Fedora Core 1 installation cookbook - server Jerry Winegarden, last revised 2/19/04 Note: select "Custom" install --------------------------------------------------------------------- Boot from CD: Fedora Core 1, Disc 1 boot: ==> (graphical install, assumes mouse) Test CD media? ==> Skip ==> (at this point, still have to hit "Tab" to go to next choice) (Now can use mouse) ==>Next ------------------------------------------------------------ Language ==>English (English) ==>Next Keyboard Config ==>U.S. English ==>Next Mouse Config ==>Generic 2-button mouse (PS/2) ==>Emulate 3-buttons ==>Next ==>Install Fedora Core ==>Next ------------------------------------------------------------ Installation Type: ==>Custom ==>Next ------------------------------------------------------------ Disk Partitioning: ==>Manually partition with Disk Druid ==>Next ------------------------------------------------------------ Delete existing partitions (except maybe /home from a previous Linux installation?) Select each existing partition ==> delete ==>Delete Repeat this step until all old partitions are removed ------------------------------------------------------------ Add new partitions: ==>New Mount point: (blank) File system type: swap Size (MB): 512 (2-3 times amount of RAM) Fixed Size ==>OK Mount point: / File system type: ext3 Size (MB): 8000 Fixed Size Force to be primary partition ==>OK Mount point: /home File system type: ext3 Size (MB): 1000 Fill to maximum allowable size Force to be primary partition ==>OK You should now have the following 3 partitions defined: partition mount point /dev/hda1 / /dev/hda2 /home /dev/hda3 swap If you have it correct, then: (If not, then delete,add,edit until you do) ==>Next ------------------------------------------------------------ Boot loader options: ==>Next ------------------------------------------------------------ Network Devices: eth0 DHCP ==> Edit UNCHECK: "Configure using DHCP" (want static IP number) ==> IP address ==>192.168.1.231 ==>255.255.255.0 ==>OK ------------------------------------------------------------ Hostname: Set Hostname: ==>Manually ==>ourserver Miscellaneous: Gateway: ==>192.168.1.1 Primary DNS: ==>24.25.4.106 Secondary DNS: ==>24.25.4.107 ==>Next Firewall? ==>No firewall ==> Next ==> Proceed ************************** (Note: if you specify a personal firewall, you will later have to specify every service port that you want to use. If you are already behind a firewall, then you can consider no starting a firewall on the server itself. If you are NOT behind a firewall, then you HAVE to run the firewall!) ************************** Default language: ==> English (USA) ==>Next root password: ==> :) confirm: ==> :_ ==> Next ------------------------------------------------------------ Package selection: Desktops ==> X Windows System 34/39 ==>Gnome Desktop environment 39/42 ==> Details (if not 39/42) Applications ==>Editors 2/6 ==>Details ==>Emacs ==>joe ==>vim-enhanced ==>OK 3/6 ==>Graphical Internet 7/15 ==>Details ==>evolution ==>gaim ==>mozilla ==>pan ==>xchat ==>OK 6/15 ==>Text-Based Internet ==>Details ==>elinks ==>epic ==>fetchmail ==>lynx ==>mutt ==>ncftp ==>sln ==>OK 7/7 ==>Office/Productivity ==>Details ==>ggv ==>gpdf ==>openoffice.org ==>xpdf ==>OK 4/12 ==>Sound & Video 15/22 ==>Authoring & Publishing 10/10 ==>Graphics 10/14 ==>Games & Entertainment 8/8 Servers ==>Server Configuration Tools 9/12 ==>Web Server ==>Details ==>httpd-manual ==>hwcrypto ==>mod_auth_mysql ==>mod_auth_pgsql ==>mod_perl ==>mod_python ==>mod_ssl ==>php ==>php_imap ==>php_ldap ==>php_mysql ==>php_odbc ==>php_pgsql ==>squid ==>webalizer ==>OK 16/17 ==>Mail server ==>Details ==>Dovecot ==>imap ==>mailman ==>sendmail-cf ==>spamassassin ==>squirrelmail ==>OK 7/8 ==>Windows File Server 2/2 ==>Ftp server 1/1 ==>SQL Database server ==>Details ==>mysql-server ==>perl-DBD-server ==>postgresql-server ==>unix ODBC ==>OK 4/5 ==>Network servers ==>Details ==>cipe ==>telnet-server ==>tftp-server ==>OK System ==>Administrative Tools 12/12 ==>System Tools ==>Details ==>ethereal ==>ethereal-gnome ==>nmap ==>samba-client ==>screen ==>tsclient ==>vnc ==>xdelta ==>OK 7/19 ==>Printing Support 9/10 The above selections total about 2.1 GB. If you select "Everything", it