Debian Edu / Skolelinux 6.0.7+r1 Squeeze 01/10/2013


Tabla de contenidos

1. Manual para Debian-Edu 6.0.7+r1 rc2 nombre código "Squeeze"
2. Acerca de DebianEdu y Skolelinux.
2.1. Un poco de historia, y el porqué de dos nombres
3. Arquitectura
3.1. Red
3.1.1. la configuración de red predeterminada
3.1.2. Servidor principal (tjener)
3.1.3. Servicios que corren en el servidor principal
3.1.4. Servidor(es) LTSP (Thin client server(s))
3.1.5. Clientes ligeros
3.1.6. Estaciones sin disco
3.1.7. Clientes en red.
3.2. Administración
3.2.1. Instalación
3.2.2. Configuración del acceso al sistema de archivos
4. Requisitos
4.1. Requisitos de hardware
4.2. Hardware conocido que funciona
5. Requirements for network setup
5.1. Configuración por defecto
5.2. Enrutador de Internet
6. Installation and download options
6.1. Donde encontrar información adicional
6.2. Download the installation media for Debian Edu 6.0.7+r1 Codename "Squeeze"
6.2.1. DVD for i386, amd64
6.2.2. CD for i386, amd64
6.2.3. Source DVD
6.3. Solicita un CD/DVD por correo
6.4. Instalando Debian Edu
6.4.1. Seleccione el tipo de instalación
6.4.2. The installation process
6.4.3. Notes on some characteristics
6.4.4. Installation using USB sticks instead of CD/DVDs
6.4.5. Instalación a través de la red (PXE) e inicio de estaciones sin disco.
6.4.6. CD/DVDs Personalizados
6.5. Captura de pantalla del paseo
7. Para empezar
7.1. Pasos mínimos para iniciar
7.1.1. Servicios que corren en el servidor principal
7.2. Introducción a GOsa²
7.2.1. GOsa² Login plus Overview
7.3. Gestión de usuarios con GOsa²
7.3.1. Agregar usuarios
7.3.2. Buscar, modificar y borrar usuarios
7.3.3. Establecer contraseñas
7.3.4. Administración avanzada de usuarios.
7.4. Group Management with GOsa²
7.4.1. Gestión de grupos en la linea de comando
7.5. Machine Management with GOsa²
7.5.1. Buscar y eliminar computadoras
7.5.2. Modificar equipos existentes / Manejo del grupo de red
8. Printer Management
9. Clock synchronisation
10. Redimensionando Particiones completas
11. Maintenance
11.1. Actualizar el software
11.1.1. Mantente informado sobre actualizaciones de seguridad
11.2. Gestión de las copias de seguridad
11.3. Monitorización del servidor
11.3.1. Munin
11.3.2. Nagios
11.3.3. Sitesummary
11.4. Más información sobre personalizaciones de Debian Edu
12. Actualizaciones
12.1. Notas generales sobre la actualización
13. Upgrades from Debian Edu Lenny
13.1. The basic upgrade operation
13.2. LDAP service needs to be reconfigured
13.3. Recreating an LTSP chroot
14. Upgrades from older Debian Edu / Skolelinux installations (before Lenny)
15. HowTo
16. Guías para administración general
16.1. Seguimiento de /etc usando el sistema de control de versiones git
16.1.1. Ejemplos de uso
16.2. Redimensionando Particiones
16.2.1. Gestión de volúmenes lógicos
16.3. Installing a graphical environment on the main-server to use GOsa²
16.4. Using ldapvi
16.5. jxplorer, una GUI para LDAP
16.6. ldap-createuser-krb, una herramienta para línea de comando
16.7. Using stable-updates (formerly known an volatile)
16.8. Using backports.debian.org to install newer software
16.9. Actualizar con un CD o DVD ROM
16.10. Java
16.10.1. running standalone Java applications
16.10.2. Running Java applications in the web browser
16.11. Creando directorios en el directorio home de los usuarios
16.12. Fácil acceso a dispositivos USB y CDROMs/DVDs
16.12.1. A warning about removable media on LTSP servers
16.13. Automatic cleanup of leftover processes
16.14. Instalación automática de actualizaciones de seguridad
16.15. Automatic shutdown of machines during the night
16.15.1. How to set up shutdown-at-night
16.16. Acceso a servidores Debian-Edu ubicados detrás de un firewall
16.17. Installing additional service machines for spreading the load from main-server
16.18. HowTos from wiki.debian.org
17. HowTos for the desktop
17.1. Modificar la pantalla de inicio de KDM
17.2. Usar KDE, Gnome y LXDE juntos
17.3. Flash
17.4. Reproducir DVDs
17.5. Uso del repositorio multimedia
17.6. Handwriting fonts
18. HowTos for networked clients
18.1. Introduction to thin clients and diskless workstations
18.1.1. Machine type selection based on the network
18.2. Configurar el menú PXE
18.2.1. Configurar la instalación de PXE
18.2.2. Adding a custom repository for PXE installations
18.2.3. Cambiar el menú PXE en un servidor LTSP
18.2.4. Separate main- and LTSP servers
18.3. Changing network settings
18.4. LTSP en detalle
18.4.1. Configuración del cliente LTSP en LDAP (y en lts.conf)
18.4.2. Force all thin clients to use LXDE as default desktop environment
18.4.3. Load-balancing LTSP servers
18.4.4. Sonido con clientes LTSP
18.4.5. Actualización del entorno LTSP
18.4.6. Slow login and security
18.5. Reemplazar LDM con KDM
18.6. Connecting Windows machines to the network / Windows integration
18.6.1. Joining the domain
18.6.2. XP home
18.6.3. Managing roaming profiles
18.6.4. Redirecting profile directories
18.6.5. Avoiding roaming profiles
18.7. Remote Desktop
18.7.1. Remote Desktop Service
18.7.2. Available Remote Desktop clients
18.8. HowTos from wiki.debian.org
19. Samba in Debian Edu
19.1. Getting Started
19.1.1. Accessing files via Samba
19.2. Domain Membership
19.2.1. Windows hostname
19.2.2. Joining the SKOLELINUX Domain with Windows XP
19.2.3. Uniéndose al dominio SKOLELINUX con Windows Vista/7
19.3. First Domain Logon
20. HowTos for teaching and learning
20.1. Moodle
20.2. Teaching Prolog
20.3. Monitoring pupils
20.4. Restricting pupils' network access
20.5. Smart-Board integration
20.5.1. Providing the repository on tjener
20.5.2. Add the needed packages to the PXE installation image
20.5.3. Adding the SmartBoard software manually after installation
20.6. HowTos from wiki.debian.org
21. HowTos for users
21.1. Changing passwords
21.2. Using email
21.3. Volume control
22. Contribuir
22.1. Let us know you exist
22.2. Contribute locally
22.3. Contribute globally
22.4. Documentation writers and translators
23. Soporte
23.1. Soporte basado en voluntarios
23.1.1. in English
23.1.2. in Norwegian
23.1.3. in German
23.1.4. in French
23.1.5. in Spanish
23.2. Soporte profesional
24. Nuevas características en Debin Edu Squeeze
24.1. Changes for Debian Edu 6.0.7+r1 Codename "Squeeze" released 2013-03-03
24.2. Nuevas características en Debian Edu 6.0.4+r0 nombre código "Squeeze" publicado el 11-03-2012
24.2.1. User visible changes
24.2.2. Installation changes
24.2.3. Software updates
24.2.4. Infrastructural changes
24.2.5. Actualizaciones en documentación y traducciones
24.2.6. Regressions
24.2.7. New administration tool: GOsa²
24.2.8. More software changes
24.2.9. Other LDAP related changes
24.2.10. Other changes
25. Copyright y authores
26. Copyright de la traducción y Autores
27. Traducciones de este documento
27.1. HowTo translate this document
28. Appendix A - The GNU General Public License
28.1. Manual para Debian-Edu 6.0.7+r1 rc2 nombre código "Squeeze"
28.2. LICENCIA PUBLICA GENERAL GNU
28.3. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
29. Apéndice B - Aún no hay CD/DVDs vivo de Debian Edu Squeeze
29.1. Features of the Standalone image
29.2. Activando el soporte regional y traducciones
29.3. Cosas para saber
29.4. Problemas conocidos con la imágen
29.5. Descarga
30. Apéndice C - Características de publicaciones anteriores
30.1. Nuevas características en Debian Edu 6.0.0 alpha1 nombre código "Squeeze" publicación ??-01-2010
30.2. Nuevas características en Debian Edu 5.0.4+edu0 "Lenny" publicado el 2010-02-08
30.3. Nuevas características en Debian 5.0.4, sistema en el cual esta basado Debian Edu 5.0.4+edu0
30.4. New features in the "3.0r1 Terra" release 2007-12-05
30.5. New features in the "3.0r0 Terra" release 2007-07-22
30.6. Características de la versión 2.0 publicada el 14-03-2006
30.7. Características de la versión "1.0 venus" publicado el 20-06-2004
30.8. More information on even older releases

1. Manual para Debian-Edu 6.0.7+r1 rc2 nombre código "Squeeze"

Inicio de sesión Debian Edu

Este es el manual de Debian-Edu Squeeze 6.0.7+r1

La versión http://wiki.debian.org/DebianEdu/Documentation/Squeeze es un wiki actualizado frecuentemente.

Traduccionesson parte del paquete debian-edu-doc que puede ser instalado en un servidor web, y que esta disponible en línea.

2. Acerca de DebianEdu y Skolelinux.

Debian Edu a.k.a Skolelinux es una distribución basada en Debian, proporcionando un ambiente "fuera de la caja", completamente configurado para una red escolar.

Immediatly after installation a school server running all services needed for a school network is set up (see the next chapter details of the architecture of this setup), just waiting for users and machines being added via GOsa², a comfortable Web-UI, or any other LDAP editor. A netbooting environment is prepared using PXE, so after initial installation of the main server from CD, DVD or usbstick all other machines can be installed via the network, this includes "roaming workstations" (ones that can be taken away from the school network, usually laptops or netbooks) as well as PXE booting for diskless machines like tradional thin-clients.

Several educational applications like celestia, drgeo, gcompris, geogebra, kalzium, kgeography and solfege are included in the default desktop setup, which can be extended easily and almost endlessly via the Debian universe.

2.1. Un poco de historia, y el porqué de dos nombres

Skolelinux es una distribución de Linux, hecha por el proyecto Debian Edu. Siendo una distribución Mezclada de Debian es un sub-proyecto oficial de Debian

Lo que esto significa, es que Skolelinux es una versión de Debian que proporciona un ambiente "out of the box" de una red escolar completamente configurada.

The Skolelinux project in Norway was founded on Juli 2nd 2001 and about the same time Raphael Herzog started Debian-Edu in France. Since 2003 both projects are united, but both names stayed. "Skole" and (Debian-)"Education" are just two well understood terms in these regions.

En Noruega, donde Skolelinux se inició, el grupo principal de alcance son las escuelas con grupos de estudiantes desde los 6 a 16 años. Actualmente, el sistema es utilizado en muchos países alrededor del mundo, con un número mayor en Noruega, España, Alemania y Francia.

3. Arquitectura

Esta sección del documento describe la arquitectura de red y los servicios proporcionados por una instalación Skolelinux.

3.1. Red

La Topología de red de Debian Edu

La figura es un esquema propuesto de la topología de red. La configuración predeterminada de Skolelinux asume que hay un (y sólo uno) servidor principal, y permite incluir tanto servidores de clientes ligeros (asociados con clientes ligeros) como puestos normales. El número de puestos puede ser tan grande o pequeña como se quiera (desde ninguno a muchísimos). Lo mismo para los servidores de clientes ligeros, cada uno de los cuales está en una red separada, de forma que el tráfico entre los clientes ligeros y su servidor no afecta al resto de los servicios de red.

La razón por la que sólo puede haber un servidor principal en cada red es que el servidor principal proporciona DHCP, y sólo puede haber una máquina haciendo eso en cada red. Es posible trasladar servicios del servidor principal a otras máquinas configurando el servicio en otra máquina, y posteriormente, actualizando la configuración de DNS para que apunte al alias DNS de ese servicio a la máquina correcta.

Para simplificar la configuración estándar de Skolelinux, la conexión a Internet va sobre un router separado. Se puede configurar Debian con un módem o una conexión RDSI, sin embargo no se ha intentando hacer tal configuración para Skolelinux por defecto.(las modificaciones necesarias para ajustar la configuración por defecto a esta situación deberían documentarse por separado).

3.1.1. la configuración de red predeterminada

El DHCP en el servidor «Tjener» sirve la red 10.0.0.0/8 vía PXE Boot, en la que recibirá un menú de syslinux done podrá seleccionar si instalar un servidor nuevo / estación de trabajo, iniciar un cliente delgado, estación sin disco, prueba de memoria o iniciar desde disco local.

Esto está diseñado para ser modificado - es decir, usted puede tener la raíz en NFS en el punto syslinux a uno de los servidores LTSP o cambiar al próximo servidor en el DHCP para que los clientes puedan arrancar por medio de PXE desde el servidor de terminal.

El servicio DHCP en el servidor ltsp únicamente sirve un ámbito 192.168.0.0/24 en la segunda interfaz de red y no necesita ser cambiado.

3.1.2. Servidor principal (tjener)

Una red Skolelinux necesita un servidor principal (también llamado "tjener" que significa "servidor" en Noruego) que por defecto tenga la dirección IP 10.0.2.2 y sea instalado seleccionando el perfil servidor principal. Es posible (pero no requerido) seleccionar e instalar también los perfiles de servidor de cliente ligero y estación de trabajo al perfil de servidor principal.

3.1.3. Servicios que corren en el servidor principal

Con la excepción del control de los clientes ligeros, todos los servicios se configuran inicialmente en un ordenador central (el servidor principal). Debido a razones de rendimiento, el servidor de clientes ligeros debe ser una máquina separada (aunque se pueden instalar juntos en la misma máquina los perfiles de servidor principal y servidor de clientes ligeros). Todos los servicios tienen un nombre de DNS y se ofrecen únicamente sobre IPv4. Los nombres de DNS para los servicios hacen fácil el traslado a máquinas individuales de cada uno de ellos. Tan sólo hay que parar el servicio en el servidor principal, y cambiar la configuración de DNS para apuntar a la nueva ubicación del servicio (que, evidentemente, debe configurarse antes en esa máquina).

Para garantizar la seguridad, siempre q ue se transmitan contraseñas por la red, se hace en canal encriptado. Por tanto, no se envía ninguna contraseña en texto plano.

Abajo se encuentra una lista de los servicios que se tienen por defecto en una red Skolelinux, con el nombre de DNS en cada servicio, Si es posible, todos los archivos de configuración harán referencia al servicio por su nombre (sin el nombre del dominio), haciendo más fácil para las escuelas el cambio de dominio (si se tiene un dominio DNS) o la dirección IP que utilizan.

Tabla de servicios

Descripción de servicios

nombre común

Nombre de servicio DNS

Registros centralizados

rsyslog

syslog

Sistema de Nombre de Dominio

DNS (BIND)

dominio

Configuración automática de equipos

DHCP

bootps

Sincronización de reloj

NTP

ntp

Directorios raíz vía sistema de archivos de red

SMB / NFS

directorios personales

Oficina de Correo Electrónico

IMAP/POP (Dovecot)

postoffice

Servicio de Directorio

OpenLDAP

ldap

Administración de usuarios

GOsa²

---

Servidor Web

Apache/PHP

www

Respaldo Central

sl-backup, slbackup-php

backup

Caché Web

Proxy (Squid)

webcache

Impresión

CUPS

ipp

Inicio de sesión remoto seguro

OpenSSH

ssh

Configuración Automática

Cfengine

cfengine

Servidor(es) de clientes ligeros

LTSP

ltsp

Monitoreo de servicios y equipos, reportes de fallas, histórico vía web. Reportes de fallos vía correo.

munin, nagios y resúmen del sitio

munin, nagios y resúmen del sitio

Cada usuario almacena sus archivos personales en su directorio home que está disponible en el servidor. Los directorios Home están accesibles desde todas las máquinas, dando a los usuarios acceso independientemente del puesto que estén usando. El servidor opera sin importar el sistema operativo. Ofrece tanto NFS para clientes UNIX, como SMB para Windows y clientes Macintosh.

By default email is set up for local delivery (i.e. within the school) only, though email delivery to the wider Internet may be set up if the school has a permanent Internet connection. Mailing lists are set up based on the user database, giving each class their own mailing list. Clients are set up to deliver mail to the server (using 'smarthost'), and users can access their personal mail through either POP3 or IMAP.

All services are accessible using the same username and password, thanks to the central user database for authentication and authorisation.

Para incrementar el rendimiento al acceder frecuentente a los mismos sitios de internet hay un proxy que cachea localmente los archivos (Squid). Junto al bloqueo de tráfico web en el router este también permite el control de acceso a Internet individualmente para cada puesto.

Network configuration on the clients is done automatically using DHCP. Normal clients are allocated IP addresses in the private subnet 10.0.0.0/8, while thin clients are connected to the corresponding thin-client-server via the separate subnet 192.168.0.0/24 (this is to ensure that the network traffic of the thin clients doesn't interfere with the rest of the network services).

Centralised logging is set up so that all machines send their syslog messages to the server. The syslog service is set up so that it only accepts incoming messages from the local network.

Por defecto, el servidor de DNS está configurado con un dominio para uso interno (*.intern), contra un servidor de DNS real ("externo") que puede configurarse. El servidor de DNS actua como un caché de DNS, de forma que todos los puestos de la red pueden usarlo como su servidor de DNS principal.

Pupils and teachers have the ability to publish websites. The web server provides mechanisms for authenticating users, and for limiting access to individual pages and subdirectories to certain users and groups. Users will have the ability to create dynamic web pages, as the web server will be programmable on the server side.

