SHRI G.P.M.

DEGREE COLLEGE OF
SCIENCE & COMMERCE.
T.Y.B.Sc C.S.
Linux Server
Administration
 SHRI G.P.M. DEGREE COLLEGE OF
SCIENCE & COMMERCE.
(COMMITTED TO EXCELLENCE IN EDUCATION)

This is to certify that

Student of B.Sc. Information Technology (Seat No . ) has Completed the required

number of practical’s in the subject of as

prescribed by the University of Mumbai under my supervision during the academic year 2018-

2019.

Prof. In charge Course Co-coordinator

External Examiner Principal

Date: College Seal

Prof. Name: Mrs. Khushboo Singh Class/Sem.: T.Y. B.Sc.(CS) / Semester - V
Course Code: USCSP502 Subject Name: Linux Server Administration

Date Index Page No. Sign.

Theory-1 : Single-Host Administration

/ / Practical-1: Install DHCP Server in Ubuntu 16.04 ……………… ………………

/ / Example-1: Configure the DHCP server by matching the following

Conditions:
a. Subnet and Net mask should be 192.168.0.0 and
255.255.255.0
b. Gateway Should be 192.168.0.254
c. DNS Server Should be 192.168.0.254
d. Domain Name should be example.com
(IT Lab) ……………… ………………

/ / Example-2: Install configure squid server with IP address

192.168.1.240 with different access control lists and
block www.facebook.com for the client with IP address
192.168.1.220. (Homework) ……………… ………………

/ / Practical-2: Initial settings: Add a User, Network Settings, Change

To static IP address, Disable IPv6 if not needed. ……………… ………………

/ / Example-1: Configure a Linux server system to assign IP addresses

Dynamically to the client system. (IT Lab) ……………… ………………

/ / Example-2: Configure Services, display the list of services which are

running, Stop and turn OFF auto-start setting for a
Service if you don’t need it, Sudo Settings. (Homework) ……………… ………………

/ / Practical-3: Configure NTP Server (NTPd), Install and Configure

NTPd, Configure NTP Client (Ubuntu and Windows) ……………… ………………
/ / Example-1: How to forcefully sync date and time using the NTP
Server in Linux. (IT Lab) ……………… ………………
/ / Example-2: How to keep your Linux server on time with NTP.
(Homework) ……………… ………………

1
/ / Practical-4: SSH Server : Password Authentication Configure SSH
Server to manage a server from the remote computer,
SSH Client : (Ubuntu and Windows) ……………… ………………

/ / Example-1: Create a rule that will restrict SSH to allow only

Specific IP addresses. (IT Lab) ……………… ………………

/ / Example-2: Implement Shell Scripts and High-Availability

Clustering
a. Writing Shell Scripts
b. Configuring Booting with GRUB
c. Configuring High Availability Clustering.
(Homework) ……………… ………………

Theory-2: Internet Services

/ / Practical-5: Install DNS Server BIND, Configure DNS server which

resolves domain name or IP address, Install BIND 9,
Configure BIND, Limit ranges you allow to access if
Needed. ……………… ………………

/ / Example-1: a. Installing and configuring NFS server

b. Installing and configuring samba server
c. Installing and configuring FTP server
(IT Lab) ……………… ………………

/ / Example-2: Check all the servers are working correctly and

these server can be used to download files and
Share files. (Homework)

/ /
Practical-6: Configure DHCP Server, Configure DHCP (Dynamic Host
Configuration Protocol) Server, Configure NFS Server to
share directories on your Network, Configure NFS
Client. (Ubuntu and Windows Client OS) ……………… ………………

/ / Example-1: Install a DHCP server in Cent OS, RHEL and Fedora.

(IT Lab) ……………… ………………

/ / Example-2: Fedora Linux: Restart / Stop / Start DHCPD Server

Command. (Homework) ……………… ………………

2
/ / Practical-7: Configure LDAP Server, Configure LDAP Server in order
to share users' accounts in your local networks, Add
LDAP User Accounts in the Open LDAP Server,
Configure LDAP Client in order to share users'
Accounts in your local networks. Install
php LDAP admin to operate LDAP server via Web
Browser. ……………… ………………

/ / Example-1: Use SSL to communicate with the LDAP server.

For SSL to function, the LDAP server must support SSL.
(IT Lab) ……………… ………………

/ / Example-2: To make a search request to the LDAP server, use the

administrator account for authentication.
(HOMEWORK) ……………… ………………

Theory-3 : Intranet Services

/ / Practical-8: Configure NIS Server in order to share users' accounts

in your local networks, Configure NIS Client to bind NIS
Server. ……………… ………………
/ / Example-1: Establishing the Domain for NIS Server. (IT Lab) ……………… ………………
/ / Example-2: Create NIS user. (Homework)

/ / Practical-9: Install Samba to share folders or files between

Windows and Linux. ……………… ………………

/ / Example-1: Create samba server in Min Ubuntu. (IT Lab) ……………… ………………

/ / Example-2: Share file with your Android device using samba server.
(HOMEWORK) ……………… ………………

3
 Theory-1

Single-Host Administration
Theory: The Dynamic Host Configuration Protocol (DHCP) is a network management
protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP
address and other network configuration parameters to each device on a network so they can
communicate with other IP networks. DHCP can be implemented on networks ranging in size
from home networks to large campus networks and regional Internet service
provider networks.

