The Linux Page

Installing an Ubuntu Server & more

A beautiful table ready to be server with plates, glasses, napkins, all very elegantly set.

Getting the OS

First go to https://ubuntu.com/ and get the latest version you're interesting in. They offer server version that they support for 5 years or so. I suggest one of those if you want to run a server. This is an ISO, in generate around 600Mb so be ready to wait a few hours... Even with a really fast connection, because the transfer will be limited by the mirror in most cases.

WARNING
Unless you know better, I strongly suggest you get the Ubuntu Server version. Maybe a bit more annoying to use BUT it works on ALL computers. And if the Desktop (or graphical) version does not work, you'd have to download the Ubuntu Server version anyway.

Burn the CD

You need a CD burner. Ask a friend if you do not have one, but if you do so, test the CD before coming back home. To do so, boot the CD in your Friends machine and select the 2nd menu entry (after you selected the language if you are forced to do so, it is like that in 8.04, it may have happened before though.)

And if you're lucky as a champ, the first burn worked. I had to do 3 to get it to work!

Use a Thumbdrive

You can also use a thumbdrive. Since at least Ubuntu 10.04 explains how to install on CD or a thumbdrive. So you can check their website for more info on that one.

Remember that writing on a Flash drive is very slow. Writing a 700Mb ISO file decompressed can take 2 to 3 hours... it is normal. Now the difference with the CD is that the boot will work first time (assuming that your computer supports booting up from a USB port.)

Start the Installation

Insert the CD in your computer, and reboot or turn the computer on (whichever works best for you.) Select your language if queried, then select the top entry to install everything. Note that the server version uses a console based installer (i.e. text only.) This is very practical since that way you avoid problems with your graphics card until later (or even better, if you install a server you should never have X11 anyway... so not doing a graphical installation makes sense since you'll never have to bother with the graphical interface.)

WARNING
Linux is great for servers. That's the best around these days (methink). However, the installation will attempt to connect you to some Network and possibly even to the Internet. Whether this is required, I do not know. I noticed apt-get being used for the install, but from what I can tell, it only reads data from your CD-ROM at the time it is installing your system.

Yet, if you do not have a box with a firewall, DO NOT CONNECT YOUR NETWORK CARD TO ANYTHING. That way you will avoid potential problems. Connect the computer to your Internet connect only AFTER you setup the firewall. Somehow, Ubuntu does not provide any kind of default for the firewall. It still seems strange to me, but well...

Problem with your CD Drive

In my latest installation the system would tell me that it couldn't properly mount the CD. I thought that was strange since I could go to the shell and see the files (although not all of them) on the CD drive and thus it was clearly mounted.

After searching the Internet, I found out that the Ubuntu forum had the answer: the CD drive was not properly recognized. I've used that drive with many motherboards installing Ubuntu and had no problem. So I guess that was a problem with that one mother board.

I replaced the drive with another one (I had a couple unused one to try with...) That worked right on and the CD check worked on the whole media.

Installation Procedure (Partitioning)

For most of the installation, you should not have much of a problem. Unless you are an expert, forget multi-boot systems. Ubuntu by itself is good enough for you anyway.

WARNING
Note that the user you create at that time will be the only user on the system and you MUST remember the login name and password. Otherwise you won't be able to use that system. There is not "reset password" option on Linux.

If you are installing a server and want to use software RAID, then you will need to do a manual installation of your partitions. First, set the partitions to Physical volume for RAID. Then edit the RAID setup (another menu at the top of the manual setup) and finally, when you are done linking partitions, define what's what.

I strongly suggest RAID1 if you want to use RAID. Others are not as safe for your data (i.e. RAID1, if a drive dies, you still have the other 100% functioning except maybe for the boot sector, but that can be re-installed safely.)

When asked what you want to install, for the Server, it is safe to install everything unless you know for sure that certain things won't be necessary. (Not that on 8.10 they do not offer you to choose what is going to be installed. Instead you'll have to use apt-get later to add the modules, etc. that you want to run with.)

If installing a Desktop version, watch out because installing everything won't usually work correctly. Actually, often you should only install the base system including X11 and when you reboot, use apt-get to install other software. This is my experience of the installer. You may have better luck too. (after all, it has been several years since I tried to install a Desktop Ubuntu!)

Reboot

At some point, the installation will tell you that you're done. It's not so bad, time wise. It took me only 1h total on a PowerEdge to get the OS installed. And I would think that the installer does not run with both processors.

WARNING
Again, remember that the firewall will be totally open and you will have many servers started on first boot (SMTP, Apache, BIND and a few others that are generally okay, but you may have servers like Samba and DHCP which are not! And you may not know for sure what's running until you reboot...)

So really, frankly, disconnect that computer network card until you know for sure what you're doing (unless that computer is connected to a 100% trusted network.)

Booting...

