Linux+ Guide to Linux Certification, Third Edition

  • Published on
    25-Feb-2016

  • View
    24

  • Download
    0

DESCRIPTION

Chapter 13 Configuring Network Services. Linux+ Guide to Linux Certification, Third Edition. Objectives. Configure infrastructure network services, including DHCP, DNS, NTP, and NIS Configure Web services using the Apache Web server - PowerPoint PPT Presentation

Transcript

Chapter 13Configuring Network ServicesLinux+ Guide to Linux Certification, 3eObjectivesConfigure infrastructure network services, including DHCP, DNS, NTP, and NISConfigure Web services using the Apache Web serverConfigure files sharing services, including Samba, NFS, and FTPConfigure e-mail services, including Sendmail and PostfixConfigure database services using PostgreSQLLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eInfrastructure ServicesInfrastructure services: provide network configuration and support for other computers on a networkInclude:DHCPDNSNTPNISLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eDHCPDynamic Host Configuration Protocol (DHCP): used for automatically configuring a network interfaceSend DHCP broadcast on network Request IP configuration informationDHCP server leases IP address to client computer for a period of timeEnsures each client has unique IP addressAfter expiration, must send another DHCP requestLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eThe DHCP Lease ProcessInvolves several stages:Client sends a request to all hosts on networkDHCP server sends offer containing potential IP configurationClient selects (accepts) offerDHCP server sends acknowledgement indicating the amount of time client can use IP configurationClient configures itself with IP configurationLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eThe DHCP Lease Process (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-1: The DHCP lease processLinux+ Guide to Linux Certification, 3eConfiguring a Linux DHCP ServerInstall DHCP daemon Use yum install dhcp commandEdit DHCP daemon configuration file to list appropriate IP address range for the network and lease information/etc/dhcp/dhcpd.conf stores IPv4 configuration/etc/dhcp/dhcpd6.conf stores IPv6 configurationservice dhcpd start command: starts the DHCP daemonLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eDNSHierarchical namespace used to identify computers on large TCP/IP networksZone: portion of DNS administered by one or more DNS serversForward lookup: FQDN resolved to IP addressReverse lookup: IP address resolved to FQDNLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eThe DNS Lookup ProcessWeb browser performs a forward lookup of FQDN to contact IP of Web serverPerformed by DNS serverIterative query: resolved using DNS cache Does not use top-level DNS serversRecursive query: resolved with the use of top-level DNS serversDNS cache file: contains IP addresses of top-level DNS serversLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eThe DNS Lookup Process (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-2: The DNS lookup processLinux+ Guide to Linux Certification, 3eThe DNS Lookup Process (continued)Master or primary DNS server: contains read/write copy of zoneSlave or secondary DNS server: contains read-only copy of zoneZone transfer: copying zone resource records from master to slave DNS serverLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Linux DNS ServerConfigure DNS name daemon for a specific zoneAdd resource records that list FDQNs and associated IP addresses for computers in that zoneConfiguration files have BIND formatDifficult to create manuallyUse graphical utility such as BIND configuration utility Start the DNS name daemonUse service named start commanddig command: used to query records that exist on a specific DNS serverLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Linux DNS Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-1: Common zone configuration filesLinux+ Guide to Linux Certification, 3eConfiguring a Linux DNS Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-1 (continued): Common zone configuration filesLinux+ Guide to Linux Certification, 3eConfiguring a Linux DNS Server (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-3: The BIND configuration utilityLinux+ Guide to Linux Certification, 3eNTPNetwork Time Protocol (NTP): used by OS to obtain time information BIOS system clock or from network servershwclock command: modifies BIOS date and timeUses UDP port 123Linux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eUnderstanding NTP StrataStrata: hierarchical series of time resources used by NTPStratum 0: Atomic clock or GPS clockStratum 1: Obtain time directly from stratum 0 deviceStratum 2: Obtain time directly from stratum 1 deviceStratum is not an indication of quality or reliabilityNTP servers obtain time information from multiple sources and use algorithm to determine most reliable time informationLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Linux NTP ClientNTP daemon installed and started by defaultCan act as NTP client to obtain time from Internet time server or as NTP serverTo configure NTP clientEdit /etc/ntp.conf to add lines for different NTP servers that can be queriedntpdate command: manually synchronize the time Offset: time difference between time on local computer and time on time serverLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Linux NTP Client (continued)ntpq command: see what actual time servers system is synchronizing withJitter Buffer: stores the difference between the same time measurements from different NTP serversUsed by NTP when determining the most reliable time-q option: displays the offset and jittertzselect command: used to change the time zoneLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Linux NTP Client (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-5: The Date/Time Properties screenLinux+ Guide to Linux Certification, 3eConfiguring a Linux NTP ServerBy default in Fedora 13, NTP daemon not configured as NTP serverTo allow other computers to query NTP daemon:Edit /etc/ntp.confAdd line identifying specific computers or networks that are allowed to query the