Академический Документы
Профессиональный Документы
Культура Документы
Module 1
H3065S F.00
The course assumes that the student has experience with general UNIX user
commands, and basic administration skills such as managing devices and
device files, creating and mounting file systems, tuning the kernel, and
installing and removing software.
Day 5:
Day 2:
Configuring Subnetting Configuring BOOTP/TFTP
Troubleshooting Network Connectivity Configuring NTP
Starting Network Services Configuring SSH
Configuring SD-UX Depot Servers
Day 3:
NFS Concepts
Configuring NFS
Configuring AutoFS
HP Education Services:
http://www.hp.com/education
Module 2
H3065S F.00
WAN
Which frames
0x0060B07ef226 are for me?
/16 Network 8 Network Bits 8 Network Bits 8 Host Bits 8 Host Bits
/24 Network 8 Network Bits 8 Network Bits 8 Network Bits 8 Host Bits
IP Address:
100000000 00000001 00000001 00000001
128.1.1.1/16
Netmask:
111111111 11111111 00000000 00000000
255.255.0.0
or
0x ff ff 00 00
Netmask 1's identify network bits Netmask 0's identify host bits
Packets sent
to the network
128.1.1.1 128.1.1.2 128.1.1.3 broadcast address
are received by ALL
hosts on the
network.
Formulate the
broadcast address
by setting all
host bits to "1".
# ping 128.1.255.255
# ping 127.0.0.1
Private Public
Intranet Internet
Firewall
192.66.123.4/24
148.10.12.14/16
9.12.36.1/8
163.128.19.9/16
123.45.65.23/8
199.66.55.4/24
/etc/hosts
128.1.1.1 sanfran
I can reference nodes 128.1.1.2 oakland
by host name and let 128.1.1.3 la
HP-UX automatically
128.1.1.4 sandiego
determine the IP
's IP?
addresses for me! nd .2
la .1
s oak 28
.1
h at i is 1
W 's IP
kl and
oa
Telnet request
To: 128.1.1.2
# telnet oakland
128.1.1.2 (oakland)
Outbound Frame
128.1.1.1 128.1.1.2
(sanfran) (oakland)
080009-000001 080009-000002
Broadcast
6 3 Packet
4
ARP cache
2 128.1.1.1
128.1.1.2
080009-000001
080009-000002
128.1.1.2 128.1.1.3 128.1.1.4
128.1.1.3 080009-000003 (oakland) (la) (sandiego)
128.1.1.4 incomplete!
128.1.1.4 080009-23EF45
128.1.1.1
5
(sanfran) 1 $ ping sandiego
Example: sanfran pings sandiego
1. sanfran pings sandiego. sanfran resolves sandiego's IP address via /etc/hosts.
2. Search for sandiego's IP in the arp cache — the IP address is not found in ARP cache.
3. Send ARP broadcast on the local network to find the MAC address for 128.1.1.4.
4. System with the specified IP address responds with a packet containing its MAC.
5. The MAC address and corresponding IP address are added to sanfran's ARP cache.
6. The frame specifically addressed to sandiego's MAC address is sent.
Is the
hostname
destination a hostname
or an IP address?
Retransmit 4 3 Send
Packet
2 3 2 1 1 3 2
Acknowledgements 1 5
Data Packets
1
2 2 1
Open Close
3 Segment 2
6 Reassemble
sanfran Data
128.1.1.1
3 oakland
128.1.1.2
2 1
2
1 1 2 1 3
128.1.1.1 128.1.1.2
(sanfran) (oakland)
Network Subsystem
128.1.1.2 128.1.1.3 128.1.1.4
(oakland) (la) (sandiego)
telnetd ftpd rlogind
port 23 port 21 port 513
$ telnet sanfran $ ftp sanfran $ rlogin sanfran
128.1.1.1 (sanfran)
Network Subsystem
128.1.1.2 128.1.1.3
telnetd ftpd
(oakland) (la)
telnetd
telnetd $ telnet sanfran $ telnet sanfran
$ telnet sanfran $ ftp sanfran
128.1.1.1 (sanfran)
Problem: Which network application gets the data when multiple instances are present?
Multiple clients can be executing the same network application.
Multiple instances of the network application can be running on the same client.
Solution: Create a unique socket for each process which runs a network application.
A socket is a port number combined with a node’s IP address.
A socket connection is the coupling of a client socket address with a server socket address.
Network Subsystem
telnet telnet
128.1.1.2.50001 128.1.1.2.50002
telnetd telnetd
128.1.1.1.23 128.1.1.1.23 128.1.1.2 (oakland)
128.1.1.1 . 23 Socket
4 Transport TCP requires that a socket connection be established; UDP does not.
TCP requires packets be acknowledged; UDP does not.
TCP is streams-based; UDP is message-based.
