June 26, 2006
For the latest version of the SUSE Linux Enterprise Desktop 10 Release Notes, see http://www.novell.com/documentation/beta/sled10/readme/RELEASE-NOTES.en.html.
For detailed installation instructions, see the SUSE Linux Enterprise Desktop 10 Deployment Guide (http://www.novell.com/documentation/beta/sled10/pdfdoc/sled10_deployment/sled10_deployment.pdf).
If you chose to not install the Java runtime environment (JRE) during the installation of ConsoleOne and your existing JRE is not the one noted in System Requirements for Linux or System Requirements for Solaris, you might want to add the bundled JRE to your ConsoleOne installation (type c1-install -c jre at the system prompt). If you are sure you want to run with a different JRE, then set the JRE_HOME or C1_JRE_HOME environment variable to the location of that JRE. ConsoleOne determines which JRE to use as follows:
If C1_JRE_HOME is specified, that JRE is used.
If the JRE bundled with ConsoleOne is installed, that JRE is used.
If JRE_HOME is specified, that JRE is used.
Otherwise, ConsoleOne displays an error message and quits.
For ConsoleOne 1.3.6d and later, if the Linux Kernel version installed on your system is 2.6, the JRE included in the ConsoleOne installation package will not be installed.
To use iSCIS-disc during installation, add the following parameter to the kernel parameter line:
withiscsi=1
During installation, an additional screen displays which gives you the opportunity to attach iSCSI disc to the system and use them in the installation process.
If you want to use EDD information (/sys/firmware/edd/) to identify your storage devices, you must change the installer default settings using an additional kernel parameter.
Requirements:
BIOS provides full EDD information (found in /sys/firmware/edd/).
Disks are signed with a unique MBR signature (found in /sys/firmware/edd//mbr_signature).
Procedure:
Add parameter use_edd=1 to the kernel parameters during initial installation.
The device-id list in the installer shows the edd ID (for example, edd_dev80_part1) instead of the default device-id name.
The system uses those device ids for installation and runtime (for example, in /etc/fstab and bootloader).
If you have installed and configured an iSCSI SAN, and have created and configured EVMS Disks/Volumes on that iSCSI SAN, your EVMS volumes might not be visible or accessible. This problem is caused by EVMS starting before the iSCSI service. iSCSI must be started and running before any disks/volumes on the iSCSI SAN can be accessed.
To resolve this problem, enter either chkconfig evms on or chkconfig boot.evms on at the Linux server console of every server that is part of your iSCSI SAN. This will ensure that EVMS and iSCSI start in the proper order each time your servers reboot.
If you plan to add additional storage devices to your system after the OS installation, we strongly recommend using persistent devicenames for all storage devices during installation. By default, the installer uses the kernel device names.
During installation, enter the partitioner. For each partition, select “Edit” and go to the “FStab Options” dialog. Any mount option except “Device name” will provide you persistent devicenames.
To switch an already installed system to use persistent devicenames, proceed as described above for all existing partitions. In addition, you will have to rerun the bootloader module in YaST to switch the bootloader to use the persistent devicename also. Just start the module and select “Finish” to write the new proposed configuration to disk. This needs to be done before adding the new storage devices.
With SUSE Linux Enterprise Desktop 10, we switched to “cryptoloop” as the default encryption module. Novell Linux Desktop 9 used twofish256 using loop_fish2 with 256 bits. The old twofish is supported as twofish. Now we are using twofish256 using cryptoloop with 256 bits. The old twofish256 is supported as twofishSL92.
When the way the root device is mounted (for example, by UUID or by label) is changed in YaST2, the bootloader configuration needs to be saved again to make the change effective for the bootloader.
Please note that the “mount by” setting displayed by YaST2 bootloader is the setting that will be in effect after saving the configuration.
