Академический Документы
Профессиональный Документы
Культура Документы
In this section you learn how to install and configure four of the
most popular Linux network services at the command line:
n BIND
n OpenLDAP
n Apache
n Samba
However, you should make the services accessible from the Internet only if
you know how to secure your network from external security threats by using
technologies such as a firewall.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Before starting this exercise, you can verify that these are your
current settings by using the YaST Network Card module. If one or
more of these settings is incorrect, change them before continuing
with the Network Card module.
x This exercise requires extensive typing to create your DNS files. To save you
some time, the files digitalairlines.com.zone and 10.0.0.zone are included
on your 3038 Course CD in the directory /exercises/section_3.
Workbook 3-2 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
Do the following:
1. Open a terminal window and su to root.
2. Open the file /etc/named.conf in a text editor.
3. Scroll down and add the following 2 zone statements after the
existing zone statements:
zone “digitalairlines.com” in {
type master;
file “master/digitalairlines.com.zone”;
};
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
};
4. Save and close the file.
5. Create a new file digitalairlines.com.zone in the directory
/var/lib/named/master/.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-3
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
digitalairlines.com. IN NS your_FQHN.
da10 IN A 10.0.0.10
da11 IN A 10.0.0.11
da12 IN A 10.0.0.12
The SOA record (including root.digitalairlines.com.) must be
on a single line. Replace your_FQHN in the SOA and NS
records with da50.digitalairlines.com. Use the current date and
“01” as the serial number (such as 2005071501).
Make sure you include all periods where indicated.
7. Save and close the file.
8. Create a new file 10.0.0.zone in the directory
/var/lib/named/master/.
Workbook 3-4 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
IN NS your_FQHN.
10 IN PTR da10.digitalairlines.com.
11 IN PTR da11.digitalairlines.com.
12 IN PTR da12.digitalairlines.com.
The SOA record (including root.digitalairlines.com.) must be
on a single line. Replace your_FQHN in the SOA and NS
records with da50.digitalairlines.com. Use the current date and
“01” as the serial number (such as 2005071501).
Make sure you include all periods where indicated.
10. Save and close the file.
tail -f /var/log/messages
13. Switch to the first terminal window and start bind with the
following command:
rcnamed start
x If there are errors in the file /etc/named, they are noted in the output
(with specific references and line numbers). The named daemon will not
start until these errors are fixed.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-5
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
14. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR type or file not found.
15. If any errors occur, try to fix them and restart bind.
16. From the first terminal window, start bind automatically when
the system is booted by entering the following:
insserv named
17. Open the file /etc/resolv.conf in a text editor.
nameserver 10.0.0.50
20. Save and close the file.
21. Verify that your DNS master server works by entering the
following command:
host da10.digitalairlines.com
22. Close the terminal windows.
x For additional information and steps on setting up a DNS slave server, see
Exercise 3-1 in your SUSE LINUX Advanced Administration manual.
(End of Exercise)
Workbook 3-6 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
Part I: Install GQ
Do the following:
1. From the KDE menu, select System > YaST.
2. Enter the root password and select OK.
3. From the YaST Control Center, select Software > Install and
Remove Software.
4. From the filter drop down menu, select Search.
5. In the Search field, enter gq; then select Search.
6. On the right, select the gq package.
7. Install the GQ application by selecting Accept.
8. Insert the requested SLES 9 CD.
9. When the installation is complete, close the YaST Control Center
and remove the CD.
Do the following:
1. From the KDE menu, select System > GQ LDAP Client.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-7
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
cn=Administrator,dc=digitalairlines,dc=com
14. Close the server dialog by selecting OK.
16. Make sure that the search fields still contain the previously
entered query.
17. Select Find.
18. When prompted for a password, enter novell; then select OK.
20. Make sure that you can see the userPassword entry for geeko.
Workbook 3-8 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
Do the following:
1. From the GQ application, select Browse.
2. On the left, expand localhost.
3. Expand dc=digitalairlines,dc=com.
4. Expand people.
All users of the system are displayed. At the moment, this only
includes geeko.