Information on users and machines can be changed in one central location, and is made accessible to all computers on the network automatically. To achieve this a centralised directory server is set up. The directory will have information on users, user groups, machines, and groups of machines. To avoid user confusion there won't be any difference between file groups, mailing lists, and network groups. This implies that groups of machines which are to form network groups will use the same namespace as user groups and mailing lists.

Administration of services and users will mainly be via the web, and follow established standards, functioning well in the web browsers which are part of Skolelinux. The delegation of certain tasks to individual users or user groups will be made possible by the administration systems.

In order to avoid certain problems with NFS, and to make it simpler to debug problems, the different machines need synchronised clocks. To achieve this the Skolelinux server is set up as a local Network Time Protocol (NTP) server, and all workstations and clients are set up to synchronise with the server. The server itself should synchronise its clock via NTP against machines on the Internet, thus ensuring the whole network has the correct time.

Printers are connected where convenient, either directly onto the main network, or connected to a server, workstation or thin-client-server. Access to printers can be controlled for individual users according to the groups they belong to; this will be achieved by using quota and access control for printers.

3.1.4. Servidor(es) LTSP (Thin client server(s))

Una red Skolinux puede tener muchos servidores LTSP (tambin llamado servidor de clientes ligeros), que pueden ser instalados seleccionadoel perfil servidor LTSP

EL servidor de cliente ligero está configurado para recibir los registros de los clientes ligeros y reenviarlos al servidor central.

3.1.5. Clientes ligeros

A thin client setup enables ordinary PCs to function as (X-)terminals. This means that the machine boots from a diskette or directly from the server using network-PROM (or PXE) without using the local client hard drive. The thin client setup used is that of the Linux Terminal Server Project (LTSP).

Thin clients are a good way to make use of older, weaker machines as they effectively run all programs on the LTSP server. This works as follows: the service uses DHCP and TFTP to connect to the network and boot from the network. Next, the file system is mounted via NFS from the LTSP server, and finally the X Window System is started. The display manager (LDM) connects to the LTSP server via SSH with X-forwarding. This way all data is encrypted on the network. For very old thin clients which are too slow for the encryption this can be set to the behavior from former versions, which is to use a direct X connection via XDMCP.

3.1.6. Estaciones sin disco

Las estaciones sin disco, también reciben los nombres de "clientes delgados", "clientes livianos", "estaciones tontas". Para efectos de claridad de este manual utilizaremos el término "clientes delgados".

A diskless workstation runs all software on the PC without a locally installed operating system. This means that client machines boot directly from the server's hard drive without running software installed on a local hard drive.

Diskless workstations are an excellent way of reusing newer hardware with the same low maintenance cost as with thin clients. Software is administered and maintained on the server with no need for local installed software on the clients. Home directories and system settings are stored on the server too.

Las estaciones sin disco, fueron presntadas como parte del proyecto LTSP (Linux Terminal Server Project) versión 5.0

3.1.7. Clientes en red.

The term "networked clients" is used in this manual to refer to both thin clients and diskless workstations, as well as computers running Mac OS or Windows.

3.2. Administración

All the Linux machines that are installed by means of a Skolelinux CD or DVD will be administrable from a central computer, most likely the server. It will be possible to log in to all machines via SSH, and thereby have full access to the machines.

We use cfengine to edit configuration files. These files are updated from the server to the clients. In order to change the client configuration, it suffices to edit the server configuration and let the automation distribute the changes.

All user information is kept in an LDAP directory. Updates of user accounts are made against this database, which is used by the clients for user authentication.

3.2.1. Instalación

Currently there are two types of installation media: netinst CD and multi-arch DVD. Both types can also be booted from USB sticks.

The aim is to be able to install a server from a CD/DVD type medium once, and install all other clients over the network by booting from the network.

La instalación desde DVD funciona sin acceso a Internet.

The installation should not ask any questions, with the exception of desired language (e.g. Norwegian Bokmal, Nynorsk, Sami) and machine profile (server, workstation, thin client server). All other configuration will be set up automatically with reasonable values, to be changed from a central location by the system administrator subsequent to the installation.

3.2.2. Configuración del acceso al sistema de archivos

Each Skolelinux user account is assigned a section of the file system on the file server. This section (home directory) contains the user's configuration files, documents, email and web pages. Some of the files should be set to have read access for other users on the system, some should be readable by everyone on the Internet, and some should not be accessible for reading by anyone but the user.

To ensure that all disks that are used for user directories or shared directories can be uniquely named across all the computers in the installation, they can be mounted as /skole/host/directory/. Initially, one directory is created on the file server, /skole/tjener/home0/, in which all the user accounts are created. More directories may then be created when needed to accommodate particular user groups or particular patterns of usage.

To enable shared access to files under the normal UNIX permissions system, users need to be in supplementary shared groups (such as "students") as well as the personal primary group that they're in by default. If users have an appropriate umask to make newly created items group-accessible (002 or 007), and if the directories they're working in are setgid to ensure the files inherit the correct group-ownership, the result is controlled file sharing between the members of a group.

The initial access settings for newly created files are a matter of policy. The Debian default umask is 022 (which would not allow group-access as described above), but Debian Edu uses a default of 002 - meaning that files are created with read access for everybody, which can later be removed by explicit user action. This can alternatively be changed (by editing /etc/pam.d/common-session) to a umask of 007 - meaning read access is initially blocked, necessitating user action to make them accessible. The first approach encourages knowledge sharing, and makes the system more transparent, whereas the second method decreases the risk of unwanted spreading of sensitive information. The problem with the first solution is that it is not apparent to the users that the material they create will be accessible to all other users. They can only detect this by inspecting other users' directories and seeing that their files are readable. The problem with the second solution is that few people are likely to make their files accessible, even if they do not contain sensitive information and the content would be helpful to inquisitive users who want to learn how others have solved particular problems (typically configuration issues).

4. Requisitos

There are different ways of setting up a Skolelinux solution. It can be installed on just one standalone PC, or as a region-wide solution at many schools operated centrally. This flexibility makes a huge difference to the configuration of network components, servers and client machines.

4.1. Requisitos de hardware

The purpose of the different profiles is explained in the network architecture chapter.

  • Las computadoras corriendo Debian Edu / Skolelinux deben tener procesadores i386, amd64 o powerpc.

  • Los servidores para clientes ligeros necesitan dos tarjetas de red cuando la arquitectura de red por defecto es usada.

    • eth0 conectada a la red principal (10.0.0.0/8),

    • eth1 es usada para servir la red de clientes livianos (192.168.0.0/24)

  • Considere al menos 2Gb de memoria RAM para 30 clientes, y 4GB para 50-60 clientes.

  • Disk space requirements depend on profiles used, but any disk larger than 15 GiB will be sufficient for a workstation or standalone installation, 20 Gib for a thin-client server and at least 30 GiB on the main server. As usual with disk space on a main-server, it's "the bigger the better".

  • Los clientes ligeros pueden funcionar con 64 MB de RAM y 133 MHZ de procesador, aunque se recomiendo 128 MB de RAM y procesadores de mayor velocidad.

    • Para ejecutar Iceweasel/Firefox y OpenOffice.org, recomendamos 128 MiB de RAM.como mínimo.

  • For workstations, diskless workstations and standalone PCs, 800 MHz, 256 MiB RAM are minimum requirements, though 512 or 1024 MiB RAM will perform considerably better. Just a faster CPU will speed things up.

    • Swapping over the network is automatically enabled; the swap size is 32 MiB, and if you need more you can tune this by editing /etc/ltsp/nbdswapd.conf on tjener to set the SIZE variable. Please tune up the swap size either locally on the PC or on the server.

      • If your diskless workstations have hard drives, it is recommended to use them for swap as it is a lot faster than network swapping.

    • En estaciones de trabajo con poca memoria RAM, el corrector ortográfico de OpenOffice.org puede causar que se cuelgue, ya que el espacio para paginación es pequeño. Por lo que el Administrador tendría que deshabilitar el corrector ortográfico, o el estudiante terminar el proceso de OpenOffice.org, dando como resultado, pérdida de la información. Habilitarlo al tener al menos 512 Mb de memoria de paginación con una estación de trabajo con 256 Mn de memoria RAM podría solventar esto, y el corrector ortográfico funcionaría correctamente.

  • Para laptops, se necesitan los mismos requerimientos de las estaciones de trabajo, ya las laptops son estaciones de trabajo móvil.

4.2. Hardware conocido que funciona

A list of tested hardware is provided at http://wiki.debian.org/DebianEdu/Hardware/ . This list is not nearly complete :)

http://wiki.debian.org/InstallingDebianOn is an effort to document how to install, configure and use Debian on some specific hardware, allowing potential buyers to know if that hardware is supported and existing owners to know how get the best out of that hardware.

An excellent database of hardware supported by Debian is online at http://kmuto.jp/debian/hcl/.

5. Requirements for network setup

5.1. Configuración por defecto

Se aplican las siguientes reglas cuando se usa la arquitectura de red por defecto:

  • necesitas exactamente, un servidor principal, el tjener

  • puedes tener hasta 50 estaciones de trabajo (sin disco) en la red principal.

  • You can have up to 20 LTSP servers on the main network.

  • You can have hundreds of thin clients and/or diskless workstations on each LTSP server network.

  • puedes tener cientos de otras computadoras que tendrán direcciones ip asignadas de manera dinámica.

  • For access to the Internet you need a router/gateway (see below).

5.2. Enrutador de Internet

A router/gateway, connected to the Internet on the external interface and running on the IP address 10.0.0.1 with netmask 255.0.0.0 on the internal interface, is needed to connect to the Internet.

El enrutador no debería ejecutar un servidor DHCP, puede ejecutar un servidor DNS, aunque no es necesario y no será usado.

If you are looking for a router firewall solution capable of running on an old PC, we recommend IPCop or floppyfw.

If you need something for an embedded router or accesspoint we recommend using OpenWRT, though of course you can also use the original firmware. Using the original firmware is easier; using OpenWRT gives you more choices and control. Check the OpenWRT webpages for a list of supported hardware.

It is possible to use a different network setup (there is a documented procedure to do this), but if you are not forced to do this by an existing network infrastructure, we recommend against doing so and recommend you stay with the default network architecture.

6. Installation and download options

6.1. Donde encontrar información adicional

We recommend that you read or at least take a look at the release notes for Debian Squeeze before you start installing a system for production use. Please give Debian Edu/Skolelinux a try, it should just work. :-)

/!\ Be sure to read the getting started chapter of this manual, though, as it explains how to log in for the first time.

Even more information about the Debian Squeeze release is available in its installation manual.

6.2. Download the installation media for Debian Edu 6.0.7+r1 Codename "Squeeze"

6.2.1. DVD for i386, amd64

The multi-architecture DVD ISO image is 4.4 GiB large and can be used for installation of amd64 and i386 machines. It can be downloaded over FTP, HTTP or rsync via:

6.2.2. CD for i386, amd64

El CD de instalación por red, que puede ser utilizado para arquitecturas i386 y amd64, estan disponibles vía:

6.2.3. Source DVD

The sources are available via

6.3. Solicita un CD/DVD por correo

For those without a fast Internet connection, we can offer a CD or DVD sent for the cost of the CD or DVD and shipping. Just send an email to cd@skolelinux.no and we will discuss the payment details (for shipping and media) :) Remember to include the address you want the CD or DVD to be sent to in the email.

6.4. Instalando Debian Edu

When you do a Debian Edu installation, you have a few options to choose from. Don't be afraid; there aren't many. We have done a good job of hiding the complexity of Debian during the installation and beyond. However, Debian Edu is Debian, and if you want there are more than 15,000 packages to choose from and a billion configuration options. For the majority of our users, our defaults should be fine.

6.4.1. Seleccione el tipo de instalación

Installer boot menu

Install is the default text mode installation on i386 and amd64.

64 bit install does an amd64 text-mode install.

Graphical install uses the GTK installer where you can use the mouse.

64 bit graphical install uses the amd64 GTK installer where you can use the mouse.

Advanced options > gives a sub menu with more detailed options to choose

Help gives some hints on using the installer

Installer advanced options screen 1

Back.. brings back to the main menu.

Expert install gives access to all available questions in text mode.

Rescue mode makes this install medium become a rescue disk for emergency tasks.

Automated install needs a preseed file.

64 bit expert install gives access to all available questions in text mode on amd64.

64 bit rescue mode makes this install medium become a rescue disk for emergency tasks on amd64.

64 bit automated install needs a preseed file.

Installer advanced options screen 2

Graphical expert install gives access to all available questions in graphical mode.

Graphical rescue mode makes this install medium become a rescue disk for emergency tasks with a graphical GTK look.

Graphical automated install needs a preseed file.

64 bit graphical expert install gives access to all available questions in graphical mode on amd64.

64 bit graphical rescue mode makes this install medium become a rescue disk for emergency tasks on amd64 with a graphical GTK look.

64 bit graphical automated install needs a preseed file.

Ventanas de ayuda de la instalación.

This Help screen is self explaining and enables the <F>-keys on the keyboard for getting more detailed help on the topics described.

6.4.1.1. Parámetros adicionales para instalaciones

On i386/amd64, boot options can be edited by pressing the TAB key in the boot menu.

  • The multi-architecture DVD defaults to using amd64-installgui on 64-bit x86 machines, and installgui on 32-bit x86 machines.

  • If you want to boot the amd64 text mode with the multi-architecture DVD, that would be amd64-install.

  • Aunque también, puede seleccionar expertografico-amd64 para utilizar el método gráfico para amd64.

  • If you want to boot the i386 mode with the multi-arch DVD on an amd64 machine you need to manually select install (text mode) or expertgui (graphical mode).

  • You can use an existing HTTP proxy service on the network to speed up the installation of the main server profile from CD. Add mirror/http/proxy=http://10.0.2.2:3128/ as an additional boot parameter.

  • If you have already installed the main server profile on a machine, further installations should be done via PXE, as this will automatically use the proxy of the main server.

  • To install the GNOME desktop instead of the KDE desktop, add desktop=gnome to the kernel boot parameters. This option is only available when installing from CD, not when installing from DVD.

  • To install the LXDE desktop instead, add desktop=lxde to the kernel boot parameters. This option is only available when installing from CD, not when installing from DVD.

6.4.2. The installation process

Remember the system requirements and make sure you have at least two network cards (NICs) if you plan on setting up a thin client server.

  • Elige el idioma (para la instalación y el sistema instalado)

  • Elige un lugar que normalmente sería el lugar donde vives.

  • Choose a keyboard keymap (the country's default is usually fine)

  • Elige el(los) perfil(es) de la siguiente lista:

    • Main-Server

      • This is the main server (tjener) for your school providing all services pre-configured to work out of the box. You must only install one main server per school! This profile does not include a graphical user interface. If you want a graphical user interface, then select Workstation or Thin-Client-Server in addition to this one.

    • Workstation

      • A computer booting from its local hard drive, and running all software and devices locally like an ordinary computer, except that user logins are authenticated by the main server, where the users' files and desktop profile are stored.

    • Roaming workstation

      • Same as workstation but capable of authentication using cached credentials, meaning it can be used outside the school network. The users' files and profiles are stored on the local disk. Notebooks and laptops should select this profile and not 'Workstation' or 'Standalone' as suggested in earlier releases.

    • Thin-Client-Server

      • A thin client (and diskless workstation) server, also called a LTSP server. Clients without hard drives boot and run software from this server. This computer needs two network cards, a lot of memory, and ideally more than one processor or core. See the chapter about networked clients for more information on this subject. Choosing this profile also enables the workstation profile (even if it is not selected) - a thin client server can always be used as a workstation, too.

    • Standalone

      • An ordinary computer that can function without a main server (that is, it doesn't need to be on the network). Includes laptops.

    • Minimal

      • This profile will install the base packages and configure the machine to integrate into the Debian Edu network, but without any services and applications. It is useful as a platform for single services manually moved out from the main-server.

    The Main Server, Workstation and Thin Client Server profiles are preselected. These profiles can be installed on one machine together if you want to install a so called combined main server. This means the main server will be a thin client server and also be used as a workstation. This is the default choice, since we assume most people will install via PXE afterwards. Please note that you must have 2 network cards installed in a machine which is going to be installed as a combined main server or as a thin client server to become usefull after the installation.

  • Say "yes" or "no" to automatic partitioning. Be aware that saying "yes" will destroy all data on the hard drives! Saying "no" on the other hand will require more work - you will need to make sure that the required partitions are created and are big enough.

  • Please say "yes" to submitting information to http://popcon.skolelinux.org/ to allow us to know which packages are popular and should be kept for future releases. Although you don't have to, it is a simple way for you to help. :)

  • Wait. If the selected profiles include Thin-client-server then the installer will spend quite some time at the end, "Finishing the installation - Running debian-edu-profile-udeb..."

  • Sonríe :)

6.4.3. Notes on some characteristics

6.4.3.1. Una nota sobre equipos portátiles.

Most likely you will want to use the 'Roaming workstation' profile (see above). Be aware that all data is stored locally (so take some extra care over backups) and login credentials are cached (so after a password change, logins may require your old password if you have not connected your laptop to the network and logged in with the new password).

6.4.3.2. Una nota sobre instalación por DVD

After you install from a DVD, /etc/apt/sources.list will only contain sources from the DVD. If you have an Internet connection, we strongly suggest adding the following lines to it so that available security updates can be installed:

deb http://ftp.debian.org/debian/ squeeze main 
deb http://security.debian.org/ squeeze/updates main 
deb http://ftp.skolelinux.org/skolelinux squeeze local

The DVD only works with KDE desktop installations. If you want to install other desktop options, use the netinst images or PXE installation.

6.4.3.3. Una nota acerca de de la instalación con CD

A netinst installation (which is the type of installation our CD provides) will fetch some packages from the CD and the rest from the net. The amount of packages fetched from the net varies from profile to profile:

FIXME Check these numbers for Squeeze. They are 2012-01-22 for Lenny.

  • Main server: 8 out of 115 MiB downloaded.

  • Servidor principal y servidor de clientes ligeros: 618 de 1082 MiB descargados.

