Initial Setup: First Configuration Wizard

Applies to:

* NethServer 6.7
* NethServer 6.8

Once NethServer has been installed, the first time you access the server manager web interface you will be prompted to complete the initial configuration.

Throughout the First Config Wizard you should provide some configuration parameters that could not be probed automatically. From this wizard you can set a new password for root, set the server name, domain name, the timezone, SSH port, enable usage statistics…)

At first start NethServer's root user account is configured with a default password of Nethesis,1234. Leaving a default password is a security risk, you are compelled to change it as soon as possible.

The First Configuration Wizard will let you set a new password for the root account.
The password must be composed of a random sequence of mixed-case letters, digits and symbols, complying with the following rules:

Minimum length of 7 characters
Contain at least 1 number
Contain at least 1 uppercase character
Contain at least 1 lowercase character
Contain at least 1 special character

If later you want to change the password you can do so from Profile → Change password menu.

The password can also be changed from the command-line using the passwd command:

passwd root

On NethServer 6.7 and 6.8, the hostname and domain text fields will configure the server's full host name or the Fully Qualified Domain Name (FQDN).

On NethServer 7 this step has been simplified by unifying the information into a single text field where you can input the FQDN.

The FQDN is the full name of a system, i.e. a domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS).

A FQDN can have a maximum of 253 ASCII characters (or 255 octects).

If you intend to use NethServer as Domain Controller, use a FQDN of less than 155 bytes.

A FQDN consists of a list of domain labels representing the hierarchy from the lowest relevant level in the DNS to the top-level domain (TLD), with a maximum of 127 levels. The domain labels are concatenated using the . (dot, period) character:

hostname.domain.tld

Examples:

Example 1: a device with the hostname mynethserver and the parent domain name example.com has this FQDN:

mynethserver.example.com

where:

com is the top-level domain (TLD) under the DNS root zone
example.com is a sub-domain under the com TLD
mynethserver is a host under the example.com domain

Example 2: if we need to use more levels we can rewrite the previous FQDN example as this:

mynethserver.intranet.example.com

where:

com is the top-level domain (TLD) under the DNS root zone
example.com is a sub-domain under the com TLD
intranet.example.com is a sub-domain under the example.com domain
mynethserver is a host under the intranet.example.com domain

In those examples the FQDN uniquely distinguishes the device from any other hosts called mynethserver in other domains.

Note that any valid TLD name can be used, even country code TLDs like .ru and .com.mx

For further information see References section, specifically the wikipedia and samba articles.

The system's host name defaults to localhost

On a network, a hostname is an identification label assigned to a device.

It is recommended for a hostname to follow the format preferred for DNS domain name labels.

Allowed characters:

a to z letters
0 to 9 digits
- hyphen or dash character

The labels should follow these rules:

start and end with a letter or digit
be between 1 and 63 characters in length (the null label is reserved for the root zone)

Additional Recommendations:

Use ASCII characters. Do not use extended ASCII or Unicode characters.
Avoid the use of special characters and leading digits, as they can break older software.
Avoid the use of hostnames exceeding 15 ASCII characters, for a better interoperability with older Windows specifications.

If later you want to change the hostname you can do so from Configuration → Server name menu. Bear in mind such change will recreate the system's self-signed SSL certicate.

Domain

The system's domain name defaults to localdomain

The preferred syntax for a domain name is to consist only of letters, numbers, hyphens and periods:

a to z letters
0 to 9 digits
- hyphen or dash character
. period or dot character (only allowed as separator between labels)

Each domain label should start and end with a letter or digit, and be between 1 and 63 characters.

Although the use of domain names with invalid top-level-domain (TLD) label, or without TLD label, was a common practice on intranet environments, it is not recommended: unassigned TLD can become valid in the future, conflicting with external domains; signed SSL certificates require a valid domain name with TLD…

The recommendation is to use a registered domain name that is delegated to you. An example would be to use a subdomain of a domain you own, for example a subdomain in the form of subdomain.domain.tld like intranet.example.com, delegating the subdomain to an internal name server handling all DNS requests made by workstations, and ensuring it does not leak anything from the private network to the WAN. Of course, there are other options to consider.

For further information see References section, specifically the wikipedia and samba articles.

Additional Recommendations

Use ASCII characters. Avoid extended ASCII or Unicode.
Avoid the use of special characters and leading digits, as they can break older software.
Avoid extending the DNS domain name hierarchy more than five levels from the root domain.

If later you want to change the domain name you can do so from Configuration → Server name menu. Bear in mind such change will recreate the system's self-signed SSL certificate.

If possible, try to get this right from the start; avoid changing it once the server is in production.

As the machine clock is very important in many protocols, make sure the server is configured with the correct timezone.

To avoid problems, all hosts in LAN can be configured to use NethServer as NTP server.

Once the correct timezone has been selected, click the button labeled as [Next].

If later you need to adjust the timezone you will be able to do so from Configuration → Date and time

Secure Shell (SSH) protocol provides encrypted and secure remote access to network devices. SSH can be used to access and manage your server from a remote location.

The SSH service by default uses port 22. Using this value does not make your system insecure, however, changing the default SSH port will stop many automated attacks. This approach is known as security by obscurity, helpful at some extend but not something you can solely rely on.

NethServer allows you to set a port in the 1 - 65535 range. Make sure to choose a port number that does not conflict with other services.

It's strongly advised to change the default port.

Some SSH examples may mention 2222 as alternative port. Note this is not an endorsement but a document convention. 2222 is an easy-guessable port for an SSH service, as it looks-alike the default SSH port number. Whenever possible, you should pick a non-easy-guessable unassigned port.

If later you want to change the SSH port you can do so from Security → SSH menu, where additional security settings can be chosen.

Phone home is used to track NethServer’s installations around the world.

When this option is enabled, the phone home tool will send some installation information to www.nethserver.org on a weekly basis. The collected information will be stored in a database and used to display nice markers in a Google Maps view, showing the number of installations grouped by country and release:

If the tool is enabled this information will be sent:

UUID: a random-based Universal Unique Identifier for the server.

config getprop phone-home uuid
0b21f82f-4c73-4656-8344-3f8c73d544b1

RELEASE: the installed NethServer version.

config getprop sysconfig Version
6.7

The date of transmission will be collected, as well as the public IP address which will be used to geolocate the installation to obtain the country code and the country name to be shown in Google Maps.

To enable this function choose the Contribute to usage statistics! option and click the button labeled as [Next]. Otherwise, choose the No, thanks option instead.

TIP: phone home can be enabled/disabled from the command-line:

config setprop phone-home status enabled

config setprop phone-home status disabled

Once the proposed parameters have been set you can review them before applying the changes.

Upon clicking on the [APPLY] button the changes will be applied to the system and you will be redirected to the network interfaces configuration page.