IT Friends

1. Introduction to network servicesA network service is a program that resides in memory, listens for incoming network connections, and responds to these connections to serve data to clients.

For example, a date-time server listens for incoming requests to provide the date and time to clients.
In hardware terms, a server is any computer used chiefly to run server software. A single network server may run multiple services.
Client software initiates network connections so that users can access network services.

For example, a date-time client opens a network connection to a date-time server, to request the current date and time.
In some cases, a single computer may run both server and client software. However, a computer designed largely to run client network software is commonly known as a network client.
Question

Match appropriate terms to examples of what they describe.

Options:

A computer dedicated to handling users’ mail requests
A computer designed to request services
A program that provides services to network clients
A web browser
Targets:

Network server
Client software
Server software

Answer
An example of a network server is a computer dedicated to handling users’ mail requests. An example of client software is a web browser, and an example of server software is a program that enables users to transfer files across a network.

A computer designed to handle client requests for services is known as a network server. A network server may run multiple services, or be dedicated to running a specific service.

A computer that uses software to make requests to servers is known as a network client.

Server software provides services to network clients, for example web server software serving web pages.

A web browser is a software program that makes requests to and receives data from a web server. It is therefore an example of client software.
The server software that runs a network service and listens for client requests is known as a daemon.
The xinetd superdaemon manages many other Linux daemons. It listens for requests for multiple types of services, and starts and ends particular daemons when required.

The syslogd daemon generates log entries for xinetd-managed services.
The /etc/xinetd.d file includes a list of services you can choose to set xinetd to manage. By default, you need to enable most of these services before the superdaemon will manage them.
ksmith@ny-fs02:/> ls /etc/xinetd.d/chargen daytime echo-udp qpopper services telnet time-udpchargen-udp daytime-udp imap rsync swat telnet.rpmsave vnccups-ldp echo netstat servers systat time vsftpdksmith@ny-fs02:/>
Larger Linux daemons tend to run as standalone programs, and are configured to start automatically at bootup.
A standalone daemon typically stores log entries in a /var/log/ subdirectory created for this purpose. For example, the Samba service–which uses the nmbd and smbd daemons–stores all log files in /var/log/samba.
ksmith@ny-fs02:/> ls /var/log/sambalog.nmbd log.smbdksmith@ny-fs02:/>
Each daemon is configured to respond only to requests with a specific, identifying number known as a port number. This number uniquely identifies the process–or service–that a client is requesting.
Port numbers range from 0 to 65534, and may be temporarily assigned to specific services. A process such as a telnet session, for example, uses a specific port number for the duration of the session only.
However, each special subset of well-known ports–from 0 to 1023–is commonly assigned to a specific network service.
Some of the port numbers most commonly associated with specific services are
20 and 21
25
53
80
110
20 and 21
The File Transfer Protocol (FTP) service, which uses the Transfer Control Protocol (TCP), typically listens for FTP requests from clients on ports 20 and 21.
25
Simple Mail Transfer Protocol (SMTP) servers typically listen for outgoing mail on port 25.
53
The Domain Name Service (DNS)–which may use the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP)–typically listens for address and name resolution requests on port 53.
80
HTTP servers typically listen for web requests on port 80. To increase security, some web servers also use port 8080 or 8008 for the HTTP service.
110
Post Office Protocol version 3 (POP3) servers typically listen for inbound e-mail on port 110. Question

Match network services to the ports they typically use.

Options:

20
25
80
110
Targets:

FTP
HTTP
POP3

Answer
FTP typically listens for requests via port 20. HTTP uses port 80, and POP3 uses port 110

FTP, which enables clients to transfer files across a network, typically listens for requests on port 20 or 21.

The SMTP service, which listens for outgoing e-mail, typically uses port 25.

The HTTP service typically listens for web requests on port 80. Some HTTP servers, however, use ports 8080 or 8008 to improve security, because these ports are less well known.

POP3, which listens for incoming e-mail, typically listens for requests on port 110.
Ports and the protocols that services use in Linux are defined in the /etc/services file.

