View
61
Download
3
Category
Tags:
Preview:
DESCRIPTION
Chapter 13 Configuring Network Services. Linux+ Guide to Linux Certification, Third Edition. Objectives. Configure infrastructure network services, including DHCP, DNS, NTP, and NIS Configure Web services using the Apache Web server - PowerPoint PPT Presentation
Citation preview
Chapter 13Configuring Network Services
Objectives Configure infrastructure network services,
including DHCP, DNS, NTP, and NIS Configure Web services using the Apache
Web server Configure files sharing services, including
Samba, NFS, and FTP Configure e-mail services, including
Sendmail and Postfix Configure database services using
PostgreSQL
Linux+ Guide to Linux Certification, 3e 2
Infrastructure Services Infrastructure services: provide network
configuration and support for other computers on a network
Include:DHCPDNSNTPNIS
Linux+ Guide to Linux Certification, 3e 3
DHCP Dynamic Host Configuration Protocol
(DHCP): used for automatically configuring a network interface
Send DHCP broadcast on network Request IP configuration information
DHCP server leases IP address to client computer for a period of timeEnsures each client has unique IP addressAfter expiration, must send another DHCP
request
Linux+ Guide to Linux Certification, 3e 4
The DHCP Lease Process Involves several stages:
Client sends a request to all hosts on network
DHCP server sends offer containing potential IP configuration
Client selects (accepts) offerDHCP server sends acknowledgement
indicating the amount of time client can use IP configuration
Client configures itself with IP configuration
Linux+ Guide to Linux Certification, 3e 5
The DHCP Lease Process (continued)
Linux+ Guide to Linux Certification, 3e 6
Figure 13-1: The DHCP lease process
Configuring a Linux DHCP Server Install DHCP daemon
Use yum install dhcp command Edit DHCP daemon configuration file to list
appropriate IP address range for the network and lease information/etc/dhcp/dhcpd.conf stores IPv4 configuration/etc/dhcp/dhcpd6.conf stores IPv6 configuration
service dhcpd start command: starts the DHCP daemon
Linux+ Guide to Linux Certification, 3e 7
DNS Hierarchical namespace used to identify
computers on large TCP/IP networks Zone: portion of DNS administered by
one or more DNS servers Forward lookup: FQDN resolved to IP
address Reverse lookup: IP address resolved to
FQDN
Linux+ Guide to Linux Certification, 3e 8
The DNS Lookup Process Web browser performs a forward lookup of
FQDN to contact IP of Web serverPerformed by DNS server
Iterative query: resolved using DNS cache Does not use top-level DNS servers
Recursive query: resolved with the use of top-level DNS servers
DNS cache file: contains IP addresses of top-level DNS servers
Linux+ Guide to Linux Certification, 3e 9
The DNS Lookup Process (continued)
Linux+ Guide to Linux Certification, 3e 10
Figure 13-2: The DNS lookup process
The DNS Lookup Process (continued) Master or primary DNS server: contains
read/write copy of zone Slave or secondary DNS server:
contains read-only copy of zone Zone transfer: copying zone resource
records from master to slave DNS server
Linux+ Guide to Linux Certification, 3e 11
Configuring a Linux DNS Server Configure DNS name daemon for a specific
zoneAdd resource records that list FDQNs and
associated IP addresses for computers in that zone Configuration files have BIND format
Difficult to create manually○ Use graphical utility such as BIND configuration utility
Start the DNS name daemonUse service named start command
dig command: used to query records that exist on a specific DNS server
Linux+ Guide to Linux Certification, 3e 12
Configuring a Linux DNS Server (continued)
Linux+ Guide to Linux Certification, 3e 13
Table 13-1: Common zone configuration files
Configuring a Linux DNS Server (continued)
Linux+ Guide to Linux Certification, 3e 14
Table 13-1 (continued): Common zone configuration files
Configuring a Linux DNS Server (continued)
Linux+ Guide to Linux Certification, 3e 15
Figure 13-3: The BIND configuration utility
NTP Network Time Protocol (NTP): used by
OS to obtain time information BIOS system clock or from network servershwclock command: modifies BIOS date
and timeUses UDP port 123
Linux+ Guide to Linux Certification, 3e 16
Understanding NTP Strata Strata: hierarchical series of time resources
used by NTPStratum 0: Atomic clock or GPS clockStratum 1: Obtain time directly from stratum 0
deviceStratum 2: Obtain time directly from stratum 1
