First Technology Transfer

Standard and Advanced Technical Training, Consultancy and Mentoring

LPAT300 Advanced Administration of Linux in Mixed Environments - A Level 3 Advanced Specialisation

Duration: 5 Days

Background and Intended Audience

This course is based to a large extent on the syllabus of the LPIC 300 exam. It is focused on administration of Linux systems that are part of a mixed environment. It can be thought of as an LDAP, SAMBA and Active Directory Services (from the Linux perspective) specialisation. System administrators with proven experience in this area are in great demand. The necessary skills cannot be acquired over a weekend out of a textbook or two, but can only come from extensive and extended practical experience. This course is but a starting point that should provide the essential knowledge and skills to tackle 80% or thereabouts of the kinds of problems that may arise in this particular domain.

Prerequisites

Attendees are assumed to have considerable Linux system admin knowledge equivalent to that required for LPIC Level2 such as might have been acquired by completing LPAT201 and LPAT202 training or equivalent and several months practical experience involving Linux system administration, and experience in working in mixed environments having Microsoft, MAC OSX and Linux / Unix systems deployed throught the organisation. The course provides many post course labs and challenges. For those contemplating taking this course as a distance learning course the number of hours of work involved is from 150 to 250 hours, with much of the time being spent setting up and configuring mixed network systems and testing out various applications and services running on such systems.

Key topics covered

  • OpenLDAP Configuration
  • Setting up OpenLDAP as an Authentication Backend
  • Samba Architecture, Uses and Protocols
  • Samba Share Configuration
  • Samba User and Group Management
  • Samba Domain Integration
  • Samba Name Services
  • Working with Linux and Windows Clients

Detailed Course Outline

  • Open LDAP
    • Directory Services - Concepts and Goals
    • Distributed database concepts and LDAP
    • OpenLDAP Replication - concepts and patterns
      • Replication concepts
      • master / slave server
      • multi-master replication
      • consumer
      • referral
      • one-shot mode
      • pull-based / push-based synchronization
    • Configuring OpenLDAP replication
      • syncrepl
      • refreshOnly and refreshAndPersist
    • Analyzing replication log files - replog
    • Understanding and setting up replica hubs
    • LDAP referrals
    • LDAP sync replication
    • Securing the LDAP Directory
      • configuring encrypted access to the LDAP directory
        • SSL / TLS
        • Client / server certificates
        • Security Strength Factors (SSF)
        • SASL
      • Restricting access at the firewall level
      • Unauthenticated access methods vs. User / password authentication methods
      • Maintanence of SASL user DB
      • Proxy authorization
    • OpenLDAP Server - monitoring and Performance Tuning
      • measuring the performance of an LDAP server, and tuning configuration directives
      • understanding indexes and indexing in OpenLDAP
      • Working with DB_CONFIG
    • OpenLDAP as an Authentication Backend
      • Configuring PAM and NSS to retrieve information from an LDAP directory
        • Configuring PAM to use LDAP for authentication ... /etc/pam.d
        • Configuring NSS to retrieve information from LDAP ... /etc/nsswitch.conf
        • Configuring PAM modules in various Unix environments
      • Integrating LDAP with Active Directory and Kerberos
        • Cross platform authentication
        • Single sign-on concepts
        • Integration and compatibility limitations between OpenLDAP and Active Directory
  • Samba
    • Samba Concepts and Architecture
    • History and evolution of Samba - Samba3 and Samba4
    • Samba daemons and components - smbd, nmbd, samba, winbindd
    • Working with heterogeneous networks
    • Key TCP/UDP ports used with SMB/CIFS
    • Installing and configuring Samba
      • Samba configuration files - structure and syntax - smb.conf
      • Samba variables and configuration parameters - smb.conf parameters and smb.conf variables
      • Troubleshooting and debugging configuration problems with Samba
    • Regular Samba Maintenance
      • Monitoring and interacting with running Samba daemons
      • Performing regular manual and automated backups of Samba configuration and state data
        • smbcontrol
        • smbstatus
        • tdbbackup
       