Practical-1
Aim: Install DHCP Server in Ubuntu 16.04

Source Code:
Step 1. Install dhcpd:

$sudo apt-get install isc-dhcp-server

Step 2. Edit /etc/default/isc-dhcp-server to specify the interfaces dhcpd should listen to.

$sudo vi /etc/default/isc-dhcp-server

INTERFACES="ens33"

Step 3. Change the default configuration

Edit file /etc/dhcp/dhcpd.conf to enter particular configuration.

Enter the domain name and domain-name-servers:

option domain-name-servers ns1.example.org, ns2.example.org

option domain-name "example.org";

$sudo vi /etc/dhcp/dhcpd.conf

default-lease-time 600;
max-lease-time 7200;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.20 192.168.1.30;
option routers 192.168.1.1;
option domain-name-servers ns1.example.org, ns2.example.org
option domain-name "example.org";
}

1|Page
Output:

Step 4. Check status of DHCP server.

Step 5. Check status of Firewall (It must be inactive)

2|Page
Step 5. Client Configuration (Client Machine is Fedora 28 Workstation)

3|Page
Conclusion: The Program successfully run and complied.

4|Page
 Practical-1 : Example-1
Aim: Configure the DHCP server by matching the following Conditions:
Subnet and Net mask should be 192.168.0.0 and 255.255.255.0
Gateway Should be 192.168.0.254
DNS Server Should be 192.168.0.254
Domain Name should be example.com

Source Code:
sudo apt-get update
sudo apt-get install isc-dhcp-server

sudo nano /etc/network/interfaces

auto eth0
iface etho inet static
address 192.168.1.200
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
getway 192.168.1.1
sudo nano /etc/dhcp/dhcpd.conf
(
subnet 192.168.1.0 255.255.255.0;
range 192.168.1.2 192.168.1.50;
#
#
option routers 192.168.1.1;
option broadcast-address 192.168.1.255
default-less-time 6000;
max-leass-time 7200;
)

sudo nano /etc/default/isc-dhcp-server

Interfaces=”eth0”

sudo reboot
sudo service isc-dhcp-server restart

ifconfig

5|Page
Output:

6|Page
Conclusion: The Program successfully run and complied.

7|Page
 Practical-1 : Example-2
Aim: Install configure squid server with IP address192.168.1.240 with
different access control lists and block www.facebook.com for the
Client with IP address 192.168.1.220.

Source Code:
sudo apt-get update
sudo apt-get install squid squid-common

sudo service squid start (stop|restart|status)

sudo /usr/sbin/squid (launch program directly)
sudo pkill -9 squid

cd /etc/squid
ls (you should see the squid.conf file)

sudo cp squid.conf squid.conf.bak

ifconfig (write down your inet address e.g. 192.168.1.100)

sudo nano squid.conf

Output:

8|Page
Conclusion:

DHCP Server, Ubuntu 16.04, leased IP address 192.168.1.20 to Fedora 28 Workstation.

Imp. Note: While working on virtual machine, disable default DHCP Server in VMware
or VirtualBox.

9|Page
 Practical-2
Aim: Initial settings: Add a User, Network Settings, Change To static IP
address, Disable IPv6 if Not needed.

Source Code:
# IPv4 gateway and primary address. The netmask
# is taken from the PREFIX (where 24 is a
# public IP, 17 is a private IP)
iface eth0 inet static
address 198.51.100.5/24
gateway 198.51.100.1

# Add DNS resolvers for resolvconf. Can mix IPv4 and IPv6.
dns-nameservers 203.0.113.1 2001:db8:0:123::2 203.0.113.3
dns-search members.linode.com
dns-options rotate

# Add a second public IPv4 address.

iface eth0 inet static
address 198.51.100.10/24

# IPv6 gateway and primary address.

iface eth0 inet6 static
address 2001:db8:2000:aff0::1/64
gateway fe80::1

# Add a second IPv6 address.

iface eth0 inet6 static
address 2001:db8:2000:aff0::2/32

# ip addr | grep inet

# cat /etc/resolv.conf

ping -c 3 google.com
ping6 -c 3 ipv6.google.com

10 | P a g e
Output:

11 | P a g e
Conclusion: The Program successfully run and complied.

12 | P a g e
 Practical-2 : Example-1
Aim: Configure a Linux server system to assign IP Addresses dynamically
to the Client system.

Source Code:
nano / etc / network / interfaces
# ...
auto eth0
iface eth0 inet dhcp

service networking restart

Output:

Conclusion: The Program successfully run and complied.

13 | P a g e
 Practical-2 : Example-2

Aim: Configure Services, display the list of services Which are running,
Stop and turn OFF auto- Start setting for a Service if you don’t need
it, Sudo Settings.

Source Code:
sudo tee /etc/init/mysql.override
sudo rm /etc/init/mysql.override

Output:

Conclusion: The Program successfully run and complied.