device Stratum is not an indication of quality or
reliabilityNTP servers obtain time information from
multiple sources and use algorithm to determine most reliable time information
Linux+ Guide to Linux Certification, 3e 17
Configuring a Linux NTP Client NTP daemon installed and started by
defaultCan act as NTP client to obtain time from
Internet time server or as NTP server To configure NTP client
Edit /etc/ntp.conf to add lines for different NTP servers that can be queried
ntpdate command: manually synchronize the time
Offset: time difference between time on local computer and time on time server
Linux+ Guide to Linux Certification, 3e 18
Configuring a Linux NTP Client (continued) ntpq command: see what actual time
servers system is synchronizing with Jitter Buffer: stores the difference
between the same time measurements from different NTP serversUsed by NTP when determining the most
reliable time-q option: displays the offset and jitter
tzselect command: used to change the time zone
Linux+ Guide to Linux Certification, 3e 19
Configuring a Linux NTP Client (continued)
Linux+ Guide to Linux Certification, 3e 20
Figure 13-5: The Date/Time Properties screen
Configuring a Linux NTP Server By default in Fedora 13, NTP daemon
not configured as NTP server To allow other computers to query NTP
daemon:Edit /etc/ntp.confAdd line identifying specific computers or
networks that are allowed to query the NTP daemon
Restart NTP daemon for changes to take effect
Linux+ Guide to Linux Certification, 3e 21
NIS Network Information Service (NIS):
coordinate common configuration files across several computersComputers belong to an NIS domain, use
NIS map to access configuration informationcommonly used to coordinate database files
NIS master server: Sends all NIS map configuration to NIS slave servers
NIS slave servers: Distribute maps to NIS clients
Linux+ Guide to Linux Certification, 3e 22
Configuring an NIS Server Install NIS server daemons via yum install ypserv command
Define the NIS domain name via domainname NIS_ domain_name command
Add NISDOMAIN=“NIS_domain” to /etc/sysconfig/network fileConfigure NIS domain at boot time
In the /var/yp/Makefile file, edit the list of files to be made into mapsIf no slave servers, ensure NOPUSH=true
Linux+ Guide to Linux Certification, 3e 23
Configuring an NIS Server (continued) Add identification of allowed clients
to /var/yp/securenets file Allow the allowed clients to access the
appropriate maps in /etc/ypserv.conf Start NIS daemon by service ypserv start command
Ensure NIS password server daemon is started at runlevel 5 by chkconfig –level 5 yppasswdd on command
Linux+ Guide to Linux Certification, 3e 24
Configuring an NIS Server (continued) Generate configuration file maps
by the /usr/lib/yp/ypinit –m command
Allow clients to connect by service ypbind start command
Ensure NIS binding server is started at runlevel 5 by chkconfig –level 5 ypbind on command
Linux+ Guide to Linux Certification, 3e 25
Configuring an NIS Client Define the NIS domain name via domainname NIS_ domain_name command
Add NISDOMAIN=“NIS_domain” to /etc/sysconfig/network fileConfigure NIS domain at boot time
In the /etc/yp.conf file, add, for each specific NIS server: domain NIS_domain server NIS_serverAlternatively add domain NIS_domain broadcast
Linux+ Guide to Linux Certification, 3e 26
Configuring an NIS Client (continued) Start NIS client program by service ypbind start command
Ensure NIS binding server daemon is started at runlevel 5 by chkconfig –level 5 ypbind on command
Locate NIS server by ypwhich command
Add +:*:0:0::: to /etc/passwd to redirect requests to NIS server
yppasswd command: used by NIS clients to change NIS password
Linux+ Guide to Linux Certification, 3e 27
Web Services Apache is the most common Web server
Started as http daemon Document root directory: stores default
HTML content for a Web server/var/www/html on Fedora LinuxDefault document is index.html
/etc/httpd/conf/httpd.conf: default configuration file
Directive: Line within a configuration file
Linux+ Guide to Linux Certification, 3e 28
Web Services (continued) Default settings sufficient for most Web
serversCopy appropriate HTML files into /var/www/htmlStart Apache by service httpd start
Separate httpd daemon is started each time a client request is received by Apache Web serverCalled a Web page hitFirst daemon started as root user, others
started as Apache user curl command: used at BASH shell to
