Docstoc

Exploring OpenSUSE 11.1

Document Sample
Exploring OpenSUSE 11.1 Powered By Docstoc
					Isa Raffee's Exploring OpenSUSE 11.1




                          Exploring OpenSUSE 11.1
                                                      By Isa Raffee




                                       Page 1 of 87
Isa Raffee's Exploring OpenSUSE 11.1




Table of Contents
Exploring OpenSUSE 11.1........................................................................................................................1
Exploring OpenSUSE 11.1........................................................................................................................4
  Exploring RAID in OpenSUSE 11.1.....................................................................................................4
     Define RAID Level ..........................................................................................................................4
     Mounting the RAID Device..............................................................................................................5
     What Happens to RAID After Reboot?............................................................................................8
     Querying RAID ...............................................................................................................................9
     Monitoring RAID...........................................................................................................................11
     Removing Software RAID Configuration......................................................................................12
  Connecting to the Internet...................................................................................................................15
  Configuring Networking in OpenSUSE..............................................................................................20
     Configuring Network via YaST2....................................................................................................21
     Networking Configuration via YaST2 Solved...............................................................................24
     Configuring Networking via the Network Configuration File.......................................................24
     Testing the Network Connections..................................................................................................26
  Connecting to the Internet via Wireless..............................................................................................26
  Configuring DHCP server...................................................................................................................28
     Starting the DHCP service..............................................................................................................29
     Configuring DHCP clients..............................................................................................................29
  Connecting OpenSUSE to the Internet Using Wired Connections to the Router...............................30
  Exploring SSH in OpenSUSE.............................................................................................................31
     Notes...............................................................................................................................................32
  FTP in OpenSUSE...............................................................................................................................32
  Using Telnet in OpenSUSE.................................................................................................................35
  Exploring NFS in OpenSUSE.............................................................................................................40
     Installing NFS server in OpenSUSE..............................................................................................40
     Installing NFS server in Ubuntu.....................................................................................................40
     Configuration of NFS Server on OpenSUSE.................................................................................41
        Configure the /etc/exports..........................................................................................................41
        Check Run Level of NFS...........................................................................................................42
        Configuring the NFS client – Ubuntu host................................................................................43
        Mounting the NFS Share in the NFS Client..............................................................................43
  Configuring a DNS server in OpenSUSE...........................................................................................45
     Setting Up the DNS Server.............................................................................................................45
     Configuring /etc/named.conf..........................................................................................................46
        Configuring resolv.conf.............................................................................................................49
        Configuring named.conf............................................................................................................49
        Configuring the Forward Zone File...........................................................................................49
        Configuring the Reverse Zone File............................................................................................50
  DNS Client..........................................................................................................................................50
     Loading Your New Configuration File...........................................................................................50
     Querying the DNS Server...............................................................................................................51
  Configuring Virtual Hosts Using Apache in OpenSUSE....................................................................55
     The Apache Configuration Files.....................................................................................................56
     Setting Up Virtual Hosts.................................................................................................................56
     Defining the Virtual Hosts .............................................................................................................57

                                                                      Page 2 of 87
Isa Raffee's Exploring OpenSUSE 11.1


         Creation of Virtual Hosts In YaST2..........................................................................................57
         Manual Creation of Virtual Hosts Configuration Files..............................................................58
         Editing the /etc/apache2/listen.conf File....................................................................................58
      Configuration of the /etc/named.conf file.......................................................................................59
      Restarting the Named Server and Apache Server...........................................................................60
      The Outcome..................................................................................................................................60
      The Web Logs Files........................................................................................................................61
   Configuring NIS in OpenSUSE..........................................................................................................61
      Configuring the NFS Server ..........................................................................................................61
   Configuring the NFS client.................................................................................................................62
      Configuration of NIS Server...........................................................................................................63
         Setting Up NIS Sever Using YaST2..........................................................................................63
         Setting Up NIS Server Manually...............................................................................................64
         Start the NIS Server Deamons...................................................................................................64
         Adding New NIS Users.............................................................................................................66
      Configuring NIS client...................................................................................................................67
         Edit the /etc/yp.conf File............................................................................................................68
      Test the NIS Access to the NIS Server ..........................................................................................69
      Test Logins via the NIS Server ......................................................................................................69
         Logging in via TELNET............................................................................................................69
         Logging in via SSH....................................................................................................................70
   Implementing LDAP in OpenSUSE....................................................................................................70
      Configuring the LDAP Server........................................................................................................71
         Create a Database Directory......................................................................................................72
      Create a LDAP Root Password.......................................................................................................72
      Edit the slapd.conf File...................................................................................................................72
      Start the ldap Daemon....................................................................................................................73
      Convert the /etc/passwd File to LDIF Format................................................................................73
         Extract the Desired Records From /etc/passwd.........................................................................73
         Find the Conversion Script........................................................................................................73
         Convert the .ldapuser File..........................................................................................................73
      Modify the LDIF Files....................................................................................................................74
         Create an LDIF File for the example.com Domain...................................................................74
      Import the LDIF Files into the Database........................................................................................75
      Test the LDAP Database................................................................................................................76
      Test the LDAP Database................................................................................................................76
      Setting Up the LDAP Client...........................................................................................................78
      Create Home Directories on LDAP client......................................................................................81
      Testing Using ldapsearch from LDAP client..................................................................................83
         Testing Using SSH or the Linux Console..................................................................................83
      Resources From the Internet...........................................................................................................83
   1. LDAP Server...................................................................................................................................83
      1.1. Installation...............................................................................................................................83
      1.2. Populating the database...........................................................................................................84
   Implementing Firewall in OpenSUSE.................................................................................................85
      Notes...............................................................................................................................................87




                                                                      Page 3 of 87
Exploring OpenSUSE 11.1
Exploring RAID in OpenSUSE 11.1

neptune:~ # fdisk -l

Disk /dev/sda: 30.7 GB, 30750031872 bytes
255 heads, 63 sectors/track, 3738 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x63f49bdd

  Device Boot     Start      End    Blocks Id System
/dev/sda1           1     13     104391 83 Linux
/dev/sda2          14     535 4192965 fd Linux raid autodetect
/dev/sda3         536     1057 4192965 fd Linux raid autodetect
/dev/sda4 *       1058      3738 21535132+ 5 Extended
/dev/sda5        1058      1188 1052226 82 Linux swap / Solaris
/dev/sda6        1189      2208 8193118+ 83 Linux
/dev/sda7        2209      3738 12289693+ 83 Linux

Disk /dev/md0: 4293 MB, 4293525504 bytes
2 heads, 4 sectors/track, 1048224 cylinders
Units = cylinders of 8 * 512 = 4096 bytes
Disk identifier: 0x00000000

Disk /dev/md0 doesn't contain a valid partition table


Define RAID Level

Define RAID level and the number of devices in the array

neptune:~ # mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda2 /dev/sda3
mdadm: device /dev/sda2 not suitable for any style of array

Format the RAID with the filesystem of your choice.

neptune:~ # mkfs.ext3 /dev/md0
mke2fs 1.41.1 (01-Sep-2008)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
262144 inodes, 1048224 blocks
52411 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=1073741824
32 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
     32768, 98304, 163840, 229376, 294912, 819200, 884736

Writing inode tables: done
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 28 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.


Mounting the RAID Device.

neptune:~ # mount /dev/md0 /mnt/


Check that the RAID device is mounted.

neptune:~ # mount
/dev/sda6 on / type ext3 (rw,acl,user_xattr)
/proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/sda7 on /home type ext3 (rw,acl,user_xattr)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
securityfs on /sys/kernel/security type securityfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
gvfs-fuse-daemon on /root/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev)
/dev/md0 on /mnt type ext3 (rw)

Explore the /mnt directory

neptune:~ # cd /mnt
neptune:/mnt # ll
total 16
drwx------ 2 root root 16384 Apr 14 11:28 lost+found

neptune:/mnt # echo "Howdy, RAID ;)" > /mnt/test.txt
neptune:/mnt # cat /mnt/test.txt
Howdy, RAID ;)

Update the /etc/mdadm.conf so that your RAID is started automatically with the rest of your
filesystems at boot time.

But first let us see the initial configuration of this file.

neptune:/mnt # more /etc/mdadm.conf
DEVICE partitions
ARRAY /dev/md0 level=raid1 UUID=29452c4e:71deeb27:d2c12575:8954d9e1

Now let's configure this file.

neptune:/mnt # mdadm --detail --scan | tee -a /etc/mdadm.conf
ARRAY /dev/md0 level=raid1 num-devices=2 metadata=0.90
UUID=29452c4e:71deeb27:d2c12575:8954d9e1

Verifying that the data is in fact being mirrored. Stop and unmount the RAID, and mount (read-only)
each of the component partitions and see that the same data is in place.

neptune:~ # cd /
neptune:/ # mdadm --stop /dev/md0
mdadm: failed to stop array /dev/md0: Device or resource busy
Perhaps a running process, mounted filesystem or active volume group?

Here I am unable to stop the RAID because it is mounted. So let's unmount the RAID first.

neptune:~ # umount /dev/md0

Now, stop the RAID.

neptune:~ # mdadm --stop /dev/md0
mdadm: stopped /dev/md0

Next mount one of the RAID member device, in my case it's /dev/sda2

neptune:~ # mount -o ro -t ext3 /dev/sda2 /mnt

Check that the file that we created earlier is still there
neptune:~ # cd /mnt
neptune:/mnt # ls
lost+found test.txt

neptune:/mnt # cat test.txt
Howdy, RAID ;)

Yes, the contents of the file are still there.

Do the same for the other RAID member device, and in my case it's /dev/sda3

neptune:~ # cd
neptune:~ # umount /mnt
neptune:~ # mount -o ro -t ext3 /dev/sda3 /mnt
neptune:~ # ls /mnt
lost+found test.txt
neptune:~ # cat /mnt/test.txt
Howdy, RAID ;)

Yes the other RAID member device also has the same file contents.

To restart and remount the RAID

Firstly, unmount the /mnt directory

neptune:~ # umount /mnt

Then restart RAID by typing:

neptune:~ # mdadm --assemble /dev/md0
mdadm: /dev/md/0 has been started with 2 drives.

Mount the RAID devices

neptune:~ # mount /dev/md0 /mnt

Check that the RAID device is mounted

neptune:~ # mount
/dev/sda6 on / type ext3 (rw,acl,user_xattr)
/proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/sda7 on /home type ext3 (rw,acl,user_xattr)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
securityfs on /sys/kernel/security type securityfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
gvfs-fuse-daemon on /root/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev)
/dev/md0 on /mnt type ext3 (rw)

Alternatively, you can also type:

neptune:~ # df -h
Filesystem         Size Used Avail Use% Mounted on
/dev/sda6         7.7G 3.1G 4.3G 43% /
udev            247M 196K 247M 1% /dev
/dev/sda7          12G 161M 11G 2% /home
/dev/md0          4.0G 73M 3.7G 2% /mnt

We see that the RAID device /dev/md0 is mounted on /mnt
If you look closely, the size of the RAID is 4GB I.e half of the size of the total capacity of the
partitions. You see at the beginning we configured two partitions of size 4 GB each, which equals 8 GB
in total. But after configured these 2 partitons with RAID 1 (mirroring) the capacity is half I.e 4 GB.
This explains why we only have 4GB of space and not 8 GB.


What Happens to RAID After Reboot?

The RAID partitions are not mounted automatically after reboot.

neptune:~ # mount
/dev/sda6 on / type ext3 (rw,acl,user_xattr)
/proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
/dev/sda7 on /home type ext3 (rw,acl,user_xattr)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
securityfs on /sys/kernel/security type securityfs (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)

The fdisk copmmand however shows the RAID partitions and you have to manually mount it. Before
that , type the following command to see the RAID details.

neptune:~ # mdadm /dev/md0
/dev/md0: 3.100GiB raid1 2 devices, 0 spares. Use mdadm --detail for more detail.

A much better command is to use the argument –detail to the command.

neptune:~ # mdadm --detail /dev/md0
/dev/md0:
     Version : 0.90
 Creation Time : Tue Apr 14 09:49:06 2009
   Raid Level : raid1
   Array Size : 4192896 (4.00 GiB 4.29 GB)
 Used Dev Size : 4192896 (4.00 GiB 4.29 GB)
  Raid Devices : 2
 Total Devices : 2
Preferred Minor : 0
   Persistence : Superblock is persistent

 Update Time : Wed Apr 22 12:31:31 2009
      State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
 Spare Devices : 0

      UUID : 29452c4e:71deeb27:d2c12575:8954d9e1
     Events : 0.8

  Number Major Minor RaidDevice State
   0   8    2   0   active sync /dev/sda2
   1   8    3   1   active sync /dev/sda3

Let's mount the RAID

neptune:~ # mount /dev/md0 /mnt
And check the available disk free space.

neptune:~ # df -h
Filesystem         Size Used Avail Use% Mounted on
/dev/sda6         7.7G 3.1G 4.3G 43% /
udev            247M 204K 247M 1% /dev
/dev/sda7          12G 169M 11G 2% /home
/dev/md0          4.0G 73M 3.7G 2% /mnt


Querying RAID
To view the status of all RAID arrays on your system, type:

neptune:~ # cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sda2[0] sda3[1]
   4192896 blocks [2/2] [UU]

unused devices: <none

The personalities line tells you what RAID levels the kernel supports. In this example, you see 1 array,
md0 and it is active. You can also find out the size of the RAID. 2/2 means two of two devices are in
use, and UU means two up devices.

