Installing TarHeel Linux 6.3 on Laptops

Building TarHeel Linux 6.3 for the Laptop

Since the laptop is a portable device we need to configure it to be able to function with and without internet, on campus and off campus.  Therefore, TarHeel Linux 6 for laptop will be set up a little different from the desktop and server.Lenovo ThinkPad W530

Register the MAC addresses for both wired and wireless network for the laptop.  Have the laptop connected to wired network on campus.

Download the latest TarHeel Linux Boot 6.x iso image from the “Installation” page.  Burn a disc with the iso image to become the Tarheel Linux Boot 6.x disc.

Insert the TarHeel Linux 6.x Boot disc into the CDROM drive if your laptop has one.  If not, we will have to burn the TarHeel Linux 6.x Boot iso image to a USB key.

Power cycle the machine.

As soon as you see the BIOS splash screen, tap the F12 key. Once is good, twice is often better. This will cause the BIOS boot menu to be displayed. Use the arrow keys to choose the CDROM drive (look for CD or CDROM or CD/DVD – this will vary), and hit the “Enter” key.  If using USB key, look for the USB key entry.  Sometimes, booting from USB key needs to be enabled in the BIOS in advance.

There will be a pause at a “Welcome to TarHeel Linux 6.x!” splash screen. Use the up and down arrow keys to select i386 or x86_64 installation, server mode or not, as appropriate  for your particular laptop.  Hit tab to allow modifying the installation setup.  Edit the line to match the one below for installing TarHeel Linux 6.3.  Use the left and right arrow key to move the cursor, use Backspace key to erase unwanted characters.  Hit “Enter” when you are done editing.

initrd=initrd.img ks=http://linux.unc.edu/scientific/6.3/x86_64/ks/thl64-laptop.cfg

This will pick up the customized Kickstart file for laptop.  This customized Kickstart has included some extra steps to set up laptop to run TarHeel Linux 6 properly.

Most of the laptop comes with 2 network devices, wired and wireless.  Select the wired connection (eth0), hit tab to select “OK”, hit “Enter” to continue.

Now, it’s time for the TarHeel Linux Kickstart server to do the work.  After some initial setup  it will pop up the following message asking for input.  Make sure that you understand the warning message, then, enter “yes” to proceed.

*******************************************************************************************
*                                      W A R N I N G                                      *
*                                                                                         *
*      This process will completely erase the hard drive and install TarHeel Linux 6.3.   *
*                                                                                         *
*           Do you wish to continue? (Type the entire word "yes" to proceed.)             *
*                                                                                         *
*******************************************************************************************

Proceed with install?

Then, TarHeel Linux 6 installer asks for the ONYEN of the root user.  Root is the user who owns the root password, i.e. the system administration password.  Enter the ONYEN and hit Enter.  Enter “y” if you enter the correct ONYEN.

Enter ONYEN of the Root User for this TarHeel Linux Machine
ONYEN of Root User:

Once the ONYEN is entered, it will ask if it is correct or not.

Is this correct? [y/n]:

Enter “y” to continue.

For TarHeel Linux 6 installation, the root password needs to be established after installation.  This is a very important step of the installation.  The installer will pop up the following message to remind you on that.  Enter “yes” if you understand that.

*******************************************************************************************
*                                   IMPORTANT NOTE                                        *
*                                                                                         *
*         This installation requires setting up root password by the root user.           *
*                                                                                         *
*                        After installtion, log in as root user                           *
*                   and run "root_passwd_unc" to set up root password.                    *
*                                                                                         *
* It is absolutely essential that a strong password be used.  Root password is set to use *
* the same rules as the ONYEN password, with one exception.  The password may NOT contain *
* ANY dictionary word of four characters or greater.   Consider using the first character *
* of every word in a memorable passphrase.  The length can be between 8 and 12 characters *
* and must include upper and lower case letters, and at least one number and one special *
* character.                                                                             *
*                                                                                         *
* Do you wish to continue? (Type the entire word "yes" to proceed.)                       *
*                                                                                         *
*******************************************************************************************
Proceed with install?

The installer will ask if the root user is also the primary user of the system.  If yes, enter “y“, hit enter to proceed.  If not, enter the ONYEN of the primary user, confirm with “y” and proceed.

Is ONYEN also the primary user of this machine: [y/n]:

IMPORTANT: This build will reformat your hard drive.

Now, let the TarHeel Linux Kickstart server do the rest of the work. You can go get a cup of coffee. If you are really interested in what software is being loaded, all the packages are listed with short descriptions as they are loaded.

Once the load is complete, the boot disk will be ejected, grab it.

