3103 Manual

8/22/2019 3103 Manual

1/439

www.novel l .comNovell Training Services

A U T H O R I Z E D C O U R S E WA R E

SUSE Linux Enterprise Server 11AdministrationManual

3 1 0 3

Part # 100-005205-001-REV A

Version 1

ovell, Inc. Copyright 2009-CNI USE ONLY-1 HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLO

8/22/2019 3103 Manual

2/439

Legal Notices

Novell, Inc., makes no representations or warranties with respect to the contents

or use of this documentation, and specifically disclaims any express or implied

warranties of merchantability or fitness for any particular purpose. Further,

Novell, Inc., reserves the right to revise this publication and to make changes to

its content, at any time, without obligation to notify any person or entity of such

revisions or changes.

Further, Novell, Inc., makes no representations or warranties with respect to any

software, and specifically disclaims any express or implied warranties of

merchantability or fitness for any particular purpose. Further, Novell, Inc.,

reserves the right to make changes to any and all parts of Novel l software, at any

time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be

subject to U.S. export controls and the trade laws of other countries. You agree to

comply with all export control regulations and to obtain any required licenses or

classification to export, re-export or import deliverables. You agree not to export

or re-export to entities on the current U.S. export exclusion lists or to any

embargoed or terrorist countries as specified in the U.S. export laws. You agree

to not use deliverables for prohibited nuclear, missile, or chemical biological

weaponry end uses. See theNovell International Trade Services Web page(http:/

/www.novell.com/info/exports/) for more information on exporting Novell

software. Novell assumes no responsibility for your failure to obtain any

necessary export approvals.

Copyright 2008 Novell, Inc. All rights reserved. No part of this publication

may be reproduced, photocopied, stored on a retrieval system, or transmitted

without the express written consent of the publisher.

Novell, Inc., has intellectual property rights relating to technology embodied in

the product that is described in this document. In particular, and without

limitation, these intellectual property rights may include one or more of the U.S.

patents listed on theNovell Legal Patents Web page(http://www.novell.com/

company/legal/patents/) and one or more additional patents or pending patent

applications in the U.S. and in other countries.

Novell, Inc.

404 Wyman Street, Suite 500

Waltham, MA 02451

U.S.A.

www.novell.com

Online Documentation:To access the latest online documentation for

this and other Novell products, see the Novell Documentation Web

page(http://www.novell.com/documentation).

Novell Trademarks

For Novell trademarks, see the Novell Trademark and Service Mark list(http://

www.novell.com/company/legal/trademarks/tmlist.html).

Third-Party Materials

All third-party trademarks are the property of their respective owners.

http://www.novell.com/info/exports/http://www.novell.com/company/legal/patents/http://www.novell.com/documentationhttp://www.novell.com/documentationhttp://www.novell.com/company/legal/trademarks/tmlist.htmlhttp://www.novell.com/company/legal/trademarks/tmlist.htmlhttp://www.novell.com/documentationhttp://www.novell.com/documentationhttp://www.novell.com/company/legal/patents/http://www.novell.com/info/exports/

8/22/2019 3103 Manual

3/439

Contents

Copying all or part of this manual, or distributing such copies, is strictly prohibited.

To report suspected copying, please call 1-800-PIRATES.

3Version 1

Introduction 11

SECTION 1 Enable Fundamental Network Services 17

Objective 1 Configure NFS (Network File System) 18

NFS Background. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

NFS Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

NFS Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Automounter Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

NFS System Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Exercise 1-1 Set Up and Manage Network File System (NFS). . . . . . . . . . . . . . . . . . . . . . . . . . 35

Objective 2 Configure Time on SUSE Linux Enterprise Server 11 36

Time Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

Synchronize Time with hwclock or netdate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38The Network Time Protocol (NTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

Synchronize Time with NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

Exercise 1-2 Configure ntpd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52

Objective 3 Enable the Extended Internet Daemon (xinetd) 53

What xinetd Is. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Configure xinetd with YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

Manage xinetd Manually . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

Exercise 1-3 Configure the Internet Daemon (xinetd). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

Objective 4 Enable an FTP Server 63

The Role of an FTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63

How FTP Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Advantages of PureFTPd Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Installation of PureFTPd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

Configuration of PureFTPd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66

Management of PureFTPd Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70

Exercise 1-4 Configure Anonymous PureFTPd Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

Summary 72

SECTION 2 Manage Printing 73

Objective 1 Configure CUPS 74

When to Configure a Printer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

Required Printing Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75How to Add Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

Exercise 2-1 Configure Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90


8/22/2019 3103 Manual

4/439

SUSE Linux Enterprise Server 11 Administration / Manual



Version 14

Objective 2 Manage Print Jobs and Queues 91

Generate a Print Job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91

Display Information on Print Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Cancel Print Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93

Manage Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

Configure Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Start and Stop CUPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97

Exercise 2-2 Manage Printers from the Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

Objective 3 Understand how CUPS Works 99

Steps of the Printing Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99

Print Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100

Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

Objective 4 Configure and Manage Print Server Access 106

Syntax of /etc/cups/cupsd.conf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106

Access Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

Exercise 2-3 Manage Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112Objective 5 Use the Web Interface to Manage a CUPS Server 113

Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Documentation/Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115

Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117

Exercise 2-4 Use the Web Interface to Manage a CUPS Server . . . . . . . . . . . . . . . . . . . . . . . . 119

Summary 120

SECTION 3 Configure and Use OpenLDAP 121

Objective 1 Describe How LDAP Works 122

How Directory Services Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

What is LDAP? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

How the LDAP Directory Tree Is Structured . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

Objective 2 Install and Configure OpenLDAP on SLES 11 136

Install and Configure the LDAP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

Install and Configure the LDAP Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Objective 3 Add, Modify, and Delete Entries to the LDAP Directory Tree 155

Managing LDAP Users and Groups from the Shell Prompt. . . . . . . . . . . . . . . . . 155

Managing LDAP Users and Groups in YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159

Exercise 3-1 Configure OpenLDAP on SLE 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169


8/22/2019 3103 Manual

5/439



5Version 1

Summary 170

SECTION 4 Configure and Use Samba 173

Objective 1 Describe the Role and Function of Samba 174

SMB Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174NetBIOS Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174

How SMB Communications Work. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

How Samba Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177

Objective 2 Configure a Simple File Server with Samba 178

Installing Samba on the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178

Using the Samba Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

Configuring Samba in YaST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

Exercise 4-1 Create a Basic Samba Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

Objective 3 Configure Samba Authentication 192

Configuring the Samba User Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

Configuring Samba to Require User Authentication . . . . . . . . . . . . . . . . . . . . . . 198Exercise 4-2 Configure Samba to Use LDAP Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . 201

