dedicated LTSP client network(s) will gain ssh access to the LTSP server(s) as well.
If X2Go clients were attached to the backbone network 10.0.0.0/8, things would be even more complicated and maybe only a sophisticated DHCP setup (in LDAP) checking the vendor-class-identifier together with appropriate PAM configuration would allow to disable internal ssh login.
To support multiple languages these commands need to be run:
Run dpkg-reconfigure locales
(as root) and
choose the languages (UTF-8 variants).
Run these commands as root to install the related packages:
apt update /usr/share/debian-edu-config/tools/install-task-pkgs /usr/share/debian-edu-config/tools/improve-desktop-l10n
Users will then be able to choose the language via the LightDM display
manager before logging in; this applies to Xfce, LXDE and LXQt. GNOME and
KDE both come with their own internal region and language configuration
tools, use these. MATE uses the Arctica greeter on top of Lightdm whithout a
language chooser. Run apt purge
arctica-greeter
to get the stock Lightdm greeter.
libdvdcss is needed for playing most commercial DVDs. For legal reasons it's
not included in Debian (Edu). If you are legally allowed to use it, you can
build your own local packages using the
libdvd-pkg
Debian package; make sure
contrib
is enabled in
/etc/apt/sources.list
.
apt update apt install libdvd-pkg
Answer the debconf questions, then run dpkg-reconfigure
libdvd-pkg
.
Un término genérico para clientes ligeros y estaciones de trabajo sin disco es cliente LTSP.
Starting with Bullseye, LTSP is quite different from the previous
versions. This concerns both setup and maintenance.
As one main difference, the SquashFS image for diskless workstations is now generated from the LTSP server file system by default. This happens on a combined server at first boot, taking some time.
Thin clients are no longer part of LTSP. Debian Edu uses X2Go to still support thin client usage.
In case of a separate or an additional LTSP server, required information for setting up the LTSP client environment isn't complete at installation time. Setup can be done once the system has been added with GOsa².
For information about LTSP in general, see the LTSP homepage. On systems with LTSP
server profile, man ltsp
provides more information.
Please note that the ltsp tool from LTSP has to be used
carefully. For example, ltsp image /
would
fail to generate the SquashFS image in case of Debian machines (these have a
separate /boot partition by default), ltsp
ipxe
would fail to generate the iPXE menu correctly (due to
Debian Edu's thin client support), and ltsp
initrd
would mess up LTSP client boot completely.
The debian-edu-ltsp-install tool is a
wrapper script for ltsp image
,
ltsp initrd
and ltsp
ipxe
. It is used to setup and configure diskless
workstation and thin client support (both 64-Bit and 32-Bit PC). See
man debian-edu-ltsp-install
or the script
content to see how it works. All configuration is contained in the script
itself (HERE documents) to facilitate site specific adjustments.
Examples how to use the wrapper script debian-edu-ltsp-install:
debian-edu-ltsp-install --diskless_workstation
yes
updates the diskless workstation SquashFS image (server
filesystem).
debian-edu-ltsp-install --diskless_workstation yes
--thin_type bare
creates diskless workstation and 64-bit
thin client support.
debian-edu-ltsp-install --arch i386 --thin_type
bare
creates additional 32-bit thin client support (chroot
and SquashFS image).
Besides bare (smallest thin client system), also display and desktop are available options. The display type offers a shutdown button, the desktop type runs Firefox ESR in kiosk mode on the client itself (more local RAM and CPU power required, but server load reduced).
The debian-edu-ltsp-ipxe tool is a
wrapper script for ltsp ipxe
. It makes sure
that the /srv/tftp/ltsp/ltsp.ipxe file is Debian Edu specific. The command
needs to be run after iPXE menu related items (like menu timeout or default
boot settings) in the /etc/ltsp/ltsp.conf [server] section have been
modified.
The debian-edu-ltsp-initrd tool is a
wrapper script for ltsp initrd
. It makes
sure that a use case specific initrd (/srv/tftp/ltsp/ltsp.img) is generated
and then moved to the use case related directory. The command needs to be
run after the /etc/ltsp/ltsp.conf [clients] section has been modified.
