3038 03 exercises

8/6/2019 3038 03 Exercises

1/24

Configure Network Services

Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-1

a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.

S E C T I O N 3 Configure Network Services

In this section of the workbook, you learn how to do the following:

n Configure a DNS server on 3-2

n Use the SLES 9 OpenLDAP server on 3-7

n Configure an Apache Web Server on 3-12

n Configure a File Server With Samba. on 3-21

In this section you learn how to install and configure four of the

most popular Linux network services at the command line:

n BIND

n OpenLDAP

n Apache

n Samba

Because configuring the services can be very complex, this section

covers only the basic functionality of the services.

The configuration is covered at the command-line level to show you

a more direct way to manipulate the behavior of the services.

x

The implementation of these services that you practice in the exercises

prepares you deploy them in an internal network.

However, you should make the services accessible from the Internet only ifyou know how to secure your network from external security threats by usingtechnologies such as a firewall.

8/6/2019 3038 03 Exercises

2/24

Workbook3-2 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1


SUSE LINUX Advanced Administration/Self-Study Workbook

Exercise 3-1 Configure a DNS server

In this exercise, you configure a DNS master server by doing the

following:

n

Part I: Install BINDn Part II: Configure a DNS Master Server

This exercise is designed to work with network card settings such as

the following:

n IP Address: 10.0.0.50

n Subnet mask: 255.255.255.0

n Host name: DA50

n Domain name: digitalairlines.com

Before starting this exercise, you can verify that these are your

current settings by using the YaST Network Card module. If one or

more of these settings is incorrect, change them before continuing

with the Network Card module.

xThis exercise requires extensive typing to create your DNS files. To save yousome time, the files digitalairlines.com.zone and 10.0.0.zone are includedon your 3038 Course CD in the directory /exercises/section_3.

Part I: Install BIND

Do the following on both SLES 9 servers:

1. From the KDE menu, select System > YaST.

2. Enter the root password and select OK.

3. From the YaST Control Center, select Software > Install andRemove Software.

4. From the filter drop-down menu, select Search.

8/6/2019 3038 03 Exercises

3/24




5. In the Search field, enter bind; then select Search.

6. On the right, select the bind package.

7. Select Accept; then insert the requested SLES 9 CD.

8. When installation is complete, remove the CD and close theYaST Control Center.

Part II: Configure a DNS Master Server

Do the following:

1. Open a terminal window and su to root.

2. Open the file/etc/named.confin a text editor.

3. Scroll down and add the following 2 zone statements after the

existing zone statements:

zone digitalairlines.com in {type master;file master/digitalairlines.com.zone;

};zone 0.0.10.in-addr.arpa in {

type master;file master/10.0.0.zone;

};

4. Save and close the file.

5. Create a new file digitalairlines.com.zone in the directory

/var/lib/named/master/.

8/6/2019 3038 03 Exercises

4/24




6. Enter the following zone configuration in the file:

$TTL 172800

digitalairlines.com. IN SOA your_FQHN.

root.digitalairlines.com. (serial_number

1D2H1W

3H)

digitalairlines.com. IN NS your_FQHN.

da10 IN A 10.0.0.10da11 IN A 10.0.0.11da12 IN A 10.0.0.12

The SOA record (including root.digitalairlines.com.) must be

on a single line. Replaceyour_FQHNin the SOA and NS

records with da50.digitalairlines.com. Use the current date and01 as the serial number (such as 2005071501).

Make sure you include all periods where indicated.


8. Create a new file 10.0.0.zone in the directory/var/lib/named/master/.

8/6/2019 3038 03 Exercises

5/24




9. Enter the following zone configuration in the file:

$TTL 1728000.0.10.in-addr.arpa. IN SOAyour_FQHN.root.digitalairlines.com. (

serial_number1D2H1W3H

)

IN NS your_FQHN.