    • Troubleshooting Samba
      • Configuring Samba logging
      • Backup and restoration of TDB file
        • tdbbackup, tdbdump, tdbrestore, tdbtool
    • Samba and Internationalisation
      • Understand internationalization character codes and code pages
      • Understanding the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
      • Understanding the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
      • Understanding the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment
    • Samba Share Configuration
      • Create and configure file sharing
      • Plan file service migration
      • Limit access to IPC$
      • Create scripts for user and group handling of file shares
      • Samba share access configuration parameters
    • Samba - Linux File System and Share/Service Permissions
      • Understanding and working with file permissions on a Linux file system in a mixed environment
      • How Samba interacts with Linux file system permissions and ACLs
      • Using Samba VFS to store Windows ACLs
      • Commands, utilities and configuration files
        • smb.conf, chmod, chown, smbcacls, getfacl, setfacl
        • create mask, directory mask, force create mode, force directory mode
        • vfs_acl_xattr, vfs_acl_tdb and vfs objects
    • Samba Print Services
      • Creation and management of print shares in a mixed environment
      • Creating and configuring printer sharing
      • Configuring integration between Samba and CUPS
      • ManageingWindows print drivers and configuring downloading of print drivers
      • Configuring [print$]
      • Dealing with security concerns involving printer sharing
      • Uploading printer drivers for Point’n’Print driver installation using ‘Add Print Driver Wizard’ in Windows
      • Key files, directories and utilities
        • smb.conf , /var/spool/samba/. , cupsd.conf
        • smbspool, rpcclient, net, [print$]
    • Samba User and Group Management
      • Strategies for managing user and group accounts in a mixed environment
      • Manager user and group accounts
      • Understanding user and group mapping
      • Working with user account management tools
        • samba-tool user (with subcommands)
        • samba-tool group (with subcommands)
        • Making use of the smbpasswd program
      • Forcing ownership of file and directory objects - force user, force group
      • Knowledge of content, syntax and usage of key files and directories - smb.conf, /etc/passwd, /etc/group
      • Knowing the purpose and uses of pdbedit and idmap
    • Samba - Authentication, Authorization and Winbind
      • Understanding the various samba related authentication mechanisms
      • configuring access control
      • Setup a local password database
      • Perform password synchronization
      • Knowledge of different passdb backends
      • Converting between Samba passdb backends
      • Integrating Samba with LDAP
      • Configuring the Winbind service
      • Configuring PAM and NSS
      • Knowing how to make use of the relevant command line tools, utilities and configuration files
        • smb.conf , /etc/passwd, /etc/group
        • smbpasswd, tdbsam, ldapsam
        • passdb backend
        • libnss_winbind , libpam_winbind , libpam_smbpass , wbinfo , getent
        • Understanding the meanings of SID and foreign SID
    • Samba Domain Integration
      • Samba as a PDC and BDC
        • Setup and maintenance of primary and backup domain controllers
        • Managing Windows/Linux client access to the NT-Style domains
      • Understand and configure domain membership and trust relationships
      • Create and maintain a primary domain controller with Samba3 and Samba4
      • Create and maintain a backup domain controller with Samba3 and Samba4
      • Adding computers to an existing domain
      • Configuring logon scripts
      • Configuring roaming profiles
      • Configuring system policies
    • Samba4 as an AD (Active Directory) compatible Domain Controller
      • Configuring Samba 4 as an AD Domain Controller
      • Using smbclient to confirm AD operation
      • Understanding how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP
      • Configuring Samba as a Domain Member Server
        • Joining Samba to an existing NT4 domain
        • Joining Samba to an existing AD domain
        • Ability to obtain a TGT from a KDC
    • Samba Name Services
      • Understanding and troubleshooting NetBIOS and WINS
      • Understanding WINS and NetBIOS concepts
      • Understanding the role of a local master browser
      • Understanding the role of a domain master browser
      • Understanding the role of Samba as a WINS server
      • Understanding name resolution
      • Configuring Samba as a WINS server
      • Configuring WINS replication
      • Understanding NetBIOS browsing and browser elections /li>
      • Understanding NETBIOS name types
    • Active Directory Name Resolution
      • Understand and manage DNS for Samba4 as an AD Domain Controller
      • DNS forwarding with the internal DNS server of Samba4
    • CIFS (Common Internet File System) - working with Linux and Windows Clients
      • Understanding SMB/CIFS concepts
      • Knowing how to access and mount remote CIFS shares from a Linux client
      • Secure storage of CIFS credentials
      • Understanding architecture and benefits of CIFS
      • Understanding permissions and file ownership of remote CIFS shares
      • Knowing how to use CIFS oriented command line tools and utilities - smbget, smtar, smbtree, findsmb, smbcquotas
      • Knowing how to mount CIFS file systems - mount and mount.cifs
      • Configuring /etc/fstab for CIFS
    • Accessing Linux servers and file and print services running on them from remote Windows clients
      • Nature of Windows clients and Windows protocols they make use of
      • Exploring browse lists and SMB clients from Windows
      • Sharing file / print resources from Windows
      • Using of the smbclient program
      • Using of the Windows net utility
      • Windows client side administration tools and utilities - control panel, windows net command. redesktop
      • Understanding the concept of a Windows workgroup

    Call us:

    Technical enqiries: 020 8669 0769
    Sales enquiries: 020 8647 1939, 020 77681 40786