The system will be rebooted all by itself. When this boot is complete, you will have your very own TarHeel Linux host.  The whole setup takes about 15 minutes.

Congratulations!

Terminal Window

A right-click of your mouse anywhere on the wallpaper will display a menu which will enable you to open a terminal window. In that window, choose Edit/Profiles…/Default/[Edit]. The General menu allows you to choose a font size – which is probably the easiest way to control the actual size of your window. Check out the Color menu to choose background and font colors you like. Under the Effects menu, you can add transparency to the terminal background.

Root and Primary User Password

The first time you log in to the machine, you may want to change the root password.  Log in to the system as the root user, then, run the following command in a terminal.  Make sure that the wired network cable is still connected at this point.

[onyen@tarheellinux ~]$ root_passwd_unc

It will prompt you for primary user’s ONYEN password, enter that.  Then, enter your new root password.

To become root, one can use the following command.

[onyen@tarheellinux ~]$ su -

The “minus” will create a shell with root’s complete environment – including having the various sbin directories in the PATH. This action gets properly logged – in the case that you would ever want to know if anyone else tried to do something as root. The person who holds the root password can also use the sudo command to easily run single commands as root without needing to invoke a root shell. This means that you must protect your own password every bit as carefully as you protect the root password!

Once you log in as root, you may want to change the primary user password.  For a laptop, you want to have primary user password being local and not using the network based ONYEN authentication.  Change <ONYEN> to the ONYEN of the primary user.

[root@tarheellinux ~]# passwd <ONYEN>

The password rule again is very strict.  Having a strong password will protect your system better.  Type “exit” to quit the root account.

[root@tarheellinux ~]# exit

Adding New Users

We have an adduser program which will take an ONYEN as an argument, or the name of a file with a list of ONYENS, and will create accounts for those people on your machine using the correct NumericUID, NumericGID, and shell information from the UNC LDAP server for complete compatibility across systems. By default, home directories are created in /home. However, you can also specify the location of the home directories – even if they will reside on a remote server. You will need to be root to run this program. It is called “adduser_unc” and lives in /usr/local/sbin:

# adduser_unc chen

or

# adduser_unc -f /path/to/onyenfile

The format of this file is as follows:

# cat /path/to/onyenfile
chen
aarnold
bpack1
dwatson

For home directories exported from remote hosts:

# adduser_unc -h /mnt/remote/home  onyen

The administrator of the remote machine will have to create the actual home directories and make sure that the NumericUID and NumericGIDs match. If you have skel files you want each user to start with, you must give copies to this administrator. The default is to use the “dot” files in /etc/skel on your TarHeel Linux machine. You will have to put the proper entry in /etc/fstab and create a mount point to make sure this remote volume is properly mounted.

Wireless Network Access

At this point, the wired network cable can be disconnected and we are going to set up wireless network.

Click on the NetworkManager icon on the top right corner of the screen.  Then, select “UNC-Secure”.  In the “Wireless Network Authentication Required” window, enter the following parameters.

Wireless security:    WPA & WPA2 Enterprise
Authentication:       Tunneled TLS
Anonymous identity:
CA certificate:       (None)
Inner authentication: PAP
Username:             <ONYEN>
Password:             <ONYEN Password>

When NetworkManager is complaining about “No Certificate Authority certificate chosen”, click “Ignore” to continue.

Then, to avoid TarHeel Linux 6 from asking keyring password for every login, we do the following.

Select System -> Preferences -> Network Connections menu.  In the “Network Connections” window, click on the “Wireless” tab, select “Auto UNC-Secure” and click “Edit…”.  Enter root password to continue.  At the bottom of the “Editing Auto UNC-Secure” window, check the box labelled as “Available to all users”, click “Apply…” to continue.  Click “Close” to close the “Network Connections” window.

VPN Access

When off campus, it is recommended (or for some resources, required) to use VPN to access computing resources on campus.  To log on to VPN, run the following command on a terminal window.

vpnc

Enter your ONYEN and ONYEN password.  To disconnect, run this command.

vpnc-disconnect

Daily Update and Security Report

When the laptop is on campus, daily update will be done around 4am everyday and security reports will be sent around the same time.  However, when the laptop is off campus, daily routine update will fail unless VPN is on.  If the laptop is to be turned off around 4am in the morning, it is recommended that you turn on VPN and do a manual update regularly.  Depending on your ISP, the daily security reports may or may be able to send depending on whether your ISP is being trusted by UNC mail server.

To do a manual update of the TarHeel Linux 6 when off campus, invoke the following commands.

vpnc

Enter your ONYEN and ONYEN password.  Then, run the update command to update the OS.

yum update