August 28, 2006
If you want to enable Xgl and are using either ATI* or NVIDIA cards, you must register SLED 10 during or after installation in order to have the proper video drivers automatically installed when you enable Xgl.
To register after installation, open the YaST Control Center and click> . Follow the online instructions to enable online updates and register your copy of SLED 10.
The new Xgl configuration option is called Desktop Effects in the GNOME* Control Center. For ATI and NVIDIA cards, you need the drivers from the vendor (see section 1.1 for instructions on how to get the drivers). For Intel* cards, the appropriate drivers are included. 3D support must be enabled in sax2.
If this option fails on your card, undo the switch by logging in as root to a virtual console and running the following command:
Under Xgl, some programs (such as Eagle CAD) have a bug where the application window is always semi-transparent. This is caused by the application using an ARGB visual. Export XLIB_SKIP_ARGB_VISUALS=1 when running the program to work around this. For example:
When trying to use the Xgl full screen mode (that is, pressing Alt+Enter or clicking> ) on SLED workstations running VMware in host mode, you might receive a message saying that you need to add settings to the /etc/X11/XF86Config file. However, this file does not exist on SLED 10.
To use the full screen mode, click> in VMware, then click the tab. Change the option from to or .
Desktop Effects (Xgl) and laptop suspend (both suspend-to-disk and suspend-to-ram) are known to have problems, particularly on ATI and Intel hardware. We are working with our hardware partners to resolve these issues and hope to have updates available soon that make it possible to suspend with Desktop Effects enabled.
For detailed installation instructions, see the SUSE Linux Enterprise Desktop 10 Deployment Guide.
If you chose to not install the Java* runtime environment (JRE) during the installation of ConsoleOne® and your existing JRE is not the one noted in System Requirements for Linux* or System Requirements for Solaris, you might want to add the bundled JRE to your ConsoleOne installation (type c1-install -c jre at the system prompt). If you are sure you want to run with a different JRE, then set the JRE_HOME or C1_JRE_HOME environment variable to the location of that JRE. ConsoleOne determines which JRE to use as follows:
IMPORTANT:For ConsoleOne 1.3.6d and later, if the Linux Kernel version installed on your system is 2.6, the JRE included in the ConsoleOne installation package is not installed.
To use iSCIS-discs during installation, add the following parameter to the kernel parameter line:
During installation, an additional screen displays that gives you the opportunity to attach iSCSI-discs to the system and use them in the installation process.
If you want to use EDD information (/sys/firmware/edd/) to identify your storage devices, you must change the installer default settings using an additional kernel parameter.
If you have installed and configured an iSCSI SAN, and have created and configured EVMS Disks/Volumes on that iSCSI SAN, your EVMS volumes might not be visible or accessible. This problem is caused by EVMS starting before the iSCSI service. iSCSI must be started and running before any disks or volumes on the iSCSI SAN can be accessed.
To resolve this problem, enter either chkconfig evms on or chkconfig boot.evms on at the Linux server console of every server that is part of your iSCSI SAN. This ensures that EVMS and iSCSI start in the proper order each time your servers reboot.
If you plan to add additional storage devices to your system after the OS installation, we strongly recommend using persistent device names for all storage devices during installation. By default, the installer uses the kernel device names.
During installation, enter the partitioner. For each partition, selectand go to the dialog. Any mount option except provides you persistent device names.
To switch an already installed system to use persistent device names, proceed as described above for all existing partitions. In addition, you must rerun the bootloader module in YaST to switch the bootloader to also use the persistent device name. Start the module and selectto write the new proposed configuration to disk. This needs to be done before adding the new storage devices.
With SUSE® Linux Enterprise Desktop 10, we switched to cryptoloop as the default encryption module. Novell® Linux Desktop 9 used twofish256 with loop_fish2 and 256 bits. The old twofish is supported as twofish. Now we are using twofish256 with cryptoloop and 256 bits. The old twofish256 is supported as twofishSL92.
When the way the root device is mounted (for example, by UUID or by label) is changed in YaST2, the bootloader configuration needs to be saved again to make the change effective for the bootloader.
Thesetting displayed by YaST2 bootloader is the setting that is in effect after saving the configuration.
For a list of software changes from Novell Linux Desktop 9 to SUSE Linux Enterprise Desktop 10, see Section 8.3 in the SUSE Linux Enterprise Desktop 10 Deployment Guide.
When upgrading to SLED 10 from NLD 9 or SLES 9, extended attributes (which increase Beagle’s indexing performance of the Beagle search engine) might not be turned on by default. To enable extended attributes, add the /etc/fstab. For example:option for mounting in
/dev/hda4 /home ext3 acl,user_xattr 1 2
The UI layout is also reset when upgrading from NLD 9. The old configuration is stored in the user's home directory as panel-settings-backup-<datetimestamp>.xml. To restore the former configuration, run gconftool-2 --load panel-settings-backup-<datetimestamp>.xml and then killall gnome-panel. To prevent an upgrade on login, touch ~/.skel/sled10-run.
