Transcript
Page 1: Linux+ Guide to Linux Certification, Third Edition

Chapter 13Configuring Network Services

Page 2: Linux+ Guide to Linux Certification, Third Edition

Objectives Configure infrastructure network services,

including DHCP, DNS, NTP, and NIS Configure Web services using the Apache

Web server Configure files sharing services, including

Samba, NFS, and FTP Configure e-mail services, including

Sendmail and Postfix Configure database services using

PostgreSQL

Linux+ Guide to Linux Certification, 3e 2

Page 3: Linux+ Guide to Linux Certification, Third Edition

Infrastructure Services Infrastructure services: provide network

configuration and support for other computers on a network

Include:DHCPDNSNTPNIS

Linux+ Guide to Linux Certification, 3e 3

Page 4: Linux+ Guide to Linux Certification, Third Edition

DHCP Dynamic Host Configuration Protocol

(DHCP): used for automatically configuring a network interface

Send DHCP broadcast on network Request IP configuration information

DHCP server leases IP address to client computer for a period of timeEnsures each client has unique IP addressAfter expiration, must send another DHCP

request

Linux+ Guide to Linux Certification, 3e 4

Page 5: Linux+ Guide to Linux Certification, Third Edition

The DHCP Lease Process Involves several stages:

Client sends a request to all hosts on network

DHCP server sends offer containing potential IP configuration

Client selects (accepts) offerDHCP server sends acknowledgement

indicating the amount of time client can use IP configuration

Client configures itself with IP configuration

Linux+ Guide to Linux Certification, 3e 5

Page 6: Linux+ Guide to Linux Certification, Third Edition

The DHCP Lease Process (continued)

Linux+ Guide to Linux Certification, 3e 6

Figure 13-1: The DHCP lease process

Page 7: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux DHCP Server Install DHCP daemon

Use yum install dhcp command Edit DHCP daemon configuration file to list

appropriate IP address range for the network and lease information/etc/dhcp/dhcpd.conf stores IPv4 configuration/etc/dhcp/dhcpd6.conf stores IPv6 configuration

service dhcpd start command: starts the DHCP daemon

Linux+ Guide to Linux Certification, 3e 7

Page 8: Linux+ Guide to Linux Certification, Third Edition

DNS Hierarchical namespace used to identify

computers on large TCP/IP networks Zone: portion of DNS administered by

one or more DNS servers Forward lookup: FQDN resolved to IP

address Reverse lookup: IP address resolved to

FQDN

Linux+ Guide to Linux Certification, 3e 8

Page 9: Linux+ Guide to Linux Certification, Third Edition

The DNS Lookup Process Web browser performs a forward lookup of

FQDN to contact IP of Web serverPerformed by DNS server

Iterative query: resolved using DNS cache Does not use top-level DNS servers

Recursive query: resolved with the use of top-level DNS servers

DNS cache file: contains IP addresses of top-level DNS servers

Linux+ Guide to Linux Certification, 3e 9

Page 10: Linux+ Guide to Linux Certification, Third Edition

The DNS Lookup Process (continued)

Linux+ Guide to Linux Certification, 3e 10

Figure 13-2: The DNS lookup process

Page 11: Linux+ Guide to Linux Certification, Third Edition

The DNS Lookup Process (continued) Master or primary DNS server: contains

read/write copy of zone Slave or secondary DNS server:

contains read-only copy of zone Zone transfer: copying zone resource

records from master to slave DNS server

Linux+ Guide to Linux Certification, 3e 11

Page 12: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux DNS Server Configure DNS name daemon for a specific

zoneAdd resource records that list FDQNs and

associated IP addresses for computers in that zone Configuration files have BIND format

Difficult to create manually○ Use graphical utility such as BIND configuration utility

Start the DNS name daemonUse service named start command

dig command: used to query records that exist on a specific DNS server

Linux+ Guide to Linux Certification, 3e 12

Page 13: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux DNS Server (continued)

