3038 03 exercises
TRANSCRIPT
-
8/6/2019 3038 03 Exercises
1/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
S E C T I O N 3 Configure Network Services
In this section of the workbook, you learn how to do the following:
n Configure a DNS server on 3-2
n Use the SLES 9 OpenLDAP server on 3-7
n Configure an Apache Web Server on 3-12
n Configure a File Server With Samba. on 3-21
In this section you learn how to install and configure four of the
most popular Linux network services at the command line:
n BIND
n OpenLDAP
n Apache
n Samba
Because configuring the services can be very complex, this section
covers only the basic functionality of the services.
The configuration is covered at the command-line level to show you
a more direct way to manipulate the behavior of the services.
x
The implementation of these services that you practice in the exercises
prepares you deploy them in an internal network.
However, you should make the services accessible from the Internet only ifyou know how to secure your network from external security threats by usingtechnologies such as a firewall.
-
8/6/2019 3038 03 Exercises
2/24
Workbook3-2 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 3-1 Configure a DNS server
In this exercise, you configure a DNS master server by doing the
following:
n
Part I: Install BINDn Part II: Configure a DNS Master Server
This exercise is designed to work with network card settings such as
the following:
n IP Address: 10.0.0.50
n Subnet mask: 255.255.255.0
n Host name: DA50
n Domain name: digitalairlines.com
Before starting this exercise, you can verify that these are your
current settings by using the YaST Network Card module. If one or
more of these settings is incorrect, change them before continuing
with the Network Card module.
xThis exercise requires extensive typing to create your DNS files. To save yousome time, the files digitalairlines.com.zone and 10.0.0.zone are includedon your 3038 Course CD in the directory /exercises/section_3.
Part I: Install BIND
Do the following on both SLES 9 servers:
1. From the KDE menu, select System > YaST.
2. Enter the root password and select OK.
3. From the YaST Control Center, select Software > Install andRemove Software.
4. From the filter drop-down menu, select Search.
-
8/6/2019 3038 03 Exercises
3/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-3
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
5. In the Search field, enter bind; then select Search.
6. On the right, select the bind package.
7. Select Accept; then insert the requested SLES 9 CD.
8. When installation is complete, remove the CD and close theYaST Control Center.
Part II: Configure a DNS Master Server
Do the following:
1. Open a terminal window and su to root.
2. Open the file/etc/named.confin a text editor.
3. Scroll down and add the following 2 zone statements after the
existing zone statements:
zone digitalairlines.com in {type master;file master/digitalairlines.com.zone;
};zone 0.0.10.in-addr.arpa in {
type master;file master/10.0.0.zone;
};
4. Save and close the file.
5. Create a new file digitalairlines.com.zone in the directory
/var/lib/named/master/.
-
8/6/2019 3038 03 Exercises
4/24
Workbook3-4 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
6. Enter the following zone configuration in the file:
$TTL 172800
digitalairlines.com. IN SOA your_FQHN.
root.digitalairlines.com. (serial_number
1D2H1W
3H)
digitalairlines.com. IN NS your_FQHN.
da10 IN A 10.0.0.10da11 IN A 10.0.0.11da12 IN A 10.0.0.12
The SOA record (including root.digitalairlines.com.) must be
on a single line. Replaceyour_FQHNin the SOA and NS
records with da50.digitalairlines.com. Use the current date and01 as the serial number (such as 2005071501).
Make sure you include all periods where indicated.
7. Save and close the file.
8. Create a new file 10.0.0.zone in the directory/var/lib/named/master/.
-
8/6/2019 3038 03 Exercises
5/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-5
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
9. Enter the following zone configuration in the file:
$TTL 1728000.0.10.in-addr.arpa. IN SOAyour_FQHN.root.digitalairlines.com. (
serial_number1D2H1W3H
)
IN NS your_FQHN.