14 | P a g e
 Practical-3

Aim: Configure NTP Server (NTPd), Install and Configure NTPd,

Configure NTP Client(Ubuntu and Windows)

Source Code:
root@dlp:~#
apt-get -y install ntp
root@dlp:~#
vi /etc/ntp.conf
# line 18: omment out
#
pool 0.ubuntu.pool.ntp.org iburst
#
pool 1.ubuntu.pool.ntp.org iburst
#
pool 2.ubuntu.pool.ntp.org iburst
#
pool 3.ubuntu.pool.ntp.org iburst
#
pool ntp.ubuntu.com
# add servers of your timezone for time synchronization
server ntp1.jst.mfeed.ad.jp iburst
server ntp2.jst.mfeed.ad.jp iburst
server ntp3.jst.mfeed.ad.jp iburst
# line 50: add the network range you allow to receive requests
restrict 10.0.0.0 mask 255.255.255.0 nomodify notrap
root@dlp:~#
systemctl restart ntp
# show status
root@dlp:~#
ntpq -p

root@client:~#
apt-get -y install ntpdate
root@client:~#
ntpdate ntp1.jst.mfeed.ad.jp

15 | P a g e
Output:

16 | P a g e
Conclusion: The Program successfully run and complied.

17 | P a g e
 Practical-3 : Example-1

Aim: How to forcefully sync date and time using the NTP Server in
Linux.

Source Code:
# apt-get install ntp

#service ntp status

#ntpq –p

#tail –f /var/log/syslog

Output:

18 | P a g e
Conclusion: The Program successfully run and complied.

19 | P a g e
 Practical-3 : Example-2

Aim: How to keep your Linux server on time with NTP.

Source Code:

#apt-y install ntp

gedit/etc/ntp.conf

Output:

20 | P a g e
Conclusion: The Program successfully run and complied.

21 | P a g e
 Practical-4

Aim: SSH Server : Password Authentication Configure SSH Server to

manage a server from the remote computer, SSH Client : (Ubuntu
and Windows)

Source Code:
[1] Password Authentication for Open SSH Server on Ubuntu is enabled by
default, so it's possible to login without changing any settings. Furthermore,
root account is prohibited Password Authentication by default with
"PermitRootLogin prohibit -password", so default set ting is good for use. But
if you prohibit root login all, change like follows.
root@dlp:~#
apt-get -y install openssh-server
root@dlp:~#
vi /etc/ssh/sshd_config
# line 28: change to no
PermitRootLogin
no
root@dlp:~#
systemctl restart ssh
SSH Client : Ubuntu : Ubuntu
Configure SSH Client for Ubuntu.

[2] Install SSH Client.

root@client:~#
apt-get -y install openssh-client

[3] Connect to the SSH server with a common user.

# ssh [username@hostname or IP address]
root@client:~#
ssh ubuntu@dlp.srv.world
Dr. Girish Tere Page 37
The authenticity of host 'dlp.srv.world (<no hostip for proxy command>)' can't be
established.
ECDSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:60:90:d8.
Are you sure you want to continue connecting (yes/no)?
yes
Warning: Permanently added 'dlp.srv.world' (ECDSA) to the list of known hosts.
ubuntu@dlp.srv.world's password:
# password of the user
ubuntu@dlp:~$
# just logined

[4] It's possbile to execute commands on remote Host with adding commands to
ssh command.
# for example, open /etc/passwd on remote host

22 | P a g e
ubuntu@client:~$
ssh ubuntu@dlp.srv.world "cat /etc/passwd"
ubuntu@dlp.srv.world's password:
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
...
ubuntu:x:1000:1000:ubuntu,,,:/home/ubuntu:/bin/bash
sshd:x:108:65534::/var/run/sshd:/usr/sbin/nologin
SSH Client : Windows
Configure SSH Client for Windows.

[5] Get a SSH Client for Windows. This example shows to use Putty like follows.
Input your server's IP address and Click 'Open' button.

[6] After authentication on SSH server, it's possible to login remotely with SSH.

Output:

Conclusion: The Program successfully run and complied.

23 | P a g e
 Practical-4 : Example-1

Aim: Create a rule that will restrict SSH to allow Only Specific IP
addresses.

Source Code:
Remember that you can check your current iptables ruleset with sudo iptables -
S and sudo iptables -L.

sudo invoke-rc.d iptables-persistent save

This will save your current iptables rules to the /etc/sysconfig/iptables file.

To accept all traffic on your loopback interface, run these commands:

sudo iptables -A INPUT -i lo -j ACCEPT

sudo iptables -A OUTPUT -o lo -j ACCEPT

Service: SSH
If you're using a cloud server, you will probably want to allow incoming SSH connections
(port 22) so you can connect to and manage your server. This section covers how to configure
your firewall with various SSH-related rules.

Allow All Incoming SSH

To allow all incoming SSH connections run these commands:

sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate

NEW,ESTABLISHED -j ACCEPT

sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate

ESTABLISHED -j ACCEPT

The second command, which allows the outgoing traffic of established SSH connections, is
only necessary if the OUTPUT policy is not set to ACCEPT.

24 | P a g e
Allow Incoming SSH from Specific IP address or subnet
To allow incoming SSH connections from a specific IP address or subnet, specify the
source. For example, if you want to allow the entire 15.15.15.0/24 subnet, run
these commands:

sudo iptables -A INPUT -p tcp -s 15.15.15.0/24 --dport 22 -m conntrack

--ctstate NEW,ESTABLISHED -j ACCEPT

sudo iptables -A OUTPUT -p tcp --sport 22 -m conntrack --ctstate

ESTABLISHED -j ACCEPT

Output:

sudo iptables -A OUTPUT -p tcp --dport 22 -m conntrack --ctstate

NEW,ESTABLISHED -j ACCEPT

sudo iptables -A INPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT

Conclusion: The Program successfully run and complied.

