book

Linux in a Windows World

Name: Linux in a Windows World
Author: Roderick W Smith
ISBN: 9780596007584

by Roderick W Smith

February 2005

Beginner

496 pages

16h 10m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Linux in a Windows World
Dedication
Preface
Audience
Contents of This Book
Conventions Used in This Book
Using Code Examples
Comments and Questions
Safari Enabled
Acknowledgments
I. Linux’s Place in a Windows Network

1. Linux’s Features
Where Linux Fits in a Network
Linux as a Server
Linux Server CapabilitiesTypical Linux Server HardwareTypical Linux Server SoftwarePicking a distribution for server usePicking individual server programs
Linux on the Desktop
Comparing Linux and Windows Features
Summary
2. Linux Deployment Strategies
Linux Server OptionsLinux File and Print ServersLinux Authentication ServersRemote Login ServersMail ServersMiscellaneous Linux Servers
Linux Desktop Migration
Linux and Thin Clients
Summary
II. Sharing Files and Printers
3. Basic Samba Configuration
Installing Samba
The Samba Configuration File Format
Configuration File SectionsParameters, Values, and CommentsVariables and Their UsesThe include Parameter
Identifying the Server
NetBIOS Name OptionsWorkgroup Name OptionsMiscellaneous Identification Options
Setting Master Browser Options
Setting Password Options
Password IssuesUsing Cleartext PasswordsUsing Encrypted PasswordsUsing a Password ServerSetting the security modeUsing server-level securityUsing domain-level security
Summary
4. File and Printer Shares
Common File Share OptionsDefining a File ShareSetting Write AccessSetting Filename OptionsSetting Access Control FeaturesSetting Linux ownershipSetting Linux permissionsMapping DOS-style flagsUsing ACLsEnabling Unix extensions
Printing with CUPS
Installing CUPSAdding Printers to CUPSAdjusting CUPS Browsing and Security
Creating a Printer Share
File Shares Versus Printer SharesSharing PostScript PrintersSharing Non-PostScript Printers
Delivering Printer Drivers to Windows Clients
Picking a DriverDefining Necessary SharesInstalling the Driver on the ServerInstalling drivers from LinuxInstalling drivers from Windows NT/200x/XPInstalling Drivers on Clients
Example Shares
The [homes] ShareA Windows Program ShareFile-Exchange SharesThe [printers] ShareA PDF-Generation Printer Share
Summary
5. Managing a NetBIOS Network with Samba
Enabling Domain Controller FunctionsThe Role of a Domain ControllerDomain Controller ParametersMaintaining the Password DatabaseConfiguring Machine Trust AccountsCommon Domain Controller File SharesConfiguring domain logon sharesConfiguring roaming profilesConfiguring Windows Clients and Servers as Domain MembersActivating Windows 9x/Me domain membershipActivating Windows NT/200x/XP domain membership
Enabling NBNS Functions
The Role of the NBNS SystemDefining Samba NBNS FunctionsDelivering NBNS Information via DHCPDHCP server configurationWindows client configuration
Assuming Master Browser Duties
The Role of the Master BrowserWinning (or Not Winning) Local Master Browser ElectionsConfiguring Samba Domain Master Browser Features
Summary
6. Linux as an SMB/CIFS Client
Using NetBIOS Name ResolutionSetting Name Resolution Options in smb.confUsing NetBIOS Name Resolution in Non-Samba Programs
Accessing File Shares
Using smbclientMounting Shares Using smbmountMounting Shares Using mountUsing the smbfs driverUsing the cifs driverEditing /etc/fstabFile Share Access Limitations
Printing to Printer Shares
Printing Using smbclientDefining SMB/CIFS Printers Using CUPSDefining SMB/CIFS Printers Using LPRng or BSD LPD
Configuring GUI Workgroup Browsers
A Rundown of GUI Network BrowsersUsing LinNeighborhoodUsing Konqueror
Summary
III. Centralized Authentication Tools
7. Using NT Domains for Linux Authentication
The Principles Behind WinbindThe Problem: Linux Users on an NT DomainLinux’s PAM and NSS SystemsWinbind: Linking PAM and NSS to an NT Domain
Samba Winbind Configuration
Winbind Options in smb.confRunning the Winbind Daemon
PAM and NSS Winbind Options
NSS and PAM Winbind ModulesConfiguring NSSConfiguring PAM
Winbind in Action
Testing Winbind OperationWinbind Logins
Summary
8. Using LDAP
The Principles Behind LDAPThe Problem: Providing a Network-Accessible DirectoryLDAP Terminology and FeaturesLDAP Software
Configuring an OpenLDAP Server