10 IN PTR da10.digitalairlines.com.11 IN PTR da11.digitalairlines.com.12 IN PTR da12.digitalairlines.com.
The SOA record (including root.digitalairlines.com.) must beon a single line. Replaceyour_FQHNin the SOA and NS
records with da50.digitalairlines.com. Use the current date and01 as the serial number (such as 2005071501).
Make sure you include all periods where indicated.
10. Save and close the file.
11. Open a second terminal window and su to root.
12. Enter the following command:
tail -f /var/log/messages
13. Switch to the first terminal window and start bind with thefollowing command:
rcnamed start
xIf there are errors in the file /etc/named, they are noted in the output(with specific references and line numbers). The named daemon will notstart until these errors are fixed.
-
8/6/2019 3038 03 Exercises
6/24
Workbook3-6 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
14. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR type or file not found.
15. If any errors occur, try to fix them and restart bind.
xOne solution is to edit the digitalairlines.com.zone file by replacingdigitalairlines.com. IN SOA... with @ IN SOA... and to edit the10.0.0.zone file by replacing 0.0.10.in-addr.arpa. IN SOA... with @IN SOA....
16. From the first terminal window, start bind automatically when
the system is booted by entering the following:
insserv named
17. Open the file /etc/resolv.confin a text editor.
18. Delete all existing nameserver entries.
19. Add the following entry:
nameserver 10.0.0.50
20. Save and close the file.
21. Verify that your DNS master server works by entering the
following command:
host da10.digitalairlines.com
22. Close the terminal windows.
xFor additional information and steps on setting up a DNS slave server, see
Exercise 3-1 in your SUSE LINUX Advanced Administration manual.
(End of Exercise)
-
8/6/2019 3038 03 Exercises
7/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-7
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Exercise 3-2 Use the SLES 9 OpenLDAP server
In this exercise, you use the OpenLDAP server by doing the
following:
n
Part I: Install GQn Part II: Search the SLES 9 OpenLDAP Server
n Part III: Browse the SLES 9 OpenLDAP Server
n Part IV: Use an LDIF File to Add a User
Part I: Install GQ
Do the following:
1. From the KDE menu, select System > YaST.
2. Enter the root password and select OK.3. From the YaST Control Center, select Software > Install and
Remove Software.
4. From the filter drop down menu, select Search.
5. In the Search field, enter gq; then select Search.
6. On the right, select the gq package.
7. Install the GQ application by selecting Accept.
8. Insert the requested SLES 9 CD.
9. When the installation is complete, close the YaST Control Center
and remove the CD.
Part II: Search the SLES 9 OpenLDAP Server
Do the following:
1. From the KDE menu, select System > GQ LDAP Client.
-
8/6/2019 3038 03 Exercises
8/24
Workbook3-8 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
2. Make sure that the Search tab is selected.
3. In the left search field, enter uid=geeko.
4. In the right search field, enter dc=digitalairlines,dc=com.
5. Select Find.A result line appears.
6. Double-click the result line.
The LDAP entry for the user geeko is displayed.
7. Scroll down and verify that you cannot see the userPasswordentry for geeko.
8. Select Close.
9. From the menu bar, select File > Preferences.
10. From the configuration dialog, select the Serverstab.
11. Select the entry localhost; then selectEdit.
12. From the server dialog, select Details.
13. In the Bind DN field enter the following:
cn=Administrator,dc=digitalairlines,dc=com
14. Close the server dialog by selecting OK.
15. Close the configuration dialog by selecting OK.
16. Make sure that the search fields still contain the previously
entered query.
17. Select Find.
18. When prompted for a password, enter novell; then select OK.
19. Double-click the result line.
20. Make sure that you can see the userPassword entry for geeko.
Notice that access to the password is not granted to anonymous
users, but to the authenticated administrator.
-
8/6/2019 3038 03 Exercises
9/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-9
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
21. When you finish, select Close.
Part III: Browse the SLES 9 OpenLDAP Server
Do the following:
1. From the GQ application, select Browse.
2. On the left, expand localhost.
3. Expand dc=digitalairlines,dc=com.
4. Expand people.
All users of the system are displayed. At the moment, this only
includes geeko.