25 | P a g e
 Practical-4 : Example-2

Aim: Implement Shell Scripts and High-Availability Clustering

a. Writing Shell Scripts
b. Configuring Booting with GRUB
c. Configuring High Availability Clustering.

Source Code:

a. Writing Shell Scripts

Let’s start by a Hello World example. Open your favorite editor and write a shell script
file named as my_script.sh containing following lines

#!/bin/bash
echo "hello world" //print to screen

The first line called a hashbang or shebang. It tells Unix that this script should be
run through the /bin/bash shell. Second line is just the echostatement, which prints
the words after it to the terminal.

After saving the above file, we need to give it execute permission to make it runnable.
You can set the execute permission as follows

chmod +x my_script.sh //add execute permission

Execute script as anyone of the following commands

$ bash my_script.sh
$ ./my_script.sh

Output:

Hello world

Now we are done with the very basic shell script that prints `Hello world` to the
screen.

26 | P a g e
b. Configuring Booting with GRUB

27 | P a g e
 c. Configuring High Availability Clustering

Starting Cluster Services

Start the cluster services on the nodes in the cluster using the following procedure.

1. On both nodes in the cluster, start the ricci service and set a password for
user ricci.

2. # service ricci start

3. Starting ricci: [ OK ]

4. # passwd ricci

5. New password:

6. Retype new password:

7. On the node that will be hosting the web management interface, start
the luci service. This will provide the link from which to access luci on this node.

8. # service luci start

28 | P a g e
 9. Starting luci: generating https SSL certificates... done

10. [ OK ]

11.

12. Please, point your web browser to https://example-01:8084 to access luci

Creating the Cluster

Use the following procedure to create a cluster.

1. To access the High Availability management web interface, point your browser to the
link provided by the luci service and log in using the root account on the node
hosting luci. Logging in to luci displays the luci Homebase page.

2. To create a cluster, click on Manage Clusters from the menu on the left navigation
pane of the Homebase page. This displays the clusters page.

3. From the clusters page, click the Create button. This displays the Create New
Clusterscreen.

Clusters menu

4. On the Create New Cluster screen, enter the parameters for the cluster you are
creating. The Password field will be the ricci password you defined for the
indicated node. For more detailed information about the parameters on this screen
and information about verifying the certificate fingerprint of the ricci server,
see Section 4.4, “Creating a Cluster”.

29 | P a g e
Conclusion: The Program successfully run and complied.

30 | P a g e
 Theory-2

Internet Services

Theory: DNS or Domain Name System, as we know is an internet service that is used to
translate the user friendly domain into computer friendly IP addresses. Not only can we
translate domain names to IP addresses, we can also perform reverse translation i.e. from IP
addresses to domain name translations. In this tutorial, we are going to learn to setup a private
DNS server by implementing BIND9 on Ubuntu/Debian system.

Practical-5

Aim: : Install DNS Server BIND, Configure DNS server which resolves
domain name or IP address, Install BIND 9, configure BIND, Limit
Ranges you allow to access if needed.

Source Code:
Installation of Bind 9 on Debian / Ubuntu System:
We need to install ‘bind9 bind9utils bind9-doc dnsutils’ to install BIND 9 & related tools.
Open your terminal & execute the following command,

Configuration of bind 9 on Debian / Ubuntu System:

Once all the packages have been installed, we will move into the configuration part. All
configuration files for BIND are located in folder ‘/etc/bind’.
One of the important configuration file for bind is “/etc/bind/named.conf.options“,
As per my private network settings, I have specified the following parameters:

Next Important Configuration file is “/etc/bind/named.conf.local“, in this file we will define

the zone files for our domain, edit the file add the following entries:

31 | P a g e
Save the file & exit. Here we have mentioned locations for our forward lookup zone file &
reverse lookup zone files. Next we will create the mentioned forward & reverse zone files.

Firstly create the forward lookup zone file, Sample zone files (db.local) are already there in
‘/etc/bind folder‘, we can use and copy sample zone file

our forward lookup file should look like something below:

32 | P a g e
Here, we have added information regarding our DNS server & have also added A records for
couple of servers, also added record for a mail server & CNAME record for ftp server. Make
sure you edit this file to suit your network.
Next we will create a reverse lookup zone file at the same location,sample reverse lookup
zone file is present at ‘/etc/bind‘ folder.

Your Reverse Zone Lookup file should look like below:

33 | P a g e
linuxtechi@bind-server:~$ sudo systemctl restart bind9

linuxtechi@bind-server:~$ sudo systemctl enable bind9

Note:- In case OS firewall is running on your bind server then execute the below command to
allow 53 port

linuxtechi@bind-server:~$ sudo ufw allow 53

Rule added

Rule added (v6)

linuxtechi@bind-server:~$

Validating Syntax of bind9 configuration and Zone files

If you want to cross verify the syntax of your bind 9 configuration file (named.conf.local).
Use the command “named-checkconf“, example is shown below:

linuxtechi@bind-server:~$ sudo named-checkconf /etc/bind/named.conf.local

linuxtechi@bind-server:~$

If there is no syntax error in your bind configuration file, then it should return to shell without
showing any errors.

