book

Linux in a Windows World

by Roderick W Smith

February 2005

Beginner

496 pages

16h 10m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Audience

Where Linux Fits in a Network
Linux Server CapabilitiesTypical Linux Server HardwareTypical Linux Server SoftwarePicking a distribution for server usePicking individual server programs
Linux Server OptionsLinux File and Print ServersLinux Authentication ServersRemote Login ServersMail ServersMiscellaneous Linux Servers
Installing Samba
Configuration File SectionsParameters, Values, and CommentsVariables and Their UsesThe include Parameter
NetBIOS Name OptionsWorkgroup Name OptionsMiscellaneous Identification Options
Password IssuesUsing Cleartext PasswordsUsing Encrypted PasswordsUsing a Password ServerSetting the security modeUsing server-level securityUsing domain-level security
Common File Share OptionsDefining a File ShareSetting Write AccessSetting Filename OptionsSetting Access Control FeaturesSetting Linux ownershipSetting Linux permissionsMapping DOS-style flagsUsing ACLsEnabling Unix extensions
Installing CUPSAdding Printers to CUPSAdjusting CUPS Browsing and Security
File Shares Versus Printer SharesSharing PostScript PrintersSharing Non-PostScript Printers
Picking a DriverDefining Necessary SharesInstalling the Driver on the ServerInstalling drivers from LinuxInstalling drivers from Windows NT/200x/XPInstalling Drivers on Clients
The [homes] ShareA Windows Program ShareFile-Exchange SharesThe [printers] ShareA PDF-Generation Printer Share
Enabling Domain Controller FunctionsThe Role of a Domain ControllerDomain Controller ParametersMaintaining the Password DatabaseConfiguring Machine Trust AccountsCommon Domain Controller File SharesConfiguring domain logon sharesConfiguring roaming profilesConfiguring Windows Clients and Servers as Domain MembersActivating Windows 9x/Me domain membershipActivating Windows NT/200x/XP domain membership
The Role of the NBNS SystemDefining Samba NBNS FunctionsDelivering NBNS Information via DHCPDHCP server configurationWindows client configuration
The Role of the Master BrowserWinning (or Not Winning) Local Master Browser ElectionsConfiguring Samba Domain Master Browser Features
Using NetBIOS Name ResolutionSetting Name Resolution Options in smb.confUsing NetBIOS Name Resolution in Non-Samba Programs
Using smbclientMounting Shares Using smbmountMounting Shares Using mountUsing the smbfs driverUsing the cifs driverEditing /etc/fstabFile Share Access Limitations
Printing Using smbclientDefining SMB/CIFS Printers Using CUPSDefining SMB/CIFS Printers Using LPRng or BSD LPD
A Rundown of GUI Network BrowsersUsing LinNeighborhoodUsing Konqueror
The Principles Behind WinbindThe Problem: Linux Users on an NT DomainLinux’s PAM and NSS SystemsWinbind: Linking PAM and NSS to an NT Domain
Winbind Options in smb.confRunning the Winbind Daemon
NSS and PAM Winbind ModulesConfiguring NSSConfiguring PAM
Testing Winbind OperationWinbind Logins
The Principles Behind LDAPThe Problem: Providing a Network-Accessible DirectoryLDAP Terminology and FeaturesLDAP Software
Obtaining and Installing OpenLDAPBasic OpenLDAP ConfigurationPreparing Keys and CertificatesRunning the Server
Distinguished NamesUnderstanding LDIFCreating the DirectoryAccount Maintenance
LDAP, PAM, and NSSBasic LDAP Client ConfigurationConfiguring the LDAP NSS ModulesConfiguring the LDAP PAM ModulesVerifying Proper Functioning
Obtaining and Installing pGinaRegistering Your CertificateConfiguring pGina for LDAP Client Use
Kerberos FundamentalsThe Problem: Centralized Single-Authentication LoginsAn Overview of Kerberos OperationKerberos Tools for LinuxWindows and Kerberos
Kerberos Realm ConfigurationEditing krb5.confEditing kdc.confCreating a Master KeyRealm AdministrationCreating principalsACL definitionsRunning the KDC
Setting Up KerberosPreparing Application Server PrincipalsRunning the Servers
Preparing Kerberos ClientsInstalling Kerberized ClientsUsing Kerberized ClientsUsing Kerberos for Network LoginsKerberized login toolsKerberos and PAMKerberized account maintenance
Windows Kerberos ImplementationsWindows Kerberized ServersWindows Kerberized ClientsUsing Windows’ KerberosUsing Kerberos Telnet
What Can Text-Mode Logins Do?Remote Text-Mode User AccessRemote Text-Mode AdministrationTools for Remote Text-Mode Access