Objective 4 Use Sambas Client Tools 202

Using nmblookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Using smbclient . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202

Mounting Samba Shares in the Linux File System. . . . . . . . . . . . . . . . . . . . . . . . 204

Exercise 4-3 Work with Samba Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206

Objective 5 Use Samba as a Domain Controller 207

How Domains Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

Configuring Samba as a Domain Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211

Creating Machine Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Mapping Local Linux Groups to Windows Groups . . . . . . . . . . . . . . . . . . . . . . . 216

Exercise 4-4 Configuring Samba as a Domain Controller. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Objective 6 Integrate Samba into a Windows Domain 219

Summary 221

SECTION 5 Configure a Web Server 223

Objective 1 Set up a Basic Web Server with Apache 224

How a Web Server Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224

Installing Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226

Using the Apache Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229

The Default Apache Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

Objective 2 Configure Virtual Hosts 233

Understand Virtual Hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

Configure a Virtual Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Exercise 5-1 Configure a Virtual Host. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236


8/22/2019 3103 Manual

6/439




Version 16

Objective 3 Limit Access to the Web Server 237

Limiting Access By Network Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

Requiring User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238

Exercise 5-2 Configure User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Objective 4 Configure Apache with OpenSSL 241

How SSL Encryption Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241

Creating a Test Certificate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

Configuring Apache to Use SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245

Exercise 5-3 Configure SSL for a Virtual Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Objective 5 Install PHP 248

How PHP Works. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248

Installing PHP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

Testing the PHP Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250

Exercise 5-4 Install PHP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

Summary 252

SECTION 6 Configure and Use IPv6 255

Objective 1 Understand IPv6 Theory 256

IPv6 Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

IPv6 Address Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257

Objective 2 Configure IPv6 on SLE 11 261

IPv6 Autoconfiguration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

Setting an IPv6 Address Using YaST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Managing IPv6 Addresses Using the Command Line Tools . . . . . . . . . . . . . . . . 265

Connecting to Other IPv6 Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265

Exercise 6-1 Configure IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

Summary 272

SECTION 7 Perform a Health Check and Performance Tuning 273

Objective 1 Find Performance Bottlenecks 274

Analyze Processes and Processor Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274

Analyze Memory Utilization and Performance . . . . . . . . . . . . . . . . . . . . . . . . . . 275

Analyze Storage Performance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278

Analyze Network Utilization and Performance . . . . . . . . . . . . . . . . . . . . . . . . . . 281

Objective 2 Reduce System and Memory Load 286

Analyze CPU-Intensive Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

Run Only Required Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286Keep Your Software Up to Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Optimize Swap Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

Change Hardware Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

Exercise 7-1 Reduce Resource Utilization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290


8/22/2019 3103 Manual

7/439



7Version 1

Objective 3 Optimize the Storage System 291

Configure IDE Drives with hdparm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Tune Kernel Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

Tune File System Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Change Hardware Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Objective 4 Tune the Network Performance 296

Change Kernel Network Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Change Your Network Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297

Summary 299

SECTION 8 Create Shell Scripts 301

Objective 1 Bash Basics 302

Bash Command Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

Bash Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304

Return Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

Objective 2 Use Basic Script Elements 307

Elements of a Shell Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

A Simple Backup Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Debug Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

Exercise 8-1 Create a Simple Shell Script. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311

Objective 3 Understand Variables and Command Substitution 312

Exercise 8-2 Use Variables and Command Substitution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315

Objective 4 Use Control Structures 316

Create Branches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

Exercise 8-3 Use an if Control Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Create Loops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

Exercise 8-4 Use a while Loop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324

Objective 5 Use Arithmetic Operators 325

Exercise 8-5 Use Arithmetic Operators. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

Objective 6 Read User Input 328

Exercise 8-6 Read User Input . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

Objective 7 Use Arrays 331

Exercise 8-7 Use Arrays . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333

Objective 8 Finalize the Course Project 334

Exercise 8-8 Use rsync to Keep Versions of Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

Objective 9 Use Advanced Scripting Techniques 337Use Shell Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

Read Options with getopts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338

Exercise 8-9 Use Shell Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340


8/22/2019 3103 Manual

8/439




Version 18

Objective 10 Learn about Useful Commands in Shell Scripts 341

Use the cat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Use the cut Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

Use the date Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Use the grep and egrep Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

Use the sed Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343Use the test Command. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345

Use the tr Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

Summary 349

SECTION 9 Deploy SUSE Linux Enterprise 11 353

Objective 1 Introduction to AutoYaST 354

Autoinstallation Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

Installation Options and Deployment Strategies. . . . . . . . . . . . . . . . . . . . . . . . . . 355

Objective 2 Installation Server: Setup and Use 358

Set Up an Installation Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358Use the Installation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368

Exercise 9-1 Set Up an Installation Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370

Objective 3 Set Up PXE Boot for Installations 371

Install and Configure tftp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Configure pxelinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Install and Configure the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Exercise 9-2 Set Up PXE Boot for Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Objective 4 Create a Configuration File for AutoYaST 381

Exercise 9-3 Create an AutoYaST Control File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384

Objective 5 Perform an Automated Installation 385

Provide the Control File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385Boot and Install the System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385

Exercise 9-4 Perform an Automated Installation of SUSE Linux Enterprise Server 11 . . . . . . 389

Exercise 9-5 Activate PXE Booting and Install SUSE Linux Enterprise Server (Conditional,

depending on hardware support) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 390

Summary 391

SECTION 10 Manage Virtualization with Xen 393

Objective 1 Understand How Virtualization with Xen Works 394

Understand Virtualization Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Understand the Xen Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396

Objective 2 Install Xen 398

Install a Xen Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398

Install a Xen Virtual Machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400

Exercise 10-1 Install a Xen Server and an Unprivileged Domain . . . . . . . . . . . . . . . . . . . . . . . . 408

Objective 3 Manage Xen Domains with Virt-Manager 409

Exercise 10-2 Change Memory Allocation of a Guest Domain. . . . . . . . . . . . . . . . . . . . . . . . . . 414


8/22/2019 3103 Manual

9/439



9Version 1

Objective 4 Manage Xen Domains from the Command Line 415

Understand Managed and Unmanaged Domains . . . . . . . . . . . . . . . . . . . . . . . . . 415

Understand a Domain Configuration File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

Use the xm Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416

Use the virsh Tool. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Automate Domain Startup and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420Exercise 10-3 Automate Domain Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

Objective 5 Understand Xen Networking 422

Understand Bridging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

Understand the Xen Networking Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423

Exercise 10-4 Check the Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426

Summary 427

SECTION 11 Prepare for the Novell CLP 11 Practicum 429

Objective 1 Install a Xen Environment 430

Objective 2 Configure a Web Server 431

Objective 3 Configure a Samba File Server 432

Objective 4 Automate System Tasks 433


8/22/2019 3103 Manual

10/439




Version 110


8/22/2019 3103 Manual

11/439



11Version 1

Introduction

Introduction

In the SUSE Linux Enterprise Server 11 Server Administration(3103) course, you

learn the SUSE Linux Enterprise Server 11 administration skills necessary to

complete your basic SUSE Linux Enterprise Server 11 skill set.

