Professional Documents
Culture Documents
NovellPress Novell Certified Linux Professional Course 3057 Novell SUSE LINUX Network Services Training Book
NovellPress Novell Certified Linux Professional Course 3057 Novell SUSE LINUX Network Services Training Book
Network Services
Contents
Introduction
Course Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-2
Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-3
Certification and Prerequisites . . . . . . . . . . . . . . . . . . . . . . Intro-3
SLES 9 Support and Maintenance . . . . . . . . . . . . . . . . . . . Intro-5
SLES 9 Online Resources . . . . . . . . . . . . . . . . . . . . . . . . . Intro-6
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-7
Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-8
Exercise Conventions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intro-9
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1
Objective 1 Retrospection of DNS Basics. . . . . . . . . . . . . . . . . . . . . . . . . . 1-2
Understand How Name Servers Work . . . . . . . . . . . . . . . . . . . 1-2
Understand How to Query DNS . . . . . . . . . . . . . . . . . . . . . . . 1-3
Configure a Caching-Only DNS Server . . . . . . . . . . . . . . . . . 1-6
Configure a Master Server for Your Domain . . . . . . . . . . . . . 1-9
Objective 2 Forward Requests to Other Name Servers . . . . . . . . . . . . . . . 1-21
The Name Servers of the Root Domain . . . . . . . . . . . . . . . . . 1-21
Forward Requests to Specific Name Servers . . . . . . . . . . . . . 1-22
Forward Requests for a Subdomain . . . . . . . . . . . . . . . . . . . . 1-23
Exercise 1-1 DNS Server with Forwarding . . . . . . . . . . . . . . . 1-24
Objective 3 Restrict Access to the Name Server . . . . . . . . . . . . . . . . . . . . 1-37
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1
Objective 1 Understand How DHCP Works . . . . . . . . . . . . . . . . . . . . . . . . 2-2
Objective 2 Configure the DHCP Server . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6
The Configuration File /etc/sysconfig/dhcpd . . . . . . . . . . . . . . 2-7
The Configuration File /etc/dhcpd.conf . . . . . . . . . . . . . . . . . . 2-9
The Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-17
Configure a DHCP Server Using YaST . . . . . . . . . . . . . . . . . 2-21
Exercise 2-1 Configure the DHCP Server . . . . . . . . . . . . . . . . 2-28
Objective 3 Configure DHCP Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32
Exercise 2-2 Configure DHCP Clients. . . . . . . . . . . . . . . . . . . 2-36
Objective 4 Configure a DHCP Relay Server . . . . . . . . . . . . . . . . . . . . . . 2-37
1-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Contents
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1
Objective 1 Understand How CUPS Works . . . . . . . . . . . . . . . . . . . . . . . . 3-2
Print Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4
Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5
Objective 2 Install and Configure a Print Server. . . . . . . . . . . . . . . . . . . . 3-10
Install a Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10
Configure a Print Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11
Use YaST to Configure a Print Server . . . . . . . . . . . . . . . . . . 3-12
Exercise 3-1 Install a Print Server . . . . . . . . . . . . . . . . . . . . . . 3-18
Browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
Exercise 3-2 Browsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24
Access Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Exercise 3-3 Restrict the Access to the CUPS Server . . . . . . . 3-31
Access Restrictions for Users and Groups . . . . . . . . . . . . . . . 3-32
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32
Exercise 3-4 User Authentication. . . . . . . . . . . . . . . . . . . . . . . 3-34
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1
Objective 1 Retrospection of a Basic Samba Configuration . . . . . . . . . . . . 4-2
The Structure and Elements of the Samba
Configuration File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2
How to Use the Samba Tools to Access
SMB Shares from a Linux Computer . . . . . . . . . . . . . . . . . . . 4-5
Objective 2 Configure Virtual File Servers. . . . . . . . . . . . . . . . . . . . . . . . . 4-9
How to Configure Virtual Servers . . . . . . . . . . . . . . . . . . . . . . 4-9
How to Create Macros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-10
How to Include a File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-11
Exercise 4-1 Configure Virtual File Servers . . . . . . . . . . . . . . 4-13
1-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Contents
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2
Objective 1 Understand the Function of the Three Mail Agents. . . . . . . . . 5-3
Mail Transfer Agent (MTA) . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Mail Delivery Agent (MDA) . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
Mail User Agent (MUA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4
The Mail Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5
Objective 2 Understand the Architecture of Postfix . . . . . . . . . . . . . . . . . . 5-6
Process of Inbound Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7
Process of Outbound Email . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
Objective 3 Start, Stop, and Reinitialize Postfix . . . . . . . . . . . . . . . . . . . . 5-12
Objective 4 Know the Components of the Postfix Program Package . . . . 5-13
Objective 5 Configure the Postfix Master Daemon . . . . . . . . . . . . . . . . . 5-15
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
1-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Contents
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
Objective 1 What OpenSLP Is . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2
Objective 2 SLP Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
User Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-5
Service Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-6
Directory Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7
Unicast, Multicast, and Broadcast Protocols . . . . . . . . . . . . . . 6-9
Objective 3 Configure OpenSLP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
The OpenSLP Daemon slpd . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11
The OpenSLP Configuration File . . . . . . . . . . . . . . . . . . . . . 6-13
The OpenSLP Registration Files . . . . . . . . . . . . . . . . . . . . . . 6-19
Objective 4 SLP Frontends . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30
YaST SLP Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-30
Konqueror . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-33
The Command Line Program slptool . . . . . . . . . . . . . . . . . . . 6-38
Exercise 6-1 Provide the daytime Service Using OpenSLP. . . 6-40
Part I: Check the OpenSLP Daemon Status . . . . . . . . . . . . . . 6-40
Part II: Activate the daytime Service on Your Machine . . . . 6-41
Part III: Create a Registration File for the daytime Service . . 6-44
Part IV: Query the daytime Service . . . . . . . . . . . . . . . . . . . . 6-45
Part V: Use the daytime Service via OpenSLP . . . . . . . . . . . 6-46
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-48
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Objective 1 Use ntop to Monitor Network Traffic . . . . . . . . . . . . . . . . . . . 7-2
Configure ntop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Use ntop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Exercise 7-1 Use ntop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-8
Objective 2 Use Nagios to Monitor Hosts, Services, and Network . . . . . 7-10
Directories Used by Nagios . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
Basic Configuration of Nagios . . . . . . . . . . . . . . . . . . . . . . . . 7-11
Configuration of Contacts and Contact Groups . . . . . . . . . . . 7-13
Configure the Hosts and Host Groups . . . . . . . . . . . . . . . . . . 7-16
Configure the Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-20
Configure Other Resources . . . . . . . . . . . . . . . . . . . . . . . . . . 7-24
Configure the Nagios Web Server . . . . . . . . . . . . . . . . . . . . . 7-25
Use Nagios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-27
Exercise 7-2 Use Nagios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-29
Objective 3 Use Ethereal and tcpdump to Troubleshoot
Network Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-41
Use Ethereal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-41
Exercise 7-3 Use Ethereal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-50
Use tcpdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-53
Exercise 7-4 Use tcpdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-55
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-56
Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1
Objective 1 Describe Tomcat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2
1-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Contents
Index
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
1-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Introduction
Introduction
http://www.novell.com/training/certinfo/cle9
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Intro-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If you do not own a copy of VMware Workstation, you can obtain a 30-day
evaluation version at www.vmware.com. If you want to dedicate a machine
to install SLES 9, instructions are also provided in the self-study workbook.
Course Objectives
This course teaches you how to perform the following SUSE
LINUX network services tasks for SLES 9:
1. Use BIND to configure a DNS server.
2. Use DHCP to manage networks.
3. Set up a print server.
4. Use Samba to connect to Windows.
5. Configure a mail server.
6. Use OpenSLP.
7. Monitor Network Traffic.
8. Deploy Tomcat.
Intro-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Introduction
Audience
The primary audience for this course are Novell Certified Linux
Professionals (CLP).
http://www.novell.com/training/certinfo/clp
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Intro-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The following illustrates the training and testing path for Novell
CLE:
Figure Intro-1
The exercises in this course assume that students are familiar with
text editors. They do not list every single step but assume that the
student is already familiar with Linux system administration and
does not need a detailed description of basic steps.
Intro-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Introduction
x For more information about Novell certification programs and taking the
Novell CLP and CLE9 Practicum exam, see
http://www.novell.com/training/certinfo/.
You can obtain your free 30-day support and maintenance code at
http://www.novell.com/products/linuxenterpriseserver/eval.html.
x You will need to have or create a Novell login account to access the 30-day
evaluation.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Intro-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Intro-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Introduction
Agenda
The following is the agenda for this five day course:
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Intro-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Scenario
The Digital Airlines management has made the decision to use
network services shipped with SUSE LINUX Enterprise Server 9,
including BIND, DHCP, print server, mail server, OpenSLP and
Samba.
You decide to set up test servers in the lab so you can practice your
skills in these areas.
Intro-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Introduction
Exercise Conventions
When working through an exercise, you will see conventions that
indicate information you need to enter that is specific to your server.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Intro-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Intro-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Objectives
1. Retrospection of DNS Basics
2. Forward Requests to Other Name Servers
3. Restrict Access to the Name Server
4. Configure Logging Options
5. Security Aspects for Zone Transfer
6. Configure Dynamic DNS
7. Special Aspects of SUSE LINUX Enterprise Server 9
Configuration
8. Use rndc to Control the Name Server
9. Check Configuration Files
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
For each domain there is one DNS server (or name server) defined
as being “in charge” of its domain. This server is known as the
master server, and it is the authority for this domain (providing
authoritative answers).
There are other DNS servers called slave servers for the domain that
distribute the load and serve as backups. Slave servers keep a copy
of the information on the master server and update this information
at regular intervals. This update is called zone transfer.
1-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Table 1-1
master server Has the main responsibility for a domain.
Gets its data from local files.
slave server Gets its data from the master server using
zone transfer.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
■ If the DNS server is not the authority for the required domain,
the DNS server queries the responsible authority for the request
domain and gives the result to the resolver.
The data is stored in the cache of the DNS server. If there is
another request for this data later, the DNS server can provide it
immediately (a non-authoritative answer). All data has a
timestamp, and information is deleted from the cache after a
certain time.
Assume that your DNS server wants to find the IP address of the
computer www.suse.de. To do this, the DNS server first makes a
request to one of the DNS servers of the root domain.
Each DNS server knows the authorities responsible for the TLDs.
The address for each authority required is passed onto the
requesting DNS server. For www.suse.de, this is a DNS server for
the TLD .de, that is, the computer dns2.denic.de.
Our DNS server then asks this for the authority for the domain
suse.de and as an answer is given the computer ns.suse.de.
In a third step, this DNS server is queried and (as an answer) gives
the IP address of the SUSE web server. This answer is returned by
our DNS server to the requesting resolver.
1-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Figure 1-1
Address request from www.suse.de Name Server
for Root Domain "."
Name
Link to Name Server for ".de"
Server
Request for address of www.suse.de Name Server
for TLD ".de"
Link to Name Server for "suse.de"
for Domain
Address for "www.suse.de"
"suse.de"
Computer
(Resolver)
The DNS servers for the root domain play a very important role in
name resolution. In order to alleviate the server load due to queries,
every DNS server stores the information received from other names
servers in its cache.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
A caching-only DNS server does not manage its own databases but
merely accepts queries and forwards them to other DNS servers.
The supplied replies are saved in the cache.
The global options are defined in the options block at the beginning
of the file. The directory containing the database files (or zone files)
is listed. Normally, this is /var/lib/named/.
1-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
#
# forward resolution for localhost
#
zone "localhost" in {
type master;
file "localhost.zone";
};
#
# reverse resolution for localhost
#
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
The zone entry for the root DNS servers contains a reference to a
file containing the addresses of the root DNS servers. This file
(root.hint) is generated in the directory /var/lib/named/ during the
installation of the package bind.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The 2 files for the resolution of localhost are also generated during
the installation. The structure of these files is explained later.
These entries are used to forward queries to the DNS server directly
to the responsible DNS servers. However, this resolution method
can be very slow. This problem can be solved by using forwarders.
The DNS server has the addresses of other DNS servers in case it
cannot resolve a host name itself. You might be able to use the DNS
servers of an Internet provider for this purpose, as they usually have
a lot of information in their cache.
You can define these DNS servers in the options block in the file
/etc/named.conf, as in the following:
options
{
directory "/var/lib/named";
forwarders
{
10.0.0.254;
};
};
If these DNS servers cannot be reached, the queries are sent directly
to the root DNS servers.
1-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
You can adapt the configuration for the caching-only DNS server
for configuring a DNS server containing its own information files.
The global options are followed by definitions for the database files
(or zone files) for the domains this DNS server serves. At least 2
files are necessary for each domain:
■ A file for forward resolution (allocating an IP address to a
computer name)
■ A file for reverse resolution (allocating a computer name to an
IP address)
If several subnets belong to a domain, then one file for each of these
networks must be created for reverse resolution.
Each definition begins with the instruction zone (this is why the
database files are also known as zone files), followed by the name of
this zone.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
For forward resolution, this is always the domain name. For reverse
resolution, the network prefix of the IP address must be given in
reverse order (10.0.0.0 becomes 0.0.10.) to which the suffix
in-addr.arpa is added (0.0.10.in-addr.arpa).
The text in curly brackets defines the type of DNS server this is for
the corresponding zone (here it is always the type master; other
types are introduced later).
Finally, there is the name of the file in which the entries for this
zone are located.
The entries for the Digital Airlines configuration look like the
following:
#
# forward resolution for the domain digitalairlines.com
#
zone "digitalairlines.com" in
{
type master;
file "master/digitalairlines.com.zone";
};
#
# reverse resolution for the network 10.0.0.0
#
zone "0.0.10.in-addr.arpa" in
{
type master;
file "master/10.0.0.zone";
};
1-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
The 2 files for the domain localhost and the file for the root DNS
servers are always included in the installation. You do not need to
change these files; however, you must create the files required for
the actual domain.
You need to know the following to manually create the zone files:
■ Structure of the Files
■ The File /var/lib/named/master/digitalairlines.com.zone
■ The File /var/lib/named/master/10.0.0.zone
■ The File /var/lib/named/master/localhost.zone
■ The File /var/lib/named/master/127.0.0.zone
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x Individual entries must always start in the first column with the reference. If
an entry does not start in the first column, the reference is taken from the
previous entry.
1-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
;
; definition of a standard time to live, here: two days
;
$TTL 172800
;
; SOA Entry
;
digitalairlines.com. IN SOA da1.digitalairlines.com.
adm.digitalairlines.com. (
2004092601 ; serial number
1D ; refresh (one day)
2H ; retry (two hours)
1W ; expiry time (one week)
3H ; "negative" validity (three hours)
)
After the SOA entry the name of the DNS server is listed (in this
example, da1.digitalairlines.com with a dot at the end).
Alternatively, you could write da1, and the domain name
digitalairlines.com would be added after the name.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Next comes the email address of the person who is responsible for
the administration of the DNS server. The “@” usually used in
email addresses must be replaced by a dot (so the email address in
this example is hostmaster.example.com). This is necessary because
@ has a special meaning as an abbreviation.
Slave servers use this number to detect if they need to copy this
zone file or not. If the serial number on the master server is greater
than that on the slave server, the file is copied.
1-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
;
; entry for the name server
;
digitalairlines.com. IN NS da1.digitalairlines.com.