will take about 5.2 GB. If you do not select "Everything", then you will still have to install some things "by hand" after this installation. (e.g. samba-swat and netatalk). ==>Next (checks package dependencies) ==> Next ------------------------------------------------------------ Required Media: Fedora Core 1 CD #1 Fedora Core 1 CD #2 Fedora Core 1 CD #3 ==>Continue ------------------------------------------------------------ ==>Next ==>Next ==>Reboot ------------------------------------------------------------ Welcome ==>Next ==>Yes I agree ==>Next Date and Time ------------------------------------------------------------ ==>Enable Time Protocol Server: ==> clock2.redhat.com ==>Next ------------------------------------------------------------ User Name (enter at least one account) Username: Password: Confirm pw: ==>Next ------------------------------------------------------------ Sound Card ==>Next ------------------------------------------------------------ Additional CD's: ==>Next ------------------------------------------------------------ Finish ==>Next ------------------------------------------------------------ ------------------------------------------------------------ Login as: ==>root Add terminal window icon to task bar: ==>RedHat icon (bottom left corner, like the "Start" button) ==>System Tools ==>Terminal ==>(right mouse button) ==>Add this launcher to panel Open a couple of terminal windows (click on the terminal icon in the task bar) Note: you are in the top right workspace where 2 windows have opened up. To use another workspace, click on one of the 4 small squares packed together in a square in the middle of the task bar on the bottom. ------------------------------------------------------------ Install additional packages: Put in Fedora Core 1, Disc #1 It might say: "Do you wish to run /mnt/cdrom/autorun?" ==>No Note that this first Cd should have automounted. Check to see if it is mount: Type in terminal window: ==>mount This should list the mounted file systems: /dev/hda1 on / type ext3 (rw) none on /proce type proc (rw) usbdevfs on /dev/pts type devpts (rw,gid=5,mode=620) /dev/hda2 on /home type ext3 (rw) none on /dev/shm type tmpfs (rw) /dev/cdrom on /mnt/cdrom type iso9660 (ro,nosuid,nodev) The /dev/cdrom line shows that the CD is mounted, starting at /mnt/cdrom If it does NOT show up in this list, try to manually mount it: mount /dev/cdrom ls /mnt/cdrom should show a directory listing of the CD #1. cd /mnt/cdrom/Fedora/RPMS (note case sensitive) ls | more directory listing of the Fedora packages (in /mnt/cdrom/Fedora/RPMS), with the list being read using the pager "more". space bar goes forward 1 page, b goes back one page, advances one line, / searchstring searches for a string, q quits. (the vertical bar "|" is called "pipe", directs output of one command to the input of another command so, here, ls command output goes to the pager more instead of directly to the screen. the pager more lets you look at the output one page at a time. ------------------------------------------------------------ check to see if a package is installed: rpm -qa | grep packagename to install a package: cd /mnt/cdrom/Fedora/RPMS rpm -Uvh packagename* packages to install from disc #1: cd /mnt/cdrom/Fedora/RPMS lynx rpm -Uvh lynx* mod_auth_pgsql rpm -Uvh mod_auth* mod_auth_mysql mysql rpm -Uvh *mysql* perl-DBD-MySQL rpm -Uvh perl-DBD* cd /; umount /mnt/cdrom packages to install from disc #3: cd /mnt/cdrom/Fedora/RPMS asp2php rpm -Uvh asp2php* macutils rpm -Uvh macutils* MyODBC rpm -Uvh MyODBC* mysql-bench rpm -Uvh mysql-bench* netatalk rpm -Uvh netatalk* openssl-perl rpm -Uvh openssl-perl* qt-MySQL rpm -Uvh qt* qt-ODBC qt-PostgreSQL samba-swat rpm -Uvh samba-swat* sendmail-doc rpm -Uvh sendmail-doc* squirrelmail rpm -Uvh squirrel* telnet-server rpm -Uvh telnet* tftp rpm -Uvh tftp* tftp-server ------------------------------------------------------------ Packages to be obtained via yum: (if you have any problems with installation of packages from CD, especially because of failed dependencies, then try yum install instead.) yum install *mysql* ------------------------------------------------------------ Packages to be obtained via http or ftp: pine, webmin First, check