SSH Server Options for LinuxConfiguring an SSH ServerLaunching an SSH Server
Launching a Telnet ServerTelnet Server Security ConcernsEncryptionControlling access by IP address
Locating Client SoftwareWindows Telnet and SSH Servers
What Can GUI Logins Do?
The X Client/Server ModelX Server OptionsInitiating a Connection from a Text-Mode LoginWindows X Server ConcernsSimplifying Remote X Logins with XDMCPXDMCP basicsConfiguring XDMConfiguring KDMConfiguring GDMConfiguring an XDMCP client
Advantages and Disadvantages of X SSH TunnelingSSH Server OptionsSSH Client Options and Use
VNC VersionsConfiguring a Linux VNC ServerX and VNC interactionsTraditional user VNC server sessionsLinking VNC to an XDMCP serverKDE’s VNC featuresConfiguring a Windows VNC ServerUsing a VNC ClientEncrypting VNC Connections
The Role of Thin Client ComputingTypes of Thin Client ComputingWhen to Use Thin Client Computing
Server RequirementsClient RequirementsNetwork Hardware Requirements
Linux Distribution Selection and ConfigurationXDMCP and VNC OptionsDHCP ConfigurationTFTP Configuration
Distribution Selection and InstallationConfiguring PXESTesting Your PXES ImageBooting a Thin Client from the Network
Linux Mail Server OptionsPush Mail Versus Pull Mail ProtocolsLinux SMTP Server OptionsLinux POP and IMAP Server OptionsMail Security Concerns
Sendmail Configuration FilesSendmail Address OptionsSendmail Relay OptionsConfiguring sendmail to relay mailConfiguring sendmail to use a relayConfiguring sendmail to forward mail
Postfix Configuration FilesPostfix Address OptionsPostfix Relay OptionsConfiguring Postfix to relay mailConfiguring Postfix to use a relayConfiguring Postfix to forward mail
Launching POP and IMAP ServersSetting Authentication OptionsAdditional Options on Advanced Servers
An Antispam and Antivirus Tool RundownSendmail Antispam OptionsPostfix Antispam OptionsUsing ProcmailCalling ProcmailThe Procmail configuration fileCreating Procmail recipesExamples of Procmail recipesUsing SpamAssassinSpamAssassin basicsCalling SpamAssassin from ProcmailCalling SpamAssassin from sendmailUsing BogofilterDiscarding or Quarantining Suspicious Attachments
The Role of FetchmailConfiguring FetchmailRunning Fetchmail
Backup StrategiesBackup HardwareComplete Versus Incremental BackupsLocal Versus Network BackupsClient- Versus Server-Initiated BackupsBackup Pitfalls
A Rundown of Linux Backup PackagesUsing tar for Tape and Disk BackupsBacking Up to Optical MediaRestoring Data Locally
Pluses and Minuses of Samba BackupsUsing a Samba Backup ShareCreating a backup shareUsing a backup shareUsing smbtar for BackupsConfiguring Windows clients to share filesBacking up with smbtarRestoring Data with Samba
AMANDA PrinciplesConfiguring an AMANDA ServerAMANDA server programsSetting AMANDA optionsPreparing tapesDefining dump types and backup setsLinux AMANDA Client ConfigurationWindows AMANDA Client ConfigurationBacking Up and Restoring Data with AMANDA
Delivering IP Addresses with DHCPThe Role of DHCPKernel and Routing Requirements for DHCPDHCP Configuration FilesAssigning AddressesDynamic address assignmentFixed address assignmentTelling Clients to Use DHCP
Principles of DNSBasic Name Server ConfigurationSetting Up a DomainConfiguring forward zone filesConfiguring reverse zone filesRunning the serverPointing Clients at the Name Server
Principles of NTPNTP Server ConfigurationConfiguring Windows ClientsUsing NET SETWindows NTP clients
PAM Principles
PAM Configuration Files and FieldsModule Stacks
Standard PAM ModulesAdditional PAM Modules
Typical Login ServicesPassword ServicesAn Authentication Stack
Linux Desktop Applications for All Occasions
Global Versus User Configuration FilesLocating Configuration FilesCreating Default Desktop ConfigurationsCreating a template configurationCopying the template to be a global configurationAdding an Environment as a Login OptionRunning a GUI login toolPresenting desktop environment options
Why Run Windows Programs in Linux?Options for Running Windows Programs from Linux
Accessing Windows Disks and FilesystemsOffice File Format CompatibilityCreating and Reading PDF FilesManaging Cross-Platform Archive FilesTips for a Smooth Migration
Linux Font-Handling SystemsInstalling X Core FontsPreparing font directoriesSetting the X font pathConfiguring a font serverUsing the fontsInstalling Xft FontsInstalling Fonts in OpenOffice.org

