This page has moved to http://mywiki.ncsa.uiuc.edu/wiki/Installing_Debian.

Debian Install notes

These are my Debian install notes. They describe what worked for me. You may prefer a different configuration. Some of this configuration is specific to NCSA. Your best resource for Debian installation documentation is debian.org. In particular, see the Debian Network Install Page. Comments welcome to jbasney@ncsa.uiuc.edu.

Network Install

1. Download the netinst CD image from the Debian Installer page and burn it to a CD.
2. Boot from the CD. For troubleshooting during the installation, you can type Ctrl-Alt-F2 then Enter to get a terminal.
3. Press Enter at the boot prompt to install the 2.4 kernel. If you want a 2.6 kernel, type linux26 at the boot: prompt instead.
4. Choose English, United States, and American English.
5. On machines with multiple network interfaces, choose the interface that is connected to the internet when prompted.
6. The installer should now obtain an IP address via DHCP and prompt you to enter a computer name. If not, check your network cable. If the hostname isn't correct, just set it to what you want it to be and proceed.
7. Set the domain name to ncsa.uiuc.edu.
8. Choose to erase the entire disk for partitioning unless you want to save something.
9. Choose "All files in one partition" unless you have a different preference.
10. Finish partitioning.
11. Write changes to disks.
12. Choose to install GRUB boot loader to the MBR.
13. Remove CD-ROM and continue.
14. Reboot.
15. Set hardware clock to GMT. Central Time Zone.
16. For best performance on the UIUC campus, choose to configure the Debian archive access method manually and enter the following configuration:

    deb http://debian.cites.uiuc.edu/pub/debian/ stable main contrib non-free
    deb-src http://debian.cites.uiuc.edu/pub/debian/ stable main contrib non-free
    	

    (In the nano editor, you can use Ctrl-k (kut) to delete a line and Ctrl-u (unKut) to multiply paste it.)

    Otherwise, choose HTTP for the Debian archive access method and pick a mirror. Leave HTTP proxy blank.
17. Choose any desired software to install from the list, such as a Desktop environment. For a custom system, you may not want to choose any software to install at this step.
18. For Exim configuration, choose "mail sent by smarthost; received via SMTP or fetchmail". System mail name is ncsa.uiuc.edu. Listen on 127.0.0.1. Outgoing mail to smtp.ncsa.uiuc.edu. Root and postmaster mail recipient: real-root.
19. Login and su to root.
20. Update your installed packages:
    apt-get update; apt-get dist-upgrade
    You'll need to run this periodically to keep your system up-to-date.
21. Subscribe to the debian-security-announce mailing list to be informed of security advisories. See the Debian Security Information Page for more information about Debian security.
22. Make sure you have a fully-qualified hostname in /etc/hostname.
23. If you upgraded the kernel, you should reboot:
    /sbin/shutdown -r now

Customization

1. Login and su to root.
2. Secure Debian:
   apt-get remove netkit-inetd
   apt-get install harden harden-doc harden-servers checksecurity
3. Install some more useful software. For example:
   apt-get install ssh-krb5 emacs21 fetchmail mozilla-firefox latex xpdf ncftp openafs-client openafs-krb5 openafs-modules-source krb5-user krb5-config krb5-clients openssl libpam-openafs-session libpam-krb5 ntp-server ntpdate ngrep equivs java-common cvs cvsutils sudo sysutils valgrind libkrb5-dev libssl-dev zlib1g-dev zlib1g libpam0g-dev
   • Enter "NCSA.EDU" for the Kerberos realm. Enter "kerberos.ncsa.uiuc.edu kerberos-1.ncsa.uiuc.edu kerberos-2.ncsa.uiuc.edu" for the realm. Enter "kadmin.ncsa.uiuc.edu" for the administrative server. Add ".ncsa.uiuc.edu = NCSA.EDU" in the [domain_realm] section of /etc/krb5.conf.
   • Enter "ncsa.uiuc.edu" for the AFS cell. Set AFS cache size to 2000000 kB (2GB). Choose to dynamically generate the contents of /afs.
4. Now that mozilla-firefox is installed, open http://network.ncsa.uiuc.edu/activate/ to register this machine on the NCSA network.
5. Install a kernel optimized for your system. For example:
   apt-get install kernel-image-2.4-686-smp
   or
   apt-get install kernel-image-2.6-686-smp
   apt-cache search "^kernel-image" will list your options.
6. Install the openafs-modules (see /usr/share/doc/openafs-client/README.modules):
   apt-get install module-assistant
   module-assistant prepare openafs-modules
   module-assistant build,install openafs-modules
   /etc/init.d/openafs-client start
   
