1 / 58

Linux+ Guide to Linux Certification, Third Edition

Chapter 13 Configuring Network Services. Linux+ Guide to Linux Certification, Third Edition. Objectives. Configure infrastructure network services, including DHCP, DNS, NTP, and NIS Configure Web services using the Apache Web server

remy
Télécharger la présentation

Linux+ Guide to Linux Certification, Third Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 13 Configuring Network Services Linux+ Guide to Linux Certification, Third Edition

  2. Objectives • Configure infrastructure network services, including DHCP, DNS, NTP, and NIS • Configure Web services using the Apache Web server • Configure files sharing services, including Samba, NFS, and FTP • Configure e-mail services, including Sendmail and Postfix • Configure database services using PostgreSQL Linux+ Guide to Linux Certification, 3e

  3. Infrastructure Services • Infrastructure services: provide network configuration and support for other computers on a network • Include: • DHCP • DNS • NTP • NIS Linux+ Guide to Linux Certification, 3e

  4. DHCP • Dynamic Host Configuration Protocol (DHCP): used for automatically configuring a network interface • Send DHCP broadcast on network • Request IP configuration information • DHCP server leases IP address to client computer for a period of time • Ensures each client has unique IP address • After expiration, must send another DHCP request Linux+ Guide to Linux Certification, 3e

  5. The DHCP Lease Process • Involves several stages: • Client sends a request to all hosts on network • DHCP server sends offer containing potential IP configuration • Client selects (accepts) offer • DHCP server sends acknowledgement indicating the amount of time client can use IP configuration • Client configures itself with IP configuration Linux+ Guide to Linux Certification, 3e

  6. The DHCP Lease Process (continued) Figure 13-1: The DHCP lease process Linux+ Guide to Linux Certification, 3e

  7. Configuring a Linux DHCP Server • Install DHCP daemon • Use yum install dhcp command • Edit DHCP daemon configuration file to list appropriate IP address range for the network and lease information • /etc/dhcp/dhcpd.conf stores IPv4 configuration • /etc/dhcp/dhcpd6.conf stores IPv6 configuration • service dhcpd start command: starts the DHCP daemon Linux+ Guide to Linux Certification, 3e

  8. DNS • Hierarchical namespace used to identify computers on large TCP/IP networks • Zone: portion of DNS administered by one or more DNS servers • Forward lookup: FQDN resolved to IP address • Reverse lookup: IP address resolved to FQDN Linux+ Guide to Linux Certification, 3e

  9. The DNS Lookup Process • Web browser performs a forward lookup of FQDN to contact IP of Web server • Performed by DNS server • Iterative query: resolved using DNS cache • Does not use top-level DNS servers • Recursive query: resolved with the use of top-level DNS servers • DNS cache file: contains IP addresses of top-level DNS servers Linux+ Guide to Linux Certification, 3e

  10. The DNS Lookup Process (continued) Figure 13-2: The DNS lookup process Linux+ Guide to Linux Certification, 3e

  11. The DNS Lookup Process (continued) • Master or primary DNS server: contains read/write copy of zone • Slave or secondary DNS server: contains read-only copy of zone • Zone transfer: copying zone resource records from master to slave DNS server Linux+ Guide to Linux Certification, 3e

  12. Configuring a Linux DNS Server • Configure DNS name daemon for a specific zone • Add resource records that list FDQNs and associated IP addresses for computers in that zone • Configuration files have BIND format • Difficult to create manually • Use graphical utility such as BIND configuration utility • Start the DNS name daemon • Use service named start command • dig command: used to query records that exist on a specific DNS server Linux+ Guide to Linux Certification, 3e

  13. Configuring a Linux DNS Server (continued) Table 13-1: Common zone configuration files Linux+ Guide to Linux Certification, 3e

  14. Configuring a Linux DNS Server (continued) Table 13-1 (continued): Common zone configuration files Linux+ Guide to Linux Certification, 3e

  15. Configuring a Linux DNS Server (continued) Figure 13-3: The BIND configuration utility Linux+ Guide to Linux Certification, 3e

  16. NTP • Network Time Protocol (NTP): used by OS to obtain time information BIOS system clock or from network servers • hwclock command: modifies BIOS date and time • Uses UDP port 123 Linux+ Guide to Linux Certification, 3e

  17. Understanding NTP Strata • Strata: hierarchical series of time resources used by NTP • Stratum 0: Atomic clock or GPS clock • Stratum 1: Obtain time directly from stratum 0 device • Stratum 2: Obtain time directly from stratum 1 device • Stratum is not an indication of quality or reliability • NTP servers obtain time information from multiple sources and use algorithm to determine most reliable time information Linux+ Guide to Linux Certification, 3e