To check the port at which a particular service listens for requests, you can use the grep command to retrieve the /etc/services file entry for the service.
grep service_name /etc/services
In this example, the POP3 service–via both TCP and UDP–operates on port 110, and a secure version of POP3 runs on port 995.
ksmith@ny-fs02:/> grep pop3 /etc/servicespop3 110/tcp # Post Office Protocol - Version 3pop3 110/udp # Post Office Protocol - Version 3pop3s 995/tcp # pop3 over TLS/SSL (was spop3)pop3s 995/udp # pop3 over TLS/SSL (was spop3)ksmith@ny-fs02:/>
Basic network services you may need to configure on clients include
Point-to-Point Protocol (PPP)
Dynamic Host Configuration Protocol (DHCP)
Domain Name System (DNS)
Point-to-Point Protocol (PPP)
The PPP service uses the pppd daemon to initiate network connections between clients’ modems and–commonly via a phone line–a TCP/IP network, such as the Internet. A variation of PPP known as PPP over Ethernet (PPPoE) is used by Digital Subscriber Line (DSL) providers.
Dynamic Host Configuration Protocol (DHCP)
You can configure DHCP on a network to assign clients IP addresses dynamically. This reduces the number of valid IP addresses that an organization requires, because the addresses are assigned only when they’re required.

To enable a client to use DHCP, you need to configure it to request an IP address from a DHCP server once it establishes a network connection. The DHCP server checks a database of IP addresses and then returns an available address to the client, which can use it for the duration of the connection.
Domain Name System (DNS)
DNS resolves hostnames into IP addresses, and vice versa, in response to client requests.

To configure a client to use a specific DNS server, you add the nameserver parameter, followed by the IP address of the server, to the /etc/resolv.conf file. No further configuration is required.

For example, the following line in the /etc/resolv.conf file identifies the server at 192.168.100.1 as a DNS server:

nameserver 192.168.100.1 Question

In which file on a client do you identify the IP address of a DNS server?

Options:

/etc/resolv.conf
/etc/services
/etc/xinetd.conf
/etc/xinetd.d/servers

Answer
You use the /etc/resolv.conf file to identify the IP address of a DNS server for a client.

Option 1 is correct. To configure a DNS server, you include the nameserver parameter, followed by the IP address of the server that must run DNS, in the /etc/resolv.conf file.

Option 2 is incorrect. The /etc/services file lists installed services and the protocols and ports they use.

Option 3 is incorrect. The /etc/xinetd.conf file contains configuration settings for the xinetd superdaemon.

Option 4 is incorrect. All files in the /etc/xinetd.d/ directory are configuration files for daemons managed by the xinetd superdaemon.
To enable clients to route traffic to external networks, you need to configure a routing table. This table identifies the IP addresses of the default gateways on networks. In small networks, the default gateway is often the same computer as the default server.
To display the current routing table, you use the /sbin/route command. By default, a routing table lists the current network address and loopback address.
To add a new gateway address to a routing table, you use the /sbin/route add default gw command with the gateway’s IP address.
/sbin/route add default gw IP_address
Note
Routing rules don’t survive a system reboot. If you need to make a gateway setting permanent, you need to place it in a boot script.
2. Configuring network servicesYou typically configure network services for SUSE Linux using the graphical user interface (GUI) that YaST provides, or service-specific configuration files stored in the /etc directory and subdirectories.
Before you can configure a network service, you need to determine its function, the port it uses, and whether it must be controlled as a standalone service or managed by the xinetd superdaemon.
Supplement
Selecting the link title opens the resource in a new browser window.

Launch window

View a list of common network services and their key features.
Most server network services use a SysV startup script, which enables you to start, stop, or restart a service using the start, stop, and restart parameters at the command prompt.
root # start service_name
Question

Identify common methods of configuring network services for SUSE Linux.

Options:

Editing service-specific configuration files
Editing SysV scripts
Using start, stop, and restart parameters at the command prompt
Using YaST

Answer
You can manually edit service-specific configuration files or use YaST to configure network services for SUSE Linux.

Option 1 is correct. To configure most network services, you can manually alter their configuration files, which are typically stored in the /etc directory and subdirectories.

