6.13 Configuration of the Installed System

The system is now installed, but not yet configured for use. The hardware, the network and other services are not yet set up.

6.13.1 System Configuration

Having rebooted, the system starts the manual configuration. If the configuration fails at one of the steps of this stage, it restarts and continues from the last successful step.

Password for the System Administrator root

root is the name of the superuser, the administrator of the system. Unlike regular users, who may or may not have permission to execute administrative commands on the system, root has unlimited command capacity, for instance changing the system configuration, installing programs, and setting up new hardware. If users forget their passwords or have other problems with the system, root can help. The root account should only be used for system administration, maintenance, and repair. Logging in as root for daily work is rather risky: a single mistake could lead to the irretrievable loss of system files.

For verification purposes, the password for root must be entered twice. Do not forget the root password. Once entered, this password cannot be retrieved.

When typing passwords, the characters are replaced by dots, so you do not see the string you are typing. If you are unsure whether you have typed the correct string, use the Test Keyboard Layout field for testing purposes.

SUSE Linux Enterprise Server can use the DES, MD5, or Blowfish encryption algorithms for passwords. The default encryption type is Blowfish. To change the encryption type, click Expert Options > Encryption Type and select the new type.

The root can be changed any time later in the installed system. To do so run YaST and start Security and Users > User and Group Management.

Hostname and Domain Name

The hostname is the computer's name in the network. The domain name is the name of the network. A hostname and domain are proposed by default. If your system is part of a network, the hostname has to be unique in this network, whereas the domain name has to be common to all hosts on the network.

In many networks, the system receives its name over DHCP. In this case it is not necessary to modify the proposed hostname and domain name. Select Change Hostname via DHCP instead. To be able to access your system using this hostname, even when it is not connected to the network, select Assign Hostname to Loopback IP. Do not enable this option when your machine provides network services. If you often change networks without restarting the desktop environment (e.g. when switching between different WLANs), do not enable this option either, because the desktop system may get confused when the hostname in /etc/hosts changes.

To change hostname settings at any time after installation, use YaST Network Devices > Network Settings. For more information, see Section 22.4.1, Configuring the Network Card with YaST, (↑Administration Guide).

Network Configuration

By default, Traditional Method without NetworkManager Applet is enabled. If desired, you can also use NetworkManager to manage all your network devices. However, the traditional method is the preferred option for server solutions. Find detailed information about NetworkManager in Section 27.0, Using NetworkManager, (↑Administration Guide).

The network can also be configured after the system installation has been completed. If you skip it now, your system is left offline unable to retrieve any available updates. To configure your network connection later, select Skip Configuration and click Next.

The following network settings can be configured in this step:

General Network Settings

Enable or disable the use of NetworkManager as described above. Also change the IPv6 support here. By default the IPv6 support is enabled. To disable it, click Disable IPv6. For more information about IPv6, see Section 22.2, IPv6—The Next Generation Internet, (↑Administration Guide).

Firewall

By default SuSEFirewall2 is enabled on all configured network interfaces. To globally disable the firewall for this computer, click on Disable. If the firewall is enabled, you may Open the SSH port in order to allow remote connections via secure shell. To open the detailed firewall configuration dialog, click on Firewall. See Section 15.4.1, Configuring the Firewall with YaST, (↑Security Guide) for detailed information.

Network Interfaces

All network cards detected by YaST are listed here. If you have already set up a network connection during the installation (as described in Network Setup) the card used for this connection is listed as Configured. A click on Network Interfaces opens the Network Settings dialog, where you can change existing configurations, set up networks cards not configured yet, or add and configure additional cards.

DSL Connections, ISDN Adapters, and Modems

If your computer is equipped with an internal DSL modem, an internal ADSL Fritz Card, an ISDN card or a modem, clicking on the respective headline opens the configuration dialog. Refer to Section 11.0, Accessing the Internet for further information.

VNC Remote Administration

To enable remote administration of your machine via VNC, click VNC Remote Administration. Choose Allow Remote Administration in the following dialog and adjust your firewall settings accordingly.