NTP daemonRestart NTP daemon for changes to take effectLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eNISNetwork Information Service (NIS): coordinate common configuration files across several computersComputers belong to an NIS domain, use NIS map to access configuration informationcommonly used to coordinate database filesNIS master server: Sends all NIS map configuration to NIS slave serversNIS slave servers: Distribute maps to NIS clientsLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring an NIS ServerInstall NIS server daemons via yum install ypserv commandDefine the NIS domain name via domainname NIS_ domain_name commandAdd NISDOMAIN=NIS_domain to /etc/sysconfig/network fileConfigure NIS domain at boot timeIn the /var/yp/Makefile file, edit the list of files to be made into mapsIf no slave servers, ensure NOPUSH=trueLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring an NIS Server (continued)Add identification of allowed clients to /var/yp/securenets fileAllow the allowed clients to access the appropriate maps in /etc/ypserv.confStart NIS daemon by service ypserv start commandEnsure NIS password server daemon is started at runlevel 5 by chkconfig level 5 yppasswdd on commandLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring an NIS Server (continued)Generate configuration file maps by the /usr/lib/yp/ypinit m commandAllow clients to connect by service ypbind start commandEnsure NIS binding server is started at runlevel 5 by chkconfig level 5 ypbind on commandLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring an NIS ClientDefine the NIS domain name via domainname NIS_ domain_name commandAdd NISDOMAIN=NIS_domain to /etc/sysconfig/network fileConfigure NIS domain at boot timeIn the /etc/yp.conf file, add, for each specific NIS server: domain NIS_domain server NIS_serverAlternatively add domain NIS_domain broadcastLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring an NIS Client (continued)Start NIS client program by service ypbind start commandEnsure NIS binding server daemon is started at runlevel 5 by chkconfig level 5 ypbind on commandLocate NIS server by ypwhich commandAdd +:*:0:0::: to /etc/passwd to redirect requests to NIS serveryppasswd command: used by NIS clients to change NIS passwordLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eWeb ServicesApache is the most common Web serverStarted as http daemonDocument root directory: stores default HTML content for a Web server/var/www/html on Fedora LinuxDefault document is index.html/etc/httpd/conf/httpd.conf: default configuration fileDirective: Line within a configuration fileLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eWeb Services (continued)Default settings sufficient for most Web serversCopy appropriate HTML files into /var/www/htmlStart Apache by service httpd startSeparate httpd daemon is started each time a client request is received by Apache Web serverCalled a Web page hitFirst daemon started as root user, others started as Apache usercurl command: used at BASH shell to obtain Web pageLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eLinux+ Guide to Linux Certification, 3e*Table 13-2: Common httpd.conf directivesLinux+ Guide to Linux Certification, 3eSharing Services: SambaSamba daemon: Emulates SMB protocolFormats TCP/IP data like Windows computersNetBIOS name daemon: to create and advertise NetBIOS name for Windows computers to connect to Linux servernmblookup command: Tests NetBIOS name resolution in LinuxLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Samba ServerCreate Linux user for each Windows usersmbpasswd command: Generate Samba passwords/etc/samba/smb.conf: Default Samba configuration fileEdit to include NetBIOS nametestparam command: checks syntax of /etc/samba/smb.confStart Samba and NetBIOS name daemons by service smb start and service nmb start commandsLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConnecting to a Samba ServerTest Samba functionality after configurationFrom Windows client enter \\Samba_server_name in the Run dialog boxsmbclient command: used to connect a Linux computer to a Samba serverCan also be used to display an FTP-like interface on Samba or Windows serversLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eNFSNetwork File System (NFS): allows Unix, Linux, and Macintosh OS X computers to share files transparentlyExport a directory by placing its name in the /etc/exports filemount command: used by another computer to access an exported directory across the network by mounting the remote directory on the local computerLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Linux NFS ServerCreate directory containing information to shareEdit /etc/exports file:Add line listing directory to be shared and optionsRun exportfs a command Update list of exported filesystemsRestart the NFS processes:service nfs startservice nfslock startLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConnecting to a Linux NFS ServerMount directory from remote NFS server to a directory on local computerUse mount command specifying nfs filesystem type, server name or IP address, remote directory, and local directory as argumentsUse the mounted directory as any other local directory, with operations being performed on the remote computerUse umount command to dismount remote directoryLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eFTPProtocol most commonly used to transfer files on public networksHosts files differently than NFSIn anonymous access special directory is available to any user who wants to connect to FTP serverUser can log in, via an FTP client program, to a home directory on the FTP serverLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring a Linux FTP ServerVery secure FTP daemon (vsftpd): used by most Linux systemsTo configure (assuming logon as user1):Create directory below user1s home directory to host the filesEnsure user1 owns directoryEdit /etc/vsftpd/vsftpd.conf to modify appropriate commented optionsRun service vsftpd start to start vsftpd daemonLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConnecting to a Linux FTP ServerMost Web browsers have built-in FTP utility Allows you to