  • Servidor principal y estación de trabajo: 618 de 1081 MiB descargados.

  • Servidor de clientes ligeros: 618 de 1052 MiB descargados.

  • Estación de trabajo: 618 de 1051 MiB descargados.

  • Equipo independiente: 618 de 1020 descargados.

  • Mínimo: 12 de 83 MiB descargados.

6.4.3.4. Una nota sobre los controladores RAID

When using a USB drive to add missing firmware during install, with some RAID-controllers GRUB is installed to the USB drive. So a reboot after installation results in a GRUB error. A workaround for this problem is to remove the USB drive after the firmware is loaded, and preferably before partitioning starts.

Más información esta disponible en Debian-Edu bug #1395 and Debian bug 516280.

6.4.3.5. Una nota sobre la instalación de servidores de clientes ligeros

First of all, this profile name is confusing for historic reasons. Currently this profile actually installs an LTSP server environment for thin-clients and for workstations. Debian bug 588510 has been filed to change the name of the profile into a better suited one.

Providing the kernel boot parameter edu-skip-ltsp-make-client makes it possible to skip the step which converts the LTSP chroot from a thin-client chroot into a combined thin-client/diskless workstation chroot.

This is useful in certain situations, such as if you want a pure thin client chroot or if there is already a diskless chroot on another server, which can be rsynced. For these situations skipping this step will cut down the installation time considerably.

Except for the longer installation time there is no harm in always creating combined chroots, which is why this is done by default.

6.4.4. Installation using USB sticks instead of CD/DVDs

Since the Squeeze release it is possible to directly copy the CD/DVD .iso images to a USB stick and boot from them. Simply execute a command like this, just adapting the file and device names to your needs:

sudo dd if=debian-edu-amd64-i386-XXX.iso of=/dev/sdX bs=1024

Depending on which image you choose, the USB stick will behave just like a CD or DVD.

6.4.5. Instalación a través de la red (PXE) e inicio de estaciones sin disco.

For this installation method it is required that you have a running main server. When clients boot via the main network, a new PXE menu with installer and boot selection options is displayed. If PXE installation fails with an error message claiming a XXX.bin file is missing, then most probably the client's network card requires nonfree firmware. In this case the Debian Installer's initrd must be modified. This can be achieved by executing the command: /usr/share/debian-edu-config/tools/pxe-addfirmware on the server.

This is how the PXE menu looks with the Main-Server profile only:

pxe-tjener.png

This is how the PXE menu looks with the Main-Server and Thin-Client-Server profiles:

28-Diskless-WS-GRUB_Boot_menu-PXE.png

This setup also allows diskless workstations and thin clients to be booted on the main network. Diskless workstations must be added with GOsa² just like normal workstations or thin client servers.

More information about network clients can be found in the Network clients HowTo chapter.

6.4.5.1. Modificar instalaciones PXE

The PXE installation uses a debian-installer preseed file, which can be modified to ask for more packages to install.

Una línea como esta debe ser agregada atjener:/etc/debian-edu/www/debian-edu-install.dat

d-i    pkgsel/include string my-extra-package(s)

The PXE installation uses /var/lib/tftpboot/debian-edu/install.cfg and the preseeding file in /etc/debian-edu/www/debian-edu-install.dat. These files can be changed to adjust the preseeding used during installation, to avoid more questions when installing over the net. Another way to achieve this is to provide extra settings in /etc/debian-edu/pxeinstall.conf and /etc/debian-edu/www/debian-edu-install.dat.local and to run /usr/sbin/debian-edu-pxeinstall to update the generated files.

Más información puede ser encontrada en el manual del instalador Debian.

To disable or change the use of the proxy when installing via PXE, the lines containing mirror/http/proxy, mirror/ftp/proxy and preseed/early_command in tjener:/etc/debian-edu/www/debian-edu-install.dat need to be changed. To disable the use of a proxy when installing, put '#' in front of the first two lines, and remove the "export xhttp_proxy="http://webcache:3128"; " part from the last one.

Some settings can not be preseeded because they are needed before the preseeding file is downloaded. These are configured in the PXElinux-based boot arguments available from /var/lib/tftproot/debian-edu/install.cfg. Language, keyboard layout and desktop are examples of such settings.

6.4.6. CD/DVDs Personalizados

Creating custom CDs or DVDs can be quite easy since we use the debian installer, which has a modular design and other nice features. Preseeding allows you to define answers to the questions normally asked.

Así que todo lo que necesitas hacer es crear un archivo de preconfiguración con sus respuestas (esto se describe en el apéndice del manual del instalador de Debian) y remasterizar el CD/DVD

6.5. Captura de pantalla del paseo

The text mode and the graphical installation are functionally identical - only the appearance is different. The graphical mode offers the opportunity to use a mouse, and of course looks much nicer and more modern. Unless the hardware has trouble with the graphical mode, there is no reason not to use it.

So here is a screenshot tour through a graphical Main-Server + Workstation + Thin Client Server installation and how it looks at the first boot of the tjener, a PXE boot on the workstation network and on the thinclient network:

01-Installer_boot_menu.png

02-select_a_language.png

03-select_your_location.png

04-Configure_the_keyboard.png

05-Detect_and_mount_CD-ROM.png

06-Load_installer_components_from_CD.png

07-Detect_network_hardware.png

08-Choose_Debian_Edu_profile.png

09-Really_use_the_automatic_partitioning_tool.png

10-Really_use_the_automatic_partitioning_tool-Yes.png

11-Participate_in_the_package_usage_survey.png

12-Set_up_users_and_passwords.png

12a-Set_up_users_and_passwords.png

12b-Set_up_users_and_passwords.png

12c-Set_up_users_and_passwords.png

13-Install the base system.png

14-Select_and_install_software.png

17-Select_and_install_software.png

18-Build LTSP chroot.png

19-Install_the_GRUB_boot_loader_on_a_hard_disk.png

20-Finish_the_Installation.png

21-Finish_the_Installation-Installation_complete.png

22-Tjener_GRUB_boot_menu.png

23-Tjener-KDM_Login.png

24-Tjener-KDE_Start.png

26-Tjener-KDE_Desktop_Browser.png

27-Tjener-KDE_Desktop.png

28-Diskless-WS-GRUB_Boot_menu-PXE.png

29-Diskless-WS-KDM_Login.png

30-ThinClient-LDM_Login.png

31-ThinClient-KDE_Desktop.png

7. Para empezar

7.1. Pasos mínimos para iniciar

During installation of the main server a first user account was created. In the following text this account will be referenced as "first user". The first user can use sudo to become root.

Después de la instalación, las primeras cosas que necesita hacer como usuario son:

  1. Log into the server - with the root account you cannot log in graphically.

  2. Add users with GOsa²

  3. Add workstations with GOsa²

Adding users and workstations is described in detail below, so please read this chapter completely. It covers how to perform these minumum steps correctly as well, as other stuff that everybody will probably need to do.

The HowTo chapter covers more tips and tricks and some frequently asked questions.

Escritorio Debian Edu

7.1.1. Servicios que corren en el servidor principal

There are several services running on the main server which can be managed via a web management interface. We'll describe each service below.

7.2. Introducción a GOsa²

GOsa² is a web based management tool that helps to manage some important parts of your Debian Edu setup. With GOsa² you can manage (add, modify, or delete) these main groups:

  • Administración de usuarios

  • Administración de grupos

  • NIS Netgroup Administrator

  • Administración de computadoras

  • Administración DNS

  • Administración DHCP

For GOsa² access you need the Skolelinux main server and a (client) system with a web browser installed which can be the main server itself if it was installed as a so called combined server (main server + thin client server + workstation). If all of the mentioned before is not available, see: Installing a graphical environment on the main-server to use GOsa².

From a web browser use the URL https://www/gosa for GOsa² access, and log in as the first user.

  • If you are using a new Debian Edu Squeeze machine, the site certificate will be known by the browser.

  • Otherwise, you will get an error message about the SSL certificate being wrong. If you know you are alone on your network, just tell the browser to accept it and ignore that.

For general information on GOsa² have a look at: https://oss.gonicus.de/labs/gosa/wiki/documentation.

7.2.1. GOsa² Login plus Overview

GOsa² overview page after login as the first user

After logging in to GOsa² you will see the overview page of GOsa².

Next, you can choose a task in the menu or click any of the task icons on the overview page. For navigation, we recommend using the menu on the left side of the screen, as it will stay visible there on all administration pages offered by GOsa².

In Debian Edu, account, group, and system information is stored in an LDAP directory. This data is used not only by the main server, but also by the (diskless) workstations, the thin client servers and the Windows machines on the network. With LDAP, account information about students, pupils, teachers, etc. only needs to be entered once. After information has been provided in LDAP, the information will be available to all systems on the whole Skolelinux network.

GOsa² is an administration tool that uses LDAP to store its information and provide a hierarchical department structure. To each "department" you can add user accounts, groups, systems, netgroups, etc. Depending on the structure of your institution, you can use the department structure in GOsa²/LDAP to transfer your organisational structure into the LDAP data tree of the Debian Edu main server.

A default Debian Edu main server installation currently provides two "departments": Teachers and Students, plus the base level of the LDAP tree. Student accounts are intended to be added to the "Students" department, teachers to the "Teachers" department; systems (servers, Skolelinux workstations, Windows machines, etc.) are currently added to the base level. Find your own scheme for customising this structure.

Depending on the task that you want to work on (manage users, manage groups, manage systems, etc.) GOsa² presents you with a different view on the selected department (or the base level).

7.3. Gestión de usuarios con GOsa²

First, click on "Users" in the left navigation menu. The right side of the screen will change to show a table with department folders for "Students" and "Teachers" and the account of the GOsa² Super-Administrator (the first created user). Above this table you can see a field called Base that allows you to navigate through your tree structure (move your mouse over that area and a drop-down menu will appear) and to select a base folder for your intended operations (e.g. adding a new user).

7.3.1. Agregar usuarios

Next to that tree navigation item you can see the "Actions" menu. Move your mouse over this item and a submenu appears on screen; choose "Create" here, and then "User". You will be guided by the user creation wizard.

  • The most important thing to add is the template (newstudent or newteacher) and the full name of your user (see image).

  • As you follow the wizard, you will see that GOsa² generates a username automatically based on the real name. It automatically chooses a username that doesn't exist yet, so multiple users with the same full name are not a problem. Note that GOsa² can generate invalid usernames if the full name contains non-ASCII characters.

  • If you don't like the generated username you can select another username offered in the drop-down box, but you do not have a free choice here in the wizard. (Username generation can be customized in /etc/gosa/gosa.conf, changing e.g. the default entry idGenerator="{%givenName[3-6]}{%sn[3-6]}" to idGenerator="{%givenName[1]}{%sn[22]}{id!2}" would generate the username pmuster for a user "Peter Muster" and pmuster01 for the next user with the same full name. The maximum length for usernames in this case would be 25; see man 5 gosa.conf for more details. Backup gosa.conf before editing it!)

  • When the wizard has finished, you are presented with the GOsa² screen for your new user object. Use the tabs at the top to check the completed fields.

After you have created the user (no need to customise fields the wizard has left empty for now), click on the "Ok" button in the bottom-right corner.

As the last step GOsa² will ask for a password for the new user. Type that in twice and then click "Set password" in the bottom-right corner.

If all went well, you can now see the new user in the user list table. You should now be able to log in with that username on any Skolelinux machine within your network.

Please note: If Squeeze/r0 was used to install the main server, all user passwords exept that one for the first user will expire in only 2 days. To fix this, please execute the following script in a terminal. This script is included in r1.

  #!/bin/bash
  #
  # /usr/share/debian-edu-config/tools/password-fix-squeeze-r0
  #
  # Fix password expiring after 2 days (#664596) incorrectly introduced
  # in Debian Edu Squeeze up to r0; for new users the password will
  # never expire. For existing users this will be the case after they've
  # changed their password. Give old users the chance to change the
  # password, exclude not affected accounts: templates and first user.
  #
  for i in $(getent passwd | grep home0 | egrep -v   'newteacher|newstudent|:1000:1000:' | cut -d: -f1) ; do
    kadmin.local -q "modprinc -pwexpire 7000days $i"
  done
  kadmin.local -q "modpol -maxlife 0secs users"

7.3.2. Buscar, modificar y borrar usuarios

Filterbox To modify or delete a user, use GOsa² to browse the list of users on your system. On the very right of the screen you will find the "Filter" box, a search tool provided by GOsa². If you don't know the exact location of your user account in your tree, change to the base level of the GOsa²/LDAP tree and search there with the option marked "[x] Search in subtrees".

When using the "Filter" box, results will immediately appear in the middle of the text in the table list view. Every line represents a user account and the items farthest to the right on each line are little icons that provide actions for you: edit, lock, set password, restore snapshot (greyed out if no snapshot was taken before), take snapshot and delete.

A new page will show up where you can directly modify information about the user, change the password of the user and modify the list of groups the user belongs to.

Editar datos de usuarios

7.3.3. Establecer contraseñas

The students can change their own passwords by logging into GOsa² with their own usernames. A logged-in student will be presented with a very minimal version of GOsa² that only allows access to the student's own account data sheet and to the set-password dialog.

Teachers logged in under their own usernames have special privileges in GOsa². They are shown a more privileged view of GOsa², and can change the passwords for all student accounts. This may be very handy during class.

To administratively set a new password for a user

  1. search for the user to be modified, as explained above

  2. click on the key symbol at the end of the line that the username is shown in

  3. on the page subsequently presented you can set a new password chosen by yourself

Set user password

Beware of security implications due to easy to guess passwords!

7.3.4. Administración avanzada de usuarios.

It is possible to mass-create users with GOsa² by using a CSV file, which can be created with any good spreadsheet software (for example oocalc). At least, entries for the following fields have to be provided: uid, last name (sn) and first name (givenName). Make sure that there are no duplicate entries in the uid field. Please note that the check for duplicates must include already existing uid entries in LDAP (which could be obtained by executing getent passwd | grep tjener/home | cut -d":" -f1 on the command line).

These are the format guidelines for such a CSV file (GOsa² is quite intolerant about them):

  • Use "," como separador de campos

  • Do not use quotes

  • The CSV file must not contain a header line (of the sort that normally contains the column names)

  • The order of the fields is not relevant, and can be defined in GOsa² during the mass import

Los pasos para importe masivo son:

  1. click the "LDAP Manager" link in the navigation menu on the left

  2. click the "Import" tab in the screen on the right

  3. browse your local disk and select a CSV file with the list of users to be imported

  4. choose an available user template that should be applied during mass import (such as NewTeacher or NewStudent)

  5. click the "Import" button in the bottom-right corner

It's a good idea to do some tests first, preferably using a CSV file with a few fictional users, which can be deleted later.

7.4. Group Management with GOsa²

crear un grupo

crear un grupo

The management of groups is very similar to the management of users.

You can enter a name and a description per group. Make sure that you choose the right level in the LDAP tree when creating a new group.

By default, the appropriate Samba group isn't created. If you forgot to check the Samba group option during group creation, you can modify the group later on.

Adding users to a newly created group takes you back to the user list, where you most probably would like to use the filter box to find users. Check the LDAP tree level, too.

Los grupos incluidos en el manejo de grupos, son también grupos regulares de Unix, así que pueden utilizarse también para los permisos de archivos.

7.4.1. Gestión de grupos en la linea de comando

# List existing group mapping between UNIX and Windows groups.
net groupmap list

# Add your new or otherwise missing groups:
net groupmap add unixgroup=NEW_GROUP type=domain ntgroup="NEW_GROUP"\
                 comment="DESCRIPTION OF NEW GROUP"

This is explained in more detail in the HowTo/NetworkClients chapter of this manual.

7.5. Machine Management with GOsa²

Machine management basically allows you to manage all networked devices in your Debian Edu network. Every machine added to the LDAP directory using GOsa² has a hostname, an IP address, a MAC address and a domain name (which is usually "intern"). For a fuller description of the Debian Edu architecture see the architecture chapter of this manual.

To add a machine, use the GOsa² main menu, systems, add. (Choose netdevice, not server as that will leave you with a system object that can't be erased with GOsa². You can use an IP address/hostname from the preconfigured address space 10.0.0.0/8. Currently there are only two predefined fixed addresses: 10.0.2.2 (tjener) and 10.0.0.1 (gateway). The addresses from 10.0.16.20 to 10.0.31.254 (roughly 10.0.16.0/20 or 4000 hosts) are reserved for DHCP and are assigned dynamically.

To assign a host with the MAC address 52:54:00:12:34:10 a static IP address in GOsa² you have to enter the MAC address, the hostname and the IP; alternatively you might click the Propose ip button which will show the first free fixed address in 10.0.0.0/8, most probably something like 10.0.0.1 if you add the first machine this way. It may be better to first think about a suited range for your network.

If the machines have booted as thin clients/diskless workstations or have been installed using any of the networked profiles, the sitesummary2ldapdhcp script can be used to automatically add machines to GOsa². Please note, that the IP addresses shown after usage of sitesummary2ldapdhcp belong to the dynamic IP range. These systems can then be modified though to suite your network. A few screenshots show how this may be done.

root@tjener:~# sitesummary2ldapdhcp -a
info: Create GOSa machine for auto-mac-00-02-b3-20-e4-aa [10.0.16.25] id ether-00:02:b3:20:e4:aa.
info: Updating machine tjener.interm [10.0.2.2] id ether-00:04:76:d3:28:b7.
info: Create GOSa machine for auto-mac-00-0d-59-99-d6-98 [10.0.16.26] id ether-00:0d:59:99:d6:98.

Enter password if you want to activate these changes, and ^c to abort.

Connecting to LDAP as cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
enter password: █

GOsa² systems listing

Host details

Modify host

Add netgroup

A cronjob updating DNS runs every hour; su -c ldap2bind can be used to trigger the update manually.

7.5.1. Buscar y eliminar computadoras

Searching for and deleting machines is quite similar to searching for and deleting users, so that information is not repeated here.