To get the more detailed information for each array, type:
neptune:~ # mdadm --detail /dev/md0
/dev/md0:
     Version : 0.90
 Creation Time : Tue Apr 14 09:49:06 2009
   Raid Level : raid1
   Array Size : 4192896 (4.00 GiB 4.29 GB)
 Used Dev Size : 4192896 (4.00 GiB 4.29 GB)
  Raid Devices : 2
 Total Devices : 2
Preferred Minor : 0
   Persistence : Superblock is persistent
  Update Time : Wed Apr 22 14:40:24 2009
      State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
 Spare Devices : 0

      UUID : 29452c4e:71deeb27:d2c12575:8954d9e1
     Events : 0.8

  Number Major Minor RaidDevice State
   0   8    2   0   active sync /dev/sda2
   1   8    3   1   active sync /dev/sda3

You can also use wildcards like:

neptune:~ # mdadm --examine /dev/sda*
mdadm: No md superblock detected on /dev/sda.
mdadm: No md superblock detected on /dev/sda1.
/dev/sda2:
      Magic : a92b4efc
     Version : 0.90.00
       UUID : 29452c4e:71deeb27:d2c12575:8954d9e1
 Creation Time : Tue Apr 14 09:49:06 2009
   Raid Level : raid1
 Used Dev Size : 4192896 (4.00 GiB 4.29 GB)
   Array Size : 4192896 (4.00 GiB 4.29 GB)
  Raid Devices : 2
 Total Devices : 2
Preferred Minor : 0

  Update Time : Fri Apr 24 10:02:25 2009
      State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
 Spare Devices : 0
    Checksum : 347a6a34 - correct
     Events : 8


    Number Major Minor RaidDevice State
this 0    8    2   0   active sync /dev/sda2

  0 0      8     2     0    active sync /dev/sda2
  1 1      8     3     1    active sync /dev/sda3
/dev/sda3:
      Magic : a92b4efc
     Version : 0.90.00
       UUID : 29452c4e:71deeb27:d2c12575:8954d9e1
 Creation Time : Tue Apr 14 09:49:06 2009
   Raid Level : raid1
 Used Dev Size : 4192896 (4.00 GiB 4.29 GB)
   Array Size : 4192896 (4.00 GiB 4.29 GB)
  Raid Devices : 2
 Total Devices : 2
Preferred Minor : 0

  Update Time : Fri Apr 24 10:02:25 2009
      State : clean
Active Devices : 2
Working Devices : 2
Failed Devices : 0
 Spare Devices : 0
    Checksum : 347a6a37 - correct
     Events : 8


    Number Major Minor RaidDevice State
this 1    8    3   1   active sync /dev/sda3

 0 0     8     2     0   active sync /dev/sda2
 1 1     8     3     1   active sync /dev/sda3
mdadm: No md superblock detected on /dev/sda4.
mdadm: No md superblock detected on /dev/sda5.
mdadm: No md superblock detected on /dev/sda6.
mdadm: No md superblock detected on /dev/sda7


Monitoring RAID

You can configure mdadm to sent you email an active disk fails or when It detects a degaraded array.
Degraded means a new array that has not yet been populated with all of its disks, or an array with a
failed disk:

But first, you must make sure that the mdadmd (mdadm's daemon) is runnung. Simply type:

neptune:/etc/init.d # ps -ef|grep mdadmd
root   5658 5531 0 10:07 pts/1 00:00:00 grep mdadmd

This shows that the mdadmd daemon is not running. TO run it, type:

neptune:~ # cd /etc/init.d/
neptune:/etc/init.d # ./mdadmd start
Starting mdadmd                                                 done
Now let's type the command which will monitor your RAID and will notify you via email if there is
problem with your RAID.

neptune:~ # mdadm --monitor --scan --mail=root@linux.local --delay=60 /dev/md0


Removing Software RAID Configuration
To remove a device from an array you must fail the device:

neptune:~ # mdadm /dev/md0 --fail /dev/sda3
mdadm: set /dev/sda3 faulty in /dev/md0

You can then check your mail if the system alert you of the RAID failure

neptune:~ # mailx
Heirloom mailx version 12.2 01/07/07. Type ? for help.
"/var/spool/mail/root": 3 messages 3 new
>N 1 root@linux.local Fri Apr 24 10:31 29/845 Fail event on /dev/md0:neptune
 N 2 root@linux.local Fri Apr 24 10:31 29/851 Fail event on /dev/md0:neptune
 N 3 root@linux.local Fri Apr 24 10:31 29/851 Fail event on /dev/md0:neptune

Yes, the email notification works.

The contents of the email is recorded as follow:

From root@linux.local Fri Apr 24 10:31:01 2009
X-Original-To: root@linux.local
Delivered-To: root@linux.local
From: mdadm monitoring <root@linux.local>
To: root@linux.local
Subject: Fail event on /dev/md0:neptune
Date: Fri, 24 Apr 2009 10:31:01 +0800 (SGT)

This is an automatically generated mail message from mdadm
running on neptune

A Fail event had been detected on md device /dev/md0.

It could be related to component device /dev/sda3.

Faithfully yours, etc.

P.S. The /proc/mdstat file currently contains the following:

Personalities : [raid1]
md0 : active raid1 sda2[0] sda3[1](F)
   4192896 blocks [2/1] [U_]
unused devices: <none>

The email informed that /dev/sda3 has failed.

Note
To wipe out everything out and start over, you have to zero out the superblock on each device or it will
continue to think it belongs to a RAID array.

neptune:~ # mdadm --zero-superblock /dev/sda3


You can still access the mounted RAID on /mnt and read the file contents.
neptune:~ # cd /mnt
neptune:/mnt # ls
lost+found test.txt

neptune:/mnt # cat test.txt
Howdy, RAID ;)
I am back from ICT

Now let's edit the file test.txt and see if we can restore the file content after we fixed the disk problem.

The test.txt now reads as follow:

neptune:/mnt # cat test.txt
Howdy, RAID ;)
I am back from ICT
I am now testing failure of one of the disk and writing to RAID

Now unmount the /mnt before we stop the RAID.

neptune:~ # umount /mnt

Stopping the RAID.

neptune:~ # mdadm --stop /dev/md0
mdadm: stopped /dev/md0

Next to read one of the disk partition of the RAID:

neptune:~ # mount -t ext3 -o ro /dev/sda2 /mnt

Next, open the file test.txt to see if the newly appended line is included.

neptune:~ # cat /mnt/test.txt
Howdy, RAID ;)
I am back from ICT
I am now testing failure of one of the disk and writing to RAID.
Yes, it is added. Now let's unmount /mnt and then mount /dev/sda3 to see if the file is updated even
after we mark the partition as fail.

Firstly, start the RAID:

neptune:~ # mdadm -A /dev/md0
mdadm: /dev/md/0 has been started with 1 drive (out of 2).

Check the status of the RAID:
md0 : active raid1 sda2[0]
   4192896 blocks [2/1] [U_]

unused devices: <none>

It shows that the RAID has only one disk.

Next add the disk, /dev/sda3

neptune:~ # mdadm /dev/md0 --add /dev/sda3
mdadm: re-added /dev/sda3

This will take some time to rebuild, just when you create a new array.

To see the RAID being rebuilt, type:

neptune:~ # cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sda3[2] sda2[0]
   4192896 blocks [2/1] [U_]
   [==>..................] recovery = 14.9% (625984/4192896) finish=6.4min speed=9180K/sec

unused devices: <none>

neptune:~ # cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sda3[2] sda2[0]
   4192896 blocks [2/1] [U_]
   [================>....] recovery = 83.8% (3517568/4192896) finish=1.0min
speed=10740K/sec

So the RAID was finally rebuilt.

neptune:~ # cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sda3[1] sda2[0]
   4192896 blocks [2/2] [UU]

Now let's check the disk partitions /dev/sda2 and /dev/sda3 and see if the test.txt file is update.
Let's just check on the /dev/sda3 partitions

neptune:~ # umount /mnt
neptune:~ # mount -t ext3 -o ro /dev/sda3 /mnt
neptune:~ # cat /mnt/test.txt
Howdy, RAID ;)
I am back from ICT

From the output above, we can conclude that the failed disk will not have its file test.txt updated.

So now let's restore the disk partition and see if the file in /dev/sda3 will be updated.

You have to stop the RAID.

neptune:~ # mdadm --stop /dev/md0
mdadm: stopped /dev/md0

neptune:~ # mount -t ext3 -o ro /dev/sda3 /mnt
neptune:~ # cat /mnt/test.txt
Howdy, RAID ;)
I am back from ICT
I am now testing failure of one of the disk and writing to RAID.

Yes, the contents of the file are updated after the disk (/dev/sda3) was rebuilt.


Connecting to the Internet
The easiest way to connect to the Internet is to use YaST2. Launch YaST2 by clicking the Applications
Launcher-->Computer-->YaST2. In YaST2, click on the Network Devices and click Network settings.
If you are connecting via your Ethernet cable to your router, in the Overview tab, select the name of
your Network card. In my case, it is called RTL 8139. Make sure you select DHCP and click OK.

Once you have configured the network settings, you can launch any web browser to surf the Internet. I
also type the following command to see the IP address settings.

neptune:~ # ifconfig eth0
eth0    Link encap:Ethernet HWaddr 00:E0:7D:A1:06:D7
      inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
      inet6 addr: fe80::2e0:7dff:fea1:6d7/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:8382 errors:0 dropped:0 overruns:0 frame:0
      TX packets:5914 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:11290264 (10.7 Mb) TX bytes:491034 (479.5 Kb)
      Interrupt:11 Base address:0x4000

Let's also take a look at the routing table.
neptune:~ # ip route show
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth0

The above routing table says that the ip address of the computer is 192.168.1.100. The network ID is
192.168.1.0 and the subnet mask is /24 i.e. 255.255.255.0. The default gateway is 192.168.1.1. If you
look carefully you will see the ip address 169.254.0.0/16. This is set by the avahi process and it is set
by default. There are some reports that this ip address setting is a bu and may cause some commercial
applications to fail or operate normally. But most Linux users found that it does not interfere with their
applications. You may also disable the avahi process so that the ip address will not be set.

Note
The Avahi daemon is present as default and wiill automatically discovers network resources and get
connected to it .

Avahi functions:

Assign an IP address automatically even without the presence of a DHCP server.

Act as DNS (each machine is accessible by the name nameMachine.local).

Publish services and facilitates access to these services (the local network machines are warned of the
pening and closing up a service, facilitating the sharing of files, printers, etc..

Avahi is an implementation of Zeroconf protocol compatible with Apple services.

Constraints when using Avahi :

It use some memory (about 248 kb).

It opens 2 network ports (UDP 32768 and 5353).

It has been reported in some cases to decrease network performance.


Disbabling the avahi-daemon in Ubuntu:


If there is no use for Avahi and you want to disable,
even if you uncheck in the list of services System Menu /Administration/ Services, it will continue to
start!

To disable it, you must edit the file /etc/default/ avahi-daemon as root:
sudo gedit /etc/default/avahi-daemon

Change the line: AVAHI_DAEMON_START = 1
to: AVAHI_DAEMON_START = 0
Reboot your system and the problem should be solve.
Note that:
The command sudo update-rc.d-f avahi-daemon remove is not enough to disable the Avahi.


If you want to check if avahi daemon is running, type:


neptune:/etc/init.d # ps -ef|grep avahi
avahi    3226     1 0 08:32 ?       00:00:00 avahi-daemon: registering [neptune.local]
The avahi daemon is started by the init scripts at:
neptune:/etc/init.d # cd /etc/init.d/


To check the status, you may also run:


neptune:/etc/init.d # ./avahi-daemon status
Checking for Avahi daemon:                                             running


To stop the avahi daemon type:
neptune:/etc/init.d # ./avahi-daemon stop
Shutting down Avahi daemon                                              done


Then restart the network service by typing:


neptune:/etc/init.d # ./network stop
Shutting down network interfaces:
  eth0     device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)           done
  usb0      name: GL620USB GeneLink USB-USB Bridge                                   done
  wlan0     name: 54M.USB.......                                      done
Shutting down service network . . . . . . . . .                         done


Check the routing table. You will see that the all routing have been dropped.
neptune:/etc/init.d # ip route show
127.0.0.0/8 dev lo scope link


Start the network service again.
neptune:/etc/init.d # ./network start
Hint: you may set mandatory devices in /etc/sysconfig/network/config
Setting up network interfaces:
  eth0     device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
  eth0     Starting DHCP4 client.
  eth0     IP address: 192.168.1.100/24                                  done
  usb0     name: GL620USB GeneLink USB-USB Bridge
  usb0     Starting DHCP4 client. . . . . . . .
  usb0     DHCP4 continues in background                                     waiting
  wlan0     name: 54M.USB.......
command 'iwconfig wlan0 nick neptune' returned
Error for wireless request "Set Nickname" (8B1C) :
  SET failed on device wlan0 ; Operation not supported.
  wlan0     Starting DHCP4 client. . .
  wlan0     IP address: 192.168.1.101/24                                  done
Setting up service network . . . . . . . . . .                        done
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: using default zone 'ext' for interface eth0
SuSEfirewall2: using default zone 'ext' for interface wlan0
SuSEfirewall2: using default zone 'ext' for interface wmaster0
SuSEfirewall2: batch committing...
SuSEfirewall2: Firewall rules successfully set


Now the easiest way to check if your network settings are working is to surf the Internet
Yes, I can surf the Net, but the avahi daemon is still running after you restart the network service.