The name of the domain can be omitted at this point. Then the name
from the previous entry is taken (the SOA entry).
At the end of this file are the IP addresses that are allocated to
computer names. This is done with A (address) entries, as in the
following:
;
; Allocation of IP addresses to host names
;
da10 IN A 10.0.0.10
da12 IN A 10.0.0.12
da13 IN A 10.0.0.13
The file for reverse resolution contains similar entries as the file for
forward resolution. At the beginning of the file there is the definition
of a default TTL and an SOA entry.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
At the end of this file are the IP addresses that are allocated to
computer names, this time with the PTR (Pointer) entry, as in the
following:
;
; Allocation of host names to IP addresses
;
10 IN PTR da10.digitalairlines.com.
12 IN PTR da12.digitalairlines.com.
13 IN PTR da13.digitalairlines.com.
14 IN PTR da14.digitalairlines.com.
The following 2 files must exist for the local computer. These are
created automatically during installation and should not be
modified.
1-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
$TTL 1W
@ IN SOA @ root (
42 ; serial (d. adams)
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
IN NS @
IN A 127.0.0.1
In this case, it is localhost, which is also used for the name of the
DNS server (this is why “@” appears many times in the file).
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
In this file, the abbreviation “@” is also used. But here the computer
name must be given explicitly with localhost (remember the dot at
the end):
$TTL 1W
@ IN SOA localhost. root.localhost. (
42 ; serial (d. adams)
2D ; refresh
4H ; retry
6W ; expiry
1W ) ; minimum
IN NS localhost.
1 IN PTR localhost.
1-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
digitalairlines.com. IN MX 0 mail
IN MX 10 da1
IN MX 10 da5
If the mail server with the highest priority cannot be reached, the
mail server with the second highest priority is used. If several mail
servers have the same priority, then one of them is chosen at
random. An address entry must be made for each mail server.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
These are the CNAME (canonical name) entries in the database file
for forward resolution:
da30 IN A 10.0.0.30
www IN CNAME da30
x The names of the mail servers for the domain (MX entry) cannot be alias
names, since some mail servers cannot handle this correctly.
1-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
To do this, the name server has to know how to reach other name
servers:
■ The Name Servers of the Root Domain
■ Forward Requests to Specific Name Servers
■ Forward Requests for a Subdomain
This file is created during the installation of the bind package in the
directory /var/lib/named/, and is called root.hint.
zone "." in
{
type hint;
file "root.hint";
};
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If no additional entries are made, the name server can contact the
root name servers directly.
But it is also possible to give the name server the addresses of other
name servers.
options
{
directory "/var/lib/named";
forwarders
{
10.0.0.10;
10.0.0.15;
};
};
In this case, the requests that could not be resolved locally are
forwarded to one of the two name servers given.
If neither of these can be reached, the request runs via the root name
servers, as described above.
1-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
If there is another name server used for resolving host names for a
subdomain, this name server has to be defined in the corresponding
zone entry.
The type is set to forward, the address of the respective name server
has to be specified:
zone "slc.digitalairlines.com" in
{
type forward;
forward only;
forwarders
{
10.0.0.10;
};
};
If you include the entry forward only, the name server is instructed
never to try to resolve the address itself.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Do the following:
■ Part I: Install BIND
■ Part II: Configure the DNS Master Server for the Domain
digitalairlines.com
■ Part III: Configure the DNS Slave Server for the Domain
digitalairlines.com
■ Part IV: Configure the DNS Master Server for the Domain
muc.digitalairlines.com
■ Part V: Enable Forwarding
x This exercise requires extensive typing to create your DNS files. To save you
some time, the files digitalairlines.com.zone and 10.0.0.zone are included
on your 3057 Course CD in the directory exercises/section_1/.
1-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Part II: Configure the DNS Master Server for the Domain
digitalairlines.com
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6. Add the following two zone statements after the existing zone
statements:
zone “digitalairlines.com” in {
type master;
file “master/digitalairlines.com.zone”;
};
zone “0.0.10.in-addr.arpa” in {
type master;
file “master/10.0.0.zone”;
};
7. Save and close the file.
8. Create a new file digitalairlines.com.zone in the directory
/var/lib/named/master/.
9. Enter the following zone configuration in the file:
$TTL 172800
digitalairlines.com. IN NS your_FQDN.
digitalairlines.com. IN NS slave_FQDN.
da1 IN A 10.0.0.254
da2 IN A 10.0.0.2
da10 IN A 10.0.0.10
da11 IN A 10.0.0.11
da12 IN A 10.0.0.12
1-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
$TTL 172800
0.0.10.in-addr.arpa. IN SOA your_FQDN.
hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
0.0.10.in-addr.arpa. IN NS your_FQDN.
0.0.10.in-addr.arpa. IN NS slave_FQDN.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
tail -f /var/log/messages
17. Switch to the first terminal window and start bind by entering
rcnamed start
x If there are errors in the file /etc/named.conf, they are noted in the output
(with specific references and line numbers).
The named daemon will not start until these errors are fixed.
18. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR Type or File Not
Found.
If any errors occur, fix them and restart bind.
19. From the first terminal window, start bind automatically when
the system is booted by entering
insserv named
20. Open the file /etc/resolv.conf in a text editor.
1-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
nameserver your_ip_address
23. Save and close the file.
host da10.digitalairlines.com
This should display the IP address of 10.0.0.10.
Part III: Configure the DNS Slave Server for the Domain
digitalairlines.com
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
zone “0.0.10.in-addr.arpa” in {
type slave;
file “slave/10.0.0.zone”;
masters
{
master_server_ip_address;
};
};
7. Save the changes and close the editor.
8. Open a second terminal window and enter su - to get root
permissions.
9. When prompted, enter the root password novell..
10. Enter the command
tail -f /var/log/messages
11. Switch to the first terminal window and start bind by entering
rcnamed start
x If there are errors in the file /etc/named.conf, they are noted in the output
(with specific references and line numbers).
The named daemon will not start until these errors are fixed.
1-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
12. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR Type or File Not
Found.
13. If any errors occur, try to fix them and restart bind.
insserv named
15. From the first terminal window, open the /etc/resolv.conf file in
a text editor.
16. Delete all existing nameserver entries.
nameserver master_server_ip_address
18. Save and close the file.
host da10.digitalairlines.com
Part IV: Configure the DNS Master Server for the Domain
muc.digitalairlines.com
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5. Add the following two zone statements after the existing zone
statements:
zone “muc.digitalairlines.com” in {
type master;
file “master/muc.digitalairlines.com.zone”;
};
zone “1.0.10.in-addr.arpa” in {
type master;
file “master/10.0.1.zone”;
};
6. Save and close the file.
7. Create a new file muc.digitalairlines.com.zone in the directory
/var/lib/named/master/.
8. Enter the following zone configuration in the file:
$TTL 172800
muc.digitalairlines.com. IN NS your_FQDN.
muc.digitalairlines.com. IN MX 1 da1.digitalairlines.com.
da100 IN A 10.0.1.100
da101 IN A 10.0.1.101
da102 IN A 10.0.1.102
The SOA record (including hostmaster.digitalairlines.com)
must be on a single line.
1-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
$TTL 172800
1.0.10.in-addr.arpa. IN SOA your_FQDN.
hostmaster.digitalairlines.com. (
serial_number
1D
2H
1W
3H
)
IN NS your_FQDN.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
tail -f /var/log/messages
16. Switch to the first terminal window and start bind by entering
rcnamed start
17. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR Type or File Not
Found.
18. If any errors occur, fix them and restart bind.
host da100.muc.digitalairlines.com
This should display the IP address of 10.0.1.100.
1-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
zone “1.0.10.in-addr.arpa” in
{
type forward;
forward only;
forwarders
{
IP_address_of_the_slave_server;
};
};
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-35
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
tail -f /var/log/messages
13. Switch to the first terminal window and start bind by entering
rcnamed start
14. From the second terminal window, watch the log output of bind
for any messages such as Unknown RR Type or File Not
Found.
15. If any errors occur, fix them and restart bind.
host da100.muc.digitalairlines.com
This should display the IP address of 10.0.1.100.
(End of Exercise)
1-36 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
options
{
...
allow-query
{
10.0.0.0/24;
10.0.1.0/24;
};
};
If you include this instruction, only computers from the two subnets
defined can access this name server.
x Do not use this instruction for the name server that provides information
about your network to hosts on the Internet.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-37
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You can use the entry severity to determine from which priority
level messages are written to this channel.
1-38 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
The top five severities (critical, error, warning, notice, and info)
are the familiar severity levels used by syslog.
debug is name server debugging for which you can specify a debug
level. If you omit the debug level, then the level is assumed to be
one. If you specify a debug level, you will see messages of that level
when name server debugging is turned on.
If you specify dynamic severity, then the name server will log
messages that match its debug level.
The default severity is info, which means you won't see debug
messages unless you specify the severity.
logging
{
channel sec_file
{
file "/var/log/bind_security.log" versions 3 size 20m;
severity debug 3;
print-time yes;
print-category yes;
print-severity yes;
};
};
All messages with debug level 3 sent to this channel are written to
the /var/log/bind_security.log file with a time stamp (print-time
yes), category (print-category yes) and severity level
(print-severity yes). As soon as the file reaches a size of 20 MB
(size 20m), a new file is created. Three old versions of the file are
stored (version 3).
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-39
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
channel default_syslog {
syslog daemon;
severity info;
};
channel null {
file "/dev/null";
};
Here, two predefined channels are listed: syslog daemon and null
device.
channel "my_security_channel"
{
file "my_security_file"; # use an absolute path
severity info;
};
category "security"
{
"my_security_channel";
"default_syslog";
"default_debug";
};
This logs security events to the file my_security_file but also keeps
the default logging behavior.
1-40 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
If you use this default setting, all messages are sent to the syslog
daemon.
In the debug status, messages are written to the log file named.run.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-41
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The key is used to sign requests from the slave server. Only signed
requests for zone transfers are accepted by the master server.
First, a key must be generated and made known to the master server
and slave servers.
1-42 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Create a Key
If you use this command, two files are created in the current
directory:
da2:/var/lib/named # ls -l K*
-rw------- 1 root root 56 Feb 21 10:39 Kzonetransfer.+157+01389.key
-rw------- 1 root root 81 Feb 21 10:39 Kzonetransfer.+157+01389.private
x The numbers at the end of the filename will be slightly different when you
run this command.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-43
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
options {
...
};
key zonetransfer
{
algorithm HMAC-MD5;
secret "KhDVspoqFonWKv58rFXOWw==";
};
zone "digitalairlines.com" in
{
type master;
file "master/digitalairlines.com.zone";
allow-transfer
{
key zonetransfer;
};
};
zone "0.0.10.in-addr.arpa" in
{
type master;
file "master/10.0.0.zone";
allow-transfer
{
key zonetransfer;
};
};
1-44 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
da:~ # ls -l /etc/named.conf
-rw-r----- 1 root named 572 Jun 3 14:30 /etc/named.conf
options
{
...
};
key zonetransfer
{
algorithm HMAC-MD5;
secret "KhDVspoqFonWKv58rFXOWw==";
};
server 10.0.0.2
{
keys
{
zonetransfer;
};
};
It is also important that only the user root and the group named be
able to read the configuration file containing the key.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-45
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
1-46 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
If you only have one server (the master) that allows zone transfers
to slave servers, you make sure that all slave servers get exactly the
same information.
options
{
allow-transfer {none;};
};
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-47
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Exercise 1-2 Configure Zone Transfers from the Master Server to Slave
Servers
1-48 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Do the following:
1. On the master server, open the /etc/named.conf file with a text
editor.
2. Add the following lines after the option section:
3. key zonetransfer
{
algorithm HMAC-MD5;
secret "your_key";
};
In the secret option, enter the key you recorded in Part I, Step
4.
4. Change the content of the zone description of digitalairlines.com
as follows:
zone "digitalairlines.com" in
{
type master;
file "master/digitalairlines.com.zone";
allow-transfer
{
key zonetransfer;
};
};
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-49
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
tail -f /var/log/messages
11. Switch to the first terminal window and start bind by entering
rcnamed start
12. From the second terminal window, watch the log output of bind
when the slave server is started.
1-50 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Do the following:
1. On the slave server, open the /etc/named.conf file with a text
editor.
2. Add the following lines after the option section
key zonetransfer
{
algorithm HMAC-MD5;
secret "key_of_the_master_server";
};
server IP_address_of_the_master_server
{
keys
{
zonetransfer;
};
};
In the secret option, enter the key of the master server.
3. Save the file and exit the text editor.
4. Remove the files in the directory /var/lib/named/slave/ by
entering:
rm /var/lib/named/slave/*
5. Open a second terminal window and enter su - to get root
permissions.
6. When prompted, enter the root password novell.
7. Enter the command
tail -f /var/log/messages
8. Switch to the first terminal window and start bind by entering
rcnamed start
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-51
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
9. From the second terminal window, watch the log output of bind
if the zone transfer will be done.
(End of Exercise)
You can modify the resource record sources of the name server
dynamically without editing and reloading files. This is called
dynamic DNS. Dynamic DNS can also be used by external services
like DHCP.
allow-update { 127.0.0.1; };
da2:~ # nsupdate
>
x Before using nsupdate, make sure that all zone files have the correct access
permissions. If they not set properly, use the following commands:
chgrp -R named /var/lib/named
chmod R g+w /var/lib/named
1-52 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Dynamic updates are stored in a journal file for the zone. This file is
automatically generated by the server when the first dynamic update
is performed.
The contents of the journal file is written to the zone file every 15
minutes. When the name server is shut down, the contents of the
journal file are written to the zone file, too.
x Dynamic updates will change the layout of your zone files when the data is
written to them. You should either use an editor or nsupdate to modify your
zone information instead of using both tools.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-53
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
b All commands are described in the man page of nsupdate: man 8 nsupdate.
da2:~ # nsupdate
> server 127.0.0.1
> update add da13.digitalairlines.com 86400 A 10.0.0.13
>
> update delete da13.digitalairlines.com A
>
> update add 13.0.0.10.in-addr.arpa 86400 PTR da13.digitalairlines.com
>
1-54 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
In the following table, the most important record types are listed:
b In Section 2 Use DHCP to Manage Networks, you will learn how to use a
DHCP server to provide dynamic DNS updates.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-55
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 1-2
x YaST is not able to decode manually created configuration and zone files.
1-56 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
The last entry of the /etc/named.conf file (installed with the bind
package) is the following line:
include "/etc/named.conf.include";
NAMED_CONF_INCLUDE_FILES
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-57
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x As this file comes with a default key from the bind package, do not use this
key on a production system. You should always create your own key.
key rndc_key {
algorithm "HMAC-MD5";
secret "d3YWEw9jxo5UZ6N/EcIbFg==";
};
options {
default-key “rndc-key”
default-server 127.0.0.1;
default-port 953;
};
The first statement defines the algorithm used to generate the key
and the secret key. The second statement defines the default server
to manage the request (the IP address of the name server) and the
default key to use for the requests.
1-58 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
key rndc_key
{
algorithm HMAC-MD5;
secret "d3YWEw9jxo5UZ6N/EcIbFg==";
};
controls
{
inet 127.0.0.1
allow {localhost;} keys {rndc_key;};
inet 10.0.0.2
allow {localhost; 10.0.0.20;} keys {rndc_key;};
};
The inet statement defines which computers get access using rndc.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-59
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
After the allow statement, a list of hosts that are allowed to access is
provided.
