Difference between revisions of "LPIC-302 Objectives V1"
From LPI Wiki
(Created page with 'Placeholder for LPIC-3 302 objectives') |
|||
| Line 1: | Line 1: | ||
| − | + | __FORCETOC__ | |
| + | ==Introduction== | ||
| + | TODO: Need a description for the exam here | ||
| + | <br /><br /> | ||
| + | ==Version Information== | ||
| + | These objectives are version 1.0.0. | ||
| + | <br /><br /> | ||
| + | ==Objectives== | ||
| + | ===''Topic 310: Concepts, Architecture and Design''=== | ||
| + | ====<span style="color:navy">310.1 Concepts</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with the fundamental concepts surrounding SMB/CIFS, file sharing and print services in a mixed environment | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Understand SMB/CIFS concepts | ||
| + | * Understand file sharing concepts | ||
| + | * Understand print services concepts | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * SMB | ||
| + | * CIFS | ||
| + | * smb.conf | ||
| + | <br /> | ||
| + | ====<span style="color:navy">310.2 Samba Roles</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be aware of Samba's security modes, and the keys roles of the Samba daemons | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Understand Samba security modes | ||
| + | * Identify roles of core Samba daemons | ||
| + | * Manage Samba daemons | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * User Level Security | ||
| + | * Share Level Security | ||
| + | * Domain Security Mode | ||
| + | * ADS Security Mode | ||
| + | * smb.conf | ||
| + | * smbd | ||
| + | * nmbd | ||
| + | * winbindd | ||
| + | * smbcontrol | ||
| + | <br /> | ||
| + | ====<span style="color:navy">310.3 Trivial Database Files</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should understand the structure of trivial database files and know how troubleshoot problems | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Backup TDB files | ||
| + | * Restore TDB files | ||
| + | * Identify TDB file corruption | ||
| + | * Edit / list TDB file content | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * pdbedit | ||
| + | * secrets.tdb | ||
| + | * tdbbackup | ||
| + | * tdbdump | ||
| + | * tdbtool | ||
| + | * smbpasswd | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 311: Compile and Install Samba''=== | ||
| + | ====<span style="color:navy">311.1 Configure and Build From Source</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to compile Samba from source and resolve dependencies | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Identify key Samba packages and content | ||
| + | * Indentify and resolve dependencies | ||
| + | * Describe Samba software structure | ||
| + | * Knowledge of common Samba compilation options | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * gzip | ||
| + | * gpg | ||
| + | * make | ||
| + | <br /> | ||
| + | ====<span style="color:navy">311.2 Install and Upgrade Samba</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to install and upgrade Samba from source and from packages | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Install Samba from packages | ||
| + | * Install Samba from source | ||
| + | * Upgrade Samba | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * gpg | ||
| + | * dpkg | ||
| + | * rpm | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 312: Samba Configuration and Usage''=== | ||
| + | ====<span style="color:navy">312.1 Configure Samba</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 6 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to configure the Samba daemons for a wide variety of purposes | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Knowledge of Samba server configuration file structure | ||
| + | * Knowledge of Samba variables and configuration parameters | ||
| + | * Identify key TCP/UDP ports used with SMB/CIFS | ||
| + | * Configure Samba logging | ||
| + | * Troubleshoot and debug problems with Samba | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf parameters | ||
| + | * smb.conf variables | ||
| + | * /etc/services | ||
| + | * /var/log/samba/* | ||
| + | * log level | ||
| + | * debuglevel | ||
| + | * testparm | ||
| + | * smbtar | ||
| + | * strace | ||
| + | <br /> | ||
| + | ====<span style="color:navy">312.2 File Services</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 4 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to create and configure file shares in a mixed environment | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Create and configure file sharing | ||
| + | * Plan file service migration | ||
| + | * Hide IPC$ | ||
| + | * Create scripts for user and group handling of file shares | ||
| + | * smbcquotas | ||
| + | * smbsh | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * [homes] | ||
| + | * browseable, writeable, valid users | ||
| + | * IPC$ | ||
| + | * mount, smbmount | ||
| + | <br /> | ||
| + | ====<span style="color:navy">312.3 Print Services</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to create and manage print shares in a mixed environment | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Create and configure printer sharing | ||
| + | * Configure integration between Samba and CUPS | ||
| + | * Manage Windows print drivers and configure downloading of print drivers | ||
| + | * Configure [print$] | ||
