Linux+ Guide to Linux Certification, Third Edition

  • Published on
    25-Feb-2016

  • View
    24

  • Download
    0

Embed Size (px)

DESCRIPTION

Chapter 13 Configuring Network Services. Linux+ Guide to Linux Certification, Third Edition. Objectives. Configure infrastructure network services, including DHCP, DNS, NTP, and NIS Configure Web services using the Apache Web server - PowerPoint PPT Presentation

Transcript

  • Chapter 13Configuring Network Services

    Linux+ Guide to Linux Certification, 3e

  • ObjectivesConfigure infrastructure network services, including DHCP, DNS, NTP, and NISConfigure Web services using the Apache Web serverConfigure files sharing services, including Samba, NFS, and FTPConfigure e-mail services, including Sendmail and PostfixConfigure database services using PostgreSQLLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Infrastructure ServicesInfrastructure services: provide network configuration and support for other computers on a networkInclude:DHCPDNSNTPNISLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • DHCPDynamic Host Configuration Protocol (DHCP): used for automatically configuring a network interfaceSend DHCP broadcast on network Request IP configuration informationDHCP server leases IP address to client computer for a period of timeEnsures each client has unique IP addressAfter expiration, must send another DHCP requestLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • The DHCP Lease ProcessInvolves several stages:Client sends a request to all hosts on networkDHCP server sends offer containing potential IP configurationClient selects (accepts) offerDHCP server sends acknowledgement indicating the amount of time client can use IP configurationClient configures itself with IP configurationLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • The DHCP Lease Process (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-1: The DHCP lease process

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux DHCP ServerInstall DHCP daemon Use yum install dhcp commandEdit DHCP daemon configuration file to list appropriate IP address range for the network and lease information/etc/dhcp/dhcpd.conf stores IPv4 configuration/etc/dhcp/dhcpd6.conf stores IPv6 configurationservice dhcpd start command: starts the DHCP daemonLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • DNSHierarchical namespace used to identify computers on large TCP/IP networksZone: portion of DNS administered by one or more DNS serversForward lookup: FQDN resolved to IP addressReverse lookup: IP address resolved to FQDNLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • The DNS Lookup ProcessWeb browser performs a forward lookup of FQDN to contact IP of Web serverPerformed by DNS serverIterative query: resolved using DNS cache Does not use top-level DNS serversRecursive query: resolved with the use of top-level DNS serversDNS cache file: contains IP addresses of top-level DNS servers

    Linux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • The DNS Lookup Process (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-2: The DNS lookup process

    Linux+ Guide to Linux Certification, 3e

  • The DNS Lookup Process (continued)Master or primary DNS server: contains read/write copy of zoneSlave or secondary DNS server: contains read-only copy of zoneZone transfer: copying zone resource records from master to slave DNS serverLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux DNS ServerConfigure DNS name daemon for a specific zoneAdd resource records that list FDQNs and associated IP addresses for computers in that zoneConfiguration files have BIND formatDifficult to create manuallyUse graphical utility such as BIND configuration utility Start the DNS name daemonUse service named start commanddig command: used to query records that exist on a specific DNS serverLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux DNS Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-1: Common zone configuration files

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux DNS Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-1 (continued): Common zone configuration files

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux DNS Server (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-3: The BIND configuration utility

    Linux+ Guide to Linux Certification, 3e

  • NTPNetwork Time Protocol (NTP): used by OS to obtain time information BIOS system clock or from network servershwclock command: modifies BIOS date and timeUses UDP port 123Linux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Understanding NTP StrataStrata: hierarchical series of time resources used by NTPStratum 0: Atomic clock or GPS clockStratum 1: Obtain time directly from stratum 0 deviceStratum 2: Obtain time directly from stratum 1 deviceStratum is not an indication of quality or reliabilityNTP servers obtain time information from multiple sources and use algorithm to determine most reliable time informationLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux NTP ClientNTP daemon installed and started by defaultCan act as NTP client to obtain time from Internet time server or as NTP serverTo configure NTP clientEdit /etc/ntp.conf to add lines for different NTP servers that can be queriedntpdate command: manually synchronize the time Offset: time difference between time on local computer and time on time serverLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux NTP Client (continued)ntpq command: see what actual time servers system is synchronizing withJitter Buffer: stores the difference between the same time measurements from different NTP serversUsed by NTP when determining the most reliable time-q option: displays the offset and jittertzselect command: used to change the time zoneLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux NTP Client (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-5: The Date/Time Properties screen

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux NTP ServerBy default in Fedora 13, NTP daemon not configured as NTP serverTo allow other computers to query NTP daemon:Edit /etc/ntp.confAdd line identifying specific computers or networks that are allowed to query the NTP daemonRestart NTP daemon for changes to take effectLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • NISNetwork Information Service (NIS): coordinate common configuration files across several computersComputers belong to an NIS domain, use NIS map to access configuration informationcommonly used to coordinate database filesNIS master server: Sends all NIS map configuration to NIS slave serversNIS slave servers: Distribute maps to NIS clients