to see if /usr/local/downloads exists. If not, create it. ls /usr/local/downloads. If it says: "No such file or directory", then you must create it: mkdir /usr/local/downloads Using mozilla (globe icon with mouse wrapped around it in the taskbar) ftp://people.redhat.com/mharris/pine/4.58-2/i386/pine-4.58-2.i386.rpm save to /usr/local/downloads Webmin: www.webmin.com ==>downloading and installing ==>webmin-1.130-1.noarch.rpm ==>"7693 kb"icon in "Download" column from Location you desire(e.g. Reston VA) ==>SAVE (to /usr/local/downloads) Install these packages: cd /usr/local/downloads rpm -Uvh pine* rpm -Uvh webmin* ------------------------------------------------------------ Using webmin to manage system (e.g. add users, control which services startup): Use Mozilla browser: http://localhost:10000 login as root Using samba-swat to manage smb service: use mozilla, http://localhost:901 login as root ------------------------------------------------------------ Control what services start up (e.g. httpd Apache web server) You can do this via webmin. However, below is how to do it "by hand" using chkconfig in a terminal window. chkconfig --list | more lists services and status in various "run levels" run levels 3 and 5 are what you look at (run level 3 = "single user mode - no windows" or "text mode" run level 5 = multi-user or X-Windows running) chkconfig --level 2345 servicename off on controls whether a service starts or not at system startup but it does not affect the current status of a service service servicename start|stop|restart|status controls current status of a service or shows current status e.g. service httpd start services to turn off: netfs iptables pcmcia (unless you are on a laptop) nfslock isdn services to turn on: httpd smb vsftpd atalk You need to configure these services. See below for configuration HOWTO. xinetd-controlled services to enable: cd /etc/xinetd.d ls Use an editor (suggest pico, but vi or joe or pico or emacs will do) on the config files in this directory: pico swat pico telnet You must comment out by inserting a # at beginning of line (or remove) the line that says: disable = yes # disable = yes In pico, use the arrow keys to move around within the file (move around on the screen). pico is a WYSIWYG editor (what you see is what you get). To save, just exit pico with ^X (CTRL-X). It will ask you if you want to save the changes "Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES)" Type Y to save, N to exit and not save. You don't have to remember these PICO commands because they are displayed on the bottom of the screen. ------------------------------------------------------------ Configure services: Apache web server: httpd (Note: the default document root directory for httpd is /var/www. /var is NOT the place for data such as web pages. So, it is suggested to create a directory in /home instead: /home/httpd and then copy files and directories from /var/www to /home/httpd. Instructions follow.) create new home directory for httpd web pages: mkdir /home/httpd copy directories and files from /var/www to /home/httpd: cd /var/www; tar cvpf - . | (cd /home/httpd; tar xvpf -) (This uses the tar archive utility) Now, the httpd configuration file is: /etc/httpd/conf/httpd.conf So, to edit it: cd /etc/httpd/conf pico httpd.conf Changes to make to httpd.conf: 1) Change all instances of /var/www to /home/httpd 2) Change DocumentRoot from /var/www/html to /home/httpd/html 3) set ServerName: ServerName yourserverhostname:80 (e.g. aacsserver) The existing line may be commented out, so you may have to just create one. ------------------------------------------------------------ Changes to make to /etc/hosts: cd /etc pico hosts 127.0.0.1 localhost 192.168.1.231 yourservername www.yourdomain.com whatever your server IP number whatever your servername whatever your external domain name These entries will let you access your web server from your box from either localhost, 127.0.0.1, yourserver, or www.yourdomain.com ------------------------------------------------------------ Changes to make to samba configuration file: /etc/samba/smb.conf [global] netbiosname = ourserver (yourservername=hostname) workgroup = OURGROUP (your workgroup or domain name) server