SUSE Linux Enterprise Server Administration (Course 3037) Chapter 8 Enable Infrastructure Services

SUSE Linux Enterprise Server Administration (Course 3037)

Chapter 8Enable Infrastructure Services

SUSE Linux Enterprise Server Administration (Course 3037) 2

Objectives

• Configure and Manage Network Printing Services

• Configure Network File Systems

• Manage Resources on the Network


Configure and Manage Network Printing Services

• Objectives– Printers and Linux Support– CUPS and SUSE Linux Enterprise Server– How to Configure a SUSE Linux Enterprise Server

Network Printer– How to Modify a SUSE Linux Enterprise Server

Network Printer– How to Manage Printing from the Command Line– How to Access the CUPS Web Administration Tools– How to Troubleshoot the CUPS Print System


Printers and Linux Support

• Check the following sources:– http://cdb.suse.de/ or http://hardwaredb.suse.de/

• SUSE Linux Enterprise Server printer database

– www.linuxprinting.org/• Contains printer database on linuxprinting.org

– www.cs.wisc.edu/~ghost/ • Ghostscript Web page

– file:/usr/share/doc/packages/ghostscript/catalog.devices

• This lists included drivers

http://hardwaredb.suse.de/


CUPS and SUSE Linux Enterprise Server

• CUPS (Common Unix Printing System) – Default printing system of the SLES

• How CUPS handles print jobs– Print job is created by a user or a program– The file to print is saved in a queue– Printer daemon cupsd collects file to print from the

queue– Printer receives the data and prints it– Print job is removed from the queue


CUPS and SUSE Linux Enterprise Server (continued)

• How the cupsd daemon works– Printer daemon cupsd

• Administers local queues and filters• Converts data to print to a printer-specific format

– Steps• cupsd gets submitted print jobs from the queue

– And sends them to the printer• cupsd then executes the print jobs in the queue in order• Data is converted to PostScript• Number of pages is determined with the tool pstops• Printer-specific filters start


CUPS and SUSE Linux Enterprise Server (continued)


How to Configure a SUSE Linux Enterprise Server Network Printer

• SUSE Linux Enterprise Server and supported printing protocols– socket

• Connection in which data is sent to an Internet socket

– Without first performing a data handshake

– LPD (Line Printer Daemon)• Printer queue is sent before the actual print data

• Accepts any name as the printer queue

• Port number for an LPD service is 515

• Device URI example: lpd://host-printer/LPT1



(continued)• SUSE Linux Enterprise Server and supported

printing protocols (continued)– IPP (Internet Printing Protocol)

• Based on the HTTP protocol

• Transmits much more job-related data

• CUPS uses IPP for the internal data transmission

• Port number for IPP is 631

– SMB (Standard Message Block)• Can print on printers connected to Windows shares

• Port numbers 137, 138, and 139



(continued)• SUSE Linux Enterprise Server and PostScript

printers– PPD (PostScript Printer Description)

• Computer language that describes the properties and options of PostScript printers

– During installation a lot of PPD files are preinstalled– If a PostScript printer is configured

• Get a suitable PPD file and store it in the directory /usr/share/cups/model/



(continued)• How to configure a network printer with YaST

– Start YaST Printer module– Add a new printer manually– Select the printer type– Save the configuration by selecting Finish



(continued)



(continued)



(continued)



(continued)• How to configure a network from the command line

– Use lpadmin command• lpadmin -p <queue> -v <device-URI> -P <PPD-file> -E

– Enable a parallel printer example• lpadmin -p ps -v parallel:/dev/lp0 -P

/usr/share/cups/model/Postscript.ppd.gz –E

– Enable a network printer example• lpadmin -p ps -v socket://192.168.1.0:9100/ -P

/usr/share/cups/model/Postscript-level1.ppd.gz -E


How to Modify a SUSE Linux Enterprise Server Network Printer

• How to modify a network printer with YaST– Start YaST Printer module– Select Change– Edit an existing network printer configuration– Select an option area; then select Edit– Save the configuration– Close YaST Control Center (optional)



(continued)



(continued)