    Linux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring an NIS ServerInstall NIS server daemons via yum install ypserv commandDefine the NIS domain name via domainname NIS_ domain_name commandAdd NISDOMAIN=NIS_domain to /etc/sysconfig/network fileConfigure NIS domain at boot timeIn the /var/yp/Makefile file, edit the list of files to be made into mapsIf no slave servers, ensure NOPUSH=trueLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring an NIS Server (continued)Add identification of allowed clients to /var/yp/securenets fileAllow the allowed clients to access the appropriate maps in /etc/ypserv.confStart NIS daemon by service ypserv start commandEnsure NIS password server daemon is started at runlevel 5 by chkconfig level 5 yppasswdd on commandLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring an NIS Server (continued)Generate configuration file maps by the /usr/lib/yp/ypinit m commandAllow clients to connect by service ypbind start commandEnsure NIS binding server is started at runlevel 5 by chkconfig level 5 ypbind on commandLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring an NIS ClientDefine the NIS domain name via domainname NIS_ domain_name commandAdd NISDOMAIN=NIS_domain to /etc/sysconfig/network fileConfigure NIS domain at boot timeIn the /etc/yp.conf file, add, for each specific NIS server: domain NIS_domain server NIS_serverAlternatively add domain NIS_domain broadcastLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring an NIS Client (continued)Start NIS client program by service ypbind start commandEnsure NIS binding server daemon is started at runlevel 5 by chkconfig level 5 ypbind on commandLocate NIS server by ypwhich commandAdd +:*:0:0::: to /etc/passwd to redirect requests to NIS serveryppasswd command: used by NIS clients to change NIS passwordLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Web ServicesApache is the most common Web serverStarted as http daemonDocument root directory: stores default HTML content for a Web server/var/www/html on Fedora LinuxDefault document is index.html/etc/httpd/conf/httpd.conf: default configuration fileDirective: Line within a configuration fileLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Web Services (continued)Default settings sufficient for most Web serversCopy appropriate HTML files into /var/www/htmlStart Apache by service httpd startSeparate httpd daemon is started each time a client request is received by Apache Web serverCalled a Web page hitFirst daemon started as root user, others started as Apache usercurl command: used at BASH shell to obtain Web pageLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Linux+ Guide to Linux Certification, 3e*Table 13-2: Common httpd.conf directives

    Linux+ Guide to Linux Certification, 3e

  • Sharing Services: SambaSamba daemon: Emulates SMB protocolFormats TCP/IP data like Windows computersNetBIOS name daemon: to create and advertise NetBIOS name for Windows computers to connect to Linux servernmblookup command: Tests NetBIOS name resolution in LinuxLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Samba ServerCreate Linux user for each Windows usersmbpasswd command: Generate Samba passwords/etc/samba/smb.conf: Default Samba configuration fileEdit to include NetBIOS nametestparam command: checks syntax of /etc/samba/smb.confStart Samba and NetBIOS name daemons by service smb start and service nmb start commandsLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Connecting to a Samba ServerTest Samba functionality after configurationFrom Windows client enter \\Samba_server_name in the Run dialog boxsmbclient command: used to connect a Linux computer to a Samba serverCan also be used to display an FTP-like interface on Samba or Windows serversLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • NFSNetwork File System (NFS): allows Unix, Linux, and Macintosh OS X computers to share files transparentlyExport a directory by placing its name in the /etc/exports filemount command: used by another computer to access an exported directory across the network by mounting the remote directory on the local computerLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux NFS ServerCreate directory containing information to shareEdit /etc/exports file:Add line listing directory to be shared and optionsRun exportfs a command Update list of exported filesystemsRestart the NFS processes:service nfs startservice nfslock startLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Connecting to a Linux NFS ServerMount directory from remote NFS server to a directory on local computerUse mount command specifying nfs filesystem type, server name or IP address, remote directory, and local directory as argumentsUse the mounted directory as any other local directory, with operations being performed on the remote computerUse umount command to dismount remote directoryLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • FTPProtocol most commonly used to transfer files on public networksHosts files differently than NFSIn anonymous access special directory is available to any user who wants to connect to FTP serverUser can log in, via an FTP client program, to a home directory on the FTP serverLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Configuring a Linux FTP ServerVery secure FTP daemon (vsftpd): used by most Linux systemsTo configure (assuming logon as user1):Create directory below user1s home directory to host the filesEnsure user1 owns directoryEdit /etc/vsftpd/vsftpd.conf to modify appropriate commented optionsRun service vsftpd start to start vsftpd daemon

    Linux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Connecting to a Linux FTP ServerMost Web browsers have built-in FTP utility Allows you to access files on remote computerTo connect through Web browser, specify the location by typing ftp://servername in the browserTo log in as particular user, type ftp://user:password@servernameMost OSs have command-line FTP utilityUse ftp command and specify host name as argument, log in as anonymous or as specific userReceive prompt that accepts FTP commandsLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Connecting to a Linux FTP Server (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-7: Using a Web browser FTP client

    Linux+ Guide to Linux Certification, 3e

  • Connecting to a Linux FTP Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-3: Common FTP commands

    Linux+ Guide to Linux Certification, 3e

  • Connecting to a Linux FTP Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-3 (continued): Common FTP commands

    Linux+ Guide to Linux Certification, 3e

  • E-mail ServicesVarious e-mail protocols exist, including SMTP, ESMTP, POP, and IMAPE-mail server looks up the name of target e-mail server in domains MX records, stored on public DNS serverResolves target e-mail server name to IP address using public DNS serverDaemons and system components rely on e-mail to send important information to the root userLinux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Working with SendmailSendmail: one of oldest and most complex e-mail daemonsBy default accepts email on TCP port 25Test using telnet port_num, EHLO, and HELO commandsmail command: checks local e-mail/etc/aliases file: contains other e-mail names used to identify the users on the systemnewaliases command: rebuilds the aliases database after modifications

    Linux+ Guide to Linux Certification, 3e*

    Linux+ Guide to Linux Certification, 3e

  • Working with PostfixPostfix: easier to configure than SendmailInstall using yum install postfixEdit /etc/postfix/main.cf configuration fileRun service sendmail stop ; service postfix start command to stop Sendmail...

Recommended

View more >