5. Select geeko.
The user information for geeko appears on the right.
6. Close the GQ window.
-
8/6/2019 3038 03 Exercises
10/24
Workbook3-10 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Part IV: Use an LDIF File to Add a User
Do the following:
1. With a text editor, create a file named tux.ldifin the directory
/tmp with the following content.dn:uid=tux,ou=people,dc=digitalairlines,dc=comobjectClass: topobjectClass: posixAccountobjectClass: shadowAccountobjectClass: inetOrgPersoncn: Tux PenguingidNumber: 100givenName: Tux
homeDirectory: /home/tuxloginShell: /bin/bashshadowInactive: -1
shadowLastChange: 12609shadowMax: 99999shadowMin: 0shadowWarning: 7sn: Penguinuid: tux
userPassword: {crypt}GpyJ3/OQgLxZEuidNumber: 1010
xYou can also copy the LDIF file tux.ldiffrom the directory/exercises/section_3 from your 3038 Course CD to the directory /tmp.
2. Save the file and close the text editor.
3. From a terminal window (as root), add the user tux by entering
the following (all on one line):
ldapadd -x -Dcn=Administrator,dc=digitalairlines,dc=com -W -f/tmp/tux.ldif
-
8/6/2019 3038 03 Exercises
11/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-11
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
4. When prompted for a password, enter novell.
xIf you are unsuccessful at authenticating as Administrator, try closingthe terminal window and opening a new terminal window. Repeat steps3 and 4.
You do not have to be root to enter the ldapadd command; however, youneed to be root for the commands that follow.
5. Create the home directory for the user tux by entering the
following:
cp -a /etc/skel/ /home/tux
6. Adjust the file system permissions by entering the following
commands:
chown -R tux:users /home/tux/
7. Log out as root by entering exit.
8. Switch to the user tux by entering the following:
su - tux
9. Log in to the tux user account by entering a password ofNovell.
10. Log out as tux by pressing Ctrl+D.
11. Close the terminal window.
(End of Exercise)
-
8/6/2019 3038 03 Exercises
12/24
Workbook3-12 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 3-3 Configure an Apache Web Server
In this exercise, you configure an Apache web server by doing the
following:
n
Part I: Install Apachen Part II: Test the Installation
n Part III: Configure a Virtual Host for the Accounting
Department
n Part IV: Configure User Authentication
n Part V: Configure SSL
xThe file accounting.confyou create in this exercise can be difficult tomodify properly. To help you understand what needs to be changed andwhere parameters are placed, the file is available on your 3038 Course CDin the directory /exercises/section_3.
Part I: Install Apache
Do the following:
1. From the KDE start menu, select System > YaST; then enter apassword ofnovell and select OK.
2. From the YaST Control Center, select Software > Install and
Remove Software.
3. From the filter drop-down menu, select Search.
4. In the Search field, enter apache; then select Search.
5. On the right side, select the following packages.
q apache2
q apache2-example-pages
q apache2-prefork
-
8/6/2019 3038 03 Exercises
13/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-13
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
xIf you installed a YOU server in one of the exercises in Section 1, theapache2 and apache2-prefork packages are already installed. All youneed to do is select the apache2-examples-pages package.
6. Select Accept.
7. (Conditional) If YaST displays package dependencies, confirm
by selecting Continue.
8. When prompted, insert the requested SLES 9 CDs in the drive.
9. When installation is complete, close the YaST Control Center
and remove the CD.
10. Open a terminal window and su to root.
11. To start Apache at boot time, enter the following:
insserv apache2
12. To start the Apache daemon, enter the following:
rcapache2 start
Part II: Test the Installation
Do the following:
1. From the KDE menu, select Internet > Web Browser.
2. In the address bar of the web browser, enter the following:
http://localhost
If the Apache example page appears, the web server has been
installed and started correctly.
3. (Conditional) If you are having problems displaying the page,
you need to rename the file /srv/www/htdocs/index.html.en to
/srv/www/htdocs/index.html.
