3038 03 Exercises

Configure Network Services
SECTION 3 Configure Network Services
In this section of the workbook, you learn how to do the following:

n “Configure a DNS server” on 3-2
n “Use the SLES 9 OpenLDAP server” on 3-7
n “Configure an Apache Web Server” on 3-12
n “Configure a File Server With Samba.” on 3-21
In this section you learn how to install and configure four of the
most popular Linux network services at the command line:
n BIND
n OpenLDAP
n Apache
n Samba
Because configuring the services can be very complex, this section

covers only the basic functionality of the services.
The configuration is covered at the command-line level to show you

a more direct way to manipulate the behavior of the services.
x The implementation of these services that you practice in the exercises

prepares you deploy them in an internal network.
However, you should make the services accessible from the Internet only if
you know how to secure your network from external security threats by using
technologies such as a firewall.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Exercise 3-1 Configure a DNS server
In this exercise, you configure a DNS master server by doing the

following:
n Part I: Install BIND
n Part II: Configure a DNS Master Server
This exercise is designed to work with network card settings such as

the following:
n IP Address: 10.0.0.50
n Subnet mask: 255.255.255.0
n Host name: DA50
n Domain name: digitalairlines.com
Before starting this exercise, you can verify that these are your
current settings by using the YaST Network Card module. If one or
more of these settings is incorrect, change them before continuing
with the Network Card module.
x This exercise requires extensive typing to create your DNS files. To save you
some time, the files digitalairlines.com.zone and 10.0.0.zone are included
on your 3038 Course CD in the directory /exercises/section_3.
Part I: Install BIND
Do the following on both SLES 9 servers:

1. From the KDE menu, select System > YaST.
2. Enter the root password and select OK.
3. From the YaST Control Center, select Software > Install and
Remove Software.
4. From the filter drop-down menu, select Search.
Workbook 3-2 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
5. In the Search field, enter bind; then select Search.

6. On the right, select the bind package.
7. Select Accept; then insert the requested SLES 9 CD.
8. When installation is complete, remove the CD and close the
YaST Control Center.
Part II: Configure a DNS Master Server
Do the following:
1. Open a terminal window and su to root.
2. Open the file /etc/named.conf in a text editor.
3. Scroll down and add the following 2 zone statements after the
existing zone statements:
zone “digitalairlines.com” in {
type master;
file “master/digitalairlines.com.zone”;
};
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
};
4. Save and close the file.
5. Create a new file digitalairlines.com.zone in the directory
/var/lib/named/master/.
6. Enter the following zone configuration in the file:

$TTL 172800
digitalairlines.com. IN SOA your_FQHN.

root.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
digitalairlines.com. IN NS your_FQHN.
da10 IN A 10.0.0.10
da11 IN A 10.0.0.11
da12 IN A 10.0.0.12
The SOA record (including root.digitalairlines.com.) must be
on a single line. Replace your_FQHN in the SOA and NS
records with da50.digitalairlines.com. Use the current date and
“01” as the serial number (such as 2005071501).
Make sure you include all periods where indicated.
8. Create a new file 10.0.0.zone in the directory
/var/lib/named/master/.
9. Enter the following zone configuration in the file:

$TTL 172800
0.0.10.in-addr.arpa. IN SOA your_FQHN.
root.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
IN NS your_FQHN.
10 IN PTR da10.digitalairlines.com.
The SOA record (including root.digitalairlines.com.) must be
on a single line. Replace your_FQHN in the SOA and NS
records with da50.digitalairlines.com. Use the current date and
“01” as the serial number (such as 2005071501).
Make sure you include all periods where indicated.
11. Open a second terminal window and su to root.
12. Enter the following command:
tail -f /var/log/messages
13. Switch to the first terminal window and start bind with the
following command:
rcnamed start
x If there are errors in the file /etc/named, they are noted in the output
(with specific references and line numbers). The named daemon will not
start until these errors are fixed.
14. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR type or file not found.
15. If any errors occur, try to fix them and restart bind.
x One solution is to edit the digitalairlines.com.zone file by replacing