Content preview from Linux in a Windows World

Encrypting X by SSH Tunneling

One of the big drawbacks to X is that it provides no way to encrypt your data. Thus, raw X sessions are risky choices for performing tasks with sensitive data, including system administration tasks. One way around this problem is to tunnel the X connection through SSH. Fortunately, this task is fairly easy to do, and it provides an excellent level of encryption. It does require specific configuration options on both the client and the server, however.

Advantages and Disadvantages of X SSH Tunneling

By and large, SSH tunneling is a great boon for using X. Its main advantage is its encryption, but it has other pluses, as well:

Compression: SSH supports data compression as well as encryption. Using these features can improve the speed of X sessions, depending on the speed of the two computers’ CPUs and their CPU loads. (See the upcoming list of drawbacks for more on this issue.) This feature is most likely to be important on slow network links.
Simplified sign-ons: The procedure for initiating the connection using the remote text-mode login protocol, described earlier, is awkward. Using SSH tunneling actually simplifies this procedure, although the underlying connection model is actually more complex.
Simplified firewall requirements: Because a tunneled X connection is carried over an SSH link, you don’t need to be concerned with working around firewall limitations for X alone. If you can establish an SSH connection between a user’s desktop computer and a remote ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Learn Windows Subsystem for Linux: A Practical Guide for Developers and IT Professionals

Publisher Resources

ISBN: 0596007582

Linux in a Windows World

by Roderick W Smith

Encrypting X by SSH Tunneling

Advantages and Disadvantages of X SSH Tunneling

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Learn Windows Subsystem for Linux: A Practical Guide for Developers and IT Professionals

Linux Networking Cookbook

Ubuntu 20.04 Essentials

Basic Linux Terminal Tips and Tricks: Learn to Work Quickly on the Command Line

Publisher Resources

Encrypting X by SSH Tunneling

Advantages and Disadvantages of X SSH Tunneling

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Learn Windows Subsystem for Linux: A Practical Guide for Developers and IT Professionals

Linux Networking Cookbook

Ubuntu 20.04 Essentials

Basic Linux Terminal Tips and Tricks: Learn to Work Quickly on the Command Line

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.