For the IP address 10.0.0.2, access is allowed from local host and
computer 10.0.0.20.
In both cases, the key named rndc_key has to be used to get access.
1-60 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
If you enter rndc without any options, you see a list of available
parameters:
da20:~ # rndc
Usage: rndc [-c config] [-s server] [-p port] [-k key-file ] [-y key] [-V]
command
Using the options, you can always specify another server or another
key to use for the request.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-61
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The last line creates a dump of the cache of the name server.
You can view the contents of the dump file using less or cat.
1-62 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
named-checkconf
In case of an error, you get a message including the line number and
a hint:
da2:~ # named-checkconf
/etc/named.conf:52: expected IP address near 'listen-on-v6'
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-63
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
named-checkzone
1-64 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Summary
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-65
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
1-66 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-67
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
1-68 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a DNS Server Using BIND
Objective Summary
8. Use rndc to Control the Name The tool rndc (remote name
Server daemon control) can be used to
manage the name server from a
local or a remote host.
To use this tool, the requests have
to be authenticated.
You can create your key by using
the command rndc-confgen.
The configuration file
/etc/rndc.conf on the client needs
the following information:
■ The algorithm used for the
generation of the key
■ The IP address of the name
server
■ The default key to use for the
requests
On the name server, access via
rndc has to be permitted.
This is done in the file
/etc/named.conf with the controls
statement.
You also have to provide
information about the key.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 1-69
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
1-70 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
During the boot process, the client sends a request via broadcast in
the local network. A BOOTP server answers and sends the
configuration parameters (at least the IP address of the client).
DHCP can also create pools of limited network addresses that can
be shared in the network.
Objectives
1. Understand How DHCP Works
2. Configure the DHCP Server
3. Configure DHCP Clients
4. Configure a DHCP Relay Server
5. Use DHCP and Dynamic DNS
6. Troubleshoot DHCP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The requested machine will then realize, from the IP address, that it
is being called and replies to the machine that initiated the broadcast
with its own MAC address.
2-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Figure 2-1
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
2-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
/etc/init.d/dhcpd start
or
rcdhcpd start
2-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
For example, the DHCP server listens on the two interfaces eth0 and
eth1, set the variable DHCPD_INTERFACE to
DHCPD_INTERFACE="eth0 eth1"
The DHCP server will listen only to the interfaces specified here.
x Starting with kernel 2.6, the names assigned to the network interface are not
guaranteed to be permanent. The interface called eth0 might be called eth1
after the next reboot. (The names can only change after reloading the
network kernel module).
This can be quite annoying if the DHCP server is not listening on all
interfaces.
To ensure that the name of an interface remains the same, add the following
line to your configuration file for the interface (for example,
/etc/sysconfig/network/ifcfg-eth-id-00:90:27:51:4d:95):
PERSISTENT_NAME=”card0”
From now on, this interface will always get the name card0 and you can set
the variable DHCPD_INTERFACE in /etc/sysconfig/dhcpd to this name.
Unfortunately, you cannot use eth0 or eth1 for the name.
DHCPD_RUN_CHROOTED="yes"
DHCPD_RUN_AS="dhcpd"
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The second variable defines the user to be used for running the
processes. Normally there is no reason to change the default settings
of these variables.
The DHCP server can read additional configuration files that are
included into the main configuration file.
DHCPD_CONF_INCLUDE_FILES="/etc/dhcpd.conf.shared /etc/dhcpd.conf.d”
2-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Global definitions are made at the top of the configuration file. The
parameters defined here apply to all subsequent sections unless they
are explicitly overwritten in the respective sections.
In case of an error in the configuration file, dhcpd will not start but
will print out an error message. This message can be used to locate
the error in the configuration syntax.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You will not need all the configuration statements that are provided
with this sample file. It is better to start with an empty configuration
and to enter only those statements you really need.
2-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
A Simple Configuration
#
# /etc/dhcpd.conf
#
ddns-update-style none;
The following are statements on the lease times (the validity period
for assigned IP addresses):
#
# specify default and maximum lease time
#
default-lease-time 86400;
max-lease-time 86400;
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x At maximum you can enter a number of 231-1 seconds for lease time. That
are about 68 years.
If the requested lease time is shorter than the default lease time, the
DHCP server will assign the IP address for the requested time.
If the requested lease time is longer than the default lease time, the
DHCP server will accept this, if no maximum time has been
specified. If the statement max-lease-time is present this time will
be the longest available.
Only IP addresses with lease times that have not expired can be
assigned to new client requests.
#
# What is the DNS domain and where is the name server?
#
option domain-name "digitalairlines.com";
option domain-name-servers 10.0.0.1, 10.0.0.2;
2-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
#
# This is the default gateway
#
option routers 10.0.0.254;
This declaration starts with the keyword subnet and specifies the
subnet and corresponding network mask:
#
# Which IP addresses may be assigned to the clients?
#
subnet 10.0.0.0 netmask 255.255.255.0
{
range 10.0.0.101 10.0.0.120;
}
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
#
# Host da5 will always get the same address
#
host da5.digitalairlines.com
{
hardware ethernet 00:90:27:51:4D:95;
fixed-address 10.0.0.5;
}
If there are any specific settings for this host required (such as lease
time or routers), they have to be provided inside the host statement.
x If you are assigning fixed addresses to certain hosts, make sure that these
addresses are outside all the address ranges defined.
2-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
x Assigned fixed addresses are not logged in the log file that contains
information about all the leases. Only dynamically assigned addresses are
logged there.
The declaration starts with the group statement and contains a list of
the hosts and the corresponding settings.
#
# This group of hosts needs specific settings
#
group
{
default-lease-time 43200;
max-lease-time 86400;
routers 10.0.0.253;
host da6.digitalairlines.com
{
hardware ethernet 00:90:27:51:4C:95;
}
host da7.digitalairlines.com
{
hardware ethernet 00:90:27:51:4C:96;
}
host da8.digitalairlines.com
{
hardware ethernet 00:90:27:51:4C:97;
}
}
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Use Classes
class "unwanted-clients"
{
match if substring(hardware, 1, 3) == 00:11:22;
deny booting;
}
The match if statement defines here that the members of this class
should be identified by their hardware (MAC) address. This line
identifies all MAC addresses where the first three bytes match
"00:11:22". All clients matching this definition are grouped into this
class automatically. The deny booting statement in the next line
defines that the DHCP server should not provide any IP addresses to
these clients.
2-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
class "special-macs"
{
match if substring(hardware, 1, 3) = 01:23:45;
}
The IP addresses assigned by the DHCP server are logged to the file
/var/lib/dhcp/db/dhcpd.leases
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
When dhcpd is started, the log file is read so that the DHCP server
knows about currently assigned IP addresses.
This file is required, before you start the DHCP server for the first
time.
After starting dhcpd, a copy of the previous version of the log file
will be created using the name
/var/lib/dhcp/db/dhcpd.leases~
To prevent a log file from becoming too large, by adding more and
more entries, it will be re-created occasionally.
2-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
lease 10.0.0.120
{
starts 1 2005/06/14 08:06:51;
ends 1 2005/06/14 09:06:51;
binding state active;
next binding state free;
hardware ethernet 00:50:ba:be:33:1c;
uid "\001\000P\272\2763\034";
client-hostname "da5";
}
lease 10.0.0.119
{
starts 1 2005/06/14 08:08:06;
ends 1 2005/06/14 20:08:06;
binding state active;
next binding state free;
hardware ethernet 08:00:46:b6:d8:ce;
uid "\001\010\000F\266\330\316";
client-hostname "da6";
}
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If this is the case, the host name appears after the keyword
client-hostname in the lease file.
2-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
When this YaST module is started for the first time, a configuration
wizard is started, enabling a simple, basic configuration in three
steps.
Do the following:
1. Select the network interface on which the DHCP server is to
listen:
Figure 2-2
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
2. Set global settings such as the domain name and the IP addresses
of name servers:
Figure 2-3
ldap-base-dn “ou=DHCP,dc=digitalairlines,dc=com”;
ldap-method static;
ldap-server “localhost”;
2-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
x The YaST module mail-server for the configuration of a mail server can only
be used if the DHCP server data are stored in the LDAP directory.
3. Set the address space from which the addresses are assigned
dynamically and the lease time; then select Next:
Figure 2-4
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
In this module, you can modify all settings made with the
wizard:
Figure 2-5
2-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
4. You can enter the hosts that are to be assigned static IP addresses
on the basis of their MAC addresses under Host Management.
Figure 2-6
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 2-7
2-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Figure 2-8
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
2-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
default-lease-time 86400;
11. To set the maximum lease time to two days, enter
max-lease-time 172800;
12. To define the domain name, enter
2-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
This is done with YaST. Select Network Devices > Network Card.
In this dialog, specify that the IP address and subnet mask should be
requested from the DHCP server when the computer is booted.
Figure 2-9
2-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Alternatively, the client can transmit its name to the DHCP server
that sends it to the DNS server if dynamic DNS via DHCP is
enabled.
In this case, the clients must have been assigned local host names to
prevent various DHCP clients from being assigned the same name
in DNS.
The configuration files for the network interfaces are located in the
/etc/sysconfig/network/ directory.
This file contains the values with which a network card should be
activated.
BOOTPROTO=”dhcp”
STARTMODE=”onboot”
UNIQUE=”bSAa.IQxIdIhhuH7”
_nm_name=’bus-pci-0000:00:11.0’
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
2-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-35
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
13. Start a virtual terminal by selecting the Konsole icon in the KDE
panel.
14. Switch to user root by entering su -.
15. When you are prompted for the root password, enter novell.
(End of Exercise)
2-36 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
The IP address of the DHCP server that the relay server will
forward the client queries to must be specified under
DHCRELAY_SERVERS.
DHCRELAY_INTERFACES=”eth0 eth1”
However, the entries do not differ from the entries required for
clients in the server’s local network.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-37
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
As the DNS server can only accept changes from the authorized
DHCP server, the updates must be protected cryptographically.
2-38 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Enter this key and information about the affected zone in the
configuration files.
key dhcp-dns {
algorithm HMAC-MD5;
secret UsiG5qub101MHk0jzoKQgw==;
};
zone "digitalairlines.com" in {
type master;
file "digitalairlines.zone";
allow-update { key dhcp-dns ;};
};
zone "10.0.0.zone" in {
type master;
file "digitalairlines.arpa";
allow-update { key dhcp-dns ;};
};
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-39
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
As this file contains the key in clear text, the permissions of the
configuration file must be set so that the file is not readable for all
users (this is the default for SUSE LINUX Enterprise Server 9):
da2:~ # ls -l /etc/named.conf
da2:~ # -rw-r----- 1 root named 3846 Jun 30 2004 /etc/named.conf
ddns-update-style interim;
ddns-updates on;
key dhcp-dns {
algorithm HMAC-MD5;
secret UsiG5qub101MHk0jzoKQgw==;
}
x Add the inverse zone section above the normal zone section. Otherwise the
DHCP server is not able to remove the DNS entries correct, when the lease
time is exeeded and the computer does not request a new IP.
As this file contains the key in clear text, you must modify the file
permissions of the configuration file to prevent it from being
readable for all users:
2-40 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
In case the DHCP server gets the host name from the client, the
configuration within a subnet declaration is the same as the
configuration without dynamic DNS.
In this case, a client must always be assigned the same host name,
even if the IP address changes.
The allocation of the name to the host is based on the MAC address
of the network card.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-41
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
host da5.digitalairlines.com {
# The following entries concern the host
# with this MAC address:
hardware ethernet 00:90:27:a4:96:1f;
The client has to be configured in such a way that it accepts the host
name via DHCP.
The log file (/var/log/messages) of the DNS server and the DHCP
server provide information about the address assignment and the
success or failure of the DNS server update.
2-42 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
The name server first saves dynamic entries in files with the
extension .jnl. These files are referred to as journal files.
The file specified on the command line must contain the name of the
key in the same form as in /etc/named.conf.
Upon start up, the program has a prompt for performing updates
interactively:
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-43
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
2-44 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Do the following:
1. Start a virtual terminal by selecting the Konsole icon in the KDE
panel.
2. Switch to user root by entering su -.
3. When you are prompted for the root password, enter novell.
4. Switch to the directory /var/lib/named/ by entering
cd /var/lib/named
5. To create a key, enter
dnssec-keygen -a HMAC-MD5 -b 128 -n HOST dhcp-dns
The name of the key file is written on the screen by this
command. Record it in the space below:
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-45
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Do the following:
1. Start your favorite text editor and open the file /etc/named.conf.
2. Append the following after options:
key dhcp-dns {
algorithm HMAC-MD5;
secret your_key;
};
zone "digitalairlines.com" in {
type master;
file "digitalairlines.zone";
allow-update { key dhcp-dns ;}:
};
zone "0.0.10.in-addr.arpa" in {
type master;
file "10.0.0.zone";
allow-update { key dhcp-dns ;}:
};
3. Save the file.
2-46 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Do the following:
1. Open the file /etc/dhcpd.conf with your text editor and enter the
following:
ddns-update-style interim;
ddns-updates on;
key dhcp-dns {
algorithm HMAC-MD5;
secret your_key;
}
zone digitalairlines.com. {
key dhcp-dns;
}
zone 0.0.10.in-addr.arpa. {
key dhcp-dns;
}
2. Save the file and close the editor.
3. Switch back to the virtual terminal and enter
chmod 600 /etc/dhcpd.conf
to prevent it from being readable by all users.
4. Close the terminal window.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-47
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
(End of Exercise)
2-48 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
dhcping
You can use the dhcping utility to check if the DHCP server
responds.
If the server does not respond, the message looks like the following:
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-49
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Subsequently, the log file of the server will contain the following
entries:
dhcpdump
The output shows the packets that were exchanged between the
DHCP server and the DHCP client in a legible form, thus
facilitating the analysis and troubleshooting.
2-50 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-51
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Summary
Objective Summary
2-52 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-53
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
2-54 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-55
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
2-56 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use DHCP to Manage Networks
Objective Summary
5. Use DHCP and Dynamic DNS The name server first saves
(continued) dynamic entries in files with the
extension .jnl.
At regular intervals, the changes
are transferred from the .jnl file to
the zone file by overwriting the old
zone file.
New entries should not be added
to the zone file with an editor; use
the nsupdate utility.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 2-57
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
2-58 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Objectives
1. Understand How CUPS Works
2. Install and Configure a Print Server
3. Configure a CUPS Client
4. Manage Printer Queues
5. Use the Web Interface to Manage a CUPS Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
3-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
da2:~ # ls /usr/lib/cups/backend/
. canon http lpd parallel scsi smb usb
.. epson ipp novell pipe serial socket
5. Once the print job has been transferred to the printer, the print
spooler deletes the job from the queue and starts processing the
next job.
When the job is deleted, the print data file in /var/spool/cups/ is
removed.
The file that has information about the print job is not detected.
The filename for the first print job is labeled c00001.
The number in each of the following print jobs is increased by
one.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 3-1
Print Queues
Rather than sending print jobs directly to the printer, they are sent to
a print queue associated with the device.
On a print server, each print queue is registered with its name in the
file
/etc/cups/printers.conf
Among other things, this file defines through which queues the
printer is addressed, how it is connected, and to which interface it is
connected.
3-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Each existing queue has its own configuration file, which is stored
on the print server in the directory
/etc/cups/ppd/
/etc/printcap
Classes
Jobs sent to a class are forwarded to the first available printer in the
class.