10 IN PTR da10.digitalairlines.com.11 IN PTR da11.digitalairlines.com.12 IN PTR da12.digitalairlines.com.

The SOA record (including root.digitalairlines.com.) must beon a single line. Replaceyour_FQHNin the SOA and NS

records with da50.digitalairlines.com. Use the current date and01 as the serial number (such as 2005071501).

Make sure you include all periods where indicated.


11. Open a second terminal window and su to root.

12. Enter the following command:

tail -f /var/log/messages

13. Switch to the first terminal window and start bind with thefollowing command:

rcnamed start

xIf there are errors in the file /etc/named, they are noted in the output(with specific references and line numbers). The named daemon will notstart until these errors are fixed.

8/6/2019 3038 03 Exercises

6/24




14. From the second terminal window, watch the log output of bind

for any messages such as Unknown RR type or file not found.

15. If any errors occur, try to fix them and restart bind.

xOne solution is to edit the digitalairlines.com.zone file by replacingdigitalairlines.com. IN SOA... with @ IN SOA... and to edit the10.0.0.zone file by replacing 0.0.10.in-addr.arpa. IN SOA... with @IN SOA....

16. From the first terminal window, start bind automatically when

the system is booted by entering the following:

insserv named

17. Open the file /etc/resolv.confin a text editor.

18. Delete all existing nameserver entries.

19. Add the following entry:

nameserver 10.0.0.50


21. Verify that your DNS master server works by entering the

following command:

host da10.digitalairlines.com

22. Close the terminal windows.

xFor additional information and steps on setting up a DNS slave server, see

Exercise 3-1 in your SUSE LINUX Advanced Administration manual.

(End of Exercise)

8/6/2019 3038 03 Exercises

7/24




Exercise 3-2 Use the SLES 9 OpenLDAP server

In this exercise, you use the OpenLDAP server by doing the

following:

n

Part I: Install GQn Part II: Search the SLES 9 OpenLDAP Server

n Part III: Browse the SLES 9 OpenLDAP Server

n Part IV: Use an LDIF File to Add a User

Part I: Install GQ

Do the following:

1. From the KDE menu, select System > YaST.

2. Enter the root password and select OK.3. From the YaST Control Center, select Software > Install and

Remove Software.

4. From the filter drop down menu, select Search.

5. In the Search field, enter gq; then select Search.

6. On the right, select the gq package.

7. Install the GQ application by selecting Accept.

8. Insert the requested SLES 9 CD.

9. When the installation is complete, close the YaST Control Center

and remove the CD.

Part II: Search the SLES 9 OpenLDAP Server

Do the following:

1. From the KDE menu, select System > GQ LDAP Client.

8/6/2019 3038 03 Exercises

8/24




2. Make sure that the Search tab is selected.

3. In the left search field, enter uid=geeko.

4. In the right search field, enter dc=digitalairlines,dc=com.

5. Select Find.A result line appears.

6. Double-click the result line.

The LDAP entry for the user geeko is displayed.

7. Scroll down and verify that you cannot see the userPasswordentry for geeko.

8. Select Close.

9. From the menu bar, select File > Preferences.

10. From the configuration dialog, select the Serverstab.

11. Select the entry localhost; then selectEdit.

12. From the server dialog, select Details.

13. In the Bind DN field enter the following:

cn=Administrator,dc=digitalairlines,dc=com

14. Close the server dialog by selecting OK.

15. Close the configuration dialog by selecting OK.

16. Make sure that the search fields still contain the previously

entered query.

17. Select Find.

18. When prompted for a password, enter novell; then select OK.

19. Double-click the result line.

20. Make sure that you can see the userPassword entry for geeko.

Notice that access to the password is not granted to anonymous

users, but to the authenticated administrator.

8/6/2019 3038 03 Exercises

9/24




21. When you finish, select Close.

Part III: Browse the SLES 9 OpenLDAP Server

Do the following:

1. From the GQ application, select Browse.

2. On the left, expand localhost.

3. Expand dc=digitalairlines,dc=com.

4. Expand people.

All users of the system are displayed. At the moment, this only

includes geeko.

