Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Chapter 8
Document related concepts
Wireless security wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Distributed firewall wikipedia , lookup
Server Message Block wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Transcript
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 8 Enable Infrastructure Services Objectives • Configure and Manage Network Printing Services • Configure Network File Systems • Manage Resources on the Network SUSE Linux Enterprise Server Administration (Course 3037) 2 Configure and Manage Network Printing Services • Objectives – Printers and Linux Support – CUPS and SUSE Linux Enterprise Server – How to Configure a SUSE Linux Enterprise Server Network Printer – How to Modify a SUSE Linux Enterprise Server Network Printer – How to Manage Printing from the Command Line – How to Access the CUPS Web Administration Tools – How to Troubleshoot the CUPS Print System SUSE Linux Enterprise Server Administration (Course 3037) 3 Printers and Linux Support • Check the following sources: – http://cdb.suse.de/ or http://hardwaredb.suse.de/ • SUSE Linux Enterprise Server printer database – www.linuxprinting.org/ • Contains printer database on linuxprinting.org – www.cs.wisc.edu/~ghost/ • Ghostscript Web page – file:/usr/share/doc/packages/ghostscript/catalog.devic es • This lists included drivers SUSE Linux Enterprise Server Administration (Course 3037) 4 CUPS and SUSE Linux Enterprise Server • CUPS (Common Unix Printing System) – Default printing system of the SLES • How CUPS handles print jobs – Print job is created by a user or a program – The file to print is saved in a queue – Printer daemon cupsd collects file to print from the queue – Printer receives the data and prints it – Print job is removed from the queue SUSE Linux Enterprise Server Administration (Course 3037) 5 CUPS and SUSE Linux Enterprise Server (continued) • How the cupsd daemon works – Printer daemon cupsd • Administers local queues and filters • Converts data to print to a printer-specific format – Steps • cupsd gets submitted print jobs from the queue – And sends them to the printer • cupsd then executes the print jobs in the queue in order • Data is converted to PostScript • Number of pages is determined with the tool pstops • Printer-specific filters start SUSE Linux Enterprise Server Administration (Course 3037) 6 CUPS and SUSE Linux Enterprise Server (continued) SUSE Linux Enterprise Server Administration (Course 3037) 7 How to Configure a SUSE Linux Enterprise Server Network Printer • SUSE Linux Enterprise Server and supported printing protocols – socket • Connection in which data is sent to an Internet socket – Without first performing a data handshake – LPD (Line Printer Daemon) • • • • Printer queue is sent before the actual print data Accepts any name as the printer queue Port number for an LPD service is 515 Device URI example: lpd://host-printer/LPT1 SUSE Linux Enterprise Server Administration (Course 3037) 8 How to Configure a SUSE Linux Enterprise Server Network Printer (continued) • SUSE Linux Enterprise Server and supported printing protocols (continued) – IPP (Internet Printing Protocol) • • • • Based on the HTTP protocol Transmits much more job-related data CUPS uses IPP for the internal data transmission Port number for IPP is 631 – SMB (Standard Message Block) • Can print on printers connected to Windows shares • Port numbers 137, 138, and 139 SUSE Linux Enterprise Server Administration (Course 3037) 9 How to Configure a SUSE Linux Enterprise Server Network Printer (continued) • SUSE Linux Enterprise Server and PostScript printers – PPD (PostScript Printer Description) • Computer language that describes the properties and options of PostScript printers – During installation a lot of PPD files are preinstalled – If a PostScript printer is configured • Get a suitable PPD file and store it in the directory /usr/share/cups/model/ SUSE Linux Enterprise Server Administration (Course 3037) 10 How to Configure a SUSE Linux Enterprise Server Network Printer (continued) • How to configure a network printer with YaST – – – – Start YaST Printer module Add a new printer manually Select the printer type Save the configuration by selecting Finish SUSE Linux Enterprise Server Administration (Course 3037) 11 How to Configure a SUSE Linux Enterprise Server Network Printer (continued) SUSE Linux Enterprise Server Administration (Course 3037) 12 How to Configure a SUSE Linux Enterprise Server Network Printer (continued) SUSE Linux Enterprise Server Administration (Course 3037) 13 How to Configure a