You can disable the avahi daemon using YaST2 i.e. YaST2-->System-->System Services
Alternatively you may want to check run level will the avahi daemon be set to run by t yping:


neptune:/etc/default # chkconfig --list | grep avahi
avahi-daemon            0:off 1:off 2:off 3:on 4:off 5:on 6:off
avahi-dnsconfd          0:off 1:off 2:off 3:off 4:off 5:off 6:off
The output shows two avahi daemons but we are interested with the first line. This shows that the avahi
daemon is started at run level 3 and 5.
The avahi daemon configuration file is located at:


neptune:/etc/avahi # more avahi-daemon.conf | grep -v "^#"
[server]
use-ipv4=yes
use-ipv6=no
[wide-area]
enable-wide-area=yes
[publish]
[reflector]


[rlimits]
rlimit-core=0
rlimit-data=4194304
rlimit-fsize=0
rlimit-nofile=300
rlimit-stack=4194304
rlimit-nproc=3



neptune:/etc/init.d # ip route show
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.100
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.101
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth0


If you want to know where are the network settings is set, it is located at /etc/sysconfig/network/ ifcfg-
eth0. Take a look at the file and you may notice that it is simple to configure. Simply put dhcp for the
BOOTPROTO value.

neptune:/etc/sysconfig/network # more ifcfg-eth0
BOOTPROTO='dhcp'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR=''
MTU=''
NAME='RTL-8139/8139C/8139C+'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no

Configuring Networking in OpenSUSE

To view the networking configuration of your Linux box, you can type:

neptune:~ # ifconfig
eth0    Link encap:Ethernet HWaddr 00:E0:7D:A1:06:D7
      inet6 addr: fe80::2e0:7dff:fea1:6d7/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:399 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:0 (0.0 b) TX bytes:134370 (131.2 Kb)
      Interrupt:11

lo       Link encap:Local Loopback
        inet addr:127.0.0.1 Mask:255.0.0.0
        inet6 addr: ::1/128 Scope:Host
        UP LOOPBACK RUNNING MTU:16436 Metric:1
        RX packets:160 errors:0 dropped:0 overruns:0 frame:0
        TX packets:160 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:0
        RX bytes:10432 (10.1 Kb) TX bytes:10432 (10.1 Kb)

usb0      Link encap:Ethernet HWaddr 06:BA:F8:10:97:DF
        inet6 addr: fe80::4ba:f8ff:fe10:97df/64 Scope:Link
        UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
        RX packets:0 errors:0 dropped:0 overruns:0 frame:0
        TX packets:1 errors:388 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:1000
        RX bytes:0 (0.0 b) TX bytes:98 (98.0 b)

wlan0      Link encap:Ethernet HWaddr 00:19:E0:18:6F:D8
        UP BROADCAST MULTICAST MTU:1500 Metric:1
        RX packets:0 errors:0 dropped:0 overruns:0 frame:0
        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
        collisions:0 txqueuelen:1000
        RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

wmaster0 Link encap:UNSPEC HWaddr 00-19-E0-18-6F-D8-00-00-00-00-00-00-00-00-00-00
       UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
       RX packets:0 errors:0 dropped:0 overruns:0 frame:0
       TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

This will give all the network interfaces of your terminal. Let's say you just want to display the LAN
configuration of your LAN card e.g eth0, you would type:


eth0     Link encap:Ethernet HWaddr 00:E0:7D:A1:06:D7
       inet6 addr: fe80::2e0:7dff:fea1:6d7/64 Scope:Link
       UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
       RX packets:0 errors:0 dropped:0 overruns:0 frame:0
       TX packets:456 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:0 (0.0 b) TX bytes:153864 (150.2 Kb)
       Interrupt:11

From this output, eth0 does not have an IP address configured. This is because it is configured to use
dhcp. To check the configuration of eth0 you will need to go to the following file:

neptune: cd /etc/sysconfig/network

neptune:/etc/sysconfig/network # more ifcfg-eth0
BOOTPROTO='dhcp'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR=''
MTU=''
NAME='RTL-8139/8139C/8139C+'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'

This confirms that the LAN car uses dhcp to obtain its IP address.

Now let's configure a static IP address for this LAN card. You can use two methods, namely the GUI
method via the YaST2, and by using the command line. Let's configure the LAN setting using the
YaST2 and then we will explore the command line.


Configuring Network via YaST2

Launch YaST2 and go to Network Devices → Network Settings. Select the LAN card , in my case it is
RTL8139 . Click the Edit button and select Statically assigned IP radio button. In my case, I assigned
the IP address 172.16.0.3 and subnet mask 255.255.0.0. Save and exit

I typed ifconfig to verify the newly configured IP address but the LAN card was still not configured but
the /etc/sysconfig/network/ifcfg-eth0 file stated the new IP address.

neptune:/etc/sysconfig/network # more ifcfg-eth0
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='172.16.0.3/16'
MTU=''
NAME='RTL-8139/8139C/8139C+'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='off'
USERCONTROL='no'

So I still need to restart the network services

neptune:/etc/sysconfig/network # service network restart
Shutting down network interfaces:
  eth0     device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)            done
  usb0     name: GL620USB GeneLink USB-USB Bridge                                 done
  wlan0 name: 54M.USB.......                                         done
Shutting down service network . . . . . . . . .                       done
Setting up network interfaces:
  eth0     device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
  eth0     Startmode is 'off'                                  skipped
  usb0     name: GL620USB GeneLink USB-USB Bridge
  usb0     Starting DHCP4 client. . . . . . . .
  usb0     DHCP4 continues in background                                  waiting
  wlan0 name: 54M.USB.......
command 'iwconfig wlan0 nick neptune' returned
 Error for wireless request "Set Nickname" (8B1C) :
  SET failed on device wlan0 ; Operation not supported.
  wlan0 Starting DHCP4 client.
  wlan0 IP address: 192.168.1.101/24                                   done
Setting up service network . . . . . . . . . .                     done
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: using default zone 'ext' for interface eth0
SuSEfirewall2: using default zone 'ext' for interface wlan0
SuSEfirewall2: using default zone 'ext' for interface wmaster0
SuSEfirewall2: batch committing...
SuSEfirewall2: Firewall rules successfully set

But when I checked ifconfig, the static IP address was still not set. I decided to go back to YaST2 and
found on the General tab of the eth0 settings that yo u need to click on the manually started radio
button.
After I have save and exit, he ifconfig eth0 ciommand still did not reflect the IP address. So I decided
to bring up the eth0 interface with this command

neptune:/etc/sysconfig/network # ifconfig eth0 172.16.0.3 netmask 255.255.0.0 up

And now ifconfig eth0 shows that the interface has been configured correctly.

Note
I found that I am not able to set the IP address using YaST2. I have to do it via the command line.
But the /etc/sysconfig/network/ifcfg-eth0 file will be updated with the IP address that was set using
YaST2
So let's now set the IP address by typing:
neptune:/etc/sysconfig/network # ifconfig eth0 172.16.0.3 netmask 255.255.0.0 up
The ifconfig command will reflect the new IP address.
neptune:/etc/sysconfig/network # ifconfig eth0
eth0     Link encap:Ethernet HWaddr 00:E0:7D:A1:06:D7
       inet addr:172.16.0.3 Bcast:172.16.255.255 Mask:255.255.0.0
       inet6 addr: fe80::2e0:7dff:fea1:6d7/64 Scope:Link
       UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
       RX packets:7 errors:0 dropped:0 overruns:0 frame:0
       TX packets:840 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:610 (610.0 b) TX bytes:277072 (270.5 Kb)
       Interrupt:11


But the /etc/sysconfig/network/ifcfg-eth0 file will no be updated
neptune:/etc/sysconfig/network # more ifcfg-eth0
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='172.16.0.4/16'
MTU=''
NAME='RTL-8139/8139C/8139C+'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='manual'
USERCONTROL='no'
Restarting the network service, will not update the /etc/sysconfig/network/ifcfg-eth0 file or the ifconfig.
This is because the command that we use is to set IP address on the fly.



Networking Configuration via YaST2 Solved
I soon realized that if you want to set IP address via YaST2, you will need to select the on boot radio
button at the General button. (The manually button as discussed earlier doesn't help).



Configuring Networking via the Network Configuration File
The configuration file is /etc/sysconfig/network/ifcfg-eth0 .
Edit this file and in my case I will set the IP address with 172.16.0.5
neptune:/etc/sysconfig/network # vi ifcfg-eth0
BOOTPROTO='static'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR='172.16.0.5/16'
MTU=''
NAME='RTL-8139/8139C/8139C+'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'


Save and quit. Then you must restart the network services.


neptune:/etc/sysconfig/network # service network restart
Shutting down network interfaces:
  eth0    device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)               done
  usb0     name: GL620USB GeneLink USB-USB Bridge                                     done
  wlan0     name: 54M.USB.......                                          done
Shutting down service network . . . . . . . . .                            done
Hint: you may set mandatory devices in /etc/sysconfig/network/config
Setting up network interfaces:
  eth0     device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
  eth0     IP address: 172.16.0.5/16                                   done
  usb0     name: GL620USB GeneLink USB-USB Bridge
  usb0     Starting DHCP4 client. . . . . . . .
  usb0     DHCP4 continues in background                                      waiting
  wlan0     name: 54M.USB.......
command 'iwconfig wlan0 nick neptune' returned
Error for wireless request "Set Nickname" (8B1C) :
  SET failed on device wlan0 ; Operation not supported.
  wlan0     Starting DHCP4 client. .
  wlan0     IP address: 192.168.1.101/24                                  done
Setting up service network . . . . . . . . . .                        done
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: using default zone 'ext' for interface eth0
SuSEfirewall2: using default zone 'ext' for interface wlan0
SuSEfirewall2: using default zone 'ext' for interface wmaster0
SuSEfirewall2: batch committing...
SuSEfirewall2: Firewall rules successfully set


If you notice the output shows that the IP address for the eth0 interface has been set.


Ifconfig command will also verify the IP address.


neptune:/etc/sysconfig/network # ifconfig eth0
eth0     Link encap:Ethernet HWaddr 00:E0:7D:A1:06:D7
       inet addr:172.16.0.5 Bcast:172.16.255.255 Mask:255.255.0.0
       inet6 addr: fe80::2e0:7dff:fea1:6d7/64 Scope:Link
       UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
       RX packets:15 errors:0 dropped:0 overruns:0 frame:0
       TX packets:863 errors:0 dropped:0 overruns:0 carrier:0
       collisions:0 txqueuelen:1000
       RX bytes:1204 (1.1 Kb) TX bytes:278890 (272.3 Kb)
        Interrupt:11



Testing the Network Connections
You can test the network settings by pinging to another host.
neptune:/etc/sysconfig/network # ping -c 3 172.16.0.2
PING 172.16.0.2 (172.16.0.2) 56(84) bytes of data.
64 bytes from 172.16.0.2: icmp_seq=1 ttl=64 time=4.14 ms
64 bytes from 172.16.0.2: icmp_seq=2 ttl=64 time=0.328 ms
64 bytes from 172.16.0.2: icmp_seq=3 ttl=64 time=0.338 ms
--- 172.16.0.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2010ms
rtt min/avg/max/mdev = 0.328/1.602/4.141/1.795 ms



Connecting to the Internet via Wireless
Thees is no configuration needed to connect to the Internet wirelessly using USB stciks. The
commands worth noting are:

neptune:/etc/sysconfig/network # iwconfig
lo    no wireless extensions.

usb0      no wireless extensions.

wmaster0 no wireless extensions.

wlan0      IEEE 802.11bg ESSID:"gateway1"
        Mode:Managed Frequency:2.462 GHz Access Point: 00:1E:10:09:8D:58
        Bit Rate=18 Mb/s Tx-Power=15 dBm
        Retry min limit:7 RTS thr:off Fragment thr=2352 B
        Encryption key:676F-7469-74 Security mode:open
        Power Management:off
        Link Quality=47/100 Signal level:-82 dBm
        Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
        Tx excessive retries:0 Invalid misc:0 Missed beacon:0

eth0    no wireless extensions.
neptune:/etc/sysconfig/network # ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 00:19:E0:18:6F:D8
      inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
      inet6 addr: fe80::219:e0ff:fe18:6fd8/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:2782 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1334 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1092368 (1.0 Mb) TX bytes:175175 (171.0 Kb)

neptune:/etc/sysconfig/network # more ifcfg-wlan0
BOOTPROTO='dhcp'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR=''
MTU=''
NAME='54M.USB.......'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='hotplug'
USERCONTROL='no'
WIRELESS_AP=''
WIRELESS_AUTH_MODE='open'
WIRELESS_BITRATE='auto'
WIRELESS_CA_CERT=''
WIRELESS_CHANNEL=''
WIRELESS_CLIENT_CERT=''
WIRELESS_CLIENT_KEY=''
WIRELESS_CLIENT_KEY_PASSWORD=''
WIRELESS_DEFAULT_KEY='0'
WIRELESS_EAP_AUTH=''
WIRELESS_EAP_MODE=''
WIRELESS_ESSID='gateway1'
WIRELESS_FREQUENCY=''
WIRELESS_KEY=''
WIRELESS_KEY_0='s:secretpassword'
WIRELESS_KEY_1=''
WIRELESS_KEY_2=''
WIRELESS_KEY_3=''
WIRELESS_KEY_LENGTH='128'
WIRELESS_MODE='Managed'
WIRELESS_NICK=''
WIRELESS_NWID=''
WIRELESS_PEAP_VERSION=''
WIRELESS_POWER='yes'
WIRELESS_WPA_ANONID=''
WIRELESS_WPA_IDENTITY=''
WIRELESS_WPA_PASSWORD=''
WIRELESS_WPA_PSK=''
PREFIXLEN='24'

The password is also stated here. So be careful.

As for the YaST2 configuration, make sure that you select 'On Hotplug' for the Activate Device field in
the General tab for the wlan0 interface.

The routing table is shown below:

neptune:/etc/sysconfig/network # ip route show
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.101
169.254.0.0/16 dev eth0 scope link
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.0.3
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev wlan0

The first line shows that the wireless USB stick has the IP address 192.168.1.101
The second line related to the avahi-daemon that set the eth0 address to 192.254.0.0..But you should
not worry as this IP address would not be use as the metric size is 1000.
The third line shows the IP address for the eth0 interface and this IP will be use instead of he one on the
second line
The fourth line is the lo interface IP address or also known as the loopback address. .
The last line is the default IP address for the wlan0 interface which pointing to the modem router's IP
address 192.168.1.1



Configuring DHCP server
Before you can configure a DHCP server, you need to install the DHCP server package. In Open SUSE
launch the Software Management and search for dhcp. Make sure you select the dhcpd components and
click install.

The DHCP server configuration file is /etc/dhcpd.conf. In case you do not have the configuration file,
you can copy a sample from either one of the following samples:

/usr/share/sblim-testsuite/dhcpd.conf
/usr/share/doc/packages/dhcp-server/dhcpd.conf

Copy the sample file to the /etc directory and rename it as dhcpd.conf

My DHCP server configuration file:

neptune:/etc # more dhcpd.conf

# This is a very basic subnet declaration.
subnet 172.16.0.0 netmask 255.255.0.0 {
 range 172.16.0.3 172.16.0.10;

host mars {
  hardware ethernet 00:01:02:7E:C3:FD;
  fixed-address 172.16.0.9;
}
}

Let me explain what the configuration file means:

The range of IP address from 172.16.0.3 – 172.16.0.10 will be assigned by the server to requesting
clients.
And if the machine with the hardware MAC address of 00:01:02:7E:C3:FD requests an IP address
always give it 172.16.0.9.



Starting the DHCP service

You can check if DHCP is started at boot time by typing:

neptune:~ # chkconfig --list | grep dhcpd
dhcpd             0:off 1:off 2:off 3:off 4:off 5:off 6:off

In OpenSUSE, there are other DHCP services:

neptune:~ # chkconfig --list | grep dhcp
dhcp6r            0:off 1:off 2:off 3:off 4:off 5:off 6:off
dhcp6s            0:off 1:off 2:off 3:off 4:off 5:off 6:off
dhcpd             0:off 1:off 2:off 3:off 4:off 5:off 6:off

Some older versions of DHCP will fail unless there is an existing dhcp.leases file. Use the following
command to create the sile:

#touch /var/lib/dhcp/dhcpd.leases

To start DHCP server to start at boot time, type:

neptune:~ # chkconfig dhcpd on

But I would like to start it manually.Hence I use the service command to start/stop/restart DHCP after
booting

neptune:~ # service dhcpd start

neptune:~ # service dhcpd stop

neptune:~ # service dhcpd restart

You can also start the DHCP server services by the init scripts:

neptune:~ # /etc/init.d/./dhcpd start



Configuring DHCP clients

On your DHCP client, in my case a Ubuntu host, the network configuration file is at
/etc/network/interfaces.
The contents of the file is

iface lo inet auto

iface eth0 inet dhcp

auto eth0

After you have restarted the network services on your DHCP client, you can type ifconfig eth0 to see
what IP address is assigned to your host.