5. Select geeko.
The user information for geeko appears on the right.
6. Close the GQ window.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-9
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Do the following:
1. With a text editor, create a file named tux.ldif in the directory
/tmp with the following content.
dn:uid=tux,ou=people,dc=digitalairlines,dc=com
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
cn: Tux Penguin
gidNumber: 100
givenName: Tux
homeDirectory: /home/tux
loginShell: /bin/bash
shadowInactive: -1
shadowLastChange: 12609
shadowMax: 99999
shadowMin: 0
shadowWarning: 7
sn: Penguin
uid: tux
userPassword: {crypt}GpyJ3/OQgLxZE
uidNumber: 1010
x You can also copy the LDIF file tux.ldif from the directory
/exercises/section_3 from your 3038 Course CD to the directory /tmp.
Workbook 3-10 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
You do not have to be root to enter the ldapadd command; however, you
need to be root for the commands that follow.
5. Create the home directory for the user tux by entering the
following:
cp -a /etc/skel/ /home/tux
6. Adjust the file system permissions by entering the following
commands:
chown -R tux:users /home/tux/
7. Log out as root by entering exit.
8. Switch to the user tux by entering the following:
su - tux
9. Log in to the tux user account by entering a password of Novell.
10. Log out as tux by pressing Ctrl+D.
(End of Exercise)
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-11
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Do the following:
1. From the KDE start menu, select System > YaST; then enter a
password of novell and select OK.
2. From the YaST Control Center, select Software > Install and
Remove Software.
3. From the filter drop-down menu, select Search.
4. In the Search field, enter apache; then select Search.
5. On the right side, select the following packages.
q apache2
q apache2-example-pages
q apache2-prefork
Workbook 3-12 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
6. Select Accept.
7. (Conditional) If YaST displays package dependencies, confirm
by selecting Continue.
8. When prompted, insert the requested SLES 9 CDs in the drive.
9. When installation is complete, close the YaST Control Center
and remove the CD.
10. Open a terminal window and su to root.
insserv apache2
12. To start the Apache daemon, enter the following:
rcapache2 start
Do the following:
1. From the KDE menu, select Internet > Web Browser.
2. In the address bar of the web browser, enter the following:
http://localhost
If the Apache example page appears, the web server has been
installed and started correctly.
3. (Conditional) If you are having problems displaying the page,
you need to rename the file /srv/www/htdocs/index.html.en to
/srv/www/htdocs/index.html.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-13
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Do the following:
1. From the terminal window (as root), create a directory for the
virtual host by entering the following:
mkdir /srv/www/accounting
2. Adjust the file system permissions by entering the following:
chown wwwrun /srv/www/accounting/
3. In the new directory, create a file index.html with the following
content:
<html>
<head>
<title>Accounting Intranet Server</title>
</head>
<body>
<h1>Accounting Intranet</h1>
Under construction.
</body>
</html>
Workbook 3-14 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-15
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
rcapache2 reload
11. From the Konqueror browser, access the virtual host by entering
the following:
http://accounting.da.com
The accounting intranet page is displayed.
12. Close the Konqueror browser.
Do the following:
1. From the terminal window (as root), create the file htpasswd and
add the user geeko to it by entering the following:
htpasswd2 -c /etc/apache2/htpasswd geeko
2. When prompted for a password, enter novell (twice).
3. Open the virtual host configuration file
/etc/apache2/vhosts.d/accounting.conf in a text editor.
4. Find the following directory directive:
<Directory “/srv/www/accounting/”>
5. Within this directory block, add the following lines:
AuthType Basic
AuthName “Accounting Intranet”
AuthUserFile /etc/apache2/htpasswd
Require user geeko
6. Check the syntax of the configuration file by entering the
following command:
apache2ctl configtest
Workbook 3-16 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
Do the following:
1. From the terminal window (as root), create the file random by
entering the following:
cat /dev/random > /tmp/random
2. Press some keys on the keyboard to generate random events
which help to create the file.