obtain Web page
Linux+ Guide to Linux Certification, 3e 29
Linux+ Guide to Linux Certification, 3e 30
Table 13-2: Common httpd.conf directives
Sharing Services: Samba Samba daemon: Emulates SMB
protocolFormats TCP/IP data like Windows
computers NetBIOS name daemon: to create and
advertise NetBIOS name for Windows computers to connect to Linux server
nmblookup command: Tests NetBIOS name resolution in Linux
Linux+ Guide to Linux Certification, 3e 31
Configuring a Samba Server Create Linux user for each Windows user
smbpasswd command: Generate Samba passwords
/etc/samba/smb.conf: Default Samba configuration fileEdit to include NetBIOS nametestparam command: checks syntax of
/etc/samba/smb.conf Start Samba and NetBIOS name daemons by service smb start and service nmb start commands
Linux+ Guide to Linux Certification, 3e 32
Connecting to a Samba Server Test Samba functionality after
configurationFrom Windows client enter \\
Samba_server_name in the Run dialog box smbclient command: used to connect
a Linux computer to a Samba serverCan also be used to display an FTP-like
interface on Samba or Windows servers
Linux+ Guide to Linux Certification, 3e 33
NFS Network File System (NFS): allows Unix,
Linux, and Macintosh OS X computers to share files transparently
Export a directory by placing its name in the /etc/exports file
mount command: used by another computer to access an exported directory across the network by mounting the remote directory on the local computer
Linux+ Guide to Linux Certification, 3e 34
Configuring a Linux NFS Server Create directory containing information
to share Edit /etc/exports file:
Add line listing directory to be shared and options
Run exportfs –a command Update list of exported filesystems
Restart the NFS processes:service nfs startservice nfslock start
Linux+ Guide to Linux Certification, 3e 35
Connecting to a Linux NFS Server Mount directory from remote NFS server to a
directory on local computerUse mount command specifying nfs
filesystem type, server name or IP address, remote directory, and local directory as arguments
Use the mounted directory as any other local directory, with operations being performed on the remote computer
Use umount command to dismount remote directory
Linux+ Guide to Linux Certification, 3e 36
FTP Protocol most commonly used to
transfer files on public networks Hosts files differently than NFS In anonymous access special directory
is available to any user who wants to connect to FTP server
User can log in, via an FTP client program, to a home directory on the FTP server
Linux+ Guide to Linux Certification, 3e 37
Configuring a Linux FTP Server Very secure FTP daemon (vsftpd): used by
most Linux systems To configure (assuming logon as “user1”):
Create directory below user1’s home directory to host the files○ Ensure user1 owns directory
Edit /etc/vsftpd/vsftpd.conf to modify appropriate commented options
Run service vsftpd start to start vsftpd daemon
Linux+ Guide to Linux Certification, 3e 38
Connecting to a Linux FTP Server Most Web browsers have built-in FTP utility
Allows you to access files on remote computer To connect through Web browser, specify
the location by typing ftp://servername in the browserTo log in as particular user, type
ftp://user:password@servername Most OSs have command-line FTP utility
Use ftp command and specify host name as argument, log in as anonymous or as specific user○ Receive prompt that accepts FTP commands
Linux+ Guide to Linux Certification, 3e 39
Connecting to a Linux FTP Server (continued)
Linux+ Guide to Linux Certification, 3e 40
Figure 13-7: Using a Web browser FTP client
Connecting to a Linux FTP Server (continued)
Linux+ Guide to Linux Certification, 3e 41
Table 13-3: Common FTP commands
Connecting to a Linux FTP Server (continued)
Linux+ Guide to Linux Certification, 3e 42
Table 13-3 (continued): Common FTP commands
E-mail Services Various e-mail protocols exist, including
SMTP, ESMTP, POP, and IMAP E-mail server looks up the name of
target e-mail server in domain’s MX records, stored on public DNS serverResolves target e-mail server name to IP
address using public DNS server Daemons and system components rely
on e-mail to send important information to the root user
Linux+ Guide to Linux Certification, 3e 43
Working with Sendmail Sendmail: one of oldest and most complex
e-mail daemonsBy default accepts email on TCP port 25Test using telnet port_num, EHLO, and HELO commands