| + | * Understand security concerns with printer sharing | ||
| + | * Setup and manage print accounting | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * [print$] | ||
| + | * CUPS | ||
| + | * cupsd.conf | ||
| + | * /var/spool/samba | ||
| + | * print accounting | ||
| + | * smbprngenpdf | ||
| + | * smbspool | ||
| + | <br /> | ||
| + | ====<span style="color:navy">312.4 Domain Control</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 4 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to setup and maintain primary and backup domain controllers, and manage Windows/Linux clients' access to the domain | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Understand domain membership | ||
| + | * Create and maintain a primary domain controller | ||
| + | * Create and maintain a backup domain controller | ||
| + | * Add computers to an existing domain | ||
| + | * Configure logon scripts | ||
| + | * Configure roaming profiles | ||
| + | * Configure system policies | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * primary domain controller | ||
| + | * backup domain controller | ||
| + | * domain membership | ||
| + | * roaming profiles | ||
| + | * system policies | ||
| + | * logon scripts | ||
| + | * Active Directory | ||
| + | * LDAP | ||
| + | * trust relationships | ||
| + | <br /> | ||
| + | ====<span style="color:navy">312.5 SWAT Configuration</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to install and configure the Samba web administration tool, and be comfortable with configuring changes to Samba within it | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Knowledge of SWAT features | ||
| + | * Install and configure SWAT | ||
| + | * Configure the Samba server via the SWAT interface | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * /usr/sbin/swat | ||
| + | * internationalization | ||
| + | * SSL | ||
| + | * SWAT wizard | ||
| + | <br /> | ||
| + | ====<span style="color:navy">312.6 Internationalization</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to work with internationalization character codes and code pages | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Understand internationalization character codes and code pages | ||
| + | * Patch and build appropriate code conversion libraries | ||
| + | * Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment | ||
| + | * Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * internationalization | ||
| + | * character codes | ||
| + | * code pages | ||
| + | * smb.conf | ||
| + | * code conversion libraries | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 313: User and Group Management''=== | ||
| + | ====<span style="color:navy">313.1 Managing User Accounts and Groups</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 4 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to manage user and group accounts in a mixed environment | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Manager user and group accounts | ||
| + | * Understand user and group mapping | ||
| + | * Knowledge of user account management tools | ||
| + | * Use of the smbpasswd program | ||
| + | * Force ownership of file and directory objects | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * /usr/bin/smbpasswd | ||
| + | * /etc/passwd | ||
| + | * /etc/group | ||
| + | * force user, force group | ||
| + | * idmap | ||
| + | <br /> | ||
| + | ====<span style="color:navy">313.2 Authentication and Authorization</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 8 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should understand the various authentication mechanisms and configure access control | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Setup a local password database | ||
| + | * Knowledge of the smbpasswd file format | ||
| + | * Perform password synchronization | ||
| + | * Knowledge of alternative backend storage for passwords | ||
| + | * Integrate Samba with LDAP | ||
| + | * Understand access control lists | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * smbpasswd | ||
| + | * passdb backend | ||
| + | * security mask | ||
| + | * PAM | ||
| + | * NSS | ||
| + | * password synchronization | ||
| + | * LDAP | ||
| + | <br /> | ||
| + | ====<span style="color:navy">313.3 Winbind</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to install and configure the Winbind service | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Install Winbind | ||
| + | * Configure Winbind | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * winbindd | ||
| + | * PAM | ||
| + | * NSCD | ||
| + | * SID | ||
| + | * /etc/passwd | ||
| + | * /etc/group | ||
| + | * foreign SID | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 314: Working with CIFS, NetBIOS, and Active Directory''=== | ||
| + | ====<span style="color:navy">314.1 CIFS Integration</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 3 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be confortable working with CIFS in a mixed environment | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Understand SMB/CIFS concepts | ||
| + | * Mount remote CIFS shares from a Linux client | ||
| + | * Understand features and benefits of CIFS | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * SMB | ||
| + | * CIFS | ||
| + | * mount, smbmount | ||
| + | * smbclient | ||