“digitalairlines.com. IN SOA...” with “@ IN SOA...” and to edit the
10.0.0.zone file by replacing “0.0.10.in-addr.arpa. IN SOA...” with “@
IN SOA...”.
16. From the first terminal window, start bind automatically when
the system is booted by entering the following:
insserv named
17. Open the file /etc/resolv.conf in a text editor.
18. Delete all existing nameserver entries.
19. Add the following entry:
nameserver 10.0.0.50
21. Verify that your DNS master server works by entering the
following command:
host da10.digitalairlines.com
22. Close the terminal windows.
x For additional information and steps on setting up a DNS slave server, see
Exercise 3-1 in your SUSE LINUX Advanced Administration manual.
(End of Exercise)
Exercise 3-2 Use the SLES 9 OpenLDAP server
In this exercise, you use the OpenLDAP server by doing the

following:
n Part I: Install GQ
n Part II: Search the SLES 9 OpenLDAP Server
n Part III: Browse the SLES 9 OpenLDAP Server
n Part IV: Use an LDIF File to Add a User
Part I: Install GQ
Do the following:
1. From the KDE menu, select System > YaST.
2. Enter the root password and select OK.
Remove Software.
4. From the filter drop down menu, select Search.
5. In the Search field, enter gq; then select Search.
6. On the right, select the gq package.
7. Install the GQ application by selecting Accept.
8. Insert the requested SLES 9 CD.
9. When the installation is complete, close the YaST Control Center
and remove the CD.
Part II: Search the SLES 9 OpenLDAP Server
Do the following:
1. From the KDE menu, select System > GQ LDAP Client.
2. Make sure that the Search tab is selected.

3. In the left search field, enter uid=geeko.
4. In the right search field, enter dc=digitalairlines,dc=com.
5. Select Find.
A result line appears.
6. Double-click the result line.
The LDAP entry for the user geeko is displayed.
7. Scroll down and verify that you cannot see the userPassword
entry for geeko.
8. Select Close.
9. From the menu bar, select File > Preferences.
10. From the configuration dialog, select the Servers tab.
11. Select the entry localhost; then select Edit.
12. From the server dialog, select Details.
13. In the Bind DN field enter the following:
cn=Administrator,dc=digitalairlines,dc=com
14. Close the server dialog by selecting OK.
15. Close the configuration dialog by selecting OK.
16. Make sure that the search fields still contain the previously
entered query.
17. Select Find.
18. When prompted for a password, enter novell; then select OK.
19. Double-click the result line.
20. Make sure that you can see the userPassword entry for geeko.
Notice that access to the password is not granted to anonymous

users, but to the authenticated administrator.
21. When you finish, select Close.
Part III: Browse the SLES 9 OpenLDAP Server
Do the following:
1. From the GQ application, select Browse.
2. On the left, expand localhost.
3. Expand dc=digitalairlines,dc=com.
4. Expand people.
All users of the system are displayed. At the moment, this only
includes geeko.
5. Select geeko.
The user information for geeko appears on the right.
6. Close the GQ window.
Part IV: Use an LDIF File to Add a User
Do the following:
1. With a text editor, create a file named tux.ldif in the directory
/tmp with the following content.
dn:uid=tux,ou=people,dc=digitalairlines,dc=com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
cn: Tux Penguin
gidNumber: 100
givenName: Tux
homeDirectory: /home/tux
loginShell: /bin/bash
shadowInactive: -1
shadowLastChange: 12609
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
sn: Penguin
uid: tux
userPassword: {crypt}GpyJ3/OQgLxZE
uidNumber: 1010
x You can also copy the LDIF file tux.ldif from the directory
/exercises/section_3 from your 3038 Course CD to the directory /tmp.
2. Save the file and close the text editor.

3. From a terminal window (as root), add the user tux by entering
the following (all on one line):
ldapadd -x -D
“cn=Administrator,dc=digitalairlines,dc=com” -W -f
/tmp/tux.ldif
4. When prompted for a password, enter novell.
x If you are unsuccessful at authenticating as Administrator, try closing

the terminal window and opening a new terminal window. Repeat steps
3 and 4.
You do not have to be root to enter the ldapadd command; however, you
need to be root for the commands that follow.
5. Create the home directory for the user tux by entering the
following:
cp -a /etc/skel/ /home/tux
6. Adjust the file system permissions by entering the following
commands:
chown -R tux:users /home/tux/
7. Log out as root by entering exit.
8. Switch to the user tux by entering the following:
su - tux
9. Log in to the tux user account by entering a password of Novell.
10. Log out as tux by pressing Ctrl+D.
11. Close the terminal window.
(End of Exercise)
Exercise 3-3 Configure an Apache Web Server
In this exercise, you configure an Apache web server by doing the