Proxy

If you have a proxy server controlling the Internet access in your network, configure the proxy URLs and authentication details in this dialog.

HINT: Resetting the Network Configuration to the Default Values

Reset the network settings to the original proposed values by clicking Change > Reset to Defaults. This discards any changes made.

Test Internet Connection

After having configured a network connection, you can test it. For this purpose, YaST establishes a connection to the SUSE Linux Enterprise Server server and downloads the latest release notes. Read them at the end of the installation process. A successful test is also a prerequisite for the automatic addition of the default repositories and for updating online.

If you have multiple network interfaces, verify that the desired card is used to connect to the Internet. If not, click Change Device.

To start the test, select Yes, Test Connection to the Internet and click Next. In the following dialog, view the progress of the test and the results. Detailed information about the test process is available via View Logs. If the test fails, click Back to return to the network configuration to correct your entries.

Proceed with Next. If the test was successful, the official software repositories for SUSE Linux Enterprise Server and the update repository will be configured. Downloading the repository data for the first time may take some time.

If you do not want to test the connection at this point, select No, Skip This Test then Next. This also skips downloading the release notes, configuring the customer center and updating online. These steps can be performed any time after the system has been initially configured.

Novell Customer Center Configuration

To get technical support and product updates, you need to register and activate your product with the Novell Customer Center. The Novell Customer Center Configuration provides assistance for doing so. Find detailed information about Novell Customer Center at http://www.novell.com/documentation/ncc/.

If you are offline or want to skip this step, select Configure Later. This also skips SUSE Linux Enterprise Server's online update.

In Include for Convenience, select whether to send unsolicited additional information, such as your Hardware Profile or Optional Information when registering. This simplifies the registration process. Click on Details to get in-depth information about how the data will be collected. In order to obtain information about which data will be sent for your specific product, the Novell server will be connected. Upon this initial connect no data other than the ID of your product will be sent to the Novell servers.

In order to become entitled for support, make sure to check Registration Code. You will be prompted to enter the code when proceeding with Next. Find more information about the technical support at http://www.suse.com/support/programs/.

NOTE: Data Privacy

No information is passed to anyone outside Novell/SUSE. The data is used for statistical purposes and to enhance your convenience regarding driver support and your Web account. Find a link to the detailed privacy policy by clicking on Details. View the information transmitted in the log file at /root/.suse_register.log.

Apart from activating and registering your product, this module also adds the official update repositories to your configuration. These repositories provide fixes for known bugs or security issues which can be installed via an online update.

To keep your repositories valid, select Regularly Synchronize with Customer Center. This option checks your repositories and adds newly available catalogs or removes obsolete ones. It does not affect manually-added repositories.

Proceed with Next. A connection with the Novell server is established. Follow the on-screen instructions to finish the registration.

HINT: Re-registering an Installed System with a Different Registration Code

When you register a system in Novell Customer Center, registration data is stored locally and in the Novell Customer Center database. Although it is normally not necessary, there are corner cases which may require you to re-register an already installed machine with a different registration code. To do so, proceed with the following steps on the installed system:

  1. Enter the following command as user root to delete the installation data on the local machine:

    suse_register.pl --erase-local-regdata
  2. Next you need to remove the registered system from the Novell Customer Center database. Go to http://www.suse.com/ in a browser and click Support > Customer Center. Log in and navigate to My Systems > System. Select the system and remove it by clicking on the dash sign in the bottom bar of the table.