(continued)• How to modify a network printer from the command

line– List all options for a printer

• lpoptions -p queue-name -l

– Change an option using the lpadmin command– Check the new setting

• lpoptions -p queue-name -l



(continued)• How to modify printer settings from KDE

– kprinter• KDE utility for changing the properties of a printer

stored in its ppd file

– Steps• Start kprinter from an application

– Or from the command line by entering kprinter

• Select the printer you want to modify

• Save new configuration



(continued)



(continued)


How to Manage Printing from the Command Line

• Basic printer management– /usr/bin/enable printer

• Starts a printer queue for the indicated printer– /usr/bin/disable printer

• Stops a printer queue for the indicated printer– /usr/sbin/reject printer

• Rejects print jobs for the indicated printer– /usr/sbin/accept printer

• Accepts print jobs for the indicated printer


How to Manage Printing from the Command Line (continue)

• CUPS printer commands– CUPS provides two kinds of commands

• Berkeley3 and System V– Submit a print job

• Berkeley: lpr -P queue file

• System V: lp -d queue file– Display print jobs

• Berkeley: lpq -P queue

• System V: lpstat -o queue -p queue



• CUPS printer commands (continued)– Cancel print jobs

• Berkeley: lprm -P queue jobnumber• System V: cancel queue-jobnumber

– Configure a queue• lpoptions -p queue -l

• lpoptions -p queue -o option=value

– Changes the options of a queue



• SUSE Linux Enterprise Server printer commands– Disable a print queue

• /usr/bin/disable queue– Enable a print queue

• /usr/bin/enable queue

– Reject print jobs• /usr/bin/reject queue

– Accept print jobs• /usr/bin/accept queue


How to Access the CUPS Web Administration Tools

• Enter the following:– http://localhost:631

• You can manage printer classes, jobs, and printers

• root must be set up as a CUPS administrator – With CUPS administration group sys and a CUPS

password

• Do this as the root user by entering:– lppasswd -g sys -a root


How to Access the CUPS Web Administration Tools (continued)


How to Troubleshoot the CUPS Print System

• Set the log level to record errors– Messages are written to /var/log/cups/error_log– By default, only inquiries and status changes are

logged to the file– Change LogLevel option in cupsd configuration file

• /etc/cups/cupsd.conf

– Restart CUPS by entering rccups restart

• Check the access log– File /var/log/cups/access_log

• Logs every access to the CUPS daemon


How to Troubleshoot the CUPS Print System (continued)


How to Troubleshoot the CUPS Print System (continued)

• Perform basic troubleshooting– Set LogLevel to debug in the /etc/cups/cupsd.conf– Stop cupsd by entering rccupsd stop– Avoid searching through large log files

• By renaming the file /var/log/cups/error_log

– Start cupsd by entering rccupsd start– Repeat the action that led to the problem– Check the messages in /var/log/cups/error_log

• To identify the cause of the problem


Exercise 8-1 Configure CUPS Network Printing Services

• In this exercise, you do the following:– Part I: Add a Printer to the Network with YaST– Part II: Manage the Printer from the Command Line– Part III: Manage the Printer with YaST– Part IV: Provide Access to the CUPS Administrator– Part V: Print to a Remote CUPS Printer


Configure Network File Systems

• Objectives– Network File System (NFS)– Samba (CIFS)


Network File System (NFS)

• Network File System (NFS)– Lets you configure an NFS file server

• That gives users transparent access to programs, files, or storage space on the server

• Network File System basics– Requires a NFS server and NFS clients– File systems are exported by an NFS server

• And appear and behave on a NFS client

– Used with Network Information Service (NIS)• To provide centralized user management on a network


Network File System (NFS) (continued)



• Network File System basics– A computer can be both a NFS server and client– NFS server generally has a very large hard disk

capacity– NFS daemon is part of the kernel

• The start script is /etc/init.d/nfsserver

• How NFS works– NFS and NIS are Remote Procedure Call (RPC)

services



• How NFS works– Portmapper

• Manages RPC services

– When an RPC service starts up• It binds to a port in the system

• Communicates this port to the portmapper

– File locking activated through script /etc/init.d/nfslock– Use command /etc/init.d/nfsserver to start NFS server– NFS service daemon (/usr/sbin/rpc.nfsd)

• Starts the required kernel threads





• How NFS works (continued)– mount daemon (/usr/sbin/rpc.mountd)

• Accepts mount request and compares it with the entries in the configuration file /etc/exports