These skills, along with those taught in the SUSE Linux Enterprise 11 Fundamentals

(3101) and SUSE Linux Enterprise 11 Administration(3102) courses, prepare you to

take the Novell Certified Linux Professional 11 (Novell CLP11) certification

practicum test.

Your student kit includes the following:

SUSE Linux Enterprise Server 11 Administration manual

SUSE Linux Enterprise Server 11 Administrationworkbook SUSE Linux Enterprise Server 11 Administration course DVD

SUSE Linux Enterprise Server 11product DVD

SUSE Linux Enterprise Desktop11product DVD

The SUSE Linux Enterprise Server 11 Administration course DVD contains a pre-

installed VMware image of SUSE Linux Enterprise Server 11 that you can use with

the SUSE Linux Enterprise Server 11 AdministrationWorkbook to practice the skills

you need to take the Novell CLP 11 practicum.

NOTE: Instructions for setting up a self-study environment are in the Setup directory on the Course

DVD.

Course Objectives

This course teaches you how to perform the following SUSE Linux Enterprise Server

11 administrative tasks:

Configure Fundamental Network Services

Manage Printing

Configure and Use OpenLDAP

Configure and Use Samba

Configure a Web Server

Configure and Use IPv6

Perform a Health Check and Performance Tuning

Create Shell Scripts


8/22/2019 3103 Manual

12/439




Version 112

Deploy SUSE Linux Enterprise 11

Manage Virtualization with XEN

These are tasks common to an experienced SUSE Linux administrator in an

enterprise environment.

The final day of class is reserved for a LiveFire exercise that provides a set of

scenarios to test your SUSE Linux Enterprise Server 11 administration skills and

prepare you to take the Novell CLP 11 Practicum.

Audience

This course is designed for those who already have experience with Linux, including

general system configuration and command line work, and seek advanced

administration skills on SUSE Linux Enterprise Server 11. It is also designed for

those who have completed the previous two courses in the Novell CLP11 curriculum

and those preparing to take the Novell CLP11 Practicum exam.

Certification and Prerequisites

This course helps you prepare for the Novell Certified Linux Professional 11 (Novell

CLP11) Practical Test, called apracticum. The Novell CLP 11 is an entry-level

certification for people interested in becoming SUSE Linux Enterprise

administrators.

As with all Novell certifications, course work is recommended. To achieve the

certification, you are required to pass the Novell CLP 11 Practicum (050-721).

The Novell CLP 11 Practicum is a hands-on, scenario-based exam where you apply

the knowledge you have learned to solve real-life problemsdemonstrating that you

know what to do and how to do it.

The practicum tests you on objectives in this course (SUSE Linux Enterprise Server

11 Administration- Course 3103) and the skills outlined in the following Novell CLP

11 courses:

SUSE Linux Enterprise 11 Fundamentals- Course 3101

SUSE Linux Enterprise 11 Administration- Course 3102


8/22/2019 3103 Manual

13/439



13Version 1

Introduction

The following illustrates the training/testing path for Novell CLP 11:

Figure Intro-1 Certification Path

This course is designed for those who have intermediate-level knowledge of Linux.

They should be able to do the following:

Understand what Linux is and know about the Open Source concept

Perform a basic installation of SUSE Linux Enterprise Server 11 / SUSE LinuxEnterprise Desktop 11

Perform partitioning and file system setup and maintenance

Perform system configuration including network setup and user management

Manage software packages

Work on the command line including file management and text editing

This knowledge can be gained through the SUSE Linux Enterprise 11 Fundamentals

(Course 3101) and SUSE Linux Enterprise 11 Administration(Course 3102).

NOTE: For more information about Novell certification programs and taking the Novell CLP 11

Practicum, see (http://www.novell.com/training/certinfo/).

SUSE Linux Enterprise Server 11 Support and Maintenance

The copy of SUSE Linux Enterprise Server 11 you receive in your student kit is a

fully functioning copy of the SUSE Linux Enterprise Server 11 product.


8/22/2019 3103 Manual

14/439




Version 114

However, to receive official support and maintenance updates, you need to do one of

the following:

Register for a free registration/serial code that provides you with 60 days ofsupport and maintenance.

Purchase a copy of SUSE Linux Enterprise Server 11 from Novell (or anauthorized dealer).

You can obtain your free 60 day support and maintenance code at (http://

www.novell.com/products/server/eval.html).

NOTE: You will need to have a Novell login account to access the 60 day evaluation.

Novell Customer Center

Novell Customer Center is an intuitive, Web-based interface that helps you to manage

your business and technical interactions with Novell. Novell Customer Center

consolidates access to information, tools, and services such as the following:

Automated registration for new SUSE Linux Enterprise products

Patches and updates for all shipping Linux products from Novell

Order history for all Novell products, subscriptions, and services

Entitlement visibility for new SUSE Linux Enterprise products

Linux subscription renewal status

Subscription renewals via partners or Novell

For example, a company might have an administrator who needs to download SUSE

Linux Enterprise software updates, a purchaser who wants to review the orderhistory, and an IT manager who has to reconcile licensing. With Novell Customer

Center, the company can meet all these needs in one location and can give users

access rights appropriate to their roles.

You can access the Novell Customer Center at (http://www.novell.com/

customercenter).

SUSE Linux Enterprise Server 11 Online Resources

Novell provides a variety of online resources to help you configure and implement

SUSE Linux Enterprise Server 11:

(http://www.novell.com/products/server/)

This is the Novell home page for SUSE Linux Enterprise Server 11.

(http://www.novell.com/documentation/sles11/)

This is the Novell Documentation Web site for SUSE Linux Enterprise Server 11.

(http://support.novell.com/linux/)


8/22/2019 3103 Manual

15/439



15Version 1

Introduction

This is the home page for all Novell Linux support and it includes links to

support options such as Knowledgebase, downloads, and FAQs.

(http://www.novell.com/coolsolutions/)

This Web site provides the latest implementation guidelines and suggestions

from Novell on a variety of products, including SUSE Linux Enterprise.