On my DHCP client, the IP address 172.16.0.9 is assigned to it. This is because I have explicitly stated
in the dhcp configuration file in the DHCP server to assigned the particular IP address that corresponds
to the MAC address.



Connecting OpenSUSE to the Internet Using Wired Connections to the
   Router
My host's LAN interface, eth0 was previously configured to use DHCP, and thus I had to make minor
changes to the network settings. You can do so by GUI method (via YaST2) or through the command
line method. I will first discuss the command line method.

Go to the directory, /etc/sysconfig/network and edit the ifcfg-eth0 file. Make sure your LAN interface
uses DHCP.

neptune:/etc/sysconfig/network # vi ifcfg-eth0
BOOTPROTO='dhcp'
BROADCAST=''
ETHTOOL_OPTIONS=''
IPADDR=''
MTU=''
NAME='RTL-8139/8139C/8139C+'
NETMASK=''
NETWORK=''
REMOTE_IPADDR=''
STARTMODE='auto'
USERCONTROL='no'

Save and exit. You will have to restart the network service:

neptune:/etc/sysconfig/network # service network restart
Shutting down network interfaces:
  eth0     device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)           done
  usb0     name: GL620USB GeneLink USB-USB Bridge                             done
Shutting down service network . . . . . . . . .                      done
Hint: you may set mandatory devices in /etc/sysconfig/network/config
Setting up network interfaces:
  eth0     device: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)
  eth0     Starting DHCP4+DHCP6 client. . . . . . . .
  eth0     IP address: 192.168.1.101/24
  eth0     DHCP6 continues in background                                waiting
  usb0      name: GL620USB GeneLink USB-USB Bridge
  usb0      Starting DHCP4+DHCP6 client. . . . . . . .
  usb0      DHCP4 continues in background
  usb0      DHCP6 continues in background                               waiting
Setting up service network . . . . . . . . . .                     done
SuSEfirewall2: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
SuSEfirewall2: using default zone 'ext' for interface eth0
SuSEfirewall2: batch committing...
SuSEfirewall2: Firewall rules successfully set

Check that your host now has an IP address assigned to its eth0 interface:

neptune:/etc/sysconfig/network # ifconfig eth0
eth0    Link encap:Ethernet HWaddr 00:E0:7D:A1:06:D7
      inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
      inet6 addr: fe80::2e0:7dff:fea1:6d7/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
      RX packets:11 errors:0 dropped:0 overruns:0 frame:0
      TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:2387 (2.3 Kb) TX bytes:3282 (3.2 Kb)
      Interrupt:11 Base address:0xe000

Yes, an IP address is assigned to the eth0 interface, and now you can test the network connection by
launching your Web browser to surf the Net.

And it works perfectly.




Exploring SSH in OpenSUSE
To deploy OpenSUSE as a SSH server, you first need to install the ssh server package, sshd. Simply
use YaST2 to install the package and after that you can check that it is install by typing:

neptune:~ # which sshd
/usr/sbin/sshd

neptune:~ # rpm -qa | grep ssh
openssh-5.1p1-40.15
openssh-askpass-5.1p1-40.15
libnsssharedhelper0-1.0.4-1.5

You can also check at which runlevels is ssh configured to run.
neptune:# chkconfig --list| grep sshd
sshd                0:off 1:off 2:off 3:on 4:off 5:on 6:off


To set ssh to start upon boot up type:
neptune:~ # chkconfig sshd on


To start the ssh server daemon sshd, you will need to go to the /etc/init.d directory and look for the sshd
script


neptune:~ # cd /etc/init.d/
neptune:/etc/init.d # ./sshd
Usage: ./sshd {start|stop|status|try-restart|restart|force-reload|reload|probe}


Start the sshd service
neptune:/etc/init.d # ./sshd start


Check that sshd is running
neptune:/etc/init.d # ps -ef|grep sshd
root    5425     1 0 08:35 ?         00:00:00 /usr/sbin/sshd -o PidFile=/var/run/sshd.init.pid

Notes
In OpenSUSE, the ssh server service is blocked by default. To allow for ssh connections to the
OpenSUSE host, you need to configure the Firewall via YaST2. In the Firewall Configuration Startup
menu, click on the “Allowed services” and select the services that you want to allow, e.g in my case I
have added the ssh and vsftp services.


FTP in OpenSUSE

In this section, I have installed vsftpd, a ftp server on the OpenSUSE host. After installing, check that
the ftp service is running.

neptune:~ # ps -ef|grep ftp

root    5949 4511 0 14:25 pts/2         00:00:00 grep ftp


If it is not running, start it by typing:

neptune:~ # cd /etc/init.d/
neptune:/etc/init.d # ./vsftpd start

Starting vsftpd                                                                                    done


Try to ftp to the ftp server, in this case the OpenSUSE host from another Linux host. But remember
you need to configure the firewall on the OpenSUSE (via the Firewall Configuration in YaST2).
Basically you need to add the vsftpd service to the list of “Allowed Services”

root@isa-linux:~/Desktop# ftp 172.16.0.1

ftp: connect: Connection refused

ftp> bye

root@isa-linux:~/Desktop# ftp 172.16.0.1

Connected to 172.16.0.1.

220 (vsFTPd 2.0.7)

Name (172.16.0.1:root): ftp

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

200 PORT command successful. Consider using PASV.

150 Here comes the directory listing.

226 Directory send OK.
ftp> cd /home

550 Failed to change directory.


You would use the usernames ftp or anonymous to ftp into the ftp server. This is because vsftp only
allow for anonymous connections. As for the password, you simply type any characters e.g. your e-
mail username or something like that. But from the output above, it seems that I cannot list the files in
the directory or change to another directory.

If you type ls to list files on the ftp server, you will find that there is nothing there. And when you type
pwd, you are in the / directory. The / directory corresponds to the root directory of the ftp server which
is in the /srv/ftp. To demonstrate this, create a file in /srv/ftp of the ftp server.

neptune:/srv/ftp # vi testfile.txt


Type something, and save and exit

Now ftp into the ftp server from another host.

root@isa-linux:~/Desktop# ftp 172.16.0.1

Connected to 172.16.0.1.

220 "Welcome to FOOBAR FTP service."

Name (172.16.0.1:root): ftp

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> pwd

257 "/"

ftp> ls

200 PORT command successful. Consider using PASV.

150 Here comes the directory listing.

-rw-r--r--   10      0          83 May 04 06:52 testfile.txt

226 Directory send OK.

You will now be able to see the test file. Ger the file and view the logs.

ftp> lcd /root/Desktop
Local directory now /root/Desktop

ftp> get testfile.txt

local: testfile.txt remote: testfile.txt

200 PORT command successful. Consider using PASV.

150 Opening BINARY mode data connection for testfile.txt (83 bytes).

226 File send OK.

83 bytes received in 0.00 secs (399.3 kB/s)


May 4 14:55:09 neptune vsftpd: Mon May 4 14:55:09 2009 [pid 9009] [ftp] OK DOWNLOAD:
Client "172.16.0.3", "/testfile.txt", 83 bytes, 59.08Kbyte/sec


To view the ftp logs type:

neptune:#more /var/log/messages
May 4 14:39:52 neptune vsftpd: Mon May 4 14:39:52 2009 [pid 7547] CONNECT: Client
"172.16.0.3"

May 4 14:39:59 neptune vsftpd: Mon May 4 14:39:59 2009 [pid 7546] [ftp] OK LOGIN: Client
"172.16.0.3", anon password "123"


Using Telnet in OpenSUSE
OpenSUSE by default does not install the telnet server. So you have to use YaST2 to install the telnet
server. After the installation completed, type the following to check the telnet server package.

neptune:~ # rpm -qa| grep telnet

telnet-server-1.2-134.28

telnet-1.2-134.28


The lines above show the ftp server followed by the ftp client. The ftp client is installed by default in
most Linux distributions.

In this section we will set OpenSUSE as the telnet server while the Ubuntu host will be the telnet client.

In OpenSUSE, check if the telnet server service is running.

neptune:~ # chkconfig --list | grep telnet
     telnet:         off

To start the telnet server, you need to enable the telnet server service which is located in the /etc/xinet.d
directory. Edit the telnet file to look like the one below.

neptune:/etc/xinetd.d # more telnet

# default: off
# description: Telnet is the old login server which is INSECURE and should \
#      therefore not be used. Use secure shell (openssh).
#      If you need telnetd not to "keep-alives" (e.g. if it runs over a ISDN \
#      uplink), add "-n". See 'man telnetd' for more details.

service telnet

{
       socket_type        = stream
       protocol           = tcp
       wait               = no
       user               = root
       server             = /usr/sbin/in.telnetd
       disable            = no
}


The disable field value must be change to no instead of yes.

After you have save and quit the configuration file, check that the telnet server service is running by
typing:

neptune: # chkconfig --list|grep telnet

     telnet:         on


Finally, you need to add the telnet service in the Firewall Configuration via YaST2.

Now try to telnet to the OpenSUSE telnet server from the Ubuntu telnet client.

root@isa-linux:~# telnet 192.168.1.101

Trying 192.168.1.101...

telnet: Unable to connect to remote host: Connection refused


It seems like I am unable to telnet to the telnet server. Telnet is not running as reflected by netstat.
neptune:/var/log # netstat -a| grep telnet

neptune:/var/log #

Solution

You have to restart the xinetd service that is found in /etc/init.d directory.

neptune:/etc/init.d # ./xinetd

Usage: ./xinetd {start|stop|status|try-restart|restart|force-reload|reload}

neptune:/etc/init.d # ./xinetd status

Checking for service xinetd:
unused

neptune:/etc/init.d # ./xinetd start

Starting INET services. (xinetd)
done

From the logs, it is recorded as

neptune:/var/log # grep telnet messages

May 5 10:13:38 neptune xinetd[623]: Reading included configuration file: /etc/xinetd.d/telnet
[file=/etc/xinetd.d/telnet] [line=17]

Now let's check netstat

neptune:/etc/init.d # netstat -a | grep telnet

tcp     0     0 *:telnet           *:*              LISTEN

Yes, telnet service is listening Try to telnet to this telnet server from the Ubuntu host (the telnet client)

root@isa-linux:~# telnet 192.168.1.101

Trying 192.168.1.101...

Connected to 192.168.1.101.

Escape character is '^]'.

Welcome to openSUSE 11.1 - Kernel 2.6.27.7-9-pae (3).

neptune login: ismail
Password:

Last login: Tue May 5 08:34:54 SGT 2009 from console on :0

Have a lot of fun...

Directory: /home/ismail

Tue May 5 10:17:16 SGT 2009

ismail@neptune:~> pwd

/home/ismail

ismail@neptune:~> ls

bin Desktop Documents public_html

ismail@neptune:~>

Yes, the telnet works just fine.

So now let's reverse the role play, I.e. Ubuntu will now be the telnet server and OpenSUSE will be the
telnet client. With that said, you will need to install telnet server in Ubuntu.

root@isa-linux:~# apt-get install telnetd


Checking for the files related to telnetd

root@isa-linux:~# dpkg -L telnetd

/.
/usr
/usr/lib
/usr/lib/telnetlogin
<truncated for brevity>
/usr/sbin
/usr/sbin/in.telnetd
/usr/share/man/man8/telnetd.8.gz

There is no way of starting the telnet server. The in.telnetd file is a binary file. There is no /etc/xinetd.d
directory.

Solution

First you need to install the inetd super server.

root@isa-linux:/etc/init.d# apt-get install inetutils-inetd
Now restart inetd

sudo /etc/init.d/inetd restart

Check telnet is running

root@isa-linux:/etc/init.d# netstat -a | grep telnet

tcp6     0    0 [::]:telnet        [::]:*              LISTEN

Now try to telnet from OpenSUSE (telnet client) to Ubuntu (telnet server).
neptune:/var/log # telnet 192.168.1.100

Trying 192.168.1.100...

Connected to 192.168.1.100.

Escape character is '^]'.

Ubuntu 8.04.2

isa-linux login: ismail

Password:

Linux isa-linux 2.6.24-23-generic #1 SMP Wed Apr 1 21:47:28 UTC 2009 i686

No directory, logging in with HOME=/

$

Yes, the telnet works.

Viewing the telnet server logs in /var/log/auth.log.

Below is a logging that indicates a telnet session is started for a user ismail.


May 5 10:11:53 isa-linux login[7138]: pam_unix(login:session): session opened for user ismail by
(uid=0)

Exiting the telnet session and logs recorded on the telnet server.
May 5 10:12:53 isa-linux login[7138]: pam_unix(login:session): session closed for user ismail
Exploring NFS in OpenSUSE
In this section, we are going to install NFS server on both Open SUSE and Ubuntu. But we are going to
assigned OpenSUSE as the NFS server and Ubuntu as our NFS client.

Installing NFS server in OpenSUSE
In YaST2, search for nfs and install the nfs server.
Checking the NFS server package
neptune:~ # rpm -qa| grep ssh
openssh-5.1p1-40.15
openssh-askpass-5.1p1-40.15
libnsssharedhelper0-1.0.4-1.5


The first line of the output is the SSH server.
To check at which run level the ssh server service is started, type:
neptune:~ # chkconfig --list|grep ssh
sshd                0:off 1:off 2:off 3:on 4:off 5:on 6:off


After you have successfully install the NFS server, you need to allow the NFS server and client
services via the Firewall configuration in YaST2.



Installing NFS server in Ubuntu

sudo apt-get install nfs-kernel-server nfs-common portmap

To check if the ssh server and client are installed, type:

root@isa-linux:~# dpkg -l |grep ssh

ii openssh-blacklist                  0.1-1ubuntu0.8.04.1              list of blacklisted OpenSSH RSA
and DSA keys

ii openssh-client                    1:4.7p1-8ubuntu1.2            secure shell client, an rlogin/rsh/rcp
repla

ii openssh-server                     1:4.7p1-8ubuntu1.2               secure shell server, an rshd
replacement

ii ssh-askpass-gnome                    1:4.7p1-8ubuntu1.2               interactive X program to prompt
users for a
But remember we are going to use the Ubuntu host as the NFS client only and not as NFS server.