Module 3
H3065S F.00
Transmission Media
Interface Cards Firewall
Repeaters
Hubs
Gateway Router Router
Bridges
Switches
Bridge Switch
Routers (chicago office) (london office)
Gateways Mainframe
Hub Hub
Firewalls (sales) (research)
Twisted Pair
Coaxial Cable
Fiber Optic
Glass or Plastic Fiber Cable
Ring Bus
CSMA/CD Method
Cable Type Coax Fiber Cat 3/5 Cat 5 Fiber Cat 5 Fiber
T T
Hub/Switch
Token Ring
Data Rate 4 or 16 Mbps
Topology (Logical) Ring MultiStation
Topology (Physical) Star Access
Unit
Access Method Token
Cable Types Cat 3/5
Max. Segment 100m
FDDI Ring
Data Rate 100 Mbps
Single Attachment Stations
Topology (Logical) Ring
Topology (Physical) Dual Ring
Star
Access Method Token
Cable Type Fiber Concentrator
Max. Segment 2000m
Repeaters extend
Repeater the maximum
allowed distance
between nodes.
telnet
Repeaters
Hub
Hubs make it
very easy to add
and remove hosts
on a network.
telnet
Hubs…
Bridge
Bridges
Switch
Switches are
similar to bridges,
but offer multiple parallel
communication channels
across ports for improved
performance.
telnet telnet
Switches
Mainframe
Firewalls
Internet
Firewall
Bridge Switch
(chicago office) (london office)
Mainframe
Hub Hub
(sales) (research)
Module 4
H3065S F.00
Networking Subsystem
LANIC Drivers
/sbin/init.d
hpbase100 /etc/rc.config.d/hpbase100conf
hpbaset /etc/rc.config.d/hpbasetconf
hpeisabt /etc/rc.config.d/hpeisabtconf
hpether /etc/rc.config.d/hpetherconf
Link layer configuration
hpgsc100 /etc/rc.config.d/hpgsc100conf
hpvgal /etc/rc.config.d/hpvgalconf
hptoken /etc/rc.config.d/hptokenconf
/etc/rc.config.d/hpbase100conf
HP_BASE100_INTERFACE_NAME[0]=lan0
HP_BASE100_STATION_ADDRESS[0]=0x080009000001
HP_BASE100_SPEED[0]=100FD
/sbin/init.d/hpbase100 start
lanadmin -A 0x080009000001 0
lanadmin -X 100FD 0
/etc/rc.config.d/netconf
HOSTNAME=sanfran
INTERFACE_NAME[0]=lan0
IP_ADDRESS[0]=128.1.1.1
SUBNET_MASK[0]=255.255.0.0
BROADCAST_ADDRESS[0]=""
INTERFACE_STATE[0]=""
DHCP_ENABLE[0]="0"
/sbin/init.d/hostname start
uname -S sanfran
hostname sanfran
/sbin/init.d/net start
ifconfig lan0 128.1.1.1 netmask 255.255.0.0 up
/etc/rc.config.d/netconf
INTERFACE_NAME[0]=lan0:0
Internet
IP_ADDRESS[0]=129.1.1.1
SUBNET_MASK[0]=255.255.0.0
INTERFACE_NAME[1]=lan0:1
129.1.1.1 ijunk.com
IP_ADDRESS[1]=129.2.1.1
SUBNET_MASK[1]=255.255.0.0
129.2.1.1 bigcorp.com
129.3.1.1 estuff.com
INTERFACE_NAME[2]=lan0:2
IP_ADDRESS[2]=129.3.1.1
SUBNET_MASK[2]=255.255.0.0
/sbin/init.d/net start
ifconfig lan0:0 129.1.1.1 netmask 255.255.0.0 up
ifconfig lan0:1 129.2.1.1 netmask 255.255.0.0 up
ifconfig lan0:2 129.3.1.1 netmask 255.255.0.0 up
# vi /etc/hosts
127.0.0.1 localhost loopback
# other servers
129.1.1.1 mailsvr
130.1.1.1 filesvr
Module 5
H3065S F.00
Router
RouterA RouterB
Net 128.1.0.0 Net 129.1.0.0 Net 130.1.0.0
# netstat -rn
Dest Gateway Flags Refs Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 lo0 4136
128.1.1.1 128.1.1.1 UH 0 lan0 4136
127.0.0.0 127.0.0.1 U 0 lo0 0
128.1.0.0 128.1.1.1 U 2 lan0 1500
129.1.0.0 128.1.0.1 UG 0 lan0 1500
130.1.0.0 128.1.0.1 UG 0 lan0 1500
Flags:
Destination H = Route is for a single host
Next Hop
Network U = Route is "Up"
G = Route requires a hop across a gateway
Use the route command to dynamically add and remove route table entries.
128.1.0.1
Add a default route:
# route add default 128.1.0.1 1
To the Intranet
Delete the default route: and beyond!
/etc/rc.config.d/netconf
ROUTE_DESTINATION[0]="net 129.1.0.0"
ROUTE_MASK[0]="255.255.0.0"
ROUTE_GATEWAY[0]="128.1.0.1"
ROUTE_COUNT[0]="1"
ROUTE_ARGS[0]=""
ROUTE_DESTINATION[1]="default"
ROUTE_MASK[1]=""
ROUTE_GATEWAY[1]="128.1.0.1"
ROUTE_COUNT[1]="1"
ROUTE_ARGS[1]=""
/sbin/init.d/net start
route add net 129.1.0.0 netmask 255.255.0.0 128.1.0.1 1
route add default 128.1.0.1 1
Module 6
H3065S F.00
...
packet
...