following:
n Part I: Install Apache
n Part II: Test the Installation
n Part III: Configure a Virtual Host for the Accounting
Department
n Part IV: Configure User Authentication
n Part V: Configure SSL
x The file accounting.conf you create in this exercise can be difficult to

modify properly. To help you understand what needs to be changed and
where parameters are placed, the file is available on your 3038 Course CD
in the directory /exercises/section_3.
Part I: Install Apache
Do the following:
1. From the KDE start menu, select System > YaST; then enter a
password of novell and select OK.
Remove Software.
4. In the Search field, enter apache; then select Search.
5. On the right side, select the following packages.
q apache2
q apache2-example-pages
q apache2-prefork
x If you installed a YOU server in one of the exercises in Section 1, the

apache2 and apache2-prefork packages are already installed. All you
need to do is select the apache2-examples-pages package.
6. Select Accept.
7. (Conditional) If YaST displays package dependencies, confirm
by selecting Continue.
8. When prompted, insert the requested SLES 9 CDs in the drive.
9. When installation is complete, close the YaST Control Center
and remove the CD.
10. Open a terminal window and su to root.
11. To start Apache at boot time, enter the following:
insserv apache2
12. To start the Apache daemon, enter the following:
rcapache2 start
Part II: Test the Installation
Do the following:
1. From the KDE menu, select Internet > Web Browser.
2. In the address bar of the web browser, enter the following:
http://localhost
If the Apache example page appears, the web server has been
installed and started correctly.
3. (Conditional) If you are having problems displaying the page,
you need to rename the file /srv/www/htdocs/index.html.en to
/srv/www/htdocs/index.html.
Part III: Configure a Virtual Host for the Accounting

Department
Do the following:
1. From the terminal window (as root), create a directory for the
virtual host by entering the following:
mkdir /srv/www/accounting
2. Adjust the file system permissions by entering the following:
chown wwwrun /srv/www/accounting/
3. In the new directory, create a file index.html with the following
content:
<html>
<head>
<title>Accounting Intranet Server</title>
</head>
<body>
<h1>Accounting Intranet</h1>
Under construction.
</body>
</html>
x This file is also available on your 3038 Course CD in the directory

/exercises/section_3.
4. Adjust the file system permissions of the file by entering the

following:
chown wwwrun index.html
5. Change to the directory /etc/apache2/vhosts.d/ by entering the
following:
cd /etc/apache2/vhosts.d/
6. Copy the virtual host template file by entering the following:

cp vhost.template accounting.conf
7. Open the file accounting.conf in a text editor and make the
following changes:
<VirtualHost accounting.da.com:80>
ServerName accounting.da.com
DocumentRoot /srv/www/accounting
ErrorLog /var/log/apache2/accounting.da.com-error_log
CustomLog /var/log/apache2/accounting.da.com-access_log
combined
UseCanonicalName On
ScriptAlias /cgi-bin/ “/srv/www/cgi-bin”
<Directory “/srv/www/cgi-bin”>
AllowOverride None
Options +ExecCGI -Includes
Order allow,deny
Allow from all
</Directory>
<Directory “/srv/www/accounting/”>
AllowOverride None
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
8. For testing purposes, append “accounting.da.com” to the line
“127.0.0.1” in the file /etc/hosts:
127.0.0.1 localhost accounting.da.com
9. Test the syntax of your configuration file by entering the
following:
apache2ctl configtest
10. Reload Apache by entering the following:
rcapache2 reload
11. From the Konqueror browser, access the virtual host by entering
the following:
http://accounting.da.com
The accounting intranet page is displayed.
12. Close the Konqueror browser.
Part IV: Configure User Authentication
Do the following:
1. From the terminal window (as root), create the file htpasswd and
add the user geeko to it by entering the following:
htpasswd2 -c /etc/apache2/htpasswd geeko
2. When prompted for a password, enter novell (twice).
3. Open the virtual host configuration file
/etc/apache2/vhosts.d/accounting.conf in a text editor.
4. Find the following directory directive:
<Directory “/srv/www/accounting/”>
5. Within this directory block, add the following lines:
AuthType Basic
AuthName “Accounting Intranet”
AuthUserFile /etc/apache2/htpasswd
Require user geeko
6. Check the syntax of the configuration file by entering the
following command:
7. Reload the Apache server by entering the following:

rcapache2 reload
8. Open the Konqueror browser; then enter the following:
http://accounting.da.com
A password dialog appears.
9. Enter a user name of geeko and a password of novell.
10. Access the protected web site by selecting OK.
Part V: Configure SSL
Do the following:
1. From the terminal window (as root), create the file random by
entering the following:
cat /dev/random > /tmp/random
2. Press some keys on the keyboard to generate random events
which help to create the file.
3. Stop the process after about 15 seconds by pressing Ctrl+C.
4. Generate a server key by entering the following (on one line):
openssl genrsa -des3 -out /tmp/accounting.key -rand
/tmp/random 1024
5. When prompted for a pass phrase, enter novell (twice).
6. Sign the key by entering the following (on one line):
openssl req -new -x509 -key /tmp/accounting.key
-out /tmp/accounting.crt
7. When prompted for a pass phrase, enter novell; then enter the
following information:
Table 3-1 Option Value
Country Name US
State or Province Name Utah
Locality Name Provo
Organization Name Digital Airlines
Organizational Unit Name Accounting
Common Name accounting.da.com
Email Address webmaster@da.com
8. Copy the files by entering the following commands:

cp /tmp/accounting.key /etc/apache2/ssl.key/
cp /tmp/accounting.crt /etc/apache2/ssl.crt/
9. Delete the temporary files by entering the following:
rm /tmp/accounting*
10. Adjust the file system permissions by entering the following
commands:
chmod 400 /etc/apache2/ssl.key/accounting.key
chmod 400 /etc/apache2/ssl.crt/accounting.crt
11. Open the file /etc/apache2/vhosts.d/accounting.conf in a text
editor, and change the following lines:
to
and
ServerName accounting.da.com
to
ServerName accounting.da.com:443
12. Add the following lines after the ServerName directive:
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+
LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/accounting.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/accounting.key
The lines starting with SSLCipherSuite, ALL:, and LOW:
should be on one line.
x These lines are available in the file servername in the directory

/exercises/section_3 on your 3038 Course CD.
14. Open the file /etc/sysconfig/apache2 in a text editor, and change

the following lines:
APACHE_SERVER_FLAGS=”SSL”
APACHE_START_TIMEOUT=”10”
16. From the terminal window, check the syntax of the configuration
file by entering the following:
17. Restart Apache by entering the following:
rcapache2 restart
18. When prompted for the pass phrase, enter novell.
19. As the pass phrase has to be entered every time the server starts,
you can prevent the server from being started automatically at
boot by entering the following:
insserv -r apache2
20. From the Konqueror browser, enter the following:
https://accounting.da.com/
As the certificate used in this exercises is self-signed, the
browser displays a warning.
21. In the warning dialogs, select Continue and Forever to view the
web site.
22. In the login dialog, enter a username of geeko with a password of
novell.
23. After the page displays, close the Konqueror browser and all
other open windows.
(End of Exercise)
Exercise 3-4 Configure a File Server With Samba.
In this exercise, you configure a file server with Samba by doing the
following:
n Part I: Install Samba
n Part II: Configure a Share for the User Geeko
n Part III: Access the Share of the User Geeko With smbclient
n Part IV: Mount Geeko's Share
Part I: Install Samba
Do the following:
1. From the KDE start menu, select System > YaST.
2. When prompted for the root password, enter novell; then select
OK.
3. From the YaST Control Center, select
Software > Install and Remove Software.
5. In the search field, enter samba; then select Search.
6. On the right, select the following packages:
q samba
q samba-client (if not already selected)
7. Install the selected packages by selecting Accept.
Part II: Configure a Share for the User Geeko
Do the following:
1. From a terminal window, su to root.
2. Change to the directory /etc/samba.
3. Save the default Samba configuration file by entering the

following:
mv smb.conf smb.save
4. Create the file smb.conf with a text editor.
5. Add the following lines to the configuration file:
[global]
workgroup = Accounting
netbios name = Fileserver_DA50
security = user
[geeko-dir]
comment = Geeko Directory
path = /srv/samba/geeko
valid users = geeko
read only = no
x This file is available on your 3038 Course CD in the directory

/exercises/section_3. You will need to change
“Fileserver_your_hostname” to “Fileserver_DA50” before using the
file.