Obtaining and Installing OpenLDAPBasic OpenLDAP ConfigurationPreparing Keys and CertificatesRunning the Server
Creating a User Directory
Distinguished NamesUnderstanding LDIFCreating the DirectoryAccount Maintenance
Configuring Linux to Use LDAP for Login Authentication
LDAP, PAM, and NSSBasic LDAP Client ConfigurationConfiguring the LDAP NSS ModulesConfiguring the LDAP PAM ModulesVerifying Proper Functioning
Configuring Windows to Use LDAPfor Login Authentication
Obtaining and Installing pGinaRegistering Your CertificateConfiguring pGina for LDAP Client Use
Summary
9. Kerberos Configuration and Use
Kerberos FundamentalsThe Problem: Centralized Single-Authentication LoginsAn Overview of Kerberos OperationKerberos Tools for LinuxWindows and Kerberos
Linux Kerberos Server Configuration
Kerberos Realm ConfigurationEditing krb5.confEditing kdc.confCreating a Master KeyRealm AdministrationCreating principalsACL definitionsRunning the KDC
Kerberos Application Server Configuration
Setting Up KerberosPreparing Application Server PrincipalsRunning the Servers
Linux Kerberos Client Configuration
Preparing Kerberos ClientsInstalling Kerberized ClientsUsing Kerberized ClientsUsing Kerberos for Network LoginsKerberized login toolsKerberos and PAMKerberized account maintenance
Windows Kerberos Tools
Windows Kerberos ImplementationsWindows Kerberized ServersWindows Kerberized ClientsUsing Windows’ KerberosUsing Kerberos Telnet
Summary
IV. Remote Login Tools
10. Remote Text-Mode Administration and Use
What Can Text-Mode Logins Do?Remote Text-Mode User AccessRemote Text-Mode AdministrationTools for Remote Text-Mode Access
SSH Server Configuration
SSH Server Options for LinuxConfiguring an SSH ServerLaunching an SSH Server
Telnet Server Configuration
Launching a Telnet ServerTelnet Server Security ConcernsEncryptionControlling access by IP address
Windows Remote-Login Tools
Locating Client SoftwareWindows Telnet and SSH Servers
Summary
11. Running GUI Programs Remotely
What Can GUI Logins Do?
Using Remote X Access
The X Client/Server ModelX Server OptionsInitiating a Connection from a Text-Mode LoginWindows X Server ConcernsSimplifying Remote X Logins with XDMCPXDMCP basicsConfiguring XDMConfiguring KDMConfiguring GDMConfiguring an XDMCP client
Encrypting X by SSH Tunneling
Advantages and Disadvantages of X SSH TunnelingSSH Server OptionsSSH Client Options and Use
VNC Configuration and Use
VNC VersionsConfiguring a Linux VNC ServerX and VNC interactionsTraditional user VNC server sessionsLinking VNC to an XDMCP serverKDE’s VNC featuresConfiguring a Windows VNC ServerUsing a VNC ClientEncrypting VNC Connections
Running Windows Programs from Linux
Summary
12. Linux Thin Client Configurations
The Role of Thin Client ComputingTypes of Thin Client ComputingWhen to Use Thin Client Computing
Hardware Requirements
Server RequirementsClient RequirementsNetwork Hardware Requirements
Linux as a Server for Thin Clients
Linux Distribution Selection and ConfigurationXDMCP and VNC OptionsDHCP ConfigurationTFTP Configuration
Linux as a Thin Client
Distribution Selection and InstallationConfiguring PXESTesting Your PXES ImageBooting a Thin Client from the Network
Summary
V. Additional Server Programs
13. Configuring Mail Servers
Linux Mail Server OptionsPush Mail Versus Pull Mail ProtocolsLinux SMTP Server OptionsLinux POP and IMAP Server OptionsMail Security Concerns
Configuring Sendmail
Sendmail Configuration FilesSendmail Address OptionsSendmail Relay OptionsConfiguring sendmail to relay mailConfiguring sendmail to use a relayConfiguring sendmail to forward mail
Configuring Postfix
Postfix Configuration FilesPostfix Address OptionsPostfix Relay OptionsConfiguring Postfix to relay mailConfiguring Postfix to use a relayConfiguring Postfix to forward mail
Configuring POP and IMAP Servers
Launching POP and IMAP ServersSetting Authentication OptionsAdditional Options on Advanced Servers
Scanning for Spam, Worms, and Viruses
An Antispam and Antivirus Tool RundownSendmail Antispam OptionsPostfix Antispam OptionsUsing ProcmailCalling ProcmailThe Procmail configuration fileCreating Procmail recipesExamples of Procmail recipesUsing SpamAssassinSpamAssassin basicsCalling SpamAssassin from ProcmailCalling SpamAssassin from sendmailUsing BogofilterDiscarding or Quarantining Suspicious Attachments
Supplementing a Microsoft Exchange Server
Using Fetchmail
The Role of FetchmailConfiguring FetchmailRunning Fetchmail