The debian-edu-ltsp-chroot tool is a replacement for the ltsp-chroot tool shipped with LTSP5. It is used to execute commands in a specified LTSP chroot (like e.g. install, upgrade and remove packages).
Estaciones de trabajo sin disco
A diskless workstation runs all software locally. The client machines boot directly from the LTSP server without a local hard drive. Software is administered and maintained on the LTSP server, but runs on the diskless workstations. Home directories and system settings are stored on the server too. Diskless workstations are an excellent way of reusing older (but powerful) hardware with the same low maintenance costs as with thin clients.
Unlike workstations diskless workstations run without any need to add them with GOsa².
Cliente ligero
A thin client setup enables an ordinary PC to function as an (X-)terminal, where all software runs on the LTSP server. This means that this machine boots via PXE without using a local client hard drive and that the LTSP server needs to be a powerful machine.
Debian Edu still supports the use of thin clients to enable the use of very old hardware.
LTSP client firmware
LTSP client boot will fail if the client's network interface requires a non-free firmware. A PXE installation can be used for troubleshooting problems with netbooting a machine; if the Debian Installer complains about a missing XXX.bin file then non-free firmware has to be added to the LTSP server's initrd.
Proceed like this on the LTSP server:
First get information about firmware packages, run:
apt update && apt search ^firmware-
Decide which package has to be installed for the network interface(s), most probably this will be firmware-linux, run:
apt -y -q install firmware-linux
Update the SquashFS image for diskless workstations, run:
debian-edu-ltsp-install --diskless_workstation yes
In case X2Go thin clients are used, run:
/usr/share/debian-edu-config/tools/ltsp-addfirmware -h
and proceed according to the usage information.
Then update the SquashFS image; e.g. for the /srv/ltsp/x2go-bare-amd64 chroot, run:
ltsp image x2go-bare-amd64
Cada servidor LTSP tiene dos tarjetas de red: una configurada en la subred principal 10.0.0.0/8 (compartida con el servidor principal), y otra que forma una subredlocal 192.168.0.0/24 (una subred para cada servidor LTSP).
In both cases diskless workstation or thin client can be chosen from the iPXE menu. After waiting for 5 seconds, the machine will boot as diskless workstation.
The default iPXE boot menu item and it's default timeout can both be
configured in /etc/ltsp/ltsp.conf
. A
timeout value of -1 is used to hide the menu. Run
debian-edu-ltsp-ipxe
for the changes to
take effect.
192.168.0.0/24 is the default LTSP client network if a machine is installed
using the LTSP profile. If lots of LTSP clients are used or if different
LTSP servers should serve both i386 and amd64 chroot environments the second
preconfigured network 192.168.1.0/24 could be used as well. Edit the file
/etc/network/interfaces
and adjust the eth1
settings accordingly. Use ldapvi
or any
other LDAP editor to inspect DNS and DHCP configuration.
To create chroot and SquashFS image, run:
debian-edu-ltsp-install --arch i386 --thin_type bare
See man debian-edu-ltsp-install
for details
about thin client types.
Run man ltsp.conf
to have a look at
available configuration options. Or read it online: https://ltsp.org/man/ltsp.conf/
Add configuration items to the /etc/ltsp/ltsp.conf [clients] section. For the changes to take effect, run:
debian-edu-ltsp-initrd
LTSP thin clients use networked audio to pass audio from the server to the clients.
LTSP diskless workstations handle audio locally.
Attach the printer to the LTSP client machine (both USB and parallel port are supported).
Configure the LTSP client with GOsa² to use a fixed IP address.
Configure the printer using the web interface
https://www.intern:631
on the main server;
choose network printer type AppSocket/HP
JetDirect
(for all printers regardless of brand or model)
and set socket://<LTSP client
ip>:9100
as connection URI.
PXE stands for Preboot eXecution Environment. Debian Edu now uses the iPXE implementation for easier LTSP integration.
The iPXE menu item concerning system installations is generated using the
script debian-edu-pxeinstall
. It allows
some settings to be overridden using the file
/etc/debian-edu/pxeinstall.conf
with
replacement values.
The PXE installation will inherit the language, keyboard layout and mirror
settings from the settings used when installing the main-server, and the
other questions will be asked during installation (profile, popcon
participation, partitioning and root password). To avoid these questions,
the file
/etc/debian-edu/www/debian-edu-install.dat
can be modified to provide preselected answers to debconf values. Some
examples of available debconf values are already commented in
/etc/debian-edu/www/debian-edu-install.dat
.