SUSE Linux Enterprise Server Network Printer (continued) SUSE Linux Enterprise Server Administration (Course 3037) 14 How to Configure a SUSE Linux Enterprise Server Network Printer (continued) • How to configure a network from the command line – Use lpadmin command • lpadmin -p <queue> -v <device-URI> -P <PPD-file> -E – Enable a parallel printer example • lpadmin -p ps -v parallel:/dev/lp0 -P /usr/share/cups/model/Postscript.ppd.gz –E – Enable a network printer example • lpadmin -p ps -v socket://192.168.1.0:9100/ -P /usr/share/cups/model/Postscript-level1.ppd.gz -E SUSE Linux Enterprise Server Administration (Course 3037) 15 How to Modify a SUSE Linux Enterprise Server Network Printer • How to modify a network printer with YaST – – – – – – Start YaST Printer module Select Change Edit an existing network printer configuration Select an option area; then select Edit Save the configuration Close YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037) 16 How to Modify a SUSE Linux Enterprise Server Network Printer (continued) SUSE Linux Enterprise Server Administration (Course 3037) 17 How to Modify a SUSE Linux Enterprise Server Network Printer (continued) SUSE Linux Enterprise Server Administration (Course 3037) 18 How to Modify a SUSE Linux Enterprise Server Network Printer (continued) • How to modify a network printer from the command line – List all options for a printer • lpoptions -p queue-name -l – Change an option using the lpadmin command – Check the new setting • lpoptions -p queue-name -l SUSE Linux Enterprise Server Administration (Course 3037) 19 How to Modify a SUSE Linux Enterprise Server Network Printer (continued) • How to modify printer settings from KDE – kprinter • KDE utility for changing the properties of a printer stored in its ppd file – Steps • Start kprinter from an application – Or from the command line by entering kprinter • Select the printer you want to modify • Save new configuration SUSE Linux Enterprise Server Administration (Course 3037) 20 How to Modify a SUSE Linux Enterprise Server Network Printer (continued) SUSE Linux Enterprise Server Administration (Course 3037) 21 How to Modify a SUSE Linux Enterprise Server Network Printer (continued) SUSE Linux Enterprise Server Administration (Course 3037) 22 How to Manage Printing from the Command Line • Basic printer management – /usr/bin/enable printer • Starts a printer queue for the indicated printer – /usr/bin/disable printer • Stops a printer queue for the indicated printer – /usr/sbin/reject printer • Rejects print jobs for the indicated printer – /usr/sbin/accept printer • Accepts print jobs for the indicated printer SUSE Linux Enterprise Server Administration (Course 3037) 23 How to Manage Printing from the Command Line (continue) • CUPS printer commands – CUPS provides two kinds of commands • Berkeley3 and System V – Submit a print job • Berkeley: lpr -P queue file • System V: lp -d queue file – Display print jobs • Berkeley: lpq -P queue • System V: lpstat -o queue -p queue SUSE Linux Enterprise Server Administration (Course 3037) 24 How to Manage Printing from the Command Line (continue) • CUPS printer commands (continued) – Cancel print jobs • Berkeley: lprm -P queue jobnumber • System V: cancel queue-jobnumber – Configure a queue • lpoptions -p queue -l • lpoptions -p queue -o option=value – Changes the options of a queue SUSE Linux Enterprise Server Administration (Course 3037) 25 How to Manage Printing from the Command Line (continue) • SUSE Linux Enterprise Server printer commands – Disable a print queue • /usr/bin/disable queue – Enable a print queue • /usr/bin/enable queue – Reject print jobs • /usr/bin/reject queue – Accept print jobs • /usr/bin/accept queue SUSE Linux Enterprise Server Administration (Course 3037) 26 How to Access the CUPS Web Administration Tools • Enter the following: – http://localhost:631 • You can manage printer classes, jobs, and printers • root must be set up as a CUPS administrator – With CUPS administration group sys and a CUPS password • Do this as the root user by entering: – lppasswd -g sys -a root SUSE Linux Enterprise Server Administration (Course 3037) 27 How to Access the CUPS Web Administration Tools (continued) SUSE Linux Enterprise Server Administration (Course 3037) 28 How to Troubleshoot the CUPS Print System • Set the log level to record errors – Messages are written to /var/log/cups/error_log – By default, only inquiries and status changes are logged to the file – Change LogLevel option in cupsd configuration file • /etc/cups/cupsd.conf – Restart CUPS by entering rccups restart • Check the access log – File /var/log/cups/access_log • Logs every access to the CUPS daemon SUSE Linux Enterprise Server Administration (Course 3037) 29 How to Troubleshoot the CUPS Print System (continued) SUSE Linux Enterprise Server Administration (Course 3037) 30 How to Troubleshoot the CUPS Print System (continued) • Perform basic troubleshooting – Set LogLevel to debug in the /etc/cups/cupsd.conf – Stop cupsd by entering rccupsd stop – Avoid searching through large log files • By renaming the file /var/log/cups/error_log – Start cupsd by entering rccupsd start – Repeat the action that led to the problem – Check the messages in /var/log/cups/error_log • To identify the cause of the problem SUSE Linux Enterprise Server Administration (Course 3037) 31 Exercise 8-1 Configure CUPS Network Printing Services • In this exercise, you do the following: – – – – – Part I: Add a Printer to the Network with YaST Part II: Manage the Printer from the Command Line Part III: Manage the Printer with YaST Part IV: Provide Access to the CUPS Administrator Part V: Print to a Remote CUPS Printer SUSE Linux Enterprise Server Administration (Course 3037) 32 Configure Network File Systems • Objectives – Network File System (NFS) – Samba (CIFS) SUSE Linux Enterprise Server Administration (Course 3037) 33 Network File System (NFS) • Network File System (NFS) – Lets you configure an NFS file server • That gives users transparent access to programs, files, or storage space on the server • Network File System basics – Requires a NFS server and NFS clients – File systems are exported by an NFS server • And appear and behave on a NFS client – Used with Network Information Service (NIS) • To provide centralized user management on a network SUSE Linux Enterprise Server Administration (Course 3037) 34 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 35 Network File System (NFS) (continued) • Network File System basics – A computer can be both a NFS server and client – NFS server generally has a very large hard disk capacity – NFS daemon is part of the kernel • The start script is /etc/init.d/nfsserver • How NFS works – NFS and NIS are Remote Procedure Call (RPC) services SUSE Linux Enterprise Server Administration (Course 3037) 36 Network File System (NFS) (continued) • How NFS works – Portmapper • Manages RPC services – When an RPC service starts up • It binds to a port in the system • Communicates this port to the portmapper – File locking activated through script /etc/init.d/nfslock – Use command /etc/init.d/nfsserver to start NFS server – NFS service daemon (/usr/sbin/rpc.nfsd) • Starts the required kernel threads SUSE Linux Enterprise Server Administration (Course 3037) 37 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 38 Network File System (NFS) (continued) • How NFS works (continued) – mount daemon (/usr/sbin/rpc.mountd) • Accepts mount request and compares it with the entries in the configuration file /etc/exports – By default, four server threads are started • NFS configuration overview – Configuration settings are stored in /etc/exports – Client-side configuration file /etc/fstab – NFS server and clients can be configured with YaST • You can also modify the configuration files directly SUSE Linux Enterprise Server Administration (Course 3037) 39 Network File System (NFS) (continued) • How to configure NFS server with YaST – – – – – – Start YaST NFS Server module Select Start NFS Server; then select Next Add a directory for export Add other directories by selecting Add directory Add, edit, or delete a host for a directory Save the configuration by selecting Finish SUSE Linux Enterprise Server Administration (Course 3037) 40 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 41 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 42 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 43 Network File System (NFS) (continued) • How to configure NFS server manually – – – – Check for service (daemon) availability Configure the services to be available at bootup Define exported directories in /etc/exports Set permissions for exported directories in /etc/exports – Restart mountd and nfsd • How to temporarily export a directory – Use command exportfs SUSE Linux Enterprise Server Administration (Course 3037) 44 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 45 Network File System (NFS) (continued) • How to configure NFS client access with YaST – – – – – Start the YaST NFS Client module Add a directory to the list by selecting Add Configure the directory Save the NFS client settings by selecting Finish Close the YaST Control Center SUSE Linux Enterprise Server Administration (Course 3037) 46 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 47 Network File System (NFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 48 Network File System (NFS) (continued) • How to configure and mount NFS directories – Mount NFS directories automatically • • • • Make corresponding entries in the file /etc/fstab Start script /etc/init.d/nfs loads the file /etc/fstab Have the system read changes by entering mount -a Activate start script of NFS client with insserv nfs – Import directories manually from an NFS server • Use command mount • Run RPC port mapper as root – Use rcportmap start SUSE Linux Enterprise Server Administration (Course 3037) 49 Network File System (NFS) (continued) • How to configure and mount NFS directories – Import directories manually from an NFS server • Use –t option to indicate file system type • Use –o option to mount directory like a local partition – soft (opposite:hard) – bg (default:bg) – rsize=n – wsize=n – retry=n – nosuid – nodev SUSE Linux Enterprise Server Administration (Course 3037) 50 Network File System (NFS) (continued) • How to monitor the NFS system – rpcinfo –p • Displays information about the portmapper • -p option displays all programs registered with the portmapper – NFS server daemon registers itself with the name nfs – showmount • Displays information about the exported directories of an NFS server SUSE Linux Enterprise Server Administration (Course 3037) 51 Exercise 8-2 Set Up and Manage Network File System (NFS) • In this exercise, you do the following: – Part I: Add a Remote File System to the NFS Client – Part II: Set Up an NFS Server SUSE Linux Enterprise Server Administration (Course 3037) 52 Samba (CIFS) • Samba – Implements Microsoft networking protocols – Server Message Block (SMB) • Protocol for sharing resources between networked computers – Common Internet File System (CIFS) • Implementation of SMB over native TCP/IP • Does not require NetBIOS SUSE Linux Enterprise Server Administration (Course 3037) 53 Samba (CIFS) (continued) • Samba features and version – Support for Active Directory – Much improved Unicode support – Complete revision of the internal authentication mechanisms – Improved support for the Windows 200x/XP printing system – The ability to set up servers as member servers in Active Directory domains – Adoption of an NT4 domain, enabling the migration from an NT4 domain to a Samba domain SUSE Linux Enterprise Server Administration (Course 3037) 54 Samba (CIFS) (continued) • Samba client support on Linux – TCP/IP protocol must be installed on all computers – Samba provides a client for the different UNIX versions – SMB server share • Provides hard disk space to their clients • Share includes a directory and its subdirectories on the server • Can be accessed by its name – Printer is also assigned a name SUSE Linux Enterprise Server Administration (Course 3037) 55 Samba (CIFS) (continued) • Samba services and configuration files – rcnmb start && rcsmb start • Starts services required by Samba – rcsmb stop && rcnmb stop • Stops Samba services – /etc/samba/smb.conf • Samba configuration file • Sections – [global] section – [share] sections SUSE Linux Enterprise Server Administration (Course 3037) 56 Samba (CIFS) (continued) • Samba services and configuration files (continued) – [global] section configuration • Parameters – workgroup = TUX-NET – netbiosname = MYNAME – os level = 2 – wins support and wins server – [cdrom] shares configuration example comment = Linux CD-ROM path = /media/cdrom locking = No SUSE Linux Enterprise Server Administration (Course 3037) 57 Samba (CIFS) (continued) • Samba services and configuration files (continued) – [homes] shares configuration example comment = Home Directories valid users = %S browseable = No read only = No create mask = 0640 directory mask = 750 inherit permissions = Yes SUSE Linux Enterprise Server Administration (Course 3037) 58 Samba (CIFS) (continued) • Samba services and configuration files (continued) – Share password protection • Each share access can be protected with a password • SMB has three possible ways of checking permissions – Share Level Security (security = share) – User Level Security (security = user) – Server Level Security (security = server) SUSE Linux Enterprise Server Administration (Course 3037) 59 Samba (CIFS) (continued) • How to configure a Samba server with YaST – Start the YaST Samba Server module – Select an available workgroup or domain on the network – Continue by selecting Next – Select a domain controller type for your Samba server SUSE Linux Enterprise Server Administration (Course 3037) 60 Samba (CIFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 61 Samba (CIFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 62 Samba (CIFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 63 Samba (CIFS) (continued) • How to configure a Samba server with YaST – Configure the system services to start on bootup by selecting On – Display a list of configured shares by selecting Shares – Display options for configuring the Samba server identity by selecting Identity – Display a list of trusted domains by selecting Trusted Domains – Save the settings by selecting Finish – Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037) 64 Samba (CIFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 65 Samba (CIFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 66 Samba (CIFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 67 Samba (CIFS) (continued) • How to configure a Samba client with YaST – Start the YaST Samba Client module – Enter name of a workgroup or NT domain for the Samba client membership – Allow for verification of passwords against an NT server – Save the Samba client configuration settings by selecting Finish – Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037) 68 Samba (CIFS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 69 How to Monitor and Test Samba • Diagnosis tools – /usr/bin/testparm • Performs a syntax check of /etc/samba/smb.conf – /usr/bin/nmblookup • Displays the registered local or remote names of a host – /usr/bin/smbclient • Checks network resources and establishes connections – /usr/bin/smbstatus • Lists current existing connections to the Samba server SUSE Linux Enterprise Server Administration (Course 3037) 70 How to Monitor and Test Samba (continued) • How to start and test Samba – Samba needs /etc/samba/smb.conf file • With an entry about the workgroup – rcsmb start • Makes host visible with its host name in a Windows environment – nmblookup • Checks whether the new Samba host is already visible – In the network environment SUSE Linux Enterprise Server Administration (Course 3037) 71 Exercise 8-3 Configure a Basic Samba Server • In this exercise, you do the following: – Part I: Configure the Samba Client – Part II: Configure the Samba Server SUSE Linux Enterprise Server Administration (Course 3037) 72 Manage Resources on the Network • Objectives – Network Information Service (NIS) – LDAP SUSE Linux Enterprise Server Administration (Course 3037) 73 Network Information Service (NIS) • Network Information Service basics – Database system – Allows centralized administration of configuration files – Enables centralized user management and printer administration – Makes administration of large networks easier – NIS server stores files to distribute over the whole network in maps SUSE Linux Enterprise Server Administration (Course 3037) 74 Network Information Service (NIS) (continued) • NIS domain components – Master server • Stores all important configuration files distributed across the network – And distributes them to slave servers • Processes NIS clients’ requests – Slave server • Helps the master server process requests – NIS clients • Retrieve configuration files from the NIS server SUSE Linux Enterprise Server Administration (Course 3037) 75 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 76 Network Information Service (NIS) (continued) • NIS configuration overview – /etc/defaultdomain stores name of NIS domain – /etc/yp.conf stores NIS server to address – On a slave server • First the local NIS server should be addressed • Then any other existing slave servers – NIS client must be configured so it uses the NIS maps • Instead of or in addition to the local configuration files • Modify configuration file /etc/nsswitch.conf SUSE Linux Enterprise Server Administration (Course 3037) 77 Network Information Service (NIS) (continued) • How to configure a NIS master server with YaST – Start YaST NIS Server module – Do one of the following: • If no NIS server exists select Create NIS Master Server • If you already have a NIS master server select Create NIS Slave Server • Quit the NIS server setup SUSE Linux Enterprise Server Administration (Course 3037) 78 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 79 Network Information Service (NIS) (continued) • How to configure a NIS master server with YaST (continued) – Create a NIS Master Server SUSE Linux Enterprise Server Administration (Course 3037) 80 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 81 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 82 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 