Difference between revisions of "LPIC-3 300 Objectives V1"

Revision as of 21:31, 22 May 2013 (view source) GMatthewRice (Talk | contribs) ← Older edit		Revision as of 09:51, 4 June 2013 (view source) GMatthewRice (Talk | contribs) m (→‎Topic 310: Concepts, Architecture and Design) Newer edit →
Line 268:		Line 268:
	<br />		<br />
−	===''Topic 310: Concepts, Architecture and Design''===	+	===''Topic 310: Samba Concepts, Architecture and Design''===
	====<span style="color:navy">310.3 Trivial Database Files (weight: 1)</span>====		====<span style="color:navy">310.3 Trivial Database Files (weight: 1)</span>====
	{|		{|
Line 291:		Line 291:
	<br />		<br />
	<br />		<br />
		+
	===''Topic 312: Samba Configuration and Usage''===		===''Topic 312: Samba Configuration and Usage''===
	====<span style="color:navy">312.1 Configure Samba (weight: 6)</span>====		====<span style="color:navy">312.1 Configure Samba (weight: 6)</span>====

---

Revision as of 09:51, 4 June 2013

Introduction

Version Information

These objectives are version 1.0.0rc1. Objective renumbering will need to be done.

Addenda

Version Update Addendum (Apr 1st, 2013)

• released version 1.0.0rc1.

Translations of Objectives

The following translations of the objectives are available on this wiki:

• English.
• Spanish.
• French

Objectives

Topic 303: Configuration

303.3 LDAP Replication (weight: 4)

Weight	4
Description	Candidates should be familiar with the server replication available with OpenLDAP.

Key Knowledge Areas:

• Replication concepts.
• Configure OpenLDAP replication.
• Analyze replication log files.
• Understand replica hubs.
• LDAP referrals.
• LDAP sync replication.

The following is a partial list of the used files, terms and utilities:

• master / slave server
• multi-master replication
• consumer
• replica hub
• one-shot mode
• referral
• syncrepl
• pull-based / push-based synchronization
• refreshOnly and refreshAndPersist
• replog

303.4 Securing the Directory (weight: 3)

Weight	3
Description	Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

• Securing the directory with SSL and TLS.
• Firewall considerations.
• Unauthenticated access methods.
• User / password authentication methods.
• Maintanence of SASL user DB.
• Client / server certificates.

The following is a partial list of the used files, terms and utilities:

• SSL / TLS
• Security Strength Factors (SSF)
• SASL
• proxy authorization
• StartTLS
• iptables

303.5 LDAP Server Performance Tuning (weight: 2)

Weight	2
Description	Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives

Key Knowledge Areas:

• Measure LDAP performance.
• Tune software configuration to increase performance.
• Understand indexes.

The following is a partial list of the used files, terms and utilities:

• index
• DB_CONFIG

Topic 305: Integration and Migration

305.1 LDAP Integration with PAM and NSS (weight: 1)

Weight	1
Description	Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

• Configure PAM to use LDAP for authentication.
• Configure NSS to retrieve information from LDAP.
• Configure PAM modules in various Unix environments.

The following is a partial list of the used files, terms and utilities:

• PAM
• NSS
• /etc/pam.d/*
• /etc/nsswitch.conf

305.3 Integrating LDAP with Unix Services (weight: 1)

Weight	1
Description	Candidates should be able to integrate LDAP authentication with a number of common Unix services.

Key Knowledge Areas:

• Integrate SSH with LDAP.
• Integrate FTP with LDAP.
• Integrate HTTP with LDAP.
• Integrate FreeRADIUS with LDAP.
• Integrate print services with LDAP.
• Integrate with Kerberos.
• Plan LDAP schema structure for email services.
• Create email attributes in LDAP.
• Integrate Postfix with LDAP.
• Integrate Sendmail with LDAP.

The following is a partial list of the used files, terms and utilities:

• sshd.conf
• ftp
• httpd.conf
• radiusd.conf
• cupsd.conf
• ldap.conf
• Postfix
• Sendmail
• schema
• SASL
• POP
• IMAP

305.5 Integrating LDAP with Active Directory and Kerberos (weight: 1)

Weight	1
Description	Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

• Kerberos integration with LDAP.
• Cross platform authentication.
• Single sign-on concepts.
• Integration and compatibility limitations between OpenLDAP and Active Directory.