  18. Configuring a Linux NTP Client • NTP daemon installed and started by default • Can act as NTP client to obtain time from Internet time server or as NTP server • To configure NTP client • Edit /etc/ntp.conf to add lines for different NTP servers that can be queried • ntpdate command: manually synchronize the time • Offset: time difference between time on local computer and time on time server Linux+ Guide to Linux Certification, 3e

  19. Configuring a Linux NTP Client (continued) • ntpq command: see what actual time servers system is synchronizing with • Jitter Buffer: stores the difference between the same time measurements from different NTP servers • Used by NTP when determining the most reliable time • -q option: displays the offset and jitter • tzselect command: used to change the time zone Linux+ Guide to Linux Certification, 3e

  20. Configuring a Linux NTP Client (continued) Figure 13-5: The Date/Time Properties screen Linux+ Guide to Linux Certification, 3e

  21. Configuring a Linux NTP Server • By default in Fedora 13, NTP daemon not configured as NTP server • To allow other computers to query NTP daemon: • Edit /etc/ntp.conf • Add line identifying specific computers or networks that are allowed to query the NTP daemon • Restart NTP daemon for changes to take effect Linux+ Guide to Linux Certification, 3e

  22. NIS • Network Information Service (NIS): coordinate common configuration files across several computers • Computers belong to an NIS domain, use NIS map to access configuration information • commonly used to coordinate database files • NIS master server: Sends all NIS map configuration to NIS slave servers • NIS slave servers: Distribute maps to NIS clients Linux+ Guide to Linux Certification, 3e

  23. Configuring an NIS Server • Install NIS server daemons via yum install ypserv command • Define the NIS domain name via domainname NIS_ domain_name command • Add NISDOMAIN=“NIS_domain” to /etc/sysconfig/network file • Configure NIS domain at boot time • In the /var/yp/Makefile file, edit the list of files to be made into maps • If no slave servers, ensure NOPUSH=true Linux+ Guide to Linux Certification, 3e

  24. Configuring an NIS Server (continued) • Add identification of allowed clients to /var/yp/securenets file • Allow the allowed clients to access the appropriate maps in /etc/ypserv.conf • Start NIS daemon by service ypserv start command • Ensure NIS password server daemon is started at runlevel 5 by chkconfig –level 5 yppasswdd on command Linux+ Guide to Linux Certification, 3e

  25. Configuring an NIS Server (continued) • Generate configuration file maps by the /usr/lib/yp/ypinit –m command • Allow clients to connect by service ypbind start command • Ensure NIS binding server is started at runlevel 5 by chkconfig –level 5 ypbind on command Linux+ Guide to Linux Certification, 3e

  26. Configuring an NIS Client • Define the NIS domain name via domainname NIS_ domain_name command • Add NISDOMAIN=“NIS_domain” to /etc/sysconfig/network file • Configure NIS domain at boot time • In the /etc/yp.conf file, add, for each specific NIS server: domain NIS_domain server NIS_server • Alternatively add domain NIS_domain broadcast Linux+ Guide to Linux Certification, 3e

  27. Configuring an NIS Client (continued) • Start NIS client program by service ypbind start command • Ensure NIS binding server daemon is started at runlevel 5 by chkconfig –level 5 ypbind on command • Locate NIS server by ypwhich command • Add +:*:0:0::: to /etc/passwd to redirect requests to NIS server • yppasswd command: used by NIS clients to change NIS password Linux+ Guide to Linux Certification, 3e

  28. Web Services • Apache is the most common Web server • Started as http daemon • Document root directory: stores default HTML content for a Web server • /var/www/html on Fedora Linux • Default document is index.html • /etc/httpd/conf/httpd.conf: default configuration file • Directive: Line within a configuration file Linux+ Guide to Linux Certification, 3e

  29. Web Services (continued) • Default settings sufficient for most Web servers • Copy appropriate HTML files into /var/www/html • Start Apache by service httpd start • Separate httpd daemon is started each time a client request is received by Apache Web server • Called a Web page hit • First daemon started as root user, others started as Apache user • curl command: used at BASH shell to obtain Web page Linux+ Guide to Linux Certification, 3e

  30. Table 13-2: Common httpd.conf directives Linux+ Guide to Linux Certification, 3e

  31. Sharing Services: Samba • Samba daemon: Emulates SMB protocol • Formats TCP/IP data like Windows computers • NetBIOS name daemon: to create and advertise NetBIOS name for Windows computers to connect to Linux server • nmblookup command: Tests NetBIOS name resolution in Linux Linux+ Guide to Linux Certification, 3e

  32. Configuring a Samba Server • Create Linux user for each Windows user • smbpasswd command: Generate Samba passwords • /etc/samba/smb.conf: Default Samba configuration file • Edit to include NetBIOS name • testparam command: checks syntax of /etc/samba/smb.conf • Start Samba and NetBIOS name daemons by service smb start and service nmb start commands Linux+ Guide to Linux Certification, 3e