Your changes will be lost as soon as
debian-edu-pxeinstall
is used to recreate
the PXE-installation environment. To append debconf values to
/etc/debian-edu/www/debian-edu-install.dat
during recreation with
debian-edu-pxeinstall
, add the file
/etc/debian-edu/www/debian-edu-install.dat.local
with your additional debconf values.
More information about modifying PXE installations can be found in the Installation chapter.
For adding a custom repository add something like this to
/etc/debian-edu/www/debian-edu-install.dat.local
:
#add the skole projects local repository d-i apt-setup/local1/repository string http://example.org/debian stable main contrib non-free d-i apt-setup/local1/comment string Example Software Repository d-i apt-setup/local1/source boolean true d-i apt-setup/local1/key string http://example.org/key.asc
y luego ejecute una vez
/usr/sbin/debian-edu-pxeinstall
The debian-edu-config package comes with a tool which helps in changing the
network from 10.0.0.0/8 to something else. Have a look at
/usr/share/debian-edu-config/tools/subnet-change
.
It is intended for use just after installation on the main server, to update
LDAP and other files that need to be edited to change the subnet.
Note that changing to one of the subnets already used elsewhere in Debian
Edu will not work. 192.168.0.0/24 and 192.168.1.0/24 are already set up as
LTSP client networks. Changing to these subnets will require manual editing
of configuration files to remove duplicate entries.
There is no easy way to change the DNS domain name. Changing it would require changes to both the LDAP structure and several files in the main server file system. There is also no easy way to change the host and DNS name of the main server (tjener.intern). To do so would also require changes to LDAP and files in the main-server and client file system. In both cases the Kerberos setup would have to be changed, too.
Choosing the LTSP server profile or the combined server profile also installs the xrdp and x2goserver packages.
Xrdp uses the Remote Desktop Protocol to present a graphical login to a remote client. Microsoft Windows users can connect to the LTSP server running xrdp without installing additional software - they simply start a Remote Desktop Connection on their Windows machine and connect.
Additionally, xrdp can connect to a VNC server or another RDP server.
Xrdp comes without sound support; to compile the required modules this script could be used.
#!/bin/bash # Script to compile / recompile xrdp PulseAudio modules. # The caller needs to be root or a member of the sudo group. # Also, /etc/apt/sources.list must contain a valid deb-src line. set -e if [[ $UID -ne 0 ]] ; then if ! groups | egrep -q sudo ; then echo "ERROR: You need to be root or a sudo group member." exit 1 fi fi if ! egrep -q ^deb-src /etc/apt/sources.list ; then echo "ERROR: Make sure /etc/apt/sources.list contains a deb-src line." exit 1 fi TMP=$(mktemp -d) PULSE_UPSTREAM_VERSION="$(dpkg-query -W -f='${source:Upstream-Version}' pulseaudio)" XRDP_UPSTREAM_VERSION="$(dpkg-query -W -f='${source:Upstream-Version}' xrdp)" sudo apt -q update # Get sources and build dependencies: sudo apt -q install dpkg-dev cd $TMP apt -q source pulseaudio xrdp sudo apt -q build-dep pulseaudio xrdp # For pulseaudio 'configure' is all what is needed: cd pulseaudio-$PULSE_UPSTREAM_VERSION/ ./configure # Adjust pulseaudio modules Makefile (needs absolute path) # and build the pulseaudio modules. cd $TMP/xrdp-$XRDP_UPSTREAM_VERSION/sesman/chansrv/pulse/ sed -i 's/^PULSE/#PULSE/' Makefile sed -i "/#PULSE_DIR/a \ PULSE_DIR = $TMP/pulseaudio-$PULSE_UPSTREAM_VERSION" Makefile make # Copy modules to Pulseaudio modules directory, adjust rights. sudo cp *.so /usr/lib/pulse-$PULSE_UPSTREAM_VERSION/modules/ sudo chmod 644 /usr/lib/pulse-$PULSE_UPSTREAM_VERSION/modules/module-xrdp* # Restart xrdp, now with sound enabled. sudo service xrdp restart
X2Go enables you to access a graphical desktop on the LTSP server over both low bandwidth and high bandwidth connections from a PC running Linux, Windows or macOS. Additional software is needed on the client side, see the X2Go wiki for more information.