Agenda

The following is the agenda for this five-day course:

Table Intro-1 Agenda

Scenario

The exercises in this course center around the fictional Digital Airlines Company that

has offices at various airports around the globe.

The Digital Airlines management has made the decision to migrate several back-end

services to Linux servers running SUSE Linux Enterprise Server 11.

You have already installed SUSE Linux Enterprise Server 11 before and are familiar

with administering SUSE Linux Enterprise Server 11 from YaST and from the

command line.

The migration plan includes the following:

Providing basic networking services as well as file and print services

Section Duration

Day 1 Introduction 00:30

Section 1: Configure Fundamental Network Services 04:30

Section 2: Manage Printing 01:00

Day 2 Section 2: Manage Printing 02:00

Section 3: Configure and Use OpenLDAP 03:00

Section 4: Configure and Use Samba 01:30

Day 3 Section 4: Configure and Use Samba (contd) 01:30

Section 5: Configure a Web Server 03:30

Section 6: Configure and Use IPv6 01:30

Day 4 Section 7: Perform a Health Check and Performance Tuning 01:30

Section 8: Create Shell Scripts 05:00

Day 5 Section 9: Deploy SUSE Linux Enterprise 03:00

Section 10: Manage Virtualization with XEN 02:00

Section 11: Prepare for the Novell CLP Practicum 01:30


8/22/2019 3103 Manual

16/439




Version 116

Introducing IPv6

Automating tasks using shell scripts

Installing of desktops and servers using AutoYaST

Virtualizing with Xen

Your task is to set up a test server in the lab to enhance your skills in these areas.

Exercise Conventions

When working through an exercise, you will see conventions that indicate

information you need to enter that is specific to your server.

The following describes the most common conventions:

italicized text: This is refers to your unique situation, such as the hostname ofyour server.

For example, supposing the hostname of your server is da50 and you see thefollowing

hostname.digitalairlines.com

You would enter

da50.digitalairlines.com

172.17.8.xx: This is the IP address that is assigned to your SUSE LinuxEnterprise Server 11.

For example, supposing your IP address is 172.17.8.50 and you see the following

172.17.8.xx

You would enter

172.17.8.50

Select:The wordselectis used in exercise steps with reference to menus whereyou can choose between different entries, such as drop-down menus.

Enter and Type: The words enterand typehave distinct meanings.

The word entermeans to type text in a field or at a command line and press the

Enter key when necessary. The word typemeans to type text without pressing the

Enter key.

If you are directed to type a value, make sure you do not press the Enter key or

you might activate a process that you are not ready to start.


8/22/2019 3103 Manual

17/439



17Version 1

Enable Fundamental Network Services

S E C T I O N 1 Enable Fundamental Network Services

In this section, you learn the basics of enabling some of the more commonly used

network services available in SUSE Linux Enterprise Server 11.

Objectives

1. Configure NFS (Network File System) on page 18

2. Configure Time on SUSE Linux Enterprise Server 11 on page 36

3. Enable the Extended Internet Daemon (xinetd) on page 53

4. Enable an FTP Server on page 63


8/22/2019 3103 Manual

18/439




Version 118

Objective 1 Configure NFS (Network File System)

Network File System (NFS) lets you configure an NFS file server that gives users

transparent access to data and programs files on the server.

To administer NFS successfully, you need to know the following: NFS Background on page 18

NFS Server Configuration on page 21

NFS Client Configuration on page 27

Automounter Configuration on page 32

NFS System Monitoring on page 34

NFS Background

In Linux and Unix environments, NFS is a very reliable way to provide users withfile access over the network. As a background to NFS, you need to understand the

following:

Network File System Basics on page 18

How NFS Works on page 19

NFSv4 Features on page 20

NFS Configuration Overview on page 21

Network File System Basics

NFS is designed for sharing files and directories over a network, and it requiresconfiguration of an NFS server (where the files and directories are located) and NFS

clients (computers that access the files and directories remotely).

File systems are exported by an NFS server, and they appear and behave on a NFS

client as if they were located on a local machine.

For example, each users home directory can be exported by an NFS server and

imported to a client, so the same home directories are accessible from every

workstation on the network.

Directories like /home/, /opt/, and /usr/ are good candidates for export via NFS.

However, othersincluding /bin/, /boot/, /dev/, /etc/, /lib/, /root/, /sbin/, /tmp/, and /

var/should be available on the local disk only.Using NFS for home directories makes sense only with a central user management

(for instance OpenLDAP).


8/22/2019 3103 Manual

19/439



19Version 1


The following is an example of mounting the directory /home/ (exported by the NFS

Server sun) on the computer earth:

Figure 1-1 NFS

A computer can be both an NFS server and an NFS client. It can supply file systems

over the network (export) and mount file systems from other hosts (import).

The NFS daemon is part of the kernel and only needs to be configured and then

activated. The start script is /etc/init.d/nfsserver . The kernel NFS daemonincludes file locking, which means that only one user at a time has write access to

files.

How NFS Works

NFS is an RPC (Remote Procedure Call) service. An essential component for RPC

services is rpcbind (previously called portmapper) that manages these services and

needs to be started first. The rpcbind utility is activated by default on SUSE Linux

Enterprise Server 11.

When an RPC service starts up, it binds to a port in the system (as any other network

service), but it also communicates this port and the service it offers (such as NFS) to

rpcbind.

Because every RPC program must be registered by rpcbind when it is started, RPCprograms must be restarted each time you restart rpcbind.


8/22/2019 3103 Manual

20/439




Version 120

The following lists the services required on an NFS server:

Table 1-1 Services Required by an NFS Server

In SUSE Linux Enterprise Server 11, the NFS lock manager is started automatically

by the kernel. The /sbin/rpc.lockdprogram starts the NFS lock manager onkernels that do not start it automatically.

The manual pages for the respective programs contain additional information on their

functionality.

You can use the /etc/init.d/nfsserver command to start the NFS server.The nfsserver script passes the list of exported directories to the kernel, and then

starts or stops the daemon rpc.mountd and, using rpc.nfsd, the nfsd kernel threads.

The mount daemon (/usr/sbin/rpc.mountd) accepts each mount request and

compares it with the entries in the configuration file /etc/exports. If access isallowed, the data is delivered to the client.

Because rpc.nfsd can start several kernel threads, the start script interprets the

variableUSE_KERNEL_NFSD_NUMBER in the file /etc/sysconfig/nfs . Thisvariable determines the number of threads to start. By default, four server threads are

started.