7.5.2. Modificar equipos existentes / Manejo del grupo de red

After adding a machine to the LDAP tree using GOsa², you can modify its properties using the search functionality and clicking on the machine name (as you would with users).

The format of these system entries is similar to the one you already know from modifying user entries, but the fields mean different things in this context.

For example, adding a machine to a NetGroup does not modify the file access or command execution permissions for that machine or the users logged in to that machine; instead it restricts the services that machine can use on your main-server.

La instalación por defecto proporciona la Grupo de Red

  • cups-queue-autoflush-hosts

  • cups-queue-autoreenable-hosts

  • fsautoresize-hosts

  • equipos-servidores ltsp

  • netblock-hosts

  • equipos-impresoras

  • equipos-servidores

  • equipos-apagados por las noches

  • winstation-hosts

  • equipos-estaciones de trabajo

Actualmente, la funcionabilidad de NetGroup se utiliza para

  • NFS.

    • The home directories are exported by the main-server to be mounted by the workstations and the LTSP servers. For security reasons, only hosts within the workstation-hosts, ltsp-server-hosts and server-hosts NetGroups can mount the exported NFS shares. So it is rather important to remember to configure these kinds of machines properly in the LDAP tree using GOsa² and to configure them to use static IP addresses from LDAP. /!\ Remember to configure workstations and ltsp-servers properly with GOsa², or your users won't be able to access their home directories.

  • fs-autoresize

    • Debian Edu machines in this group will automatically resize LVM partitions that run out of space.

  • apagar por las noches

    • Debian Edu machines in this group will automatically shut down at night to save energy.

  • CUPS (cups-queue-autoflush-hosts and cups-queue-autoreenable-hosts)

    • Debian Edu machines in these groups will automatically flush all print queues every night, and re-enable any disabled print queue every hour.

  • netblock-hosts

    • Debian Edu machines in this group will only be allowed to connect to machines on the local network. Combined with web proxy restrictions this might be used during exams.

Another important part of machine configuration is the 'Samba host' flag (in the 'Host information' area). If you plan to add existing Windows systems to the Skolelinux Samba domain, you need to add the Windows host to the LDAP tree and set this flag to be able to join the Windows host to the domain. For more information about adding Windows hosts to the Skolelinux network see the HowTo/NetworkClients chapter of this manual.

8. Printer Management

For Printer Management point your web browser to https://www:631 This is the normal CUPS management interface where you can add/delete/modify your printers and can clean up the printing queue. Changes that require a root login need SSL encryption.

9. Clock synchronisation

The default configuration in Debian Edu is to keep the clocks on all machines synchronous but not necessarily correct. NTP is used to update the time. The clocks will be synchronised with an external source by default. This can cause machines to keep the external Internet connection open if it is created when used.

/!\ If you use dialup or ISDN and pay per minute, you want to change this default setting.

To disable synchronisation with an external clock, the file /etc/ntp.conf on the main-server and all clients and LTSP chroots need to be modified. Add comment ("#") marks in front of the server entries. After this, the NTP server needs to be restarted by running /etc/init.d/ntp restart as root. To test if a machine is using the external clock sources, run ntpq -c lpeer.

10. Redimensionando Particiones completas

Because of a possible bug with automatic partitioning, some partitions might be too full after installation. To extend these partitions, run debian-edu-fsautoresize -n as root. See the "Resizing Partitions" HowTo in the administration HowTo chapter for more information.

11. Maintenance

11.1. Actualizar el software

This section explains how to use aptitude upgrade.

Using aptitude is really simply. To update a system you need to execute two commands on the command line as root: aptitude update (which updates the lists of available packages) and aptitude upgrade (which upgrades the packages for which an upgrade is available).

It is also a good idea to install cron-apt and apt-listchanges and configure them to send mail to an address you are reading.

cron-apt will notify you once a day via email about any packages that can be upgraded. It does not install these upgrades, but does download them (usually in the night), so you don't have to wait for the download when you do aptitude upgrade.

Automatic installation of updates can be done easily if desired, it just needs the unattended-upgrades package to be installed.

apt-listchanges can send new changelog entries to you via email, or alternativly display them in the terminal when running aptitude or apt-get.

11.1.1. Mantente informado sobre actualizaciones de seguridad

Running cron-apt as described above is a good way to learn when security updates are available for installed packages. Another way to stay informed about security updates is to subscribe to the Debian security-announce mailinglist, which has the benefit of also telling you what the security update is about. The downside (compared to cron-apt) is that it also includes information about updates for packages which aren't installed.

11.2. Gestión de las copias de seguridad

For backup management point your browser to https://www/slbackup-php. Please note that you need to access this site via SSL, since you have to enter the root password there. If you try to access this site without using SSL it will fail.

By default tjener will back up /skole/tjener/home0, /etc/, /root/.svk and LDAP to /skole/backup which is under the LVM. If you only want to have spare copies of things (in case you delete them) this setup should be fine for you.

/!\ Be aware that this backup scheme doesn't protect you from failing hard drives.

If you want to back up your data to an external server, a tape device or another hard drive you'll have to modify the existing configuration a bit.

Si quieres restaurar un directorio, la mejor opción es usar la línea de comandos:

$ sudo rdiff-backup -r <date>  \
   /skole/backup/tjener/skole/tjener/home0/user \
   /skole/tjener/home0/user_<date>

This will leave the content from /skole/tjener/home0/user for <date> in the folder /skole/tjener/home0/user_<date>

If you want to restore a single file, then you should be able to select the file (and the version) from the web interface, and download only that file.

If you want to get rid of older backups, choose "Maintenance" in the menu on the backup page and select the oldest snapshot to keep:

slbackup-php Maintenance

11.3. Monitorización del servidor

11.3.1. Munin

The Munin trend reporting system is available from https://www/munin/. It provides system status measurement graphs on a daily, weekly, monthly and yearly basis, and provides the system administrator with help when looking for bottlenecks and the source of system problems.

The list of machines being monitored using Munin is generated automatically, based on the list of hosts reporting to sitesummary. All hosts with the package munin-node installed are registered for Munin monitoring. It will normally take one day from a machine being installed until Munin monitoring starts, because of the order the cron jobs are executed. To speed up the process, run sitesummary-update-munin as root on the sitesummary server (normally the main-server). This will update the /etc/munin/munin.conf file.

The set of measurements being collected is automatically generated on each machine using the munin-node-configure program, which probes the plugins available from /usr/share/munin/plugins/ and symlinks the relevant ones to /etc/munin/plugins/.

Information about Munin is available from http://munin.projects.linpro.no/ .

11.3.2. Nagios

Nagios system and service monitoring is available from https://www/nagios3/. The set of machines and services being monitored is automatically generated using information collected by the sitesummary system. The machines with the profile Main-server and Thin-client-server receive full monitoring, while workstations and thin clients receive simple monitoring. To enable full monitoring on a workstation, install the nagios-nrpe-server package on the workstation.

The username is nagiosadmin and the default password is skolelinux. For security reasons, avoid using the same password as root. To change the password you can run the following command as root:

htpasswd /etc/nagios3/htpasswd.users nagiosadmin

By default Nagios does not send email. This can be changed by replacing notify-by-nothing with host-notify-by-email and notify-by-email in the file /etc/nagios3/sitesummary-template-contacts.cfg.

The Nagios configuration file used is /etc/nagios3/sitesummary.cfg. The sitesummary cron job generates /var/lib/sitesummary/nagios-generated.cfg with the list of hosts and services to monitor.

Extra Nagios checks can be put in the file /var/lib/sitesummary/nagios-generated.cfg.post to get them included in the generated file.

Information about Nagios is available from http://www.nagios.org/ or in the nagios3-doc package.

11.3.2.1. Advertencias comunes de Nagios y como manejarlas

Aquí hay instrucciones sobre como manejar las advertencias más comunes de Nagios.

11.3.2.1.1. DISK CRITICAL - free space: /usr 309 MB (5% inode=47%):

The partition (/usr/ in the example) is too full. There are in general two ways to handle this: (1) remove some files or (2) increase the size of the partition. If the partition is /var/, purging the APT cache by calling apt-get clean might remove some files. If there is more room available in the LVM volume group, running the program debian-edu-fsautoresize to extend the partitions might help. To run this program automatically every hour, the host in question can be added to the fsautoresize-hosts netgroup.

11.3.2.1.2. APT CRITICAL: 13 packages available for upgrade (13 critical updates).

New package are available for upgrades. The critical ones are normally security fixes. To upgrade, run 'apt-get upgrade && apt-get dist-upgrade' as root in a konsole or log in via ssh to do the same. On thin client servers, remember to also update the LTSP chroot using ltsp-chroot apt-get update && ltsp-chroot apt-get upgrade.

If you do not want to manually upgrade packages and trust Debian to do a good job with new versions, you can install the unattended-upgrades package and configure it to automatically upgrade all new packages every night. This will not upgrade the LTSP chroots.

To upgrade the LTSP chroot, one can use ltsp-chroot apt-get update && ltsp-chroot apt-get upgrade. On 64-bit servers, one will have to add -a i386 as an argument to ltsp-chroot. It is a good idea to update the chroot when updating the host system.

11.3.2.1.3. WARNING - Reboot required : running kernel = 2.6.32-37.81.0, installed kernel = 2.6.32-38.83.0

The running kernel is older than the newest installed kernel, and a reboot is required to activate the newest installed kernel. This is normally fairly urgent, as new kernels normally show up in Debian Edu to fix security issues.

11.3.2.1.4. WARNING: CUPS queue size - 61

The printer queues in CUPS have a lot of jobs pending. This is most likely because of a unavailable printer. Disabled print queues are enabled every hour on hosts that are member of the cups-queue-autoreenable-hosts netgroup, so for such hosts no manual action should be required. The print queues are emptied every night on hosts that are member of the cups-queue-autoflush-hosts netgroup. If a host have a lot of jobs in their queue, consider adding this host to one or both of these netgroups.

11.3.3. Sitesummary

Sitesummary is used to collect information from each computer and submit it to the central server. The information collected is available in /var/lib/sitesummary/entries/. Scripts in /usr/lib/sitesummary/ are available to generate reports.

A simple report from sitesummary without any details is available from https://www/sitesummary/.

Some documentation on sitesummary is available from http://wiki.debian.org/DebianEdu/HowTo/SiteSummary

11.4. Más información sobre personalizaciones de Debian Edu

More information about Debian Edu customisations useful for system administrators can be found in the Administration Howto chapter.

12. Actualizaciones

/!\ Before reading this upgrade guide, please note that live updates to your production servers are carried out at your own risk. Debian Edu/Skolelinux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

Please read this chapter completely before attempting to upgrade.

12.1. Notas generales sobre la actualización

Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately not yet true as we heavily modify configuration files in ways we shouldn't. (See Debian bug 311188 for more information.) Upgrading is still possible but may require some work.

In general, upgrading the servers is more difficult than the workstations and the main-server is the most difficult to upgrade. The diskless machines are easy, as their chroot environment can be deleted and recreated, if you haven't modified it. If you have, the chroot is basically a workstation chroot anyway, so rather easy to upgrade.

If you want to be sure that after the upgrade everything works as before, you should test the upgrade on a test system or systems configured the same way as your production machines. There you can test the upgrade without risk and see if everything works as it should.

Make sure to also read the information about the current Debian Stable release in its installation manual.

It may also be wise to wait a bit and keep running Oldstable for a few weeks longer, so that others can test the upgrade and document any problems they experience. The Oldstable release of Debian Edu will receive continued support for some time after the next Stable release, but when Debian ceases support for Oldstable, Debian Edu will necessarily do the same.

13. Upgrades from Debian Edu Lenny

/!\ Be prepared: make sure you have tested the upgrade from Lenny in a test environment or have backups ready to be able to go back.

13.1. The basic upgrade operation

  1. Edit /etc/apt/sources.list and replace all occurrences of "lenny" with "squeeze".

  2. Ejecuta apt-get update

  3. Ejecuta apt-get upgrade

  4. Ejecuta apt-get dist-upgrade

13.2. LDAP service needs to be reconfigured

The LDAP setup has changed a lot from Lenny to Squeeze. The way users accounts, passwords, network settings, services and machines are treated is quite different now. So LDAP has to be rebuild from scratch. There's a script ldap-debian-edu-install (in /usr/bin) that could be used to achieve this. Read the comment at the beginning of that script carefully before doing anything.

13.3. Recreating an LTSP chroot

On the LTSP server(s) the LTSP chroot should be recreated. The new chroot will automatically support both thin-clients and diskless workstations.

Remove /opt/ltsp/i386 (or /opt/ltsp/amd64, depending on your setup). If you have enough diskspace, consider backing it up.

Recreate the chroot by running debian-edu-ltsp as root.

Of course you can also upgrade the chroot as usual.

14. Upgrades from older Debian Edu / Skolelinux installations (before Lenny)

To upgrade from any older release, you will need to upgrade to the Lenny-based Debian Edu release first, before you can follow the instructions provided above. Instructions are given in the Manual for Debian Edu Lenny about how to upgrade to Lenny from the previous release, Etch, and the Etch manual covers the one before that!

15. HowTo

16. Guías para administración general

The Getting Started and Maintenance chapters describe how to get started with Debian Edu and how to do the basic maintenance work. The howtos in this chapter have some more "advanced" tips and tricks.

16.1. Seguimiento de /etc usando el sistema de control de versiones git

With the introduction of etckeeper in Debian Edu Squeeze (previous versions used etcinsvk which was removed from Debian), all files in /etc/ are tracked using git as a version control system.

Esto hace posible que cuando un archivo es agregado, cambiado o eliminado, también lo que se cambió si el archivo es un archivo de texto. El repositorio de git es guardado en /etc/.git/.

Every hour, any changes are automatically recorded, allowing configuration history to be extracted and reviewed.

Para revisar el histórico, se debe utilizar el comando etckeeper vcs log. Para revisar las diferencias entre dos puntos en el tiempo, el comando etcinsvk vcs diff puede ser usado.

Revise la salida de man etckeeper para más información.

Lista de comandos útiles:

etckeeper vcs log
etckeeper vcs status
etckeeper vcs diff
etckeeper vcs add .
etckeeper vcs commit -a
man etckeeper

16.1.1. Ejemplos de uso

On a freshly installed system, try this to see all changes done since the system was installed:

etckeeper vcs log

See which files are currently not tracked and which are not up-to-date:

etckeeper vcs status

To manually commit a file, because you don't want to wait up to an hour:

etckeeper vcs commit -a /etc/resolv.conf

16.2. Redimensionando Particiones

In Debian Edu, all partitions other than the /boot/ partition are on logical LVM volumes. With Linux kernels since version 2.6.10, it is possible to extend partitions while they are mounted. Shrinking partitions still needs to happen while the partition is unmounted.

It is a good idea to avoid creating very large partitions (over, say, 20GiB), because of the time it takes to run fsck on them or to restore them from backup if the need arises. It is better, if possible, to create several smaller partitions than one very large one.

The helper script debian-edu-fsautoresize is provided to make it easier to extend full partitions. When invoked, it reads the configuration from /usr/share/debian-edu-config/fsautoresizetab, /site/etc/fsautoresizetab and /etc/fsautoresizetab. It then proposes to extend partitions with too little free space, according to the rules provided in these files. If run with no arguments, it will only show the commands needed to extend the file system. The argument -n is needed to actually execute these commands to extend the file systems.

The script is executed automatically every hour on every client listed in the fsautoresize-hosts netgroup.

When the partition used by the Squid proxy is resized, the value for cache size in etc/squid/squid.conf needs to be updated as well. The helper script /usr/share/debian-edu-config/tools/squid-update-cachedir is provided to do this automatically, checking the current partition size of /var/spool/squid/ and configuring Squid to use 80% of this as its cache size.

16.2.1. Gestión de volúmenes lógicos

Logical Volume Management (LVM) enables resizing the partitions while they are mounted and in use. You can learn more about LVM from the LVM HowTo.

To extend a logical volume manually you simply tell the lvextend command how large you want it to grow to. For example, to extend home0 to 30GB you use the following commands:

lvextend -L30G /dev/vg_system/skole+tjener+home0
resize2fs /dev/vg_system/skole+tjener+home0

To extend home0 by 30G, you insert a '+' (-L+30G)

16.3. Installing a graphical environment on the main-server to use GOsa²

If you (probably accidentally) installed a pure main-server profile and don't have a client with a web-browser handy, it's easy to install a minimal desktop on the main server using this command sequence in a (non-graphical) shell as the user you created during the main server's installation (first user):

  $ sudo apt-get update
  $ sudo apt-get install gnome-session gnome-terminal iceweasel xorg
  # after installation, start a graphical session for the first user 
  $ startx

16.4. Using ldapvi

ldapvi is a tool to edit the LDAP database with a normal text editor on the commandline.

Lo siguiente necesita ser ejecutado:

ldapvi --ldap-conf -ZD '(cn=admin)'

Note: ldapvi will use whatever is the default editor. By executing export EDITOR=vim in the shell prompt one can configure the environment to get a vi clone as editor.

To add an LDAP object using ldapvi, use object sequence number with the string add in front of the new LDAP object.

/!\ Warning: ldapvi is a very powerful tool. Be careful and don't mess up the LDAP database.

16.5. jxplorer, una GUI para LDAP

If you prefer a GUI to work with the LDAP database, check out the jxplorer package.

16.6. ldap-createuser-krb, una herramienta para línea de comando

ldap-createuser-krb is a small command line tool to create LDAP users and set their passwords in Kerberos. It's mostly useful for testing, though.

16.7. Using stable-updates (formerly known an volatile)

Since the Squeeze release, Debian has included packages formerly maintained in volatile.debian.org in the 2011 created stable-updates suite.

While you can use stable-updates directly, you don't have to: stable-updates are pushed into the stable suite regularily when stable pointreleases are done, which roughly happens every two months.

