book

Linux Network Administrator's Guide, 3rd Edition

by Tony Bautts, Terry Dawson, Gregor N. Purdy

February 2005

Beginner to intermediate

362 pages

11h 59m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Purpose and Audience for This BookSources of InformationLinux Documentation Project GuidesBooksHOWTO documentsLinux Frequently Asked QuestionsDocumentation Available via WWWDocumentation Available CommerciallyLinux Journal and Linux MagazineLinux Usenet NewsgroupsLinux Mailing ListsLinux User GroupsObtaining LinuxFilesystem StandardsStandard Linux BaseAbout This BookThe Official Printed VersionOverviewConventions Used in This BookSafari EnabledHow to Contact UsAcknowledgments
1.1. History1.2. TCP/IP Networks1.2.1. Introduction to TCP/IP Networks1.2.2. Ethernets1.2.3. Other Types of Hardware1.2.4. The Internet Protocol1.2.5. IP over Serial Lines1.2.6. The Transmission Control Protocol1.2.7. The User Datagram Protocol1.2.8. More on Ports1.2.9. The Socket Library1.3. Linux Networking1.3.1. Different Streaks of Development1.3.2. Where to Get the Code1.4. Maintaining Your System1.4.1. System Security
2.1. Networking Interfaces2.2. IP Addresses2.2.1. Classless Inter-Domain Routing2.2.2. Address Resolution2.2.3. IP Routing2.2.3.1. IP networks2.2.3.2. Subnetworks2.2.3.3. Gateways2.2.4. The Routing Table2.2.5. Metric Values2.3. The Internet Control Message Protocol2.3.1. Resolving Hostnames
3.1. Communications Software for Modem Links3.1.1. Introduction to Serial Devices3.2. Accessing Serial Devices3.2.1. The Serial Device Special Files3.2.2. Serial Hardware3.3. Using the Configuration Utilities3.3.1. The setserial Command3.3.2. The stty Command3.4. Serial Devices and the login: Prompt3.4.1. Configuring the mgetty Daemon
4.1. Understanding the /proc Filesystem4.1.1. Installing the Tools4.1.2. Setting the Hostname4.1.3. Assigning IP Addresses4.1.4. Using DHCP to Obtain an IP Address4.1.4.1. Running a DHCP server4.1.5. Creating Subnets4.1.6. Writing Hosts and Networks Files4.1.7. Interface Configuration for IP4.1.8. The Loopback Interface4.1.9. Ethernet Interfaces4.1.10. Routing Through a Gateway4.1.11. Configuring a Gateway4.1.12. The Point-to-Point Interface4.1.13. The PPP Interface4.1.14. IP Alias4.1.15. All About ifconfig4.1.16. The netstat Command4.1.16.1. Displaying the routing table4.1.16.2. Displaying interface statistics4.1.16.3. Displaying connections4.1.17. Testing Connectivity with traceroute4.1.18. Checking the ARP Tables
5.1. The Resolver Library5.1.1. The nsswitch.conf File5.1.2. Configuring Nameserver Lookups Using resolv.conf5.1.3. Resolver Robustness5.2. How DNS Works5.2.1. Name Lookups with DNS5.2.2. Types of Nameservers5.2.3. The DNS Database5.2.4. The BIND named.conf File5.2.5. The DNS Database Files5.2.6. Caching-Only named Configuration5.2.7. Writing the Master Files5.2.8. Verifying the Nameserver Setup5.2.9. Using nslookup5.2.10. Other Useful Tools5.3. Alternatives to BIND5.3.1. Installing djbdns5.3.2. Adding Hosts5.3.3. Installing an External DNS Cache
6.1. PPP on Linux6.2. Running pppd6.3. Using Options Files6.4. Using chat to Automate Dialing6.5. IP Configuration Options6.5.1. Choosing IP Addresses6.5.2. Routing Through a PPP Link6.6. Link Control Options6.7. General Security Considerations6.8. Authentication with PPP6.8.1. PAP Versus CHAP6.8.2. The CHAP Secrets File6.8.3. The PAP Secrets File6.9. Debugging Your PPP Setup6.10. More Advanced PPP Configurations6.10.1. PPP Server6.10.2. Demand Dialing6.10.3. Persistent Dialing6.11. PPPoE Options in Linux6.11.1. PPPoE Clients6.11.1.1. PPPoE manual client configuration
7.1. Methods of Attack7.2. What Is a Firewall?7.3. What Is IP Filtering?7.4. Netfilter and iptables7.4.1. Example iptables Commands7.4.1.1. A packet-filtering example7.4.1.2. A Masquerading example7.4.1.3. A network translation example7.5. iptables Concepts7.5.1. Packet Flow7.5.2. Three Ways We Can Do Filtering7.5.3. Tables7.5.4. Chains7.5.5. Rules7.5.6. Matches7.5.7. Targets7.6. Setting Up Linux for Firewalling7.6.1. Loading the Kernel Module7.6.2. Backward Compatibility with ipfwadm and ipchains7.7. Using iptables7.7.1. Getting Help7.8. The iptables Subcommands7.9. Basic iptables Matches7.9.1. Internet Protocol (IPv4) Matches7.9.2. Ethernet Media Access Controller (MAC) Match7.9.3. Internet Control Message Protocol Match7.9.4. User Datagram Protocol Match7.9.5. Transmission Control Protocol Match7.9.6. A Naive Example7.10. A Sample Firewall Configuration7.11. References
8.1. Configuring the Kernel for IP Accounting8.2. Configuring IP Accounting8.2.1. Accounting by Address8.2.2. Accounting by Service Port8.2.3. Accounting of ICMP Packets8.2.4. Accounting by Protocol8.3. Using IP Accounting Results8.3.1. Listing Accounting Data8.4. Resetting the Counters8.5. Flushing the Rule Set8.6. Passive Collection of Accounting Data
9.1. Side Effects and Fringe Benefits9.2. Configuring the Kernel for IP Masquerade9.3. Configuring IP Masquerade9.4. Handling Nameserver Lookups9.5. More About Network Address Translation