Please note that the killer
package should
best be removed on the LTSP server if X2Go is used, see 890517.
freerdp-x11
is installed by default and is
capable of RDP and VNC.
RDP - the easiest way to access Windows terminal server. An alternative
client package is rdesktop
.
VNC client (Virtual Network Computer) gives access to Skolelinux remotely.
An alternative client package is
xvncviewer
.
x2goclient
is a graphical client for the
X2Go system (not installed by default). You can use it to connect to running
sessions and start new ones.
The freeRADIUS server could be used to provide secure
network connections. For this to work, install the
freeradius and winbind packages on
the main server and run
/usr/share/debian-edu-config/setup-freeradius-server
to generate a basic, site specific configuration. This way, both
EAP-TTLS/PAP and PEAP-MSCHAPV2 methods are enabled. All configuration is
contained in the script itself to facilitate site specific adjustments. See
the freeRADIUS homepage for
details.
Additional configuration is needed to
enable/disable access points via a shared secret (/etc/freeradius/3.0/clients.conf).
allow/deny wireless access using LDAP groups (/etc/freeradius/3.0/users).
combine access points into dedicated groups (/etc/freeradius/3.0/huntgroups)
End user devices need to be configured properly, these devices need to be
PIN protected for the use of EAP (802.1x) methods. And most important: users
need to be educated to install the freeradius CA certificate on their
devices to be sure to connect to the right server. This way the password
can't be catched in case of a malicious server. The site specific
certificate is available on the internal network.
https://www.intern/freeradius-ca.pem (for end user devices running Linux)
https://www.intern/freeradius-ca.crt (Linux, Android)
https://www.intern/freeradius-ca.der (macOS, iOS, iPadOS, Windows)
Please note that configuring end user devices will be a real challenge due to the variety of devices. For Windows devices an installer script could be created, for Apple devices a mobileconfig file. In both cases the freeRADIUS CA certificate can be integrated, but OS specific tools are needed to create the scripts.
Samba is now configured as standalone server with
modern SMB2/SMB3 support and usershares enabled, see
/etc/samba/smb-debian-edu.conf
on the main
server. This way non-admin users are enabled to provide shares.
As Samba has dropped the insecure SMB1 protocol, the option to setup Samba as NT4-style PDC is gone.
For site specific changes, copy /usr/share/debian-edu-config/smb.conf.edu-site to the /etc/samba directory. The settings in smb.conf.edu-site will override those contained in smb-debian-edu.conf.
Please note:
By default, home directories are read only. This can be changed in /etc/samba/smb.conf.edu-site.
Samba passwords are stored using smbpasswd
and are updated in case a password is changed using GOsa².
To temporarily disable a user's Samba account, run smbpasswd
-d <username>
, smbpasswd -e
<username>
will re-enable it.
Running chown root:teachers
/var/lib/samba/usershares
on the main server will disable
usershares for 'students'.
Connections to a user's home directory and to additional site specific shares (if configured) are possible for devices running Linux, Android, macOS, iOS, iPadOS, Chrome OS or Windows. Other devices like Android based ones require a file manager with SMB2/SMB3 support, also known as LAN access. X-plore or Total Commander with LAN plugin might be a good choice.
Use \\tjener\<username>
or
smb://tjener/<username>
to access the
home directory.
All Debian packages mentioned in this section can be installed by running
apt install <package>
(as root).
stable/education-development is a meta package depending on a lot of programming tools. Please note that almost 2 GiB of disk space is needed if this package is installed. For more details (maybe to install only a few packages), see the Debian Edu Development packages page.
Warning: make sure you know the status of
the laws about monitoring and restricting computer users' activities in your
jurisdiction.
Some schools use control tools like Epoptes or Veyon to supervise their students. See also: Epoptes Homepage and Veyon Homepage.
Some schools use Squidguard or e2guardian to restrict Internet access.
Casa usuario debería cambiar su contraseña usando GOsa². Para hacerlo, solo
use un navegador web y vaya a
https://www/gosa/
.