3. Stop the process after about 15 seconds by pressing Ctrl+C.
4. Generate a server key by entering the following (on one line):
openssl genrsa -des3 -out /tmp/accounting.key -rand
/tmp/random 1024
5. When prompted for a pass phrase, enter novell (twice).
6. Sign the key by entering the following (on one line):
openssl req -new -x509 -key /tmp/accounting.key
-out /tmp/accounting.crt
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-17
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
7. When prompted for a pass phrase, enter novell; then enter the
following information:
Country Name US
Workbook 3-18 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
ServerName accounting.da.com
to
ServerName accounting.da.com:443
12. Add the following lines after the ServerName directive:
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+
LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/accounting.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/accounting.key
The lines starting with SSLCipherSuite, ALL:, and LOW:
should be on one line.
16. From the terminal window, check the syntax of the configuration
file by entering the following:
apache2ctl configtest
17. Restart Apache by entering the following:
rcapache2 restart
18. When prompted for the pass phrase, enter novell.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-19
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
19. As the pass phrase has to be entered every time the server starts,
you can prevent the server from being started automatically at
boot by entering the following:
insserv -r apache2
20. From the Konqueror browser, enter the following:
https://accounting.da.com/
As the certificate used in this exercises is self-signed, the
browser displays a warning.
21. In the warning dialogs, select Continue and Forever to view the
web site.
22. In the login dialog, enter a username of geeko with a password of
novell.
23. After the page displays, close the Konqueror browser and all
other open windows.
(End of Exercise)
Workbook 3-20 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
In this exercise, you configure a file server with Samba by doing the
following:
n Part I: Install Samba
n Part II: Configure a Share for the User Geeko
n Part III: Access the Share of the User Geeko With smbclient
n Part IV: Mount Geeko's Share
Do the following:
1. From the KDE start menu, select System > YaST.
2. When prompted for the root password, enter novell; then select
OK.
3. From the YaST Control Center, select
Software > Install and Remove Software.
4. From the filter drop-down menu, select Search.
5. In the search field, enter samba; then select Search.
6. On the right, select the following packages:
q samba
q samba-client (if not already selected)
7. Install the selected packages by selecting Accept.
Do the following:
1. From a terminal window, su to root.
2. Change to the directory /etc/samba.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-21
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
[geeko-dir]
comment = Geeko Directory
path = /srv/samba/geeko
valid users = geeko
read only = no
Workbook 3-22 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
Configure Network Services
10. Add geeko to the file smbpasswd file by entering the following:
smbpasswd -a geeko
11. When prompted for a password, enter novell (twice).
rcsmb start
rcnmb start
Part III: Access the Share of the User Geeko With smbclient
Do the following:
1. Open a terminal window as a normal user.
2. Access Geeko's share by entering the following:
smbclient -U geeko //localhost/geeko-dir
3. When prompted for a password, enter novell.
4. Display all available commands of smbclient by entering the
following:
help
5. List the content of the share by entering the following:
ls
6. Copy the file my_file to the current directory by entering the
following:
get my_file
7. Exit smbclient by pressing Ctrl+D.
8. Verify that the file my_file has been copied to the current
directory by entering ls.
Version 1 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Workbook 3-23
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.
SUSE LINUX Advanced Administration/Self-Study Workbook
Do the following:
1. From the terminal window, su to root.
2. Mount geeko's share in the directory /mnt by entering the
following:
mount -t smbfs -o username=geeko,password=novell
//localhost/geeko-dir /mnt
3. Display the content of the mounted share by entering the
following:
ls /mnt/
You should see the file my_file.
4. Umount the share by entering the following:
umount /mnt
5. Close all open terminal windows.
(End of Exercise)
Workbook 3-24 Copyright © 2010 Novell, Inc. Copying or distributing all or part of this manual is protected by Version 1
a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported license.