For a list of software changes from Novell Linux Desktop 9 to SUSE Linux Enterprise Desktop 10, see Section 8.3 in the SUSE Linux Enterprise Desktop 10 Deployment Guide (http://www.novell.com/documentation/beta/sled10/pdfdoc/sled10_deployment/sled10_deployment.pdf).
When upgrading to SLED 10 from NLD 9 or SLES 9, extended attributes (which increase the indexing performance of Beagle) might not be turned on by default. To enable extended attributes, add the user_xattr option for mounting in /etc/fstab. For example:
/dev/hda4 /home ext3 acl,user_xattr 1 2
The UI layout will also be reset when upgrading from NLD 9. The old configuration is stored in the user's home directory as panel-settings-backup-<datetimestamp>.xml. To restore the former configuration, run gconftool-2 --load panel-settings-backup-<datetimestamp>.xml and then killall gnome-panel. To prevent an upgrade on login, touch ~/.skel/sled10-run.
If you are upgrading an NLD 9 machine running the Novell Client for Linux 1.0 or 1.1 to SUSE Linux Enterprise Desktop 10, the update process will break the Novell Client for Linux 1.0 or 1.1 (neither of which are supported on SLED 10).
You will need to uninstall the Novell Client for Linux 1.0 or 1.1 and then install the Novell Client for Linux 1.2 on SLED 10.
MIT Kerberos is now used instead of heimdal. Converting an existing Heimdal configuration automatically is not always possible. During a system update, backup copies of configuration files are created in /etc with the suffix .heimdal. YaST-generated configuration settings in /etc/krb5.conf will be converted, but check whether the results match your expectations.
Before starting the update, you should decrypt an existing Heimdal database into a human-readable file with the command kadmin -l dump -d heimdal-db.txt. This way, you can create a list of available principals that you can restore one-by-one using kdc from MIT Kerberos. Find more information about setting up a KDC in the documentation in the “krb5-doc” package.
To configure a Kerberos client, start the YaST Kerberos Client module and enter your values for “Standard Domain,”“Standard Realm,” and “KDC Server Address.”
When updating a system with the snd-intel8x0 module (for Intel, SIS, AMD and NVIDIA on-board chips), the system might be unable to load the module at reboot because the module option joystick was removed from the newer version. To fix the problem, re-configure the sound system using YaST.
This release of SUSE Linux Enterprise Desktop ships with Novell AppArmor. This feature protects your applications from software exploits. AppArmor protection can be enabled via the AppArmor control panel, which is located in YaST under Novell AppArmor. For detailed information about using Novell AppArmor, see /usr/share/doc/packages/apparmor-docs/book.apparmor.admin-online.pdf.
The AppArmor profiles included with SUSE Linux have been developed in conjunction with our best efforts to reproduce how most users will use their software. The profiles we have provided will work unmodified for many users -- however, some users will find our profiles too restrictive for their environments.
If you discover that some of your applications do not function as you expected, you might need to use the AppArmor Update Profile Wizard in YaST (or use the aa-logprof(8) command line utility) to update your AppArmor profiles. You can place all your profiles into learning mode with the following:
aa-complain /etc/apparmor.d/*
When a program generates many complaints, the system's performance will be degraded. To mitigate this, we recommend periodically running the Update Profile Wizard (or aa-logprof(8)) to update your profiles even if you choose to leave them in learning mode. This will reduce the number of learning events logged to disk which will improve the performance of the system.
SuSEfirewall2 is enabled by default unless chosen otherwise. That means that by default, you cannot log in from remote systems. It also interferes with network browsing and multicast applications, such as SLP, Samba (“Network Neighborhood”), and some games. You can fine-tune the firewall settings using YaST.
By default, IPv6 support is not enabled for KDE (because IPv6 addresses are not properly supported by all Internet service providers, which causes error messages when browsing the Web and delays when displaying Web pages). You can enable it using the /etc/sysconfig editor of YaST.