-
8/6/2019 3038 03 Exercises
14/24
-
8/6/2019 3038 03 Exercises
15/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-15
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
6. Copy the virtual host template file by entering the following:
cp vhost.template accounting.conf
7. Open the file accounting.confin a text editor and make thefollowing changes:
ServerName accounting.da.com
DocumentRoot /srv/www/accounting
ErrorLog /var/log/apache2/accounting.da.com-error_log
CustomLog /var/log/apache2/accounting.da.com-access_logcombined
UseCanonicalName On
ScriptAlias /cgi-bin/ /srv/www/cgi-bin
AllowOverride NoneOptions +ExecCGI -IncludesOrder allow,denyAllow from all
AllowOverride NoneOptions Indexes FollowSymLinksOrder allow,denyAllow from all
8. For testing purposes, append accounting.da.com to the line
127.0.0.1 in the file/etc/hosts:
127.0.0.1 localhost accounting.da.com
9. Test the syntax of your configuration file by entering the
following:
apache2ctl configtest
-
8/6/2019 3038 03 Exercises
16/24
Workbook3-16 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
10. Reload Apache by entering the following:
rcapache2 reload
11. From the Konqueror browser, access the virtual host by entering
the following:
http://accounting.da.com
The accounting intranet page is displayed.
12. Close the Konqueror browser.
Part IV: Configure User Authentication
Do the following:
1. From the terminal window (as root), create the file htpasswd andadd the user geeko to it by entering the following:
htpasswd2 -c /etc/apache2/htpasswd geeko
2. When prompted for a password, enter novell (twice).
3. Open the virtual host configuration file
/etc/apache2/vhosts.d/accounting.confin a text editor.
4. Find the following directory directive:
5. Within this directory block, add the following lines:
AuthType BasicAuthName Accounting Intranet
AuthUserFile /etc/apache2/htpasswdRequire user geeko
6. Check the syntax of the configuration file by entering the
following command:
apache2ctl configtest
-
8/6/2019 3038 03 Exercises
17/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-17
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
7. Reload the Apache server by entering the following:
rcapache2 reload
8. Open the Konqueror browser; then enter the following:
http://accounting.da.comA password dialog appears.
9. Enter a user name ofgeekoand a password ofnovell.
10. Access the protected web site by selecting OK.
Part V: Configure SSL
Do the following:
1. From the terminal window (as root), create the file random byentering the following:
cat /dev/random > /tmp/random
2. Press some keys on the keyboard to generate random events
which help to create the file.
3. Stop the process after about 15 seconds by pressing Ctrl+C.
4. Generate a server key by entering the following (on one line):
openssl genrsa -des3 -out /tmp/accounting.key -rand/tmp/random 1024
5. When prompted for a pass phrase, enter novell(twice).
6. Sign the key by entering the following (on one line):
openssl req -new -x509 -key /tmp/accounting.key-out /tmp/accounting.crt
-
8/6/2019 3038 03 Exercises
18/24
Workbook3-18 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
7. When prompted for a pass phrase, enter novell; then enter thefollowing information:
8. Copy the files by entering the following commands:
cp /tmp/accounting.key /etc/apache2/ssl.key/cp /tmp/accounting.crt /etc/apache2/ssl.crt/
9. Delete the temporary files by entering the following:
rm /tmp/accounting*
10. Adjust the file system permissions by entering the following
commands:
chmod 400 /etc/apache2/ssl.key/accounting.keychmod 400 /etc/apache2/ssl.crt/accounting.crt
11. Open the file/etc/apache2/vhosts.d/accounting.confin a text
editor, and change the following lines:
to
and
Table 3-1 Option Value
Country Name US
State or Province Name Utah
Locality Name Provo
Organization Name Digital Airlines
Organizational Unit Name Accounting
Common Name accounting.da.com
Email Address [email protected]
-
8/6/2019 3038 03 Exercises
19/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-19
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
ServerName accounting.da.com
to
ServerName accounting.da.com:443
12. Add the following lines after the ServerName directive:SSLEngine onSSLCipherSuiteALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULLSSLCertificateFile /etc/apache2/ssl.crt/accounting.crtSSLCertificateKeyFile /etc/apache2/ssl.key/accounting.key
The lines starting with SSLCipherSuite, ALL:, andLOW:should be on one line.
x
These lines are available in the file servername in the directory
/exercises/section_3 on your 3038 Course CD.