16.8. Using backports.debian.org to install newer software

You are running Debian Edu because you prefer the stability of Debian Edu. It runs great; there is just one problem: sometimes software is a little bit more outdated than you like. This is where backports.debian.org steps in.

Backports are recompiled packages from Debian testing (mostly) and Debian unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever this is possible) on a stable Debian distribution like Debian Edu. We recommend you to pick out individual backports which fit your needs, and not to use all backports available there.

Using backports.debian.org is simple:

echo "deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free" >> /etc/apt/sources.list
apt-get update

Previously, extra configuration was needed to get updates installed automatically for installed backports, but since 2011 the squeeze-backports suite renders this unnecessary.

16.9. Actualizar con un CD o DVD ROM

If you want to upgrade from one version to another (for example from Squeeze 6.0.6 to 6.0.7) but you do not have Internet connectivity, only physical media, follow these steps:

Insertar el CD/DVD en la unidad, montarlo y usar el comando apt-cdrom:

mount /media/cdrom
apt-cdrom add -m

To quote the apt-cdrom(8) man page:

  • apt-cdrom se usa para añadir un disco óptico a la lista de fuentes disponibles de APT. apt-cdrom examina la estructura del disco, corrige los posibles errores de grabación y verifica los ficheros de índice.

  • Es necesario usar apt-cdrom para añadir los discos al sistema APT, no se puede hacer manualmente. Además, debe insertar y analizar cada disco de un conjunto de discos por separado, para poder detectar los posibles errores de grabación.

Luego ejecuta estos dos comandos para actualizar el sistema:

apt-get update
apt-get upgrade

16.10. Java

16.10.1. running standalone Java applications

Standalone Java applications are supported out of the box by the OpenJDK Java runtime.

16.10.2. Running Java applications in the web browser

Running Java applets in the browser are supported out of the box by the OpenJDK Java runtime.

16.11. Creando directorios en el directorio home de los usuarios

With this script the administrator can create a folder in each user's home directory and set access permissions and ownership.

In the example shown below with group=teachers and permissions=2770 a user can hand in an assignment by saving the file to the folder "assignments" where teachers are given write access to be able to make comments.

 #!/bin/bash
 home_path="/skole/tjener/home0"
 shared_folder="assignments"
 permissions="2770"
 created_dir=0
 for home in $(ls $home_path); do
    if [ ! -d "$home_path/$home/$shared_folder" ]; then
        mkdir $home_path/$home/$shared_folder
        chmod $permissions $home_path/$home/$shared_folder
        #set the right owner and group
        #"username" = "group name" = "folder name"
        user=$home
        group=teachers
        chown $user:$group $home_path/$home/$shared_folder
        ((created_dir+=1))
    else
        echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
    fi
 done
 echo "$created_dir folders have been created"

16.12. Fácil acceso a dispositivos USB y CDROMs/DVDs

When users insert a USB drive or DVD/CDROM into a (diskless) workstation, a popup window appears asking what to do with it, just like in any other normal installation.

When users insert a USB drive or DVD/CDROM into a thin client there is only a notify-window showing up for a few seconds. The media is automatically mounted and it is possible to access it browsing to the /media/$user folder. This is quite difficult for many non experienced users.

It is possible to have the default KDE file manager Dolphin showing up if KDE (or LDXE, if installed in parallel to KDE) is in use as desktop environment. To configure this, simply execute /usr/share/debian-edu-config/ltspfs-mounter-kde enable on the terminal server. (When using Gnome, device icons will be placed on the desktop allowing easy access).

In addition the following script could be used to create the symlink "media" for all users in their home folder for easy access to USB drives, CDROM/DVD or whatever media is connected to the thin client. This might come in handy if users want to edit files directly on their plugged in media.

 #!/bin/bash
 home_path="/skole/tjener/home0"
 shared_folder="media"
 permissions="775"
 created_dir=0;
 for home in $(ls $home_path); do
    if [ ! -d "$home_path/$home/$shared_folder" ]; then
        ln -s /media/$home $home_path/$home/$shared_folder
        ((created_dir+=1))
    else
        echo -e "the folder $home_path/$home/$shared_folder already exists.\n"
    fi
 done
 echo "$created_dir folders has been created"

16.12.1. A warning about removable media on LTSP servers

/!\ Warning: When inserted into an LTSP server USB drives and other removable media cause popup messages on remote LTSP clients.

If remote users acknowledge the popup or use pmount from the console, they can even mount the removable devices and access the files.

This is being tracked as Debian Edu bug #1376.

16.13. Automatic cleanup of leftover processes

killer is is a perl script that gets rid of background jobs. Background jobs are defined as processes that belong to users who are not currently logged into the machine. It's run by cron job once an hour.

Para instalar ejecuta el siguiente comando como root:

 apt-get install killer

16.14. Instalación automática de actualizaciones de seguridad

unattended-upgrades is a Debian package which will install security (and other) updates automatically. If you plan to use it, you should have some means to monitor your systems, such as installing the apt-listchanges package and configuring it to send you emails about updates. And there is always /var/log/dpkg.log.

To install these packages run the following command as root:

 apt-get install unattended-upgrades apt-listchanges

16.15. Automatic shutdown of machines during the night

It is possible to save energy and money by automatically turning client machines off at night and back on in the morning. The package will try to turn off the machine every hour on the hour from 16:00 in the afternoon, but will not turn it off if it seems to have users. It will try to tell the BIOS to turn on the machine around 07:00 in the morning, and the main-server will try to turn on machines from 06:30 by sending wake-on-lan packets. These times can be changed in the crontabs of individual machines.

Some considerations should be kept in mind when setting this up:

  • The clients should not be shut down when someone is using them. This is ensured by checking the output from who, and as a special case, checking for the LDM ssh connection command to work with LTSP thin clients.

  • To avoid blowing electrical fuses, it is a good idea to make sure all clients do not start at the same time.

  • There are two different methods available to wake up clients. One uses a BIOS feature and requires a working and correct hardware clock, as well as a motherboard and BIOS version supported by nvram-wakeup; the other requires clients to have support for wake-on-lan, and the server to know about all the clients that need to be woken up.

16.15.1. How to set up shutdown-at-night

On clients that should turn off at night, touch /etc/shutdown-at-night/shutdown-at-night, or add the hostname (that is, the output from 'uname -n' on the client) to the netgroup "shutdown-at-night-hosts". Adding hosts to the netgroup in LDAP can be done using the GOsa² web tool. The clients might need to have wake-on-lan configured in the BIOS. It is also important that the switches and routers used between the wake-on-lan server and the clients will pass the WOL packets to the clients even if the clients are turned off. Some switches fail to pass on packets to clients that are missing in the ARP table on the switch, and this blocks the WOL packets.

To enable wake-on-lan on the server, add the clients to /etc/shutdown-at-night/clients, with one line per client, IP address first, followed by MAC address (ethernet address), separated by a space; or create a script /etc/shutdown-at-night/clients-generator to generate the list of clients on the fly.

Here is an example /etc/shutdown-at-night/clients-generator for use with sitesummary:

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  sitesummary-nodes -w

An alternative if the netgroup is used to activate shutdown-at-night on clients is this script using the netgroup tool from the ng-utils package:

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  netgroup -h shutdown-at-night-hosts

16.16. Acceso a servidores Debian-Edu ubicados detrás de un firewall

To access machines behind a firewall from the Internet, consider installing the package autossh. It can be used to set up an SSH tunnel to a machine on the Internet that you have access to. From that machine, you can access the server behind the firewall via the SSH tunnel.

16.17. Installing additional service machines for spreading the load from main-server

In the default installation, all services are running on the main-server, tjener. To simplify moving some to another machine, there is a minimal installation profile available. Installing with this profile will lead to a machine, which is part of the Debian Edu network, but which doesn't have any services running (yet).

These are the required steps to setup a machine dedicated to some services:

  • install the minimal profile using the debian-edu-expert boot-option

  • install the packages for the service

  • configure the service

  • disable the service on main-server

  • actualiza DNS (via LDAP/GOsa²) en el servidor principal

16.18. HowTos from wiki.debian.org

The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.)

17. HowTos for the desktop

17.1. Modificar la pantalla de inicio de KDM

Customisations to the KDM login screen are made by adding a file in /etc/default/kdm.d/ specifying variables to override the default.

Here is one example used to activate the theme in the desktop-base package:

USETHEME="true"
THEME="/usr/share/apps/kdm/themes/debian-moreblue"

See the code in /etc/init.d/kdm for information on how these variables are used.

17.2. Usar KDE, Gnome y LXDE juntos

If you want to use Gnome or LXDE instead of KDE, follow the installation instructions.

Para instalar otros entornos de escritorio después de una instalación, solamente use apt-get:

 apt-get install gnome lxde

Users will then be able to choose the desktop environment via the login manager before logging in. The usage of LXDE as default on thin clients can be forced; see networked clients for details.

17.3. Flash

The free software flash-player gnash is installed by default, but switching to Adobe Flash is an option. To install the (non-free) Adobe Flash Player web browser plugin, install the flashplugin-nonfree Debian package from contrib. This requires contrib enabled in /etc/apt/sources.list.

17.4. Reproducir DVDs

libdvdcss is needed for playing most commercial DVDs. For legal reasons it's not included in Debian (Edu). If you are legally allowed to use it, you can use the packages from deb-multimedia.org. Add the multimedia repository (as described in the following section) and install the required libraries:

apt-get install libdvdcss2 w32codecs

17.5. Uso del repositorio multimedia

Para usar www.deb-multimedia.org has lo siguiente

# install the debian-keyring securely:
apt-get install debian-keyring
# fetch the deb-multimedia key insecurely:
gpg --keyserver pgpkeys.pca.dfn.de --recv-keys 1F41B907
# check securely if the key is correct and add it to the keyring used by APT if it is:
gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs 1F41B907 && gpg --export 1F41B907 | apt-key add -
# add repository to sources.list - please check the homepages for mirrors!
echo "deb http://deb-multimedia.org squeeze main" >> /etc/apt/sources.list
# update the list of available packages:
apt-get update

17.6. Handwriting fonts

The package ttf-linex (which is installed by default) installs the font "Abecedario" which is a nice handwriting font for kids. The font has several forms to be used with kids: dotted, and with lines.

18. HowTos for networked clients

18.1. Introduction to thin clients and diskless workstations

One generic term for both thin clients and diskless workstations is LTSP client. LTSP is the Linux Terminal Server Project.

Thin client

  • A thin client setup enables an ordinary PC to function as an (X-)terminal, where all software runs on the LTSP server. This means that this machine boots from a diskette or directly from the server using network-PROM (or PXE) without using a local client hard drive.

Diskless workstation

  • A diskless workstation runs all software locally. The client machines boot directly from the LTSP server without a local hard drive. Software is administered and maintained on the LTSP server, but it runs on the diskless workstation. Home directories and system settings are stored on the server too. Diskless workstations are an excellent way of reusing newer hardware with the same low maintenance cost as with thin clients.

LTSP client boot will fail if the client's network card requires a non-free firmware. A PXE installation can be used for troubleshooting problems with netbooting a machine; if the Debian Installer complains about a missing XXX.bin file then non-free firmware has to be added to the initrd used by LTSP clients.

In this case execute the following commands on an LTSP server.

# First get information about firmware packages
apt-get update && apt-cache search ^firmware-

# Decide which package has to be installed for the network card(s). 
# Most probably this will be firmware-linux-nonfree
# Things have to take effect in the LTSP chroot for architecture i386
ltsp-chroot -a i386 apt-get update
ltsp-chroot -a i386 mkdir /tmp/user 2> /dev/null
ltsp-chroot -a i386 mkdir /tmp/user/0 2> /dev/null
ltsp-chroot -d -a i386 apt-get -y -q install <package name>

# copy the new initrd to the server's tftpboot directory
ltsp-update-kernels

LTSP client kernel

  • In order to support older hardware the package linux-image-486 is installed by default. If all LTSP client machines support the 686 processor architecture the linux-image-686 package could be installed in the chroot.

Make sure to execute ltsp-update-kernels after installation.

18.1.1. Machine type selection based on the network

Each LTSP server has two ethernet cards: one configured in the 10.0.0.0/8 subnet (which is shared with the main server), and another forming a local 192.168.0.0/24 subnet (a separate subnet for each LTSP server).

Diskless workstations get IP addresses assigned in the private subnet 10.0.0.0/8, while thin clients are connected in the separate subnet 192.168.0.0/24.

18.2. Configurar el menú PXE

The PXE configuration is generated using the script debian-edu-pxeinstall. It allows some settings to be overridden by adding a file /etc/debian-edu/pxeinstall.conf with replacement values.

18.2.1. Configurar la instalación de PXE

The PXE installation option is by default available to anyone able to PXE boot a machine. To password protect the PXE installation options, a file /var/lib/tftpboot/menupassword.cfg can be created with content similar to this:

MENU PASSWD $4$NDk0OTUzNTQ1NTQ5$7d6KvAlVCJKRKcijtVSPfveuWPM$

The password hash should be replaced with an MD5 hash for the desired password.

The PXE installation will inherit the language, keyboard layout and mirror settings from the settings used when installing the main-server, and the other questions will be asked during installation (profile, popcon participation, partitioning and root password). To avoid these questions, the file /etc/debian-edu/www/debian-edu-install.dat can be modified to provide preselected answers to debconf values. Some examples of available debconf values are already commented in /etc/debian-edu/www/debian-edu-install.dat. Your changes will be lost as soon as debian-edu-pxeinstall is used to recreate the PXE-installation environment. To append debconf values to /etc/debian-edu/www/debian-edu-install.dat during recreation with debian-edu-pxeinstall, add the file /etc/debian-edu/www/debian-edu-install.dat.local with your additional debconf values.

18.2.2. Adding a custom repository for PXE installations

For adding a custom repository add something like this to /etc/debian-edu/www/debian-edu-install.dat.local:

#add the skole projects local repository
d-i     apt-setup/local1/repository string      http://example.org/debian stable main contrib non-free
d-i     apt-setup/local1/comment string         Example Software Repository
d-i     apt-setup/local1/source boolean         true
d-i     apt-setup/local1/key    string          http://example.org/key.asc

and then run /usr/sbin/debian-edu-pxeinstall once.

18.2.3. Cambiar el menú PXE en un servidor LTSP

The PXE menu allows network booting of LTSP clients, the installer and other alternatives. The file /var/lib/tftpboot/pxelinux.cfg/default is used by default if no other file in that directory matches the client, and out of the box it is set to link to /var/lib/tftpboot/debian-edu/default-menu.cfg.

If all clients should boot as diskless workstations instead of getting the full PXE menu, this can be implemented by changing the symlink:

ln -s /var/lib/tftpboot/debian-edu/default-diskless.cfg /var/lib/tftpboot/pxelinux.cfg/default

If all clients should boot as thin clients instead, change the symlink like this:

ln -s /var/lib/tftpboot/debian-edu/default-thin.cfg /var/lib/tftpboot/pxelinux.cfg/default

See also the PXELINUX documentation at http://syslinux.zytor.com/wiki/index.php/PXELINUX .

If clients on the 192.168.x.x interface of a thin client server should boot as diskless workstations instead of thin clients, edit

/var/lib/tftpboot/ltsp/i386/pxelinux.cfg/default

and add a '3' (no quotes) to the end of the kernel argument line, to specify runlevel 3.

El archivo debería verse como esto:

default ltsp

label ltsp
kernel vmlinuz
append ro initrd=initrd.img boot=nfs quiet 3

When adding such a workstation in GOsa², use an IP address matching the LTSP server interface IP address on the thin client net (by default 192.168.0.254, dynamic dhcp range starting at 192.168.0.20).

18.2.4. Separate main- and LTSP servers

For performance and security considerations it might be desired to set up a separate main server which doesn't act as LTSP server.

To have ltspserver00 serve diskless workstations on the main (10.0.0.0/8) network, when tjener is not a combined server, follow these steps:

  • copy the ltsp directory from /var/lib/tftpboot on ltspserver00 to the same directory on tjener.

  • copy /var/lib/tftpboot/debian-edu/default-diskless.cfg to the same directory on tjener.

  • edit /var/lib/tftpboot/debian-edu/default-diskless.cfg to use the IP address of ltspserver00; the following example uses 10.0.2.10 for the IP address of ltspserver00 on the main network:

 DEFAULT ltsp/i386/vmlinuz initrd=ltsp/i386/initrd.img nfsroot=10.0.2.10:/opt/ltsp/i386 boot=nfs ro quiet 3
  • set the symlink in /var/lib/tftpboot/pxelinux.cfg on tjener to point to /var/lib/tftpboot/debian-edu/default-diskless.cfg.

18.3. Changing network settings

The debian-edu-config package comes with a tool which helps in changing the network from 10.0.0.0/8 to something else. Have a look at /usr/share/debian-edu-config/tools/subnet-change. It is intended for use just after installation on the main server, to update LDAP and other files that need to be edited to change the subnet.

/!\ Note that changing to one of the subnets already used elsewhere in Debian Edu will not work. 192.168.1.0/24 is already set up as the thin client network. Changing to this subnet will require manual editing of configuration files to remove duplicate entries.

There is no easy way to change the DNS domain name. Changing it would require changes to both the LDAP structure and several files in the main server file system. There is also no easy way to change the host and DNS name of the main server (tjener.intern). To do so would also require changes to LDAP and files in the main-server and client file system. In both cases the Kerberos setup would have to be changed, too.

18.4. LTSP en detalle

18.4.1. Configuración del cliente LTSP en LDAP (y en lts.conf)

To configure specific thin clients with particular features, you can add settings in LDAP or edit the file /opt/ltsp/i386/etc/lts.conf.

/!\ We recommend to configure clients in LDAP (and not edit lts.conf directly--however, configuration webforms for LTSP are currently not available in GOsa², you have to use a plain LDAP browser/explorer or ldapvi), as this makes it possible to add and/or replace LTSP servers without loosing (or having to redo) configuration.

The default values in LDAP are defined in the cn=ltspConfigDefault,ou=ltsp,dc=skole,dc=skolelinux,dc=no LDAP object using the ltspConfig attribute. One can also add host specific entries in LDAP.