65,000 hosts
Subnet 128.1.1.0
Router
(254 hosts)
Network 128.1.0.0/16
Subnet 128.1.2.0
(65,535 hosts) Router
(254 hosts)
Subnet 128.1.3.0
(254 hosts) Router
128 . 1 . 0 . 0
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
128 . 1 . 1 . 0
1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0
1 1 1 1 1 1 11 1 1 1 1 1 1 11 0 0 0 0 0 0 00 0 0 0 0 0 0 00 = 255.255.0.0
1 1 1 1 1 1 11 1 1 1 1 1 1 11 1 1 1 1 1 1 11 0 0 0 0 0 0 00 = 255.255.255.0
1 0 0 0 0 0 00 0 0 0 0 0 0 01 0 0 0 0 0 0 01 0 0 0 0 0 0 00 1st subnet
1 0 0 0 0 0 00 0 0 0 0 0 0 01 0 0 0 0 0 0 10 0 0 0 0 0 0 00 2nd subnet
1 0 0 0 0 0 00 0 0 0 0 0 0 01 0 0 0 0 0 0 11 0 0 0 0 0 0 00 3rd subnet
1 0 0 0 0 0 00 0 0 0 0 0 0 01 0 0 0 0 0 1 00 0 0 0 0 0 0 00 4th subnet
. . . .
. . . .
. . . .
1 0 0 0 0 0 00 0 0 0 0 0 0 01 1 1 1 1 1 11 0 0 0 0 0 0 0 00 254th subnet
Netmask = 255.255.255.0
• The host address with all 0s represents the address for the entire subnet.
• The host address with all 1s represents the broadcast address for the subnet.
• All other addresses within the subnet may be used for hosts.
• Examples: IP addresses for subnet 128.1.1.0/24:
Netmask = 255.255.255.0
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 7
Limitations of Subnetting on an Octet
Boundary
1 1 0 0 0 0 00 0 0 0 0 0 1 10 0 0 0 0 1 1 00 0 0 1 0 0 0 00 1st subnet
1 1 0 0 0 0 00 0 0 0 0 0 1 10 0 0 0 0 1 1 00 0 1 0 0 0 0 00 2nd subnet
1 1 0 0 0 00 0 0 0 0 0 0 1 10 0 0 0 0 1 1 00 0 1 1 0 0 0 00 3rd subnet
1 1 0 0 0 0 00 0 0 0 0 0 1 10 0 0 0 0 1 1 00 10 0 0 0 0 0 0 4th subnet
1 1 0 0 0 0 00 0 0 0 0 0 1 10 0 0 0 0 1 1 00 10 1 0 0 0 0 0 5th subnet
1 1 0 0 0 0 00 0 0 0 0 0 1 10 0 0 0 0 1 1 00 11 0 0 0 0 0 0 6th subnet
Finance subnet
(192.6.12.96/27)
Marketing subnet
(192.6.12.64/27)
Manufacturing subnet
(192.6.12.32/27)
Module 7
H3065S F.00
Application 7
Presentation 6
Session 5
Transport 4
Networking 3
Data Link 2
Physical 1
• The lanscan command lists information for all LAN interface cards on the system.
• Example:
# lanscan
Hardware Station Crd Hdw Net-Interface NM MAC HP-DLPI DLPI
Path Address In# State NamePPA ID Type Support Mjr#
8/16/6 0x0060B0A39825 0 UP lan0 snap0 1 ETHER Yes 119
8/20/5/1 0x0060B058A8C6 1 UP lan1 snap1 2 ETHER Yes 119
Application 7 Application 7
Presentation 6 Presentation 6
Session 5 Session 5
Transport 4 Transport 4
Networking 3 Networking 3
Data Link 2 Data Link 2
Physical 1 Physical 1
# linkloop 0x0060b007c179
Link connectivity to LAN station: 0x0060b007c179
-- OK
Application 7
Presentation 6
Session 5
Transport 4
Networking 3
Data Link 2
Physical 1
# lanadmin
LOCAL AREA NETWORK ONLINE ADMINISTRATION, Version 1.0
Wed, Aug 12,1998 23:03:30
Copyright 1994 Hewlett Packard Company.
All rights are reserved.
lan = LAN Interface Administration
menu = Display this menu
quit = Terminate the Administration
terse = Do not display command menu
verbose = Display command menu
Application
Presentation
Session
Transport
Networking
Data Link
Physical
# /usr/sbin/arp -a
frank (192.6.30.1) at 0:60:b0:7:4c:4d ether
beverly (192.6.30.5) at 0:60:b0:7:c1:79 ether
jeff (192.6.30.4) at 0:60:b0:7:e1:12 ether
bill (192.6.30.2) at 0:60:b0:7:7e:69 ether
larry (192.6.30.3) at 0:60:b0:7:e1:a2 ether
Application 7 Application 7
Presentation 6 Presentation 6
Session 5 Session 5
Transport 4 Transport 4
Networking 3 Networking 3
Data Link 2 Data Link 2
Physical 1 Physical 1
# ping bill
PING 192.6.30.2: 64 byte packets
64 bytes from 192.6.30.2: icmp_seq=0. time=223. ms
64 bytes from 192.6.30.2: icmp_seq=1. time=43. ms
----bill PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip (ms) min/avg/max = 43/158/223
Application
Presentation
Session
Transport
Networking
Data Link
Physical
# netstat -i
Name Mtu Network Address Ipkts Opkts
lo0 4136 127.0.0.0 localhost 838 838
lan0 1500 192.6.30.0 bill 160952 111715
Application
Presentation
Session
Transport
Networking
Data Link
Physical
• The netstat -r command displays all routes defined in the route table.