13. Save and close the file.
14. Open the file /etc/sysconfig/apache2 in a text editor, and changethe following lines:
APACHE_SERVER_FLAGS=SSL
APACHE_START_TIMEOUT=10
15. Save and close the file.
16. From the terminal window, check the syntax of the configuration
file by entering the following:
apache2ctl configtest
17. Restart Apache by entering the following:
rcapache2 restart
18. When prompted for the pass phrase, enter novell.
-
8/6/2019 3038 03 Exercises
20/24
Workbook3-20 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
19. As the pass phrase has to be entered every time the server starts,
you can prevent the server from being started automatically at
boot by entering the following:
insserv -r apache2
20. From the Konqueror browser, enter the following:
https://accounting.da.com/
As the certificate used in this exercises is self-signed, the
browser displays a warning.
21. In the warning dialogs, select Continue and Forever to view theweb site.
22. In the login dialog, enter a username ofgeeko with a password ofnovell.
23. After the page displays, close the Konqueror browser and all
other open windows.
(End of Exercise)
-
8/6/2019 3038 03 Exercises
21/24
-
8/6/2019 3038 03 Exercises
22/24
Workbook3-22 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
3. Save the default Samba configuration file by entering the
following:
mv smb.conf smb.save
4. Create the file smb.confwith a text editor.
5. Add the following lines to the configuration file:
[global]workgroup = Accountingnetbios name = Fileserver_DA50security = user
[geeko-dir]comment = Geeko Directory
path = /srv/samba/geekovalid users = geekoread only = no
xThis file is available on your 3038 Course CD in the directory/exercises/section_3. You will need to changeFileserver_your_hostname to Fileserver_DA50 before using thefile.
6. Save and close the file.
7. Create the directory to export by entering the following
commands:
mkdir /srv/samba/mkdir /srv/samba/geeko
8. Create a test file in the directory by entering the following:
touch /srv/samba/geeko/my_file
9. Adjust the directory permissions by entering the following
commands:
chown geeko /srv/samba/geekochown geeko /srv/samba/geeko/my_file
-
8/6/2019 3038 03 Exercises
23/24
Configure Network Services
Version 1 Copyright 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook3-23
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
10. Add geeko to the file smbpasswd file by entering the following:
smbpasswd -a geeko
11. When prompted for a password, enter novell (twice).
12. Check the syntax of the configuration file by entering thefollowing:
testparm
13. Start the Samba servers by entering the following commands:
rcsmb startrcnmb start
Part III: Access the Share of the User Geeko With smbclient
Do the following:
1. Open a terminal window as a normal user.
2. Access Geeko's share by entering the following:
smbclient -U geeko //localhost/geeko-dir
3. When prompted for a password, enter novell.
4. Display all available commands of smbclient by entering the
following:
help
5. List the content of the share by entering the following:
ls
6. Copy the file my_file to the current directory by entering the
following:
get my_file
7. Exit smbclient by pressing Ctrl+D.
8. Verify that the file my_file has been copied to the current
directory by entering ls.
-
8/6/2019 3038 03 Exercises
24/24
SUSE LINUX Advanced Administration/Self-Study Workbook
Part IV: Mount Geeko's Share
Do the following:
1. From the terminal window, su to root.
2. Mount geeko's share in the directory /mnt by entering thefollowing:
mount -t smbfs -o username=geeko,password=novell//localhost/geeko-dir /mnt
3. Display the content of the mounted share by entering the
following:
ls /mnt/
You should see the file my_file.
4. Umount the share by entering the following:
umount /mnt5. Close all open terminal windows.
(End of Exercise)