Option 2 is incorrect. SysV startup scripts enable you to start or stop specific network services from the command line, rather than enabling you to configure the services.

Option 3 is incorrect. The start, stop, and restart parameters send messages to the SysV startup scripts that start or stop services. You can’t use these parameters to configure services.

Option 4 is correct. YaST provides a GUI that you can use to configure most of the common network services.
3. Configuring SAMBA serversThe Samba server provides interoperability between Windows and Linux systems. It enables Windows clients to share Linux files and printers by emulating the Windows Server Message Block (SMB) protocol and using the Common Internet File System (CIFS) protocol.
Samba uses two daemons–smbd and nmbd. You configure it either by editing the /etc/samba/smb.conf file or using the YaST utility.
Entries in the /etc/samba/smb.conf file enable you to configure
global settings
home directories
shared printers
shared directories
global settings
The [global] section of the configuration file sets global options–such as printing, logon, security, and Lightweight Directory Access Protocol (LDAP) settings–which apply to all shares. In this section, you need to set the workgroup parameter if the NetBIOS name of a workgroup is anything other than “workgroup”. For example, you enter workgroup = earthfarm to identify the NetBIOS name “earthfarm” for a workgroup. You should also ensure that the encrypt passwords parameter is set to yes, because all Windows systems created after 1995 require encryption.
home directories
The [homes] section points to each user’s home directory as it is defined in the /etc/password file, and enables users to store their personal files on the Samba server.

Here are typical settings in the [homes] section:

[homes]
comment = Home Directories
valid users = %S
browseable = no
read only = No
inherit permissions = Yes
guest ok = no
printable = no
shared printers
The [printers] section contains settings for sharing printers. Here are typical settings in this section:

[printers]
comment = All Printers
path = /var/tmp
printable = yes
create mask = 0600
browseable = no
guest ok = no
shared directories
The configuration file includes separate sections for each shared directory. For example, it contains a [shared folder] section for a directory named “shared folder”. By default, shared directories are set to map to the /tmp directory and provide read-only access. However, you can alter the path and permissions settings. You can also choose to provide a comment parameter, to set an intuitive name for a shared directory to display in users’ browsers. Question
An /etc/samba/smb.conf file includes these entries:

[global]
workgroup = imagenie
encrypt passwords = no
[pictures]
comment = shared images
path = /home/samba/pictures
read only = no

What do these settings determine?

Options:

Samba clients can access and change files in the pictures directory
Shared pictures are stored in the /tmp directory on the Samba server
The Samba server is not equipped to handle Windows 2000 clients
The Samba server’s NetBIOS name is imagenie

Answer
These entries specify that Samba clients can access and change files in the pictures directory, and indicate that the server is not equipped to handle Windows 2000 clients.

Option 1 is correct. The [pictures] entry defines the directory named “pictures” as a shared directory. The read only parameter for this folder is set to no, which specifies that users have write privileges to the directory and its files.

Option 2 is incorrect. The default location for shared directories is the /tmp directory. In this case, however, the path parameter identifies the /home/samba/ directory as the directory in which the pictures folder is located.

Option 3 is correct. All Windows systems created after 1995 require encrypted passwords. To make this server available to Windows 2000 clients, you would need to change the value of the encrypt passwords parameter to yes.

Option 4 is incorrect. The imagenie entry provides the NetBIOS name for the Samba workgroup, rather than for the Samba server.
To enable Windows clients to log on to a Linux Samba server, you need to create local Linux accounts for the Windows users.

You also need to create an encrypted password database for the clients, because Windows systems created after 1995 require encrypted passwords and don’t support Linux shadow passwords.
Suppose you want to enable a Windows user named sblack to log on to a Samba server.

After you have added the user to the Samba server, you need to configure an SMB password for the user’s account. To do this, you use the smbpasswd command with the -a option and the user’s account name.
You type smbpasswd -a sblack and press Enter.
A prompt enables you to enter the SMB password for sblack.
ny-fs02:/home/ksmith # smbpasswd -a sblackNew SMB password:
You type and confirm the password, and Samba adds the entry to the smbpassword file in the /etc/samba/ directory.
Retype new SMB password:Added user sblack.ny-fs02:/home/ksmith #
Now suppose you want to add a shared directory named “policies”, with read-only rights, to the /home/samba directory.