Linux+ Guide to Linux Certification, 3e 13

Table 13-1: Common zone configuration files

Page 14: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux DNS Server (continued)

Linux+ Guide to Linux Certification, 3e 14

Table 13-1 (continued): Common zone configuration files

Page 15: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux DNS Server (continued)

Linux+ Guide to Linux Certification, 3e 15

Figure 13-3: The BIND configuration utility

Page 16: Linux+ Guide to Linux Certification, Third Edition

NTP Network Time Protocol (NTP): used by

OS to obtain time information BIOS system clock or from network servershwclock command: modifies BIOS date

and timeUses UDP port 123

Linux+ Guide to Linux Certification, 3e 16

Page 17: Linux+ Guide to Linux Certification, Third Edition

Understanding NTP Strata Strata: hierarchical series of time resources

used by NTPStratum 0: Atomic clock or GPS clockStratum 1: Obtain time directly from stratum 0

deviceStratum 2: Obtain time directly from stratum 1

device Stratum is not an indication of quality or

reliabilityNTP servers obtain time information from

multiple sources and use algorithm to determine most reliable time information

Linux+ Guide to Linux Certification, 3e 17

Page 18: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux NTP Client NTP daemon installed and started by

defaultCan act as NTP client to obtain time from

Internet time server or as NTP server To configure NTP client

Edit /etc/ntp.conf to add lines for different NTP servers that can be queried

ntpdate command: manually synchronize the time

Offset: time difference between time on local computer and time on time server

Linux+ Guide to Linux Certification, 3e 18

Page 19: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux NTP Client (continued) ntpq command: see what actual time

servers system is synchronizing with Jitter Buffer: stores the difference

between the same time measurements from different NTP serversUsed by NTP when determining the most

reliable time-q option: displays the offset and jitter

tzselect command: used to change the time zone

Linux+ Guide to Linux Certification, 3e 19

Page 20: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux NTP Client (continued)

Linux+ Guide to Linux Certification, 3e 20

Figure 13-5: The Date/Time Properties screen

Page 21: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux NTP Server By default in Fedora 13, NTP daemon

not configured as NTP server To allow other computers to query NTP

daemon:Edit /etc/ntp.confAdd line identifying specific computers or

networks that are allowed to query the NTP daemon

Restart NTP daemon for changes to take effect

Linux+ Guide to Linux Certification, 3e 21

Page 22: Linux+ Guide to Linux Certification, Third Edition

NIS Network Information Service (NIS):

coordinate common configuration files across several computersComputers belong to an NIS domain, use

NIS map to access configuration informationcommonly used to coordinate database files

NIS master server: Sends all NIS map configuration to NIS slave servers

NIS slave servers: Distribute maps to NIS clients

Linux+ Guide to Linux Certification, 3e 22

Page 23: Linux+ Guide to Linux Certification, Third Edition

Configuring an NIS Server Install NIS server daemons via yum install ypserv command

Define the NIS domain name via domainname NIS_ domain_name command

Add NISDOMAIN=“NIS_domain” to /etc/sysconfig/network fileConfigure NIS domain at boot time

In the /var/yp/Makefile file, edit the list of files to be made into mapsIf no slave servers, ensure NOPUSH=true

Linux+ Guide to Linux Certification, 3e 23

Page 24: Linux+ Guide to Linux Certification, Third Edition

Configuring an NIS Server (continued) Add identification of allowed clients

to /var/yp/securenets file Allow the allowed clients to access the

appropriate maps in /etc/ypserv.conf Start NIS daemon by service ypserv start command

Ensure NIS password server daemon is started at runlevel 5 by chkconfig –level 5 yppasswdd on command

Linux+ Guide to Linux Certification, 3e 24

Page 25: Linux+ Guide to Linux Certification, Third Edition

Configuring an NIS Server (continued) Generate configuration file maps

by the /usr/lib/yp/ypinit –m command

Allow clients to connect by service ypbind start command

Ensure NIS binding server is started at runlevel 5 by chkconfig –level 5 ypbind on command

