07- Network Administration2

© S

aman

tha

Indi

ka

Prepared by : Samantha Indika | MCT, ACS, CEH, CCNA, BCS (Certificate), MCS (SL), MCITP, MCTS, MCSE + Security +

Messaging, MCSA + Security + Messaging, MCP1

• Cont.. Network Administration Configuring Printer Server CUPS Service (Common Unix Printing System) Check the RPMs

#rpm Δ -q Δ cups Δ system-config-printer

#service Δ cups Δ start

#ntsysv[*]cups

Installing a local printer for sharing System > Administration > Printing

Printer Name : Printer2Location : srvX

© S

aman

tha

Indi

ka



• Cont.. Network Administration

Local Network

• Serial• LPT• USB

Connection Types

To access already shared printer• AppSocket/HP Jet Direct

(Physical Printer Server)(HP Printer Server)

• IPP (WAN/Internet Printing)Eg : Google Cloud Printing

• LPD/LPR host or printer(Line Printer Daemon)(Line Printer Remote Protocol)Eg : Unix Printer Server

• Windows Printer via SAMBAEg : Windows Printer Server

© S

aman

tha

Indi

ka



• Cont.. Network Administration Since we want to share printer for our machines we have to select one of the locally

connected method Select Connection

LPT #1 Select the printer manufacture to install the device driver if the driver was provided

by manufacture you can select Provide PPD file and browse and give the driveHPSelect the printer model and the driver will be auto selected2000C/dev/lp0

Printer will be listed under local printers. If you wish to edit the properties of the printer select the printer’s name

Sharing the printer on the network Select the Printer’s Name :Printer2 Be sure the shared is enabled The shared printers will be visible under Remote Printers automatically on the clients

© S

aman

tha

Indi

ka



• Cont.. Network Administration Sharing resources between Windows and Linux (Files/Folders/Printers) SAMBA Service “Opening windows to wider world”

What is Samba?"Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients." Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients.

© S

aman

tha

Indi

ka



• Cont.. Network Administration Steps

1. Check RPMs2. Start Windows Server 2003

Use VMWare Player or user separate PC

Accessing a Ms Windows PC from Linux Check the RPMs

#rpm Δ -q Δ samba-client

Configure Ms Windows PCWorkgroup : xxxxxx.localComputer Name : win2User Name : AdministratorPassword : 123456

© S

aman

tha

Indi

ka



• Cont.. Network Administration Accessing Linux PC from Ms Windows PC Check the RPMs

#rpm Δ -q Δ samba

Set the SAMBA workgroup name according to Ms Windows workgroup name

#nano Δ /etc/samba/smb.conf

Workgroup Δ = Δ xxxxxx.local

Start the SAMBA service and add to the startup

#service Δ smb Δ start

#ntsysv[*]smb

© S

aman

tha

Indi

ka



• Cont.. Network Administration Now you will be able to see the SAMBA server through My Network Places in

Windows PC. But we won’t be able to access the SAMBA server unless we add our Linux user accounts to SAMBA Database.

Add Linux users to SAMBA database

#smbpasswd Δ –a linux username

New SMB password : 123Retype password : 123

Verify#pdbedit Δ –L

PasswordDatabase

List

© S

aman

tha

Indi

ka



• Cont.. Network Administration Remove Linux users from SAMBA database

#smbpasswd Δ –x linux username

Verify#pdbedit Δ –L

Now you will be able to access the SAMBA server from the new user accounts from Windows. By defaults the user’s home folders will be automatically shared through SAMBA and the user will be able to access it from Windows from full privileges.

Additionally if there were any shared Linux printers that also will be automatically shared through SAMBA

Sharing additional folders through SAMBA Create a folder for sharing

#mkdir Δ /data#ls Δ /

Remove

© S

aman

tha

Indi

ka



• Cont.. Network Administration Share the folder

#nano Δ /etc/samba/smb.confGo to end of file

[my data share] - Share namepath Δ = Δ /data - Folder to sharepublic Δ = Δ yes - All SAMBA users can access the folderwritable Δ = Δ yes - All SAMBA users can write into the folder

#service Δ smb Δ reload

By default normal SAMBA users won’t be able to write into the SAMBA share unless we change the ext3 permissions.

#ls Δ -ld Δ /data

© S

aman

tha

Indi

ka



• Cont.. Network Administration By default normal SAMBA users won’t be able to write into the SAMBA share unless

we change the ext3 permissions.