34 | P a g e
To cross verify the syntax your forward and reverse lookup zone files , use the command
“named-checkzone“, example is shown below:

linuxtechi@bind-server:~$ sudo named-checkzone linuxtechi.local

/etc/bind/forward.linuxtechi.local

zone linuxtechi.local/IN: loaded serial 6

OK

linuxtechi@bind-server:~$

linuxtechi@bind-server:~$ sudo named-checkzone linuxtechi.local

/etc/bind/reverse.linuxtechi.local

zone linuxtechi.local/IN: loaded serial 21

OK

linuxtechi@bind-server:~$

Testing the DNS server with dig & nslookup

To test out our BIND 9 DNS server, we will use another Ubuntu machine & will change its
DNS to point out our DNS server. To change the DNS server, open ‘/etc/resol.conf‘ & make
the following DNS entry,

linuxtechi@nixworld:~$ sudo vi /etc/resolv.conf

search linuxtechi.local

nameserver 192.168.0.40

save the file & exit. We now have our client ready with DNS pointing to our server. We will
now use a CLI tool called ‘dig‘ command , which is used to get find out DNS & its related
information. Execute the following command from terminal,

linuxtechi@nixworld:~$ dig primary.linuxtechi.local

& we should get the following output from the command,

35 | P a g e
This output shows that our DNS is working fine.

Let’s do reverse lookup query(PTR):

linuxtechi@nixworld:~$ dig -x 192.168.0.40

Output of command should be something like below:

Also we can run ‘nslookup‘ command against our DNS server to confirm the output of dig
command.

36 | P a g e
Output:

Note:- While running dig command, if you get ‘command not found’ error than we need to
install ‘dnsutils’ package as dig command is part of ‘dnsutils’ package,

linuxtechi@nixworld:~$ sudo apt-get install dnsutils -y

Conclusion: The Program successfully run and complied.

37 | P a g e
 Practical-5 : Example-1

Aim: a. Installing and configuring NFS server

b. Installing and configuring samba server
c. Installing and configuring FTP server

Source Code:
a. Installing and configuring NFS server

Package Name : nfs-utils, nfs-utils-lib

Main Configuration File : /etc/exports

NFS Installation
Firstly we will install NFS, which is easy & can be installed using following command

yum install nfs* -y

now, we need to start our server

service nfs start

chkconfig nfs on

Configuration
Now, we will share a directory, lets share our home (/home) directory.

Firstly open configuration file

vi /etc/exports
since its an empty file, we will the following lines to the file to share /home folder

/home 192.168.1.0/24 (rw,sync)

S0, the above line means

/home is directory to be shared,

192.168.1.0/24 will be the subnet range for which shard folder will be available, you can just
mention a single IP here,
rw means client will have both read & write permissions. You can also use ro for read only.
Now, restart the service to implement changes to server ,

service nfs restart

Our shared folder is now ready to be used.

Note If we are giving rw (read,write) settings on nfs share, make sure the permissions on the
folder are 777.

Testing shared folder

On Server, use following command to show shared folder

38 | P a g e
 mountfs -V
& on client side, use following command to see the shared folder

show mount -e 192.168.1.100

Client side configuration
On Client side, we will have to firstly install nfs

yum install nfs* -y

we will now mount shared folder to /mnt

mount 192.168.1.100:/home /mnt

so the above command will mount the shared folder, which we can use like a regular
partition. But this will only be a temporary mount i.e. when we restart our system, our mount
will be lost.

Therfore in order to permanently mount shared folder, we need to make an entry in

/etc/fstab
vi /etc/fstab
After opening fstab, make the following entry at the bottom of file,

192.168.1.100:/home /mnt nfs defaults 0 0

& drive will remain mounted even after system reboot.

b. Installing and configuring samba server

Configure Samba Server

• samba
• samba-common
• samba-winbind

Check necessary rpm

You can install RPM from several sources including YUM repository, dump of RPM, FTP,
etc. In this article I am installing RPM form RHEL 6 disk. Mount RHEL 6 disk in media folder
and change directory to Package folder

Install necessary RPM.

39 | P a g e
Samba Daemons

If you have just installed RPM than these service would be stopped.

Start necessary services

Make sure the services are running at the next time Linux is booted

How to allow samba through firewall

During the RHCE 6 exam we will have both firewall (iptables) and SELinux protection.

Reload the smb service

40 | P a g e
On linuxclient system first try to mount sharedata from smbuser5 and than from smbuser1

How to limit samba to group

We have created a group smbgroup above in this tutorial. Now configure Samba to allow access
only to this group.

On server change the group of sharedata and update the permission to 1770. Open
the smb.conf file

Update the stanza and save the file

reload the smb service

On linux client first try with smbuser5 which is not the member of smbgroup and later try with
smbuser3 which is the member of smbgroup

How to limit samba to users

Now we will share only for user/ users. Now configure Samba toallow only smbuser1 on
sharedata folder.

On server make smbuser1 the owner of /sharedata folder and update the permission. Open the
smb.conf

change the stanza and save the file

41 | P a g e
Reload the file

On linuxclient first try with other users and latter try with smbuser1

So far in this article we have configured different level of access for Samba share. For RHCE
6 exam always remember that file permissions, file system mount options, SELinux Booleans,
ACL cannot be overridden by Samba. Its mean that if a directory does not have write
permission and you have Samba setting writeable = yes, it will not allow to write. This is the
reason why we first update the file system permission than we set Samba settings.

During the RHCE 6 exam following 2 commands can be very handy for you.

testparm

testparm command will check smb.conf file for internal errors. If output of this commands
return without any errors, you use the configuration file.