• The netstat -rn command displays IP addresses instead of hostnames.
• Example:
# netstat -rn
Routing tables
Destination Gateway Flags Refs Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 lo0 4136
192.6.30.2 192.6.30.2 UH 0 lan0 4136
192.6.30.0 192.6.30.2 U 2 lan0 1500
127.0.0.0 127.0.0.1 U 0 lo0 4136
default 192.6.30.1 UG 0 lan0 1500
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 11
The nslookup Command
Application
Presentation
Session
Transport
Networking
Data Link
Physical
# nslookup mickie
Using /etc/hosts on: bill
Name: mickie
Address: 192.6.30.3
Module 8
H3065S F.00
NTP
inetd Q: After the kernel is loaded, how
does it know which daemons need
to be started when?
• init and /sbin/rc start and stop services in stages called run levels.
• The system run level determines what services are available.
• At boot, init progresses from run level 1 to 3, starting services.
• At shutdown, init progresses from run level 3 to 0, killing services.
• Example: (Not all run levels and services shown)
Shutdown
3 syncer, NFS, CDE
Startup
2 syncer, NFS
1 syncer
0
• /sbin/rc*.d directories determine at which run levels services start and stop.
• /sbin/rc runs S scripts to start services during system startup.
• /sbin/rc runs K scripts to kill services during system shutdown.
/sbin
rc3.d K100dtlogin.rc
K900nfs.server
rc2.d
S340net
rc1.d S430nfs.client
S500inetd
rc0.d S660xntpd
/sbin/rc2.d/S730cron
Run Level
Type
Sequence Number
Service Name
/sbin
/sbin/init.d/cron:
case $1 in
start_msg) echo “Start clock daemon”
stop_msg) echo “Stop clock daemon”
start) # Commands to start cron
stop) # Commands to kill cron
esac
• You may wish to disable a service that’s not needed, or enable a new service.
• Services may be enabled or disabled via control variables.
• Control variables are defined in files under /etc/rc.config.d.
• /sbin/init.d/ scripts source /etc/rc.config.d/* files
/etc/rc.config.d/cron
CRON=1 # Set control variable to 1 to enable
# Set control variable to 0 to disable
/sbin/init.d/cron (simplified)
case $1 in
start_msg) echo “Start clock daemon”
stop_msg) echo “Stop clock daemon”
start) if CRON=1 then start the cron daemon
stop) if CRON=1 then kill the cron daemon
esac
/sbin/rc1.d
at shutdown… K500inetd Startup/Shutdown Scripts Configuration Files
K660net /sbin/init.d/* /etc/rc.config.d
/sbin/rc
/sbin/rc3.d
S100nfs.server
1. cp /sbin/init.d/template /sbin/init.d/myservice
2. vi /sbin/init.d/myservice
a. Edit start_msg statement
b. Edit stop_msg statement
c. Edit start statement
i. Change CONTROL_VARIABLE to MYSERVICE
ii. Add command to start your service
iii. Add command set_return
d. Edit stop statement
i. Change CONTROL_VARIABLE to MYSERVICE
ii. Add command to stop your service
iii. Add command set_return
3. vi /etc/rc.config.d/myservice
a. Add single line, MYSERVICE=1
4. ln -s /sbin/init.d/myservice /sbin/rc3.d/S900myservice
ln -s /sbin/init.d/myservice /sbin/rc2.d/K100myservice
Module 9
H3065S F.00
I need to share my
home directories with other
systems on the network.
/ /
Client
executes
Ports
To: Prog#100003 (nfs)
111 rpcbind
2049 nfsd
The portmap/rpcbind daemons
are responsible for routing all
incoming RPC requests to the
appropriate RPC daemons on the NFS 4955 rpc.mountd
server.
6
When my clients request access to a file, I just send back a “file handle”.
I don’t keep track of which files my clients are using.
lookup(/home/user1/data)
Implications
Improved performance
NFS servers can reboot with minimal impact on their clients
NFS clients can reboot with minimal impact on their servers
Stale file handle errors may occur if a client removes a file being used by other clients
File locking, and other “stateful” operations are more complicated
NFS CIFS
CIFS
NFS
UNIX Windows
Unix Windows
CIFS
CIFS provides an easier, more flexible
mechanism for sharing files and UNIX Windows
directories between
HP-UX and Windows PCs using
CIFS
Microsoft’s CIFS protocol
Windows Windows
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 9
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 10
Configuring NFS
Module 10
H3065S F.00
server:/etc/passwd client:/etc/passwd
user1:…:101
user1:…:101:100:…:/home/user1:… user1:…:103:100:…:/home/user1:…
user2:…:102:100:…:/home/user2:… user2:…:102:100:…:/home/user2:…
user3:…:103:100:…:/home/user3:… user3:…:101
user3:…:101:100:…:/home/user3:…
/sbin/init.d/nfs.client /etc/rc.config.d/nfsconf
NFS_CLIENT=1
NFS_SERVER=1 #Required!