#ls Δ -ld Δ /data

Quick Fix

#chmod Δ 757 Δ /data#ls Δ -ld Δ /data

d

Directory

r w x

Owner(root user)

r - x

Group(root’s group)

r - x

Others(Normal

Linux User)

© S

aman

tha

Indi

ka



• Cont.. Network Administration Accessing a shared printer on Linux from Windows through SAMBA.

The printers will be automatically shared with Windows when you start the SAMBA service.

The only thing you have to do is to properly install it Windows.

Login as Administrator to the Windows PC.

Go through My Network Places and access the SAMBA Server where the printer is share.

Double-click on the Printer that you wish to configure.

© S

aman

tha

Indi

ka



• Cont.. Network Administration Internet Sharing & Controlling on the network

Squid Web Proxy ServiceSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on most available operating systems, including Windows and is licensed under the GNU GPL.

© S

aman

tha

Indi

ka




Check the RPMs#rpm Δ -q Δ squid

Before we can share the internet connection the Proxy Server must have direct connection to Internet

© S

aman

tha

Indi

ka




#system-config-network-tuiDefault Gateway : 192.168.1.1Primary DNS : 8.8.8.8

#service Δ network Δ restart

© S

aman

tha

Indi

ka



• Cont.. Network Administration Sharing the Internet Connection through Proxy

#nano Δ /etc/squid/squid.conf

acl Δ our_networks src 192.168.1.0/24

http_access allow our_networks

Start the Proxy Service and add it to the Startup#service Δ squid Δ start

#ntsysv[*]squid

Access Control

List

ACL Name ACL Tag IP range of the clients

ACL Name

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring a Proxy Client A proxy client is the application that we use to browse internet through proxy server.

Eg : Web Browser

Each application that you use to access Internet must be separately configured to access the Proxy Server.

Under normal circumstance we do not have to set the Default Gateway or the DNS on the Proxy Client.

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configure Mozilla FireFox Edit > Preferences > Advanced > Network > Settings

© S

aman

tha

Indi

ka



• Cont.. Network Administration Change Port #


Search (Ctrl + W) : http_port 31288080

#service Δ squid Δ restart

Generating Proxy report – SARG (Squid Analysis Report Generator)#rpm Δ -q Δ sarg

#service Δ squid Δ stop

Change permission#ls Δ –ld Δ /var/www/sarg#chmod Δ 777 Δ /var/www/sarg

© S

aman

tha

Indi

ka



• Cont.. Network Administration To make the report

#sarg

#service Δ squid Δ start

Access the report Computer > File System > var > www > sarg > index.html > R.C. & open with Web

Browser (Mozilla FireFox)

© S

aman

tha

Indi

ka



• Cont.. Network Administration Controlling Internet access through the Proxy


# http_access Δ deny Δ all

Ex1 : Blocking web sites by domain nameacl Δ rule1 Δ dstdomain Δ.facebook.com Δ.microsoft.com

# http_access Δ deny Δ rule1

#service Δ squid Δ reload

Access Control

List

ACL Name(Any

Name)

ACL Tag Domain Names

ACL Name

© S

aman

tha

Indi

ka



• Cont.. Network Administration Deny sites to a file

#nano Δ /etc/squid/denyurls

.yahoo.com

.hp.com

# http_access Δ deny Δ all

acl Δ rule2 Δ dstdomain Δ“/etc/squid/denyurls”



Access Control

List

ACL Name(Any

Name)

ACL Tag Domain Names

ACL Name

© S

aman

tha

Indi

ka



• Cont.. Network Administration Ex2 : Blocking web access by key words

acl Δ rule3 Δ url_regex Δ –i Δfree Δdownload Δ sex Δ mp3



Ex3 : Blocking protocolsacl Δ rule4 Δ proto Δ FTP



Access Control

List

ACL Name(Any

Name)

ACL Tag Key words

ACL Name

Access Control

List

ACL Name(Any

Name)

ACL Tag Protocol

ACL Name

© S

aman

tha

Indi

ka



• Cont.. Network Administration Ex4 : Allow a web site blocked by a key word Allow rules must come on the top of the rule list

acl Δ rule4 Δ url_regex Δ –i Δhttp://www.sussex.ac.uk

# http_access Δ allow Δ rule4


Access Control

List

ACL Name(Any

Name)

ACL Tag Full url

ACL Name

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring a DNS server for our Domain BIND Service (Berkeley Internet Naming Daemon)