Using GOsa² to change the password ensures that passwords for Kerberos (krbPrincipalKey), LDAP (userPassword) and Samba (sambaNTPassword) are the same.
Changing passwords using PAM is working also at the GDM login prompt, but this will only update the Kerberos password, and not the Samba and GOsa² (LDAP) password. So after you changed your password at the login prompt, you really should also change it using GOsa².
Standalone Java applications are supported out of the box by the OpenJDK Java runtime.
All users can send and receive mails within the internal network;
certificates are provided to allow TLS secured connections. To allow mail
outside the internal network, the administrator needs to configure the
mailserver exim4
to suit the local
situation, starting with dpkg-reconfigure
exim4-config
.
Every user who wants to use Thunderbird needs to configure it as follows. For a user with username jdoe the internal email address is jdoe@postoffice.intern.
Start Thunderbird
Click 'Skip this and use my existing email'
Enter your email address
Don't enter your password as Kerberos single sign on will be used
Click 'Continue'
For both IMAP and SMTP the settings should be 'STARTTLS' and 'Kerberos/GSSAPI'; adjust if not detected automatically
Click 'Done'
Actualmente hay equipos locales en Noruega, Alemania, la región de Extremadura en España, Taiwán y Francia. Además, contribuidores y usuarios y usuarias sin colectivo existen en Grecia, Países Bajos, Japón y otros lugares.
El capítulo de soporte contiene explicaciones y enlaces a recursos localizados, ya que contruibuir y apoyar son dos lados de la misma moneda.
A nivel internacional estamos organizados en varios equipos que trabajan en distintas áreas.
Most of the time, the developer mailing list is our main medium for communication, though we have monthly IRC meetings on #debian-edu on irc.debian.org and even, less frequently, real gatherings, where we meet each other in person. New contributors should read our https://wiki.debian.org/DebianEdu/ArchivePolicy.
A good way to learn what is happening in the development of Debian Edu is to subscribe to the commit mailinglist.
Debian Edu uses the Debian Bug Tracking System (BTS). View existing bug reports and feature requests or create new ones. Please report all bugs against the package debian-edu-config. Take a look at How To Report Bugs for more information on bug reporting in Debian Edu.
¡Este documento necesita de su ayuda! No está finalizado todavía: si lo lee, notará varias lineas que dicen POR CORREGIR. Si usted saber lo que se necesita corregir, considere compartir su conocimiento con nosotros.
The source of the text is a wiki and can be edited with a simple webbrowser. Just go to https://wiki.debian.org/DebianEdu/Documentation/Bullseye/ and you can contribute easily. Note: a user account is needed to edit the pages; you need to create a wiki user first.
Another very good way to contribute and to help users is by translating software and documentation. Information on how to translate this document can be found in the translations chapter of this book. Please consider helping the translation effort of this book!
https://lists.debian.org/debian-edu - support mailing list
#debian-edu on irc.debian.org - IRC channel, mostly development related; do
not expect real time support even though it frequently happens
https://lists.debian.org/debian-edu-german - support mailing list
https://www.skolelinux.de - official German representation
#skolelinux.de en irc.debian.org - canal IRC para soporte en Alemán
http://lists.debian.org/debian-edu-french - support mailing list
Lists of companies providing professional support are available from https://wiki.debian.org/DebianEdu/Help/ProfessionalHelp.
New version of Debian Installer from Debian Bullseye, see its installation manual for more details.
New artwork based on the Homeworld theme, the default artwork for Debian 11 Bullseye.
The Debian Installer doesn't support LTSP chroot setup anymore. In case of a combined server installation ('Main server' + 'LTSP server' profiles), setting up thin client support (now using X2Go) happens at the end of the installation. Generating the SquashFS image for diskless client support (from the server's file system) is done at first boot.
For separate LTSP servers, both steps have to be done via a tool after first boot inside the internal network when enough information is available from the main server.
Todo lo nuevo en Debian 11 Bullseye, por ejemplo:
Linux kernel 5.10
Desktop environments KDE Plasma 5.20, GNOME 3.38, Xfce 4.16, LXDE 11, MATE 1.24
LibreOffice 7.0
Educational toolbox GCompris 1.0
Music creator Rosegarden 20.12
LTSP 21.01
Debian Bullseye includes more than 59000 packages available for installation.