42 | P a g e
smbstatus

This command will list the current Samba connection.

c. Installing and configuring FTP server

Install FileZilla Server

1. Download FileZilla Server and run the setup file to start installation.
2. Click I Agree button, make sure Standard type of installation is selected and click Next.

43 | P a g e
3. Click Next to accept the install location.
4. By default FileZilla Server will install as service and started automatically. There is also an
option to install as service but not automatically started or as a normal startup method. You
can also leave the port untouched unless there is another application that is using the same
port.

5. Choose the startup behavior and click the Install button.

6. After installation, FileZilla Server will automatically run and prompts you to connect to
server. Click the OK button to login.

44 | P a g e
Create User Account In FileZilla Server

7. Although the FTP service is already running, but no one can connect it because you will
first need to create a user account and then assign the folders with proper permissions to the
user. Click on Edit menubar and select Users.
8. At the General page, click the Add button at the center right and enter the name of the user
account. Click OK.

9. Back at the Users window, make sure the enable account option is ticked. It is also
advisable to set a password for the user account by checking the password checkbox and
enter a password.

12. Click the OK button at the bottom left.

45 | P a g e
The basic setup of FileZilla Server is done. You can now scroll down and read on how can
another computer connect to your new FTP server. Please feel free to explore other features
in FileZilla Server such as user limit, SSL, speed limit, IP filter, groups, logging, MODE Z,
autoban and etc.

Install Xlight FTP Server

1. Download Xlight FTP Server and run setup.exe to start the installation and follow the on-
screen instructions (Click Next, I accept the agreement and Next, Next, Next, Next, Install,
Finish)

Create Virtual Server In Xlight FTP Server

2. Click the first icon with a plus and computer at the top right to create a new virtual server.

3. Leave all selected options in New Virtual Server window as default and click OK.

Create User Account In Xlight FTP Server

4. Click the User List icon and click the Add icon located at the top right.

5. Enter the username, password and browse the directory that you want the user to have
access to. There is an icon located next to the Browse button that allows you to set the
permission. The default selected permissions are list read and list which is the same as
FileZilla Server.

46 | P a g e
6. Click OK button to create the user and close the User List window.

The Virtual Server In Xlight FTP Server

7. Click on the virtual server that you have created to highlight it and click the play icon to
start the server. You will see that the status of the server will change from Stopped to
Running.

47 | P a g e
As you can see, the setting up of FTP server using Xlight is so much simpler compared to
FileZilla. You can check out the global options and also the additional settings for the virtual
servers. Do note that some features are disabled in the free version of Xlight after 30 days
usage. The biggest drawback in the free version of Xlight is the 5 online users limitation but
shouldn’t be a problem if you are using it privately on your home network.

Setting Up Core FTP Mini SFTP Server

If you are looking for the easiest and fastest way to run a temporary FTP server, Core FTP
mini SFTP Server would be your perfect choice. It is portable (settings are stored as clear text
in registry), no dependencies, free, secure because it uses SFTP protocol, and very easy to
configure.

1. Download Core FTP mini SFTP Server

2. Run the downloaded msftpsrvr.exe file.

3. Enter a username, password and set the path to share.

4. Click the Start button to start the SFTP service.

Optionally you can enable the zlib from the Options which is actually the MODE Z where it
will compress the files on the fly before transferring to save time and bandwidth. The only
drawback in using Core FTP mini is the SFTP protocol. Although it is more secure but you
cannot connect and manage the files/folders from Windows Explorer. You will need to use a
third party FTP client software that supports SSH File Transfer Protocol such as WinSCP or
FileZilla Client.

48 | P a g e
Output:

Conclusion: The Program successfully run and complied.

49 | P a g e
 Practical-5 : Example-2

Aim: Check all the servers are working correctly and these server can be
used to download files and share files.

Source Code:
Working with the Files panel in the FTP View
You can use the FTP view to view files and folders, check whether they are associated with a
Dreamweaver site or not, and perform standard file maintenance operations, such as opening
and moving files. The Files panel also helps you manage and transfer files to and from a
remote server.
After you set up a site in Dreamweaver, you can use the Files panel in the following ways:
• Access sites, a server, and local drives
• View files and folders
• Manage files and folders in the Files panel
• Synchronize files and folders between local and remote servers
Read on to learn how to use the Files panel in the FTP View.

Options in the Files panel

At its simplest, the Files panel displays a list of only the local files in your computer. As you
work more with the Files panel - setting up a site, setting up connections to remote servers,
enabling check in and check out, more options appear in the Files panel.
Here's what the Files panel looks like:
• When no site is defined in Dreamweaver
• When a site is defined but a server is not defined
• When a site is defined, server connections are defined, and check-in and check-out of files is
enabled
For information on defining a site and server, see About Dreamweaver sites.

When no site is defined in Dreamweaver

50 | P a g e
What the Files panel looks like when no site is defined in Dreamweaver

What a site is defined but a server is not defined

When you define a Dreamweaver site, the files within your site are displayed. The Files panel
also includes a button - Define servers, which is a prompt to start defining connections to
remote and testing servers.

51 | P a g e
Output:

Conclusion: The Program successfully run and complied.