BIND is an implementation of the DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including:•Domain Name System server •Domain Name System resolver library •Tools for managing and verifying the proper operation of the DNS server

© S

aman

tha

Indi

ka




Public Private

• Valid for LAN/WANEg : www.redhat.com

Domain Name

• Valid only for LANEg : softwise.local

gTLDS(generic Top-Level DomainS)• gov• com• mil• net• org• edu

ccTLDS(country code Top-Level DomainS)• uk• lk• au

© S

aman

tha

Indi

ka



• Cont.. Network Administration Public Domain Names must be registered using a valid Domain Registrar Example ; LK – www.nic.lk gTLDS ; www.godaddy.com

© S

aman

tha

Indi

ka




© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring 2nd Level DNS Server for our Domain

(1) Master(M) / Slave (S)#rpm Δ -q Δ bind Δ system-config-bind Δ caching-

nameserver

(2) M/S Set the local loopback IP as the Primary DNS server IP to indicate the machine is the

DNS server. Additionally set the Domain Name to use for the DNS service.

#system-config-network-tui

Primary DNS : 127.0.0.1Search : xxxxxx.local

Primary DNS(Master DNS)

Secondary DNS(Slave DNS)

DNS

© S

aman

tha

Indi

ka



• Cont.. Network Administration#service Δ network Δ restart

Verify#cat Δ /etc/resolve.conf

(3) M only Create a DNS zone file that contains all the information about your domain.

Zone file name (any name)

Example zone.xxxxxx.local

Zone File Location /var/named#cd Δ /var/named#ls Δ –l#nano Δ zone.xxxxxx.local

© S

aman

tha

Indi

ka



• Cont.. Network Administration REFER the given note for configuration

After doing the changes increment the serial by 1 . Eg; 01

In future also do the same.

© S

aman

tha

Indi

ka



• Cont.. Network Administration M/S (4) Authorize the zone file for our domain M (4.1) Copy the authorization configuration file into /etc folder.

#cd Δ /usr/share/system-config-bind/profiles/default#ls Δ –l#cp Δ named.conf Δ /etc#ls Δ –l Δ /etc/named.conf

M - (4.2) Authorizing the zone file on the Master server.

#nano Δ /etc/named.conf

Go to end of file, but before the final linezone Δ “xxxxxx.local.” Δ IN Δ {type Δ master;file Δ “zone. xxxxxx.local”;allow-transfer Δ {Δ 192.168.1.XXX; Δ };};

Save & Exit

Slave IP

© S

aman

tha

Indi

ka



• Cont.. Network Administration S – Authorizing the zone file on the Slave DNS server

#cd Δ /usr/share/system-config-bind/profiles/default#ls Δ –l#cp Δ named.conf Δ /etc#ls Δ –l Δ /etc/named.conf

#nano Δ /etc/named.conf

Go to end of file, but before the final line

zone Δ “xxxxxx.local.” Δ IN Δ {type Δ slave;file Δ “slaves/zone.xxxxxx.local”;masters Δ {Δ 192.168.1.XXX; Δ };};

Save & Exit

Master IP

© S

aman

tha

Indi

ka



• Cont.. Network Administration M/S - Give the information about the root DNS servers so our DNS servers can access

the root servers to resolve domain names

#cd Δ /usr/share/doc/bind-9.3.6/sample/var/named#ls Δ –l

#cp Δ named.root Δ /var/named

#cd Δ /var/named#ls Δ –l

#cat Δ named.conf

© S

aman

tha

Indi

ka



• Cont.. Network Administration M/S – Set the default gateway to access the Internet so our DNS server can access the

root DNS servers when necessary.


Default Gateway : 192.168.1.XXX


Verify#cat Δ /etc/sysconfig/network-scripts/ifcfg-eth0

M/S – Start the DNS service#service Δ named Δ start#ntsysv[*]named

Router LAN IP

© S

aman

tha

Indi

ka



• Cont.. Network Administration S only – Check weather the zone file was properly backup

#cd Δ /var/named/slaves

#ls Δ –l

#cat Δ zone.xxxxxx.local

M or S – Checking DNS name resolution

#nslookup Δ srvX.xxxxxx.local

#nslookup Δ www.google.com

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring DNS Client Ms Windows

Go to TCP/IPPreferred DNS : 192.168.1.XXX – MasterAlternate DNS : 192.168.1.XXX – Slave

CentOS#system-config-network-tuiPreferred DNS : 192.168.1.XXX – MasterAlternate DNS : 192.168.1.XXX – Slave