More information about Debian 11 Bullseye is provided in the release notes and the installation manual.
During installation the profile choice page is available in 29 languages, of which 22 are fully translated.
The Debian Edu Bullseye Manual is fully translated to Dutch, French, German, Italian, Japanese, Norwegian Bokmål, Portuguese (Portugal) and Simplified Chinese.
Partly translated versions exist for Danish and Spanish.
Improved TLS/SSL support on the internal network. On clients, the root certificate for the Debian Edu-CA is located inside the certificate bundle for the whole system.
New LTSP, re-written from scratch, dropping thin client support. Thin clients are now supported using X2Go.
Netboot is provided using iPXE instead of PXELINUX to be compliant with LTSP.
The /srv/tftp directory is now used as netboot base instead of /var/lib/tftpboot.
After a point release upgrade of a system with Main
Server or LTSP Server profile,
debian-edu-pxeinstall
needs to be run to
update the PXE installation environment.
DuckDuckGo is used as default search provider for both Firefox ESR and Chromium.
Chromium uses the internal website instead of Google as default startpage.
On diskless workstations, the Kerberos TGT is available after login automatically.
New tool added to set up freeRADIUS with support for both EAP-TTLS/PAP and PEAP-MSCHAPV2 methods.
Samba is configured as 'standalone server' with support for SMB2/SMB3; domain joining is gone.
The GOsa² web interface doesn't show Samba related entries because Samba account data are no longer stored in LDAP.
Debian Installer's graphical mode is used for PXE installations (instead of text mode).
Central CUPS print server ipp.intern, users belonging to the printer-admins group are allowed to administrate CUPS.
Icinga administration via the web interface is restricted to the first user.
This document is written and copyrighted by Holger Levsen (2007-2021), Petter Reinholdtsen (2001, 2002, 2003, 2004, 2007, 2008, 2009, 2010, 2012, 2014), Daniel Heß (2007), Patrick Winnertz (2007), Knut Yrvin (2007), Ralf Gesellensetter (2007), Ronny Aasen (2007), Morten Werner Forsbring (2007), Bjarne Nielsen (2007, 2008), Nigel Barker (2007), José L. Redrejo Rodríguez (2007), John Bildoy (2007), Joakim Seeberg (2008), Jürgen Leibner (2009, 2010, 2011, 2012, 2014), Oded Naveh (2009), Philipp Hübner (2009, 2010), Andreas Mundt (2010), Olivier Vitrat (2010, 2012), Vagrant Cascadian (2010), Mike Gabriel (2011), Justin B Rye (2012), David Prévot (2012), Wolfgang Schweer (2012-2021), Bernhard Hammes (2012) and Joe Hansen (2015) and is released under the GPL2 or any later version. Enjoy!
If you add content to it, please only do so if you are the author. You need to release it under the same conditions! Then add your name here and release it under the "GPL v2 or any later version" licence.
The Debian Edu Bullseye Manual is fully translated to Dutch, French, German, Italian, Japanese, Norwegian Bokmål, Portuguese (Portugal) and Simplified Chinese.
Partly translated versions exist for Danish and Spanish.
On Weblate, work is in progress for translations to Polish, Romanian, Swedish and Traditional Chinese.
There is an online overview of shipped translations.
As in many free software projects, translations of this document are kept in
PO files. More information about the process can be found in
/usr/share/doc/debian-edu-doc/README.debian-edu-buster-manual-translations
.
Some language teams have decided to translate via Weblate. See https://hosted.weblate.org/projects/debian-edu-documentation/debian-edu-bullseye/ for more information.
Please report any problems.
Copyright (C) 2007-2018 Holger Levsen < holger@layer-acht.org > and others, see the Copyright chapter for the full list of copyright owners.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.
c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.
In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.
3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.
If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.
5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.
It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
Debian Edu Live CD/DVDs for Bullseye are not available at the moment.