NFSv4 support is activated by setting the variable NFS4_SUPPORTto yesin /etc/sysconfig/nfs .

NFSv4 Features

NFS version 4 comes with several improvements compared to version 3. Theseinclude:

The mount and lock protocol are now part of the NFS protocol, simplifyingfirewall rules for NFS. NFS uses TCP port 2049; UDP is no longer supported.

Using Kerberos, it is possible to allow access on a per-user basis, not only basedon IP addresses or DNS names as in version 3.

Service Program (daemon) Start Script

rpcbind utility /sbin/rpcbind /etc/init.d/rpcbind

NFS server v3 /usr/sbin/rpc.nfsd

/usr/sbin/rpc.mountd

/usr/sbin/rpc.statd

/etc/init.d/nfsserver

NFS server v4 Same as version 3 plus:

NFSv4 ID name mapping

daemon, /usr/sbin/rpc.idmapd

If encryption is used, /usr/sbin/

rpc.svcgssd (requires Kerberos)

/etc/init.d/nfsserver


8/22/2019 3103 Manual

21/439



21Version 1


Encryption is part of the specification. While Secure-RPC allowed encryptionwith version 3, it was hardly ever used.

Additional improvements concern the use of user@computername instead of

numeric IDs to identify users, ACLs, and changes in the way files are locked.

NFS Configuration Overview

The /etc/exportsfile on the NFS server contains all settings regarding whichdirectories are exported, how, and to which clients. Client-side configuration is

written to the /etc/fstabfile. Both files will be covered in detail later.

Some configuration parameters for the NFS server (for instance, if version 4 and

encryption should be used) are specified in the /etc/sysconfig/nfs file.

Both the NFS server and the clients can be configured with YaST modules. You can

also modify the configuration files directly.

For the NFS server to start automatically when the computer is booted, the

corresponding symbolic links in the runlevel directories must be created. If you

configure the NFS server with YaST, this is done automatically; otherwise, you need

to create them with insserv nfsserver.

NFS Server Configuration

There are several ways you can configure an NFS server:

Configure an NFS Server with YaST on page 21

Configure an NFS Server Manually on page 24

Export a Directory Temporarily on page 26

Configure an NFS Server with YaST

To use YaST to configure the NFS server, start YaST and then select Network

Services > NFS Server. You can also start the NFS Server module directly by

entering yast2 nfs_serverin a terminal window as root.


8/22/2019 3103 Manual

22/439




Version 122

The following appears:

Figure 1-2 NFS Server Configuration

SelectStart in the upper part of the dialog.

The middle part is active only if the firewall is activated. In this case, you can open

the ports necessary for NFS by selecting Open Port in Firewall.

If you want to use NFS version 4, select Enable NSFv4in the lower part of the

dialog. In this case, you have to enter an NFSv4 domain name, such as your DNS

domain name. If you do not have special requirements, you can use the suggested

localdomaindomain.

Checking Enable GSS Securityis useful only within an existing Kerberos

infrastructure.


8/22/2019 3103 Manual

23/439



23Version 1


Continue by selecting Next. A Directories to Exportdialog appears:

Figure 1-3 NFS Directories to Export

Add a directory to export by clicking Add Directory, typing in or browsing to a

directory, then clicking OK.

The following dialog appears:

Figure 1-4 NFS Export Options

Host Wild Cardlets you configure the hosts that should have access to the directory.

You can define a single host, netgroups, wildcards, and IP networks. Under Options,

add options like rwor root_squashfor that directory.

For details on the possible host settings, see Configure an NFS Server Manually on

page 24.


8/22/2019 3103 Manual

24/439




Version 124

To add more hosts allowed to access a directory, select the directory and click Add

Host; to edit or delete an existing host entry for a directory, select the directory and

the host entry and click Editor Delete.

When you finish, save the configuration by clicking Finish.

Configure an NFS Server Manually

You can configure the server from the command line by doing the following:

Check for service (daemon) availability:Make sure the nfs-kernel-server rpmpackage is installed on your NFS server.

Configure the services to start at bootup:For services to be started by the /etc/init.d/rpcbind and /etc/init.d/nfsserver scripts when thesystem is booted, enter the following commands:

insserv rpcbind(activated by default)

insserv nfsserver Define exported directories in /etc/exports: For each directory to export, one

line is needed to define which computers can access that directory with what

permissions. All subdirectories of this directory are automatically exported as

well.

The following is the general syntax of the /etc/exportsfile:

directory[host[(option1,option2,option3,...)]] ...

Do not put any spaces between the hostname, the parentheses enclosing the

options, and the option strings themselves.

A host can be one of the following:

A standalone computer with its name in short form (it must be possible toresolve this with name resolution), with its Fully Qualified Domain Name

(FQDN) or its IP address.

A network, specified by an address with a netmask, or by the domain name

with a prefixed placeholder (such as *.digitalairlines.com).

Authorized computers are usually specified with their full names (including

domain name), but you can use wildcards like * or ?.

If you do not specify a host or use *, any computer can import the file system

with the given permissions.

Set permissions for exported directories in /etc/exports:You need to set

permission options for the file system to export in parenthesis after the computername. The most commonly used options include the following:


8/22/2019 3103 Manual

25/439



25Version 1


Table 1-2 NFS Export Options

Option Meaning

bind=/path/directory This is an NFS Version 4 option. On the server, thisdirectory is mounted with the exported directory as mount

point using the bind mount option. On the client, thecontent of the directory specified after bind=appears inthe exported directory within the pseudo-root directorytree.

crossmnt This is an NFS Version 4 option. If you use the bind=/path/directoryoption, the option crossmntneeds tobe added to the line that contains the fsid=0option.Without it, NFSv4 does not cross file systems.

fsid=0 This is an NFS Version 4 option. In version 4, the client is

presented with one seamless directory tree. The optionfsid=0(or fsid=root, which is equivalent) indicatesthat this exported directory is the pseudo-root of that

directory tree.

no_root_squash Does not assign user ID 65534 to user ID 0, keeping theroot permissions valid.

no_subtree_check (Default since version 1.1.0 of nfs-uti ls) No subtree_check

is performed.

If you specify neither subtree_checknorno_subtree_check, a message informs you whenstarting the NFS server that no_subtree_check is used.

ro File system is exported with read-only permission (default).

root_squash (Default) This ensures that the root user of the client

machine does not have root permissions on this filesystem. This is achieved by assigning user ID 65534 to

users with user ID 0 (root). This user ID should be set tonobody (which is the default).

rw File system is exported with read-write permission. Thelocal file permissions are not overridden.

subtree_check If a subdirectory of a file system is exported, but the wholefile system is not, then whenever an NFS request arrives,

the server must check not only that the accessed file is inthe appropriate file system but also that it is in the exportedtree. This check is called subtree check.

sync Reply to requests only after the changes have beencommitted to stable storage (this is the default, but ifneither sync or async are specified, a warning appears

when starting the NFS server).