Linux+ Guide to Linux Certification, 3e 25

Page 26: Linux+ Guide to Linux Certification, Third Edition

Configuring an NIS Client Define the NIS domain name via domainname NIS_ domain_name command

Add NISDOMAIN=“NIS_domain” to /etc/sysconfig/network fileConfigure NIS domain at boot time

In the /etc/yp.conf file, add, for each specific NIS server: domain NIS_domain server NIS_serverAlternatively add domain NIS_domain broadcast

Linux+ Guide to Linux Certification, 3e 26

Page 27: Linux+ Guide to Linux Certification, Third Edition

Configuring an NIS Client (continued) Start NIS client program by service ypbind start command

Ensure NIS binding server daemon is started at runlevel 5 by chkconfig –level 5 ypbind on command

Locate NIS server by ypwhich command

Add +:*:0:0::: to /etc/passwd to redirect requests to NIS server

yppasswd command: used by NIS clients to change NIS password

Linux+ Guide to Linux Certification, 3e 27

Page 28: Linux+ Guide to Linux Certification, Third Edition

Web Services Apache is the most common Web server

Started as http daemon Document root directory: stores default

HTML content for a Web server/var/www/html on Fedora LinuxDefault document is index.html

/etc/httpd/conf/httpd.conf: default configuration file

Directive: Line within a configuration file

Linux+ Guide to Linux Certification, 3e 28

Page 29: Linux+ Guide to Linux Certification, Third Edition

Web Services (continued) Default settings sufficient for most Web

serversCopy appropriate HTML files into /var/www/htmlStart Apache by service httpd start

Separate httpd daemon is started each time a client request is received by Apache Web serverCalled a Web page hitFirst daemon started as root user, others

started as Apache user curl command: used at BASH shell to

obtain Web page

Linux+ Guide to Linux Certification, 3e 29

Page 30: Linux+ Guide to Linux Certification, Third Edition

Linux+ Guide to Linux Certification, 3e 30

Table 13-2: Common httpd.conf directives

Page 31: Linux+ Guide to Linux Certification, Third Edition

Sharing Services: Samba Samba daemon: Emulates SMB

protocolFormats TCP/IP data like Windows

computers NetBIOS name daemon: to create and

advertise NetBIOS name for Windows computers to connect to Linux server

nmblookup command: Tests NetBIOS name resolution in Linux

Linux+ Guide to Linux Certification, 3e 31

Page 32: Linux+ Guide to Linux Certification, Third Edition

Configuring a Samba Server Create Linux user for each Windows user

smbpasswd command: Generate Samba passwords

/etc/samba/smb.conf: Default Samba configuration fileEdit to include NetBIOS nametestparam command: checks syntax of

/etc/samba/smb.conf Start Samba and NetBIOS name daemons by service smb start and service nmb start commands

Linux+ Guide to Linux Certification, 3e 32

Page 33: Linux+ Guide to Linux Certification, Third Edition

Connecting to a Samba Server Test Samba functionality after

configurationFrom Windows client enter \\

Samba_server_name in the Run dialog box smbclient command: used to connect

a Linux computer to a Samba serverCan also be used to display an FTP-like

interface on Samba or Windows servers

Linux+ Guide to Linux Certification, 3e 33

Page 34: Linux+ Guide to Linux Certification, Third Edition

NFS Network File System (NFS): allows Unix,

Linux, and Macintosh OS X computers to share files transparently

Export a directory by placing its name in the /etc/exports file

mount command: used by another computer to access an exported directory across the network by mounting the remote directory on the local computer

Linux+ Guide to Linux Certification, 3e 34

Page 35: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux NFS Server Create directory containing information

to share Edit /etc/exports file:

Add line listing directory to be shared and options

Run exportfs –a command Update list of exported filesystems

Restart the NFS processes:service nfs startservice nfslock start

Linux+ Guide to Linux Certification, 3e 35

Page 36: Linux+ Guide to Linux Certification, Third Edition

Connecting to a Linux NFS Server Mount directory from remote NFS server to a

directory on local computerUse mount command specifying nfs

filesystem type, server name or IP address, remote directory, and local directory as arguments