5. Select geeko.

The user information for geeko appears on the right.

6. Close the GQ window.

8/6/2019 3038 03 Exercises

10/24




Part IV: Use an LDIF File to Add a User

Do the following:

1. With a text editor, create a file named tux.ldifin the directory

/tmp with the following content.dn:uid=tux,ou=people,dc=digitalairlines,dc=comobjectClass: topobjectClass: posixAccountobjectClass: shadowAccountobjectClass: inetOrgPersoncn: Tux PenguingidNumber: 100givenName: Tux

homeDirectory: /home/tuxloginShell: /bin/bashshadowInactive: -1

shadowLastChange: 12609shadowMax: 99999shadowMin: 0shadowWarning: 7sn: Penguinuid: tux

userPassword: {crypt}GpyJ3/OQgLxZEuidNumber: 1010

xYou can also copy the LDIF file tux.ldiffrom the directory/exercises/section_3 from your 3038 Course CD to the directory /tmp.

2. Save the file and close the text editor.

3. From a terminal window (as root), add the user tux by entering

the following (all on one line):

ldapadd -x -Dcn=Administrator,dc=digitalairlines,dc=com -W -f/tmp/tux.ldif

8/6/2019 3038 03 Exercises

11/24




4. When prompted for a password, enter novell.

xIf you are unsuccessful at authenticating as Administrator, try closingthe terminal window and opening a new terminal window. Repeat steps3 and 4.

You do not have to be root to enter the ldapadd command; however, youneed to be root for the commands that follow.

5. Create the home directory for the user tux by entering the

following:

cp -a /etc/skel/ /home/tux

6. Adjust the file system permissions by entering the following

commands:

chown -R tux:users /home/tux/

7. Log out as root by entering exit.

8. Switch to the user tux by entering the following:

su - tux

9. Log in to the tux user account by entering a password ofNovell.

10. Log out as tux by pressing Ctrl+D.

11. Close the terminal window.

(End of Exercise)

8/6/2019 3038 03 Exercises

12/24




Exercise 3-3 Configure an Apache Web Server

In this exercise, you configure an Apache web server by doing the

following:

n

Part I: Install Apachen Part II: Test the Installation

n Part III: Configure a Virtual Host for the Accounting

Department

n Part IV: Configure User Authentication

n Part V: Configure SSL

xThe file accounting.confyou create in this exercise can be difficult tomodify properly. To help you understand what needs to be changed andwhere parameters are placed, the file is available on your 3038 Course CDin the directory /exercises/section_3.

Part I: Install Apache

Do the following:

1. From the KDE start menu, select System > YaST; then enter apassword ofnovell and select OK.

2. From the YaST Control Center, select Software > Install and

Remove Software.

3. From the filter drop-down menu, select Search.

4. In the Search field, enter apache; then select Search.

5. On the right side, select the following packages.

q apache2

q apache2-example-pages

q apache2-prefork

8/6/2019 3038 03 Exercises

13/24




xIf you installed a YOU server in one of the exercises in Section 1, theapache2 and apache2-prefork packages are already installed. All youneed to do is select the apache2-examples-pages package.

6. Select Accept.

7. (Conditional) If YaST displays package dependencies, confirm

by selecting Continue.

8. When prompted, insert the requested SLES 9 CDs in the drive.

9. When installation is complete, close the YaST Control Center

and remove the CD.

10. Open a terminal window and su to root.

11. To start Apache at boot time, enter the following:

insserv apache2

12. To start the Apache daemon, enter the following:

rcapache2 start

Part II: Test the Installation

Do the following:

1. From the KDE menu, select Internet > Web Browser.

2. In the address bar of the web browser, enter the following:

http://localhost

If the Apache example page appears, the web server has been

installed and started correctly.