52 | P a g e
 Practical-6

Aim: Configure DHCP Server, Configure DHCP(Dynamic Host

Configuration Protocol) Server, Configure NFS Server to share
directories on your Network, Configure NFS Client. (Ubuntu and
Windows Client OS)

Source Code:
$ sudo apt install isc-dhcp-server
INTERFACES="eth0"

$ sudo vi /etc/dhcp/dhcpd.conf
option domain-name "tecmint.lan";
option domain-name-servers ns1.tecmint.lan, ns2.tecmint.lan;
default-lease-time 3600;
max-lease-time 7200;
authoritative;

setup DHCP for 192.168.10.0/24

subnet 192.168.10.0 netmask 255.255.255.0 {
option routers 192.168.10.1;
option subnet-mask 255.255.255.0;
option domain-search "tecmint.lan";
option domain-name-servers 192.168.10.1;
range 192.168.10.10 192.168.10.100;
range 192.168.10.110 192.168.10.200;
}

Configure Static IP on DHCP Client Machine

host centos-node {
hardware ethernet 00:f0:m4:6y:89:0g;
fixed-address 192.168.10.105;
}

host fedora-node {
hardware ethernet 00:4g:8h:13:8h:3a;
fixed-address 192.168.10.106;
}

start the DHCP service

------------ SystemD ------------
$ sudo systemctl start isc-dhcp-server.service
$ sudo systemctl enable isc-dhcp-server.service

------------ SysVinit ------------

$ sudo service isc-dhcp-server.service start
$ sudo service isc-dhcp-server.service enable

53 | P a g e
$ sudo ufw allow 67/udp
$ sudo ufw reload
$ sudo ufw show

Configuring DHCP Client Machines

$ sudo vi /etc/network/interfaces

auto eth0
iface eth0 inet dhcp

Save the file and exit. And restart network services like so (or reboot the system):
------------ SystemD ------------
$ sudo systemctl restart networking

------------ SysVinit ------------

$ sudo service networking restart

Output:

Conclusion: The Program successfully run and complied.

54 | P a g e
 Practical-6 : Example-1

Aim: Install a DHCP server in Cent OS, RHEL and Fedora.

Source Code:
DHCP Server - CentOS 7
DHCP Clients - Fedora 25 and Ubuntu 16.04
# yum -y install dhcp
//DHCPDARGS=eth0
# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf
# vi /etc/dhcp/dhcpd.conf

Start by setting the following global parameters which will apply to all the subnetworks
//option domain-name "tecmint.lan";
//option domain-name-servers ns1.tecmint.lan, ns2.tecmint.lan;
//default-lease-time 3600;
//max-lease-time 7200;
//authoritative;

configure DHCP for 192.168.56.0/24 LAN network

subnet 192.168.56.0 netmask 255.255.255.0 {
option routers 192.168.56.1;
option subnet-mask 255.255.255.0;
option domain-search "tecmint.lan";
option domain-name-servers 192.168.56.1;
range 192.168.56.10 192.168.56.100;
range 192.168.56.120 192.168.56.200;
}

Assign Static IP to DHCP Client

host ubuntu-node {
hardware ethernet 00:f0:m4:6y:89:0g;
fixed-address 192.168.56.105;
}

host fedora-node {
hardware ethernet 00:4g:8h:13:8h:3a;
fixed-address 192.168.56.110;
}

# ifconfig -a eth0 | grep HWaddr

start the DHCP service for the mean time and enable it to start automatically from the next system
boot
---------- On CentOS/RHEL 7 ----------
# systemctl start dhcpd
# systemctl enable dhcpd

55 | P a g e
---------- On CentOS/RHEL 6 ----------
# service dhcpd start
# chkconfig dhcpd on

permit DHCP service (DHCPD daemon listens on port 67/UDP)

---------- On CentOS/RHEL 7 ----------
# firewall-cmd --add-service=dhcp --permanent
# firewall-cmd --reload

---------- On CentOS/RHEL 6 ----------

# iptables -A INPUT -p tcp -m state --state NEW --dport 67 -j ACCEPT
# service iptables save

# vi /etc/sysconfig/network-scripts/ifcfg-eth0
//DEVICE=eth0
//BOOTPROTO=dhcp
//TYPE=Ethernet
//ONBOOT=yes

Output:

Conclusion: The Program successfully run and complied.

56 | P a g e
 Practical-6 : Example-2

Aim: Fedora Linux: Restart / Stop / Start DHCPD Server Command.

Source Code:

$ sudo apt-get update

$ sudo apt-get install isc-dhcp-server
$ ifconfig
$ sudo nano /etc/default/isc-dhcp-server
$ cd /etc/dhcp/
$ sudo nano /etc/dhcp/dhcpd.conf
$ ls
$ sudo systemctl start isc-dhcp-server
$ sudo ufw status
$ sudo nano /etc/network/interfaces

Output:

57 | P a g e
Conclusion: The Program successfully run and complied.

58 | P a g e
 Practical-7

Aim:- Configure LDAP Server, Configure LDAP Server in order to share

users' accounts in your local networks, Add LDAP User Accounts in
the Open LDAP Server, Configure LDAP Client in order to share
users' accounts in your local networks. Install php LDAP admin to
operate LDAP server via Web Browser.

