|
 |
|
| |
3.8 Configuration
After completing the basic system setup and the installation of
all selected software packages, provide a password for the account of
the system administrator (the root user). You can then configure your Internet access
and network connection. With a working Internet connection, you can
perform an update of the system as part of the installation. You can
also configure an authentication server for centralized user
administration in a local network. Finally, configure the hardware
devices connected to the machine.
3.8.1 Hostname
The hostname is the computer's name in the network. The fully
qualified domain name, needed here, includes the name of the domain to which
the computer belongs. Each
server and client in the network should have a unique hostname.
If you are located
in a local network, you might receive your hostname over DHCP, in which
case you should not modify the name. To receive the hostname over DHCP,
select .
3.8.2 root Password
root is the name of the superuser, the
administrator of the system. Unlike regular users, which may or may
not have permission to do certain things on the system, root has unlimited power to do
anything: change the system configuration, install programs, and set
up new hardware. If users forget their passwords or have other
problems with the system, root can help. The root account should only be used for system
administration, maintenance, and repair. Logging in as root for daily work is rather risky:
a single mistake could lead to irretrievable loss of many system
files.
For verification purposes, the password for root must be entered twice. Do not forget
the root password. Once
entered, this password cannot be retrieved.
3.8.3 Network Configuration
You can now choose whether to use NetworkManager or the traditional method
to manage all your network devices. NetworkManager is the new tool enabling automatic
connection establishment with minimal user intervention. It is ideal
for mobile computing. Also configure the network devices of
your system and make security settings, for example, for a firewall or
proxy.
To configure your network hardware at this stage, refer to Section 29.4,
Configuring a Network Connection with YaST. Otherwise, select and click . Network
hardware can also be configured after the system installation has been
completed.
NOTE: Network Devices and Update
If you skip the network device configuration, your system
will be offline and unable
to retrieve any available updates or include them in the
installation. As well as device configuration, configure network
accessibility–related settings:
- Firewall Configuration
-
When you connect to a network, a firewall is started
automatically on the configured interface. The configuration
proposal for the firewall is updated automatically every time the
configuration of the interfaces or services is modified. To adapt
the automatic settings to your own preferences, click . In the dialog that opens, determine whether the firewall
should be started. If you do not want the firewall to be started,
select the appropriate option and exit the dialog. To start and
configure the firewall, click for a series
of dialogs similar to those described in Section 38.4.1,
Configuring the Firewall with YaST.
- VNC Remote Administration
- To administer your machine remotely by VNC,
click , enable remote administration, and open the port in the
firewall.
If you have multiple network devices and want to select on which to
open the port, click and select
the network device. You can also use SSH, a more secure option, for remote
administration.
- Proxy
- If you have a proxy server in your network to control
access to the network, enter the server name and all
other required information to enable access to the Internet.
Internet Connection Test
If you have configured an Internet connection, you can test it
now. For this purpose, YaST establishes a connection to the
SUSE Linux Enterprise server and checks if any product updates are available
for your version of SUSE Linux Enterprise. If there are such updates, they
can be included in the installation. Also, the latest release notes
are downloaded. You can read them at the end of the installation.
To start the test, select
and click .
In the next dialog, view the progress of the test
and the results of the test. If the test fails,
click to return in the previous dialog and
correct the configuration or skip the test. If you need more information
about the test process, click .
If you do not want to test the connection at this point,
select then .
This also skips downloading product updates and release notes.
If you have multiple network interfaces in your system, verify that the
the right card is used to connect to the Internet. To do so, click
.
3.8.4 Customer Center
To get technical support and product updates, first register
and activate your product.
provides assistance for doing so.
If you are offline or want to skip this step, select .
In , select whether to
obtain some of the necessary information from your system. This simplifies
the registration process. If you want to see what is required to register
your system or what happens with your data, use
.
3.8.5 Online Update
If YaST was able to connect to the SUSE Linux Enterprise servers,
select whether to perform a YaST online update. If there are
any patched packages available on the servers, download and install
them now to fix known bugs or security issues.
3.8.6 Users
This step has two parts. In the first part,
choose the user authentication method. The second part depends on the
selected authentication method.
User Authentication
If network access was configured successfully during the
previous steps of the installation, you now have four possibilities
for managing user accounts on your system.
- Local (/etc/passwd)
-
Users are administered locally on the installed host. This is a
suitable option for stand-alone workstations. User data is managed
by the local file /etc/passwd. All users who are
entered in this file can log in to the system even if no network is
available.
- LDAP
-
Users are administered centrally on an LDAP server for all
systems in the network.
- NIS
-
Users are administered centrally on a NIS server for all
systems in the network.
- Windows Domain
-
SMB authentication is often used in mixed Linux and Windows
networks.
NOTE: Content of the Authentication Menu
If you use the custom package selection and one or more authentication
methods are missing from the menu, you probably did not select the
packages required for it. If all requirements are met, YaST opens a dialog in
which to select the user administration method. If you do not have
the necessary network connection, create local user accounts.
Creating Local User Accounts
Linux is an operating system that allows several users to work
on the same system at the same time. Each user needs a user account
to log in to the system. By having user accounts, the system gains a
lot in terms of security. For instance, regular users cannot change
or delete files needed for the system to work properly. At the same
time, the personal data of a given user cannot be modified, viewed,
or tampered with by other users. Users can set up their own working
environments and always find them unchanged when logging back in.