Log Files
/var/log/cups/
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
3-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The error_log file lists messages from the scheduler (such as errors
and warnings):
The following explains the parts of the line are (from left to right):
■ The level field contains the type of message:
❑ E. An error occurred.
❑ W. The server was unable to perform an action.
❑ I. Informational message.
❑ D. Debugging message.
■ The date-time field contains the date and time the page started
printing.
The format of this field is identical to the data-time field in the
access_log file.
■ The message field contains a free-form textual message.
3-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
These files are installed automatically ifs YaST is used for printer
configuration.
3-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
x To enable the access via the web frontend in SUSE LINUX Enterprise
Server, a user (usually root) must be designated as CUPS administrator
and be a member of the CUPS administration group sys.
This can be done with the command lppasswd -g sys -a root that sets
the password for the access.
This command sets the initial password for the user root.
By default no password is set, so no administrative access via the web
interface is possible,
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x You can configure a printer using YaST for both CUPS and LPRng.
However, both printing systems cannot be installed on the same host, because
package cups-client conflicts with package lprng.
These two cannot be installed at the same time.
One reason for this is that these packages contain some files with identical
names, which are nevertheless not identical at all, for example, /usr/bin/lpr.
3-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
When the YaST printer module is started, YaST will search for the
connected printer, try to autodetect the printer, then display the
result.
Figure 3-2
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You can modify these settings by selecting the individual items and
selecting Edit:
Figure 3-3
Queue settings such as resolution, paper size, and print quality can
be set under Printing Filter Settings.
3-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Under State and Banners Settings, you can set the status of the
queue (print or not, accept print jobs or not) and define banners for
the first and last page.
x If the printer is not detected by YaST in the first configuration step, the
configuration can be performed manually by selecting Other (not detected)
in the Printer Configuration dialog and selecting Configure.
Figure 3-4
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
<Printer color>
Info EPSON Stylus COLOR 670
Location USB printer at /dev/usb/lp0
DeviceURI usb:/dev/usb/lp0
State Idle
Accepting Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
AllowUser kbailey
</Printer>
<DefaultPrinter lp>
Info EPSON Stylus COLOR 670
Location USB printer at /dev/usb/lp0
DeviceURI usb:/dev/usb/lp0
State Idle
Accepting Yes
JobSheets secret none
QuotaPeriod 0
PageLimit 0
KLimit 0
AllowUser kbailey
AllowUser jgoldman
</Printer>
...
3-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
This file stores other settings that affect the printout through the
given queue, such as paper size and resolution.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
To install a print server that forwards print jobs to the print server of
your trainer, do the following:
1. Start YaST by selecting System > YaST from the KDE menu.
2. If you are prompted for root’s password, enter novell.
3. Select Hardware > Printer.
4. Select Configure.
5. Select Print Directly to a Network Printer; then select Next.
6. Select Remote IPP Queue; then select Next.
7. Under Host Name of the Print Server, enter 10.0.0.254.
8. To get the name of the queue, select Lookup.
9. To test the CUPS access, select Test Remote IPP Access.
10. Select OK.
19. Select Test Graphical Printing with Photo; then select OK.
3-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
14. Select Test Graphical Printing with Photo; then select OK.
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Browsing
Figure 3-5
3-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Figure 3-6
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 3-7
Browsing On
BrowseAddress 10.0.0.255
BrowseAddress 10.0.1.255
3-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Browsing On
BrowseAddress @LOCAL
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Do the following:
1. Select Hardware > Printer in YaST.
2. Select Change.
3. Select Advanced.
4. Select CUPS Full Server Installation; then select Accept.
5. From the Edit Configuration dialog, select CUPS Server
Settings.
6. To enable browsing, select the On option of Browing.
7. Select Add.
8. Enter @LOCAL; then select OK.
9. Select Next.
10. Select Accept.
3-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Do the following:
1. Wait for the other students in your class.
2. Select Hardware > Printer in YaST.
3. Select Configure.
4. Select Print via CUPS Network Server; then select Next.
5. Select Cups Client-Only, select Next.
6. In the warning dialog, select Yes.
7. From the Lookup menu, select Scan for IPP Servers.
Your CUPS server should be detected automatically.
8. Select Abort.
9. Select Yes.
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Access Restrictions
3-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
You can define the order in which access directives are applied
(whether to apply the allow rules first then the deny rules or vice
versa) and the default directive in the next dialog.
Figure 3-8
/etc/cups/cupsd.conf
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Here is an example:
<Location />
Order Deny,Allow
Allow From 127.0.0.1
</Location>
...
<Location /admin>
...
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
...
<Location /printers>
Deny From All
Allow From 10.0.0.0/
Allow From 10.0.1.2
Order Allow,Deny
</Location>
<Location /classes>
Deny From All
Allow From 10.0.0.2
Allow From 10.0.0.4
Allow From 10.0.1.3
Order Allow,Deny
3-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Access directives for all printers and queues are stored in the file
/etc/cups/printers.conf.
The section that contains the directives might look like this one:
<Location /printers/lp>
Deny From All
Allow From 10.0.0.0/24
Order Allow,Deny
</Location>
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
3-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
15. To create a print job, enter lpr .bashrc on the client. The file
should be printed.
16. If possible, try to create a printjob from another client. The access
should be denied. To verify, enter tail /var/log/cups/access_log
on the CUPS server.
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You can restrict access to the printers on a user and group basis.
You can configure this by using YaST (Edit Configuration dialog >
Restrictions Settings) or by using the command lpadmin:
■ To permit printing for individual users, enter
lpadmin -p queue -u allow:user1, user2
or for a group, enter
lpadmin -p queue -u allow:@users
■ To prohibit printing for users or groups, enter
lpadmin -p queue -u deny:bgrow,@guests
■ To permit printing for all, enter
lpadmin -p queue -u allow:all
User Authentication
<Location /admin>
AuthType BasicDigest
AuthClass Group
AuthGroupName sys
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
3-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
This file does not exist by default and is created when the first user
is generated.
To use the normal Linux user data for the authentication, change the
entry AuthType from BasicDigest to Basic.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Do the following:
1. Start a virtual terminal by selecting the Konsole icon in the KDE
panel.
2. Switch to user root by entering su -.
3. If you are prompt for the root password, enter novell.
4. To generate the user root, enter
lppasswd -a root -g sys
5. Enter n0vell (with the number zero) as the password.
6. Confirm your password by entering n0vell (with the number
zero) a second time.
7. Start a web browser on your workstation.
8. Enter http://localhost:631/ as URL in your browser window.
9. Select Do Administration Tasks.
10. Enter root as the user name and n0vell (with the number zero) as
the password in the authentication dialog.
(End of Exercise)
3-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Figure 3-9
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-35
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 3-10
3. Select Accept.
3-36 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Figure 3-11
5. Select Finish.
# /etc/cups/client.conf
#
ServerName 10.0.0.2
This type of setup is a good choice only if you have just one print
server for the entire network.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-37
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 3-12
3-38 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
The print client is ready to use the local printer daemon cupsd, that
in turn will rely on the broadcast function to gather information
about the printers and queues available on the network’s servers.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-39
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
3-40 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Example:
or:
or:
This submits the file order.ps to the lp queue and also disables
duplex printing for the corresponding device (duplex=none).
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-41
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Example:
or:
This submits the file /etc/motd to the lp queue located on the print
server da101.digitalairlines.com.
b For more information about these command line tools, enter man lpr and
man lp,
The lpq command displays active print jobs of the default queue in
the following way:
lpq
3-42 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
lpq -P queue
lpq -l -P queue
lpq -a
b For more information about these commands, enter man lpq and man lpstat.
b For more information about these commands, enter man lpq and man lpstat.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-43
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Configure a Queue
/etc/cups/ppd/
lpoptions -p queue -l
da2:/ # lpoptions -l
REt/REt Setting: Dark Light *Medium Off
TonerDensity/Toner Density: 1 2 *3 4 5
Duplex/Double-Sided Printing: DuplexNoTumble DuplexTumble None *Notcapable
InputSlot/Media Source: *Default Tray1 Tray2 Tray3 Manual Auto
Copies/Number of Copies: *1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
20 21
22 2324 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
47 48
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73
74 75
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100
PageSize/Page Size: *A4 Letter 11x17 A3 A5 B5 Env10 EnvC5 EnvDL EnvISOB5
EnvMona
rch Executive Legal
PageRegion/PageRegion: A4 Letter 11x17 A3 A5 B5 Env10 EnvC5 EnvDL EnvISOB5
EnvMo
narchExecutive Legal
Resolution/Resolution: *default 150x150dpi 300x300dpi 600x600dpi
1200x1200dpi
Economode/Toner Saving: *Off On
LowToner/Behavior when Toner Low: *Continue Stop
PreFilter/GhostScript pre-filtering: EmbedFonts Level1 Level2 *No
MemBoost/Memory Booster Technology: *Auto Off On
3-44 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-45
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
There is a way for root to change the defaults in the PPD file of any
local queue.
For example, to set the default page size for the lp queue, enter
3-46 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
■ Delete classes.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-47
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
http://IP_Address:631
Figure 3-13
lppasswd -a root
3-48 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
x The password has to be at least six characters long and must contain at least
one letter and one number.
Do Administration Tasks
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-49
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 3-14
In most cases, you are supported by a wizard and you only have to
enter few information.
If there is at least one class configured, you can also select Manage
Classes from this module.
Figure 3-15
3-50 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
The configuration dialog is the same as the dialog you get when you
select Add Class or Manage Classes in the Administration module.
On-Line Help
Figure 3-16
Manage Jobs
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-51
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If there is one (or more) job in the queue, you can also
■ Hold the job.
■ Cancel the job.
Figure 3-17
The configuration dialog is the same as the dialog you get when you
select Manage Jobs in the Administration interface.
Manage Printers
3-52 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Figure 3-18
The configuration dialog is the same as the dialog you get when you
select Add Printer or Manage Printers in the Administration
module.
This section is only a link to the web page of the CUPS project:
http://www.cups.org
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-53
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
In this exercise you will add a second printer via the web frontend
of CUPS, even though a second printer is not available at your
workstation.
Do the following:
1. Start a web browser on your workstation.
2. Enter http://localhost:631/ as URL in your browser window.
3. Select Manage Printers.
4. To add a (nonexistent) printer, select Add Printer.
5. In the authentication dialog, enter root as the user name and
n0vell (with the number zero) as the password.
6. Select OK.
7. Under Name, enter Fictive.
8. Under Location, enter Nowhere.
9. Under Description, enter This printer does not exist.
10. Select Continue.
11. Select USB Printer #1 from the Device pull-down menu; then
select Continue.
12. Select HP from the Make pull-down menu; then select
Continue.
13. Select HP Color LaserJet 8550GN Foomatic/Postscript
(recommended) (en) from the Model list; then select Continue.
14. You should get the message
(End of Exercise)
3-54 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Summary
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-55
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
3-56 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-57
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
3-58 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Set Up a Print Server
Objective Summary
5. Use the Web Interface to You can enter the CUPS web
Manage a CUPS Server frontend at
http://localhost:631
or
http://IP_Address:631
In SLES 9, to enable the access
via the web frontend, a user
(usually root) must be designated
as the CUPS administrator and be
a member of the CUPS
administration group sys.
This can be done by entering
lppasswd -a root -g sys
This command sets the password
for the access.
The configuration is done mostly
through by wizards.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3-59
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
3-60 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Objectives
1. Retrospection of a Basic Samba Configuration
2. Configure Virtual File Servers
3. Configure User Authentication
4. Manage Users
5. Configure Samba as Printer Server
6. Use Samba in a Windows NT Domain
7. Use Samba as a Domain Controller
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The options in the this file are grouped into different sections. Each
section starts with a keyword in square brackets.
The section for the general server configuration starts with the
keyword [global]. The following is an example of a basic global
section.:
[global]
workgroup = digitalairlines
netbios name = fileserver
security = share
4-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
After the global section, you need to add a section for the share of
your file server. The following example is the simplest way to set up
for a share:
[data]
comment = Data
path = /srv/data
read only = yes
guest ok = yes
4-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
x There many more configuration options available than those discussed in this
section. For an overview of all options, see the man page of smb.conf.
After you have created a smb.conf file, you should restart the two
Samba server daemons:
■ nmbd. This daemon handles all NetBIOS-related tasks.
■ smbd. This daemon provides file and print services for clients
in the network.
With the smbclient tool, you can access SMB shares on the
network. It's also a very useful tool to test a Samba server
configuration.
smbclient -L //Fileserver
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
This command can also very be valuable for testing purposes. After
you have set up a share, you can check the availability of the share
with smbclient.
4-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
In the example, smbclient connects to the server with the user name
tux and prompt for the corresponding password.
smbclient //Fileserver/data
Smb: \>
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You can use smbclient to print on shared network printers. The basic
syntax of a print command is shown in the following:
You can also use the command print on the smbclient command line
after you have connected to the server. The -c option performs the
given command automatically after the connection to the server has
been established.
4-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Use the option netbios name to specify the name used by the
Samba server to login to the Windows network.
You can enter further NetBIOS names, using the parameter netbios
aliases. The names of the aliases are separated by blanks.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
4-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
■ Other macros:
[global]
netbios name = da2
netbios aliases = virt1 virt2 virt3
include = /etc/samba/smb.conf.%L
security = share
guest ok = yes
encrypt passwords = yes
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
workgroup = berlin
The options that are outsourced in the configuration files for the
virtual servers depend of the situation. Of course, it is possible to
define shares there.
4-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
mv /etc/samba/smb.conf /etc/samba/smb.orig
14. Start your favorite text editor and create a new file
/etc/samba/smb.conf.
15. In the first line, enter [global].
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
18. To include the special configuration files for the virtual servers,
enter
include = /etc/samba/smb.conf.%L
19. Add the following lines:
security = share
guest ok = yes
encrypt passwords = yes
20. Save the file.
smbclient -L localhost
27. When prompted for a password, press Enter.
(End of Exercise)
4-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
All users that should have access to a share need a login for the
Linux server.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
UNIX Passwords
Figure 4-1
After transferring the user account from the client to the server, the
server prompts you for the password.
4-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
That means that any two passwords will have two different
hashes.
Windows Passwords
Figure 4-2
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
4-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
security = user
All user who are allowed to connect to a share can be specified with
the option:
Users that already have a Linux login can be added to the file
/etc/samba/smbpasswd by using the command
smbpasswd -a login
smbpasswd -d login
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
smbpasswd -e login
4-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
smbpasswd
kbailey@da2:~> smbpasswd
Old SMB password:
New SMB password:
Retype new SMB password:
Password changed for user kbailey
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
4-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
smbpasswd -d kbailey
16. Try to connect to the temp share by entering
smbpasswd -e kbailey
19. Try to connect to the temp share by entering
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
23. Start a second shell by selecting the Konsole icon in the KDE
task bar.
24. To change your Samba password, enter smbpasswd.
(End of Exercise)
4-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Because both printing systems are quite different, there are two
possibilities to preprocess the information for the printer:
■ Preprocess on the Samba Server
■ Preprocess on the Windows Client
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If you want to provide only one printer for Windows, you can
simply create a share.
[laserjet]
printable = yes
printer = lp_raw
path = /var/tmp
The option printable = yes tells Samba that this share is a printer
share and not a shared directory.