3. (Conditional) If you are having problems displaying the page,

you need to rename the file /srv/www/htdocs/index.html.en to

/srv/www/htdocs/index.html.

8/6/2019 3038 03 Exercises

14/24

8/6/2019 3038 03 Exercises

15/24




6. Copy the virtual host template file by entering the following:

cp vhost.template accounting.conf

7. Open the file accounting.confin a text editor and make thefollowing changes:

ServerName accounting.da.com

DocumentRoot /srv/www/accounting

ErrorLog /var/log/apache2/accounting.da.com-error_log

CustomLog /var/log/apache2/accounting.da.com-access_logcombined

UseCanonicalName On

ScriptAlias /cgi-bin/ /srv/www/cgi-bin

AllowOverride NoneOptions +ExecCGI -IncludesOrder allow,denyAllow from all

AllowOverride NoneOptions Indexes FollowSymLinksOrder allow,denyAllow from all

8. For testing purposes, append accounting.da.com to the line

127.0.0.1 in the file/etc/hosts:

127.0.0.1 localhost accounting.da.com

9. Test the syntax of your configuration file by entering the

following:

apache2ctl configtest

8/6/2019 3038 03 Exercises

16/24




10. Reload Apache by entering the following:

rcapache2 reload

11. From the Konqueror browser, access the virtual host by entering

the following:

http://accounting.da.com

The accounting intranet page is displayed.

12. Close the Konqueror browser.

Part IV: Configure User Authentication

Do the following:

1. From the terminal window (as root), create the file htpasswd andadd the user geeko to it by entering the following:

htpasswd2 -c /etc/apache2/htpasswd geeko

2. When prompted for a password, enter novell (twice).

3. Open the virtual host configuration file

/etc/apache2/vhosts.d/accounting.confin a text editor.

4. Find the following directory directive:

5. Within this directory block, add the following lines:

AuthType BasicAuthName Accounting Intranet

AuthUserFile /etc/apache2/htpasswdRequire user geeko

6. Check the syntax of the configuration file by entering the

following command:


8/6/2019 3038 03 Exercises

17/24




7. Reload the Apache server by entering the following:

rcapache2 reload

8. Open the Konqueror browser; then enter the following:

http://accounting.da.comA password dialog appears.

9. Enter a user name ofgeekoand a password ofnovell.

10. Access the protected web site by selecting OK.

Part V: Configure SSL

Do the following:

1. From the terminal window (as root), create the file random byentering the following:

cat /dev/random > /tmp/random

2. Press some keys on the keyboard to generate random events

which help to create the file.

3. Stop the process after about 15 seconds by pressing Ctrl+C.

4. Generate a server key by entering the following (on one line):

openssl genrsa -des3 -out /tmp/accounting.key -rand/tmp/random 1024

5. When prompted for a pass phrase, enter novell(twice).

6. Sign the key by entering the following (on one line):

openssl req -new -x509 -key /tmp/accounting.key-out /tmp/accounting.crt

8/6/2019 3038 03 Exercises

18/24




7. When prompted for a pass phrase, enter novell; then enter thefollowing information:

8. Copy the files by entering the following commands:

cp /tmp/accounting.key /etc/apache2/ssl.key/cp /tmp/accounting.crt /etc/apache2/ssl.crt/

9. Delete the temporary files by entering the following:

rm /tmp/accounting*

10. Adjust the file system permissions by entering the following

commands:

chmod 400 /etc/apache2/ssl.key/accounting.keychmod 400 /etc/apache2/ssl.crt/accounting.crt

11. Open the file/etc/apache2/vhosts.d/accounting.confin a text

editor, and change the following lines:

to

and

Table 3-1 Option Value

Country Name US

State or Province Name Utah

Locality Name Provo

Organization Name Digital Airlines

Organizational Unit Name Accounting

Common Name accounting.da.com

Email Address [email protected]

8/6/2019 3038 03 Exercises

19/24




ServerName accounting.da.com

to

ServerName accounting.da.com:443

12. Add the following lines after the ServerName directive:SSLEngine onSSLCipherSuiteALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULLSSLCertificateFile /etc/apache2/ssl.crt/accounting.crtSSLCertificateKeyFile /etc/apache2/ssl.key/accounting.key

The lines starting with SSLCipherSuite, ALL:, andLOW:should be on one line.

x

These lines are available in the file servername in the directory

/exercises/section_3 on your 3038 Course CD.