Use the mounted directory as any other local directory, with operations being performed on the remote computer

Use umount command to dismount remote directory

Linux+ Guide to Linux Certification, 3e 36

Page 37: Linux+ Guide to Linux Certification, Third Edition

FTP Protocol most commonly used to

transfer files on public networks Hosts files differently than NFS In anonymous access special directory

is available to any user who wants to connect to FTP server

User can log in, via an FTP client program, to a home directory on the FTP server

Linux+ Guide to Linux Certification, 3e 37

Page 38: Linux+ Guide to Linux Certification, Third Edition

Configuring a Linux FTP Server Very secure FTP daemon (vsftpd): used by

most Linux systems To configure (assuming logon as “user1”):

Create directory below user1’s home directory to host the files○ Ensure user1 owns directory

Edit /etc/vsftpd/vsftpd.conf to modify appropriate commented options

Run service vsftpd start to start vsftpd daemon

Linux+ Guide to Linux Certification, 3e 38

Page 39: Linux+ Guide to Linux Certification, Third Edition

Connecting to a Linux FTP Server Most Web browsers have built-in FTP utility

Allows you to access files on remote computer To connect through Web browser, specify

the location by typing ftp://servername in the browserTo log in as particular user, type

ftp://user:password@servername Most OSs have command-line FTP utility

Use ftp command and specify host name as argument, log in as anonymous or as specific user○ Receive prompt that accepts FTP commands

Linux+ Guide to Linux Certification, 3e 39

Page 40: Linux+ Guide to Linux Certification, Third Edition

Connecting to a Linux FTP Server (continued)

Linux+ Guide to Linux Certification, 3e 40

Figure 13-7: Using a Web browser FTP client

Page 41: Linux+ Guide to Linux Certification, Third Edition

Connecting to a Linux FTP Server (continued)

Linux+ Guide to Linux Certification, 3e 41

Table 13-3: Common FTP commands

Page 42: Linux+ Guide to Linux Certification, Third Edition

Connecting to a Linux FTP Server (continued)

Linux+ Guide to Linux Certification, 3e 42

Table 13-3 (continued): Common FTP commands

Page 43: Linux+ Guide to Linux Certification, Third Edition

E-mail Services Various e-mail protocols exist, including

SMTP, ESMTP, POP, and IMAP E-mail server looks up the name of

target e-mail server in domain’s MX records, stored on public DNS serverResolves target e-mail server name to IP

address using public DNS server Daemons and system components rely

on e-mail to send important information to the root user

Linux+ Guide to Linux Certification, 3e 43

Page 44: Linux+ Guide to Linux Certification, Third Edition

Working with Sendmail Sendmail: one of oldest and most complex

e-mail daemonsBy default accepts email on TCP port 25Test using telnet port_num, EHLO, and HELO commands

mail command: checks local e-mail /etc/aliases file: contains other e-mail

names used to identify the users on the systemnewaliases command: rebuilds the aliases

database after modifications

Linux+ Guide to Linux Certification, 3e 44

Page 45: Linux+ Guide to Linux Certification, Third Edition

Working with Postfix Postfix: easier to configure than Sendmail

Install using yum install postfixEdit /etc/postfix/main.cf configuration fileRun service sendmail stop ; service postfix start command to stop Sendmail daemon and activate Postfix daemon○ To make the change permanent, run the chkconfig -- level 5 sendmail off ; chkconfig -- level 5 postfix on command

Linux+ Guide to Linux Certification, 3e 45

Page 46: Linux+ Guide to Linux Certification, Third Edition

Working with Postfix (continued)

Linux+ Guide to Linux Certification, 3e 46

Table 13-4: Lines in /etc/postfix/main.cf to uncomment or add when configuring Postfix