  3. Now you can re-register the machine with either suse-register or the YaST module Online Update Configuration.

Local Registration Server

If your organization provides a local registration server instead of using the Novell Customer Center, you need to specify the server's URL. Client and server communicate solely via HTTPS protocol, therefore you also need to enter a path to the server's certificate if the certificate was not issued by a certificate authority. Open the dialog with Advanced > Local Registration Server

Registration Server

URL of the registration server. The URL has a fixed format https://FQN/center/regsvc/ FQN has to be full qualified hostname of the registration server. Example:

https://smt.example.com/center/regsvc/
Server CA certificate location

Location of the registration server's certificate. Specify one of the following locations:

URL

Remote location (http, https or ftp) from which the certificate can be downloaded. Example:

http://smt.example.com/smt-ca.crt
Floppy

Specifies a location on a floppy. The floppy has to be inserted before proceeding. The value has to start with the string floppy followed by the path to the certificate. Example:

floppy/smt/smt-ca.crt
local path

Absolute path to the certificate on the local machine. Example:

/data/inst/smt/smt-ca.cert
Interactive

Use ask to open a pop-up menu where you can specify the path to the certificate. Do not use this option with AutoYaST. Example

ask
Deactivate certificate installation

Use done if either the certificate will be installed by an add-on product, or if you are using a certificate issued by an official certificate authority. Example:

done

Online Update

If an Internet connection has been established, and updates are available, select whether to perform a YaST online update. If there are any patched packages available on the servers, download and install them now to fix known bugs or security issues. For detailed instructions see Section 1.0, YaST Online Update, (↑Administration Guide). Directives on how to perform an online update in the installed system are available at Section 9.4, Keeping the System Up-to-date or Section 1.0, YaST Online Update, (↑Administration Guide). This step is skipped if no updates are available or no Internet connection has been established. Patches fixing security issues and recommended patches applying to your installation are automatically preselected. Click Accept to install them and Next to proceed with the system configuration.

IMPORTANT: Downloading Software Updates

The download of updates might take quite some time, depending on the bandwidth of the Internet connection and the size of the update files. In case the patch system itself is updated, the online update will restart and download more patches after the restart. If the kernel was updated, the system will reboot before completing the configuration.

Services Configuration

After testing the Internet connection and downloading the first updates, a dialog opens in which to enable and configure three network services.

CA Management

The purpose of a CA (certificate authority) is to guarantee a trust relationship among all network services communicating with each other. Without a CA, you can secure server communications with SSL and TLS separately for each individual service. By default, a CA is created and enabled during the installation. Find details about the creation of a CA with YaST in Section 17.0, Managing X.509 Certification, (↑Security Guide).

OpenLDAP Server

You can run an LDAP service on your host to have a central facility manage a range of configuration files. Typically, an LDAP server handles user account data, but with SUSE Linux Enterprise Server it can also be used for mail, DHCP, and DNS data. By default, an LDAP server is set up during the installation. If you decide against the use of an LDAP server, the YaST mail server module does not work because it depends on LDAP functionality. However, you can still set up a mail server on your system with the help of the Mail Transfer Agent module. Find details about LDAP and its configuration with YaST in Section 4.0, LDAP—A Directory Service, (↑Security Guide).

Services

The CIM (Common Information Model) Server is started by default. Click Disable to prevent the server automatically stating at boot time. For more information on CIM services refer to Section 34.0, Web Based Enterprise Management Using SFCB, (↑Administration Guide).

If preferred, you can skip this configuration proposal for now. After the installation is finished, configure and start the same services with the help of YaST.

HINT: Resetting the Service Configuration to Defaults

Restore the defaults by clicking Change > Reset to Defaults. This discards any changes made.

User Authentication Method

If network access was configured successfully during the previous steps of the installation, you can now choose from several user management options. If a network connection has not been configured, create local user accounts. You may also, if present, import users from a previous installation. Also change the password encryption type in this dialog.

You can also add additional user accounts or change the user authentication method in the installed system. For detailed information about user management, see Section 12.0, Managing Users with YaST.

The default authentication method is Local (/etc/passwd). If a former version of SUSE Linux Enterprise Server or another system using /etc/passwd is detected, you may import local users. To do so, check Read User Data from a Previous Installation and click Choose. In the next dialog, select the users to import and finish with OK.