mail command: checks local e-mail /etc/aliases file: contains other e-mail
names used to identify the users on the systemnewaliases command: rebuilds the aliases
database after modifications
Linux+ Guide to Linux Certification, 3e 44
Working with Postfix Postfix: easier to configure than Sendmail
Install using yum install postfixEdit /etc/postfix/main.cf configuration fileRun service sendmail stop ; service postfix start command to stop Sendmail daemon and activate Postfix daemon○ To make the change permanent, run the chkconfig -- level 5 sendmail off ; chkconfig -- level 5 postfix on command
Linux+ Guide to Linux Certification, 3e 45
Working with Postfix (continued)
Linux+ Guide to Linux Certification, 3e 46
Table 13-4: Lines in /etc/postfix/main.cf to uncomment or add when configuring Postfix
Database Services Databases: large files that store
information in the form of tables Table: organizes information into a list Record: set of information about a
particular item within a list Fields: categories of information within a
record Relational databases: databases in which
information within one table is related to information within other tablesTables are usually linked by a common field
Linux+ Guide to Linux Certification, 3e 47
Database Services (continued)
Linux+ Guide to Linux Certification, 3e 48
Figure 13-8: A simple relational database structure
Database Services (continued) Structured Query Language (SQL):
programming language used to store and access data in databasesThe server programs that allow use of SQL
are called SQL servers○ Offer advanced backup, repair, replication,
and recovery utilities for data○ Allow programs to access databases from
across the network
Linux+ Guide to Linux Certification, 3e 49
Database Services (continued)
Linux+ Guide to Linux Certification, 3e 50
Table 13-5: Common SQL statements
Database Services (continued)
Linux+ Guide to Linux Certification, 3e 51
Table 13-5 (continued): Common SQL statements
Configuring PostgreSQL Powerful SQL server that provides large
number of featuresTo install: yum install postgresql
command Prepare for use by:
Use passwd postgres command to assign user a password
Initialize internal databases using service postgresql initdb command
Modify PostgreSQL configuration filesStart the PostgreSQL engine
Linux+ Guide to Linux Certification, 3e 52
Configuring PostgreSQL Databases Log in as postgres user Execute PostgreSQL command-line
utilities to create and manage databasesCan create tables and add records within
the PostgreSQL utility using appropriate SQL statements
PostgreSQL utility has many built-in commands○ Prefixed with a \ character○ Can be used to obtain database information or
perform functions within the utility
Linux+ Guide to Linux Certification, 3e 53
Configuring PostgreSQL Databases (continued)
Linux+ Guide to Linux Certification, 3e 54
Table 13-6: PostgreSQL command-line utilities
Configuring PostgreSQL Databases (continued)
Linux+ Guide to Linux Certification, 3e 55
Table 13-7: Common built-in PostgreSQL utility commands
Summary DHCP, DNS, NTP, and NIS are infrastructure
services since they provide network-related services to other computers
DHCP servers lease other computers an IPv4 or IPv6 configuration
DNS servers provide name resolution services for other computers on the network
Linux computers can use the system time stored within the computer BIOS or obtain time from an NTP server across the network
Linux+ Guide to Linux Certification, 3e 56
Summary (continued) NIS servers provide key configuration files to
other Linux computers that are configured as NIS clients
The Apache server shares Web pages from its document root directory to computers on the network using the HTTP protocol
Samba can be used to share files to Linux, UNIX, Macintosh, and Windows computers using the SMB protocol
NFS can be used to natively share files among Linux, UNIX, and Macintosh systems
Linux+ Guide to Linux Certification, 3e 57
Summary (continued) FTP can be used to share files to any
computer that has an FTP client utility Email servers deliver e-mails to users,
accept new e-mails from users and relay the new emails to other e-mail servers on the Internet for delivery
Applications that store data in databases on database servers use SQL statements to manipulate information within a database
PostgreSQL provides advanced configuration and utilities
Linux+ Guide to Linux Certification, 3e 58
Recommended