– By default, four server threads are started

• NFS configuration overview– Configuration settings are stored in /etc/exports– Client-side configuration file /etc/fstab– NFS server and clients can be configured with YaST

• You can also modify the configuration files directly



• How to configure NFS server with YaST– Start YaST NFS Server module– Select Start NFS Server; then select Next– Add a directory for export– Add other directories by selecting Add directory– Add, edit, or delete a host for a directory– Save the configuration by selecting Finish









• How to configure NFS server manually– Check for service (daemon) availability– Configure the services to be available at bootup– Define exported directories in /etc/exports– Set permissions for exported directories in

/etc/exports– Restart mountd and nfsd

• How to temporarily export a directory– Use command exportfs





• How to configure NFS client access with YaST– Start the YaST NFS Client module– Add a directory to the list by selecting Add– Configure the directory– Save the NFS client settings by selecting Finish– Close the YaST Control Center







• How to configure and mount NFS directories– Mount NFS directories automatically

• Make corresponding entries in the file /etc/fstab

• Start script /etc/init.d/nfs loads the file /etc/fstab

• Have the system read changes by entering mount -a

• Activate start script of NFS client with insserv nfs

– Import directories manually from an NFS server• Use command mount

• Run RPC port mapper as root

– Use rcportmap start



• How to configure and mount NFS directories– Import directories manually from an NFS server

• Use –t option to indicate file system type

• Use –o option to mount directory like a local partition

– soft (opposite:hard)

– bg (default:bg)

– rsize=n

– wsize=n

– retry=n

– nosuid

– nodev



• How to monitor the NFS system– rpcinfo –p

• Displays information about the portmapper

• -p option displays all programs registered with the portmapper

– NFS server daemon registers itself with the name nfs– showmount

• Displays information about the exported directories of an NFS server


Exercise 8-2 Set Up and Manage Network File System (NFS)

• In this exercise, you do the following:– Part I: Add a Remote File System to the NFS Client– Part II: Set Up an NFS Server


Samba (CIFS)

• Samba– Implements Microsoft networking protocols– Server Message Block (SMB)

• Protocol for sharing resources between networked computers

– Common Internet File System (CIFS)• Implementation of SMB over native TCP/IP

• Does not require NetBIOS


Samba (CIFS) (continued)

• Samba features and version– Support for Active Directory– Much improved Unicode support– Complete revision of the internal authentication

mechanisms– Improved support for the Windows 200x/XP printing

system– The ability to set up servers as member servers in

Active Directory domains– Adoption of an NT4 domain, enabling the migration

from an NT4 domain to a Samba domain



• Samba client support on Linux– TCP/IP protocol must be installed on all computers– Samba provides a client for the different UNIX

versions– SMB server share

• Provides hard disk space to their clients

• Share includes a directory and its subdirectories on the server

• Can be accessed by its name– Printer is also assigned a name



• Samba services and configuration files– rcnmb start && rcsmb start

• Starts services required by Samba

– rcsmb stop && rcnmb stop• Stops Samba services

– /etc/samba/smb.conf• Samba configuration file

• Sections

– [global] section

– [share] sections



• Samba services and configuration files (continued)– [global] section configuration

• Parameters

– workgroup = TUX-NET

– netbiosname = MYNAME

– os level = 2

– wins support and wins server

– [cdrom] shares configuration examplecomment = Linux CD-ROM

path = /media/cdrom

locking = No



• Samba services and configuration files (continued)– [homes] shares configuration example

comment = Home Directories

valid users = %S

browseable = No

read only = No

create mask = 0640

directory mask = 750

inherit permissions = Yes



• Samba services and configuration files (continued)– Share password protection

• Each share access can be protected with a password

• SMB has three possible ways of checking permissions

– Share Level Security (security = share)

– User Level Security (security = user)

– Server Level Security (security = server)



• How to configure a Samba server with YaST– Start the YaST Samba Server module– Select an available workgroup or domain on the

network– Continue by selecting Next– Select a domain controller type for your Samba server









• How to configure a Samba server with YaST– Configure the system services to start on bootup by

selecting On– Display a list of configured shares by selecting Shares– Display options for configuring the Samba server

identity by selecting Identity– Display a list of trusted domains by selecting Trusted

Domains– Save the settings by selecting Finish– Close the YaST Control Center (optional)