The following is a partial list of the used files, terms and utilities:

• Kerberos
• Active Directory
• single sign-on
• DNS

Topic 310: Samba Concepts, Architecture and Design

310.3 Trivial Database Files (weight: 1)

Weight	2
Description	Candidates should understand the structure of trivial database files and know how troubleshoot problems

Key Knowledge Areas:

• Backup TDB files
• Restore TDB files
• Identify TDB file corruption
• Edit / list TDB file content

The following is a partial list of the used files, terms and utilities:

• pdbedit
• secrets.tdb
• tdbbackup
• tdbdump
• tdbtool
• smbpasswd

Topic 312: Samba Configuration and Usage

312.1 Configure Samba (weight: 6)

Weight	6
Description	Candidates should be able to configure the Samba daemons for a wide variety of purposes

Key Knowledge Areas:

• Knowledge of Samba server configuration file structure
• Knowledge of Samba variables and configuration parameters
• Identify key TCP/UDP ports used with SMB/CIFS
• Configure Samba logging
• Troubleshoot and debug problems with Samba

The following is a partial list of the used files, terms and utilities:

• smb.conf parameters
• smb.conf variables
• /etc/services
• /var/log/samba/*
• log level
• debuglevel
• testparm
• smbtar
• strace

312.2 File Services (weight: 4)

Weight	4
Description	Candidates should be able to create and configure file shares in a mixed environment

Key Knowledge Areas:

• Create and configure file sharing
• Plan file service migration
• Hide IPC$
• Create scripts for user and group handling of file shares
• smbcquotas
• smbsh

The following is a partial list of the used files, terms and utilities:

• smb.conf
• [homes]
• browseable, writeable, valid users
• IPC$
• mount, smbmount

312.3 Print Services (weight: 2)

Weight	2
Description	Candidates should be able to create and manage print shares in a mixed environment

Key Knowledge Areas:

• Create and configure printer sharing
• Configure integration between Samba and CUPS
• Manage Windows print drivers and configure downloading of print drivers
• Configure [print$]
• Understand security concerns with printer sharing
• Setup and manage print accounting

The following is a partial list of the used files, terms and utilities:

• smb.conf
• [print$]
• CUPS
• cupsd.conf
• /var/spool/samba
• print accounting
• smbprngenpdf
• smbspool

312.4 Domain Control (weight: 4)

Weight	4
Description	Candidates should be able to setup and maintain primary and backup domain controllers, and manage Windows/Linux clients' access to the domain

Key Knowledge Areas:

• Understand domain membership
• Create and maintain a primary domain controller
• Create and maintain a backup domain controller
• Add computers to an existing domain
• Configure logon scripts
• Configure roaming profiles
• Configure system policies

The following is a partial list of the used files, terms and utilities:

• smb.conf
• primary domain controller
• backup domain controller
• domain membership
• roaming profiles
• system policies
• logon scripts
• Active Directory
• LDAP
• trust relationships

312.6 Internationalization (weight: 1)

Weight	1
Description	Candidates should be able to work with internationalization character codes and code pages

Key Knowledge Areas:

• Understand internationalization character codes and code pages
• Patch and build appropriate code conversion libraries
• Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
• Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

The following is a partial list of the used files, terms and utilities:

• internationalization
• character codes
• code pages
• smb.conf
• code conversion libraries

Topic 313: User and Group Management

313.1 Managing User Accounts and Groups (weight: 4)

Weight	4
Description	Candidates should be able to manage user and group accounts in a mixed environment

Key Knowledge Areas:

• Manager user and group accounts
• Understand user and group mapping
• Knowledge of user account management tools
• Use of the smbpasswd program
• Force ownership of file and directory objects

The following is a partial list of the used files, terms and utilities:

• smb.conf
• samba-tool setpassword
• /usr/bin/smbpasswd
• /etc/passwd
• /etc/group
• force user, force group
• idmap

313.2 Authentication, Authorization and Winbind (weight: 8)

Weight	8
Description	Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

• Setup a local password database
• Knowledge of the smbpasswd file format
• Perform password synchronization
• Knowledge of alternative backend storage for passwords
• Integrate Samba with LDAP
• Understand access control lists
• Configure Winbind

The following is a partial list of the used files, terms and utilities:

• smb.conf
• smbpasswd
• passdb backend
• security mask
• libnss_winbind
• libpam_winbind
• wbinfo
• PAM
• NSS
• password synchronization
• LDAP
• PAM
• NSCD
• SID
• /etc/passwd
• /etc/group
• foreign SID

Topic 314: Working with CIFS, NetBIOS, and Active Directory

314.1 CIFS Integration (weight: 3)

Weight	3
Description	Candidates should be comfortable working with CIFS in a mixed environment

Key Knowledge Areas:

• Understand SMB/CIFS concepts
• Mount remote CIFS shares from a Linux client
• Understand features and benefits of CIFS

The following is a partial list of the used files, terms and utilities:

• SMB
• CIFS
• mount, smbmount
• smbclient
• smb.conf
• /etc/fstab

314.2 NetBIOS and WINS (weight: 6)

Weight	6
Description	Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing

Key Knowledge Areas:

• Understand WINS concepts
• Understand NetBIOS concepts
• Understand the role of a local master browser
• Understand the role of a domain master browser
• Understand the role of Samba as a WINS server
• Understand name resolution
• Configure Samba as a WINS server
• Configure WINS replication
• Understand NetBIOS browsing, service announcements and elections