Install the package ltsp-docs and run "man lts.conf" to have a look at available configuration options (see /usr/share/doc/ltsp/LTSPManual.html for detailed information about LTSP).

The default values are defined under [default]; to configure one client, specify it in terms of its MAC address or IP address like this: [192.168.0.10].

Example: To make the thin client ltsp010 use 1280x1024 resolution, add something like this:

[192.168.0.10]
X_MODE_0 = 1280x1024
X_HORZSYNC = "60-70"
X_VERTREFRESH = "59-62"

somewhere below the default settings.

To force usage of a specific xserver on an LTSP client, set the XSERVER variable. For example:

[192.168.0.11]
XSERVER = nvidia

Depending on what changes you make, it may be necessary to restart the client.

To use IP addresses in lts.conf you need to add the client MAC address to your DHCP server. Otherwise you should use the client MAC address directly in your lts.conf file.

18.4.2. Force all thin clients to use LXDE as default desktop environment

Make sure that LXDE is installed on the thin client server; then add a line like this below [default] in "lts.conf":

LDM_SESSION=/usr/bin/startlxde

Note, that users will still be able to select other installed desktop environments using the "Settings" feature of LDM.

18.4.3. Load-balancing LTSP servers

18.4.3.1. Parte 1

It is possible to set up the clients to connect to one of several LTSP servers for load-balancing. This is done by providing /opt/ltsp/i386/usr/share/ltsp/get_hosts as a script printing one or more servers for LDM to connect to. In addition to this, each LTSP chroot needs to include the SSH host key for each of the servers.

First of all, you must choose one LTSP server to be the load-balancing server. All the clients will PXE-boot from this server and load the Skolelinux image. After the image is loaded, LDM chooses which server to connect to by using the "get_hosts" script. How this is done you decide later on.

The load-balancing server must be announced to the clients as the "next-server" via DHCP. As DHCP configuration is in LDAP, modifications have to be done there. Use ldapvi --ldap-conf -ZD '(cn=admin)' to edit the appropriate entry in LDAP. (Enter the main server's root password at the prompt; if VISUAL isn't set, the default editor will be nano.) Search for a line reading dhcpStatements: next-server tjener Next-server should be the IP address or hostname of the server you chose to be the load-balancing server. If you use hostname you must have a working DNS. Remember to restart the DHCP service.

Now you have to move your clients from the 192.168.1.0 network to the 10.0.0.0 network; attach them to the backbone network instead of the network attached to the LTSP server's second network card. This is because when you use load-balancing, the clients need direct access to the server chosen by LDM. If you leave your clients on the 192.168.1.0 network, all of the clients' traffic will go through that server before it reaches the chosen LDM server.

18.4.3.2. Parte 2

Now you have to make a "get_hosts" script that prints a server for LDM to connect to. The parameter LDM_SERVER overrides this script. In consequence, this parameter must not be defined if the get_hosts is going to be used. The get_hosts script writes on the standard output each server IP address or host name, in random order.

Edita "/opt/ltsp/i386/etc/lts.conf" y agrega algo como esto:

MY_SERVER_LIST = "xxxx xxxx xxxx"

Replace xxxx with either the IP addresses or hostnames of the servers as a space-separated list. Then, put the following script in /opt/ltsp/i386/usr/lib/ltsp/get_hosts on the server you chose to be the load-balancing server.

 #!/bin/bash
 # Randomise the server list contained in MY_SERVER_LIST parameter
 TMP_LIST=""
 SHUFFLED_LIST=""
 for i in $MY_SERVER_LIST; do
     rank=$RANDOM
     let "rank %= 100"
     TMP_LIST="$TMP_LIST\n${rank}_$i"
 done
 TMP_LIST=$(echo -e $TMP_LIST | sort)
 for i in $TMP_LIST; do
     SHUFFLED_LIST="$SHUFFLED_LIST $(echo $i | cut -d_ -f2)"
 done
 echo $SHUFFLED_LIST
18.4.3.3. Part 3

Now that you've made the "get_hosts" script, it's time to make the SSH host key for the LTSP chroots. This can be done by making a file containing the content of /opt/ltsp/i386/etc/ssh/ssh_known_hosts from all the LTSP servers that will be load-balanced. Save this file as /etc/ltsp/ssh_known_hosts.extra on all load-balanced servers. The last step is very important because ltsp-update-sshkeys runs every time a server is booted, and /etc/ltsp/ssh_known_hosts.extra is included if it exists.

/!\ If you save your new host file as /opt/ltsp/i386/etc/ssh/ssh_known_hosts, it will be erased when you reboot the server.

There are some obvious weaknesses with this setup. All clients get their image from the same server, which causes high loads on the server if many clients are booted at the same time. Also, the clients require that server to be always available; without it they cannot boot or get an LDM server. Therefore this setup is very dependent on one server, which isn't very good.

¡Sus clientes ahora deberían tener balanceo de carga!

18.4.4. Sonido con clientes LTSP

LTSP thin clients support three different audio systems for applications: ESD, PulseAudio and ALSA. ESD and PulseAudio support networked audio and are used to pass audio from the server to the clients. ALSA is configured to redirect its sound via PulseAudio. For selected applications only supporting the OSS audio system, a wrapper is created by /usr/sbin/debian-edu-ltsp-audiodivert to redirect their sound to PulseAudio. Run this script without arguments to get a list of applications with such redirection enabled.

LTSP diskless workstations handle audio locally and have none of the special setup needed for networked audio.

18.4.5. Actualización del entorno LTSP

It is useful to upgrade the LTSP environment with new packages fairly often, to make sure security fixes and improvements are made available. To upgrade, run these commands as user root on each LTSP server:

ltsp-chroot -a i386  # esto hace "chroot /opt/ltsp/i386" y más, también previene que los demonios inicien
aptitude update
aptitude upgrade
aptitude dist-upgrade
exit
18.4.5.1. Instalación de software adicional en el entorno LTSP

To install additional software for an LTSP client you must perform the installation inside the chroot of the LTSP server.

ltsp-chroot -a i386
## opcionalmente, edita el archivo sources.list:
#editor /etc/apt/sources.list
aptitude update
aptitude install $new_package
exit

18.4.6. Slow login and security

Skolelinux has added several security features on the client network preventing unauthorised superuser access, password sniffing, and other tricks which may be used on a local network. One such security measure is secure login using SSH, which is the default with LDM. This can slow down some client machines which are more than about ten years old, with as little as a 160 MHz processor and 32 MB RAM. Although it's not recommended, you can add the value "True" in the /opt/ltsp/i386/etc/lts.conf file on the server:

LDM_DIRECTX=True

/!\ Warning: The above protects initial login, but all activities after that use unencrypted networked X. Passwords (except the initial one) will travel in cleartext over the network, as well as anything else.

Note: Since such ten-year-old thin clients may also have trouble running never versions of OpenOffice.org and Firefox/Iceweasel due to pixmap caching issues, you may consider running thin clients with at least 128 MB RAM, or upgrade the hardware, which will also give you the benefit of being able to use them as diskless workstations.

18.5. Reemplazar LDM con KDM

Since version 3.0 Skolelinux has been running LDM as its login manager, which uses a secure SSH tunnel to log in. Switching to KDM also requires a switch to XDMCP, which uses lower CPU resources on the clients and on the server.

/!\ Warning: XDMCP does not use encryption. Passwords will travel in cleartext over the network, as well as anything else.

/!\ Note: local devices with ltspfs will stop working without LDM.

To check if XDMCP is running, run this command from a workstation:

 X -query ltspserverXX

If you are on the thin client network, run this command:

 X -query 192.168.0.254

The goal is to let your "real" thin client contact the xdmcp-server on 192.168.0.254 (given a standard Skolelinux configuration).

If for some reason XDMCP is accessible on your server which runs KDM, add the following to /etc/kde3/kdm/Xaccess:

 * # any host can get a login window

The star before the comment '#' is important; the rest is a comment, of course :)

Then turn on XDMCP in KDM with the command:

 sudo update-ini-file /etc/kde3/kdm/kdmrc Xdmcp Enable true

Finalmente, reinicia KDM ejecutando:

 sudo invoke-rc.d kdm restart

(with thanks to Finn-Arne Johansen)

18.6. Connecting Windows machines to the network / Windows integration

18.6.1. Joining the domain

For Windows clients the Windows domain "SKOLELINUX" is available to be joined. A special service called Samba, installed on the main-server tjener, enables Windows clients to store profiles and user data, and also authenticates the users during the login.

Allowing a Windows client to join the domain requires steps described in the Debian Edu Squeeze Samba Howto.

Windows will sync the profiles of domain users on every Windows login and logout. Depending on how much data is stored in the profile, this could take some time. To minimise the time needed, deactivate things like local cache in browsers (you can use the Squid proxy cache installed on tjener instead) and save files into the H: volume rather than under "My Documents".

18.6.1.1. User groups in Windows

Groupmaps must also be added for any other user group you add through GOsa². If you want your user groups to be available in Windows, e.g. for netlogon scripts or other group dependant actions, you can add them using variations of the following command. Samba will function without these groupmaps, but Windows machines won't be group-aware.

/usr/bin/net groupmap add unixgroup=students \
             type=domain ntgroup="students" \
             comment="All students in the school"

FIXME: would it be better to explain user groups in Windows first with GOsa², and then with an example for the command line?

If you want to check user groups on Windows, you need to download the tool IFMEMBER.EXE from Microsoft. Then you can use this for example in the logon script which resides on tjener in /etc/samba/netlogon/LOGON.BAT.

18.6.2. XP home

Users bringing in their XP laptops from home can still connect to tjener using their skolelinux credentials, provided the workgroup is set to SKOLELINUX. However, they may need to disable the Windows firewall before tjener will appear in Network Neighbourhood (or whatever it's called now).

18.6.3. Managing roaming profiles

Roaming profiles contain user work environments which include desktop items and settings. Examples include personal files, desktop icons and menus, screen colours, mouse settings, window size and position, application configurations, and network and printer connections. Roaming profiles are available wherever the user logs on, provided the server is available.

Since the profile is copied from the server to the machine during logon, and copied back to the server during logout, a large profile can make Windows login/logout painfully slow. There can be many reasons for a large profile, but the most common problem is that users save their files on the Windows desktop or in the "My Documents" folder instead of in their home directory. Also, some badly designed programs use the profile to store data and as scratch space.

The educational approach: one way to deal with overlarge profiles is to explain the situation to the users. Tell them not to store huge files on the desktop, and if they fail to listen, it's their own fault when login is slow.

Tweaking the profile: a different approach to dealing with the problem is to remove parts of the profile, and redirect other parts to regular file storage. This moves the workload from the users to the administrator, while adding complexity to the installation. There are at least three ways to edit the parts that are removed from the roaming profile.

18.6.3.1. Example smb.conf files for roaming profiles

You should hopefully find an example smb.conf in your preferred language delivered by the installation on tjener under /usr/share/debian-edu-config/examples/. The source file is in English and is called smb-roaming-profiles-en.conf; look for a file with the appropriate code in the filename (the German translation, for example, will be named smb-roaming-profiles-de.conf). Inside the config file are a lot of explanations which you should have a look at.

18.6.3.2. Machine policies for roaming profiles

Machine policies can be edited and copied to all the other computers.

  1. Pick a freshly installed Windows computer, and run gpedit.msc

  2. Under the selection "User Configuration" -> "Administrative Templates" -> "System" -> "User Profiles" -> "Exclude directories in roaming profile", you can enter a semicolon-separated list of directories to exclude from the profile. The directories are internationalised and must be written in your own language the way they are in the profile. Examples of directories to exclude are:

    • log

    • Locale settings

    • Temporary Internet Files

    • My Documents

    • Application Data

    • Temporary Internet Files

  3. Save your changes, and exit the editor.

  4. Copy c:\windows\system32\GroupPolicy to all other Windows machines.

    • It's a good idea to copy it to your Windows OS deployment system to have it included at install time.

18.6.3.3. Global policies for roaming profiles

By using the legacy Windows policy editor (poledit.exe), you can can create a Policy file (NTConfig.pol) and put it in your netlogon share on tjener. This has the advantage of working almost instantly on all Windows machines.

For some time, the policy editor standalone download has been removed from the Microsoft web site, but it's still available as part of the ORK Tools.

With poledit.exe you can create .pol files. If you put such a file on tjener as /etc/samba/netlogon/NTLOGON.POL it will automatically be read by Windows machines and temporarily overwrite the registry, thus applying the changes.

To make sensible use of poledit.exe you also need to download appropriate .adm files for your operating system and applications; otherwise you cannot define many settings in poledit.exe.

Be aware that the new group policy tools, gpedit.msc and gpmc.msc, cannot create .pol files; they either only work for the local machine or need an Active Directory server.

If you understand German, http://gruppenrichtlinien.de is a very good web site on this topic.

18.6.3.4. Editar el registro de Windows

You can edit the registry of the local computer, and copy this registry key to other computers

  1. Iniciar el editor del registro.

  2. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

  3. Use the menu "Edit menu" -> "New" -> "String Value".

  4. Call it ExcludeProfileDirs

  5. Enter a semicolon-separated list of paths to exclude (in the same way as for a machine policy)

  6. Now you can choose to export this registry key as a .reg file. Mark a selection, right-click, and select "Export".

  7. Save the file and you can double click it, or add it to a script to spread it to other machines.

Fuentes:

18.6.4. Redirecting profile directories

Sometimes just removing directories from the profile is not enough. You may find that users lose files because they mistakenly save things into "My Documents" when this is not saved in the profiles. You may also want to redirect the directories used by some badly programmed applications to normal network shares.

18.6.4.1. Redirecting using machine policies

All the instructions given above about machine policies apply here too. You can use gpedit.msc to edit the policy and copy it to all machines. The redirection should be available under "User Configuration" -> "Windows Settings" -> "Folder Redirection". Directories that it can be useful to redirect include "Desktop" and "My Documents".

One thing to remember is that if you enable folder redirection, those folders are automatically added to the synchronised folders list. If you do not want this, you should disable it via one of the following routes:

  • "User Configuration" -> "Administrative Templates" -> "Network" -> "Offline Files"

  • "Computer Configuration" -> "Administrative Templates" -> "Network" -> "Offline Files"

18.6.4.2. Redirecting using global policies

FIXME explain how to use profiles from global policies for Windows machines in the skolelinux network

18.6.5. Avoiding roaming profiles

18.6.5.1. Disabling roaming using a local policy

Using local policies, you can disable the roaming profile on individual machines. This is often wanted on special machines - for instance on dedicated machines, or machines that have lower than usual bandwith.

You can use the machine policy method describe above; the key is in "Administrative Templates" -> "System" -> "User Profiles" -> "Only allow local profiles".

18.6.5.2. Disabling roaming using global policies

FIXME: describe roaming profile key for the global policy editor here

18.6.5.3. Disabling roaming in smb.conf

If, perhaps, everyone has their own dedicated machine, and nobody else is allowed to touch it, editing the Samba configuration will let you disable roaming profiles for the entire network. You can alter the smb.conf file on tjener, unsetting the "logon path" and "logon home" variables, then restart samba.

logon path = ""
logon home = ""

18.7. Remote Desktop

18.7.1. Remote Desktop Service

Beginning with this release, choosing the thin client server profile or the combined server profile installs xrdp, a package which uses the Remote Desktop Protocol to present a graphical login to a remote client. Microsoft Windows users can connect to the thin client server running xrdp without installing additional software - they simply start a Remote Desktop Connection on their Windows machine and connect.

Additionally, xrdp can connect to a VNC server or another RDP server.

Some municipalities provide a remote desktop solution so that students and teachers can access Skolelinux from their home computer running Windows, Mac or Linux.

18.7.2. Available Remote Desktop clients

  • freerdp-x11 is installed by default and is captable of RDP and VNC.

    • RDP - the easiest way to access Windows terminal server. An alternative client package is rdesktop.

    • VNC client (Virtual Network Computer) gives access to Skolelinux remotely. An alternative client package is xvncviewer.

  • NX graphical client gives students and teachers access to Skolelinux remotely on Windows, Mac or Linux PC. One municipality in Norway has provided NX support to all students since 2005. They report that the solution is stable.

  • Citrix ICA client HowTo to access Windows terminal server from Skolelinux.

18.8. HowTos from wiki.debian.org

The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.)

19. Samba in Debian Edu

Samba (v3) in Debian Edu Squeeze has been fully prepared for use as an NT4-style domain controller with Windows XP, Windows Vista and Windows 7 as clients. After a machine has joined the domain, this machine can be fully managed with GOsa².

19.1. Getting Started

This documentation presumes that you have installed the Debian Edu main server and maybe also a Debian Edu workstation to verify that working under Debian Edu/Skolelinux works for you. We presume that you have already created some users that can flawlessly use the Debian Edu workstation. We also presume that you have a Windows XP/Vista/7 workstation at hand, so you can test access to the Debian Edu main server from a Windows machine.

After installation of the Debian Edu main server the Samba host \\TJENER should be visible in your Windows Network Neighbourhood. Debian Edu's Windows domain is SKOLELINUX. Use a Windows machine (or a Linux system with smbclient) to browse your Windows/Samba network environment.

  1. START -> Run command

  2. enter \\TJENER and press return

  3. -> a Windows Explorer window should open and show the netlogon share on \\TJENER, and maybe printers you already have configured for printing under Unix/Linux (CUPS queues).

19.1.1. Accessing files via Samba

Student and teacher user accounts that have been configured via GOsa² should be able to authenticate against \\TJENER\HOMES or \\TJENER\<username> and access their home directories with Windows machines not joined to the Windows SKOLELINUX domain.

  1. START -> Run command

  2. enter \\TJENER\HOMES or \\TJENER\<username> and press return

  3. enter your login credentials (username, password) in the authentication dialog window that appears

  4. -> a Windows Explorer window should open and show files and folders in your Debian Edu home directory.