• How to configure a Samba client with YaST– Start the YaST Samba Client module– Enter name of a workgroup or NT domain for the

Samba client membership– Allow for verification of passwords against an NT

server

– Save the Samba client configuration settings by selecting Finish

– Close the YaST Control Center (optional)




How to Monitor and Test Samba

• Diagnosis tools– /usr/bin/testparm

• Performs a syntax check of /etc/samba/smb.conf

– /usr/bin/nmblookup• Displays the registered local or remote names of a host

– /usr/bin/smbclient• Checks network resources and establishes connections

– /usr/bin/smbstatus• Lists current existing connections to the Samba server


How to Monitor and Test Samba (continued)

• How to start and test Samba– Samba needs /etc/samba/smb.conf file

• With an entry about the workgroup

– rcsmb start• Makes host visible with its host name in a Windows

environment

– nmblookup• Checks whether the new Samba host is already visible

– In the network environment


Exercise 8-3 Configure a Basic Samba Server

• In this exercise, you do the following:– Part I: Configure the Samba Client– Part II: Configure the Samba Server


Manage Resources on the Network

• Objectives– Network Information Service (NIS)– LDAP


Network Information Service (NIS)

• Network Information Service basics– Database system – Allows centralized administration of configuration files– Enables centralized user management and printer

administration– Makes administration of large networks easier– NIS server stores files to distribute over the whole

network in maps


Network Information Service (NIS) (continued)

• NIS domain components– Master server

• Stores all important configuration files distributed across the network

– And distributes them to slave servers

• Processes NIS clients’ requests

– Slave server• Helps the master server process requests

– NIS clients• Retrieve configuration files from the NIS server





• NIS configuration overview– /etc/defaultdomain stores name of NIS domain– /etc/yp.conf stores NIS server to address– On a slave server

• First the local NIS server should be addressed

• Then any other existing slave servers

– NIS client must be configured so it uses the NIS maps • Instead of or in addition to the local configuration files

• Modify configuration file /etc/nsswitch.conf



• How to configure a NIS master server with YaST– Start YaST NIS Server module– Do one of the following:

• If no NIS server exists select Create NIS Master Server

• If you already have a NIS master server select Create NIS Slave Server

• Quit the NIS server setup





• How to configure a NIS master server with YaST (continued)– Create a NIS Master Server









• How to configure a NIS master server manually– Make sure software packages are installed– Generate symbolic links to start NIS server

automatically– Set NIS domain name– Check configuration files– Create NIS maps– Check additional configuration files



• How to configure maps manually– Makefile (/var/yp/Makefile) is evaluated– NIS domain name must be set– ypdomainname displays the domain name– ypdomainnam domain_name sets domain name– Create NIS maps with make– Makefile evaluates NIS domain names

• And creates a directory in /var/yp/

– make –C /var/yp -s includes new user in NIS maps



• How to configure a slave server on the master server– Use YaST– Select Active Slave NIS server exists– Select Fast Map distribution

• To start the YP transfer daemon

– Slave servers entered in YaST are written to /var/yp/ypservers



• How to configure a slave server only– Start YaST NIS Server module– Select Create NIS Slave Server > Next– Package ypserv is needed on the slave server– Set symbolic links for starting in the corresponding

runlevels– Slave server is given the name of the NIS domain– Decide if slave server should function as a NIS client– Slave server requests maps from the master server– Maps are also stored in /var/yp/NIS-domain-name/



• How to configure a NIS client with YaST– Start YaST NIS Client module– Make sure Use NIS is selected– Do one of the following:

• Select Automatic Setup (via DHCP)• Select Static Setup

– Enter static configuration values (conditional)– Select Start Automounter (conditional)– Access additional configuration options– Save configuration settings





• How to configure NIS users with YaST– Create a directory for NIS network users– Start YaST Edit and create users module– Select Set Filter; then select Local Users– Create a new user by selecting Add– Enter a full user name, user login ID, and password– Select Details– Enter the home directory for the user– Add the user by selecting Create









• How to configure NIS users with YaST (continued)– With the new user selected, select Set Filter

• Then select NIS Users

– Save changes– Open a terminal window– Change to the directory /var/yp/– Update the NIS maps by entering make– From Yast Control Center, select Security and Users