If you are upgrading an NLD 9 machine running the Novell Client™ for Linux 1.0 or 1.1 to SUSE Linux Enterprise Desktop 10, the update process breaks the Novell Client for Linux 1.0 or 1.1 (neither of which are supported on SLED 10).
You need to uninstall the Novell Client for Linux 1.0 or 1.1, and then install the Novell Client for Linux 1.2 on SLED 10.
MIT Kerberos is now used instead of Heimdal. Automatically converting an existing Heimdal configuration is not always possible. During a system update, backup copies of configuration files are created in /etc with the suffix .heimdal. YaST-generated configuration settings in /etc/krb5.conf are converted, but check whether the results match your expectations.
Before starting the update, you should decrypt an existing Heimdal database into a human-readable file with the kadmin -l dump -d heimdal-db.txt command. This way, you can create a list of available principals that you can restore one by one using KDC from MIT Kerberos. For more information about setting up a KDC, see the documentation in the krb5-doc package.
To configure a Kerberos client, start the YaST Kerberos Client module and enter your values for, , and .
When updating a system with the snd-intel8x0 module (for Intel, SIS, AMD and NVIDIA on-board chips), the system might be unable to load the module at reboot because the module option joystick was removed from the newer version. To fix the problem, re-configure the sound system using YaST.
This release of SUSE Linux Enterprise Desktop ships with Novell AppArmor™. This feature protects your applications from software exploits. AppArmor protection can be enabled via the AppArmor control panel, which is located in YaST under Novell AppArmor. For detailed information about using Novell AppArmor, see /usr/share/doc/packages/apparmor-docs/book.apparmor.admin-online.pdf.
The AppArmor profiles included with SUSE Linux have been developed in conjunction with our best efforts to reproduce how most users will use their software. The profiles we have provided work unmodified for many users; however, some users might find our profiles too restrictive for their environments.
If you discover that some of your applications do not function as you expected, you might need to use the AppArmor Update Profile Wizard in YaST, or use the aa-logprof(8) command line utility to update your AppArmor profiles. You can place all your profiles into learning mode with the following command:
When a program generates many complaints, the system's performance is degraded. To mitigate this, we recommend periodically running the Update Profile Wizard or aa-logprof(8) to update your profiles even if you choose to leave them in learning mode. This reduces the number of learning events logged to disk, which improves the performance of the system.
SuSEfirewall2 is enabled by default. That means that by default you cannot log in from remote systems. This firewall also interferes with network browsing and multicast applications, such as SLP, Samba (Network Neighborhood), and some games. You can fine-tune the firewall settings using YaST.
By default, IPv6 support is not enabled for KDE because IPv6 addresses are not properly supported by all Internet service providers, which causes error messages when browsing the Web and delays when displaying Web pages. You can enable it using the /etc/sysconfig editor or YaST.
On SUSE Linux Enterprise Desktop 10, a new mounting mechanism replaces the submount system used in Novell Linux Desktop 9. This new mechanism does not automatically unmout media, only on hardware request. Some devices (most notably older CD drives, but also some new drives with broken firmware) won't send this signal. Right-click the device icon (for example, the CD icon) on the desktop to eject the media.
On some computers, Firefox* with Pango support enabled is very slow. The performance seems to depend on the X server. Set MOZ_DISABLE_PANGO=1 if font rendering is rather slow.
The LUM workstation context option on the Linux User Management Configuration screen in YaST is specified as Optional for Desktop, but if an admin name and context were specified on the previous configuration screen, the LUM workstation context option is mandatory.
Step 5 in “Section 33.1: Setting Up Workstations to Use eDirectory Authentication” in the SUSE Linux Enterprise Desktop 10 Deployment Guide says to place the CA certificate for the LDAP server in the /var/nam directory. The certificate should be placed in the /var/lib/novell-lum directory.
On 64-bit systems, the Helix* Banshee* music player does not support burning audio CDs from AAC or MP3 file formats.
If you want to use the IMAP protocol for mail support (using SOAP for calendars), set the environment variable USE_IMAP=1.
To function properly, the Novell VPN Client package (turnpike) requires a root-level daemon. This service is named racoon and it is part of the ipsec-tools package. This daemon is not started automatically after every reboot or after installation, so you must start it when you want to connect to remote services. This daemon requires root privileges.
If you plan to use VPN functionality often, we recommend making this service run by default during boot time. If you don’t have root privileges to your workstation, contact your system administrator.
To start the service when needed, use the following command:
To stop the service, use the following command:
To make this service start by default during boot time:
Open YaST (in KDE, click the main menu >> ; in GNOME, click > > > ).