By default only the [homes] and the [netlogon] shares are exported; further share examples for students and teachers can be found in /etc/samba/smb-debian-edu.conf on your Debian Edu main server.

19.2. Domain Membership

To use Samba on TJENER as a domain controller, your network's Windows workstations have to join the SKOLELINUX domain provided by the Debian Edu main server.

The first thing you have to do is to enable the SKOLELINUX\Administrator account. This account is not intended for day-to-day usage; its current main purpose is to add Windows machines to the SKOLELINUX domain. To enable this account log on to TJENER as the first user (created during main server installation) and run this command:

  • $ sudo smbpasswd -e Administrator

The password of SKOLELINUX\Administrator has been preconfigured during the main server's installation. Please use the system's root account when authenticating as SKOLELINUX\Administrator.

Once you are done with your administrative work make sure to disable the SKOLELINUX\Administrator account again:

  • $ sudo smbpasswd -d Administrator

19.2.1. Windows hostname

Make sure your Windows machine has the name that you want to use in the SKOLELINUX domain. If not, rename it first (and then reboot). The NetBIOS host name of the Windows machine will later on be used in GOsa² and cannot be changed there (without breaking the domain membership for this machine).

19.2.2. Joining the SKOLELINUX Domain with Windows XP

Joining Windows XP machines (tested with Service Pack 3) works out of the box.

NOTE: Windows XP Home does not support domain membership; Windows XP Professional is required here.

  1. log on to the Windows XP machine as Administrator (or any other account with Administrator privileges)

  2. click on "Start" then right-click on "Computer" and click on "Properties"

  3. seleccione la pestaña "Nombre de computadora" y haga clic en "Cambiar…"

  4. under "Member of", select the radio button beside "Domain:", type SKOLELINUX and then click "OK"

  5. a pop up box will request to enter credentials of an account with rights to join the domain. Type username SKOLELINUX\Administrator and the root password, click "OK"

  6. a confirmation pop up box will welcome you to the SKOLELINUX domain. Clicking on "OK", will result in having another message informing that a reboot for the machine is required to apply the changes. Click on "OK"

After the reboot, when you login the first time, click on the "Options >>" button and select the domain SKOLELINUX instead of the local domain ("this computer")

If joining the domain has been successful you should then be able to view the host details within GOsa² (under the menu section "Systems").

19.2.3. Uniéndose al dominio SKOLELINUX con Windows Vista/7

Joining Windows Vista/7 machines to the SKOLELINUX domain requires the installation of a registry patch on the Windows Vista/7 client. This patch is provided at this location:

  • \\tjener\netlogon\win7+samba_domain-membership\Win7_Samba3DomainMember.reg

For further information please consult the included README_Win7-Domain-Membership.txt in the same folder. Make sure you apply this patch as a local Administrator of the Windows system.

After applying the above patch and rebooting the client system you should be able to join the SKOLELINUX domain:

  1. click on "Start" then right-click on "Computer" and click on "Properties"

  2. the basic system information page will open. Under "Computer name, domain, and workgroup settings", click on "Change Settings"

  3. on the System Properties page, click on "Change..."

  4. under "Member of", select the radio button beside "Domain:", type SKOLELINUX and then click "OK"

  5. a pop up box will request to enter credentials of an account with rights to join the domain. Type username SKOLELINUX\Administrator and the root password, click "OK"

  6. a confirmation pop up box will welcome you to the SKOLELINUX domain. Clicking on "OK", will result in having another message informing that a reboot for the machine is required to apply the changes. Click on "OK"

After the reboot, when you login the first time, click on the "Options >>" button and select the domain SKOLELINUX instead of the local domain ("this computer")

If joining the domain has been successful you should then be able to view the host details within GOsa² (under the menu section "Systems").

19.3. First Domain Logon

Debian Edu ships some logon scripts that pre-configure the Windows user profile on first logon. When logging on to a Windows workstation that has joined the SKOLELINUX domain for the first time the following tasks are run:

  1. copy the user's Firefox profile to a separate location and register that with Mozilla Firefox on Windows

  2. set up Web-Proxy and start page in Firefox

  3. set up Web-Proxy and start page in IE

  4. add a MyHome icon to the Desktop that points to drive H: and opens Windows Explorer on double-click

Other tasks are run on every logon. For further information on this, please refer to the /etc/samba/netlogon folder on your Debian Edu main server.

20. HowTos for teaching and learning

All the Debian packages on this page can be installed by running either aptitude install <package> or apt-get install <package> (as root).

20.1. Moodle

Moodle is a free, Open Source course management system - software designed using sound pedagogical principles to help educators create effective online learning communities. You can download and use it on any computer (including webhosts), yet it can scale from a single-teacher site to a University with 200,000 students. Some schools in France use Moodle to keep track of students' facilities and credit points.

There are moodle sites all over the world, mostly concentrated in Europe and North America. Check the site of an institution near you to get an idea about it. More information is available at the moodle project page, including documentation and support.

20.2. Teaching Prolog

SWI-Prolog is an open source implementation of the programming language Prolog, commonly used for teaching and semantic web applications.

20.3. Monitoring pupils

Some schools use control tools like Controlaula or iTALC to supervise their students. See also the iTALC Wiki (and the documentation in bug 511387).

/!\ Warning: make sure you know the status of the laws about monitoring and restricting computer users' activities in your jurisdiction.

20.4. Restricting pupils' network access

Some schools use Squidguard or Dansguardian to restrict Internet access.

20.5. Smart-Board integration

Some schools use the products of Smarttech for their teaching. You need a workstation with drivers and software for this, Smarttech has published some working non-free Software in a Debian Repository as a download. A local copy of this repository needs to be put inside the school network, so that the smartboard software could be installed on our machines. So teachers and pupils can prepare for class on every computer:

20.5.1. Providing the repository on tjener

Download the repository as a tar.gz file from http://smarttech.com/us/Support/Browse+Support/Download+Software/Software/SMART+Notebook+collaborative+learning+software/Previous+versions/SMART+Notebook+10_2+for+Linux.

# move the tar.gz file to a repository directory on the school network's webroot (by default located on tjener):
root@tjener:~# 
mkdir /etc/debian-edu/www/debian
mv smartnotebook10_2sp1debianrepository.tar.gz /etc/debian-edu/www/debian
# change into the new directory
root@tjener:~# cd /etc/debian-edu/www/debian
# extract the file
root@tjener:~# tar xzvf smartnotebook10_2sp1debianrepository.tar.gz

20.5.2. Add the needed packages to the PXE installation image

Add the following lines to /etc/debian-edu/www/debian-edu-install.dat.local:

d-i apt-setup/local1/repository string http://www/debian/ stable non-free
d-i apt-setup/local1/comment string SMART Repo
d-i apt-setup/local1/key string http://www/debian/swbuild.asc
d-i pkgsel/include string smart-activation,smart-common,smart-gallerysetup,smart-hwr,smart-languagesetup,smart-notebook,smart-notifier,smart-product-drivers

Update the preseed file:

/usr/sbin/debian-edu-pxeinstall

After this, new installations via PXE will have the SmartBoard software installed.

20.5.3. Adding the SmartBoard software manually after installation

The following instructions are for updating LTSP chroots.

Using an editor add the following lines to /etc/apt/sources.list in the chroot:

### SMART Repo
deb http://www/debian/ stable non-free

Start the editor like this:

ltsp-chroot -a i386 editor /etc/apt/sources.list

Add the repository key and install the software:

ltsp-chroot -a i386 wget http://www/debian/swbuild.asc
ltsp-chroot -a i386 apt-key add swbuild.asc
ltsp-chroot -a i386 rm swbuild.asc
# update the dpkg database and install the wanted packages
ltsp-chroot -a i386 aptitude update
ltsp-chroot -a i386 aptitude install smart-activation,smart-common,smart-gallerysetup,smart-hwr,smart-languagesetup,smart-notebook,smart-notifier,smart-product-drivers

20.6. HowTos from wiki.debian.org

The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors if they are happy with moving them and putting them under the GPL - see the page histories to find them.)

21. HowTos for users

21.1. Changing passwords

Casa usuario debería cambiar su contraseña usando GOsa². Para hacerlo, solo use un navegador web y vaya a https://www/gosa/.

Using GOsa² to change the password ensures that Kerberos (krbPrincipalKey), LDAP (userPassword) and Samba (sambaNTPassword and sambaLMPassword) passwords are the same.

Changing passwords using PAM is working (ie at the KDM/GDM login prompt), but this will only update the Kerberos password, and not the Samba and GOsa² (LDAP) password. So after you changed your password at the login prompt, you really should also change it using GOsa².

21.2. Using email

All users can send and receive mails within the internal network. To allow mail outside the internal network, the adminstrator needs to configure the mailserver exim4 to suit the local situation, starting with dpkg-reconfigure exim4-config.

Cada usuario que quiera usar KMail necesita configurarlo de la siguiente manera.

Start KMail, click "Next" in the Account Wizard, select IMAP as account type, click "Next". Enter real name and e-mail address username@postoffice.intern, click "Next". Check if the username is correct, don't enter the password, click "Next". (Kerberos provides single sign on concerning SMTP and IMAP, so you don't have to enter your password.) Enter postoffice.intern twice as server name, click "Finish". Close the tip of the day. Click "Settings" in the KMail menu, select "Configure KMail...", then click on "Accounts". Click "Modify...", then "Continue" to accept the certificate problem and "Forever", "OK", "Apply" and once more "OK". That's it!

Now send a test email to yourself. (This will create the IMAP folders on the server.) Wait a little bit, then click "Check Mail" in the KMail menu. There should be your recently sent email in the inbox below of "intern".

21.3. Volume control

On thin clients, pavucontrol or alsamixer (but not kmix) can be used to change audio volume.

On other machines (workstations, LTSP servers, and diskless workstations), kmix or alsamixer can be used.

22. Contribuir

22.1. Let us know you exist

http://www.skolelinux.no/slschools/worldmap.php?lang=en&image=worldmap.png

There are Debian Edu users all over the world. A very easy form of contribution is to let us know you exist and use Debian Edu - this motivates us very much and therefore is already a valuable contribution. :-)

The Debian Edu projects provide a database of schools and users of the system to help the users find each other, and also to have an idea about where the users of the distribution are located. Please let us know about your installation, by registering in this database. To register your school, use this web form.

22.2. Contribute locally

Currently there are local teams in Norway, Germany, the region of Extremadura in Spain, Taiwan and France. "Isolated" contributors and users exist in Greece, the Netherlands, Japan and elsewhere.

The support chapter has explanations and links to localised resources, as contribute and support are two sides of the same coin.

22.3. Contribute globally

Internationally we are organised into various teams working on different subjects.

Most of the time, the developer mailing list is our main medium for communication, though we have monthly IRC meetings on #debian-edu on irc.debian.org and even, less frequently, real gatherings, where we meet each other in person. New contributors should read our http://wiki.debian.org/DebianEdu/ArchivePolicy.

A good way to learn what is happening in the development of Debian Edu is to subscribe to the commit mailinglist.

22.4. Documentation writers and translators

This document needs your help! First and foremost, it is not finished yet: if you read it, you will notice various FIXMEs within the text. If you happen to know (a bit of) what needs to be explained there, please consider sharing your knowledge with us.

The source of the text is a wiki and can be edited with a simple webbrowser. Just go to http://wiki.debian.org/DebianEdu/Documentation/Squeeze/ and you can contribute easily. Note: a user account is needed to edit the pages; you need to create a wiki user first.

Another very good way to contribute and to help users is by translating software and documentation. Information on how to translate this document can be found in the translations chapter of this book. Please consider helping the translation effort of this book!

23. Soporte

23.1. Soporte basado en voluntarios

23.1.1. in English

23.1.2. in Norwegian

23.1.3. in German

23.1.4. in French

23.1.5. in Spanish

23.2. Soporte profesional

Lists of companies providing professional support are available from http://wiki.debian.org/DebianEdu/Help/ProfessionalHelp.

24. Nuevas características en Debin Edu Squeeze

24.1. Changes for Debian Edu 6.0.7+r1 Codename "Squeeze" released 2013-03-03

  • Debian Edu 6.0.7+r1 Codename "Squeeze" is an incremental update to Debian Edu 6.0.4+r0, containing all the changes between Debian 6.0.4 and 6.0.7 as well as the following changes:

  • sitesummary was updated from 0.1.3 to 0.1.8

    • Make Nagios configuration more robust and efficient

    • Comply with 3.X kernel

  • debian-edu-doc from 1.4~20120310~6.0.4+r0 to 1.4~20130228~6.0.7+r1

    • Minor updates from the wiki

    • Danish translation now complete

  • debian-edu-config from 1.453 to 1.455

    • Fix /etc/hosts for LTSP diskless workstations. Closes: #699880

    • Make ltsp_local_mount script work for multiple devices.

    • Correct Kerberos user policy: don't expire password after 2 days. Closes: #664596

    • Handle '#' characters in the root or first users password. Closes: #664976

    • Fixes for gosa-sync:

      • Don't fail if password contains "

      • Don't disclose new password string in syslog

    • Fixes for gosa-create:

      • Invalidate libnss cache before applying changes

      • Multiple failures during mass user import into GOsa²

    • gosa-netgroups plugin: don't erase entries of attribute type "memberNisNetgroup". Closes: #687256

    • First user now uses the same Kerberos policy as all other users

    • Add Danish web page

  • debian-edu-install from 1.528 to 1.530

    • Improve preseeding support and documentation

24.2. Nuevas características en Debian Edu 6.0.4+r0 nombre código "Squeeze" publicado el 11-03-2012

24.2.1. User visible changes

  • Updated artwork and new Debian Edu / Skolelinux logo, visible during installation, in the login screen and as desktop wallpaper.

  • Replace LWAT with GOsa² as the LDAP administration interface. See below and the Getting started chapter of the manual for more information on GOsa².

  • See below for a list of updated software.

  • Show welcome page to users when they first log in. This default start page for Iceweasel is fetched from LDAP at installation and boot time for networked profiles. Set to http://www.skolelinux.org/ for Standalone installations.

  • New LXDE desktop option, in addition to KDE (default) and Gnome. As the Gnome option, the LXDE desktop option is only supported by the CD installation method.

  • Speed up LTSP client boot.

  • Provide a KDE menu entry for changing the password in GOsa².

    • For more information on how to change passwords (including expired passwords at the KDM/GDM login prompt), please see the HowTos for users chapter of the manual.

  • Add link to http://linuxsignpost.org/ on the start page shown to new users.

  • All LTSP servers are also RDP servers by default.

  • Improve handing of removable media on thin clients. Show desktop notification longer when inserting new media and provide an option to start dolphin when such media is inserted.

24.2.2. Installation changes

  • New version of debian-installer from Debian Squeeze, see installation manual for more details.

  • Since root logins are no longer allowed when using gdm/kdm, a user in LDAP is set up during installation of the Main Server. This user is up as GOsa² administrator and is also granted sudo access. The Debian Edu menu reordering has been enabled as well, by adding the user also to the teachers group.

  • The .iso images can directly be copied onto USB sticks, for example by using dd or even cat..

  • New roaming workstation profile for laptops.

  • Device access for all users is handled by PolicyKit, and no extra group memberships are needed to get access to devices.

  • A warning will be issued when installing on too small disks for the selected profile.

  • Simplify partitioning for Standalone installs to only have a separate /home/ but no seperate /usr anymore.

  • More tests in the test suite, and correct some of the tests that failed earlier.

  • Make sure to report an error and abort the installation when trying to use the netinst images without a working Internet connection, instead of silently installing a broken system.

24.2.3. Software updates

  • Everything which is new in Debian Squeeze:

    • compatibility with the FHS v2.3 and software developed for version 3.2 of the LSB.

    • Linux kernel 2.6.32

    • Desktop environments KDE "Plasma" 4.4 and GNOME 2.30

    • Web browser Iceweasel 3.5

    • OpenOffice.org 3.2.1

    • Educational toolbox GCompris 9.3

    • Music creator Rosegarden 10.04.2

    • Image editor Gimp 2.6.10

    • Virtual universe Celestia 1.6.0

    • Virtual stargazer Stellarium 0.10.4

    • Debian Squeeze includes over 10,000 new packages available for installation, including the browser Chromium

24.2.4. Infrastructural changes

  • The 10.0.0.0/8 network is used instead of 10.0.2.0/23, and the default gateway is 10.0.0.1/8, not 10.0.2.1/8 as used in the past.

    • The dynamic DHCP range was extended on the backbone network to around 4k IP addresses, and around 200 IP addresses for the thin client network.

    • The DHCP network for 10.0.0.0/8 has been renamed from barebone to intern

    • There are no pre-defined host entries for client systems in DNS anymore (staticXX, ..., dhcpYY...)

  • MIT Kerberos5 used for user authentication, enabled for:

    • PAM

    • IMAP

    • SMTP

  • NFSv4, but without added Kerberos privacy/integrity/authentication. The machines still have to be added to the workstation netgroup to be able to mount the home directories

  • Full Samba NT4 domain support for Windows XP/Vista/7

  • A complete PXE boot environment is setup when installing from the DVD, so that further installations can be done using PXE network installs only. A new script pxe-addfirmware is provided to support more hardware models needing firmware.

  • Remove all hard coded settings on workstations, and configure workstations and roaming workstations using settings detected from the environment using DNS, DHCP and LDAP. See this blog post with more information on the changes.

24.2.5. Actualizaciones en documentación y traducciones

  • Translation updates for the templates used in the installer. These templates are now available in 28 languages.

  • The Debian Edu Squeeze Manual has generally been cleaned up and improved. A proof-read with corrections was done by a native English linguist.

  • The Debian Edu Squeeze Manual is fully translated to German, French, Italian and Danish (new). Partly translated versions exist for Norwegian Bokmal and Spanish.

  • Improvements to many language tasks, especially French and Danish.

  • Improvements to the welcome web page shown at first logins.