Configuration of NFS Server on OpenSUSE
Please make sure that you have added the NFS server and client in OpenSUSE's Firewall2 in YaST2.

NFS requires two important services, namely the nfs server and the portmap service.
Now check that the NFS server service and portmap service are running

neptune:/etc # ps -ef|grep nfs

root    839 5413 0 10:54 pts/2       00:00:00 grep nfs

neptune:/etc # ps -ef|grep portmap

root    841 5413 0 10:54 pts/2       00:00:00 grep portmap


Both are not running. To start the NFS server type:

neptune:/etc # rcnfsserver start




Configure the /etc/exports
Before you edit the /etc/exports file, make a backup of it.
neptune:/etc # cp -p exports exports.bkp


Next edit the file
neptune:/etc # vi exports
/exported/opensuse     192.168.1.0/24(rw)


Save and exit the file. Take note there is no space between the clients and the options.
Make sure the directory to be exported exist. If not, create the directory, in my case:
neptune:/etc # mkdir -p /exported/opensuse


Important:
After each edit of the /etc/exports file, you need to restart the nfs server.


neptune:/etc # rcnfsserver start
Starting kernel based NFS server: idmapdexportfs: /etc/exports [1]: Neither 'subtree_check' or
'no_subtree_check' specified for export "192.168.1.0/24:/exported/opensuse".
 Assuming default behaviour ('no_subtree_check').
 NOTE: this default has changed since nfs-utils version 1.0.x
mountd statd nfsd sm-notify


You can also type:
neptune:/etc # rcnfsserver reload


Reload kernel based NFS serverexportfs: /etc/exports [1]: Neither 'subtree_check' or 'no_subtree_check'
specified for export "192.168.1.0/24:/exported/opensuse".
 Assuming default behaviour ('no_subtree_check').
 NOTE: this default has changed since nfs-utils version 1.0.x
                                                                                          done

Check Run Level of NFS
You can check the run levels of both NFS clients and server by typing:


neptune:/etc # chkconfig --list | grep nfs


nfs               0:off 1:off 2:off 3:on 4:off 5:on 6:off


nfsserver            0:off 1:off 2:off 3:off 4:off 5:off 6:off


Let's turn on NFS server
neptune:/etc # chkconfig nfsserver on


neptune:/etc # chkconfig portmap on
neptune:/etc # chkconfig --list | grep nfsserver


nfsserver            0:off 1:off 2:off 3:on 4:off 5:on 6:off
This will start the NFS server at boot time.


Checking NFS in netstat
neptune:~ # netstat -a | grep nfs


tcp      0     0 *:nfs              *:*               LISTEN


udp      0     0 *:nfs



Configuring the NFS client – Ubuntu host
In the NFS client, check the nfs client services and portmap
root@isa-linux:~# ps -ef | grep portmap


daemon       4605     1 0 08:39 ?         00:00:00 /sbin/portmap


root    7202 6341 0 11:15 pts/0           00:00:00 grep portmap


root@isa-linux:~# ps -ef| grep nfs


root    5374        2 0 08:39 ?     00:00:00 [nfsd4]
root    5375        2 0 08:39 ?     00:00:00 [nfsd]
root    5376        2 0 08:39 ?     00:00:00 [nfsd]
root    5377        2 0 08:39 ?     00:00:00 [nfsd]
root    5378        2 0 08:39 ?     00:00:00 [nfsd]
root    5379        2 0 08:39 ?     00:00:00 [nfsd]
root    5380        2 0 08:39 ?     00:00:00 [nfsd]
root    5381        2 0 08:39 ?     00:00:00 [nfsd]
root    5382        2 0 08:39 ?     00:00:00 [nfsd]
root    7204 6341 0 11:15 pts/0           00:00:00 grep nfs


The output above shows the NFS server, nfsd and the portmap server, portmap.

Mounting the NFS Share in the NFS Client


Make a copy of the /etc/fstab file before you edit it.
root@isa-linux:~# cd /etc
root@isa-linux:/etc# cp -p fstab fstab.bak


Now edit the file to include the NFS share
root@isa-linux:/etc# vi fstab
# <file system> <mount point> <type> <options>            <dump> <pass>
proc          /proc       proc defaults      0    0
# /dev/sda1
UUID=071aef6c-2227-428f-a8fd-5326f9efdae3 /                 ext3   relatime,errors=remount-ro 0      1
# /dev/sda5
UUID=c5e4151a-d1bf-4456-ba30-ab48bd208078 none                  swap   sw         0     0
/dev/scd0      /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0        0
#I added the following line to test NFS
192.168.1.101:/exported/opensuse     /mynfs nfs       user,noauto,rw        0     0


Save and exit. Make sure that the /mynfs existed on the NFS client, if not you have to create one.
Now mount the NFS share on the NFS client
root@isa-linux:/# mount -t nfs 192.168.1.101:/exported/opensuse /mynfs
If you successfully mount the NFS share, you can view it my the mount or df -k commands. In my case
I have reboot both my NFS server (OpenSUSE) and NFS client (Ubuntu)
On the NFS client
root@isa-linux:~# mount 192.168.1.101:/exported/opensuse /mynfs
root@isa-linux:~# mount
/dev/sda1 on / type ext3 (rw,relatime,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
<output truncated for clarity>
192.168.1.101:/exported/opensuse on /mynfs type nfs (rw,addr=192.168.1.101)


The last line shows that the NFS share is mounted
You can also view the disk free size of the NFS share
root@isa-linux:/mynfs# df -H


Filesystem            Size Used Avail Use% Mounted on


/dev/sda1             158G 3.5G 147G 3% /
<output truncated for brevity>
gvfs-fuse-daemon       158G 3.5G 147G 3% /root/.gvfs
192.168.1.101:/exported/opensuse         8.3G 3.8G 4.1G 49% /mynfs


You can then access the NFS share as though it is locally on your machine
root@isa-linux:~# cd /mynfs/
root@isa-linux:/mynfs# ls
nfssayshello



Configuring a DNS server in OpenSUSE
In this section we will look at setting up DNS. I will configure OpenSUSE as the DNS server while the
Ubuntu host will be the DNS client. Let's set up the DNS server first.

Setting Up the DNS Server
Firstly, check that you have the BIND package installed.

You can use YaST2 to install BIND

You can also use the chkconfig command to see if the named service is installed or configured.

neptune:~ # chkconfig --list | grep named

In this case the named daemon is not installed at all.

Another way to check or the BIND package is to run:

neptune:~ # rpm -qa | grep bind

If there is no output, it means that the BIND package is not installed. After you have installed the
BIND package via YaST2, you camn check the packages by typing:

neptune:~ # rpm -qa | grep bind
bind-doc-9.5.0P2-18.5.1
bind-libs-9.5.0P2-18.1
yast2-pkg-bindings-2.17.29-1.9
rpcbind-0.1.6+git20080930-5.2
yast2-perl-bindings-2.17.2-1.38
bind-9.5.0P2-18.5.1
bind-utils-9.5.0P2-18.1
yast2-ycp-ui-bindings-2.17.11-1.28
bind-devel-9.5.0P2-18.5.1
ypbind-1.22-1.26
bind-chrootenv-9.5.0P2-18.1

Verify using the chkconfig command to see which run level is named service configured to run.

neptune:~ # chkconfig --list | grep named
named             0:off 1:off 2:off 3:off 4:off 5:off 6:off

Let's configure the /etc/named.conf file


Configuring /etc/named.conf

Before you edit the configuration file, it is advisable to backup this file.

neptune:/etc # cp -p named.conf named.conf.bkp


zone "." in {
    type hint;
    file "root.hint";
};

zone "localhost" in {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "127.0.0.zone";
};

zone "neptune.bogus" in {
    type master;
    file neptune.zone";
};

neptune:/var/lib/named # rndc reload
server reload successful
neptune:/var/lib/named # rcnamed start
Starting name server BIND - Warning: named already running!                      done
neptune:/var/lib/named # rcnamed status
Checking for nameserver BIND
version: 9.5.0-P2
number of zones: 15
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running                                 running
neptune:/var/lib/named # dig neptune.bogus

; <<>> DiG 9.5.0-P2 <<>> neptune.bogus
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47198
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;neptune.bogus.      IN              A

;; AUTHORITY SECTION:
.           3600 IN     SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM.
20090503011800 900 604800 86400

;; Query time: 1654 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon May 4 05:33:09 2009
;; MSG SIZE rcvd: 106

Check that you have the BIND package installed
neptune:~ # rpm -qa | grep bind

bind-doc-9.5.0P2-18.5.1
bind-libs-9.5.0P2-18.1
yast2-pkg-bindings-2.17.29-1.9
rpcbind-0.1.6+git20080930-5.2
yast2-perl-bindings-2.17.2-1.38
bind-9.5.0P2-18.5.1
bind-utils-9.5.0P2-18.1
yast2-ycp-ui-bindings-2.17.11-1.28
bind-devel-9.5.0P2-18.5.1
ypbind-1.22-1.26
bind-chrootenv-9.5.0P2-18.1




Check the runlevels at which named service is started.
neptune:~ # chkconfig --list | grep named
named               0:off 1:off 2:off 3:off 4:off 5:off 6:off
You can configure DNS server to start at boot time with this command:
neptune:~ # chkconfig named on


neptune:~ # chkconfig --list | grep named


named               0:off 1:off 2:off 3:on 4:off 5:on 6:off
Check that the Firewall2 allowed DNS services. This can be done via YaST2.
You can start the DNS server by the named script found in the /etc/init.d directory
neptune:~ # cd /etc/init.d/


neptune:/etc/init.d # ls named


named


neptune:/etc/init.d # ./named


Usage: ./named {start|stop|status|try-restart|restart|force-reload|reload|probe}


neptune:/etc/init.d # ./named status


Checking for nameserver BIND
dead


In my case the nameserver BIND is stopped.
To start BIND you can use either one of the following commands.
neptune:/etc/init.d # ./named start
or
neptune:/etc/init.d # service named start


Set the IP address of the DNS server to
192.168.1.101/24
Configuring resolv.conf
You will have to make your DNS server to refer to itself for all DNS queries. Edit the /etc/resolv.conf
to look like this
nameserver 127.0.0.1

Configuring named.conf
Set up the forward zone for www.neptune.bogus by placing entries at the bottom of the named.conf
file.
zone "." in {
       type hint;
       file "root.hint";
};


zone "localhost" in {
       type master;
       file "localhost.zone";
};


zone "0.0.127.in-addr.arpa" in {
       type master;
       file "127.0.0.zone";
};


zone "neptune.bogus" in {
       type master;
       notify no;
       allow-query { any; };
       file "neptune.zone";
};

Configuring the Forward Zone File
By default your zone files are located in /var/named or /var/named/chroot/var/named. In my case which
is a OpenSUSE, it is located at /var/lib/named.
Here is what my zone file look like:
neptune:/var/lib/named # cat neptune.bogus.zone
$TTL 86400
@             IN SOA           neptune.bogus root.neptune.bogus (
                             42              ; serial (d. adams)
                             2D              ; refresh
                             4H              ; retry
                             6W              ; expiry
                             1W )            ; minimum
              IN NS          neptune.bogus
              IN A           127.0.0.1
mars          A              192.168.1.101



Configuring the Reverse Zone File
neptune:/var/lib/named # cat 192-168-1.zone
;Zone file for 192.168.1.x
$TTL 86400
@             IN SOA           ns1.neptune.bogus. hostmaster.neptune.bogus. (
                             2009050603                ; serial (d. adams)
                             2D              ; refresh
                             4H              ; retry
                             6W              ; expiry
                             1W )            ; minimum
              NS      ns1.neptune.bogus.
101    PTR    neptune.bogus.

DNS Client
The DNS client must always refer to a DNS server and the only configuration file is the /etc/resolv.conf
file. In my case the Ubuntu will be the DNS client.
Set the DNS client to have a static IP of 192.168.1.100/24 with gateway IP of 192.168.1.101



Loading Your New Configuration File
You have to restart the DNS server.
neptune:/etc # service named restart
Starting name server BIND
done


View the logs file to see there is no error
May 6 08:41:04 neptune named[9747]: starting BIND 9.5.0-P2 -t /var/lib/named -u named
May 6 08:41:04 neptune named[9747]: found 1 CPU, using 1 worker thread
May 6 08:41:04 neptune named[9747]: loading configuration from '/etc/named.conf'
May 6 08:41:04 neptune named[9747]: the working directory is not writable
May 6 08:41:04 neptune named[9747]: listening on IPv6 interfaces, port 53
May 6 08:41:04 neptune named[9747]: listening on IPv4 interface lo, 127.0.0.1#53
May 6 08:41:04 neptune named[9747]: listening on IPv4 interface lo, 127.0.0.2#53
May 6 08:41:04 neptune named[9747]: listening on IPv4 interface eth0, 192.168.1.101#53
May 6 08:41:04 neptune named[9747]: default max-cache-size (33554432) applies
May 6 08:41:04 neptune named[9747]: automatic empty zone: 0.IN-ADDR.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: 127.IN-ADDR.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: 254.169.IN-ADDR.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone:
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone:
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: D.F.IP6.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: 8.E.F.IP6.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: 9.E.F.IP6.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: A.E.F.IP6.ARPA
May 6 08:41:04 neptune named[9747]: automatic empty zone: B.E.F.IP6.ARPA
May 6 08:41:04 neptune named[9747]: default max-cache-size (33554432) applies: view _bind
May 6 08:41:04 neptune named[9747]: command channel listening on 127.0.0.1#953
May 6 08:41:04 neptune named[9747]: command channel listening on ::1#953
May 6 08:41:04 neptune named[9747]: zone 0.0.127.in-addr.arpa/IN: loaded serial 42
May 6 08:41:04 neptune named[9747]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2009050603
May 6 08:41:04 neptune named[9747]: zone neptune.bogus/IN: loaded serial 2009050604
May 6 08:41:04 neptune named[9747]: zone localhost/IN: loaded serial 42
May 6 08:41:04 neptune named[9747]: running




Querying the DNS Server
You can perform the query from a DNS client or server.
This is an example or querying DNS server ns1.neptune.bogu for the IP address of
www.neptune.bogus. (You can also replace the name server's name with its IP address)

root@isa-linux # host www.neptune.bogus ns1.neptune.bogus

;; connection timed out; no servers could be reached


The query failed as the name server ns1.neptune.bogus could not be reached. So I use the IP address of
the name server instead.

root@isa-linux:~# host www.neptune.bogus 192.168.1.101

Using domain server:

Name: 192.168.1.101

Address: 192.168.1.101#53

Aliases:

www.neptune.bogus has address 192.168.0.101

Here is an example of querying your default DNS server for the IP address of www.neptune.bogus. As
you can see, the name of the DNS server to query has been left off the end. Failure in this casecould be
due to an error on your BIND configuration or domain registration but also to an error in your DNS
client's DNS server entry in your Linux /etc/resolv.conf file.

root@isa-linux:~# host www.neptune.bogus

www.neptune.bogus has address 192.168.0.101


You can also use the dig command to detemine whether known DNS servers on the Internet have a
valid update for your zone. The format of the command is

dig domain-name name-server soa

The name server is optional. If you specify a name server, then dig queries that name server instead of
the Linux server's default name server. It is sometimes good to query both name server, as well as a
well-known name server such as ns1.yahoo.com to make sure your DNS records have propagated
properly. The dig command only works with fully qualified domain names, because it does not refer to
the /etc/resolv.conf file.