To do this, you first open the smb.config file and scroll to below existing settings. You then define the directory as a shared directory.
You type [policies] and press Enter.
Once you’ve specified the name of the shared directory, you can add parameters to configure it.
guest ok = no printable = no [policies]
In this case, you set the browser comment and the path for the folder.
comment = shared policies folder path = /home/samba/policies
Question
Suppose you want to share your music folder–at /home/music–on a Samba server. You want to enable other users to add their music files to this folder.

Which settings must you include in the /etc/samba/smb.conf file to do this?

Options:

[music]
path = /home/music
read only = no
[music]
path = /home/music
read only = yes
[music]
read only = no

Answer
The following entries define the music folder as shared, identify its location, and enable other users to write their files to it:

[music]
path = /home/music
read only = no

Option 1 is correct. This entry correctly identifies the path to the shared folder. It enables users to write their files to the folder by setting the read only parameter to no.

Option 2 is incorrect. This entry correctly identifies the path to the shared folder. However, it won’t enable other users to copy music files into the folder, because it sets read-only access for it.

Option 3 is incorrect. This entry doesn’t identify the path to the music folder. As a result, the Samba server will set its path to the /tmp directory–which isn’t where it’s currently located.
To add a new shared folder using YaST, you first open the YaST utility and click the Network Services icon.
You click the Samba Server icon to access Samba configuration options.
The Samba Configuration window opens on the Shares tabbed page by default. You access settings for adding a new share.
You click the Add button.
The Add New Share page enables you to specify the new share’s type, name, description, and path.
You enter images in the Share name text box, Shared images in the Share description text box, and /home/samba/images in the Share Path text box.
You ensure that the Directory radio button–rather than the Printer radio button–is selected in the Share Type section, and you click OK to create the new shared directory.
You are returned to the Shares tabbed page of the Samba Configuration window, and you click Finish to exit.
Question
You want to create a Samba share named “Laserjet”, with the comment “Shared color printer.”

Which steps do you take to create the share using YaST?

Options:

Click Samba Server, click Add, type Laserjet in the Share Name text box, type Shared color printer in the Share Description text box, and click OK
Click Samba Server, click Add, type Laserjet in the Share Name text box, type Shared color printer in the Share Description text box, click Printer, and click OK
Click Samba Server, click Edit, type Laserjet in the Share Name text box, type Shared color printer in the Share Description text box, click Printer, and click OK

Answer
To create the printer share, you click Samba Server, click Add, type Laserjet in the Share Name text box, type Shared color printer in the Share Description text box, click Printer, and click OK.

4. Configuring Apache serversApache is the most popular web server for Linux. It uses the httpd daemon to serve HTML files from the document root directory.
To configure an Apache server, you can use the Apache configuration file–typically httpd.conf–or the YaST utility.
Note
Some SUSE Linux distributions ship with both Apache 1.3.x and Apache 2. Typically, Apache 2 uses the apachectl front end to control the httpd daemon. However, you may find that SUSE Linux Enterprise Server 9 has its own version of apachectl, named apache2 and stored in the /etc/init.d/ directory.
The httpd.conf file may be stored in the /etc/httpd/conf, /etc/apache2, or /usr/local directory, depending on your distribution and settings.
Once you alter settings in this file, you need to restart the Apache web server before they take effect. To start the server once you’ve shut it down, you use the command httpd start.
Note
You don’t need to restart the Apache server after you adjust web content inside the web document root directory.
The Apache configuration file contains directives, each with an associated value. For example, the Include directive sets the path to a file.
# run under this user/group idInclude /etc/apache2/uid.conf Options None AllowOverride None Order deny,allow Deny from all
They also contain option blocks, enclosed in angle brackets (<>). For example, this default option block forbids access to the entire filesystem.
Commonly used directives in the httpd.conf file include
DocumentRoot
User and Group
ScriptAlias
UserDir
DocumentRoot
The DocumentRoot directive sets the location of the home directory to which Apache points. This directory contains web pages for the default web site. You can choose to specify your own directory as the value of this directive, or move your web pages to the default location on an Apache server.
User and Group
During installation of an Apache web server, the root user creates a group and user to run the server. You use the User and Group directives to store default information for the user and group accounts under which Apache will run. Typically, both directives are set as www.
ScriptAlias
The ScriptAlias directive identifies the location of the cgi-bin directory, which stores Common Gateway Interface (CGI) scripts. You set the directive to a specific directory for CGI scripts–for example /usr/www/cgi-bin–to enable a web site to support dynamic web content.
UserDir
The UserDir directory enables you to append a specified directory–public.html, for instance–to the home directory of any user who connects to an Apache web server from a client. In SUSE Linux distributions, the default httpd.conf file points to other .conf files that contain directives and option blocks for Apache.
User wwwGroup www ServerAdmin admin@earthfarm.com ServerName www.earthfarm.comDocumentRoot “/home/httpd/efarm”
However, if you set up a virtual host, you need to include the DocumentRoot directive in the main server and virtual host configuration settings.
To enable a web site to use CGI scripts to provide dynamic content, you need to specify the cgi-bin directory.