NUM_NFSD=16 #Required!
/sbin/rc3.d/* NUM_NFSIOD=16
PCNFS_SERVER=1
PCNFS_SERVER=1 #Optional!
START_MOUNTD=1
START_MOUNTD=1 #Required!
/sbin/init.d/nfs.server NFS_TCP=1
NFS_TCP=1 #Optional!
# exportfs
rpc.mountd Client
on server
What file systems have been exported to whom? c. Start NFS server daemons.
d. Create the /etc/exports file.
e. Export the directories.
# showmount -e [server] f. Check the server configuration.
3. Configure the NFS client.
/usr/share/man (everyone) a. Ensure the NFS subsystem is in the kernel.
/opt/games (everyone) b. Edit the client’s configuration file.
c. Start NFS client daemons.
d. Create a new entry in /etc/fstab.
What export options were specified? e. Mount the NFS file system.
f. Check the client configuration.
4. Keep the time synchronized with all other nodes.
# exportfs
/usr/share/man
/opt/games -ro
Which clients currently have file systems mounted from the server?
# showmount -a [server]
client:/usr/share/man
client:/opt/games
/etc/rc.config.d/nfsconf
/sbin/init.d/nfs.client
NFS_CLIENT=1 #Required!
NFS_SERVER=1
NUM_NFSD=16
NUM_NFSIOD=16 #Optional!
/sbin/rc3.d/*
PCNFS_SERVER=1
START_MOUNTD=1
/sbin/init.d/nfs.server NFS_TCP=1
NFS_TCP=1 #Optional!
client:/etc/fstab
server:/home /home nfs defaults 0 0
# nfsstat -s
Server rpc:
Connection oriented:
calls badcalls nullrecv badlen xdrcall dupchecks dupreqs TCP
50505334 0 0 0 0 16826459 0
Connectionless oriented:
calls badcalls nullrecv badlen xdrcall dupchecks dupreqs UDP
11 0 0 0 0 0 0
Server nfs:
calls badcalls
38543 0
Version 2: (0 calls)
null getattr setattr root lookup readlink read
0 0% 0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
wrcache write create remove rename link symlink PV2
0 0% 0 0% 0 0% 0 0% 0 0% 0 0% 0 0%
mkdir rmdir readdir statfs
0 0% 0 0% 0 0% 0 0%
Version 3: (50505345 calls)
null getattr setattr lookup access readlink read
4 0%
write
118 0%
create
2007 0%
mkdir
33678605 66%
symlink
106 0%
mknod
0 0%
remove
0 0%
rmdir
PV3
49 0% 16822390 0% 0 0% 0 0% 0 0% 1921 0% 0 0%
rename link readdir readdir+ fsstat fsinfo pathconf
46 0% 0 0% 0 0% 0 0% 0 0% 4 0% 0 0%
Module 11
H3065S F.00
users NFS
/net
and Server
/drawings
processes
/home
mount/umount
file access
automount
requests
requests
Kernel
mount table:
autofs mount requests
/stand HFS
/net AutoFS automountd
/drawings AutoFS
/home AutoFS autofs_proc umount requests
/etc/auto_master /
/net -hosts -soft,nosuid
drawings autofs
/drawings /etc/auto.drawings
/home /etc/auto.home home autofs
/- /etc/auto.direct
net autofs
opt
# ll /net/svr1
svr1
/etc/auto_master
Configuring the -hosts map allows
/net -hosts -soft,nosuid users to automatically mount
file systems from any NFS server
just by accessing /net/servername!
/etc/auto_master
/- /etc/auto.direct
/etc/auto.direct
/usr/contrib/games -ro gamesvr:/usr/contrib/games
/opt/tools -ro toolsvr:/opt/tools
/var/mail -rw mailsvr:/var/mail
/etc/auto_master
/drawings /etc/auto.drawings
/etc/auto.drawings
gizmos -ro gizmosvr:/drawings/gizmos
gadgets -ro gadgetsvr:/drawings/gadgets
widgets -ro widgetsvr:/drawings/widgets
Direct Maps
Direct mounted and local file systems may co-exist in the same parent directory
Large direct maps quickly lead to cluttered mount tables
The automount command must be executed every time the direct map changes
Indirect Maps
Indirect mounted and local file systems may not coexist in the same parent directory
Each indirect map yields just one entry in the mount table
AutoFS automatically recognizes indirect map changes
/home/sales /home/accts
sales accts
/etc/passwd
user1:x:101:101::/home/sales/user1:/usr/bin/sh
user2:x:102:101::/home/sales/user2:/usr/bin/sh
user3:x:103:101::/home/accts/user3:/usr/bin/sh
user4:x:104:101::/home/accts/user4:/usr/bin/sh
/etc/auto_master /etc/auto.home
/home /etc/auto.home sales sales:/home/sales
accts accts:/home/accts
/home/sales /home/accts
sales accts
/etc/passwd
user1:x:101:101::/home/sales/user1:/usr/bin/sh
user2:x:102:101::/home/sales/user2:/usr/bin/sh
user3:x:103:101::/home/accts/user3:/usr/bin/sh
user4:x:104:101::/home/accts/user4:/usr/bin/sh
/etc/auto_master /etc/auto.home
/home /etc/auto.home * &:/home/&
Replicated servers
provide load
balancing and toolsvr1 toolsvr2 toolsvr3
high availability
for read-only
file systems! I'll poll all three
servers and mount
/opt/tools from
/etc/auto_master
the first server
/- /etc/auto.direct that responds!