If you decide against using an authentication server for user
authentication, create local users. Any data related to user
accounts (name, login, password, etc.) is stored and managed on the
installed system.
A local user account can be created using the dialog shown in Figure 3-5. After entering the first name
and last name, specify a username (login). Click
for the system to generate a username
automatically.
Finally, enter a password for the user. Reenter it for
confirmation (to ensure that you did not type something else by
mistake).
To provide effective security, a password should be between
five and eight characters long. The maximum length for a password is
128 characters. However, if no special security modules are
loaded, only the first eight characters are used to discern the
password. Passwords are case-sensitive. Special characters like
umlauts are not allowed. Other special characters (7-bit ASCII) and
the digits 0 to 9 are allowed.
Two additional options are available for local users:
-
-
Checking this box sends the user messages created by the
system services. These are usually only sent to root, the system administrator.
This option is useful for the most frequently used account,
because it is highly recommended to log in as root only in special cases.
-
-
This option is only available if KDE is used as the default
desktop. It automatically logs the current user into the system
when it starts. This is mainly useful if the computer is operated
by only one user.
WARNING: Automatic Login
With the automatic login enabled, the system boots straight
into your desktop with no authentication at all. If you store
sensitive data on your system, you should not enable this option if
the computer can also be accessed by others. Click to create more than
one user. Refer to Section 7.9.1,
User Management
for more information about user management.
Configuring the Host as an LDAP Client
To implement user administration by LDAP, configure an LDAP client in
the next step. LDAP authentication relies on a central
LDAP server located in your network providing the authentication
data. This task can be handled by a SUSE Linux Enterprise Server machine.
Click to enable the use of LDAP. Select
instead if you want to use
LDAP for authentication, but do not want other users to log in to this
client. Enter the IP address of the LDAP server to use and the LDAP base DN
to select the search base on the LDAP server. To retrieve the
base DN automatically, click . YaST then
checks for any LDAP database on the specified server address. Choose
the appropriate base DN from the search results given by YaST. If TLS or
SSL protected communication with the server is required, select
. If the LDAP server still uses LDAPv2,
explicitly enable the use of this protocol version by selecting
. Select to mount remote directories on your client, such as
a remotely managed home directory. Click to apply
your settings. LDAP client configuration is discussed in further detail in
Section 34.3,
Configuring an LDAP Client with YaST.
Configuring the Host as a NIS Client
To implement user administration by NIS, configure a NIS client in the
next step. NIS authentication relies on a central NIS
server located in your network providing the authentication data. This
task can be handled by a SUSE Linux Enterprise Server machine.
In the NIS client dialog, first select whether the host has a static
IP address or gets one with DHCP. If you select DHCP, you cannot specify a
NIS domain or NIS server address, because these are provided by the DHCP
server. If a static IP address is used,
specify the NIS domain and the NIS server manually.
To search for NIS servers broadcasting in the network, check
the relevant option. You can also specify several NIS domains and
set a default domain. For each domain, select
to specify several server addresses or
enable the broadcast function on a per-domain basis.
In the expert settings, use to allow other network hosts to query which server
your client is using. If you activate , responses from servers on unprivileged ports are
also accepted. For more information, refer to the man page of
ypbind.
Configuring the Host as a Windows Domain Member
To implement user administration using a Samba or Windows
server, configure a Samba client in the next step. A
SUSE Linux Enterprise Server machine or a Windows server can be set up as a Samba
server.
In the dialog, enter the
NT or Active
Directory domain or Samba workgroup to join or use
to select from a list of available
domains. Select if
you want to create home directories for any user logging in to the domain
from your local machine. Click to apply your
settings and provide the necessary credentials. For further details on SUSE Linux Enterprise support for AD domains, see
Section 11.0,
Active Directory Support.
3.8.7 Cleanup
This step does not require any user interaction. The installation
program launches the SuSEconfig script to write the system configuration.
Depending on the CPU and the amount of memory, this process can take some
time.
3.8.8 Release Notes
After completing the user authentication setup, YaST
displays the release notes. Reading them is advised because they
contain important up-to-date information that was not available when
the manuals were printed. If you have installed update packages,
read the most recent version of the release notes, as fetched from
SUSE Linux Enterprise's servers.
3.8.9 Hardware Configuration
At the end of the installation, YaST opens a dialog for
the configuration of the graphics card and other hardware components
connected to the system. Click the individual components to start
the hardware configuration. For the most part, YaST detects and
configures the devices automatically.
You can skip any peripheral devices and configure them later.
To skip the configuration, select
and click .
However, you should configure the graphics card right away. Although
the display settings as autoconfigured by YaST should be
generally acceptable, most users have very strong preferences as far
as resolution, color depth, and other graphics features are
concerned. To change these settings, select the respective item and
set the values as desired. To test your new configuration, click
.
3.8.10 Completing Installation
After a successful installation, YaST shows the
dialog. In this dialog, select whether to clone your newly installed system
for AutoYaST. To clone your system, select .
The profile of the current system is stored in /root/autoyast.xml.
AutoYaST is a system for installing one or more SUSE Linux Enterprise systems automatically
without user intervention. AutoYaST
installations are performed using a control file with installation and
configuration data.
Finish the installation of
SUSE Linux Enterprise with in the final dialog.
|
|
|