83 Network Information Service (NIS) (continued) • How to configure a NIS master server manually – Make sure software packages are installed – Generate symbolic links to start NIS server automatically – Set NIS domain name – Check configuration files – Create NIS maps – Check additional configuration files SUSE Linux Enterprise Server Administration (Course 3037) 84 Network Information Service (NIS) (continued) • How to configure maps manually – – – – – – Makefile (/var/yp/Makefile) is evaluated NIS domain name must be set ypdomainname displays the domain name ypdomainnam domain_name sets domain name Create NIS maps with make Makefile evaluates NIS domain names • And creates a directory in /var/yp/ – make –C /var/yp -s includes new user in NIS maps SUSE Linux Enterprise Server Administration (Course 3037) 85 Network Information Service (NIS) (continued) • How to configure a slave server on the master server – Use YaST – Select Active Slave NIS server exists – Select Fast Map distribution • To start the YP transfer daemon – Slave servers entered in YaST are written to /var/yp/ypservers SUSE Linux Enterprise Server Administration (Course 3037) 86 Network Information Service (NIS) (continued) • How to configure a slave server only – – – – – – – – Start YaST NIS Server module Select Create NIS Slave Server > Next Package ypserv is needed on the slave server Set symbolic links for starting in the corresponding runlevels Slave server is given the name of the NIS domain Decide if slave server should function as a NIS client Slave server requests maps from the master server Maps are also stored in /var/yp/NIS-domain-name/ SUSE Linux Enterprise Server Administration (Course 3037) 87 Network Information Service (NIS) (continued) • How to configure a NIS client with YaST – Start YaST NIS Client module – Make sure Use NIS is selected – Do one of the following: • Select Automatic Setup (via DHCP) • Select Static Setup – – – – Enter static configuration values (conditional) Select Start Automounter (conditional) Access additional configuration options Save configuration settings SUSE Linux Enterprise Server Administration (Course 3037) 88 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 89 Network Information Service (NIS) (continued) • How to configure NIS users with YaST – – – – – – – – Create a directory for NIS network users Start YaST Edit and create users module Select Set Filter; then select Local Users Create a new user by selecting Add Enter a full user name, user login ID, and password Select Details Enter the home directory for the user Add the user by selecting Create SUSE Linux Enterprise Server Administration (Course 3037) 90 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 91 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 92 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 93 Network Information Service (NIS) (continued) • How to configure NIS users with YaST (continued) – With the new user selected, select Set Filter • Then select NIS Users – – – – – Save changes Open a terminal window Change to the directory /var/yp/ Update the NIS maps by entering make From Yast Control Center, select Security and Users > Edit and Create Users – Select Set Filter > NIS Users SUSE Linux Enterprise Server Administration (Course 3037) 94 Network Information Service (NIS) (continued) • NIS security considerations – Configure access restriction in file /var/yp/securenets – Networks that require access to the NIS server • Must be listed in this file – Entries for individual computers can also be made • With the keyword host – Only IP addresses are valid in /var/yp/securenets SUSE Linux Enterprise Server Administration (Course 3037) 95 Network Information Service (NIS) (continued) • NIS utilities – /bin/ypdomainname • Displays the name of the current NIS domain • Sets a new domain name – /usr/bin/ypwhich • Displays the NIS server used by the client • Queries NIS client on other machines for the server addressed – /usr/bin/ypcat • Displays the contents of a NIS database file (map) SUSE Linux Enterprise Server Administration (Course 3037) 96 Network Information Service (NIS) (continued) • NIS utilities (continued) – /usr/bin/ypmatch • Queries the key field of a NIS map and has the corresponding entry for the field displayed – /usr/bin/yppasswd • Changes the password of the user on the NIS server – /usr/bin/yppoll • Displays ID number of a NIS map used by the NIS server SUSE Linux Enterprise Server Administration (Course 3037) 97 Network Information Service (NIS) (continued) SUSE Linux Enterprise Server Administration (Course 3037) 98 Exercise 