    • Add new Japanese, Portuguese and Catalan translations of the welcome web page.

24.2.6. Regressions

  • CD and DVD installs are different - the DVD is only suitable for installing a KDE environemnt.

  • Drop support for powerpc architecture from netinst installation CDs. It is still possible to run Debian Edu on powerpc, but installation is less automated.

  • Drop gtick in the default installation, because it doesn't work on thin clients (BTS #566335).

24.2.7. New administration tool: GOsa²

  • gosa (2.6.11-3+squeeze1~edu+1) from the upcoming 6.0.5 Debian point release, with:

    • Fix DHCP host removal. Closes: #650258

    • Backport user generator unicode character transliteration. Closes: #657086

  • Customized GOsa² configuration to better suit the Debian Edu network architecture.

    • GOsa² updates DNS and NFS exports immediately when a system is updated in LDAP, making diskless workstations work right after they are added to the required netgroup.

  • Provide script sitesummary2ldapdhcp to update or populate GOsa² with system objects using information gathered by sitesummary, to make it easier to add new computers to the network.

24.2.8. More software changes

  • Add video editor Kdenlive 0.7.7 and interactive geometry tool Geogebra 3.2.42

  • Change default package manager from adept to synaptic, to avoid getting two graphical package managers installed by default.

  • Install openoffice.org-kde by default ensure OOo uses KDE file dialogs in KDE.

  • Change video player setup to install different players in KDE (dragonplayer), Gnome (totem) and LXDE (totem).

  • Add KDE tools freespacenotifier, kinfocenter, update-notifier-kde to the default KDE installation.

  • Replace network-manager-kde with plasma-widget-networkmanagement in the standalone KDE profile

  • Install usb-modeswitch on laptops to handle dual mode USB devices.

  • Add cifs-utils to the default installation to ensure SMB mounting can work in any profile.

  • Drop octave, gpscorrelate, qlandkartegt, viking, starplot, kig, kseg, luma, and valgrind from the default installation and the DVD to make room for higher priority packages.

  • Drop libnss-mdns from stationary profiles, to make sure DNS is the authoritive source of host names.

  • freerdp-x11 is installed by default as RDP and VNC client. (Previously rdesktop was installed instead.)

24.2.9. Other LDAP related changes

  • Make the LDAP server handle more clients after increasing the server's file descriptor limit from 1024 to 32768.

  • Add code to re-enable stopped CUPS queues every hour on the Main Server, and flush all CUPS queues every night. Both can be disabled in LDAP.

  • Provide network blocking / exam mode by default, controlled by LDAP. In addition to network blocking, changes to the Squid proxy configuration is needed.

  • Enable automatic extending of full file systems on the Main Server by default. This can be disabled in LDAP.

  • Change SSL certificate name used by the LDAP server and adjust clients to use the new name to be able to enable certificate checking on clients.

  • Switch PowerDNS to use strict LDAP mode, to allow us to simplify the LDAP setup used for DNS.

  • Simplify autofs LDAP rules to make sure they work with extra home directory partitions exported from the main-server without any changes.

  • Make backup system more robust in handling LDAP database dump and restart.

24.2.10. Other changes

  • Root logins are denied for both KDM and GDM - see above and Getting started for details.

  • Clients set up to shut down at night will stay up for at least an hour if they are turned on manually between 16:00 and 07:00.

  • Additionally use local NTP clock on the main-server to ensure clients and server sync clocks also when disconnected from the Internet.

  • Access to Debian repositories is always done via a proxy on the main server - read more about the implementation details using DHCP and WPAD

  • The home0 partition is mounted nosuid, to increase security.

  • Change KDE/Akonadi configuration to reduce the disk footprint of every user from 144 to 24 MiB.

  • New tool notify-local-users to send desktop notification to all logged in users on a machine. Useful for thin client servers.

25. Copyright y authores

This document is written and copyrighted by Holger Levsen (2007, 2008, 2009, 2010, 2011, 2012, 2013), Petter Reinholdtsen (2001, 2002, 2003, 2004, 2007, 2008, 2009, 2010, 2012), Daniel Heß (2007), Patrick Winnertz (2007), Knut Yrvin (2007), Ralf Gesellensetter (2007), Ronny Aasen (2007), Morten Werner Forsbring (2007), Bjarne Nielsen (2007, 2008), Nigel Barker (2007), José L. Redrejo Rodríguez (2007), John Bildoy (2007), Joakim Seeberg (2008), Jürgen Leibner (2009, 2010, 2011, 2012), Oded Naveh (2009), Philipp Hübner (2009, 2010), Andreas Mundt (2010), Olivier Vitrat (2010, 2012), Vagrant Cascadian (2010), Mike Gabriel (2011), Justin B Rye (2012), David Prévot (2012), Wolfgang Schweer (2012) and Bernhard Hammes (2012) and is released under the GPL2 or any later version. Enjoy!

If you add content to it, please only do so if you are the author. You need to release it under the same conditions! Then add your name here and release it under the GPL2 or later version.

26. Copyright de la traducción y Autores

The Spanish translation is copyrighted by José L. Redrejo Rodríguez (2007), Rafael Rivas (2009, 2010, 2011, 2012) and Norman Garcia (2010, 2012) and is released under the GPL2 or any later version.

The Bokmål translation is copyrighted by Petter Reinholdtsen (2007), Håvard Korsvoll (2007, 2008), Tore Skogly (2008), Ole-Anders Andreassen (2010) and Jan Roar Rød (2010) and is released under the GPL2 or any later version.

The German translation is copyrighted by Holger Levsen (2007), Patrick Winnertz (2007), Ralf Gesellensetter (2007, 2009), Roland F. Teichert (2007, 2008, 2009), Jürgen Leibner (2007, 2009, 2011), Ludger Sicking (2008, 2010), Kai Hatje (2008), Kurt Gramlich (2009), Franziska Teichert (2009), Philipp Hübner (2009), Andreas Mundt (2009, 2010) and Wolfgang Schweer (2012, 2013) and is released under the GPL2 or any later version.

The Italian translation is copyrighted by Claudio Carboncini (2007, 2008, 2009, 2010, 2011, 2012, 2013) and is released under the GPL2 or any later version.

The French translation is copyrighted by Christophe Masson (2008), Olivier Vitrat (2010), Cédric Boutillier (2012, 2013), Jean-Paul Guilloneau (2012), David Prévot (2012), Thomas Vincent (2012) and the French l10n team (2009, 2010, 2012) and is released under the GPL2 or any later version.

The Traditional Chinese translation is copyrighted by Andrew Lee (李健秋) (2009) and is released under the GPL2 or any later version.

The Danish translation is copyrighted by Joe Hansen (2012, 2013) and is released under the GPL2 or any later version.

27. Traducciones de este documento

Versions of this document fully translated into German, Italian, French and Danish are available. Incomplete translations exist for Norwegian Bokmål and Spanish; take a look here for your own language.

27.1. HowTo translate this document

As in many free software projects, translations of this document are kept in PO files. More information about the process can be found in /usr/share/doc/debian-edu-doc/README.debian-edu-squeeze-manual-translations. The Git repository (see below) contains this file too. Take a look there and at the language specific conventions if you want to help translating this document.

To commit your translations you need to be a member of the Alioth project debian-edu. To translate, you just need to check out some files from from Git (which can be done anonymously) and create patches. Please file a bug against the debian-edu-doc package and attach the PO file to the bugreport. You can find some instructions on how to submit bugs here.

You can check out the debian-edu-doc source anonymously with the following command (you need to have the git package installed for this to work):

  • git clone git://anonscm.debian.org/debian-edu/debian-edu-doc.git

Then edit the file documentation/debian-edu-squeeze/debian-edu-squeeze-manual.$CC.po (replacing $CC with your language code). There are many tools for translating available; we suggest using lokalize.

Then you either commit the file directly to Git (if you have the rights to do so) or send the file to the bugreport.

To update your local copy of the repository use the following command inside the debian-edu-doc directory:

  • git pull

Read /usr/share/doc/debian-edu-doc/README.debian-edu-squeeze-manual-translations to find information how to create a new PO file for your language if there isn't one yet, and how to update translations.

Please keep in mind that this manual is still under development, so don't translate any string which contains " FIXME".

Basic information about Alioth (the host where our Git repository is located) and Git is available at http://wiki.debian.org/Alioth/Git.

If you are new to Git, look at the Pro Git book; it has a chapter on the recording changes to the repository. Also you might want to look at the gitk package that provides a GUI for Git.

Please report any problems.

28. Appendix A - The GNU General Public License

Note to translators: there is no need to translate the GPL license text. 

28.1. Manual para Debian-Edu 6.0.7+r1 rc2 nombre código "Squeeze"

Copyright (C) 2007-2013 Holger Levsen < holger@layer-acht.org > and others, see the Copyright chapter for the full list of copyright owners.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

28.2. LICENCIA PUBLICA GENERAL GNU

Version 2, June 1991

Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

28.3. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION

0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

  • a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.

    b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

    c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

  • a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

    c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS

29. Apéndice B - Aún no hay CD/DVDs vivo de Debian Edu Squeeze

/!\ No hay imágenes de Debian Edu Squeeze para CD/DVDs disponibles en este momento.

29.1. Features of the Standalone image

  • Casi todos los paquetes del perfil predeterminado

  • Todos los paquetes de la tarea «laptop»

  • Perfil de escritorio KDE para estudiantes

29.2. Activando el soporte regional y traducciones

To activate a specific translation, boot using locale=ll_CC.UTF-8 as a boot option, where ll_CC.UTF-8 is the locale name you want. To activate a given keyboard layout, use the keyb=KB option where KB is the desired keyboard layout. More information on this feature is available from the live CD build script documentation. Here is a list of commonly used locale codes:

Lenguaje (Región)

Valores local

Distribución del teclado

Noruego (Bokmål)

nb_NO.UTF-8

no

Noruego (Nynorsk)

nn_NO.UTF-8

no

Alemán

de_DE.UTF-8

de

Francés (Francia)

fr_FR.UTF-8

fr

Griego (Grecia)

el_GR.UTF-8

el

Japonés

ja_JP.UTF-8

jp

Sami del Norte (Noruega)

se_NO

no(smi)

La lista completa de los códigos locales esta disponible en /usr/share/i18n/SUPPORTED, pero únicamente los locales con UTF-8 son soportados por la imagen «live». No todas las traducciones locales tienen instalación. Las distribuciones de teclados pueden ser encontradas en /usr/share/keymaps/i386/.

29.3. Cosas para saber

  • The password for the user is "user"; root has no passwd set.

29.4. Problemas conocidos con la imágen

  • /!\ No hay imágenes de squeeze todavía :(

29.5. Descarga

The image is 1.2 GiB and would be (but currently isn't) available via FTP, HTTP or rsync from ftp.skolelinux.org under cd-squeeze-live/.

30. Apéndice C - Características de publicaciones anteriores

30.1. Nuevas características en Debian Edu 6.0.0 alpha1 nombre código "Squeeze" publicación ??-01-2010

  • Everything that is new in Debian 5.0.5 and 5.0.6, which includes support for some new hardware. 5.0.5 and 5.0.6 are maintenance releases and generally don't add new features

  • Several bugfixes, including fixes for Skolelinux bugs #1436, #1427, #1441, #1413, #1450 and Debian bugs #585966, #585772, #585968, #586035 and #585966 plus several which were not filed

  • Merge new web pages from Squeeze - the text is the same, but it provides a new translation for zh, compete translations for all included languages (de, es, fr, it, nb, nl, ru, zh), and a rename of the .no page to .nb to reflect the language used

  • Debian-edu-install: Slovak translation added, updates to German, Basque, Italian, Bokmal, Vietnamese and Chinese translations.

  • Debian-edu-doc: improvements to Italian, Bokmal and German translations as well as overall content and layout

  • Sitesummary: various improvements; most notably, several Nagios checks were added to monitor system health

  • Shutdown-at-night: fix #1435 (did not work with the LDAP host groups populated by lwat).

30.2. Nuevas características en Debian Edu 5.0.4+edu0 "Lenny" publicado el 2010-02-08

  • Everything that is new in Debian 5.0.4; see the following paragraph for details.

  • More than 80 applications relevant for education are included based on user feedback and user statistics (through Debian Edu popularity contest). The full list of packages is given in the task overview page.

  • Escritorio para los estudiantes mejorado con accesos directos a software educativo como GCompris, Kalzium, Kgeography, KMplot, KStars, Stopmotion y OpenOffice Write e Impress.

  • Iconos dinámicos del escritorio y opciones del menú son ajustadas basada en el grupo de usuarios

  • Gnome added as a supported desktop; see the Installation chapter to learn how to install with GNOME instead of KDE as desktop.

  • Soporte para más de 50 idiomas.

  • Sistema mejorado para administración de usuarios e identificación de computadoras.

  • Mejoras en la configuración de clientes sin disco y clientes ligeros.

  • Nuevo menú inicio permite a los usuarios elegir entre estación de trabajo sin disco, cliente ligero y estación de trabajo.

  • Opción de estación de trabajo sin disco es instalada pero no activada por defecto en los servidores con el perfil servidor de clientes ligeros.

  • Main-server is set up as a PXE server for booting thin clients and diskless workstations, and for installing to clients' hard or flash drives.

  • The configuration for DNS and DHCP is stored in LDAP and can be edited using lwat. The DNS server has been switched from bind9 to powerdns.

  • LDAP server for directory services (NSS) is located using a SRV record in DNS instead of hardcoding the 'ldap' DNS name. LDAP server for password checks (PAM) is still using the hardcoded 'ldap' DNS name.

  • Multi-architecture (amd64/i386/powerpc) net installer CD.

  • (Most) Packages are downloaded over the Internet.

  • Multi-architecture (amd64/i386) installer DVD capable of installing without network.

  • PulseAudio is provided in addition to ALSA and OSS for sound on workstations and diskless workstation machines.

  • El perfil Básico ha sido renombrado a Mínimo, para ser más acorde.

  • La configuración de Nagios3 ahora es automáticamente creada por sitesummary.

  • El archivo por usuario ~/.xsession-errorses seccionado automáticamente cuando el usuario inicia sesión, para evitar utilizar demasiado espacio en la partición home, con un registro que crece infinitamente. El usuario puede deshabilitar esto, creando ~/.xsession-errors-enable. . El administrador puede configurar el sistema para redireccionar el archivo a /dev/null editando /etc/X11/Xsession.d/05debian-edu-truncate-xerrorlog.

  • Para una fácil instalación de Debian Edu en la que pudiese necesitar firmware no-libre, el CD como el DVD incluyen el siguiente firmware: firmware-bnx2, firmware-bnx2x, firmware-ipw2x00, firmware-iwlwifi, firmware-qlogic and firmware-ralink.

30.3. Nuevas características en Debian 5.0.4, sistema en el cual esta basado Debian Edu 5.0.4+edu0

  • El nuevo Kernel Linux 2.6.26 soporta ms hardware

  • With this release, Debian GNU/Linux updates from X.Org 7.1 to X.Org 7.3 (which includes support of newer hardware) and now includes the desktop environments KDE 3.5.10 and GNOME 2.22. Updates of other desktop applications include Iceweasel (version 3.0.6, which is the unbranded Firefox web browser) and Icedove (version 2.0.0.19, which is the unbranded Thunderbird mail client) as well as upgrades to Evolution 2.22.3, OpenOffice.org 2.4.1, and Pidgin 2.4.3 (formerly known as Gaim). SWI-prolog is back.

  • Instalación desde CD desde windows

  • Se cambio de sysklogd a rsyslog como el colector de registros del sistema.

  • Para mayor información, visite la página Lo nuevo en Squeeze

30.4. New features in the "3.0r1 Terra" release 2007-12-05

  • Una mejor documentación con traducciones actualizadas a Alemán, Noruego Bokmål e Italiano.

  • Includes more than 40 bug fixes, improvements and security updates that came to our attention after the 3.0r0 release

30.5. New features in the "3.0r0 Terra" release 2007-07-22

  • Basado en Debian 4.0 Etch publicación en 2007-04-08

  • Instalador gráfico con soporte para mouse

  • Boot splash con usplash

  • comatible con LSB 3.1

  • Versión del kernel linux 2.6.18

    • soporte para controladoras SATA y discos rígidos

  • Versión de X 7.1.

  • Ambiente gráfico KDE 3.5.5

  • OpenOffice versión 2.0

  • LTSP5 (versión 0.99debian12)

  • Inventario automático de equipos instalados utilizando Sitesummary.

  • Configuración automática de munin utilizando los datos de Sitesummary.

  • Control automático de versiones de configuración en /etc/ por medio de svk.

  • File systems can be extended while the file system is mounted.

    • Support for automatically extending file systems based on predefined rules.

  • Soporte de dispositivos locales en Clientes ligeros.

  • Nuevas arquitecturas de procesadores: amd64 (soporte completo) y ppc (soporte experimental, el sistema de instalación funciona únicamente en la nueva subarquitectura newworld).

  • DVDs multi-arquitectura para i386, amd64 y powerpc

  • El CD de instalación requiere acceso a internet durante la instalación. Versiones previas podían instalarse a partir de un CD sin acceso a internet.

  • Regresión

  • Regression: swi-prolog is not part of Etch, but was part of Sarge. The HowTo teach and learn Chapter describes how to install swi-prolog on Etch.

30.6. Características de la versión 2.0 publicada el 14-03-2006

  • Basado en Debian 3.1 Sarge publicado el 06-06-2005.

  • Linux kernel versión 2.6.8.

  • XFree86 versión 4.3.

  • KDE versión 3.3.

  • OpenOffice versión 1.1.

30.7. Características de la versión "1.0 venus" publicado el 20-06-2004

  • Basado en Debian 3.0 Woody plublicado el 19-07-2002

  • Versión del kernel linux 2.4.26.

  • XFree86 versión 4.1.

  • KDE versión 2.2.

30.8. More information on even older releases

More information on even older releases can be found at http://developer.skolelinux.no/info/cdbygging/news.html.