/etc/auto.direct
/opt/tools -ro toolsvr1:/opt/tools \
toolsvr2:/opt/tools \
toolsvr3:/opt/tools
Module 12
H3065S F.00
DNS/BIND
Name Resolution
Possibilities
/etc/hosts NIS
Hierarchical
Name Space
DNS
Components
Name
Servers Resolvers
Domains
sun hp ibm
il ca ny
rockford la buffalo
. .
sun hp ibm hp
il ca ny il ca ny
arpa com
in-addr hp
1 128 254 ca
oakland 128.1.1.2
0 1 255
la 128.1.1.3
1 2 3
sanfran oakland la
sanfran.ca.hp.com = 1.1.1.128.in-addr.arpa.
sanfran.ca.hp.com = 1.1.1.128.in-addr.arpa
oakland.ca.hp.com = 2.1.1.128.in-addr.arpa
la.ca.hp.com = 3.1.1.128.in-addr.arpa
sanfran oakland la
.
com. edu . gov .
hp.com Zone
hp .
.
corp ca . az . il . ga . wa . ny . .
tx nc .
Delegated Subdomains
hp.com domain
la.ca.hp.com?
la = 128.1.1.3
oakland.ca.hp.com ca.hp.com NS
atlanta.ga.hp.com?
go to com. NS! . NS
atlanta.ga.hp.com?
oakland ca.hp.com NS go to hp.com. NS!
com. NS
atlanta.ga.hp.com?
128.1.3.1
atlanta.ga.hp.com? hp.com. NS
go to ga.hp.com. NS!
atlanta.ga.hp.com?
atlanta = 128.1.3.1
db.* files
Syntax:
# dig [@NameserverIP] \ # optionally specify a name server to query
[+short] \ # optionally display short rather than verbose results
domain | host | -x IP \ # domain, hostname, or IP to resolve
[querytype] # optionally specify the query type (eg: a, mx, or ns)
1. Create /etc/resolv.conf
search ca.hp.com hp.com
nameserver 128.1.1.1
nameserver 128.1.1.2
2. Modify /etc/nsswitch.conf
hosts: dns nis files
3. Modify /etc/hosts
127.0.0.1 localhost
128.1.1.3 la.ca.hp.com la
A: Check /etc/nsswitch.conf!
hosts: files
or hosts: dns nis files
or hosts: dns [NOTFOUND=continue] files
or hosts: dns [NOTFOUND=return] files
options {
check-names response fail;
check-names slave warn
directory = "/etc/named.data";
}
A: named consults a data file’s SOA record to determines if/when the file must be updated:
ca.hp.com. IN SOA sanfran.ca.hp.com root.sanfran.ca.hp.com (
1 ; Serial
10800 ; Refresh every 3 hours
3600 ; Retry every 1 hour
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
Module 13
H3065S F.00
/etc/passwd /etc/passwd
/etc/group /etc/group How can I ensure
/etc/hosts /etc/hosts that all of my hosts
are configured
/etc/passwd /etc/passwd consistently?
/etc/group /etc/group
/etc/hosts /etc/hosts
HP-UX now offers several alternative solutions for managing configuration information.
Of these solutions, LDAP provides the greatest scalability, security, and flexibility.
And others...
objectClass: top
objectClass: account
objectClass: posixAccount
cn: user1
uid: user1
uidNumber: 101
gidNumber: 101
homeDirectory: /home/user1
loginShell: /usr/bin/sh
o=hp.com
ou=western ou=eastern
/tmp/user1.ldif
continued at right Æ
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 10
Servers, Replicas, and LDAP Clients
Updates Updates
• In smaller organizations, the organization’s entire DIT may reside in single database
• In larger organizations, the DIT may be distributed among multiple databases/servers
• Each server typically takes responsibility for one or more directory sub-trees
• Servers use referrals to redirect clients to other servers as needed
• Some servers use chaining to query other servers on behalf of clients
o=hp.com
Contact ldap://nyc.ny.hp.com:389/
ou=eastern,o=hp.com
LDAP-compliant Directory servers provide several mechanisms for securing directory data
Several LDAP-compliant directory server products are available free for HP-UX
• LDAP-UX allows HP-UX to authenticate users via any LDAP compliant directory server
• LDAP-UX even allows HP-UX clients to authenticate users via MS Windows ActiveDirectory!