10.1. The inetd Super Server10.2. The tcpd Access Control Facility10.3. The xinetd Alternative10.4. The Services and Protocols Files10.5. Remote Procedure Call10.6. Configuring Remote Login and Execution10.6.1. Disabling the r Commands10.6.2. Installing and Configuring ssh10.6.2.1. The ssh daemon10.6.2.2. The ssh client10.6.2.3. Using ssh
11.1. What Is a Mail Message?11.2. How Is Mail Delivered?11.3. Email Addresses11.3.1. RFC 82211.3.2. Obsolete Mail Formats11.4. How Does Mail Routing Work?11.5. Mail Routing on the Internet
12.1. Installing the sendmail Distribution12.1.1. Downloading sendmail Source Code12.1.2. Compiling sendmail12.1.3. Installing the sendmail Binary12.2. sendmail Configuration Files12.2.1. Comments12.2.2. Typically Used sendmail.mc Commands12.2.2.1. VERSIONID12.2.2.2. OSTYPE12.2.2.3. DOMAIN12.2.2.4. FEATURE12.2.2.5. define12.2.2.6. MAILER12.2.2.7. LOCAL_*12.3. sendmail.cf Configuration Language12.3.1. sendmail.cf R and S Commands12.3.2. The Left Side12.3.3. The Right Side12.3.4. A Simple Rule Pattern Example12.3.5. A Complete Rewrite Rule Example12.4. Creating a sendmail Configuration12.4.1. The linux.m4 OSTYPE File12.4.2. The generic.m4 DOMAIN File12.4.3. Creating a Sample Linux sendmail Configuration12.4.4. Building the sendmail.cf File12.5. sendmail Databases12.5.1. The aliases Database12.5.2. The local-host-names File12.5.2.1. The bestmx_is_local feature12.5.3. The relay-domains File12.5.4. The genericstable Database12.5.5. The access Database12.5.6. Other Databases12.5.6.1. The mailertable12.5.6.2. The virtusertable12.6. Testing Your Configuration12.7. Running sendmail12.8. Tips and Tricks12.8.1. Managing the Mail Spool12.8.2. Forcing a Remote Host to Process Its Mail Queue12.8.3. Mail Statistics12.8.3.1. mailstats12.8.3.2. hoststat12.9. More Information
13.1. The IPv4 Problem and Patchwork Solutions13.1.1. CIDR13.1.2. NAT13.2. IPv6 as a Solution13.2.1. IPv6 Addressing13.2.2. IPv6 Advantages13.2.3. IPv6 Configuration13.2.3.1. Kernel and system configuration13.2.3.2. Interface configuration13.2.4. Establishing an IPv6 Connection via a Tunnel Broker13.2.4.1. Building your tunnel13.2.5. IPv6-Aware Applications13.2.5.1. Apache web server13.2.5.2. Configuring Apache v2.0.x for IPv6 support13.2.5.3. OpenSSH13.2.6. Troubleshooting
14.1. Apache HTTPD Server—An Introduction14.2. Configuring and Building Apache14.2.1. Getting and Compiling the Software14.3. Configuration File Options14.3.1. Binding Addresses and Ports14.3.2. Logging and Path Configuration Options14.3.3. Server Identification Strings14.3.4. Performance Configuration14.3.5. Starting and Stopping Apache with apachectl14.4. VirtualHost Configuration Options14.4.1. IP-Based Virtual Hosts14.4.2. Name-Based Virtual Hosting14.5. Apache and OpenSSL14.5.1. Generating an SSL Certificate14.5.2. Compiling mod_ssl for Apache14.5.3. Configuration File Changes14.6. Troubleshooting14.6.1. Testing the Configuration File with apachectl14.6.2. Page Not Found Errors14.6.2.1. SSL problems
15.1. IMAP—An Introduction15.1.1. IMAP and POP15.1.2. Which IMAP to Choose?15.1.2.1. Getting an IMAP client15.1.2.2. Installing UW-IMAP15.1.2.3. IMAP configuration15.1.2.4. Advanced UW IMAP configuration options15.1.2.5. Using alternate mailbox formats15.1.2.6. Configuring IMAP to use OpenSSL15.2. Cyrus IMAP15.2.1. Getting Cyrus IMAP15.2.2. Configuring Cyrus IMAP15.2.3. Troubleshooting Cyrus IMAP