XFCE desktop
All packages from the Standalone profile
Todos los paquetes de la tarea «laptop»
XFCE desktop
All packages from the Workstation profile
Todos los paquetes de la tarea «laptop»
To activate a specific translation, boot using
locale=ll_CC.UTF-8
as a boot option, where
ll_CC.UTF-8 is the locale name you want. To activate a given keyboard
layout, use the keyb=KB
option where KB is
the desired keyboard layout. Here is a list of commonly used locale codes:
Lenguaje (Región) |
Valores local |
Distribución del teclado |
Noruego (Bokmål) |
nb_NO.UTF-8 |
no |
Noruego (Nynorsk) |
nn_NO.UTF-8 |
no |
Alemán |
de_DE.UTF-8 |
de |
Francés (Francia) |
fr_FR.UTF-8 |
fr |
Griego (Grecia) |
el_GR.UTF-8 |
el |
Japonés |
ja_JP.UTF-8 |
jp |
Sami del Norte (Noruega) |
se_NO |
no(smi) |
La lista completa de los códigos locales esta disponible en
/usr/share/i18n/SUPPORTED
, pero únicamente
los locales con UTF-8 son soportados por la imagen «live». No todas las
traducciones locales tienen instalación. Las distribuciones de teclados
pueden ser encontradas en /usr/share/keymaps/amd64/.
This is the first time Debian Edu installation images are available at https://cdimage.debian.org, thus these are official Debian images.
New version of debian-installer from Debian Buster, see its installation manual for more details.
New artwork based on the futurePrototype theme, the default artwork for Debian 10 Buster.
New default desktop environment Xfce (replacing KDE).
New CFEngine configuration management (replacing unmaintained package cfengine2 with cfengine3); this is a major change, for details see the official CFEngine documentation.
The architecture of the LTSP chroot now defaults to the server one.
Everything which is new in Debian 10 Buster, eg:
Linux kernel 4.19
Desktop environments KDE Plasma Workspace 5.14, GNOME 3.30, Xfce 4.12, LXDE 0.99.2, MATE 1.20
Firefox 60.7 ESR and Chromium 73.0
LibreOffice 6.1
Educational toolbox GCompris 0.95
Music creator Rosegarden 18.12
GOsa 2.74
LTSP 5.18
Debian Buster includes more than 57000 packages available for installation.
More information about Debian 10 Buster is provided in the release notes and the installation manual.
Translation updates for the templates used in the installer. These templates are now available in 76 languages, of which 31 are fully translated. The profile choice page is available in 29 languages, of which 19 are fully translated.
The Debian Edu Buster Manual is fully translated to French, German, Italian, Danish, Dutch, Norwegian Bokmål and Japanese.
Partly translated versions exist for Polish, Spanish, Simplified Chinese and Traditional Chinese.
The BD ISO image can be used for offline installations again.
New school level related meta-packages education-preschool, education-primaryschool, education-secondaryschool and education-highschool are available. None of them is installed by default.
Some packages rather belonging to preschool or primaryschool level (like gcompris-qt, childsplay, tuxpaint or tuxmath) are no longer installed by default.
Site specific modular installation. It is now possible to install only those educational packages that are actually wanted. See the installation chapter for more information.
Site specific multi-language support. See the Desktop chapter for more information.
LXQt 0.14 is offered as a new choice for the desktop environment.
New GOsa²-Plugin Password Management.
Unusable options have been removed from the GOsa² web interface.
New netgroup available to exclude systems belonging to the shut-down-at-night-hosts netgroup from being woken up.
New tool Standardskriver (Default printer). See the Administration chapter for more information.
New tool Desktop-autoloader. It allows performance improvements for LTSP diskless clients. See the NetworkClients chapter for more information.
Improved TLS/SSL support inside the internal network. A RootCA certificate is used to sign server certificates and user home directories are configured to accept it at account creation time; besides Firefox ESR, also Chromium and Konqueror can now use HTTPS without the need to allow insecure connections.
Kerberized ssh. A password isn't needed anymore for
connections inside the internal network; root needs to run
kinit
first to enable it.
Kerberized NFS. It is now possible to use more secure home directory access, see the Administration chapter for more information.
Added configuration file
/etc/debian-edu/pxeinstall.conf
with
examples to make site specific changes easier.
Added configuration file
/etc/ltsp/ltsp-build-client.conf
with
examples to make site specific changes easier.
New tool
/usr/share/debian-edu-config/tools/edu-ldap-from-scratch
.