Let the computer boot. If you installed a weird sendmail system, then it will get stuck for a minute on that one. It looks like they now use postfix which works properly. Otherwise, change the /etc/init.d/sendmail script or remove the S??sendmail from the /etc/rc2.d folder.

Once booted, you should get a Login prompt. Enter the name of the user you created at the time you ran the installation and his password. If you forgot the password, and wrote it really badly on that old envelope, then you will be good for a reboot to the rescue system that will let you fix it (good luck) or to re-install.

Firewall

As I mentioned before, you want to setup your firewall BEFORE you connect your computer to the Internet (and Intranet if you're at work or whatever non-100%-secure network.)

I now have a separate page for the Firewall setup.

DHCP (why ping & dig don't find IPs)

Now a day, it is often that your server will be setup for DHCP automatically. I find it annoying since in most cases a server will be on a static address (or am I a weirdo?) In any event, you will have to edit the network interface setup. This is in /etc/network/interfaces. The following is a basic sample that will work in most cases. Obviously, do not use 192.168.1.1 if you were assigned another IP. Change the network and broadcast IPs accordingly too. The definition for a DHCP has only the first line and it says 'dhcp' instead of 'static'.

auto eth0
iface eth0 inet static
	address 192.168.1.1
	netmask 255.255.255.0
	network 192.168.1.0
	broadcast 192.168.1.255
	gateway 192.168.1.254

As a side note, your DHCP may be setup properly, mine never works in regard to giving proper name server information. That means you need to change those IP addresses in /etc/resolv.conf, but do that AFTER you changed your interface from DHCP to static IP. Otherwise the DHCP server will overwrite the file. Also, you need to kill the dhclient by hand. The following should help you on that one:

ifdown eth0
ps -ef | grep dhclient
kill <dhclient process number>
ifup eth0

The routing table won't work too well if you do not first kill the dhclient. It could also be that you should do ifdown eth0 BEFORE editing the /etc/network/interfaces file so it knows it was using a dhcp client... but where is that written in the docs?

Proper procedure:

  1. /etc/init.d/dhcp3-server stop
  2. Make your changes
  3. /etc/init.d/dhcp3-server start

ntpd (get the right time)

By default your server is setup to reset its clock on boot. It will query a server that is assumed to be available (namely, ntp.ubuntu.com which up until 2008 has not been accessible to my servers...)

First I install ntpd which for now is not installed by default.

apt-get install ntpd

Then, what I do is change the /etc/ntpd.conf file to use a few US servers that are much more responsive to me (I'm in California, after all!) Also, I restrict the computers that can access my NTP server to my local network. I prevent ALL computers to change the clock. So only the NTP server has that right.

For instance, UC Davis offers an NTP and I can use it with the following:

restrict ntp.ucdavis.edu mask 255.255.255.255 nomodify notrap noquery
server ntp.ucdavis.edu

Then I restrict just my local network:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.3.0 mask 255.255.255.0 nomodify notrap
...

Of course, you could even restrict to specific computers... Note that if you have many computers & networks, you will need to find a way to replicate the clock on different servers to not bog down your main server. Possibly, you'd need to setup a clock server.

IP Forwarding

Note: with Ubuntu 10.04, that flag is set to 1 by default so you do not need this extra flag.

Forwarding packets, meaning forwarding network traffic from one computer through your server and back to that computer, requires setting up the net.ipv4.ip_forward variable to 1. You can just do this to do it on the fly:

# Note that this first example does not work on newer kernels
echo 1 >/proc/sys/net/ipv4/ip_forward
# or
sysctl -w net.ipv4.ip_forward=1

To set it at each reboot, edit the file /etc/sysctl.conf and search for that variable and uncomment it and make sure to set it to 1.

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

If using IPv6, obviously, use 6 instead of 4.

IMPORTANT NOTE

If you do not have the dnsmasq-base package installed, then it is likely that forwarding will not work anyway. When I removed that package, in an attempts to fix another problem, it messed up my intranet until I reinstalled and followed these steps again.

Note that you do not need the dnsmasq which is some DNS / DHCP thing.

Once that flag is set, you also will need to setup your iptables to include a POSTROUTING otherwise, it is not likely to work properly. The post routing tells the server how to "rename" the different IP addresses. In general, your internal network will be on a different IP address and you need to change that IP to the main server IP so the packets can go outside. The following shows an example:

*nat
:POSTROUTING - [0,0]
-A POSTROUTING -o eth0 -s 192.168.2.2 -j SNAT --to-source 192.168.1.1
-A POSTROUTING -o eth0 -s 192.168.2.3 -j SNAT --to-source 192.168.1.1
...

This last example assumes that the IP addresses of your Intranet network computers match 192.168.2.0/24. The 192.168.1.1 is your main server seeing the outside.