8/22/2019 3103 Manual

26/439




Version 126

The following is an example of an edited /etc/exports file for NFS version 3 that

includes permissions:

## /etc/exports#/home da10(rw,sync,no_subtree_check) \ da20(rw,sync,no_subtree_check)/srv/ftp *(ro,sync,no_subtree_check)

Whenever you want to specify different permissions for a subdirectory (such as /home/geeko/pictures/ ) from an already exported directory (such as /home/geeko/), the additional directory needs its own separate entry in /etc/exports.

The following is an example of an edited /etc/exportsfile for NFS version4 that includes permissions:

## /etc/exports

#/export *(fsid=0,crossmnt,rw,sync,no_subtree_check)/export/data *(ro,sync,no_subtree_check,bind=/data)

The /exportand /datadirectories are separate on the server, whereas on theclient, the content of both directories appears within one directory structure. If,

for example, the client mounts the pseudo-root directory on /imports, thecontent of /datafrom the server appears in /imports/dataon the client.

Reload the configuration:The /etc/exportsis read by mountd and nfsd. Ifyou change anything in this file, you need to reload the configuration for your

changes to take effect. You can do this by entering rcnfsserver reload(rcnfsserver restart works as well).

Export a Directory Temporarily

You can export a directory temporarily (without editing the file /etc/exports) byusing the exportfscommand:

For example, to read-only export the /softwaredirectory to all hosts in thenetwork 192.168.0.0/24, you would enter the following command:

exportfs -o ro,root_squash,sync 192.168.0.0/24:/software

To restore the original state, all you need to do is enter the command exportfs -r. The /etc/exportsfile is reloaded and any directories not listed in the /etc/exportsfile are no longer exported.

After adding directories to export in the /etc/exportsfile, exportfs -aexports the additional directories.

The directories that are currently exported are listed in the /var/lib/nfs/etab file. The content of this file is updated when you use the command exportfs.


8/22/2019 3103 Manual

27/439



27Version 1


NFS Client Configuration

There are two ways you can configure NFS clients:

Configure NFS Client Access with YaST on page 27

Configure NFS Client Access from the Command Line on page 29

Configure NFS Client Access with YaST

NFS directories exported on a server can be mounted into the file system tree of a

client. The easiest way to do this is to use the YaST NFS Client module.

To use YaST to configure the NFS client, start the YaST Control Center and then

select Network Services > NFS Client. You can also start the NFS Client module

directly by entering yast2 nfsin a terminal window as root.

The NFS Client Configurationdialog appears:

Figure 1-5 NFS Client Configuration, NFS Shares


8/22/2019 3103 Manual

28/439




Version 128

Add a directory to the list by clicking Add. The following appears:

Figure 1-6 NFS Client Configuration, Add Directory

From this dialog, you can configure how the directory exported on the server ismounted in your file system tree. Configure the directory by doing the following:

1. Enter the NFS servers hostname, or find and select the NFS server from a list of

NFS servers on your network by selecting Choose.

2. In the Remote Directoryfield, type the directory exported on the NFS server

you want to mount, or find and select the available directory by selecting Select.

For directories exported using NFSv4, you have to specify the directory relative to

the NFSv4 pseudo-root directory, not the actual path on the server as with NFSv3.

Provided the server exported the pseudo-root directory with the option crossmnt,

subdirectories exported on the server are accessible within the exported tree; they do

not need to be mounted separately.

1. In the Mount Point (local)field, type the mount point in your local file tree to

mount the exported directory, or browse to and select the mount point by

selecting Browse.

2. Select NFSv4 Shareif applicable.

3. In the Options field, type any options you would normally use with the mount

command.

For a list of general mount options, in a terminal window enterman 8 mount;for a list of nfs-specific mount options, enterman 5 nfs.

4. When you finish configuring the directory, select OK.

You are returned to the NFS client configuration dialog.


8/22/2019 3103 Manual

29/439



29Version 1


The NFS Client Configurationdialog also offers an NFS Settingstab:

Figure 1-7 NFS Client Configuration, NFS Settings

Here you can set the NFSv4 Domain Name and open the ports needed for NFS in the

firewall.

Save the NFS client settings by clicking OK. The settings are saved and the exported

directories are mounted in your local file system tree.

Configure NFS Client Access from the Command Line

To configure and mount NFS directories, you need to know how to do the following:

Import Directories Manually from an NFS Server on page 29

Mount NFS Directories Automatically on page 31

Import Directories Manually from an NFS Server

You can import a directory manually from an NFS server by using themountcommand. The only prerequisite is a running rpcbind (portmapper), which you canstart by entering (as root) rcrpcbind start.

Themountcommand automatically tries to recognize the file system (such as ext2,ext3, or ReiserFS). However, you can also use the mount option -tto indicated the


8/22/2019 3103 Manual

30/439




Version 130

file system type. For NFS version 3 and earlier, the file system type is nfs; for NFS

version 4, it is nfs4.

In the following example, the file system type nfs is specified:

mount -t nfs -o options host:/directory /mountpoint

Instead of a device file, the name of the NFS server together with the directory to

import is used within the command.

The following are the most important mount options (-o) used with NFS:

soft (opposite: hard):If the attempt to access the NFS server extends beyond thedefault number of tries (or the value set with the retrans=option), the mountattempt will be aborted.

If the hard option (or neither soft nor hard) is specified, the client attempts to

mount the exported directory until it receives feedback from the server that the

attempt was successful.

If a system tries to mount an NFS file system at boot time, the hard option cancause the boot process to hang because the process will stop at this point when it

attempts to mount the NFS directory.

For directories that are not essential for the system to function, you can use the

soft option. For directories that must be mounted (such as home directories), you

can use the hard option.

bg (default: fg):If you use the bg option, and the first attempt is unsuccessful,all further mount attempts are run in the background.

This prevents the boot process from hanging when NFS exports are

automatically mounted, with attempts to mount the directories continuing in the

background.

rsize=n:Lets you set the number of bytes (n, positive integral multiple of 1024,maximum 1,048,576) that NFS reads from the NFS server at one time.

If this value is not set, the client and server negotiate the highest possible value

that they both support.

The negotiated value is shown in /proc/mounts.

wsize=n: Lets you set the number of bytes (n, positive integral multiple of 1024,maximum 1,048,576) that can be written to the NFS server.

