Linux Network Administration Guide

by Samar Abbas Version 1.0 (24/3/2003)

  1. Linux NW Env. (TCP/IP or Basic Networking) (a. NW Models (OSI, TCP/IP model), b. Network Services (TCP/IP, inetd, xinetd, port assignments), c. IP Addressing (classes, subnet mask))
  2. NFS & AutoFS
  3. NIS (a. NIS Server, b. NIS Client, c. NIS+)
  4. Samba (incl. MS W2k admin.)
  5. ftp server
  6. Web Server
  7. Mail & News Admin (sendmail, POP3, IMAP4, qmail, usenet);
  8. DHCP
  9. DNS (a.Utils, b.Troubleshooting);
  10. Firewalls

I. Linux Network Environment

Computer Network - An interconnected collection of autonomous computers

a. Network Models (7-layer ISO OSI "International Standards Organization Open Systems Interconnection" Model, 5-layer TCP/IP model)

   OSI Model        TCP/IP Model
_______________   _______________
| Application  |  |             |
| Presentation |  | Application |
| Session      |  |             |
| Transport    |  | Transport   |
| Netowrk      |  | Network     |
| Data Link    |  | Data Link   |
| Physical     |  | Physical    |
----------------  ---------------

"Please Do Not Take Sales Persons' Advice"
  1. Application Layer: user utils (eg. ftp, email, rlogin)
  2. Presentation Layer: handles syntax + format (data representation) of data, eg. compression and cryptography
  3. Session Layer: control structure for communication between applications: establishes, maintains and terminates connections
  4. Transport Layer: controls trasnport connections, their establishment and termination
  5. Network Layer: determines path/route through NW from source to destination using IP; transmits datagrams
  6. Data Link Layer: provides error detection and error control by creating data frames (100s of b); delivers data using media/HW address, eg. Ethernet/MAC (Media Access Ctrl) address
  7. Physical Layer : ctrls transmission of raw bit stream over communication channel using the electrical and mechanical characteristics of the medium

b. Network Services

c. IP Addressing

IP Address Definition: - A 32-bit number that identifies each sender or receiver of information sent in packets across the Internet; usu. expressed in dotted quad (or dot address) notation in four parts, each part being 8 bits. eg. x1.x2.x3.x4. Each no. 8 bits, ie. 0 =< x =< 255 (256 total = 2^8) [Negus,Ch.15, whatis.com] Subnet Mask: - Subnet Level, eg. to differentiate 135.84.x.x and 135.84.118.x

II. NFS

a. NFS Lab

  1. NFS Server : portmap + nfsutils rpms
    1. /etc/exports:

      /etc/exports
      /export      *(ro)
      /home        198.100.12.6(rw,no_root_squash)
      /home        198.100.12.6/255.255.255.0(rw)
      
    2. %service nfs status|start|restart|stop (%service = % /sbin/service)
      or /etc/rc.d/init.d/nfs status|stop|start + /etc/rc.d/init.d/nfslock restart
      or #rpc.portmap (portmapper); #rpc.mountd (mount daemon: mts+unmts fs); #rpc.nfsd (nfs server daemon); #rpc.statd ; #rpc.lockd ; #rpc.rquotad (auxiliary NFS services)
    3. #rpcinfo -p (chk which rpc services running) = /etc/rc.d/init.d/portmap status & /etc/rc.d/init.d/nfs status   (portmap maps calls from other machines to the corret rpc service; nfs translates nfs requests into requests on local fs) or %rpcinfo -p xhost : chk which ones are already running, at least three lines containing "portmapper", "nfs", and "mountd" should be seen; at most these plus "rquotad", "status", "nlockmgr")
    4. #exportfs -ra (`refresh'+`all': force nfsd to re-read /etc/exports)
    5. %showmount -a (all clients mounting which dirs)
      %showmount -e localhost (NFS Server's export list)
  2. NFS Client :
  3. Unmount the files :

b. Common Problems

c. AutoFS

Automounter automatically mounts appropriate FS when "magic dirs" accessed.
  1. Setup NIS Client: xclient:~% authconfig (to cfg /etc/yp.conf):

    xclient:/etc/yp.conf
    domain   xnisdomain  server  xserver
    
  2. Cfg + Start Client Automounter: xclient:~% rpm -Uvh autofs-3.1.5-5.i386.rpm (installed from the 2nd RH bin CD)

    xclient:/etc/auto.master
    /home  /etc/auto.home   --timeout 60 
    

    xclient:/etc/auto.home
    *  -rw,soft,intr    xserver:/home/&
    
    If xserver:/home -> all /home mounted under user's dir.
    xclient:~$ mv /home /home_xlocal (so no clash between remote + local dirs)
    xclient:~$ service autofs status|stop|start ;
  3. NFS Server started xserver:~% service nfs stop|start

    xserver: /etc/exports
    /home   xclient(rw)
    