Use the option printer to specify which Linux printer queue should
be used via this share. If you want to preprocess on the client, enter
the RAW queue here.
4-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Here, the print jobs are stored till they can be printed.
Figure 4-3
x If you have problems to configure the printer share, use the option
print command = cp %s /tmp/out.ps
The information that arrives at the Samba server will be written to the file
/tmp/out.ps.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Add the following lines in the [global] section if you use the CUPS
printing system:
printing = CUPS
printcap name = CUPS
Using the option printing, you can specify the printing system.
[printers]
printable = yes
path = /var/tmp
4-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
If the print preprocessing is done by the clients, you must install the
printer driver on each client manually.
[laserjet]
printable = yes
print command = lpr -Plp -I %s
[print$]
path=/var/lib/samba/drivers
write list = root
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 4-4
Some steps later, you can select your printer model. After the driver
installation, Samba create new directories for different Windows
versions in the at path in the [print$] section of the specified
directory.
da2: # ls /var/lib/samba/drivers/
. .. W32ALPHA W32MIPS W32PPC W32X86 WIN40
da2: # ls /var/lib/samba/drivers/W32X86/
. .. 2
da2: # ls /var/lib/samba/drivers/W32X86/2/
. .. HP2100_6.PPD PSCRIPT.DLL PSCRIPT.HLP PSCRPTUI.DLL
4-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Do the following:
1. Remove the file /etc/samba/smb.conf by entering
rm /etc/samba/smb.conf
2. Start your favorite text editor and create a new file
/etc/samba/smb.conf.
3. Enter the following lines:
[global]
netbios name = hostname
security = share
guest ok = yes
encrypt passwords = yes
4. To create a printer section, add the line [printers].
5. Add the following lines to configure the printer share:
printable = yes
printer = printer
path = /var/tmp
6. Save the file.
7. Restart the smb daemon by entering rcsmb restart.
8. To test your share configuration, enter
smbclient -L localhost
9. When asked for a password, just press Enter.
Your printer share should be listed.
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You also have to set the workgroup option to the name of your
domain.
If you want to specify more than one server, separate the names by
blanks.
password server = *
4-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
[global]
...
[netlogon]
path = /netlogon
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If the option domain logons is set to yes the Samba server will
serve the Windows 9x logons for its workgroup.
The Samba server will build a browse list for the whole domain.
The path /netlogon must exist and set readable for all users. This
directory can contain files that are labeled like the logged in users
(%U.bat).
4-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Configure /etc/samba/smb.conf
[global]
[netlogon]
path = /netlogon
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-35
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
smbpasswd -a -m workstation
Workstation accounts are created with a “$” at the end of the name.
There must be a user account on Linux with this name before you
enter the command.
4-36 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
For example:
If you use these lines, make sure that there is a group called
machines on Linux.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-37
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Summary
Objective Summary
4-38 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-39
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
4-40 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use Samba to Connect to Windows
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 4-41
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
4-42 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
The “IBM Public License Version 1.0 - Secure Mailer” is, to a large
degree, similar to the GNU GPL. It allows free distribution of the
source code and binary package of the program and allows
modifications to the program on condition that the license is always
included.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objectives
1. Understand the Function of the Three Mail Agents
2. Understand the Architecture of Postfix
3. Start, Stop, and Reinitialize Postfix
4. Know the Components of the Postfix Program Package
5. Configure the Postfix Master Daemon
6. Configure Global Settings
7. Configure General Scenarios
8. Configure the Lookup Tables
9. Use Postfix Tools
10. Receive Email over IMAP and POP3
5-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
If the address does not exist locally, the recipient MTA sends the
message back to the sending MTA.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The MTA specifies which local user the message is intended for and
passes it to an MDA, which stores it in the right location.
The MUA reads saved messages and passes new messages to the
MTA. It is the interface between the MDA and the user.
When the MUA goes through IMAP or POP, its functionality can be
separated into the mail client and a server it belongs to, located
between the client and the storage location.
5-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Figure 5-1
If the email is for a local user, the MTA hands it over to the MDA
which stores the mail in the mailbox of the respective user. From
there, the email can be retrieved by using POP or IMAP.
If IMAP is used, all emails are kept on the server and the MUA only
checks emails on this server. The emails are not transferred to the
client computer.
When sending email, the MTA can be configured to ask the MUA
for authentication of the user. This can be used to prohibit sending
spam emails via this MTA.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 5-2
5-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
For security reasons, Postfix works with four mail queues. For every
mail queue, there is a directory bearing the same name under
/var/spool/postfix/.
The following figure shows how an email can reach Postfix and how
it is processed.
Figure 5-3
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The pickup daemon checks it for content, size, and other factors
based on rules, then it passes the email to the cleanup daemon.
After this, the email is copied to the incoming queue and the queue
manager /usr/lib/postfix/qmgr is informed of the arrival of this
email.
5-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Then the email is copied to the incoming queue and the queue
manager /usr/lib/postfix/qmgr is informed of the arrival of this
email.
Figure 5-4
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The queue manager fetches an email from the incoming queue and
copies it to the active queue as soon as the active queue contains no
other emails.
The queue manager fetches an email from the incoming queue and
copies it to the active queue, as soon as the active queue is empty.
5-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
The SMTP service tries to find the mail exchanger specified for the
target host, then it delivers the email to the mail exchanger for the
recipient host.
The queue manager then copies this email at regular intervals from
the deferred queue back to the active queue and tries again to deliver
the email.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
rcpostfix start
rcpostfix stop
rcpostfix status
To do this, enter
rcpostfix reload
or
rcpostfix restart
5-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
#
=========================================================================
=
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#
=========================================================================
=
smtp inet n - n - - smtpd
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes -o
smtpd_etrn_restrict
ions=reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
#tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
#localhost:10025 inet n - n - - smtpd -o
content
_filter=
...
5-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
...
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m
${extension} ${u
ser}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop
$recipient
vscan unix - n n - 10 pipe
user=vscan argv=/usr/sbin/amavis ${sender} ${recipient}
procmail unix - n n - - pipe
flags=R user=nobody argv=/usr/bin/procmail -t -m /etc/procmailrc
${sender} ${r
ecipient}
If an entry in the file is too long for a specific service, this entry can
be continued in the following lines by adding an empty space at the
beginning of the following line; for example:
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
/etc/postfix/main.cf
Postfix is one the last services that needs SuSEconfig to run for
generation of the actual configuration files from files located in
/etc/sysconfig/.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
If you leave this entry empty, Postfix delivers all mails that
cannot be delivered locally to the mail exchanger.
Any entries in the file /etc/postfix/transport have precedence
over the relay host.
If this variable is assigned a value, the variable relayhost in the
file /etc/postfix/main.cf will be modified by running
/sbin/SuSEconfig --module postfix
■ POSTFIX_MASQUERADE_DOMAIN. If your own DNS
domain is configured with this variable (for example,
digitalairlines.com), all addresses in emails that contain a host
prefix are shortened by this host prefix.
For example, kbailey@da2.digitalairlines.com becomes
kbailey@digitalairlines.com.
If this variable is assigned a value, the variable
masquerade_domains in the file /etc/postfix/main.cf is modified
by running
/sbin/SuSEconfig --module postfix
Additionally, the variable masquerade_exceptions = root will be
set.
■ POSTFIX_LOCALDOMAINS. Contains a comma-separated
list of the domains for which Postfix should accept emails.
These values are written to the variable mydestination in the file
/etc/postfix/main.cf by running
/sbin/SuSEconfig --module postfix
If POSTFIX_LOCALDOMAINS is empty, the variable is set to
$myhostname, localhost.$mydomain by SUSEconfig.
■ POSTFIX_NULLCLIENT. A nullclient is a host that can only
send mail over the network, does not receive mail over the
network and does not deliver any mail locally.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
■ POSTFIX_SMTP_TLS_SERVER,
POSTFIX_SMTP_TLS_CLIENT. If these variables are set to
yes, Postfix can encrypt the communication with the other side
when sending and receiving mail, provided the following
variables are configured.
■ POSTFIX_SSL_*, POSTFIX_TLS_*. These variables control
various aspects of the certificate and key management needed
for the encryption.
Encrypted connections are not covered in this course; this
manual does not provide any details about the individual
variables.
■ POSTFIX_ADD_*: These variables can be used to set the
Postfix variables.
The variable must be converted to uppercase letters and
appended to POSTFIX_ADD_.
For example, to set the Postfix variable message_size_limit to
100000, enter
POSTFIX_ADD_MESSAGE_SIZE_LIMIT=100000
in /etc/sysconfig/postfix.
Subsequently, the command
/sbin/SuSEconfig --module postfix
will generate the respective entry message_size_limit=100000
in /etc/postfix/main.cf.
All available Postfix variables can be listed by using postconf.
Apart from this method, further settings can be made directly in the
file /etc/postfix/main.cf, which has very detailed comments.
Following a manual modification of the file /etc/postfix/main.cf,
modifying /etc/sysconfig/postfix and subsequently running of
/sbin/SuSEconfig will not affect the file /etc/postfix/main.cf.
5-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
/etc/postfix/main.cf
x In case there are multiple lines containing settings for variables, the settings
of the last definition will be used. This allows putting all your configuration
lines at the end of the configuration file.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
This value serves later as the default value for other parameters.
■ mydomain. The domain name of the computer.
This value serves later as the default value for other parameters.
■ myorigin. The domain that appears as the sender for emails
sent locally.
The default value is the FQDN.
■ mydestination. Describes a list of domains for which the
computer should accept emails.
■ masquerade_domains. For sender addresses of the specified
domain(s), the host part is removed.
For example, kbailey@da2.digitalairlines.com becomes
kbailey@digitalairlines.com.
■ relayhost. All emails that cannot be processed locally are sent
to the computer specified here.
■ inet_interfaces. Specifies the network addresses on which
Postfix waits for incoming mail.
The default value is 127.0.0.1.
To enable Postfix to receive mail from other hosts, enter the IP
numbers of the network cards or all.
■ mynetworks. Lists IP ranges belonging to your network.
Postfix can be configured to forward mail from hosts in these
networks.
■ smtpd_recipient_restrictions, smtpd_helo_restrictions,
smtpd_client_restrictions, smtpd_sender_restrictions.
Control who is allowed to forward email over the mail server.
5-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
The variables that are relevant for most deployment scenarios are in
the file
/etc/postfix/main.cf
Variables that are not defined here are assigned default values or
remain empty.
To list all variables used by Postfix and their respective values, enter
postconf
The directory
/usr/share/doc/packages/postfix/samples/
contains files that are sorted by the deployment purpose and contain
other variables with detailed comments.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If all mail traffic is running from a mail server at the ISP, a small
network merely needs a mail server that accepts the mail from the
clients and passes it to the ISP’s mail server.
Because the local mail server does not serve as the mail server for
the company domain from the Internet, the configuration is rather
simple.
5-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
The following entries merely ensure that Postfix only accepts mail
from the clients in the local network:
kbailey@da2.digitalairlines.com
kbailey@digitalairlines.com
On the other hand, the host is important for messages sent to root.
masquerade_exceptions = root
masquerade_domains = digitalairlines.com
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The relayhost entry also ensures that Postfix does not attempt to
establish a direct contact to respective mail servers of the recipients.
relayhost = da2.digitailairlines.com
5-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
rcpostfix start
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
(End of Exercise)
5-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
If the mail server is set up not only for sending email messages of
the users in the local network but also for receiving mail from the
Internet addressed to the domain, configuring it is a bit more
difficult.
inet_interfaces = all
mynetworks = 10.0.0.0/24, 127.0.0.0/8
myhostname = da2.digitalairlines.com
mydomain = digitalairlines.com
mydestination = $myhostname, localhost.$mydomain, $mydomain
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-35
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If Postfix is not only responsible for the mail of your domain but
also for the mail of other domains (as is normally the case with web
hosters), the domains are not entered under mydestination but in the
lookup table virtual, which is covered in following section.
maps_rbl_domains = rbl-domains.digitalairlines.com
smtpd_sender_restrictions = reject_maps_rbl
5-36 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
The following entry ensures that email from the range specified in
$mynetworks as well as email for which Postfix is responsible due
to the specifications in $mydomain is accepted—all other mail is
rejected due to reject_unauth_destination:
smtpd_recipient_restrictions = permit_mynetworks,
reject_unauth_destination
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-37
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
(End of Exercise)
5-38 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
/etc/postfix/main.cf
then defined as
/etc/postfix/lookup-table
postmap hash:/etc/postfix/sender_canonical
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-39
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
smtpd_sender_restrictions = hash:/etc/postfix/access
5-40 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-41
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Examples:
postmaster@digitalairlines.com OK
spam@hahaha.net 550 We're fighting against spam!
194.95.93.10 REJECT
b See the man pages (man 5 access) for other possible actions.
canonical_maps = hash:/etc/postfix/canonical
5-42 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
Examples:
training@digitalairlines.com kbailey@digitalairlines.com
@slc.digitalairlines.com slc@digitalairlines.com
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-43
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
5-44 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Examples:
kbailey@digitalairlines.com training@digitalairlines.com
@slc.digitalairlines.com slc@digitalairlines.com
The cleanup daemon reads this table when an email arrives before
the generic lookup table /etc/postfix/canonical is read.
sender_canonical_maps = hash:/etc/postfix/sender_canonical
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-45
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
Examples:
training@digitalairlines.com kbailey@digitalairlines.com
@slc.digitalairlines.com slc@digitalairlines.com
5-46 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
relocated_maps = hash:/etc/postfix/relocated
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
Each line consists of a key field in the first column, which refers to
the email address of the former recipient or defines this by means of
a regular expression and contact information in the second column,
which may contain a new email address of the recipient or other
contact information.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-47
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Examples:
kbailey@digitalairlines.com kbailey@novell.com
jgoldman@digitalairlines.com Please call 1-800-PIRATES
The notifications of the mail server are send by email to the sender:
5-48 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
transport_maps = hash:/etc/postfix/transport
Each line defines a rule that is evaluated via the qmgr or the
trivial-rewrite daemon before an email is sent.
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-49
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Examples:
digitalairlines.com smtp:da2.digitalairlines.com:10025
suse.com uucp:da150
You can use the /etc/postfix/virtual lookup table to set up email for a
number of domains with separate user names.
5-50 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
virtual_maps = hash:/etc/postfix/virtual
Each line defines a rule that is evaluated via smtpd when an email
arrives.
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-51
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Example:
alias_maps = hash:/etc/aliases
The rules are processed from top to bottom and the matching of
rules ends when the first match occurs.
5-52 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
or
da2:~ # newaliases
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-53
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-54 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
14. To change the sender address of user jgoldman, enter (on one
line)
jgoldman@daxx.digitalairlines.com webmaster@digitalai
rlines.com
15. Save the file and close the editor.
rcpostfix start
18. Log in as user jgoldman by entering
su - jgoldman
19. To write a mail to user root, enter
mail root@localhost
20. Enter a subject and then some text; finish the mail:
a. Press Enter.
b. Type . (dot).
c. Press Enter.
21. To get root permissions, enter exit.
23. Enter the number corresponding to the mail you wrote before.
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-55
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-56 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
b For more information about these tools, see the man page man 1
Postfix-Tool.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-57
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Using IMAP, all emails are kept on the server. To read your email,
you always have to establish a connection to the server. Using
POP3, all email is transferred to the client. Email can be removed or
kept on the server after transferring them.