You type ScriptAlias /cgi-bin/ to begin configuring Apache to support dynamic web content.
You then add the name of the cgi-bin directory.
ScriptAlias /cgi-bin/ “/home/httpd/cgi-bin/”
Question

Which directive appends a directory to an Apache user’s /home directory?

Options:

DocumentRoot
ScriptAlias
User
UserDir

Answer
The UserDir directive appends a directory to a user’s home directory.

Option 1 is incorrect. The DocumentRoot directive sets the location of the home page to which Apache points. This directory stores the web pages for the default web site.

Option 2 is incorrect. The ScriptAlias directive identifies the CGI-bin directory so that a web site can handle dynamic web content that uses CGI scripts.

Option 3 is incorrect. The User directive sets the user account under which Apache will run.

Option 4 is correct. The UserDir directive appends a directory to a user’s home directory when the user attempts to connect to an Apache web server. An example of this directive is

UserDir public_html
Suppose you now want to configure the Apache service on the ny-fs02 server. This server runs a GUI, so you decide to use the YaST utility.
To begin, you click the HTTP Server icon in the Network Services category to access HTTP configuration settings.
By default, the HTTP service is disabled. To configure the service, you therefore first need to enable it.
You click the Enabled radio button.
Once the HTTP service is enabled, you want to alter the default host settings.
You click the Default Host entry and click Edit.
The Host ‘default’ Configuration window lists the available options and their current values.
You want to set the server name to ny-fs02, so you ensure the Server Name option is selected and then set its value.
You click the Edit button, type ny-fs02 in the Server Name text box, and click OK.
The server name–ny-fs02–now displays as the value of the Server Name option.
In a similar way, you add the administrator’s e-mail address as the value of the Server Administrator E-mail option. You then click OK to accept the changes you’ve made.
SummaryIn Linux, each network service uses a daemon to listen for client requests on one or more specific ports, and to provide requested services in response. Ports and the protocols that services use in Linux are defined in the /etc/services file. The xinetd superdaemon manages the daemons for multiple services. However, large services tend to use standalone daemons.

You generally configure network services in SUSE Linux using YaST. In most other Linux distributions, you use the service-specific configuration files stored in the /etc/ directory and subdirectories.

A Samba server enables Windows clients to share Linux files and printers by emulating the Windows Server Message Block (SMB) protocol and using the Common Internet File System (CIFS) protocol. To configure Samba, you set appropriate parameters in the /etc/samba/smb.conf file.

To configure the Apache web server, you can edit the directives and option blocks in the Apache configuration file–typically httpd.conf–or use YaST.
Table of Contents | Top of page |

| Learning objective |

| 1. Introduction to network services |

| 2. Configuring network services |

| 3. Configuring SAMBA servers |

| 4. Configuring Apache servers |

This entry was posted on Friday, July 28th, 2006 at 6:23 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.