access files on remote computerTo connect through Web browser, specify the location by typing ftp://servername in the browserTo log in as particular user, type ftp://user:password@servernameMost OSs have command-line FTP utilityUse ftp command and specify host name as argument, log in as anonymous or as specific userReceive prompt that accepts FTP commandsLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConnecting to a Linux FTP Server (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-7: Using a Web browser FTP clientLinux+ Guide to Linux Certification, 3eConnecting to a Linux FTP Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-3: Common FTP commandsLinux+ Guide to Linux Certification, 3eConnecting to a Linux FTP Server (continued)Linux+ Guide to Linux Certification, 3e*Table 13-3 (continued): Common FTP commandsLinux+ Guide to Linux Certification, 3eE-mail ServicesVarious e-mail protocols exist, including SMTP, ESMTP, POP, and IMAPE-mail server looks up the name of target e-mail server in domains MX records, stored on public DNS serverResolves target e-mail server name to IP address using public DNS serverDaemons and system components rely on e-mail to send important information to the root userLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eWorking with SendmailSendmail: one of oldest and most complex e-mail daemonsBy default accepts email on TCP port 25Test using telnet port_num, EHLO, and HELO commandsmail command: checks local e-mail/etc/aliases file: contains other e-mail names used to identify the users on the systemnewaliases command: rebuilds the aliases database after modificationsLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eWorking with PostfixPostfix: easier to configure than SendmailInstall using yum install postfixEdit /etc/postfix/main.cf configuration fileRun service sendmail stop ; service postfix start command to stop Sendmail daemon and activate Postfix daemonTo make the change permanent, run the chkconfig -- level 5 sendmail off ; chkconfig -- level 5 postfix on commandLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eWorking with Postfix (continued)Linux+ Guide to Linux Certification, 3e*Table 13-4: Lines in /etc/postfix/main.cf to uncomment or add when configuring PostfixLinux+ Guide to Linux Certification, 3eDatabase ServicesDatabases: large files that store information in the form of tablesTable: organizes information into a listRecord: set of information about a particular item within a listFields: categories of information within a recordRelational databases: databases in which information within one table is related to information within other tablesTables are usually linked by a common fieldLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eDatabase Services (continued)Linux+ Guide to Linux Certification, 3e*Figure 13-8: A simple relational database structureLinux+ Guide to Linux Certification, 3eDatabase Services (continued)Structured Query Language (SQL): programming language used to store and access data in databasesThe server programs that allow use of SQL are called SQL serversOffer advanced backup, repair, replication, and recovery utilities for dataAllow programs to access databases from across the networkLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eDatabase Services (continued)Linux+ Guide to Linux Certification, 3e*Table 13-5: Common SQL statementsLinux+ Guide to Linux Certification, 3eDatabase Services (continued)Linux+ Guide to Linux Certification, 3e*Table 13-5 (continued): Common SQL statementsLinux+ Guide to Linux Certification, 3eConfiguring PostgreSQLPowerful SQL server that provides large number of featuresTo install: yum install postgresql commandPrepare for use by:Use passwd postgres command to assign user a passwordInitialize internal databases using service postgresql initdb commandModify PostgreSQL configuration filesStart the PostgreSQL engineLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring PostgreSQL DatabasesLog in as postgres userExecute PostgreSQL command-line utilities to create and manage databasesCan create tables and add records within the PostgreSQL utility using appropriate SQL statementsPostgreSQL utility has many built-in commandsPrefixed with a \ characterCan be used to obtain database information or perform functions within the utilityLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eConfiguring PostgreSQL Databases (continued)Linux+ Guide to Linux Certification, 3e*Table 13-6: PostgreSQL command-line utilitiesLinux+ Guide to Linux Certification, 3eConfiguring PostgreSQL Databases (continued)Linux+ Guide to Linux Certification, 3e*Table 13-7: Common built-in PostgreSQL utility commandsLinux+ Guide to Linux Certification, 3eSummaryDHCP, DNS, NTP, and NIS are infrastructure services since they provide network-related services to other computersDHCP servers lease other computers an IPv4 or IPv6 configurationDNS servers provide name resolution services for other computers on the networkLinux computers can use the system time stored within the computer BIOS or obtain time from an NTP server across the networkLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eSummary (continued)NIS servers provide key configuration files to other Linux computers that are configured as NIS clientsThe Apache server shares Web pages from its document root directory to computers on the network using the HTTP protocolSamba can be used to share files to Linux, UNIX, Macintosh, and Windows computers using the SMB protocolNFS can be used to natively share files among Linux, UNIX, and Macintosh systemsLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3eSummary (continued)FTP can be used to share files to any computer that has an FTP client utility Email servers deliver e-mails to users, accept new e-mails from users and relay the new emails to other e-mail servers on the Internet for deliveryApplications that store data in databases on database servers use SQL statements to manipulate information within a databasePostgreSQL provides advanced configuration and utilitiesLinux+ Guide to Linux Certification, 3e*Linux+ Guide to Linux Certification, 3e

Recommended

View more >