14. Open the file /etc/sysconfig/apache2 in a text editor, and changethe following lines:

APACHE_SERVER_FLAGS=SSL

APACHE_START_TIMEOUT=10


16. From the terminal window, check the syntax of the configuration

file by entering the following:


17. Restart Apache by entering the following:

rcapache2 restart

18. When prompted for the pass phrase, enter novell.

8/6/2019 3038 03 Exercises

20/24




19. As the pass phrase has to be entered every time the server starts,

you can prevent the server from being started automatically at

boot by entering the following:

insserv -r apache2

20. From the Konqueror browser, enter the following:

https://accounting.da.com/

As the certificate used in this exercises is self-signed, the

browser displays a warning.

21. In the warning dialogs, select Continue and Forever to view theweb site.

22. In the login dialog, enter a username ofgeeko with a password ofnovell.

23. After the page displays, close the Konqueror browser and all

other open windows.

(End of Exercise)

8/6/2019 3038 03 Exercises

21/24

8/6/2019 3038 03 Exercises

22/24




3. Save the default Samba configuration file by entering the

following:

mv smb.conf smb.save

4. Create the file smb.confwith a text editor.

5. Add the following lines to the configuration file:

[global]workgroup = Accountingnetbios name = Fileserver_DA50security = user

[geeko-dir]comment = Geeko Directory

path = /srv/samba/geekovalid users = geekoread only = no

xThis file is available on your 3038 Course CD in the directory/exercises/section_3. You will need to changeFileserver_your_hostname to Fileserver_DA50 before using thefile.


7. Create the directory to export by entering the following

commands:

mkdir /srv/samba/mkdir /srv/samba/geeko

8. Create a test file in the directory by entering the following:

touch /srv/samba/geeko/my_file

9. Adjust the directory permissions by entering the following

commands:

chown geeko /srv/samba/geekochown geeko /srv/samba/geeko/my_file

8/6/2019 3038 03 Exercises

23/24




10. Add geeko to the file smbpasswd file by entering the following:

smbpasswd -a geeko

11. When prompted for a password, enter novell (twice).

12. Check the syntax of the configuration file by entering thefollowing:

testparm

13. Start the Samba servers by entering the following commands:

rcsmb startrcnmb start

Part III: Access the Share of the User Geeko With smbclient

Do the following:

1. Open a terminal window as a normal user.

2. Access Geeko's share by entering the following:

smbclient -U geeko //localhost/geeko-dir

3. When prompted for a password, enter novell.

4. Display all available commands of smbclient by entering the

following:

help

5. List the content of the share by entering the following:

ls

6. Copy the file my_file to the current directory by entering the

following:

get my_file

7. Exit smbclient by pressing Ctrl+D.

8. Verify that the file my_file has been copied to the current

directory by entering ls.

8/6/2019 3038 03 Exercises

24/24


Part IV: Mount Geeko's Share

Do the following:

1. From the terminal window, su to root.

2. Mount geeko's share in the directory /mnt by entering thefollowing:

mount -t smbfs -o username=geeko,password=novell//localhost/geeko-dir /mnt

3. Display the content of the mounted share by entering the

following:

ls /mnt/

You should see the file my_file.

4. Umount the share by entering the following:

umount /mnt5. Close all open terminal windows.

(End of Exercise)

3038 03 exercises

Documents