Cyrus IMAPd provides access to emails via IMAP and POP3. The
mailboxes of the users are stored in a database which uses a special
format.
All users which receive emails via this service need to exist on the
computer. These users do not need to have full access to the system,
it is sufficient to have a username and a password.
5-58 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Cyrus does not support relational databases like MySQL. But Cyrus
supports Quotas and ACLs.
cyrus-imapd
This calls the program deliver. This program submits all email to
the recipients on the system. It replaces the program local of
Postfix.
You only need to assign Cyrus the responsibility for a mail domain.
You can do this, for example, in the file /etc/postfix/transport by
appending the line
digitalairlines.com cyrus:
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-59
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
postmap hash:/etc/postfix/transport
Now, Postfix will give all mail for the domain digitalairlines.com to
the program deliver of the Cyrus package.
5-60 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
/etc/imapd.conf
option: value
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-61
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
After Cyrus server installation, the file looks like the following:
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
lmtp_overquota_perm_failure: no
#
# if you want TLS, you have to generate certificates and keys
#
#tls_cert_file: /usr/ssl/certs/cert.pem
#tls_key_file: /usr/ssl/certs/skey.pem
#tls_ca_file: /usr/ssl/CA/CAcert.pem
#tls_ca_path: /usr/ssl/CA
5-62 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
If the option is set to 1 or more, this value (in KB) is the default
quota. The default value is 10000, allowing for 10 MB of email
data to be stored in the mailbox of each user.
■ quotawarn. Percentage of used quota space. When this
percentage is reached, the server will warn the user that his
space is running out.
■ timeout. Inactivity time in minutes when the server will
disconnect the client.
■ sasl_pwcheckmethod. SASL (Simple Authentication and
Security) allows authentication for connection-oriented
protocols. This is more secure than using UNIX passwords. We
recommend that you use saslauthd.
rcsaslauthd start
rccyrus start
insserv saslauthd
insserv cyrus
After starting the IMAPd you can test the server by using telnet.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-63
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
To define mail boxes for users on the mail server, these users have
to be created on the system. As the mail boxes for these users are
stored in the directory /var/lib/imap/, it is not necessary to provide
the users with a home directory.
x For security reasons, the users should not be allowed to login into the mail
server. Therefore, no home directory should be created and the login shell
should be set to /usr/bin/passwd. When users log into the mail server, they
can only modify their passwords but cannot perform any other tasks on the
system.
passwd username
5-64 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
This user accout does not have a system password yet, so, you have
to set it:
rcsaslauthd start
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-65
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You are prompted to enter the cyrus password. After this, the
prompt changes to
localhost>
5-66 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
In the first line, a new mailbox for the user kbailey is created.
x The names of the mailboxes have to start with “user.” in order to have the
correct permissions set.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-67
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x All incoming email is stored in the mail boxes located in the directory
/var/spool/imap/user/. Additional information (e.g. about read email) is
stored in subdirectories of /var/lib/imap/user/.
d Mark as delete
none None
read lrs
post lrps
append lrsip
write lrswipcd
all lrswipcda
5-68 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Each user can administrate their own mailboxes using the cyradm
command:
x All the settings and definitions are effective for receiving emails via IMAP
and POP3. The only difference is the setup of your MUA.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-69
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
rccyrus start
13. To test your Cyrus installation, enter
. logout
to terminate the connection.
15. To set a password for user cyrus, enter
passwd cyrus
5-70 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
rcsaslauthd start
18. To start the administration of the cyrus daemon, enter
createmailbox user.kbailey
21. To exit the cyradm tool, enter exit.
22. Configure your favorite mail client to connect with your IMAP
server (IMAP server: localhost, login: kbailey, password:
novell).
You should see your mailbox.
23. To create a Linux account for the user sales, enter in a terminal
window as root
useradd -s /usr/bin/passwd sales
24. To start the administration of the cyrus daemon, enter
createmailbox user.sales
27. To see the ACLs for the new mailbox, enter
listaclmailbox user.sales
28. To give the user kbailey read permissions to the sales mailbox,
enter
setaclmailbox user.sales kbailey read
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-71
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
29. To see the ACLs for the sales mailbox again, enter
listaclmailbox user.sales
30. To exit the cyradm tool, enter exit.
31. Switch to the Kmail window; you should see the mailbox sales
now (if it is not visible right away, close Kmail and start it again).
(End of Exercise)
5-72 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Configure QPopper
POP3 was developed because not every host that wanted both to
send and receive mails had enough resources (RAM, disk space and
CPU) to support a full mail server so it could to directly receive its
own mails.
Many email providers do not provide their users with login access
to the email server but instead offer a POP3 server from which to
get mail.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-73
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Install QPopper
Configure QPopper
5-74 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
#
# qpopper - pop3 mail daemon
#
service pop3
{
# disable = yes
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/popper
server_args = -s
flags = IPv4
}
x The first line in the service environment (disable = yes) is commented out.
Alternatively you can set this parameter to no.
rcxinetd start
insserv xinetd
With this configuration, the POP3 server is ready for operation and
will process all requests from POP3 clients.
b For more information on QPopper see man page (man 8 popper) in the
/usr/share/doc/packages/qpopper/ directory.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-75
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x It is normally not a good idea for users to be able to log in to the computer
functioning as the POP3 server and to read their email there, but they must
be able to change their passwords there at all times.
To implement this, the login shell for the user in the file /etc/passwd is set to
/usr/bin/passwd:
kbailey:x:501:100:Kate Bailey:/home/kbailey:/usr/bin/passwd
5-76 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
13. Open the file /etc/xinetd.d/qpopper with a text editor and add a
hash-sign (“#”) at the beginning of the disable line.
14. Save the file and close your editor.
rcxinetd start
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-77
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
16. Configure your favorite mail client to access your POP3 server.
Pick up mail. You should receive any mail available for your
account.
(End of Exercise)
5-78 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
This means that each user can create his own configuration file in
his home directory.
/etc/fetchmailrc
b For more information about Fetchmail, see the man pages for the program.
Information is also available in the /usr/share/doc/packages/fetchmail/
directory.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-79
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Configure Fetchmail
If several mail servers are queried, the same details can be defined
once using the defaults instruction, and then they are omitted.
For example:
5-80 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
x Because the file ~/.fetchmailrc contains the password for access in plain text,
only the owner of the file should be granted read and write permissions
(chmod 600 .fetchmailrc).
If the permissions are too liberal, Fetchmail will terminate with a message
indicating this situation.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-81
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 5-5
5-82 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
-a, --all Fetches all (new and old) email from the
server.
-F, --flush Deletes old mails from the server before the
new ones are retrieved.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-83
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x If the line
set syslog
5-84 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-85
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Install Procmail
Configure Procmail
mailbox_command = /usr/bin/procmail
5-86 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
b For more information about all possible Procmail options, see man pages
man 1 procmail and man 1 procmailrc.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-87
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Example 1:
PATH=/bin:/usr/bin
MAILDIR=$HOME/Mail
LOGFILE=$MAILDIR/mail.log
:0
* ^From.*digitalairlines
$MAILDIR/Digitalairlines
:0
*
$MAILDIR/Inbox
5-88 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Example 2:
PATH=/bin:/usr/bin
MAILDIR=$HOME/Mail
LOGFILE=$MAILDIR/mail.log
:0
* ^From.*digitalairlines
* ^Subject.*mail
{
:0 c
$MAILDIR/Digitalairlines
:0
! jgoldman@digitalairlines.com
}
:0
*
$MAILDIR/Inbox
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-89
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
b For more information on the ~/.procmailrc configuration file, use the manual
page (man 5 procmailrc).
There is a good collection of useful configuration examples in the manual
page of procmailrcex (man 5 procmailex).
5-90 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-91
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
11. Enter the subject and some text; finish the mail by doing the
following:
a. Press Enter.
b. Type . (dot).
c. Press Enter.
12. Switch back to the user kbailey by entering exit.
13. Using cat Mail/Training you should see the mail you just wrote
as geeko.
14. As kbailey, send a mail to kbailey by entering mail kbailey.
15. Enter the subject and some text; finish the mail by doing the
following:
a. Press Enter.
b. Type . (dot).
c. Press Enter.
16. Using cat Mail/Inbox you should see the mail you just wrote as
kbailey.
(End of Exercise)
5-92 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
It also uses black lists and white lists of other organizations (e.g.,
http://razor.sf.net, http://pyzor.sf.net).
Install SpamAssassin
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-93
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Configure SpamAssassin
/etc/mail/spamassassin/local.cf
5-94 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-95
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
da2:~ # ls /usr/share/spamassassin/
10_misc.cf 20_porn.cf 30_text_fr.cf
20_anti_ratware.cf 20_ratware.cf 30_text_it.cf
20_body_tests.cf 20_uri_tests.cf 30_text_pl.cf
20_compensate.cf 23_bayes.cf 30_text_sk.cf
20_dnsbl_tests.cf 25_body_tests_es.cf 50_scores.cf
20_fake_helo_tests.cf 25_body_tests_pl.cf 60_whitelist.cf
20_head_tests.cf 25_head_tests_es.cf languages
20_html_tests.cf 25_head_tests_pl.cf triplets.txt
20_meta_tests.cf 30_text_de.cf user_prefs.template
20_phrases.cf 30_text_es.cf
Use SpamAssassin
5-96 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
#LOGFILE=/tmp/procmail.log
#VERBOSE=yes
SENDER=$1
SHIFT=1
:0 hbfw
| /usr/bin/spamc
:0
| /usr/sbin/sendmail -i -f "$SENDER" -- "$@"
The mail is piped in the first filter rule to the spamc. The flags of the
filter rule mean by detail:
❑ h. Feed the header to the pipe, file or mail destination
(default).
❑ b. Feed the body to the pipe, file or mail destination
(default).´
❑ f. Consider the pipe as a filter.
❑ w. Wait for the filter or program to finish and check its
exitcode (normally ignored); if the filter is unsuccessful,
then the text will not have been filtered.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-97
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
to
rcspamd start
Train SpamAssassin
b For more information on sa-learn, see in the man page man 1 sa-learn.
5-98 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Summary
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-99
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
5-100 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-101
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
5-102 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-103
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
5-104 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-105
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
5-106 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Objective Summary
8. Configure the Lookup Tables Use the virtual lookup table to set
(continued) up email for a number of domains
with separate user names.
Use the aliases lookup table to
define email aliases for delivering
email.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-107
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
5-108 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Objective Summary
10. Receive Email over IMAP and Cyrus IMAPd is designed for
POP3 servers without user accounts for
normal users.
■ /etc/cyrus.conf. The basic
configuration file of Cyrus
IMAPd.
■ /etc/imapd.conf. The
configuration file of IMAPd.
■ /var/lib/imap/mailboxes.db.
Includes important information
about the mail boxes.
■ /var/lib/imap/log/. Stores log
information.
■ /var/lib/imap/quota/. Defines
the quotas for each IMAP
account.
■ /var/lib/imap/shutdown. If this
file exists, the IMAP server
sends the first line of this file as
alert to the client.
■ /var/lib/imap/msg/motd. If this
file exists, the IMAP server
sends the first line to the client
after the connection is created.
As soon as QPopper is installed, it
is available for retrieving mail via
the POP3 protocol, if the
superdaemon inetd was
configured and started in the
system.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-109
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
10. Receive Email over IMAP and With Fetchmail, email can be
POP3 (continued) retrieved from a server.
It is configured in the file
~/.fetchmailrc
To start Fetchmail, enter
fetchmail
5-110 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Configure a Mail Server
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 5-111
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
5-112 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
In this section. you learn what OpenSLP is, how to configure it and
how to get information on services using OpenSLP.
http://openslp.org
Objectives
1. What OpenSLP Is
2. SLP Agents
3. Configure OpenSLP
4. SLP Frontends
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
However, these methods are static and do not guarantee that the host
or the service on that host is actually available.
You only need to know the description of the desired service. Based
on this description, SLP can return the URL of the desired service.
For example, a search for NTP will result in addresses for all active
NTP services on the network.
6-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Figure 6-1
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
To understand how these messages are sent and received, you need
to know the differences between
■ Unicast, Multicast, and Broadcast Protocols
User Agent
The SLP User Agent (UA) is software that looks for the location of
one or more hosts running specified services.
User Agents use two possible methods to identify the services they
require:
■ If Directory Agents are used on the network, the User Agent
will send unicast requests to the Directory Agents servicing the
specified services requested.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Service Agent
The SLP Service Agent (SA) is software that advertises the location
of one or more active services.
6-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Directory Agent
Messages
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
The Directory Agents can then share their service information using
unicast (routable) packages, and all service information is available
in all networks.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
/etc/init.d/slpd restart
or
rcslpd restart
/etc/init.d/slpd stop
or
rcslpd stop
/etc/init.d/slpd start
or
rcslpd start
/etc/init.d/slpd status
or
rcslpd status
6-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
x The OpenSLP daemon slpd must run as root initially in order to bind to the
well-known SLP port.
However, slpd will relinquish root privileges and suid() to the daemon user
(if it exists).
parameter=value
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Parameters in /etc/slp.conf
6-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
#########################################################################
#
# OpenSLP configuration file
#
# Format and contents conform to specification in IETF RFC 2614 so the
# comments use the language of the RFC. In OpenSLP, SLPD operates as an SA
# # and a DA. The SLP UA functionality is encapsulated by SLPLIB.#
#
#########################################################################
#------------------------------------------------------------------------
# Static Scope and Static DA Configuration
#------------------------------------------------------------------------
#------------------------------------------------------------------------
# DA Specific Configuration
#------------------------------------------------------------------------
# Enables slpd to function as a DA. Only a very few DAs should exist. It
# is suggested that the administrator read the OpenSLP users guide before
# enabling this setting. Default is false. Uncomment the line below to
# enable DA operation.
;net.slp.isDA = true
6-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
net.slp.serializedRegURL
net.slp.multicastTimeouts
net.slp.DADiscoveryTimeouts
net.slp.datagramTimeouts
b The major function calls and more information can be found on RFC 2614.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
#comment
;comment
service-url,language-tag,lifetime,service-type
scopes=scope-list
attrid=val1
attrid=val1,val2,val3
6-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
service:service-type://addrspec
abstract-type.naming-authority:concrete-type
6-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
b The official definition of service type strings can be found in RFC 2609,
"Service Templates and Service Schemes".
If you want to work with well-known (IANA) service types, read this RFC.
b RFC 2614 specifies a syntax for a registration file that is read by the
OpenSLP daemon.
#############################################################
# OpenSLP registration file
#
# register Samba and SWAT
#
#############################################################
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
####################################################################
#
# OpenSLP registration file
#
# register SSH daemon
#
####################################################################
# ssh can get used to copy files with konqueror using the fish:/ protocol
service:fish://$HOSTNAME:22,en,65535
tcp-port=22
description=KDE file transfer via SSH
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The file /etc/slp.reg can be used to register services with the Service
Agents that do not use the OpenSLP APIs.
6-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
...
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
slptool - - help
or
slptool
6-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Figure 6-2
x With this action, you send an SLP User Agent request for the service SSH to
the network.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 6-3
6. To get a list of all Samba file and print servers in the local
network, select smb in the left window.
6-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Figure 6-4
Using the YaST SLP Browser module, you can only view the hosts
providing the specified services.
Konqueror
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
The following appears (to see this kind of display, select View
> View Mode > Text View):
Figure 6-5
3. To list all servers in the local network that provide the SSH
service, select SSH Terminal.