This command uses the local DNS server for the query. It returns the SOA record information and the
addresses of the domain's DNS servers in the authority section.
root@isa-linux:~# dig neptune.bogus SOA
; <<>> DiG 9.4.2-P2 <<>> neptune.bogus SOA

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4081

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:

;neptune.bogus.                   IN    SOA

;; ANSWER SECTION:

neptune.bogus.            86400   IN    SOA     ns1.neptune.bogus. hostmaster.neptune.bogus. 2009050604 172800
14400 3628800 604800

;; AUTHORITY SECTION:

neptune.bogus.            86400   IN    NS      ns1.neptune.bogus.

;; ADDITIONAL SECTION:

ns1.neptune.bogus.        86400   IN    A       192.168.0.101

;; Query time: 1 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)

;; WHEN: Wed May 6 08:29:02 2009

;; MSG SIZE rcvd: 112



Here is a successful dig using DNS server ns1.neptune.bogus for the query. AS before it returns the
SOA record for the zone.

root@isa-linux:~# dig ns1.neptune.bogus neptune.bogus SOA

; <<>> DiG 9.4.2-P2 <<>> ns1.neptune.bogus neptune.bogus SOA

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40947

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0



;; QUESTION SECTION:

;ns1.neptune.bogus.               IN    A
;; ANSWER SECTION:

ns1.neptune.bogus.      86400   IN     A     192.168.0.101



;; AUTHORITY SECTION:

neptune.bogus.          86400   IN     NS    ns1.neptune.bogus.



;; Query time: 1 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)

;; WHEN: Wed May 6 08:36:09 2009

;; MSG SIZE rcvd: 65



;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56202

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1



;; QUESTION SECTION:

;neptune.bogus.                 IN     SOA



;; ANSWER SECTION:

neptune.bogus.          86400   IN     SOA   ns1.neptune.bogus. hostmaster.neptune.bogus. 2009050604 172800
14400 3628800 604800



;; AUTHORITY SECTION:

neptune.bogus.          86400   IN     NS    ns1.neptune.bogus.



;; ADDITIONAL SECTION:

ns1.neptune.bogus.      86400   IN     A     192.168.0.101
;; Query time: 0 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)

;; WHEN: Wed May 6 08:36:09 2009

;; MSG SIZE rcvd: 112


Configuring Virtual Hosts Using Apache in OpenSUSE
Install Apache2 in YaST2. Instead of searching by the word apache, you may want to filter choice by
pattern. You may also need to allow web services in SUSEFIREWALL2.
After the installation completed, check the runlevels of Apache

neptune:~ # chkconfig --list | grep apache

apache2                 0:off 1:off 2:off 3:off 4:off 5:off 6:off

To start apache, you can do so by two methods, namely, the init script or the service commnand

neptune:/etc/apache2 # cd /etc/init.d/

neptune:/etc/init.d # ls apache2

apache2

The service command would be
neptune:/etc/init.d # ./apache2 start

Starting httpd2 (prefork) Syntax error on line 3 of /etc/apache2/conf.d/mod_security2.conf:

Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the
server configuration

The command line was:

/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf

                                                                                 failed

I tried to start apache but failed.

Let's try by the service command

neptune:/etc/init.d # service apache2 start

Starting httpd2 (prefork) Syntax error on line 3 of /etc/apache2/conf.d/mod_security2.conf:

Invalid command 'SecRuleEngine', perhaps misspelled or defined by a module not included in the
server configuration

The command line was:

/usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
                                                                                    failed
It also failed.

The solution is to edit the /etc/sysconfig/apache2 and add the string security2 at the end of the variable,
APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default
authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl
suexec userdir php5 apparmor security2"

Then restart Apache again and you will see error message again. This time you will need to create a file
/srv/www/logs/modsec_debug.log and chmod it to 755.

Restart Apache again and this time it will be started without errors.

Now launch a web browser and type localhost in the address field and the page “It works!” will be
displayed.


The Apache Configuration Files
The Apache configuration files include the following:

Global Directives which consists of /etc/apache2.uid.conf, /etc/apache2/server-tuning.conf and
/etc/apache2/listen.conf

Normally there is no need to change the global directives in listen.conf but when youdefine virtual
hosts, you have to create special directives that define what IP address or DNS name each virtual host
listens on.



Setting Up Virtual Hosts
Make directory to hold the index.html pages of the virtual hosts
neptune:/srv/www # mkdir vhosts

Create the index.html for the virtual host neptune

neptune:/srv/www/vhosts # mkdir neptune

neptune:/srv/www/vhosts # cd neptune/

neptune:/srv/www/vhosts/neptune # touch index.html

Vi some text into the index.html e.g. “Welcome to Neptune Website!”. Save and quit.
Defining the Virtual Hosts
Although the listen.conf suggested that this is the file to define virtual hosts, the modular configuration
setup on SUSE provides a directory /etc/apache2/vhosts.d to define viryual hosts. Each virtual host can
be defined by a VirtualHost section in a separate file under this directory. Any file ending with conf is
read in the main configuration. However if you use YaST2, all the virtual hosts you set up will be in
one file called /etc/apache2/vhosts.d/yast2_vhosts.conf

Creation of Virtual Hosts In YaST2
In YaST2, you can create virtual hosts but it takes several trials and errors to achieve the desired
outcome. Nevertheless it is quite easy but you have to know which option to select, and what to fill in
some of the fields selected. In my case I created my virtual hosts via YaST2 then I manually the
configuration file. My virtual hosts configuration file look like the one below.
neptune:/etc/apache2/vhosts.d # cat yast2_vhosts.conf
<VirtualHost *:80>
DocumentRoot /srv/www/vhosts/neptune/
ServerName www.neptune.bogus
ServerAdmin root@neptune.bogus
ErrorLog /var/log/apache2/neptune.bogus-error_log
CustomLog /var/log/apache2/neptune.bogus-access_log combined
UseCanonicalName On
<Directory "/srv/www/vhosts/neptune/">
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>
</VirtualHost>


<VirtualHost *:80>
DocumentRoot /srv/www/vhosts/saturn/
ServerName www.saturn.bogus
ServerAdmin root@saturn.bogus
ErrorLog /var/log/apache2/saturn.bogus-error_log
CustomLog /var/log/apache2/saturn-access_log combined
UseCanonicalName On
<Directory /srv/www/vhosts/saturn/>
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>
</VirtualHost>


Basically I got two virtual sites www.neptune.bogus and www.saturn.bogus. AN important variable is
the UseCanonical which must have a value On so that you can type the website name in your browser.

Manual Creation of Virtual Hosts Configuration Files
The virtual hosts configuration files are located in the /etc/apache2/vhosts.d directory

neptune:/srv/www/vhosts/neptune # cd /etc/apache2/vhosts.d/

Copy the template provided and rename it
neptune:/etc/apache2/vhosts.d # cp -p vhost.template neptune.conf

Edit the configuration file to look like this

<VirtualHost *:80>
DocumentRoot /srv/www/vhosts/neptune/
ServerName www.neptune.bogus
ServerAdmin root@neptune.bogus
ErrorLog /var/log/apache2/neptune.bogus-error_log
CustomLog /var/log/apache2/neptune.bogus-access_log combined
UseCanonicalName On

<Directory "/srv/www/vhosts/neptune/">
 AllowOverride None
 Order allow,deny
 Allow from all
</Directory>
</VirtualHost>

This configuration file basically set the virtual host for www.neptune.bogus. You can copy the same
confuration settings for the rest of your virtual sites, except that you need to replace the domain names,
of course.


Editing the /etc/apache2/listen.conf File
There is nothing much to edit here except that you need to have this line:
NameVirtualHost *:80
Configuration of the /etc/named.conf file
After you have configured the virtual host configuration file, you need to add the virtual hosts in the
/etc/named.conf. My sample look like this
neptune:/etc # cat named.conf | grep -v "^#"
options {
       directory "/var/lib/named";
       dump-file "/var/log/named_dump.db";
       statistics-file "/var/log/named.stats";
       listen-on-v6 { any; };
       notify no;
};
zone "." in {
       type hint;
       file "root.hint";
};
zone "localhost" in {
       type master;
       file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
       type master;
       file "127.0.0.zone";
};
zone "neptune.bogus" in {
       type master;
       notify no;
       allow-query { any; };
       file "neptune.bogus.zone";
};
zone "saturn.bogus" in {
       type master;
       notify no;
       allow-query { any; };
       file "saturn.bogus.zone";
};
zone "1.168.192.in-addr.arpa" in {
       type master;
       notify no;
       file "192-168-1.zone";
};
include "/etc/named.conf.include";



Restarting the Named Server and Apache Server
After each edit of the named and the apache configuration files, you need to restart their servicees.
neptune:/etc/apache2/vhosts.d # service apache2 restart
Syntax OK
Shutting down httpd2 (waiting for all children to terminate)
done
Starting httpd2 (prefork)
done
neptune:/etc/apache2/vhosts.d # service named restart
Shutting down name server BIND
done
Starting name server BIND



The Outcome
Yes after the apache and named service have been restarted I can browse the web page of the virtual
sites I have created.




Figure 1 - The virtual website
Figure 2 - Another virtual web site



The Web Logs Files
The following logs will be created as configured in the your virtual host configuration file.
neptune:/var/log/apache2 # ll -rt
total 72
-rw-r--r-- 1 root root 6700 2009-05-07 08:11 access_log
-rw-r--r-- 1 root root 9174 2009-05-07 08:13 dummy-host.example.com-error_log
-rw-r--r-- 1 root root 9673 2009-05-07 08:13 dummy-host.example.com-access_log
-rw-r--r-- 1 root root   0 2009-05-07 08:15 saturn.bogus-error_log
-rw-r--r-- 1 root root   0 2009-05-07 08:15 saturn-access_log
-rw-r--r-- 1 root root   10 2009-05-07 08:15 rcapache2.out
-rw-r--r-- 1 root root   0 2009-05-07 08:15 neptune.bogus-error_log
-rw-r--r-- 1 root root   0 2009-05-07 08:15 neptune.bogus-access_log
-rw-r--r-- 1 root root 33467 2009-05-07 08:15 error_log




Configuring NIS in OpenSUSE
To explore NIS we need to configure NFS as well. So before we install the NIS server and client, let's
first configure NFS.

Configuring the NFS Server
Edit the /etc/exports file to allow NFS mounts of the /home directory with erad/write access.
neptune:~ # cat /etc/exports
/home *(rw,sync)
Let NFS read the /etc/exports file for the new entry, and make /home available to the network.
neptune:~ # exportfs -a
exportfs: /etc/exports [1]: Neither 'subtree_check' or 'no_subtree_check' specified for export "*:/home".
 Assuming default behaviour ('no_subtree_check').
 NOTE: this default has changed since nfs-utils version 1.0.x


You can check the runlevel of NFS by typing:
neptune:/etc/init.d # chkconfig --list | grep nfs


nfs               0:off 1:off 2:off 3:on 4:off 5:on 6:off
nfsserver              0:off 1:off 2:off 3:on 4:off 5:on 6:off
To start the NFS server, type:
neptune:/etc/init.d # rcnfsserver start


Starting kernel based NFS server: idmapdexportfs: /etc/exports [1]: Neither 'subtree_check' or
'no_subtree_check' specified for export "*:/home".
 Assuming default behaviour ('no_subtree_check').
 NOTE: this default has changed since nfs-utils version 1.0.x
 mountd statd nfsd sm-notify
done
Check that the NFS port is listening
neptune:/etc/init.d # netstat -a | grep nfs
tcp     0     0 *:nfs             *:*                  LISTEN
udp      0    0 *:nfs              *:*
Now let's configure the NFS client

Configuring the NFS client
Our NFS client is a Ubuntu host. The script to start the NFS service is at /etc/init.d directory. I actually
installed the NFS server package. If you want to see the NFS packages in Ubuntu type:
root@isa-linux:/etc/init.d# dpkg -l | grep nfs
ii libnfsidmap2                         0.20-0build1             An nfs idmapping library
ii nfs-common                            1:1.1.2-2ubuntu2.2         NFS support files common to client
and serve
ii nfs-kernel-server                     1:1.1.2-2ubuntu2.2          support for NFS kernel server
So in this case we will just have to start the nfs-common service as it corresponds to the NFS client
servies.
root@isa-linux:/etc/init.d# ./nfs-common start
Check that the rpc nfs client services are running
root@isa-linux:/etc/init.d# rpcinfo -p
 program vers proto port
  100000     2 tcp    111 portmapper
  100000     2 udp     111 portmapper
  100024     1 udp 42649 status
  100024     1 tcp 44706 status
As this is our NFS client, you would not see any NFS port listening.
root@isa-linux:/etc/init.d# netstat -a | grep nfs

root@isa-linux:/etc/init.d#

Next keep a copy of the old /hone directory, and create a new directory /home on which you'll mount
the NFS server's directory.
root@isa-linux:~# mv /home /home.save
root@isa-linux:~# mkdir /home
root@isa-linux:~# ls -l /
<output truncated for brevity>
drwxr-xr-x 2 root root 4096 2009-05-08 09:53 home
drwxr-xr-x 3 root root 4096 2008-11-05 00:50 home.save


Make sure you can mount the NFS server /home directory on the new NFS client /home directory that
you have just created. Unmount it once everything looks correct:
root@isa-linux:~# mount 192.168.1.101:/home /home
root@isa-linux:~# ls /home
ismail lost+found
root@isa-linux:~# cd
root@isa-linux:~# umount /home
All newly added Linux users will now be assigned a home directory under the new remote /home
directory. This scheme will make the users feel their home directories are local, when in reality they are
automatically mounted and accessed over the network.