Summary
14. Network Backups
Backup StrategiesBackup HardwareComplete Versus Incremental BackupsLocal Versus Network BackupsClient- Versus Server-Initiated BackupsBackup Pitfalls
Backing Up the Linux System
A Rundown of Linux Backup PackagesUsing tar for Tape and Disk BackupsBacking Up to Optical MediaRestoring Data Locally
Backing Up with Samba
Pluses and Minuses of Samba BackupsUsing a Samba Backup ShareCreating a backup shareUsing a backup shareUsing smbtar for BackupsConfiguring Windows clients to share filesBacking up with smbtarRestoring Data with Samba
Backing Up with AMANDA
AMANDA PrinciplesConfiguring an AMANDA ServerAMANDA server programsSetting AMANDA optionsPreparing tapesDefining dump types and backup setsLinux AMANDA Client ConfigurationWindows AMANDA Client ConfigurationBacking Up and Restoring Data with AMANDA
Summary
15. Managing a Network with Linux
Delivering IP Addresses with DHCPThe Role of DHCPKernel and Routing Requirements for DHCPDHCP Configuration FilesAssigning AddressesDynamic address assignmentFixed address assignmentTelling Clients to Use DHCP
Delivering Names with DNS
Principles of DNSBasic Name Server ConfigurationSetting Up a DomainConfiguring forward zone filesConfiguring reverse zone filesRunning the serverPointing Clients at the Name Server
Keeping Clocks Synchronized with NTP
Principles of NTPNTP Server ConfigurationConfiguring Windows ClientsUsing NET SETWindows NTP clients
Summary
VI. Appendixes
A. Configuring PAM
PAM Principles
The PAM Configuration File Format
PAM Configuration Files and FieldsModule Stacks
PAM Modules
Standard PAM ModulesAdditional PAM Modules
Sample PAM Configurations
Typical Login ServicesPassword ServicesAn Authentication Stack
Summary
B. Linux on the Desktop
Linux Desktop Applications for All Occasions
Configuring Applications and Environments
Global Versus User Configuration FilesLocating Configuration FilesCreating Default Desktop ConfigurationsCreating a template configurationCopying the template to be a global configurationAdding an Environment as a Login OptionRunning a GUI login toolPresenting desktop environment options
Running Windows Programs in Linux
Why Run Windows Programs in Linux?Options for Running Windows Programs from Linux
File and Filesystem Compatibility
Accessing Windows Disks and FilesystemsOffice File Format CompatibilityCreating and Reading PDF FilesManaging Cross-Platform Archive FilesTips for a Smooth Migration
Font Handling
Linux Font-Handling SystemsInstalling X Core FontsPreparing font directoriesSetting the X font pathConfiguring a font serverUsing the fontsInstalling Xft FontsInstalling Fonts in OpenOffice.org
Summary
Index
Colophon

Content preview from Linux in a Windows World

Configuring Linux to Use LDAP for Login Authentication

At this point, your LDAP server should be running and should contain account information for your site. In order to do any good, though, you must be able to use that LDAP server for user authentication. In the case of Linux systems, this entails configuring the Pluggable Authentication Modules system and the Name Service Switch system to interface with LDAP. This requires understanding the basic relationships between these systems, installing necessary modules, and configuring the modules.

Tip

To use Windows as an LDAP login client, consult the Section 8.5.

LDAP, PAM, and NSS

The PAM and NSS systems are at the core of Linux’s account management. These systems are described in Chapter 7 and in Appendix A. In brief, PAM is a set of libraries that sits between applications and the account database for authentication purposes. Instead of accessing account databases directly, PAM-enabled applications consult PAM. This arrangement enables you to modify your authentication system (such as adding LDAP) with relative ease, by reconfiguring PAM rather than rewriting all the programs that require authentication. Similarly, NSS manages access to nonauthentication account information, such as home directory locations.

In order to configure a Linux system to use LDAP, you must tie LDAP into these two systems. This is done by installing PAM and NSS support modules and by modifying PAM and NSS configuration files to call the LDAP modules.

Basic ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0596007582

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business