• LDAP-UX includes scripts to easily migrate UNIX configuration files to a directory server
• LDAP-UX supports LDAP resolution of users, groups, hosts, and other objects
• LDAP-UX is fully supported by HP
Modify kernel
parameters
The LDAP-UX client setup script automates LDAP-UX configuration of the first client
Client pam.conf
libpam_hpsec.so.1
$ login
$ su
PAM libpam_unix.so.1
$ ssh
libpam_ldap.so.1
$ ll
$ ps
$ who NSS ldapclientd
Some HP-UX commands such as ll, ps, who, and nsquery use the
/etc/nsswitch.conf file to determine how user, group, and other information
should be resolved.
The directory server’s Directory Manager user can change anyone’s password.
The directory server’s Directory Manager user can easily add/modify/delete the
most common UNIX directory entry types via the Netscape Directory Server
console GUI, or via the ldapentry command.
The example below shows the interface that ldapentry provides to add a user
LDAP and Netscape Directory Server are both very complex products. In order to
learn more about security, replication, referrals, more complex topologies, and
integration with Microsoft Active Directory see the references below.
On http://www.ietf.org/rfc.html:
• RFCs 2307, 2251-2256, and many others
On http://docs.hp.com:
• LDAP-UX Client Services B.03.30 Administrator's Guide
• HP CIFS Server Administrator’s Guide (includes an LDAP chapter)
On http://www.redhat.com:
•Netscape Directory Server Administrator’s Guide
•Netscape Directory Server Deployment Guide
•Netscape Directory Server Configuration, Command, and File Reference
Module 14
H3065S F.00
la sanfran
/sbin/init
/sbin/rc
/sbin/rc2.d/S*
Linked to
/sbin/init.d/*
Execution Scripts Configuration Files
gated /etc/rc.config.d/netconf
inetd /etc/rc.config.d/netdaemons
named /etc/rc.config.d/namesvrs
rwhod
/etc/rc.config.d/netdaemons
xntpd
sendmail /etc/rc.config.d/mailservs
la sanfran
/etc/rc.config.d/netdaemons
inetd
inetd
/etc/inetd.conf
$ telnet sanfran
/etc/services
telnet telnetd
/var/adm/inetd.sec
# /sbin/init.d/inetd stop
# /sbin/init.d/inetd stop
# tail /var/adm/syslog/syslog.log
Sep 5 15:51:10 host1 inetd[2234]: telnet/tcp: Connection from host1
Sep 5 15:51:27 host2 inetd[2251]: login/tcp: Connection from host2
inetd
Q: Should I provide FTP service?
Q: How do I start an ftp daemon?
# inetd -c
inetd
Q: Which port should I monitor for FTP requests?
inetd
Q: Which clients are allowed FTP access?
:
ftp deny 128.1.1.1
telnet deny 128.1.*.*
shell allow 192.1.1.* 192.1.3.*
login allow 192.1.1-3.* host1 host2
:
/etc/hosts.equiv /etc/hosts.equiv
login: leo host1 -sue host1 tom
host1
1 $ rlogin host2
host1 host2
~root/.rhosts
host1
login: leo
~sue/.rhosts
1 rlogin host2 -l root
host1 sue
2 remsh host2 ll
host1 joe
3 remsh host2 -l sue ll
/etc/rc.config.d/netdaemons
/etc/inetd.conf
inetd
/etc/services
/var/adm/inetd.sec
syslog.log
/etc/ftpd/ftpusers /etc/hosts.equiv
~/.netrc ~/.rhosts
Module 15
H3065S F.00
GET hpnpl/myprinter.cfg
TFTP request/response
BOOTP/TFTP BOOTP/TFTP
hpnpl/myprinter.cfg
Client Server
myprinter:\
hn:\
ht=ether:\
ha=080009a752c3:\
ip=128.1.1.4:\
sm=255.255.0.0:\
gw=128.1.0.1:\
dn=ca.hp.com:\
ds=128.1.1.1:\
T144=“myprinter.cfg”:\
vm=rfc1048
Module 16
H3065S F.00
S1
System with a locally attached radio clock
S2
System getting time from an S1 NTP server
S3
System getting time from an S2 NTP server
Stratum 1
Servers
# vi /etc/ntp.conf
/etc/ntp.conf for server server1a
server 2a, which polls server server1b
two stratum 1 servers, and peer server2b
provides broadcast service. driftfile /etc/ntp.drift
broadcast 128.1.255.255
# vi /etc/ntp.conf
/etc/ntp.conf for
server 127.127.1.1
a stratum 10 server that uses
fudge 127.127.1.1 stratum 10
its own local system clock.
broadcast 128.1.255.255
# vi /etc/ntp.conf
/etc/ntp.conf for server server2a
a direct polling client server server2b
driftfile /etc/ntp.drift
# vi /etc/ntp.conf
/etc/ntp.conf for broadcastclient yes
a broadcast client driftfile /etc/ntp.drift
/usr/sbin/xntpd
/etc/ntp.drift
5. Wait for NTP to establish associations with servers and peers. Be patient!
5. Wait for NTP to establish associations with servers and peers. Be patient!
Module 17
H3065S F.00
Cleartext telnet/ftp
usernames and passwords.