7. Add /afs/ncsa alias. Create /etc/openafs/CellAlias containing:
   ncsa.uiuc.edu ncsa
8. Set X11Forwarding yes and PermitRootLogin no in /etc/ssh/sshd_config.
9. Set NTP servers in /etc/ntp.conf and /etc/default/ntpdate. For NCSA hosts, use ntp.ncsa.uiuc.edu.
10. Add /etc/sysprofile.d:
    apt-get install sysprofile
11. Add the following to the end of /etc/profile to activate sysprofile.d:

    if [ -f /etc/sysprofile ]; then
      . /etc/sysprofile
    fi
    	

12. In some cases, I don't get an AFS token on login with the above configuration, so I also create /etc/sysprofile.d/aklog.bash containing the following:

    if [ "$KRB5CCNAME" ]; then
      tokens | grep "tokens for afs@ncsa.uiuc.edu" > /dev/null;
      if [ $? == 1 ]; then
        aklog;
      fi
    fi
    	

13. Add your host to the NCSA Kerberos database.
14. Install Sun's J2SE SDK. Add

    deb ftp://mirrors.ibiblio.org/pub/mirrors/blackdown/debian
    	

    to /etc/apt/sources.list and run:
    apt-get install j2sdk1.4 j2sdk1.4-doc
    Download .doc from http://java.sun.com/j2se/1.4.2/download.html to /tmp directory.
15. Install ant after Sun's SDK
    apt-get install ant
16. Setup printing
    cp /afs/ncsa/common/etc/printcap /etc/printcap
    apt-get install lprng
17. Setup PAM for Kerberos logins. Change /etc/pam.d/common-auth to contain only:

    auth    [success=ok default=1] pam_krb5.so forwardable
    auth    [default=done]  pam_openafs_session.so
    auth    required        pam_unix.so nullok_secure try_first_pass
    	

    Change /etc/pam.d/common-session to contain:

    session    optional     pam_krb5.so
    session    optional     pam_openafs_session.so
    session    required     pam_unix.so
    	

18. Run visudo to setup sudo permissions for yourself and others.
19. Add users:
    grep USERNAME /afs/ncsa/common/etc/passwd
    adduser --uid UID --disabled-password USERNAME
20. For Dells with ATI (Radeon) graphics chips, to get X-windows to show up in higher than 800x600 resolution, edit /etc/X11/XF86Config-4 as follows. Change the Driver line in Section "Device" from Driver "vesa" to Driver "ati" and change the Modes line in:

    SubSection "Display"
            Depth     24
            Modes    "800x600" "640x480"
    EndSubSection
    	

    to:

    SubSection "Display"
            Depth     24
            Modes    "1280x1024" "800x600" "640x480"
    EndSubSection
    	

21. If desired, change to using a static IP address rather than DHCP:
    1. apt-get install resolvconf
    2. Edit /etc/network/interfaces. For example:

       # The primary network interface
       auto eth0
       #iface eth0 inet dhcp
       #       pre-up iptables-restore < /etc/iptables.up.rules
       iface eth0 inet static
               address 141.142.234.9
               netmask 255.255.255.0
               gateway 141.142.234.1
               pre-up iptables-restore < /etc/iptables.up.rules
               dns-search ncsa.uiuc.edu
               dns-nameservers 141.142.2.2 141.142.230.144