  33. Connecting to a Samba Server • Test Samba functionality after configuration • From Windows client enter \\Samba_server_name in the Run dialog box • smbclient command: used to connect a Linux computer to a Samba server • Can also be used to display an FTP-like interface on Samba or Windows servers Linux+ Guide to Linux Certification, 3e

  34. NFS • Network File System (NFS): allows Unix, Linux, and Macintosh OS X computers to share files transparently • Export a directory by placing its name in the /etc/exports file • mount command: used by another computer to access an exported directory across the network by mounting the remote directory on the local computer Linux+ Guide to Linux Certification, 3e

  35. Configuring a Linux NFS Server • Create directory containing information to share • Edit /etc/exports file: • Add line listing directory to be shared and options • Run exportfs –a command • Update list of exported filesystems • Restart the NFS processes: • service nfs start • service nfslock start Linux+ Guide to Linux Certification, 3e

  36. Connecting to a Linux NFS Server • Mount directory from remote NFS server to a directory on local computer • Use mount command specifying nfs filesystem type, server name or IP address, remote directory, and local directory as arguments • Use the mounted directory as any other local directory, with operations being performed on the remote computer • Use umount command to dismount remote directory Linux+ Guide to Linux Certification, 3e

  37. FTP • Protocol most commonly used to transfer files on public networks • Hosts files differently than NFS • In anonymous access special directory is available to any user who wants to connect to FTP server • User can log in, via an FTP client program, to a home directory on the FTP server Linux+ Guide to Linux Certification, 3e

  38. Configuring a Linux FTP Server • Very secure FTP daemon (vsftpd): used by most Linux systems • To configure (assuming logon as “user1”): • Create directory below user1’s home directory to host the files • Ensure user1 owns directory • Edit /etc/vsftpd/vsftpd.conf to modify appropriate commented options • Run service vsftpd start to start vsftpd daemon Linux+ Guide to Linux Certification, 3e

  39. Connecting to a Linux FTP Server • Most Web browsers have built-in FTP utility • Allows you to access files on remote computer • To connect through Web browser, specify the location by typing ftp://servername in the browser • To log in as particular user, type ftp://user:password@servername • Most OSs have command-line FTP utility • Use ftp command and specify host name as argument, log in as anonymous or as specific user • Receive prompt that accepts FTP commands Linux+ Guide to Linux Certification, 3e

  40. Connecting to a Linux FTP Server (continued) Figure 13-7: Using a Web browser FTP client Linux+ Guide to Linux Certification, 3e

  41. Connecting to a Linux FTP Server (continued) Table 13-3: Common FTP commands Linux+ Guide to Linux Certification, 3e

  42. Connecting to a Linux FTP Server (continued) Table 13-3 (continued): Common FTP commands Linux+ Guide to Linux Certification, 3e

  43. E-mail Services • Various e-mail protocols exist, including SMTP, ESMTP, POP, and IMAP • E-mail server looks up the name of target e-mail server in domain’s MX records, stored on public DNS server • Resolves target e-mail server name to IP address using public DNS server • Daemons and system components rely on e-mail to send important information to the root user Linux+ Guide to Linux Certification, 3e

  44. Working with Sendmail • Sendmail: one of oldest and most complex e-mail daemons • By default accepts email on TCP port 25 • Test using telnet port_num, EHLO, and HELO commands • mail command: checks local e-mail • /etc/aliases file: contains other e-mail names used to identify the users on the system • newaliases command: rebuilds the aliases database after modifications Linux+ Guide to Linux Certification, 3e

  45. Working with Postfix • Postfix: easier to configure than Sendmail • Install using yum install postfix • Edit /etc/postfix/main.cf configuration file • Run service sendmail stop ; service postfix start command to stop Sendmail daemon and activate Postfix daemon • To make the change permanent, run the chkconfig -- level 5 sendmail off ; chkconfig -- level 5 postfix on command Linux+ Guide to Linux Certification, 3e

  46. Working with Postfix (continued) Table 13-4: Lines in /etc/postfix/main.cf to uncomment or add when configuring Postfix Linux+ Guide to Linux Certification, 3e

  47. Database Services • Databases: large files that store information in the form of tables • Table: organizes information into a list • Record: set of information about a particular item within a list • Fields: categories of information within a record • Relational databases: databases in which information within one table is related to information within other tables • Tables are usually linked by a common field Linux+ Guide to Linux Certification, 3e

  48. Database Services (continued) Figure 13-8: A simple relational database structure Linux+ Guide to Linux Certification, 3e

  49. Database Services (continued) • Structured Query Language (SQL): programming language used to store and access data in databases • The server programs that allow use of SQL are called SQL servers • Offer advanced backup, repair, replication, and recovery utilities for data • Allow programs to access databases from across the network Linux+ Guide to Linux Certification, 3e

  50. Database Services (continued) Table 13-5: Common SQL statements Linux+ Guide to Linux Certification, 3e

More Related