  4. NIS Server started (mustbe in this order): xserver:~% service --status-all|grep yp
    xserver:~% service ypserv start
    xserver:~% service yppasswd start
  5. NIS users could login on client and into home dirs
  6. client:~% usermod -d /home_xlocal/luser luser (local client users could still login to their home dirs)

III. NIS (NW Info Service)

a. NIS Server

  1. Start the NIS Server : %ypserv (NIS server daemon) + %yppasswdd (NIS passwd daemon; clients use $yppasswd to change NIS passwds): %service ypserv status|start; %service yppasswdd start
  2. /etc/sysconfig/network: NISDOMAIN = mydomain (machine name + NIS domain name occupy different non-overlapping name spaces); = % domainname xyz.com to prevent "Domain Name No Set" error
  3. /etc/nsswitch.conf: correct lookup order files, nisplus, nis, dns
  4. Build and Install NIS Databases : %/usr/lib/yp/ypinit -m     (takes some time)

b. NIS Client

  1. %authconfig (cfg nis client)
  2. Start the NIS Client : %service ypbind start = #/sbin/ypbind (broadcast request for NIS server; or read /etc/yp.conf for list of NIS servers in clt domain)
  3. Mount NFS Files : #mount -o rsize=1024,wsize=1024 -t nfs mars:/home/user /home/user     ( mount user's home directory, the user can now view and edit his files )

c. NIS Slave Server

  1. nismaster:/var/yp/ypservers: enter names of slave servers
  2. nisslave:/usr/lib/yp/ypinit -s xnismaster

d. NIS+

e. LDAP (Lightweight Directory Access Protocol)


IV. Samba

x. Running Samba

  1. /etc/samba/smb.conf : (styled after windows.ini)

    /etc/samba/smb.conf

    workgroup = MYWORKGROUP   # same grp as ms machines
    netbios name = SHIBLI    # nw name line added
    ...
    security = share     # changed from security = user 
                         # to enable share access without password  
    ...
    [share]                  # mkdir /share with all shared files. 
       comment = Linux Share # add this section
       path = /share
       public = yes
       readonly = no 
    ...
    printcap name = /etc/printcap
    load printers = yes
    printing = cups
    guest account = pcguest # must exist withno passwd
    map to guest = bad users # map unrecognised users to guest
    ...
    [printers]
       comment = AMU Phys. Dept. Printers (IBM NetVista)
       path = /var/spool/lpd    # must exist 1777
       browseable = yes
       printable = yes
       public = yes
       default devmode = yes
       profile acls = no  # disable win passwd checks
       guest ok = yes
    
    [hpoj]
       comment = Shibli HP OfficeJet G85 printer
       path = /var/spool/lpd
       printable = yes
       guest ok = yes
       browseable = yes
       writable = yes
       default devmode = yes     # man smb.conf
       profile acls = no
    
  2. XP Prof. Printer Cfg [AMU 12/8/2003]: My NW Places > Printers & Fax > Add Printers (wizard) Note: HP OfficeJet G85 (printer+scanner+fax) driver did not work, Generic HP OfficeJet driver worked AMU 12/8/2003
  3. #printconf-gui; $printconf (remote Unix: hpoj@shibli)
  4. #kooka: OCR on kde
  5. testparm smb.conf (test for all connections) or testparm smb.conf 198.100.11.100    (test for one machine)
  6. %/usr/sbin/smbd ; %/usr/sbin/nmbd (share invisible without naming services)
  7. NT/Windows | Network Neighbourhood; or $/usr/bin/smbclient //198.100.11.10/C -U Administrator
    permits access to windows from linux; if required, specify password and then smb :\> prompt should appear; use cd d; get f

b. MS Admin

Outlook:


V. ftp server

a. wu-ftpd

  1. wu-ftpd, anonftp, xinetd pkgs required
  2. %mkdir /var/ftp/incoming; %chown root.daemon incoming; %chmod 773 incoming (create anon ftp writeable dir)
  3. /etc/ftpaccess: upload /var/ftp /incoming yes root daemon 0400 nodirs
  4. upload + chk log file

b. ftp error codes [ftp_error]