Manually enter local users by clicking Next. The New Local User dialog opens. After entering the first name and last name, either accept the proposal or specify a new Username that will be used to log in. Finally, enter a password for the user. Reenter it for confirmation (to ensure that you did not type something else by mistake). To provide effective security, a password should be between five and eight characters long. The maximum length for a password is 72 characters. However, if no special security modules are loaded, only the first eight characters are used to discern the password. Passwords are case-sensitive. Special characters (7-bit ASCII) and the digits 0 to 9 are allowed. Other special characters like umlauts or accented characters are not allowed.

Passwords you enter are checked for weakness. When entering a password that is easy to guess, such as a dictionary word or a name, you will see a warning. It is a good security practice to use strong passwords.

Two additional options are available:

Receive System Mail

Checking this box sends messages created by the system services to the user. These are usually only sent to root, the system administrator. This option is useful for the most frequently used account, because it is highly recommended to log in as root only in special cases.

The mails sent by system services are stored in the local mailbox /var/spool/mail/username, where username is the login name of the selected user. To read e-mails after installation, you can use any e-mail client, for example KMail or Evolution.

Automatic Login

This option automatically logs the current user in to the system on start-up. This is mainly useful if the computer is operated by only one user. For automatic login to work, the option must be explicitly enabled.

WARNING: Automatic Login

With automatic login enabled, the system boots straight to your desktop with no authentication at all. If you store sensitive data on your system, you should not enable this option if the computer can also be accessed by others.

Enter more users by calling the User Management module described in Section 12.0, Managing Users with YaST.

When using a network server for user authentication, access to the following services can be configured:

LDAP

Users are administered centrally on an LDAP server for all systems in the network. More information is available in Section 4.4, Configuring an LDAP Client with YaST, (↑Security Guide).

NIS

Users are administered centrally on a NIS server for all systems in the network. See Section 3.2, Configuring NIS Clients, (↑Security Guide) for more information.

Windows Domain

SMB authentication is often used in mixed Linux and Windows networks. Detailed information is available in Section 28.6, Samba Server in the Network with Active Directory, (↑Administration Guide) and Section 5.3, Configuring a Linux Client for Active Directory, (↑Security Guide).

Along with user administration via LDAP and NIS, you can use Kerberos authentication. To use it, select Set Up Kerberos Authentication. For more information on Kerberos, refer to Section 6.0, Network Authentication with Kerberos, (↑Security Guide).

Release Notes

After completing the user authentication setup, YaST displays the release notes. Reading them is recommended, because they contain important up-to-date information which was not available when the manuals were printed. If you successfully tested the Internet connection, read the most recent version of the release notes, as fetched from SUSE Linux Enterprise Server's servers. Use Miscellaneous > Release Notes in YaST or start the SUSE Help Center to view the release notes after installation.

Hardware Configuration

At the end of the installation, YaST opens a dialog for the configuration of Graphics Cards > Printer and Sound. Click the individual components to start the hardware configuration. For the most part, YaST detects and configures the devices automatically.

You can skip any peripheral devices and configure them later, as described in Section 8.0, Setting Up Hardware Components with YaST. To skip the configuration, select Skip Configuration and click Next.

However, when setting up a desktop system you should configure the graphics card right away. Although the display settings as configured by YaST should be generally acceptable, most users have very strong preferences as far as resolution, color depth, and other graphics features are concerned. To change these settings, select the respective item and set the values as desired.

HINT: Resetting Hardware Configuration to the Default Values

You can cancel any changes to the hardware configuration by clicking Change > Reset to Defaults. YaST then shows the original proposal again.

Installation Completed

After a successful installation, YaST shows the Installation Completed dialog. In this dialog, select whether to clone your newly installed system for AutoYaST. To clone your system, select Clone This System for AutoYaST. The profile of the current system is stored in /root/autoyast.xml. Cloning is selected by default.

AutoYaST is a system for installing one or more SUSE Linux Enterprise Server systems automatically without user intervention. AutoYaST installations are performed using a control file with installation and configuration data.For detailed information, refer to Section 21.0, Automated Installation. Finish the installation of SUSE Linux Enterprise Server with Finish in the final dialog.