On SUSE Linux Enterprise Desktop 10, a new mounting mechanism replaces the submount system used in Novell Linux Desktop 9. This new mechanism does not unmout media automatically (only on hardware request). Some devices (most notably older CD drives, but also some new drives with broken firmware) won't send this signal. Right-click the device icon (for example, the CD icon) on the desktop to eject the media.
On some computers, Firefox with Pango support enabled is very slow. The performance seems to depend on the X server. Set MOZ_DISABLE_PANGO=1 if font rendering is rather slow.
The LUM workstation context option on the Linux User Management Configuration screen in YaST is specified as Optional for Desktop, but if an admin name and context were specified on the previous configuration screen, the LUM workstation context option is mandatory.
Step 5 in Section 33.1: Setting Up Workstations to Use eDirectory Authentication in the SUSE Linux Enterprise Desktop 10 Deployment Guide (http://www.novell.com/documentation/beta/sled10/pdfdoc/sled10_deployment/sled10_deployment.pdf) says to place the CA certificate for the LDAP server in the /var/nam directory. The certificate should be placed in the /var/lib/novell-lum directory.
On 64-bit systems, the Helix Banshee music player does not support burning audio CDs from AAC or MP3 file formats.
If you want to use the IMAP protocol for mail support (using SOAP for calendar), set the environment variable USE_IMAP=1.
There is a new Xgl configuration option available in the GNOME Control Center called Desktop Effects. For ATI and NVIDIA cards, you will need the drivers from the vendor (see section 4.2 for how to get the drivers). For Intel cards, the appropriate drivers are included. 3D support will need to be enabled in sax2.
If it fails on your card, undo the switch by logging in as root to a virtual console and running the following command:
gnome-xgl-switch --disable-xgl
If you want to enable Xgl and are using either ATI or NVIDIA cards, you must register SLED 10 during or after installation in order to have the proper video drivers automatically installed when you enable Xgl.
To register after installation, open the YaST Control Center and click Software > Novell Customer Center Configuration. Follow the online instructions to enable online updates and register your copy of SLED 10.
Under Xgl, some programs (such as Eagle CAD) have a bug where the application window is always semi-transparent. This is caused by the application using an ARGB visual. Export XLIB_SKIP_ARGB_VISUALS=1 when running the program to work around this. For example:
XLIB_SKIP_ARGB_VISUALS=1 /opt/eagle/bin/eagle
When trying to use the full screen mode on VMware workstations (that is, pressing Alt+Enter or clicking View > Full Screen) with Xgl, you might receive a message saying that you need to add settings to the /etc/X11/XF86Config file. However, this file does not exist on SLED 10.
To use the full screen mode, click Edit> Preferences in VMware, then click the Display tab. Change the Full Screen option from “Resize Host” to “Resize Guest” or “Don't Resize.”
Desktop Effects (Xgl) and laptop suspend (both suspend-to-disk and suspend-to-ram) are known to have problems, particularly on ATI and Intel hardware. We are working with our hardware partners to resolve these issues and hope to have updates available soon that make it possible to suspend with Desktop Effects enabled.
For more detailed information on networking using NetworkManager, see the Network Connectivity Guide (http://www.novell.com/documentation/beta/sled10).
NetworkManager does not support the sysconfig DHCLIENT_BIN option. It uses dhclient exclusively. NetworkManager and dhclient also do not support automatically configuring xntpd via DHCP.
The following sysconfig options are supported in NetworkManager (no other sysconfig options are supported):
DHCLIENT_SET_HOSTNAME: Specifies whether NetworkManager should set the hostname (if DHCP provides it).
DHCLIENT_SET_DOMAINNAME: Specifies whether NetworkManager should set the domain name via NIS.
DHCLIENT_MODIFY_NIS_CONF: Specifies whether NetworkManager should update yp.conf in response to DHCP information.
DHCLIENT_MODIFY_RESOLV_CONF: Specifies whether NetworkManager should update resolv.conf in response to DHCP information.