Source Code:

# newuser1 - 1010 1010

# Add DNS resolvers for resolvconf. Can mix IPv4 and IPv6.
dns-nameservers 203.0.113.1 2001:db8:0:123::2 203.0.113.3
dns-search members.linode.com
dns-options rotate

# Add a second public IPv4 address.

iface eth0 inet static
address 198.51.100.10/24

# IPv6 gateway and primary address.

iface eth0 inet6 static
address 2001:db8:2000:aff0::1/64
gateway fe80::1

# Add a second IPv6 address.

iface eth0 inet6 static
address 2001:db8:2000:aff0::2/32

Output:

59 | P a g e
Conclusion: The Program successfully run and complied.

60 | P a g e
 Practical-7 : Example-1

Aim: Use SSL to communicate with the LDAP server. For SSL to function,
the LDAP server must support SSL.

Source Code:
$ su
# openssl req –new –key
# apt-get install ntp
#service ntp status
#ntpq –p
#tail –f /var/log/syslog

Output:

61 | P a g e
Conclusion: The Program successfully run and complied.

62 | P a g e
 Practical-7 : Example-2

Aim: To make a search request to the LDAP server, use the administrator
account for authentication

Source Code:

# apt-get install ldap-auth-client nscd

# auth-client-config –t nss -p lac_ldap
# ls /home
# nano /usr/share/pam
# ls
# /usr/share/pam-configs# cat ldap

Output:

Conclusion: The Program successfully run and complied.

63 | P a g e
 Theory-3

Intranet Services

Theory: An intranet is a private network accessible only to an organization's staff.[1][2]

Often, a wide range of information and services are available on an organization's internal
intranet that are unavailable to the public, unlike the Internet. A company-wide intranet can
constitute an important focal point of internal communication and collaboration, and provide
a single starting point to access internal and external resources.

Practical-8

Aim: Configure NIS Server in order to share users' accounts in your local
networks, Configure NIS Client to bind NIS Server.

Source Code:

# yum install rpcbind ypserv ypbind –y

#vim /etc /sysconfig/net

#vim /etc /sysconfig/network

#rpcinfo –u localhost ypserv

# /usr/lib64/yp/ypinit –m

# etc/init.d/rpcbind status

# /etc/init.d/ypserv start

# etc/init.d/rpcbind restart

# etc/init.d/ypserv restart

# rpcinfo –u localhost ypserv

basie# cat /etc/master.passwd

root:[password]:0:0::0:0:The super-user:/root:/bin/csh

toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh

daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin

operator:*:2:5::0:0:System &:/:/sbin/nologin

64 | P a g e
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin

tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin

uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin

pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin

nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
-bill

basie#

Output:

65 | P a g e
Conclusion: The Program successfully run and complied.

66 | P a g e
 Practical-8 : Example-1

Aim: Establishing the Domain for NIS Server.

Source Code:
#hostnamect1 set-hostname nismaster.example.local
# reboot

$ping 192.168.0.10
#vim /etc /hosts
# yum install ypserv rpcbind –y
#ypdomainname eample.local
# vim /etc / sysconfig/network
# vim /var/yp/securenets
# systemct1 start rpcbind ypserv ypxfrd yppasswdd
# systemct1 enable rpcbind ypserv ypxfrd yppasswdd
# /usr/lib64/yp/ypinit –m

Output:

67 | P a g e
Conclusion: The Program successfully run and complied.

68 | P a g e
 Practical-8 : Example-2

Aim: Create NIS user.

Source Code:

#yum install ypserv yp-tools ypbind

#nisdomainname example.com
# nano /etc/Sysconfig/network
# /usr/lib64/yp/ypinit -m
# systemct1 start rpcbind
# systemct1 enable rpcbind
#systemct1 start ypserv
#systemct1 enable ypserv
# nano /usr/lib/firewall/services/ypserv.xml
# systemct1 restart firewalld
# firewall –cmd --add-service=rpc-bind
# firewall –cmd --add-service=rpc-bind --parmanent
#firewall-cmd --add-service=ypserv
#firewall-cmd --add-service=ypserv --permanent
# yum install yp-tools ypbind

Output:

69 | P a g e
Conclusion: The Program successfully run and complied.

70 | P a g e
 Practical-9

Aim: Install Samba to share folders or files between Windows and Linux.

Source Code:
$Apt-get –y install samba

$Mkdir /home/share

$gedit /etc/samba/smb.conf

71 | P a g e
$Ifconfig

72 | P a g e
$clear

$exit

73 | P a g e
74 | P a g e
#systemctl restart smbd & systemctl status smbd

#systemctl restart smbd & systemctl status smbd

75 | P a g e
76 | P a g e
#cd /home/share

/home/share# touch quicknotepad doc

/home/mkdir#mkdir quick

77 | P a g e
Output:

Conclusion: The Program successfully run and complied.

78 | P a g e
 Practical-9 : Example-1

Aim: Create samba server in Min Ubuntu.

Source Code:
$sudo apt install samba

79 | P a g e
$ sudo mkdir media /storage

$ sudo vim /etc/samba/smb.conf

$ sudo service smbd restart

$ sudu smb passwd –a Jason

Output:

Conclusion: The Program successfully run and complied.

80 | P a g e
 Practical-9 : Example-2

Aim: Share file with your Android device using samba server.

Source Code:

$ apt-get -y install samba

$ apt-get -y install samba-common-tools
$ apt-get -y install samba-client
$ systemctl start smb
$ systemctl enable smb

Output:

81 | P a g e
82 | P a g e
Conclusion: The Program successfully run and complied.

83 | P a g e