Select, then click .
If you have configured your system to authenticate with an eDirectory server, you should reboot once before you log in to your system to ensure that all daemons that use /etc/nsswitch.conf are restarted.
For more detailed information on networking using NetworkManager, see the Connectivity Guide.
NetworkManager does not support the sysconfig DHCLIENT_BIN option. It uses dhclient exclusively. NetworkManager and dhclient also do not support automatically configuring xntpd via DHCP.
The following sysconfig options are supported in NetworkManager (no other sysconfig options are supported):
Wireless drivers that are unable to return hidden ESSID's in scan results, such as prism, do not find and connect automatically with NetworkManager to a hidden ESSID end point. You must left-click the NetworkManager applet and selecteach time.
The madwifi driver does not scan.
This section contains a number of technical changes and enhancements for the experienced user.
JFS is no longer supported for new installations. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.
Hotplug events are now completely handled by the udev daemon (udevd). We do not use the event multiplexer system in /etc/hotplug.d and /etc/dev.d anymore. Instead, udevd calls all hotplug helper tools directly, according to its rules. Udev rules and helper tools are provided by udev and various other packages.
By default, calling su to become root does not set the PATH for root. Either call su - to start a login shell with the complete environment for root or set ALWAYS_SET_PATH to Yes in /etc/default/su if you want to change the default behavior of su.
The shell script sux was removed. The functionality of forwarding xauth keys between users is now handled by the pam_xauth module and su.
Cardmgr no longer manages PC cards. Instead, as with Cardbus cards and other subsystems, a kernel module manages them. All necessary actions are executed by hotplug. The pcmcia start script has been removed and cardctl is replaced by pccardctl. For more information, see /usr/share/doc/packages/pcmciautils/README.SUSE.
Java packages are changed to follow the JPackage Standard (http://www.jpackage.org/). Read the documentation in file:///usr/share/doc/packages/jpackage-utils/ for more information.
If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig/language. Use the same variable names but without the RC_ namespace prefixes (for example, use LANG instead of RC_LANG). For information about locales in general, see “Section 18.4: Language and Country-Specific Settings” in the SUSE Linux Enterprise Desktop 10 Deployment Guide.
Many applications now rely on D-BUS for interprocess communication (IPC). Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/xinitrc uses dbus-launch to start the window manager.
If you have a local ~/.xinitrc file, you must change it accordingly. Otherwise, applications like F-Spot, Helix Banshee, Tomboy, or NetworkManager might fail. Save your old ~/.xinitrc, then copy the new template file into your home directory with:
cp /etc/skel/.xinitrc.template ~/.xinitrc
Finally, add your customizations from the saved .xinitrc.
For reasons of compatibility with LSB (Linux Standard Base), most configuration files and the init script were renamed from xntp to ntp. The new filenames are:
On some machines, CPU frequency scaling can cause hangs when the machine is idle or when powersaved starts. In this case, disable the powersave daemon at the installation with POWERSAVE=off as a boot parameter.
When this parameter is not given at the initial CD boot of the installation, powersaved must be disabled later using chkconfig powersaved off.
The local and IO APIC for the 32-bit x86 architecture has changed. A local and IO APIC (I/O Advanced Programmable Interrupt Controller) is an SMP-capable replacement for PC-style interrupt controllers. SMP systems and all recent uniprocessor systems have such a controller.
Until now, local and IO APIC was disabled on uniprocessor systems by default was manually activated by using the apic kernel parameter. Now it runs by default and can be manually deactivated. For 64-bit systems, APIC is always enabled by default.
If you experience problems with devices not working properly, you can manually apply the following configuration options:
The ulimit settings can be configured in /etc/sysconfig/ulimit. By default, only two limits are changed from the kernel defaults:
These soft limits can be overridden with the ulimit command by the user. Hard limits can only be overridden by root.
The values have been chosen conservatively to avoid breaking large processes that have worked before. If there are no legitimate processes with huge memory consumption, set the limits lower to provide more effective protection against runaway processes. The limits are per process and thus not an effective protection against malicious users. The limits are meant to protect against accidental excessive memory usage.
To configure different limits depending on the user, use the pam_limits functionality and configure /etc/security/limits.conf. The ulimit package is not required for that, but both mechanisms can be used in parallel. The limits configured in limits.conf override the global defaults from the ulimit package.
For SUSE Linux Enterprise Desktop 10 documentation, see http://www.novell.com/documentation/sled10.
In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path.
A trademark symbol (®, ™, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to www.novell.com/info/exports/ for more information on exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright © 2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents/ and one or more additional patents or pending patent applications in the U.S. and in other countries.
For Novell trademarks, see the Novell Trademark ad Service Mark list. All third-party trademarks are the property of their respective owners.