Samba

WARNING
Somewhere in your file you will see:
# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
   security = user
And this is correct. However, what they do NOT say clearly is that you also need to define the password BY HAND for you to be able to connect. This is done with the smbpasswdcommand line like this:
smbpasswd -a <username>
The username must be one of your Linux users (i.e. one of /home/*). The password should be made the same as the Linux password, also that is not enforced. Now, don't ask me why this is done that way...
WARNING
This is Samba, what do you expect?!? 1 warning or two? I guess we all learn something every day. Today, I learned that if 99% of the companies out there give you permissions to connect to multiple "accounts" (folders, really) that's done using the valid users = ... parameter. But of course, Unix also has the mode on folders and such and thus you may need to tweak those. For instance, if you create a user ftpand you want your users to be able to access the pubsub-directory with their Samba account, you need to do a chmod 775 pub(for instance, you may need to teak many other things like the ownership and some permissions in the path, assigning a new group to your users, etc.). More or less, if you log-in as that user under Linux, you need to be able to do what that user wants to do on that Linux box without using sudo or other treats.

Another really ugly solution is to create a set of names for your server in the hosts file of your Windows boxes. Use one name per user/folder as each different host can accepts a different user name and password.

Yes. Most of the time, your customers have some sort of Win32 box seating somewhere and you've got to attach that box with your Ubuntu server. In that case, you need to install the samba server. You may want to avoid the winbind server. That can cause problems, especially if you are using a static IP address as I have shown here so far.

If you installed the documentation, then you will find it here: /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/index.html

Samba is very difficult to debug, outside of that, it works just fine. First you need to tweak the configuration file. It is under /etc/samba/smb.conf. Just in case you do not feel confident enough, first make a read-only copy of that file so you can always look back (hmmm). I think that a better method is to learn using man smb.confand reading the definitions of each entry for your samba server.

The big lines... the file looks like a .ini file (it is a .ini file). The [globals] define an array of options for all connections. The other [<name>] entries represent a drive or a printer or some other strange thing as defined by Netbios.

The file include a workgroup, a server name, wins support yet/no, etc. You probably want the name of the workgroup to be different from the name of your computer. This is important if you do not want to have errors in your logs saying that another computer is the master, not you.

The interfaces should be defined with the acceptable interfaces. For instance, if your Intranet is defined on 192.168.111.0/24 running on eth3, then put that in there. It will prevent connections from any other computer if you also set bind interfaces only to true.

Installing X11 on your server

If you're like me, installing X11 on your server is one of your goals. I actually use my server at home as a development system and I just need to have X11 on there.

With 10.04 it was dead easy to install X11. One apt-get command line. However, it took forever (1h or so) to download all the data, installing it and stop/start servers along the way.

apt-get install ubuntu-desktop

The problem I have with that simple statement is that it gives you no options... So you don't always get what you're looking for. And all the defaults may not exactly be what you wanted. Yet, in 10.04 it was so very easy to use all of that, I was impressed!

To install kubuntu desktop, use the following instead:

apt-get install kubuntu-desktop

If you already had the Gnome ubuntu desktop installed, you will have to uninstall a few things first so the kubuntu desktop can be installed properly.

X11 Auto-starting (gdm)

The one main thing that I do not want my server to do, however, is starting the GDM automatically on a reboot. There are many reasons, but I just don't want that to happen.

Version since Ubuntu 16.04

Since 16.04, the OS management uses what is called systemd.

The way to setup the X11 auto-start or not set X11 to auto-start (which was my problem because by default they now force the UI to be started if installed,) then check out my Boot into the command line post.

Version prior Ubuntu 9.04

The command line to remove the GDM is as follow:

sudo update-rc.d -f gdm remove

In case you change your mind, you can revert the remove with this one:

sudo update-rc.d -f gdm defaults

The 'defaults' defines the default init levels.

Since Ubuntu 9.04

The update-rc.d has absolutely no effect since this version... The gdm is actually part of the boot sequence of GRUB, not the usual Unix scripts.

There may be a cleaner way to fix this but at this point all I have found is edit the GRUB configuration file and add the text flag. Search for a line that starts with linux (note that the line may start with spaces or tabs) and add the word text at the end:

linux   /boot/vmlinuz-2.6.32-24-server root=UUID=9ef0e55b-196e-4f9a-8bbc-f14303ddbf8d ro   quiet text

The clean way of doing this is to edit the GRUB defaults in:

/etc/default/grub

and change the default command line this way:

GRUB_CMDLINE_LINUX_DEFAULT="quiet text"

The 'quiet' removes verbosity in the boot process. Once you booted, the output can be found on tty7 (Alt-7) but of course, that's only the last page (40 lines).

By default, the GRUB_TERMINAL is commented out. If you want to use a real terminal (i.e. your PC text screens instead of a graphical terminal), then set this variable to console as in:

GRUB_TERMINAL=console

The graphical terminal gives you full UTF-8 support (i.e. multi-language,) colors, wider console (132 characters), etc. which the PC text video support may not give you (especially if you have more than 200 or so characters in your language.)

Now your boot process will not start the gdm, you'll get the expected terminal console.