8-4 Enable Network Information Service (NIS) on Your Network • In this exercise, you do the following: – – – – – – Part I: Configure a NIS Server YaST Part II: Create a NIS User Part III: Update the NIS Maps Part IV: Verify a Local NIS Configuration Part V: Prepare for NIS Network Users Part VI: Configure the NIS Client Using YaST SUSE Linux Enterprise Server Administration (Course 3037) 99 LDAP • LDAP (Lightweight Directory Access Protocol) – – – – Internet communications protocol Lets client applications access Directory information Based on the X.500 Directory Access Protocol (DAP) OpenLDAP package contains • slapd • slurpd • slapcat, slapadd, slapindex SUSE Linux Enterprise Server Administration (Course 3037) 100 LDAP (continued) • LDAP versus NIS – NIS is only designed for Linux/UNIX platforms – LDAP service is not restricted to pure Linux/UNIX networks – LDAP can be applied to any centrally administered data structure • • • • Replacement for NIS Mail routing (postfix, sendmail) Address books for mail clients Administration of zone descriptions for a BIND9 name server SUSE Linux Enterprise Server Administration (Course 3037) 101 LDAP (continued) • Structure of an LDAP directory tree – Directory information tree (DIT) • LDAP directory tree – Distinguished name or DN • Complete path to a desired entry (object) – Relative distinguished name or RDN • Single nodes along the path to the entry – Types of objects • container • leaf SUSE Linux Enterprise Server Administration (Course 3037) 102 LDAP (continued) SUSE Linux Enterprise Server Administration (Course 3037) 103 LDAP (continued) • Structure of an LDAP directory tree (continued) – Schema • Definition of which types of objects can be stored in DIT – Object class • Defines what attributes the object must or can be assigned SUSE Linux Enterprise Server Administration (Course 3037) 104 LDAP (continued) • How to configure an LDAP server with YaST – – – – – – – Start the YaST LDAP Server module Start the LDAP server by selecting Yes Configure the LDAP server by selecting Configure View the configuration settings LDAP settings categories Save the LDAP server setting by selecting Finish Close the YaST Control Center (optional) SUSE Linux Enterprise Server Administration (Course 3037) 105 LDAP (continued) SUSE Linux Enterprise Server Administration (Course 3037) 106 LDAP (continued) SUSE Linux Enterprise Server Administration (Course 3037) 107 LDAP (continued) • How to configure an LDAP client with YaST – – – – – – – – – Start the YaST LDAP Client module Enable user authentication with an LDAP server Enter the distinguished name of the search base Enter the IP address of the LDAP server Select LDAP TLS/SSL (conditional) Select LDAP version 2 (conditional) Configure advanced LDAP settings Automatically mount directories on remote hosts Save the settings SUSE Linux Enterprise Server Administration (Course 3037) 108 LDAP (continued) SUSE Linux Enterprise Server Administration (Course 3037) 109 LDAP (continued) • How to configure users for LDAP authentication – – – – – – – Start the YaST Edit and create users module Select Set Filter > Local Users From the user list, select a user; then select Edit Select Details Continue by selecting Next Edit an attribute value When you finish, continue by selecting Next SUSE Linux Enterprise Server Administration (Course 3037) 110 LDAP (continued) SUSE Linux Enterprise Server Administration (Course 3037) 111 LDAP (continued) SUSE Linux Enterprise Server Administration (Course 3037) 112 Summary • SLES uses the CUPS printing system • Configure CUPS with: – – – – YaST lpadmin CUPS Web Administration tool Modifying configuration files • CUPS log files – /var/log/cups/error_log – /var/log/cups/access_log • Print jobs are sent to a queue directory SUSE Linux Enterprise Server Administration (Course 3037) 113 Summary (continued) • lp and lpr commands – May be used to create print jobs • lpstat or lpq commands – Display print jobs in the print queue • lpoptions command – Modifies print options • NFS – Used to share files amongst Linux and UNIX • Samba – Shares files between Linux, UNIX, and Windows SUSE Linux Enterprise Server Administration (Course 3037) 114 Summary (continued) • NIS is unique to UNIX and Linux operating systems • NIS clients obtain information from a NIS master server or NIS slave servers • LDAP service provides the same functionality as NIS – But is supported by nearly all operating systems • LDAP resources are organized into a directory information tree • YaST may be used to configure LDAP SUSE Linux Enterprise Server Administration (Course 3037) 115