Page 47: Linux+ Guide to Linux Certification, Third Edition

Database Services Databases: large files that store

information in the form of tables Table: organizes information into a list Record: set of information about a

particular item within a list Fields: categories of information within a

record Relational databases: databases in which

information within one table is related to information within other tablesTables are usually linked by a common field

Linux+ Guide to Linux Certification, 3e 47

Page 48: Linux+ Guide to Linux Certification, Third Edition

Database Services (continued)

Linux+ Guide to Linux Certification, 3e 48

Figure 13-8: A simple relational database structure

Page 49: Linux+ Guide to Linux Certification, Third Edition

Database Services (continued) Structured Query Language (SQL):

programming language used to store and access data in databasesThe server programs that allow use of SQL

are called SQL servers○ Offer advanced backup, repair, replication,

and recovery utilities for data○ Allow programs to access databases from

across the network

Linux+ Guide to Linux Certification, 3e 49

Page 50: Linux+ Guide to Linux Certification, Third Edition

Database Services (continued)

Linux+ Guide to Linux Certification, 3e 50

Table 13-5: Common SQL statements

Page 51: Linux+ Guide to Linux Certification, Third Edition

Database Services (continued)

Linux+ Guide to Linux Certification, 3e 51

Table 13-5 (continued): Common SQL statements

Page 52: Linux+ Guide to Linux Certification, Third Edition

Configuring PostgreSQL Powerful SQL server that provides large

number of featuresTo install: yum install postgresql

command Prepare for use by:

Use passwd postgres command to assign user a password

Initialize internal databases using service postgresql initdb command

Modify PostgreSQL configuration filesStart the PostgreSQL engine

Linux+ Guide to Linux Certification, 3e 52

Page 53: Linux+ Guide to Linux Certification, Third Edition

Configuring PostgreSQL Databases Log in as postgres user Execute PostgreSQL command-line

utilities to create and manage databasesCan create tables and add records within

the PostgreSQL utility using appropriate SQL statements

PostgreSQL utility has many built-in commands○ Prefixed with a \ character○ Can be used to obtain database information or

perform functions within the utility

Linux+ Guide to Linux Certification, 3e 53

Page 54: Linux+ Guide to Linux Certification, Third Edition

Configuring PostgreSQL Databases (continued)

Linux+ Guide to Linux Certification, 3e 54

Table 13-6: PostgreSQL command-line utilities

Page 55: Linux+ Guide to Linux Certification, Third Edition

Configuring PostgreSQL Databases (continued)

Linux+ Guide to Linux Certification, 3e 55

Table 13-7: Common built-in PostgreSQL utility commands

Page 56: Linux+ Guide to Linux Certification, Third Edition

Summary DHCP, DNS, NTP, and NIS are infrastructure

services since they provide network-related services to other computers

DHCP servers lease other computers an IPv4 or IPv6 configuration

DNS servers provide name resolution services for other computers on the network

Linux computers can use the system time stored within the computer BIOS or obtain time from an NTP server across the network

Linux+ Guide to Linux Certification, 3e 56

Page 57: Linux+ Guide to Linux Certification, Third Edition

Summary (continued) NIS servers provide key configuration files to

other Linux computers that are configured as NIS clients

The Apache server shares Web pages from its document root directory to computers on the network using the HTTP protocol

Samba can be used to share files to Linux, UNIX, Macintosh, and Windows computers using the SMB protocol

NFS can be used to natively share files among Linux, UNIX, and Macintosh systems

Linux+ Guide to Linux Certification, 3e 57

Page 58: Linux+ Guide to Linux Certification, Third Edition

Summary (continued) FTP can be used to share files to any

computer that has an FTP client utility Email servers deliver e-mails to users,

accept new e-mails from users and relay the new emails to other e-mail servers on the Internet for delivery

Applications that store data in databases on database servers use SQL statements to manipulate information within a database

PostgreSQL provides advanced configuration and utilities

Linux+ Guide to Linux Certification, 3e 58


Recommended