6-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Figure 6-6
4. To get the service attributes, select one of these SSH servers, for
example, da1.digitalairlines.com.
The following is displayed:
Figure 6-7
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-35
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 6-8
6-36 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Figure 6-9
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-37
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
service:ntp
service:kde.sld.suse
service:smtp
service:ssh
service:fish
service:remotedesktop.kde:vnc
service:remotedesktop.java:http
service:ldap
service:smb
service:install.suse:nfs
service:install.suse:ftp
service:install.suse:http
service:smdr.novell
service:bindery.novell
service:ndap.novell
service:wbem:https
6-38 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
service:ssh://da1.digitalairlines.com:22,65535
service:ssh://da3.digitalairlines.com:22,65535
service:ssh://da4.digitalairlines.com:22,65535
service:ssh://da10.digitalairlines.com:22,65535
service:ssh://da11.digitalairlines.com:22,65535
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-39
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
This exercise will ensure you can configure SLP on your server with
a simple service independent of the network wide SLP design
considerations.
6-40 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-41
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 6-10
6-42 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Figure 6-11
7. Select Finish.
8. Close the YaST Control Center by selecting Close.
9. Open a terminal window and enter su - to get root permission.
10. When prompted, enter the root password novell.
rcxinetd status
You should get the following:
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-43
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-44 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-45
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
6-46 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
A terminal opens and displays the current date and time similar
to the following:
Trying 10.10.0.30...
Connected to da30.digitalairlines.com.
Escape character is '^]'.
12 MAY 2005 16:05:23 CEST
Connection closed by foreign host.
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-47
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Summary
Objective Summary
6-48 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use OpenSLP
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 6-49
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
6-50 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
x This type of configuration must follow the policies you established in your
network wide SNMP configuration.
Objectives
1. Use ntop to Monitor Network Traffic
2. Use Nagios to Monitor Hosts, Services, and Network
3. Use Ethereal and tcpdump to Troubleshoot Network Problems
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Configure ntop
7-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Use ntop
The -A parameter starts ntop, sets the admin password, and quits
ntop. -A will prompt the user for the password.
After starting ntop, the processes run with the UID of the user you
specify on the command line. On SLES 9, normally the user
wwwrun is used for running ntop.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
After entering ntop, you can access the ntop web interface by
entering the following URL in a web browser:
http://hostname:3000
Figure 7-1
7-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
If you open the man page of ntop (man 8 ntop), you can see that
there are a lot of options.
7-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Nagios are:
■ Monitoring of host-based activity (such as, use of disk space
and running processes).
■ Monitoring of network services (such as, SMTP, POP3, and
HTTP).
■ Notifying in case problems appear and disappear (using email
or paging).
■ Providing a plugin interface for user-developed monitoring
methods.
■ Providing access to the status via a webbrowser.
There are several packages for Nagios available. We will use the
following packages in this chapter:
■ nagios. The base pakage of Nagios.
■ nagios-plugins. Plugins needed for Nagios checks.
■ nagios-plugins-extra. More plugins for Nagios checks.
■ nagios-www. A web server for Nagios.
7-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
cfg_file=/etc/nagios/contacts.cfg
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
cfg_file=/etc/nagios/contactgroups.cfg
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
cfg_file=/etc/nagios/hosts.cfg
7-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
cfg_file=/etc/nagios/hostgroups.cfg
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
cfg_file=/etc/nagios/services.cfg
Again, we do not go into the details of this template. The last line
(register 0) indicates that this is not a real service but just a
template.
7-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
# Service definition
define service{
use generic-service
host_name da10
service_description SMTP
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
check_command check_smtp
}
# Service definition
define service{
use generic-service
host_name da10
service_description Check local disk usage
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24x7
notification_options c,r
check_command check_local_disk!80%!90%!/
}
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
check_local_disk!80%!90%!/
This means, a warning message will be created when the disk space
usage exceeds 80% and a critical message will be generated when
the disk space usage exceeds 90%. The filesystem to check is the
root filesystem /.
There are two configuration files which are used to define additional
resources. The file which defines the names of the time periods to
use is included with the statement:
cfg_file=/etc/nagios/timeperiods.cfg
The names of the time definitions are used in the services and the
hosts definitions.
resource_file=/etc/nagios/resource.cfg
The file is used for setting variables which are used in the other
configuration files. By default, only only directive is activated:
7-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Adding more users to the file is done using htpasswd2 without the
option -c.
7-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
use_authentication=1
authorized_for_ . An example is
#authorized_for_system_information=nagiosadmin,theboss,jdoe
Use Nagios
rcnagios start
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
http://da2.digitalairlines.com/nagios
7-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7. Select Accept.
8. When the installation finished, close YaST.
7-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
service_notification_period workhours
host_notification_period workhours
service_notification_options c,r
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email kbailey@digitalairlines.com
}
3. Save the file.
4. Rename the file /etc/nagios/contactgroups.cfg by entering (on
one line)
mv /etc/nagios/contactgroups.cfg
/etc/nagios/contactgroups.cfg.orig
5. Create a new file /etc/nagios/contactgroups.cfg with the
following contents:
# ’admins’ contact group definition
define contactgroup{
contactgroup_name admins
alias Administrators
members kbailey
}
6. Save the file.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
max_check_attempts 10
notification_interval 120
notification_period 24x7
notification_options d,u,r
}
5. Create the definition for your own host:
# ’your_host_name’ host definition
define host{
use generic-host
host_name your_host_name
alias SLES 9 #1
address your_IP_address
check_command check-host-alive
max_check_attempts 10
notification_interval 120
notification_period 24x7
notification_options d,u,r
}
6. Save the file.
7. Rename the file /etc/nagios/hostgroups.cfg by entering (on one
line)
mv /etc/nagios/hostgroups.cfg
/etc/nagios/hostgroups.cfg.orig
8. Create a new file /etc/nagios/hostgroups.cfg with the following
content:
# ’linux-boxes’ host group definition
define hostgroup{
hostgroup_name linux-boxes
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
}
(The file contains some more comments at the end of each line,
which are not shown here.)
4. Create the definition for checking the SMTP service on the host
da2:
# Service definition
define service{
use generic-service
host_name da2
service_description SMTP
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
check_command check_smtp
}
5. Create the definition for checking the FTP service on the host
da2:
# Service definition
define service{
use generic-service
host_name da2
service_description FTP
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-35
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
check_command check_ftp
}
6. Create the definition for checking the POP3 service on the host
da2:
# Service definition
define service{
use generic-service
host_name da2
service_description POP3
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
check_command check_pop
7-36 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
}
7. Create the definition for checking the disk usage on your host:
# Service definition
define service{
use generic-service
host_name your_host_name
service_description Check local disk usage
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 2
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24x7
notification_options c,r
check_command check_local_disk!20%!10%!/
}
8. Create the definition for the number of currently logged-in users
on your host:
# Service definition
define service{
use generic-service
host_name your_host_name
service_description Current number of users
is_volatile 0
check_period 24x7
max_check_attempts 3
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-37
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
normal_check_interval 2
retry_check_interval 1
contact_groups admins
notification_interval 120
notification_period 24x7
notification_options c,r
check_command check_local_users!20!50
}
9. Save the file.
AllowOverride AuthConfig
7-38 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Options None
order deny,allow
allow from all
</Directory>
3. Create the file /usr/share/nagios/.htaccess with the following
content:
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/apache2/nagios
require valid-user
4. Copy the file /usr/share/nagios/.htaccess to the directory
/usr/lib/nagios/cgi/ by entering
cp /usr/share/nagios/.htaccess /usr/lib/nagios/cgi
5. Create a user nagiosadmin for accessing the Nagios web server
by entering
htpasswd2 -c /etc/apache2/nagios nagiosadmin
Use a password of novell for this user.
6. Edit the file /etc/nagios/cgi.cfg.
7. Allow access for the user nagiosadmin to all the CGI scripts by
removing the comment character (#) from the first line of all
configuration directives starting with "authorized_for_". (There
are seven directives containing this string.)
8. In case a directive contains more users than the user
nagiosadmin, remove these additional users.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-39
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
(End of Exercise)
7-40 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Use Ethereal
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-41
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-42 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Below the packet bytes frame, there is a line for configuring the
view filter.
Figure 7-2
Capture Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-43
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 7-3
From the Interface menu, you can select the interface (the traffic
you want to capture).
7-44 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
■ gateway host host. Allows you to filter packets that used the
host as a gateway (where the Ethernet source or destination was
host but neither the source nor destination IP address was host).
■ [src|dst] net net [mask <mask>|len len]. Allows you to filter
network numbers.
If you add src or dst, you can specify that you are only
interested in source or destination addresses.
In addition, you can specify either the netmask or the CIDR
(Classless InterDomain Routing) prefix for the network if it is
different from your own.
■ [tcp|udp] [src|dst] port port. Allows you to filter TCP and
UDP port numbers.
You can optionally proceed this parameter with the keywords
src or dst and tcp or udp which allow you to specify that you
are only interested in source or destination ports and TCP or
UDP packets respectively.
The keywords tcp or udp must appear before src or dst.
■ less|greater length. Allows you to filter packets whose length
was less than or equal to the specified length, or greater than or
equal to the specified length, respectively.
■ ip|ether proto protocol. Allows you to filter the specified
protocol at either the Ethernet layer or the IP layer.
■ ether|ip broadcast|multicast. Allows you to filter either
Ethernet or IP broadcasts or multicasts.
■ expr relop expr Allows you to create complex filter
expressions that select bytes or ranges of bytes in packets.
You can combine these commands with and, or, or not. You can
also use brackets.
If you want to write the captured information into a file, use the
options in the Capture Filess frame. You can split the captured
information into several files.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-45
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
By default, you have to stop the capture process with a mouse click.
In the Stop Capture frame, there are options to stop the capturing
after a number of packets: a level of used memory or after a certain
time.
During the capture process the following dialog shows how many
packets are captured.
Figure 7-4
If you want to see the captured packets in real time, use the options
of the Display Options frame.
The Name Resolution options (in the bottom right corner) are also
useful. You can specify, which names should be resolved.
7-46 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Filter Display
You can filter the displayed packets. You can enter a filter
expression in the text box next to the Filter button in the bottom
line.
The expressions for display filters are different from the capture
filter expressions.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-47
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 7-5
In the left frame (labeled Field name), you can see a list of options,
you can filter for. These fields are grouped for protocols or services.
In the middle frame, you can specify the relation. The relations
shown depend from the selected field.
If you select View > Coloring Rules, you can create a display filter
that colorizes the matches in a certain color.
7-48 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
x To see the traffic of a whole network session (e.g., a whole telnet session) it
is uncomfortable to select each package from the packet list. In this case
select a TCP packet of the session and choose Analyze > Follow TCP
Stream.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-49
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
ethereal &
7-50 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-51
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
16. Close Ethereal by selecting File > Quit from the Ethereal menu.
(End of Exercise)
7-52 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Use tcpdump
This software can read all or certain packets going over the ethernet.
tcpdump is often used, to save the network traffic in a file.
da2:~ # tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:52:50.488641 802.1d config 8000.00:80:2d:e2:9d:13.8013 root
8000.00:80:2d:e2:9d:13 pathcost 0 age 0 max 20 hello 2 fdelay 15
16:52:51.296790 (NOV-802.2) f4a33f8b.00:50:8b:d6:9b:8b.9001 >
00000000.ff:ff:ff:ff:ff:ff.9001: ipx-#9001 43
2 packets captured
2 packets received by filter
0 packets dropped by kernel
da2:~ #
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-53
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-54 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
(End of Exercise)
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-55
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Summary
Objective Summary
7-56 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Monitor Network Traffic
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 7-57
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
7-58 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
In this section, you learn how to install and configure the servlet
container Tomcat on a SUSE LINUX Enterprise Server 9 system.
Objectives
1. Describe Tomcat
2. Install and Configure Tomcat
3. Install Web Applications
4. Use the Tomcat Administration Tools
5. Use Port 80 to Access Tomcat
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Today more and more web sites provide customized content, which
is different for every viewer accessing the site. For example, content
can be a webmail service or a customized portal side.
These sites are generated on the fly when they are requested. The
logic that generates the web sites is written in a programming
language. Popular web programming languages are PHP, Perl, or
Python.
Programs that interact with the user by outputting HTML pages are
called web applications. The servers they are running on are called
web application server.
The following two terms are often used when speaking about web
applications written in Java:
■ Java servlets. These are the actual web applications that are
developed according to the Java servlet specifications.
They are platform independent and can be run on any platform
providing a Java environment.
■ JSP (Java Server Pages). This is an extension to the Java
servlet specification, which allows developers to separate
HTML and application code.
By using special JSP tags in a HTML document, a developer
can access functions in a Java servlet application.
8-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
http://jakarta.apache.org/tomcat/index.html
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
8-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
rctomcat start
rctomcat stop
rctomcat restart
There are two configuration variables you always have to deal with
when configuring Tomcat:
■ CATALINA_HOME. This variable points to the root directory
of all directories and files that belong to a Tomcat installation.
This is comparable to the ServerRoot directive of the Apache
web server.
All instances of Tomcat that run on the same system share one
CATALINA_HOME directory.
■ CATALINA_BASE. This variable is used to run multiple
instances of Tomcat on the same machine.
In this case, every instance has its own CATALINA _BASE
directory for configuration and log files.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
8-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
All directory paths not ending in “base” can be shared with other
instances of Tomcat running on the same system when running a
multiple instances setup.
server.xml
file located in
/usr/share/tomcat/conf/.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
<Service name="Catalina">
<Connector port="8080" />
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
8-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-9
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
<server ...> This is the top level element, also called the root
</server> element.
All other elements are nested in the server element.
The following are the most important attributes:
■ port. This sets the port on which the server is
listening for the shutdown command.
The server will only accept shutdown commands
that are sent from the same system Tomcat is
running on.
The default value is 8005.
■ shutdown. This argument sets the string that
needs to be sent to Tomcat in order to shut down
the server.
The default string is SHUTDOWN.
If you have other users who can log in to the system
running Tomcat, you might want to set this to a
different value in order prevent normal users to shut
down the server.
8-10 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-11
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
<engine> The engine receives and sends data from and to the
</engine> connectors.
It is responsible for the entire request processing
machinery associated with a particular service.
There is exactly one engine element nested in a
service element.
The attribute name is used to assign a name to the
engine which is used in log and error messages.
The attribute defaultHost determines the host that
will process a request in case that none of the
configured hosts match the requested one.
The value of defaultHost must match one of the
configured host elements.
8-12 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-13
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure 8-1
b This was just a quick overview of the most important configuration elements
and their attributes.
For full documentation of all elements and attributes, see
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/index.html.
8-14 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-15
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
8-16 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
<role rolename="manager"/>
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-17
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
x After you have made changes on the tomcat-user.xml file, you have to
restart Tomcat. Tomcat won’t reread the file automatically.
After you have defined the manager role and assigned the role to a
user, you can start the Manager by pointing your browser to
http://hostname:port/manager/html
8-18 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Figure 8-2
At the top of the page you can access different functions of the
Manager.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-19
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
When you are on the List Application page, you can see all
applications that are currently installed on the server in the second
table.
In the next table you can install new applications on the server. You
can either select an application directory or a .war file that is
already on the server, or select a .war file to upload it to the server.
In the last table you can see the version numbers of the used Tomcat
components.