If this value is not set, the client and server negotiate the highest possible value

that they both support.

The negotiated value is shown in /proc/mounts. retry=n: Lets you set the number of minutes (n) an attempt can take to mount a

directory through NFS. The default value for foreground mounts is two minutes;

for background mounts it is 10000 minutes (approximately one week).

nosuid: Lets you disable any interpretation of the SUID and SGID bits on thecorresponding file system.


8/22/2019 3103 Manual

31/439



31Version 1


For security reasons, always use this option for any file system that might be

susceptible to tampering.

If you do not use this option, there is a possibility that a user can obtain root

access to the local file system by putting a SUID root executable on the imported

file system.

nodev:Lets you disable any interpretation of device files in the imported filesystem. We recommend that you use this option for security reasons.

Without setting this option, someone could create a device such as /dev/sda on

the NFS export, then use it to obtain write permissions for the hard disk as soon

as the file can be accessed from the client side.

exec (opposite: noexec): Lets you permit or disallow the execution of binarieson the mounted file system.

You can use the umountcommand to unmount a file system. However, you can dothis only if the file system is currently not being accessed.

NOTE: For additional information on nfs, mount options, and the /etc/fstabfile, in a terminalwindow enterman 5 nfs,man 8 mount, orman 5 fstab.

Mount NFS Directories Automatically

To mount directories automatically when booting (such as the home directories from

a file server), you need to make corresponding entries in the /etc/fstabfile.

When the system is booted, the /etc/init.d/nfsstart script loads the /etc/fstabfile, which indicates which file systems are mounted, where, and with whichoptions.

The following is an example of an entry for an NFS mount point in the /etc/fstabfile:

da1:/training/home /home nfs soft,noexec 0 0

In this entry, the first value indicates the hostname of the NFS server (da1) and thedirectory it exports (/training/home/).

The second value indicates the mount point, which is the directory in the local file

system where the exported directory should be attached (/home/).

The third value indicates the file system type (nfs). The comma-separated valuesfollowing the file system type provide NFS-specific and general mounting options.

At the end of the line, there are two numbers (0 0). The first indicates whether to

back up the file system with the help of dump (1) or not (0). The second numberconfigures whether the file system check is disabled (0), done on this file system with

no parallel checks (1), or parallelized when multiple disks are available on the

computer (2).

In the example, the system does neither, as both options are set to 0.


8/22/2019 3103 Manual

32/439




Version 132

After modifying an entry of a currently mounted file system in the /etc/fstabfile, you can have the system read the changes by enteringmount -o remount /

mountpoint. To mount all file systems that are not currently mounted and do notcontain the option noauto, entermount -a. (noautois used with devices that arenot automatically mounted, like floppy disks.)

Automounter Configuration

When you use the method described in NFS Client Configuration on page 27to

mount home directories, all home directories on the server are visible on the client

machines. This can make it quite hard for a user to find his own home directory. With

the automounter, only the directory needed by a user is mounted.

Another advantage of the automounter is the reduced number of actual mounts on the

server, as only those directories get mounted by clients that are actually needed.

Unlike with a static configuration in the /etc/fstabfile, with the automounter,directories are mounted automatically when needed and unmounted automatically

when not in use for some time.The kernel-based automounter is contained in the autofs package which is part of the

default installation.

In the past, the automounter was also used to mount and unmount CD-ROMs;

however, this functionality is now integrated into the KDE or Gnome desktop

environments. The automounter remains very useful to mount and unmount

directories that are exported by file servers.

The automounter configuration consists of the general /etc/auto.master fileand files that are referenced within /etc/auto.master , such as /etc/auto.home.

To mount the home directories exported from another server, you need the followingentry in the /etc/auto.master file:

/home /etc/auto.home

The first column lists the mount point and the second column lists the file that

contains the configuration details for this mount point.

The /etc/auto.homefile could look like the following (for NFSv4 fstype wouldbe nfs4):

geeko -fstype=nfs,rw da1.digitalairlines.com:/home/geeko

As soon as some process accesses the local /home/geekodirectory (the entry inthe first column, geeko, is appended to the directory given in the first column in the/etc/auto.master file, /home), the local /home/geekodirectory is createdand the /home/geekodirectory from the server (last column) is mounted. Aftersome time or when the automounter is stopped, the remote directory is unmounted

and the mount point (/home/geekoin the example above) is deleted.

With several users, you would need an entry for each user. This is cumbersome, but

might be your only choice if home directories reside on several servers.


8/22/2019 3103 Manual

33/439



33Version 1


As long as all users have their home directories on one server, the automounter allows

you to simplify the configuration with the use of wildcards, as shown in the

following:

* -fstype=nfs,rw da1.digitalairlines.com:/home/&

The * in the first column denotes any directory below /home. The & in the lastcolumn is replaced by whatever directory is accessed.

When the automounter configuration is complete, you start the automounter with

rcautofs start. To stop the automounter, use rcautofs stop. Thechkconfig autofs oncommand ensures the automounter is startedautomatically when the system boots.

The following commands highlight how the automounter works:

When using NFS to import home directories, it is advisable to also use a network-based user database, like NIS or LDAP. This ensures that a user has the same UID no

matter where he logs in within the network.

Instead of local map files, it is also possible to use NIS (Network Information

System) or LDAP to distribute the automounter information.

da10:~ # rcautofs startStarting automount da10:~ # ls /home/da10:~ # mount

...(no automounts)

da10:~ # ls /home/geeko.bash_history Documents .gnome2 ...merkur2:~ # mount

...

da1.digitalairlines.com:/home/geeko on /home/geeko type nfs(rw,nosuid,nodev,sloppy,addr=10.0.0.254,nfsvers=3,proto=tcp,mountproto=udp)


8/22/2019 3103 Manual

34/439




Version 134

NFS System Monitoring

Some tools are available to help you monitor the NFS system.

Enter rpcinfo -pto displayinformation about rpcbind (portmapper). The option -p

displays all the programs registered with the portmapper, similar to the following:

The NFS server daemon registers itself to the portmapper with the name nfs. The

NFS mount daemon uses the name mountd.