• Many network services authenticate clients via the source IP address in incoming packets
• Hackers use “IP spoofing” to send packets that appear to come from legitimate clients
/etc/exports
/home –root=128.1.1.1 128.1.1.1 is trying to access a file
in my NFS file system. Since that IP
is in my /etc/exports file,
I’ll allow the change.
• SSH client/user authentication enables SSH servers to authenticate clients & users
• SSH client/user authentication isn’t enabled by default
• Using SSH single sign-on saves users from repeatedly entering their passphrase
• SSH single sign-on isn’t configured by default
• Initiate a simple interactive SSH login session (similar to rlogin and telnet):
# ssh user@server
• Initiate an interactive SSH login session with compression and X tunneling options:
# ssh [-C] [-X] user@server
myserver.hp.com
Module 18
H3065S F.00
An SD-UX “Depot” is a repository for software that has been bundled using HP’s
Software Distributor utilities and tools. Depots may be stored on CD, tape, in a
.depot file, or in a directory on disk.
depot
Application depot
/mydepot
PHCO_1000.depot
svr# swcopy \
–s /tmp/PHCO_xxxx.depot \
PHCO_2000.depot /mydepot
-x enforce_dependencies=false \
\* @ /mydepot
PHNE_3000.depot
Remove all products from the depot, and the depot itself
svr# swremove –d \* @ /mydepot
svr# rm -rf /mydepot
# Initializing...
# tgt “sanfran" has the following depot(s):
/mydepot
/myappdepot
# tgt: sanfran:/mydepot
# Bundle(s):
100BaseT-00 B.11.11.01 EISA 100BaseT
100BaseT-01 B.11.11.01 HP-PB 100BaseT
Register a depot:
svr# swreg –l depot @ /cdrom
svr# swlist –l depot
# Initializing...
# tgt “sanfran" has the following depot(s):
/cdrom
Unregister a depot:
svr# swreg –ul depot @ /cdrom
svr# swlist –l depot
# Initializing...
# WARNING: No depot was found for "sanfran:".
software pull
tgt1
tgt2
software tgt3
push
svr
Allow the depot server to push software to a client: (repeat on each client)
tgt# /usr/lbin/sw/setaccess svrname
tgt# swacl –l root
Use the push functionality to remotely install, list, and remove software:
svr# swinstall –s svr:/mydepot FooProd @ tgt1 tgt2
svr# swlist @ tgt1 tgt2
svr# swremove FooProd @ tgt1 tgt2
Module 19
H3065S F.00
Day 1: Day 4:
LAN Concepts Configuring DNS
LAN Hardware Concepts
Configuring LDAP
Configuring TCP/IP Connectivity
Configuring ARPA/Berkeley Services
Configuring IP Routing
Day 2: Day 5:
Configuring Subnetting Configuring BOOTP and TFTP
Troubleshooting Network Connectivity Configuring NTP
Starting Network Services Configuring SSH
Configuring SD-UX Depot Servers
Day 3:
NFS Concepts
Configuring NFS
Configuring AutoFS
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 2
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 3
Configuring NIS
Appendix C
H3065S F.00
/etc/hosts
/etc/passwd
Clients
/etc/group
.
.
.
others
All clients share a common
Server set of configuration files.
H3065S F.00 © 2005 Hewlett-Packard Development Company, L.P. 2
NIS Maps
chris:101:…
/etc/passwd scott:102:…
abby:103:…
Server
NIS Maps
Client
NIS Domain
NIS Domain
Master Server
Clients
NIS Maps
Slave Server
/sbin/init /etc/inittab
/sbin/rc
Start Scripts
Configuration File
/sbin/rc2.d/* /etc/rc.config.d/namesvrs
portmap (HP-UX 10.20 and earlier) portmap (HP-UX 10.20 and earlier) portmap/rpcbind
rpcbind (HP-UX 10.30 and beyond) rpcbind (HP-UX 10.30 and beyond) ypbind
ypserv ypserv keyserv
ypxfrd ypxfrd
rpc.yppasswdd keyserv
rpc.ypupdated ypbind
keyserv
ypbind
3 2 1
passwd.byname /etc/passwd
NIS Maps passwd
passwd.byuid
NIS Maps Client
Master Server
$ passwd
1. An NIS user issues the passwd command
Changing passwd for jim
to change his or her password.
Old NIS password: *****
2. The /etc/passwd file on the NIS master New Password: ******
server is updated to reflect the new Retype new password: ******
password.
4 3 2 1 vi /etc/hosts
# /var/yp/ypmake hosts
ypmake hosts
hosts.byname
NIS Maps
hosts.byaddr
/etc/hosts
NIS Maps
Master Server
Slave
/etc/nsswitch.conf /etc/passwd
passwd: files nis root:... Who can log in?
group: files nis user1:...
• all users in local passwd file
user2:...
/etc/nsswitch.conf /etc/passwd
passwd: compat root:... Who can log in?
group: compat user1:...
user2:...
+hubert • all users in local passwd file
+cleo • cleo and hubert from NIS
map