> Edit and Create Users– Select Set Filter > NIS Users



• NIS security considerations– Configure access restriction in file /var/yp/securenets– Networks that require access to the NIS server

• Must be listed in this file

– Entries for individual computers can also be made • With the keyword host

– Only IP addresses are valid in /var/yp/securenets



• NIS utilities– /bin/ypdomainname

• Displays the name of the current NIS domain

• Sets a new domain name

– /usr/bin/ypwhich• Displays the NIS server used by the client

• Queries NIS client on other machines for the server addressed

– /usr/bin/ypcat• Displays the contents of a NIS database file (map)



• NIS utilities (continued)– /usr/bin/ypmatch

• Queries the key field of a NIS map and has the corresponding entry for the field displayed

– /usr/bin/yppasswd• Changes the password of the user on the NIS server

– /usr/bin/yppoll• Displays ID number of a NIS map used by the NIS

server




Exercise 8-4 Enable Network Information Service (NIS) on

Your Network• In this exercise, you do the following:

– Part I: Configure a NIS Server YaST– Part II: Create a NIS User– Part III: Update the NIS Maps– Part IV: Verify a Local NIS Configuration– Part V: Prepare for NIS Network Users– Part VI: Configure the NIS Client Using YaST


LDAP

• LDAP (Lightweight Directory Access Protocol)– Internet communications protocol– Lets client applications access Directory information– Based on the X.500 Directory Access Protocol (DAP)– OpenLDAP package contains

• slapd• slurpd• slapcat, slapadd, slapindex


LDAP (continued)

• LDAP versus NIS– NIS is only designed for Linux/UNIX platforms– LDAP service is not restricted to pure Linux/UNIX

networks– LDAP can be applied to any centrally administered

data structure• Replacement for NIS

• Mail routing (postfix, sendmail)

• Address books for mail clients

• Administration of zone descriptions for a BIND9 name server


LDAP (continued)

• Structure of an LDAP directory tree– Directory information tree (DIT)

• LDAP directory tree– Distinguished name or DN

• Complete path to a desired entry (object)– Relative distinguished name or RDN

• Single nodes along the path to the entry– Types of objects

• container• leaf


LDAP (continued)


LDAP (continued)

• Structure of an LDAP directory tree (continued)– Schema

• Definition of which types of objects can be stored in DIT

– Object class• Defines what attributes the object must or can be

assigned


LDAP (continued)

• How to configure an LDAP server with YaST– Start the YaST LDAP Server module– Start the LDAP server by selecting Yes– Configure the LDAP server by selecting Configure– View the configuration settings– LDAP settings categories– Save the LDAP server setting by selecting Finish– Close the YaST Control Center (optional)


LDAP (continued)


LDAP (continued)


LDAP (continued)

• How to configure an LDAP client with YaST– Start the YaST LDAP Client module– Enable user authentication with an LDAP server– Enter the distinguished name of the search base– Enter the IP address of the LDAP server– Select LDAP TLS/SSL (conditional)– Select LDAP version 2 (conditional)– Configure advanced LDAP settings– Automatically mount directories on remote hosts– Save the settings


LDAP (continued)


LDAP (continued)

• How to configure users for LDAP authentication– Start the YaST Edit and create users module– Select Set Filter > Local Users– From the user list, select a user; then select Edit– Select Details– Continue by selecting Next– Edit an attribute value– When you finish, continue by selecting Next


LDAP (continued)


LDAP (continued)


Summary

• SLES uses the CUPS printing system

• Configure CUPS with:– YaST– lpadmin– CUPS Web Administration tool– Modifying configuration files

• CUPS log files– /var/log/cups/error_log– /var/log/cups/access_log

• Print jobs are sent to a queue directory


Summary (continued)

• lp and lpr commands – May be used to create print jobs

• lpstat or lpq commands– Display print jobs in the print queue

• lpoptions command– Modifies print options

• NFS– Used to share files amongst Linux and UNIX

• Samba– Shares files between Linux, UNIX, and Windows


Summary (continued)

• NIS is unique to UNIX and Linux operating systems

• NIS clients obtain information from a NIS master server or NIS slave servers

• LDAP service provides the same functionality as NIS – But is supported by nearly all operating systems

• LDAP resources are organized into a directory information tree

• YaST may be used to configure LDAP

Documents

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 8 Enable Infrastructure Services