The following is a partial list of the used files, terms and utilities:

• NetBIOS
• NBT
• WINS
• local master browser
• domain master browser
• service announcements
• elections
• node types
• smbclient
• findsmb
• name resolve order
• lmhosts
• smbtree

314.3 Integrating with Active Directory (weight: 2)

Weight	2
Description	Candidates should be able to integrate Linux servers into an environment where Active Directory is present

Key Knowledge Areas:

• List remove Active Directory / LDAP users
• Configure Samba in ADS security mode
• Knowledge of the DNS requirements for Active Directory

The following is a partial list of the used files, terms and utilities:

• Active Directory
• ADS Security Mode
• DNS
• LDAP
• Windows' net command
• Kerberos
• domain
• smb.conf
• smbcalcs

314.4 Working with Windows Clients (weight: 4)

Weight	4
Description	Clients should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers

Key Knowledge Areas:

• Knowledge of Windows clients
• Explore browse lists and SMB clients from Windows
• Share file / print resources from Windows
• Use of the smbclient program
• Use of the Windows net utility

The following is a partial list of the used files, terms and utilities:

• Windows' net command
• smbclient
• mount, smbmount
• control panel
• rdesktop
• workgroup
• smbget

314.5 Samba4 as an AD compatible Domain Controller (weight: 3)

Weight	3
Description	Candidates should be able to configure Samba 4 as an AD Domain Controller

Key Knowledge Areas:

• Configure and test Samba 4 as an AD DC
• Understand how Samba integrates with AD services; DNS, Kerberos, NTP, ACLs

The following is a partial list of the used files, terms and utilities:

• samba-tool domain provision
• samba
• smbclient
• getent

Topic 315: Security and Performance

315.1 Linux File System and Share/Service Permissions (weight: 3)

Weight	3
Description	Candidates should understand file permissions on a Linux file system in a mixed environment

Key Knowledge Areas:

• Knowledge of file / directory permission control
• Understand how Samba interacts with Linux file system permissions

The following is a partial list of the used files, terms and utilities:

• smb.conf
• chmod
• chown
• mount, smbmount
• create mask
• directory mask

315.2 Samba Security (weight: 2)

Weight	2
Description	Candidates should be able to secure Samba at both the firewall level, and the Samba daemons themselves

Key Knowledge Areas:

• Configure access to and from a Samba server at the firewall level
• Configure security relate parameters in the smb.conf file

The following is a partial list of the used files, terms and utilities:

• iptables
• smb.conf
• /etc/services
• security modes

315.3 Performance Tuning (weight: 1)

Weight	1
Description	Candidates should be able to cluster services for load balancing and high availability purposes, and tune Samba settings for better server and network performance

Key Knowledge Areas:

• Measure Samba performance
• Optimize Samba memory usage
• Improve file transfer speed in a SMB/CIFS environment

The following is a partial list of the used files, terms and utilities:

• smb.conf
• 'max *' parameters
• netstat
• smbstatus
• socket options

Topic 390: FreeIPA and Kerberos

390.1 Deploying Kerberos (weight: 2)

Weight	2
Description	Candidates should be familiar with deploying a Kerberos on a single domain.

Key Knowledge Areas:

• Key Distribution Centre
• Principals
• Tickets

The following is a partial list of the used files, terms and utilities:

• kinit
• krb5.conf
• krb5kdc/kdc.conf
• kdb5_util
• rb5kdc/kadm5.acl
• klist
• kadmin, kadmin.local

390.2 FreeIPA Installation (weight: 2)

Weight	2
Description	Candidates should be familiar with FreeIPA v3.x installation process of creating a server instance. Knowledge of the components used by FreeIPA.

Key Knowledge Areas:

• System and configuration prerequisites for installing FreeIPA
• FreeIPA Components: LDAP, Kerberos, PKI, DNS, Certmonger

The following is a partial list of the used files, terms and utilities:

• ipa-server-install and options
• ipa

390.3 Integrating FreeIPA with Samba (weight: 2)

Weight	2
Description	Candidates should be able to integrate with Samba for group management, Kerberized CIFS and as an AD DC with FreeIPA.

Key Knowledge Areas:

• Cross-realm trusts

The following is a partial list of the used files, terms and utilities:

• ipa trust-add-ad
• ipa config-mod
• net
• ldapadd

390.4 System Security Services Daemon (weight: 2)

Weight	2
Description	Candidates should be able to configure and use SSSD manage access to remote directories and authentication mechanisms

Key Knowledge Areas:

• SSSD daemon and command line tools
• Configuring NSS and PAM for use with SSSD
• Authenticate against a local, LDAP and Kerberos domain

The following is a partial list of the used files, terms and utilities:

• SSSD
• sss_* commands
• sssd.conf
• nsswitch.conf