DHCLIENT_HOSTNAME_OPTION: Specifies what hostname to send to the DHCP server.
Wireless drivers unable to return hidden ESSID's in scan results, such as prism, will not find and connect automatically with NetworkManager to a hidden ESSID end point. You must left-click the NetworkManager applet and select Connect to Other Wireless Network each time.
The madwifi driver will not scan.
Hostname: The hostname of a computer joining an Active Directory domain must be unique. Set your hostname by clicking YaST > Network Service DNS and Hostname. Select Change Hostname via DHCP if your DHCP server is configured to provide a hostname. Otherwise, specify your Hostname and Domain Name. Verify that the hostname is correct before joining the domain.
Firewall: The firewall must be modified before you can join a domain or browse shares. Set the network interface that will be used to access the domain to the internal firewall zone by clicking YaST > Security and Users > Firewall > Interfaces.
An alternative method is to use connection tracking. This allows you to protect the internal and external firewall zones. To use this, add "ip_conntrack_netbios_ns" to the list of modules in FW_LOAD_MODULES in the /etc/sysconfig/SuSEfirewall2 file. NOTE: This connection tracking module will apply to all firewall zones.
Domain Membership: Join the domain with YaST > Network Services > Windows Domain Membership. To set up Active Directory authentication, specify the Realm (for example, MYADDOMAIN.MYCOMPANY.COM) in the Domain field. The Workgroup (for example, MYADDOMAIN) will not work unless NetBios services are configured. Browsing will only show you Workgroups. You will need the Administrator password or the password of another privileged user to join the domain.
Browsing: Browsing the shares on the network might not appear to work at first due to the design of the Windows network. Only shares on the local network will be displayed. If there is nothing in Windows Network, verify that your network interface is on the internal firewall zone as mentioned above and refresh the view after a few minutes. It can take up to 15 minutes to be able to browse you domain. You can access a host directly by pressing Ctrl+l and specifying the URI of the hos (for example, smb://hostname).
Printing: You can add a shared printer to your list of available printers by double-clicking the printer in the file browser. To print to a shared printer in the domain that requires authentication, install the samba-krb-printing package.
This section contains a number of technical changes and enhancements for the experienced user.
JFS it is no longer supported for new installations. The kernel file system driver is still there, but YaST does not offer partitioning with JFS.
Hotplug events are now completely handled by the udev daemon (udevd). We do not use the event multiplexer system in /etc/hotplug.d and /etc/dev.d anymore. Instead, udevd calls all hotplug helper tools directly, according to its rules. Udev rules and helper tools are provided by udev and various other packages.
By default, calling su to become root does not set the PATH for root. Either call su - to start a login shell with the complete environment for root or set ALWAYS_SET_PATH to yes in /etc/default/su if you want to change the default behavior of su.
The shell script sux was removed. The functionality of forwarding xauth keys between users is now handled by the pam_xauth module and su.
cardmgr no longer manages PC cards. Instead, as with Cardbus cards and other subsystems, a kernel module manages them. All necessary actions are executed by hotplug. The pcmcia start script has been removed and cardctl is replaced by pccardctl. For more information, see /usr/share/doc/packages/pcmciautils/README.SUSE.
Java packages are changed to follow the “JPackage Standard” (http://www.jpackage.org/). Read the documentation in file:///usr/share/doc/packages/jpackage-utils/ for information.
If you are not satisfied with locale system defaults, change the settings in ~/.i18n. Entries in ~/.i18n override system defaults from /etc/sysconfig/language. Use the same variable names but without the RC_ namespace prefixes (for example, use LANG instead of RC_LANG). For information about locales in general, see “Section 18.4: Language and Country-Specific Settings” in the SUSE Linux Enterprise Desktop 10 Deployment Guide (http://www.novell.com/documentation/beta/sled10/pdfdoc/sled10_deployment/sled10_deployment.pdf).