You can use the showmountcommand to display information about the exporteddirectories of an NFS server.

showmount -e da1displays the directories exported on the machine da1. Theoption -ashows which computers have mounted which directories.

da10:~ # rpcinfo -pprogram vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100005 1 udp 42763 mountd 100005 1 tcp 49450 mountd 100005 2 udp 42763 mountd 100005 2 tcp 49450 mountd

100005 3 udp 42763 mountd 100005 3 tcp 49450 mountd 100024 1 udp 41731 status 100024 1 tcp 53770 status 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 46880 nlockmgr 100021 3 udp 46880 nlockmgr 100021 4 udp 46880 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100021 1 tcp 53206 nlockmgr

100021 3 tcp 53206 nlockmgr 100021 4 tcp 53206 nlockmgr


8/22/2019 3103 Manual

35/439



35Version 1


Exercise 1-1 Set Up and Manage Network File System (NFS)

In the first part of this exercise, you create a directory named /export/documentation, copy documents from /usr/share/doc/manual/ into it,and export it to others using NFS.

In the second part, you create a directory named/import/docsand use it asmount point to import the /export/documentation directory from your ownserver using NFS. Create an /etc/fstabentry to mount the directoryautomatically at boot time.

You wil find this exercise in the workbook.

(End of Exercise)


8/22/2019 3103 Manual

36/439




Version 136

Objective 2 Configure Time on SUSE Linux Enterprise Server 11

Many network services, like directory services, as well as forensic investigations that

need to correlate log entries on different machines, rely on uniform time settings

across all computers within the network.

In order to implement uniform time settings on all computers in a network, all

computers must be able to access at least one time server so clocks will synchronize.

There are two ways of synchronizing the time on a SUSE Linux Enterprise Server:

netdate and NTP (Network Time Protocol). To configure and synchronize the time,

you need to understand the following:

Time Overview on page 36

Synchronize Time with hwclock or netdate on page 38

The Network Time Protocol (NTP) on page 40

Synchronize Time with NTP on page 43

Time Overview

In order to configure and synchronize time on a SUSE Linux Enterprise Server 11,

you need to understand the following fundamental concepts:

Hardware Clock and System Clock on page 36

GMT (UTC) and Local Time on page 37

Time Configuration Files on page 37

Hardware Clock and System Clock

There are two main clocks in a Linux system:

Hardware clock:Clock that runs independently of any control program runningin the CPU. It even runs when you turn off the server.

This clock is part of the ISA (Industry Standard Architecture) standard and is

commonly called the hardware clock. It is also called the time clock, the RTC

(Real Time Clock), the BIOS clock, or the CMOS (Complementary Metal-oxide

Semiconductor) clock.

The term hardware clock is used on Linux systems to indicate the time set by the

hwclock utility.

System time:Time kept by a clock inside the Linux kernel. It is driven by atimer interrupt (another ISA standard).

System time is meaningful while Linux is running on the server. System time is

the number of seconds since 00:00:00 January 1, 1970 UTC (or the number of

seconds since 1969).


8/22/2019 3103 Manual

37/439



37Version 1


On a Linux server, it is the system time that is important. The hardware clock's basic

purpose is to keep time when Linux is not running.

The system time is synchronized to the hardware clock when Linux boots. After that,

Linux uses only the system time.

Once the system time is set on the Linux server, it is important that you do not usecommands such as dateor netdateto adjust the system time without consideringthe impact on applications and network connections.

For a Linux server connected to the Internet (or equipped with a precision oscillator

or radio clock), the best way to regulate the system clock is with ntpd.

For a standalone or intermittently connected machine, you can use adjtimexinstead to at least correct systematic drift (man adjtimex lists the options).

You can set the hardware clock (with a command such as hwclock) while thesystem is running. The next time you start Linux, it will synchronize with the

adjusted time from the hardware clock.

The Linux kernel also maintains a concept of a local time zone for the system.

Some programs and parts of the Linux kernel (such as file systems) use the kernel

time zone value. An example is the vfat file system. If the kernel timezone value is

wrong, the vfat file system reports and sets the wrong time stamps on files.

However, programs that care about the time zone (perhaps because they want to

display a local time for you) almost always use a more traditional method of

determining the time zone such as using the /etc/localtimefile and the files inthe /usr/share/zoneinfo/ directory.

GMT (UTC) and Local Time

On startup, Linux reads the time from the computers local hardware (CMOS) clock

and takes control of the time. The hardware clock can be set using one of the

following:

UTC (Universal Time Coordinated):This time is also referred to as GMT(Greenwich Mean Time). For this setting, the variable HWCLOCK in the /etc/sysconfig/clockfile has the value -u.

Local time:If the hardware clock is set to the local time, the variable HWCLOCKin the /etc/sysconfig/clock file has the value --localtime.

Choosing GMT as the hardware time makes it easier to coordinate a large number of

computers in different places (especially if the computers are located in different time

zones.)

Time Configuration Files

The current time (system time) is calculated with the help of the variable

TIMEZONE in the /etc/sysconfig/clock file, which also handles therequired changes between daylight saving time and standard time.


8/22/2019 3103 Manual

38/439




Version 138

The following is an example of the settings in /etc/sysconfig/clock :

HWCLOCK="--localtime"SYSTOHC="yes"TIMEZONE="Europe/Berlin"DEFAULT_TIMEZONE="US/Eastern"

By means of the variable TIMEZONE, the time configured on the local host (=

system time) is set in the /etc/localtimefile, a copy of the respective timezonefile from /usr/share/zoneinfo/ . The /usr/share/zoneinfo/ directoryis a database of all time zones. SYSTOHC=yesmakes sure the current systemtime is written to the hardware clock when the system shuts down.

NOTE: In SLES 9, there used to be a symbolic link /usr/lib/zoneinfo/localtime pointing to /etc/

localtime. This link does not exist anymore in SLES 10 and SLES 11, even though it might still be

mentioned in /etc/sysconfig/clock.

Synchronize Time with hwclock or netdate

To synchronize time between network servers with hwclock or netdate, you need to

know the following:

Use hwclock on page 38

Use netdate on page 39

Use hwclock

hwclockis a tool to access the hardware clock. You can display the current time, setthe hardware clock to a specified time, set the hardware clock to the system time, and

set the system time from the hardware clock.

You can also run hwclock periodically to insert or remove time from the hardware

clock to compensate for systematic drift (where the clock consistently gains or loses

time at a certain rate if left to run).

hwclock uses several methods to get and set hardware clock values. The normal way

is to initialize an I/O process to the device special file /dev/rtc(RTC: Real TimeClock), which is maintained by the rtc device driver.

However, this method is not always available. The rtc driver is a relatively recent

addition to Linux and is not available on older systems.

On older systems, the method of accessing the hardware clock depends on the system

hardware.

NOTE: For additional details on how the system accesses the hardware clock and other hwclock

options, enter in a terminal windowman hwclock.


8/22/2019 3103 Manual

39/439



39Version 1

Enable Fundame