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring DNS Client Ms Windows

Go to TCP/IP

Preferred DNS : 192.168.1.XXX

Alternate DNS : 192.168.1.XXX

CentOS#system-config-network-tui

Preferred DNS : 192.168.1.XXX

Alternate DNS : 192.168.1.XXX

#cat Δ /etc/resolv.conf

Master IP

Slave IP

Master IP

Slave IP

© S

aman

tha

Indi

ka



• Cont.. Network Administration For any Linux system

#nano Δ /etc/resolv.conf

nameserver Δ 192.168.1.XXX

nameserver Δ 192.168.1.XXX

Master IP

Slave IP

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring DHCP Server Check the RPMs

#rpm Δ -q Δ dhcp

Create a DHCP scope file that contains all the IP related information to distribute to the client#nano Δ /etc/dhcpd.conf

Scope Name : dhcpd.confScope location : /etc

Start the DHCP Service and add it to the Startup#service Δ dhcpd Δ start

#ntsysv[*]dhcpd

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring DHCP Client Ms Windows

Go to TCP/IP

Obtain IP address automatically

Obtain DNS Server address automatically

CentOS#system-config-network-tui

[*] Use DHCP

© S

aman

tha

Indi

ka



• Cont.. Network Administration Configuring a web server Httpd Service (APACHE) Check the RPM

#rpm Δ -q Δ httpd

If you are going to host multiple services on a single server rather than using the same IP better assign unique IPs to each and every service.

Eg : IF you are going to host multiple web sites on a single web server rather than using same IP better to use unique IPs to host each web site.

Assign multiple IPs to a machinesrv1 srv2 srv3192.168.1.21 192.168.1.31

192.168.1.41192.168.1.22 192.168.1.32

192.168.1.42192.168.1.23 192.168.1.33

192.168.1.43192.168.1.24 192.168.1.34

192.168.1.44

© S

aman

tha

Indi

ka



• Cont.. Network AdministrationEg : For SRV!


New Devices > Ethernet > Add

1st Virtual NICName : eth0:0Device : eth0:0Static IP : 192.168.1.21Netmask : 255.255.255.0

2nd Virtual NICName : eth0:1Device : eth0:1Static IP : 192.168.1.22Netmask : 255.255.255.0

© S

aman

tha

Indi

ka



• Cont.. Network Administration3rd Virtual NICName : eth0:2Device : eth0:2Static IP : 192.168.1.23Netmask : 255.255.255.0

4th Virtual NICName : eth0:3Device : eth0:3Static IP : 192.168.1.24Netmask : 255.255.255.0


#ifconfig

© S

aman

tha

Indi

ka



• Cont.. Network Administration If you want to access your web site by name and to assign the new IPs to the web site

we have to edit the DNS zone file on the Master DNS Server.

On Master DNSwww.xxxxxx.localabc.xxxxxx.localdef.xxxxxx.local

#nano Δ /var/named/zone.xxxxxx.local

At the end of file

;web server names and Ips

abc IN A 192.168.1.21def IN A 192.168.1.22

Increment the zone serial by 1 Example : 01

© S

aman

tha

Indi

ka



• Cont.. Network Administration On Master Server Restart DNS

#killall Δ named

#service Δ named Δ restart

On Master/Slaver Server or Client To Check

#nslookup Δ abc.xxxxxx.local

© S

aman

tha

Indi

ka


Messaging, MCSA + Security + Messaging, MCP

46

• Cont.. Network Administration Preparing the web sites for publishing Develop the web sites and coy them into /var/www/html folder if you have multiple

web sites you can keep them in sub folders under the above location. The web site home page must be named as index.html or index.php

#cd Δ /var/www/html

#ls Δ –l#ls Δ web1#ls Δ web2

Publishing the web sites

#nano Δ /etc/httpd/conf/httpd.conf

Go to end of file

© S

aman

tha

Indi

ka


Messaging, MCSA + Security + Messaging, MCP

47

• Cont.. Network AdministrationGo to end of file

<VirtualHost Δ 192.168.1.XXX>ServerAdmin Δ [email protected] Δ /var/www/html/webXServerName Δ abc.xxxxxx.local</VirtualHost>

Start the Web Service

#service Δ httpd Δ start#ntsysv[*]httpd

To check Go to web browser and abc.xxxxxx.local

07- Network Administration2

Documents

Transcript of 07- Network Administration2