Configuration of NIS Server.

Setting Up NIS Sever Using YaST2
In YaST2 go to Network services, search by pattern and select Miscellaneous server where you would
then select yast2 nis-server and proceed with the NIS server package download.
You will also have to allow the NIS server and client services in SUSEFIREWALL2 in YaST2.
Next run yast2 nis_server
The installer will install ypserv, ypbind and yptools. Next you need to configure the NIS domain name
(in my case my NIS domain is called neptunedomain), changing of passwords and firewall details.
Next choose the NIS maps to export. In my case, I selected oup, passwd,rpc,hosts
Lastly you need to specify IP addresses that can use the NIS server. The netmask/network pair in my
case is 0.0.0.0/0.0.0.0. This is only safe when you are not connected to the Internet.



Setting Up NIS Server Manually
The data that NIS actually exports is under /var/yp. Databases for the NIS maps will be exported
under /var/yp/<domain name>/.
There is a Makefile at /var/yp/Makefile. Typing make all in the directory /var/yp rebilds the NIS maps.
There is a network information stored in /var/yp/securenets.
neptune:/etc/init.d # cat /var/yp/securenets
0.0.0.0/0.0.0.


To set up NIS server from command line, use the following steps:
    1. Set the domain name. In my case:
        #ypdomainname neptunedomain
    2. Run the program /usr/lib/yp/ypinit -m
    3. Start the NIS server
        #rcypserv start



Start the NIS Server Deamons
To start the NIS server in OpenSUSE type:
neptune:~ # rcypserv start


Make sure that the NIS Server Daemons are running:
neptune:/var/yp # rpcinfo -p localhost
 program vers proto port service
  100000    4 tcp    111 portmapper
  100000    3 tcp    111 portmapper
  100000    2 tcp    111 portmapper
  100000    4 udp     111 portmapper
  100000    3 udp    111 portmapper
  100000    2 udp    111 portmapper
  100005    1 udp 59545 mountd
  100003    2 udp 2049 nfs
  100003    3 udp 2049 nfs
  100003    4 udp 2049 nfs
  100021    1 udp 47434 nlockmgr
  100021    3 udp 47434 nlockmgr
  100021    4 udp 47434 nlockmgr
  100003    2 tcp 2049 nfs
  100003    3 tcp 2049 nfs
  100003    4 tcp 2049 nfs
  100021    1 tcp 39385 nlockmgr
  100021    3 tcp 39385 nlockmgr
  100021    4 tcp 39385 nlockmgr
  100005    1 tcp 47151 mountd
  100005    2 udp 59545 mountd
  100005    2 tcp 47151 mountd
  100005    3 udp 59545 mountd
  100005    3 tcp 47151 mountd
  100024    1 udp 60016 status
  100024    1 tcp 40549 status
  100004    2 udp    811 ypserv
  100004    1 udp    811 ypserv
  100004    2 tcp    812 ypserv
  100004    1 tcp    812 ypserv
  100009    1 udp    829 yppasswdd
600100069    1 udp     847 fypxfrd
600100069    1 tcp    848 fypxfrd
  100007    2 udp    821 ypbind
  100007    1 udp    821 ypbind
  100007    2 tcp    822 ypbind
  100007    1 tcp    822 ypbind
If you want to start the NFS services manually, they are located in :
neptune:/var/yp # cd /etc/init.d
neptune:/etc/init.d # ls *yp*
ypbind yppasswdd ypserv ypxfrd
You can also use the service commands
neptune: # service ypbind start
Starting ypbind                                              done
neptune: # service ypxfrd start
Starting rpc.ypxfrd                                          done



Adding New NIS Users
In the NIS serve add nisuser
neptune:~ # useradd -g users nisuser
neptune:~ # passwd nisuser
Changing password for nisuser.
New Password:
Bad password: too short
Reenter New Password:
Password changed.


The you will have to update the NIS domain's authentication files by executing the make command in
the /var/yp directory.
neptune:~ # cd /var/yp
neptune:/var/yp # ll
total 56
drwxr-xr-x 2 root root 4096 2009-05-08 10:42 binding
-rw-r--r-- 1 root root 16306 2009-05-08 10:41 Makefile
-rw-r--r-- 1 root root 16317 2009-05-08 10:41 Makefile.bak
drwxr-xr-x 2 root root 4096 2009-05-08 10:41 neptunedomain
-rw-r--r-- 1 root root 185 2008-12-03 13:59 nicknames
-rw-r--r-- 1 root root      16 2009-05-08 10:41 securenets
-rw-r--r-- 1 root root 471 2009-05-08 10:41 securenets.YaST2.save
-rw-r--r-- 1 root root       8 2009-05-08 10:41 ypservers


neptune:/var/yp # less ypservers
neptune:/var/yp # make
gmake[1]: Entering directory `/var/yp/neptunedomain'
gmake[1]: `ypservers' is up to date.
gmake[1]: Leaving directory `/var/yp/neptunedomain'
gmake[1]: Entering directory `/var/yp/neptunedomain'
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating passwd.byname...
Updating passwd.byuid...
gmake[1]: Leaving directory `/var/yp/neptunedomain'


You can check to see if the user's authentication information has been updated by using the ypmatch
command, which should return the user's encrypted password string:
neptune:/var/yp # ypmatch nisuser passwd
nisuser:x:1001:100::/home/nisuser:/bin/bash
But it seems like encrypted. In some cases the password field is unencrypted.
You can also use the getent command.
neptune:/var/yp # getent passwd nisuser
nisuser:x:1001:100::/home/nisuser:/bin/bash



Configuring NIS client
To set up a NIS client, log in as root or use the su command to become root on the system you are
using as a NIS client and do the following:
    1. Make sure the NIS client ypbind is installed on the NIS client
    2. Set the domain name of the NIS domain which is the same as the one set in the NIS server. For
       example #ypdomainname neptunedomain
    3. Start the NIS client. In Ubuntu it's /etc/init.d/./nis start. In OpenSUSE, it's rcypbind start.
    4. To verify that NIS is working correctly, use telnet or ssh to log in as a NIS user from the NIS
       client . If everything is working, you should set your NIS server to start automatically during
       booting via command chkconfig ypbind on (for OpenSUSE).
So let's get our hands dirty and start setting up the NIS client
Firstly, install NIS client. In my case my NIS client is a Ubuntu host.
root@isa-linux:/home# apt-get install portmap nis
Figure 3 - Installing & Configuring NIS client in Ubuntu


After that check that the NIS client service is running
root@isa-linux:/home# ps -ef|grep yp
root      6904      1 0 10:17 ?        00:00:00 /usr/sbin/ypbind -broadcast
You can also run the rpcinfo command
root@isa-linux:/home# rpcinfo -p localhost
 program vers proto port
  100000    2 tcp    111 portmapper
  100000    2 udp     111 portmapper
  100024    1 udp 42649 status
  100024    1 tcp 44706 status
  100007    2 udp     720 ypbind
  100007    1 udp     720 ypbind
  100007    2 tcp    721 ypbind
  100007    1 tcp    721 ypbind
In Ubuntu, the NIS client has the following configuration files:
root@isa-linux:/etc# ll yp*
yp.conf           ypserv.conf         ypserv.securenets

Edit the /etc/yp.conf File
In Ubuntu, edit the /etc/yp.conf file so that it look something look like this:
ypserver 192.168.1.101
In addition, the /etc/nsswitch,conf should have the following entries:
passwd:          files nis
group:        files nis
shadow:         fiels nis


Restart the NIS client services
root@isa-linux:/etc/init.d# ./nis
Usage: /etc/init.d/nis {start|stop|reload|force-reload|restart}
root@isa-linux:/etc/init.d# ./nis restart
•   Starting NIS services



Test the NIS Access to the NIS Server
root@isa-linux:~# ypmatch nisuser passwd
nisuser:x:1001:100::/home/nisuser:/bin/bash


root@isa-linux:~# ypcat passwd | grep nisuser
nisuser:x:1001:100::/home/nisuser:/bin/bash



Test Logins via the NIS Server
Try to login to the NIS account, in my case nisuser via the NIS Server from a NIS client. Make sure
you have started the NFS server and client and mounted the NFS share (/home) on the NFS client.
In NFS client
root@isa-linux:~# mount 192.168.1.101:/home /home


In this section we will SSH and TELNET to the NIS Server from the NIS client. So you will have to
check that the SSH server service and telnet server service (via /etc/init.d/./xinetd restart) are running.

Logging in via TELNET
Try logging from the NIS client via telnet. Make sure that the telnet server is enabled.
root@isa-linux:~# telnet 192.168.1.101
Trying 192.168.1.101...
telnet: Unable to connect to remote host: Connection refused
root@isa-linux:~# telnet 192.168.1.101
Trying 192.168.1.101...
Connected to 192.168.1.101.
Escape character is '^]'.
Welcome to openSUSE 11.1 - Kernel 2.6.27.7-9-pae (3).
neptune login: nisuser
Password:
Last login: Fri May 8 15:29:47 SGT 2009 from 192.168.1.100 on pts/2
Have a lot of fun...
Directory: /home/nisuser
Fri May 8 15:32:19 SGT 2009
nisuser@neptune:~>


We can see that NIS works perfectly. NIS is ideal for small to medium sized network and works well
together with NFS.

Logging in via SSH
Try logging from the NIS client via SSH
root@isa-linux:~# ssh -l nisuser 192.168.1.101
Password:
Have a lot of fun...
nisuser@neptune:~> pwd
/home/nisuser
nisuser@neptune:~> exit
logout
Connection to 192.168.1.101 closed.

Implementing LDAP in OpenSUSE
In this section we will set up the Open SUSE as a LAP server while the Ubuntu host will be the LDAP
client.
Firstly, install LDAP server on the OpenSUSE host and make sure you allow LDAP servive on the
Firewall2 on YaST2.
The package name is yast2-ldap-server and the service to allow in Firewall2 is OpenLDAP server.
These are the packages installed on the LDAP server.
neptune:~ # rpm -qa | grep ldap
pam_ldap-184-144.12
libldap-2_4-2-2.4.12-5.3
yast2-ldap-client-2.17.16-1.33
openldap2-devel-2.4.12-5.3
nss_ldap-262-10.12
openldap2-client-2.4.12-5.3
libldapcpp1-0.1.2-1.29
yast2-ldap-2.17.3-1.73
yast2-ldap-server-2.17.17-1.1
perl-ldap-0.37-1.23
openldap2-2.4.12-5.4


Check if the LDAP server is running
neptune:~ # ps -ef| grep ldap
root    9575 9026 0 08:40 pts/2        00:00:00 grep ldap


Check the running levels of the LDAP server.
neptune:~ # chkconfig --list | grep ldap
ldap               0:off 1:off 2:off 3:off 4:off 5:off 6:off


The LDAP service is started in the init.d directory
neptune:~ # cd /etc/init.d/
neptune:/etc/init.d # ./ldap
Usage: ./ldap {start|stop|status|try-restart|restart|force-reload|reload}


neptune:/etc/init.d # ./ldap status
Checking for service ldap:                                                  unused

Configuring the LDAP Server
neptune:/etc/init.d # which nmap
/usr/bin/nmap
neptune:/etc/init.d # nmap localhost


Starting Nmap 4.75 ( http://nmap.org ) at 2009-05-13 10:47 SGT
Interesting ports on localhost (127.0.0.1):
Not shown: 993 closed ports
PORT      STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
389/tcp open ldap
631/tcp open ipp
2049/tcp open nfs


Nmap done: 1 IP address (1 host up) scanned in 0.27 seconds



Create a Database Directory
neptune:/var/lib/ldap # ls
DB_CONFIG DB_CONFIG.example
neptune:/var/lib/ldap # mkdir example.com
neptune:/var/lib/ldap # chown ldap:ldap example.com/

Create a LDAP Root Password
neptune:/var/lib/ldap # slappasswd
New password:
Re-enter new password:
{SSHA}mw51Fz7I/UPITJqwMD3I0fYRIz/B9sEM

Edit the slapd.conf File

Make a copy of the configuration file before you edit:
neptune:/var/lib/ldap # cp -p /etc/openldap/slapd.conf /etc/openldap/slapd.conf.bkp

Proceed to edit the configuration file

neptune:/var/lib/ldap # cd /etc/openldap/
neptune:/etc/openldap # vi slapd.conf
database     bdb
#database      ldbm
#suffix      "dc=my-domain,dc=com"
suffix       "dc=example,dc=com"
checkpoint     1024   5
cachesize     10000
#rootdn       "cn=Manager,dc=my-domain,dc=com"
rootdn       "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw       secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory    /var/lib/ldap/example.com




Start the ldap Daemon
neptune:/etc/openldap # service ldap start
Starting ldap-server                                                                           done

Convert the /etc/passwd File to LDIF Format
neptune:/etc/openldap # useradd -g users ldapuser
neptune:/etc/openldap # passwd ldapuser
Changing password for ldapuser.
New Password:
Bad password: too short
Reenter New Password:
Password changed.