16.1. Samba—An Introduction16.1.1. SMB, CIFS, and Samba16.1.2. Obtaining Samba16.1.2.1. Building from source16.1.3. Getting Started with Samba16.1.3.1. Basic configuration options16.1.3.2. Configuring Samba user accounts16.1.4. Additional Samba Options16.1.4.1. Access control16.1.4.2. Logging with Samba16.1.4.3. Logging with syslog16.1.5. Printing with Samba16.1.5.1. BSD Printing16.1.5.2. Printing with CUPS16.1.6. Using SWAT16.1.6.1. Enabling SWAT16.1.6.2. SWAT and SSL16.1.7. Troubleshooting Samba16.1.7.1. Configuration file woes16.1.7.2. Account problems
17.1. Understanding LDAP17.1.1. Data Naming Conventions17.2. Obtaining OpenLDAP17.2.1. Dependencies17.2.2. Compiling OpenLDAP17.2.3. Configuring the OpenLDAP Server17.2.4. Running OpenLDAP17.2.4.1. Adding entries to your directory17.2.5. Using OpenLDAP17.2.5.1. Adding access control lists (ACLs)17.2.5.2. Migrating to LDAP authentication17.2.5.3. Client LDAP configurations17.2.6. Adding SSL to OpenLDAP17.2.6.1. Testing SSL availability17.2.7. LDAP GUI Browsers17.2.8. Troubleshooting OpenLDAP
18.1. History18.2. The Standards18.3. 802.11b Security Concerns18.3.1. Hardware18.3.1.1. 801.11g versus 802.11b on Linux18.3.1.2. Chipsets18.3.2. Client Configuration18.3.2.1. Drivers18.3.2.2. Using the Linux Wireless Exension Tools18.3.3. Linux Access Point Configuration18.3.3.1. Installing the HostAP driver18.3.3.2. Obtaining and building the HostAP driver18.3.3.3. Configuring HostAP18.3.3.4. Additional options18.3.4. Troubleshooting18.3.5. Bridging Your Networks
A.1. Connecting the Virtual Subsidiary Network

Content preview from Linux Network Administrator's Guide, 3rd Edition

Chapter 17. OpenLDAP

OpenLDAP is a freely available, open source LDAP solution designed to compile on a number of different platforms. Under Linux, it is currently the most widely used and best supported free LDAP product available. It offers the performance and expected functionality of many commercial solutions, but offers additional flexibility because the source is available and customizable. In this section, we will discuss possible uses for an OpenLDAP server as well as describe installation and configuration.

Understanding LDAP

Before proceeding, a brief explanation of LDAP is required. Lightweight Directory Access Protocol (LDAP) is a directory service that can be used to store almost anything. In this way, it is very similar to a database. However, it is designed to store only small amounts of data, and is optimized for quick searching of records. A perfect example of an application for which LDAP is suited is a PKI environment. This type of environment stores only minimal amount of information and is designed to be accessed quickly.

The easiest way to explain the structure of LDAP is to imagine it as a tree. Each LDAP directory starts with a root entry. From this entry others branch out, and from each of these branches are more branches, each with the ability to store a bit of information. A sample LDAP tree is shown in Figure 17-1.