string = Ourserver Linux Samba PC File Server (whatever) encrypt passwords = yes security = user The rest of the default settings will be ok for simple workgroup server. This makes a simple Microsoft Network Neighborhood File server, no domain server yet. It will work for Win98/Me, Win2000, WinXP Pro clients because of the encrypted passwords. It will not work for Win95 (or for Macintoshes, which will use atalk service if you enable them). By default, smb.conf has passwords NOT encrypted, so you must add that line. If however, you must use non-encrypted passwords (macs+pc's or win98 + win95), then you do not have to have a line encrypt passwords = no but a good idea to be explicit. However, to allow win98, win2000, winxp clients to not use encrypted passwords, you must make a registry edit to each of those clients. This registry edit will be provided later in this document. As a good first step, try this "simple simon samba" configuration. Then "service smb start", then add a user: useradd auser passwd auser smbpasswd -a auser Then, go to PC, set the workgroup (network control panel, Identification,workgroup), windows client login, reboot the PC, login as auser with the correct password. To test, go to Network neighborhood, look in your workgroup, open yourserver, you should see a folder named: auser Open this folder. If it opens without prompting for a password, then you have things working properly for simple file service. ---------------------------------------------------------------- If simple workgroup service works, then ready to go to next step, domain or pdc service. create directories for samba network logon files: cd / mkdir /data cd data mkdir samba cd samba mkdir netlogon mkdir profiles Note: there is nothing magical about the directory names that we've created for this. /etc/samba/smb.conf: (for samba as PDC (primary domain controller)) [global] netbiosname = ourserver workgroup = OURGROUP server string = Ourserver Linux Samba PC File Server (whatever) time server = true (so workstations will syncronize their clocks to this server's clock) printcap name = /etc/printcap load printers = yes # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user 'nobody' is used ; guest account = pcguest # use separate log files for each machine that connects via smb log file = /var/log/samba/%m.log max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 65 domain master = yes preferred master = yes domain logons = yes logon script = %U.bat # where to store roaming profiles (for Win95, WinNT, Win2000, WinXP) logon path = \\%L\Profiles\%U [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service (for Domain Logons) path = /data/samba/netlogon guest ok = yes writable = no share modes = no # share directory in which to store users' roaming profiles for WinNT/2K/XP # (note: profiles stored in home dir for Win9x,ME) [Profiles] path = /data/samba/profiles browseable = no guest ok = yes [printers] comment = All Printers path = /var/spool/samba browseable = no # set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes You can test samba's config file for syntax: testparm If you get error messages, then you need to fix them. service smb status service smb start (or restart) Give the server time to become the master browser for your domain. (Make sure your domain name is unique on your network!) Restart all PC's to insure that your server will be the master browser. To change a PC so it can become a member of the domain (instead of connecting to a simple workgroup service): Win98: ==>Start==>Settings==>Control Panels ==>Network ==>Microsoft Network Client ==>Properties ==>Log on to Windows NT domain ==>Windows NT domain name: YOURDOMAIN (e.g. AACS) ==>OK You'll have to restart your PC. Win2000, WinXP Pro: set to use domain logon instead of workgroup For WinXP Pro only: registry edit required Note: WinXP Home will NOT work under any circumstances. Don't even try. You must upgrade your machine to WinXP Pro. Before you can get access to the server's shares, you must create two types of accounts on the server for each machine that will connect and for each user that will connect: 1)/etc/passwd entry (using useradd command) 2)/etc/samba/smbpasswd entry (using smbpasswd -a command)