7. Create the directory to export by entering the following
commands:
mkdir /srv/samba/
mkdir /srv/samba/geeko
8. Create a test file in the directory by entering the following:
touch /srv/samba/geeko/my_file
9. Adjust the directory permissions by entering the following
commands:
chown geeko /srv/samba/geeko
chown geeko /srv/samba/geeko/my_file
10. Add geeko to the file smbpasswd file by entering the following:
smbpasswd -a geeko
11. When prompted for a password, enter novell (twice).
12. Check the syntax of the configuration file by entering the

following:
testparm
13. Start the Samba servers by entering the following commands:
rcsmb start
rcnmb start
Part III: Access the Share of the User Geeko With smbclient
Do the following:
1. Open a terminal window as a normal user.
2. Access Geeko's share by entering the following:
smbclient -U geeko //localhost/geeko-dir
3. When prompted for a password, enter novell.
4. Display all available commands of smbclient by entering the
following:
help
5. List the content of the share by entering the following:
ls
6. Copy the file my_file to the current directory by entering the
following:
get my_file
7. Exit smbclient by pressing Ctrl+D.
8. Verify that the file my_file has been copied to the current
directory by entering ls.
Part IV: Mount Geeko's Share
Do the following:
1. From the terminal window, su to root.
2. Mount geeko's share in the directory /mnt by entering the
following:
mount -t smbfs -o username=geeko,password=novell
//localhost/geeko-dir /mnt
3. Display the content of the mounted share by entering the
following:
ls /mnt/
You should see the file my_file.
4. Umount the share by entering the following:
umount /mnt
5. Close all open terminal windows.
(End of Exercise)

3038 03 Exercises

Загружено:

Сведения о документе

Исходное описание:

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

3038 03 Exercises

Загружено:

Авторское право:

Доступные форматы

Configure Network Services

SECTION 3 Configure Network Services

In this section of the workbook, you learn how to do the following:

Because configuring the services can be very complex, this section

The configuration is covered at the command-line level to show you

x The implementation of these services that you practice in the exercises

Exercise 3-1 Configure a DNS server

In this exercise, you configure a DNS master server by doing the

This exercise is designed to work with network card settings such as

Part I: Install BIND

Do the following on both SLES 9 servers:

5. In the Search field, enter bind; then select Search.

Part II: Configure a DNS Master Server

6. Enter the following zone configuration in the file:

digitalairlines.com. IN SOA your_FQHN.

9. Enter the following zone configuration in the file:

11. Open a second terminal window and su to root.

12. Enter the following command:

x One solution is to edit the digitalairlines.com.zone file by replacing

18. Delete all existing nameserver entries.

19. Add the following entry:

Exercise 3-2 Use the SLES 9 OpenLDAP server

In this exercise, you use the OpenLDAP server by doing the

Part II: Search the SLES 9 OpenLDAP Server

2. Make sure that the Search tab is selected.

11. Select the entry localhost; then select Edit.

12. From the server dialog, select Details.

13. In the Bind DN field enter the following:

15. Close the configuration dialog by selecting OK.

19. Double-click the result line.

Notice that access to the password is not granted to anonymous

21. When you finish, select Close.

Part III: Browse the SLES 9 OpenLDAP Server

Part IV: Use an LDIF File to Add a User

2. Save the file and close the text editor.

4. When prompted for a password, enter novell.

x If you are unsuccessful at authenticating as Administrator, try closing

11. Close the terminal window.

Exercise 3-3 Configure an Apache Web Server

In this exercise, you configure an Apache web server by doing the

x The file accounting.conf you create in this exercise can be difficult to

Part I: Install Apache

x If you installed a YOU server in one of the exercises in Section 1, the

11. To start Apache at boot time, enter the following:

Part II: Test the Installation

Part III: Configure a Virtual Host for the Accounting

x This file is also available on your 3038 Course CD in the directory

4. Adjust the file system permissions of the file by entering the

6. Copy the virtual host template file by entering the following:

10. Reload Apache by entering the following:

Part IV: Configure User Authentication

7. Reload the Apache server by entering the following:

Part V: Configure SSL

Table 3-1 Option Value

State or Province Name Utah

Locality Name Provo

Organization Name Digital Airlines

Organizational Unit Name Accounting

Common Name accounting.da.com

Email Address webmaster@da.com

8. Copy the files by entering the following commands:

x These lines are available in the file servername in the directory

13. Save and close the file.