Many applications now rely on D-BUS for interprocess communication (IPC). Calling dbus-launch starts dbus-daemon. The systemwide /etc/X11/xinit/xinitrc uses dbus-launch to start the window manager.
If you have a local ~/.xinitrc file, you must change it accordingly. Otherwise, applications like F-Spot, Helix Banshee, Tomboy, or NetworkManager might fail. Save your old ~/.xinitrc, then copy the new template file into your home directory with:
cp /etc/skel/.xinitrc.template ~/.xinitrc
Finally, add your customizations from the saved .xinitrc.
For reasons of compatibility with LSB (Linux Standard Base), most configuration files and the init script were renamed from xntp to ntp. The new filenames are:
/etc/slp.reg.d/ntp.reg
/etc/init.d/ntp
/etc/logrotate.d/ntp
/usr/sbin/rcntp
/etc/sysconfig/ntp
On some machines, CPU frequency scaling can cause hangs when the machine is idle or when powersaved starts. In this case, disable the powersave daemon at the installation with POWERSAVE=off as a boot parameter.
When this parameter is not given at the initial CD boot of the installation, powersaved must be disabled later using chkconfig powersaved off.
The local and IO APIC for the 32-bit x86 architecture has changed. A local and IO APIC (I/O Advanced Programmable Interrupt Controller) is an SMP-capable replacement for PC-style interrupt controllers. SMP systems and all recent uniprocessor systems have such a controller.
Until now, local and IO APIC was disabled on uniprocessor systems by default and had to be manually activated by using the “apic” kernel parameter. Now it runs by default and can be manually deactivated. For 64-bit systems, APIC is always enabled by default.
Any system with a BIOS version newer than 2001 gets local and IO APIC activated by default unless local and IO APIC is disabled in the BIOS or by the user.
Any BIOS from Intel newer than 1998 gets local and IO APIC activated by default.
Any system with more than one CPU gets local and IO APIC activated by default.
If you experience problems with devices not working properly, you can manually apply the following configuration options:
To disable local APIC, use nolapic (this implies disabling IO APICs).
To disable IO APIC, use noapic.
To get the same default as earlier releases, use nolapic.
The ulimit settings can be configured in /etc/sysconfig/ulimit. By default, only two limits are changed from the kernel defaults:
SOFTVIRTUALLIMIT=80 limits a single process so that it does not allocate more than 80% of the available virtual memory (RAM and swap).
SOFTRESIDENTLIMIT=85 limits a single process so that it does not occupy more than 85% of the physical memory (RAM).
These soft limits can be overridden with the ulimit command by the user. Hard limits could only be overridden by root.
The values have been chosen conservatively to avoid breaking large processes that have worked before. If there are no legitimate processes with huge memory consumption, set the limits lower to provide more effective protection against run-away processes. The limits are per process and thus not an effective protection against malicious users. The limits are meant to protect against accidental excessive memory usage.
To configure different limits depending on the user, use the pam_limits functionality and configure /etc/security/limits.conf. The ulimit package is not required for that, but both mechanisms can be used in parallel. The limits configured in limits.conf override the global defaults from the ulimit package.
For SUSE Linux Enterprise Desktop 10 documentation, see http://www.novell.com/documentation/beta/sled10.
Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to revise this publication and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
Further, Novell, Inc. makes no representations or warranties with respect to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classification to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in the U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical biological weaponry end uses. Please refer to http://www.novell.com/info/exports/ for more information o exporting Novell software. Novell assumes no responsibility for your failure to obtain any necessary export approvals.
Copyright 2006 Novell, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the publisher.
Novell, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.novell.com/company/legal/patents and one or more additional patents or pending patent applications in the U.S. and in other countries.
For a list of Novell trademarks, see http://www.novell.com/company/legal/trademarks/tmlist.html. All third-party trademarks are the property of their respective owners.