Code Description
100 Codes The requested action is being taken. Expect a reply before proceeding with a new command.
110 Restart marker reply.
120 Service ready in (n) minutes.
125 Data connection already open, transfer starting.
150 File status okay, about to open data connection.
200 Codes The requested action has been successfully completed.
200 Command okay.
202 Command not implemented
211 System status, or system help reply.
212 Directory status.
213 File status.
214 Help message.
215 NAME system type. (NAME is an official system name from the list in the Assigned Numbers document.)
220 Service ready for new user.
221 Service closing control connection. (Logged out if appropriate.)
225 Data connection open, no transfer in progress.
226 Closing data connection. Requested file action successful (file transfer, abort, etc.).
227 Entering Passive Mode
230 User logged in, proceed.
250 Requested file action okay, completed.
257 "PATHNAME" created.
300 Codes The command has been accepted, but the requested action is being held pending receipt of further information.
331 User name okay, need password.
332 Need account for login.
350 Requested file action pending further information.
400 Codes The command was not accepted and the requested action did not take place.
Tthe error condition is temporary, however, and the action may be requested again.
421 Service not available, closing control connection. (May be a reply to any command if the service knows it must shut down.)`
425 Can't open data connection.
426 Connection closed, transfer aborted.
450 Requested file action not taken. File unavailable (e.g., file busy).
451 Requested action aborted, local error in processing.
452 Requested action not taken. Insufficient storage space in system.
500 Codes The command was not accepted and the requested action did not take place.
500 Syntax error, command unrecognized. This may include errors such as command line too long.
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command not implemented for that parameter.
530 User not logged in.
532 Need account for storing files.
550 Requested action not taken. File unavailable (e.g., file not found, no access).
552 Requested file action aborted, storage allocation exceeded
553 Requested action not taken. Illegal file name.

VI. Web Server Administration

a. Apache :

b. TomCat Installation : TomCat install on Win95 at iop and at UU CC on 26.11.01:

  1. J2SDK1.4 Installed: Installed j2sdk1.4 in d:/jdk1.4 by clicking on j2sdk.exe in d:\temp copied from cd; cf. also java.sun.com/j2se/1.4/docs
  2. TomCat Installed: e:\cdrom\ondem\tomcatw.zip (or jakarta-tomcat-3.2.2.tar.gz 2.7 MB for linux) Extracted it to d:\tomcat autoinstall occurred in d:\tomcat\jakarta-tomcat_3.2.3
  3. Environment variables set:
      cd d:\tomcat\jakarta-tomcat_3.2.3
      set JAVA_HOME=d:\jdk1.4
      set PATH=%PATH%;%JAVA_HOME%\bin  
      
    and it was checked that javac worked. Any error "bad command or file name" indicated incorrect path setting.
  4. DOS Window Memory Increased: The memory of a dos prompt windows was increased to enable the tomcat batch file to run, otherwise an "out of memory" type error occurred. MSDOS Prompt > Properties > Memory > Init.Env.=4096
  5. TomCat Started: d:\tomcat\jakarta-tomcat_3.2.3> bin\startup the comamnd bin\startup was seen to be equivalent to startup in the bin dir. It was then checked that http://localhost:8080 worked in IE. Sample JSP, servlets in TOMCAT_HOME/webapps/examples were used

VII. Mail & News Admin

a. sendmail


VIII. DHCP (Dyn. Host Cfg. Proto.)

  1. DHCP client --- (DHCPDISCOVER packet + client MAC address) ---> DHCPserver [pcq,june2002]
  2.                     <--- (DHCPOFFER + 1 IP addr.) ---
  3.                       --- (DHCPREQUEST + IP offer selected) --->
  4.                     <--- (DHCPACK acknowledgemt + lease info) ---

IX. DNS : bind, named

a. DNS Utils

b. Troubleshooting


X. Firewall Admin


XI. SuperComputer/Cluster


References

  1. [Negus] = `Red Hat Linux 7.x Bible' by Chris Negus, Unlimited Ed., IDG Books, 2001.
  2. [ftp_error] = http://www.ipswitch.com/Support/WS_FTP/ftp_codes.html; http://www.the-eggman.com/seminars/ftp_error_codes.html
    MS: Outlook
  3. outlook tips: http://email.about.com/cs/outlooktips