Extract the Desired Records From /etc/passwd
neptune:~/MigrationTools-47 # grep ldapuser /etc/passwd > /etc/openldap/passwd.ldapusers

neptune:~/MigrationTools-47 # grep root /etc/passwd > /etc/openldap/passwd.root


Find the Conversion Script
I have to install the padl package


Convert the .ldapuser File
neptune:~/MigrationTools-47 # ./migrate_passwd.pl /etc/openldap/passwd.ldapusers
/etc/openldap/ldapusers.ldif

neptune:~/MigrationTools-47 # ./migrate_passwd.pl /etc/openldap/passwd.root /etc/openldap/root.ldif
Modify the LDIF Files
Edit the User LDIF File
neptune:~/MigrationTools-47 # cd /etc/openldap/

neptune:/etc/openldap # ll -rt *ldif

-rw-r--r-- 1 root root 384 2009-05-13 11:18 ldapusers.ldif

-rw-r--r-- 1 root root 336 2009-05-13 11:19 root.ldif

Edit the ldif files to subtitute the word padl to example

%s/padl/example/g

In the slapd.conf file, you gave the root user a common name (CN) of Manager. YOU now have to add
this information to the root LDIF file by inserting this file under the UID line in the file
neptune:/etc/openldap # vi root.ldif
dn: uid=root,ou=People,dc=example,dc=com


uid: root


cn: Manager
<--previous value was root, change it to Manager

Create an LDIF File for the example.com Domain
We need the third ldif file to define the organizational unit called People.
neptune:/etc/openldap # cp -p ldapusers.ldif example.com.ldif


neptune:/etc/openldap # vi example.com.ldif


The /etc/ldif file should look like this:
dn: dc=example,dc=com
dc: example
description: Root LDAP entry for exmaple.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
dn: ou=People, dc=example,dc=com
ou: People
description: All people in organization
objectClass: organizationalUnit



Import the LDIF Files into the Database
neptune:/etc/openldap # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f
/etc/openldap/example.com.ldif
Enter LDAP Password:
ldap_bind: Invalid credentials (49)


Solution:
neptune:/etc/openldap # slappasswd
New password:
Re-enter new password:
{SSHA}B3kl9UjNNz9KeP/rxeRW0LNdHCnuQHVj


Copy the encrypted password in the /etc/openldap/slapd.conf
rootpw        {SSHA}B3kl9UjNNz9KeP/rxeRW0LNdHCnuQHVj


I tried to run the ldap add command but still fail, so I decided to use secret as the password and it
works.
rootpw secret
neptune:/# ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/example.com.ldif
Enter LDAP Password:


adding new entry "dc=example,dc=com"
adding new entry "ou=People, dc=example,dc=com"


Then add for the other 2 ldif files
neptune:~ # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/root.ldif


Enter LDAP Password:
adding new entry "uid=root,ou=People,dc=example,dc=com"
neptune:~ # ldapadd -x -D "cn=Manager,dc=example,dc=com" -W -f /etc/openldap/ldapusers.ldif
Enter LDAP Password:
adding new entry "uid=ldapuser,ou=People,dc=example,dc=com"

Test the LDAP Database
neptune:~ # ldapsearch -x -b 'dc=exmaple,dc=com' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=exmaple,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1

Test the LDAP Database
neptune:/etc/init.d # ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# example.com
dn: dc=example,dc=com
dc: example
description: Root LDAP entry for exmaple.com
objectClass: dcObject
objectClass: organizationalUnit
ou: rootobject
# People, example.com
dn: ou=People,dc=example,dc=com
ou: People
description: All people in organization
objectClass: organizationalUnit
# root, People, example.com
dn: uid=root,ou=People,dc=example,dc=com
uid: root
cn: Manager
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 14348
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root
# ldapuser, People, example.com
dn: uid=ldapuser,ou=People,dc=example,dc=com
uid: ldapuser
cn: ldapuser
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowLastChange: 14377
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 1002
gidNumber: 100
homeDirectory: /home/ldapuser
# search result
search: 2
result: 0 Success
# numResponses: 5
# numEntries: 4

Setting Up the LDAP Client
On the LDAP client, the Ubuntu host, check that the necessary LDA client packages are installed.
When you are installing the LDAP packages on the client yo will be asked a series of questions to
configure the authentication of the LDAP client. They would look like these:




Figure 4 -Installing & Configuring LDAP client in Ubuntu
Figure 5 - Installing & Configuring LDAP client in Ubuntu




Figure 6 - Installing & Configuring LDAP client in Ubuntu
Figure 7 - Installing & Configuring LDAP client in Ubuntu




Figure 8 - Installing & Configuring LDAP client in Ubuntu
Figure 9 - Installing & Configuring LDAP client in Ubuntu


The LDAP packages installed on the LDAP client are:
root@isa-linux:~# dpkg -l | grep ldap
ii ldap-auth-client                 0.5                    meta-package for LDAP authentication
ii ldap-auth-config                  0.5                    Config package for LDAP authentication
ii libldap-2.4-2                   2.4.9-0ubuntu0.8.04.2          OpenLDAP libraries
ii libnss-ldap                     258-1ubuntu3                NSS module for using LDAP as a
naming servic
ii libpam-ldap                     184-2ubuntu2                 Pluggable Authentication Module
allowing LDAP
libnss-ldap will allow us to use ldap as a naming service, libpam-ldap allows pm to authenticate users
through LDAP and finally nscd is a password, group and host lookup daemon which caches result so
LDAP won't be questionned any time the authentication as to be done.
Now, let's edit the files and make sure you get the following setting
Edit the /etc/nsswitch.conf file
passwd:       files nis ldap
group:       files nis ldap
shadow:       fiels nis ldap

Create Home Directories on LDAP client
root@isa-linux:~# mkdir /home/ldapuser
root@isa-linux:~# ls -ld /home/ldapuser/
drwxr-xr-x 2 root root 4096 2009-05-13 09:20 /home/ldapuser/
root@isa-linux:~# chmod 700 /home/ldapuser/
root@isa-linux:~# chown ldapuser:users /home/ldapuser/
chown: invalid user: `ldapuser:users'
Solution:
Use NFS
In the NFS server
neptune:/home # ll
total 24
drwxr-xr-x 26 ismail users 4096 2009-05-13 10:37 ismail
drwx------ 2 root root 16384 2009-04-14 10:13 lost+found
drwxr-xr-x 2 nisuser users 4096 2009-05-08 15:04 nisuser
neptune:/home # mkdir ldapuser
neptune:/home # chmod 700 ldapuser/
neptune:/home # ll
total 28
drwxr-xr-x 26 ismail users 4096 2009-05-13 10:37 ismail
drwx------ 2 root root 4096 2009-05-13 12:19 ldapuser
drwx------ 2 root root 16384 2009-04-14 10:13 lost+found
drwxr-xr-x 2 nisuser users 4096 2009-05-08 15:04 nisuser
neptune:/home # chown ldapuser:users /home/ldapuser/
neptune:/home # ll
total 28
drwxr-xr-x 26 ismail users 4096 2009-05-13 10:37 ismail
drwx------ 2 ldapuser users 4096 2009-05-13 12:19 ldapuser
drwx------ 2 root    root 16384 2009-04-14 10:13 lost+found
drwxr-xr-x 2 nisuser users 4096 2009-05-08 15:04 nisuser


In the NFS client
root@isa-linux:~# mount 192.168.1.101:/home /home
root@isa-linux:~# cd /home
root@isa-linux:/home# ls
ismail lost+found nisuser
Testing Using ldapsearch from LDAP client
root@isa-linux:~# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
The program 'ldapsearch' is currently not installed. You can install it by typing:
apt-get install ldap-utils
bash: ldapsearch: command not found


So let's install the ldapsearch package
root@isa-linux:~# apt-get install ldap-utils
After that run the ldapsearch
root@isa-linux:~# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
I still get errors. I think this could be due to the nsswitch.conf file not configgured properly. In Fedora
they have the authconfig script to configure the nsswitch file, but in OpenSUSE , they don't have it.


root@isa-linux:~# ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Testing Using SSH or the Linux Console
root@isa-linux:~# ssh ldapuser@192.168.1.101
Password:
Have a lot of fun...
ldapuser@neptune:~>



Resources From the Internet

1. LDAP Server

1.1. Installation
In order to get our LDAP server setted up, we need a couple of packages to be installed:
# apt-get install slapd ldap-utils migrationtools
Answer the questions and then reconfigure slapd in order to have dpkg ask us a few more questions.
#dpkg-reconfigure slapd
Omit OpenLDAP server configuration? ... No
DNS domain name: ... debuntu.local
Name of your organization: ... Whatever & Co
Admin Password: XXXXX
Confirm Password: XXXXX
OK
BDB
Do you want your database to be removed when slapd is purged? ... No
Move old database? ... Yes
Allow LDAPv2 Protocol? ... No
Right, from now on, we have got our domain set up, as well as our administrator user: "admin".
You can now check if you can access your ldap server by typing:
$ ldapsearch -x -b dc=debuntu,dc=local
If you get an error message like:
ldap_bind: Can't contact LDAP server (-1)
Most chances are that your server is not running. use:
# /etc/init.d/slapd start
to start it.
Ok, now, it is about time to add our users and groups to the LDAP database.

1.2. Populating the database
Using migrationtools we are going to be able to quickly import all existing users and groups from our local system to
LDAP.
#cd /usr/share/migrationtools/
We need to edit the default migrationtools' config file migrate_common.ph and replace the following parameters with:
$DEFAULT_MAIL_DOMAIN = "debuntu.local";
$DEFAULT_BASE = "dc=debuntu,dc=local";
Then export the values:
# ./migrate_group.pl /etc/group ~/group.ldif
# ./migrate_passwd.pl /etc/passwd ~/passwd.ldif
Unfortunately, the script does not create the Group and People nodes, so we need to create it. To do this, create a file called
~/people_group.ldif and fill it up with:
dn: ou=People, dc=debuntu, dc=local
ou: People
objectclass: organizationalUnit

dn: ou=Group, dc=debuntu, dc=local
ou: Group
objectclass: organizationalUnit
Now, we have our users and groups converted to LDAP's ldif format. Let import them into our LDAP database.
# cd
# ldapadd -x -W -D "cn=admin,dc=debuntu,dc=local" -f ~/people_group.ldif
# ldapadd -x -W -D "cn=admin,dc=debuntu,dc=local" -f ~/group.ldif
# ldapadd -x -W -D "cn=admin,dc=debuntu,dc=local" -f ~/passwd.ldif
where:
      •    -x specify that we are not using sasl
      •    -W prompt for password
      •    -D is used to identify the administrator
      •    -f to specify the file where ldapadd should find the data to add
Well, now the server is ready to identify your users. Let's go on and set up the clients.
LDAP CLIENT
#vi /etc/libnss-ldap.conf
host ldap
base dc=debuntu,dc=local
rootbinddn cn=admin,dc=debuntu,dc=local
#vi /etc/libnss-ldap.secret
XXXXX
#vi /etc/pam_ldap.conf
host ldap
base dc=debuntu,dc=local
rootbinddn cn=admin,dc=debuntu,dc=local
#vi /etc/pam_ldap.secret
XXXXX
pam configuration files need to be modfied a bit like:
#vi /etc/pam.d/common-account
account sufficient pam_ldap.so
account required pam_unix.so
#if you want user homedir to be created on first login
#session required pam_mkhomedir.so umask=0022 skel=/etc/skel/ silent
#vi /etc/pam.d/common-auth
auth sufficient pam_ldap.so
auth required pam_unix.so nullok_secure use_first_pass
#vi /etc/pam.d/common-password
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
#vi /etc/pam.d/common-session
session sufficient pam_ldap.so
session required pam_unix.so
session optional pam_foreground.so
Finally, let's edit nsswitch so the system will be able to switch from local system authentication to ldap authentication.
# vim /etc/nsswitch.conf
passwd: files ldap
group: files ldap
shadow: files ldap
With this settings, login is going to be tried agains the local system users first. If it cannot find a match, it will then try to
authenticate against the ldap server.
Now, you should be able to connect on any client by using any LDAP user details.
This tutorial is far from being complete, but you should be able to get started :




Implementing Firewall in OpenSUSE

To view the filtering rules in IP tables, type:

neptune:~ # iptables -L
Chain INPUT (policy DROP)
target prot opt source             destination
ACCEPT all -- anywhere                 anywhere
ACCEPT all -- anywhere             anywhere        state ESTABLISHED
ACCEPT icmp -- anywhere              anywhere        state RELATED
input_ext all -- anywhere        anywhere
input_ext all -- anywhere        anywhere
input_ext all -- anywhere        anywhere
LOG       all -- anywhere        anywhere        limit: avg 3/min burst 5 LOG level warning tcp-options ip-options
prefix `SFW2-IN-ILL-TARGET '
DROP       all -- anywhere        anywhere

Chain FORWARD (policy DROP)

target prot opt source    destination
LOG       all -- anywhere  anywhere              limit: avg 3/min burst 5 LOG level warning tcp-options ip-options
prefix `SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT)
target prot opt source    destination
ACCEPT all -- anywhere        anywhere
ACCEPT all -- anywhere        anywhere              state NEW,RELATED,ESTABLISHED
LOG       all -- anywhere  anywhere              limit: avg 3/min burst 5 LOG level warning tcp-options ip-options
prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
target prot opt source           destination
Chain input_ext (3 references)
target prot opt source           destination
DROP       all -- anywhere         anywhere         PKTTYPE = broadcast
ACCEPT icmp -- anywhere                anywhere          icmp source-quench
ACCEPT icmp -- anywhere                anywhere          icmp echo-request
LOG       tcp -- anywhere          anywhere        limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN
LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere                anywhere         tcp dpt:ssh
LOG       tcp -- anywhere          anywhere        limit: avg 3/min burst 5 tcp dpt:ftp flags:FIN,SYN,RST,ACK/SYN
LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere                anywhere         tcp dpt:ftp
LOG       tcp -- anywhere          anywhere        limit: avg 3/min burst 5 tcp dpts:30000:30100
flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere                anywhere         tcp dpts:30000:30100
LOG       all -- anywhere         anywhere        limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-
options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP       all -- anywhere         anywhere         PKTTYPE = multicast
LOG       tcp -- anywhere          anywhere        limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level
warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG       icmp -- anywhere           anywhere        limit: avg 3/min burst 5 LOG level warning tcp-options ip-options
prefix `SFW2-INext-DROP-DEFLT '
LOG       udp -- anywhere           anywhere        limit: avg 3/min burst 5 LOG level warning tcp-options ip-options
prefix `SFW2-INext-DROP-DEFLT '
LOG       all -- anywhere         anywhere        limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options
ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP       all -- anywhere         anywhere

Chain reject_func (0 references)
target prot opt source           destination
REJECT tcp -- anywhere               anywhere       reject-with tcp-reset
REJECT udp -- anywhere                anywhere       reject-with icmp-port-unreachable
REJECT all -- anywhere              anywhere       reject-with icmp-proto-unreachable
Notes
In OpenSUSE, the ssh server service is blocked by default. To allow for ssh connections to the
OpenSUSE host, you need to configure the Firewall via YaST2. In the Firewall Configuration Startup
menu, click on the “Allowed services” and select the services that you want to allow, e.g in my case I
have added the ssh and vsftp services.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:19
posted:9/21/2011
language:English
pages:87