For more information about the Manager, you can select one of the
Help Links in the top navigation table.
The second administration tool that comes with Tomcat can be used
to adjust settings of the server configuration. In the standard
configuration, the Admin Interface can be accessed with the
following URL:
http://hostname:port/admin
8-20 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Figure 8-3
On the left-hand side you can browse the server configuration and
after you have selected an item, you can change the corresponding
values on the right-hand side.
After you have made your changes, select Commit Changes at the
top of the Admin tool.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-21
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You can limit the access using the <valve> element in the context
configuration.
/usr/share/tomcat/conf/Catalina/localhost/manager.xml
/usr/share/tomcat/conf/Catalina/localhost/admin.xml
<Context path="/manager"
docBase="/usr/share/tomcat/server/webapps/manager"
debug="0" privileged="true">
<!-- Link to the user database we will get roles from -->
<ResourceLink name="users" global="UserDatabase"
type="org.apache.catalina.UserDatabase"/>
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1"/>
</Context>
8-22 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-23
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You can find more information about the pro and cons of the
Apache integration at
http://jakarta.apache.org/tomcat/faq/connectors.html#integrate,
■ Use the Squid cache to forward requests to Tomcat.
To use rinetd for port forwarding, you can use a configuration like
the following when rinetd is installed on the same system like
Tomcat.
x You have to stop the Apache daemon (httpd) if you want to use rinetd,
because it is not possible that both use port 80 together.
8-24 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-25
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
You will use the open source application vtsurvey as example. This
application allows you to build simple web surveys.
Do the following:
1. Open a terminal and su to the root user.
2. Create a temporary directory by entering
mkdir /tmp/survey
8-26 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
rctomcat start
11. Open the deployment descriptor
/usr/share/tomcat/webapps/survey/WEB-INF/web.xml
with a text editor.
12. Look for the following line
<param-value>localhost:8080</param-value>
13. Replace localhost with the hostname or the IP Address of your
system.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-27
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
rctomcat restart
16. Select Start > Internet > Web Browser to start the Konqueror
web browser.
17. Enter the following address in the address bar
http://Your_Hostname:8080/survey
18. The login screen of vtsurvey should appear on the screen.
19. If you want to try the application, the login is admin and the
password is adminpass.
8-28 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
7. Open a web browser and try to access the following two URLs:
http://Your_Hostname:8080/manager/html
http://Your_Hostname:8080/admin
Use the credentials username=kbailey and password=novell
in both cases to access the tools.
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-29
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
rcrinetd start
13. Try to access tomcat with the following address:
http://Your_Hostname/survey
(End of Exercise)
8-30 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Summary
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-31
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
8-32 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Deploy Tomcat
Objective Summary
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 8-33
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Objective Summary
8-34 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use YaST to Configure a Printer Manually
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. A-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure A-1
A-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use YaST to Configure a Printer Manually
Figure A-2
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. A-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure A-3
A-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use YaST to Configure a Printer Manually
Figure A-4
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. A-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure A-5
A-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Use YaST to Configure a Printer Manually
Figure A-6
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. A-7
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Figure A-7
A-8 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Index
A compressed 8-15
confidential 5-80
ACL 5-66, 5-68 configuration Intro-8, 1-6, 1-9–1-10, 1-21,
address 2-3–2-4, 2-17, 4-4, 7-17, 7-32–7-33 1-25–1-27, 1-29, 1-32–1-33, 1-38,
administration Intro-4, 1-2, 4-1, 5-74 1-44–1-45, 1-56, 1-58–1-59, 1-61,
agent 5-1, 5-3–5-4, 6-5–6-7 1-63, 1-66–1-67, 1-69, 2-1, 2-4–2-12,
2-14, 2-17, 2-21–2-23, 2-26, 2-31,
alias 7-14–7-15, 7-17, 7-19, 7-25–7-26, 2-33–2-34, 2-37–2-41, 2-46,
7-30–7-34, 7-38 2-54–2-55, 3-5, 3-8, 3-10–3-11, 3-13,
Apache 7-25, 8-3–8-5, 8-8, 8-12, 8-14, 3-15–3-19, 3-24, 3-26–3-28,
8-22–8-24, 8-31, 8-34 3-32–3-33, 3-35–3-36, 3-50–3-53,
3-55–3-57, 3-59, 4-2, 4-5, 4-9,
4-11–4-12, 4-14, 4-25, 4-28–4-29,
B 4-31, 4-35, 4-38, 4-41, 5-12–5-14,
5-16, 5-18, 5-21–5-22, 5-27,
background 5-81, 7-7 5-29–5-30, 5-35, 5-38, 5-56, 5-60,
bandwidth 6-6 5-73–5-75, 5-79, 5-81, 5-84,
5-87–5-90, 5-96, 5-102, 5-104–5-105,
binary 1-53, 5-1 5-108–5-109, 6-2, 6-9, 6-11–6-13,
bindery 6-38 6-15–6-16, 6-18, 6-40, 6-42,
6-50–7-2, 7-5–7-6, 7-11–7-13,
7-24–7-25, 7-27–7-28, 7-38–7-40,
C 7-56, 8-5–8-7, 8-9–8-10, 8-14, 8-17,
8-20–8-24, 8-26, 8-32, A-1–A-3, A-8
cache 2-35
configure Intro-2, Intro-6–Intro-7, 1-1, 1-6, 1-9,
canonical 1-12, 1-20, 1-55, 5-8–5-9, 5-39, 1-24–1-25, 1-29, 1-31, 1-38,
5-42–5-46, 5-54–5-55, 5-100, 5-106 1-44–1-45, 1-48–1-49, 1-51–1-52,
class 1-11–1-12, 1-53, 1-61, 2-16–2-17, 2-54, 1-56, 2-6, 2-10, 2-21, 2-27–2-28,
3-5, 3-9, 3-25, 3-46–3-47, 3-49–3-51, 2-32, 2-36–2-37, 2-45–2-48, 2-54,
8-15 3-5, 3-10–3-13, 3-15, 3-18–3-19,
client 2-18, 2-49, 2-51 3-21, 3-24–3-26, 3-32, 3-35, 3-38,
3-44, 3-49, 3-52, 3-55–3-56, 4-1, 4-4,
CLP Intro-3–Intro-5 4-9, 4-11, 4-13, 4-15, 4-25, 4-27, 4-31,
CNAME 1-20 4-34–4-35, 4-38, 5-1, 5-15,
commands 5-73, 7-12, 7-14, 7-31 5-21–5-22, 5-27, 5-30, 5-38–5-39,
5-58–5-59, 5-70–5-71, 5-73–5-74,
compatibility 1-53, 8-8 5-77–5-78, 5-80, 5-86, 5-91, 5-94,
component 5-6, 5-13, 5-18, 5-102, 8-4, 8-20
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Index-1
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Index-2 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Index
H M
HAM 5-98 MAIL 5-21, 5-104
hardware 2-14–2-17, 2-19–2-20, 2-42, 2-49, management Intro-8, 2-25, 5-26, 7-1, 7-6
2-51, 3-12, 3-18–3-19, 3-24–3-25, master 1-2–1-3, 1-7, 1-9–1-12, 1-14–1-15,
3-31, 3-35, 3-47, 3-56, A-2 1-17–1-18, 1-24–1-27, 1-30–1-35,
header 5-4, 5-8–5-9, 5-21, 5-42, 5-87–5-90, 1-42, 1-44–1-51, 1-54, 1-61,
5-93–5-94, 5-97, 5-100, 5-104, 5-111 1-64–1-65, 2-39, 2-46, 4-6, 4-9, 4-12,
hexadecimal 7-42, 7-57 4-33–4-36, 4-42, 5-15, 5-22, 5-50,
5-59, 5-98, 5-103–5-104
hostname 2-19, 2-42
memory 3-44, 6-20, 7-46
HTTP 3-3
monitor Intro-2, Intro-7, 5-15, 7-1–7-2, 7-7,
7-10, 7-12–7-13, 7-16, 7-56
I
installation A-2 N
Internet 8-28 name
Internet Printing Protocol 3-1 space 4-3
interval 3-43, 5-81, 5-84, 7-17–7-18, navigation 8-20
7-21–7-22, 7-33, 7-35–7-38
NFS 6-38
IP 7-9
node 6-9
address 2-3–2-4
IPP 1-60, 3-1, 3-3, 3-6, 3-9, 3-18, 3-25
O
K options 1-44, 1-58, 2-10, 7-14, 7-17, 7-21,
7-31, 7-33, 7-35–7-38, 7-46
keyword 4-2
P
L
parameters 2-1
LAN 5-8, 5-31, 5-101 password 1-24, 4-13, 4-16, 4-24, 5-70, 5-77,
limit 7-23 5-80, 7-9, 7-50
Linux 4-18 path 4-4, 4-22, 4-26, 4-28, 4-33–4-35, 7-23
list 4-29, 6-29, 7-42, 7-57 physical 3-44–3-45, 3-58, 7-16, 8-12
LOAD 1-2, 1-5, 7-5, 8-3 pool 2-17
location 3-28–3-29, 3-32, 6-46–6-47 port 1-53, 1-58, 1-60–1-61, 2-50–2-51, 3-11,
log file 2-42, 7-12 5-18, 5-21–5-22, 5-50, 5-73–5-74,
5-81, 5-83, 5-104, 6-13, 6-23–6-26,
6-44, 7-2, 7-6–7-7, 7-45, 7-47, 7-53,
8-8, 8-10–8-11, 8-13, 8-18, 8-20,
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Index-3
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
Index-4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.
Index
software 1-7, 1-24, 1-65, 2-28, 3-40, 3-53, 5-106, 5-109, 6-4, 6-11, 7-1, 7-8, 7-23,
4-13, 5-3, 5-17, 5-70, 5-77, 5-99, 7-27, 7-29, 7-50, 8-1, 8-4–8-5, 8-7,
6-5–6-7, 7-2, 7-8, 7-29, 7-41, 7-50, 8-10–8-12, 8-23–8-25, 8-27, 8-29, A-1
7-53, 8-25, 8-29
space 4-3
T
SSL 5-26, 5-62, 5-79, 6-10, 7-2
standalone 1-11, 8-23 task 5-6
start Intro-9, 1-12, 1-28, 1-30–1-31, 1-34, 1-36, time 1-4, 1-11, 1-13–1-16, 1-24, 1-39, 2-1,
1-50–1-51, 1-55–1-57, 2-3, 2-6, 2-3–2-4, 2-6, 2-9, 2-11–2-12,
2-9–2-13, 2-18, 2-23, 2-26, 2-14–2-15, 2-17–2-19, 2-21, 2-23,
2-28–2-29, 2-36, 2-43, 2-45–2-46, 2-26, 2-30, 2-40, 3-6, 3-8–3-9, 3-12,
2-52, 3-3, 3-12, 3-18–3-19, 3-34, 3-56, 4-10–4-11, 4-22–4-24,
3-34–3-35, 3-39, 3-54, 4-13–4-14, 4-39, 5-58, 5-63, 5-75, 5-81, 5-83,
4-24, 4-29, 4-31, 5-12, 5-18, 5-33, 5-101, 6-6, 6-9, 6-15–6-16,
5-38, 5-55, 5-63, 5-65–5-67, 6-24–6-26, 6-47–6-48, 7-9, 7-12,
5-70–5-72, 5-75, 5-77, 5-79, 5-91, 7-14, 7-18, 7-22, 7-24, 7-42, 7-46,
5-98, 5-101, 5-110, 6-12, 6-30, 6-33, 7-57
6-41, 6-44–6-46, 6-49, 7-8–7-9, 7-27, Tomcat 8-27
7-29, 7-40, 7-43, 7-50–7-51, 7-56,
8-5–8-6, 8-15, 8-18, 8-20, 8-25, transaction 5-74
8-27–8-30, 8-32 transfer 1-47
storage 5-4, 5-67 transmission 2-38, 5-79
subdirectory 1-11 type 1-53, 2-38, 4-6, 5-16, 5-34, 5-54–5-55,
subnet 2-2, 2-13, 2-17, 2-27, 2-30, 2-32, 2-37, 5-75, 5-92, 6-23, 6-29
2-41–2-42, 4-34, 6-9, 7-5–7-6
SUSE Intro-1–Intro-6, Intro-8, 1-2, 1-4, 1-24, U
1-56, 1-65, 2-9, 2-22, 2-26, 2-40, 3-1,
3-10–3-11, 3-13, 3-38, 4-1, 4-6, 5-1, UA 6-5, 6-18, 6-27
5-12–5-13, 5-50, 5-74, 5-80, 6-2–6-3,
unicast 6-9
6-11, 6-19, 6-30, 6-33, 6-38, 6-40,
6-48–6-49, 7-1, 7-53, 8-1, 8-3–8-4, UNIX 5-16–5-17, 5-59
8-6, 8-23 update 1-52, 2-11, 2-39, 2-46
SuSEconfig 5-14, 5-21–5-27, 5-30, 5-104 upload 8-20
syntax 6-22 user 3-11, 3-46, 3-59, 4-11, 5-10, 5-75, 5-80,
SYS 3-11, 3-32–3-34, 3-49, 3-59 5-85, 6-13, 7-3
system Intro-4, Intro-8, 1-1, 1-24, 1-28, 1-31, account 4-16, 4-23, 4-36, 4-40
1-58, 2-10, 2-28, 2-33, 2-36, 3-1, 3-11, Agent 5-4, 6-5–6-6, 6-9, 6-14, 6-28, 6-31
3-18–3-19, 3-33, 3-40–3-43, 3-58,
4-3–4-4, 4-6, 4-13, 4-21, 4-25, 4-28,
4-37–4-38, 4-40–4-41, 5-6, 5-9–5-13, V
5-15, 5-18, 5-24, 5-36, 5-39, 5-46,
5-50, 5-57–5-59, 5-64–5-65, 5-70, value 3-44, 5-56, 5-63, 5-73
5-74–5-75, 5-77, 5-79, 5-94, 5-101,
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Index-5
To report suspected copying, please call 1-800-PIRATES.
SUSE LINUX Network Services
VERIFY 5-16
view 6-34, 7-48, 7-51
W
web
server 1-4, 7-7, 7-10–7-11, 7-25,
7-38–7-40, 8-2–8-5, 8-12, 8-23,
8-31, 8-34
X
XML 8-7, 8-32
Y
YaST Intro-8, 1-24–1-25, 1-56, 2-21–2-23,
2-26, 2-28, 2-32, 2-34, 2-36, 2-42,
3-10–3-13, 3-15–3-16, 3-18–3-19,
3-21, 3-24–3-26, 3-31–3-32,
3-35–3-37, 3-39, 3-56–3-57, 4-13,
5-30, 5-70, 5-74, 5-77, 6-30, 6-33,
6-41–6-43, 6-45, 7-2, 7-8, 7-29–7-30,
7-41, 7-50, 8-4, 8-25–8-26, 8-29,
A-1–A-2
Z
zone 1-2–1-3, 1-6–1-7, 1-9–1-12, 1-14–1-15,
1-17–1-18, 1-21, 1-23–1-24,
1-26–1-27, 1-30, 1-32–1-33, 1-35,
1-42–1-44, 1-46–1-50, 1-52–1-54,
1-56, 1-58, 1-61, 1-64–1-67, 1-69,
2-27, 2-38–2-40, 2-43, 2-46–2-47,
2-57, 3-6
Index-6 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
To report suspected copying, please call 1-800-PIRATES.