It allows to re-generate the LDAP database just like it has been right after
the main server installation. The tool might also be useful to make site
specific changes easier.
With X2Go server now available in Debian, the related packages are now installed on all systems with Profile LTSP-Server.
Support for running Java applets in the Firefox ESR browser has been dropped upstream.
Support for nonfree flash has been dropped from the Firefox ESR browser.
Like it has been before Stretch, Debian 10 doesn't install the
unattended-upgrades
package by default, see
the Maintenance
chapter for more information about security upgrades.
New version of debian-installer from Debian Stretch, see its installation manual for more details.
The "Thin-Client-Server" profile has been renamed to "LTSP-Server" profile.
New artwork based on the "soft Waves" theme, the default artwork for Debian 9 Stretch.
Everything which was new in Debian 9 Stretch, eg:
Linux kernel 4.9
Desktop environments KDE Plasma Workspace 5.8, GNOME 3.22, Xfce 4.12, LXDE 0.99.2, MATE 1.16
KDE Plasma Workspace is installed by default; to choose one of the others see this manual.
Firefox 45.9 ESR and Chromium 59
Iceweasel has been re-renamed to Firefox!
Icedove has been re-renamed to Thunderbird and is now installed by default.
LibreOffice 5.2.6
Educational toolbox GCompris 15.10
Music creator Rosegarden 16.06
GOsa 2.7.4
LTSP 5.5.9
Debian Stretch includes more than 50000 packages available for installation.
More information about Debian 9 Stretch is provided in the release notes and the installation manual.
Translation updates for the templates used in the installer. These templates are now available in 29 languages.
The Debian Edu Stretch Manual is fully translated to German, French, Italian, Danish, Dutch, Norwegian Bokmål and Japanese. The Japanese translation was newly added for Stretch.
Partly translated versions exist for Spanish, Polish and Simplified Chinese.
Icinga replaces Nagios as monitoring tool.
kde-spectacle replaces ksnapshot as screenshot tool.
The free flash player gnash is back again.
Plymouth is installed and activated by default, except for the 'Main Server' and 'Minimal' profiles; pressing ESC allows to view boot and shutdown messages.
Upon upgrade from Jessie the LDAP data base has to be adjusted. The sudoHost value 'tjener' has to be replaced with 'tjener.intern' using GOsa² or an LDAP editor.
The 32-bit PC support (known as the Debian architecture i386) now no longer covers a plain i586 processor. The new baseline is the i686, although some i586 processors (e.g. the "AMD Geode") will remain supported.
Debian 9 enables unattended upgrades (for security updates) by default for new installations. This might cause a delay of about 15 minutes if a system with a low uptime value is powered off.
LTSP now uses NBD instead of NFS for the root filesystem. After each single
change to an LTSP chroot, the related NBD image must be regenerated
(ltsp-update-image
) for the changes to take
effect.
Concurrent logins of the same user on LTSP server and LTSP thin client are no longer allowed.
The following Debian Edu releases were made further in the past:
Debian Edu 8+edu0 Codename Jessie publicado el 02-07-2016.
Debian Edu 7.1+edu0 Codename Wheezy publicado el 28-09-2013.
Debian Edu 6.0.7+r1 nombre código "Squeeze" publicado el 03-03-2013
Debian Edu 6.0.7+r1 nombre código "Squeeze" publicado el 03-03-2013
Debian Edu 6.0.7+r1 nombre código "Squeeze" publicado el 03-03-2013
Debian Edu 5.0.6+edu1 nombre código "Lenny", publicado el 05-10-2010
Debian Edu 5.0.4+edu0 "Lenny" publicado el 08-02-2010
Debian Edu "3.0 Terra" publicado el 12-05-2007
Debian Edu "3.0r0 Terra" publicado el 22-07-2007. Basado en Debian 4.0 Etch publicación en 2007-04-08
Debian Edu 2.0, released el 14-03-2006. Basado en Debian 3.1 Sarge publicado el 06-06-2005.
Debian Edu "1.0 Venus" publicado el 20-06-2004. Basado en Debian 3.0 Woody plublicado el 19-07-2002
A complete and detailed overview about older releases is contained in Appendix C of the Jessie manual; or see the related release manuals on the release manuals page.