| + | * smb.conf | ||
| + | * /etc/fstab | ||
| + | <br /> | ||
| + | ====<span style="color:navy">314.2 NetBIOS and WINS</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 7 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Understand WINS concepts | ||
| + | * Understand NetBIOS concepts | ||
| + | * Understand the role of a local master browser | ||
| + | * Understand the role of a domain master browser | ||
| + | * Understand the role of Samba as a WINS server | ||
| + | * Understand name resolution | ||
| + | * Configure Samba as a WINS server | ||
| + | * Configure WINS replication | ||
| + | * Understand NetBIOS browsing, service announcements and elections | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * NetBIOS | ||
| + | * WINS | ||
| + | * local master browser | ||
| + | * domain master browser | ||
| + | * service announcements | ||
| + | * elections | ||
| + | * node types | ||
| + | * smbclient | ||
| + | * findsmb | ||
| + | * name resolve order | ||
| + | * lmhosts | ||
| + | * smbtree | ||
| + | <br /> | ||
| + | ====<span style="color:navy">314.3 Integrating with Active Directory</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to integrate Linux servers into an environment where Active Directory is present | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * List remove Active Directory / LDAP users | ||
| + | * Configure Samba in ADS security mode | ||
| + | * Knowledge of the DNS requirements for Active Directory | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * Active Directory | ||
| + | * ADS Security Mode | ||
| + | * DNS | ||
| + | * LDAP | ||
| + | * Windows' net command | ||
| + | * Kerberos | ||
| + | * domain | ||
| + | * smb.conf | ||
| + | * smbcalcs | ||
| + | <br /> | ||
| + | ====<span style="color:navy">314.4 Working with Windows Clients</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 4 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Clients should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Knowledge of Windows clients | ||
| + | * Explore browse lists and SMB clients from Windows | ||
| + | * Share file / print resources from Windows | ||
| + | * Use of the smbclient program | ||
| + | * Use of the Windows net utility | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * Windows' net command | ||
| + | * smbclient | ||
| + | * mount, smbmount | ||
| + | * control panel | ||
| + | * rdesktop | ||
| + | * workgroup | ||
| + | * smbget | ||
| + | <br /> | ||
| + | <br /> | ||
| + | ===''Topic 315: Security and Performance''=== | ||
| + | ====<span style="color:navy">315.1 Linux File System and Share/Service Permissions</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 3 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should understand file permissions on a Linux file system in a mixed environment | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Knowledge of file / directory permission control | ||
| + | * Understand how Samba interacts with Linux file system permissions | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * chmod | ||
| + | * chown | ||
| + | * mount, smbmount | ||
| + | * create mask | ||
| + | * directory mask | ||
| + | <br /> | ||
| + | ====<span style="color:navy">315.2 Samba Security</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 2 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to secure Samba at both the firewall level, and the Samba daemons themselves | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Configure access to and from a Samba server at the firewall level | ||
| + | * Configure security relate parameters in the smb.conf file | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * iptables | ||
| + | * smb.conf | ||
| + | * /etc/services | ||
| + | * security modes | ||
| + | <br /> | ||
| + | ====<span style="color:navy">315.3 Performance Tuning</span>==== | ||
| + | {| | ||
| + | | style="background:#dadada" | '''Weight''' | ||
| + | | style="background:#eaeaea" | 1 | ||
| + | |- | ||
| + | | style="background:#dadada; padding-right:1em" | '''Description''' | ||
| + | | style="background:#eaeaea" | Candidates should be able to cluster services for load balancing and high availability purposes, and tune Samba settings for better server and network performance | ||
| + | |} | ||
| + | '''Key Knowledge Areas:''' | ||
| + | * Measure Samba performance | ||
| + | * Optimize Samba memory usage | ||
| + | * Improve file transfer speed in a SMB/CIFS environment | ||
| + | '''The following is a partial list of the used files, terms and utilities:''' | ||
| + | * smb.conf | ||
| + | * 'max *' parameters | ||
| + | * netstat | ||
| + | * smbstatus | ||
| + | * socket options | ||
Revision as of 19:37, 3 December 2009
Contents
- 1 Introduction
- 2 Version Information
- 3 Objectives
Introduction
TODO: Need a description for the exam here
Version Information
These objectives are version 1.0.0.
Objectives
Topic 310: Concepts, Architecture and Design
310.1 Concepts
| Weight | 1 |
| Description | Candidates should be familiar with the fundamental concepts surrounding SMB/CIFS, file sharing and print services in a mixed environment |
Key Knowledge Areas:
- Understand SMB/CIFS concepts
- Understand file sharing concepts
- Understand print services concepts
The following is a partial list of the used files, terms and utilities:
- SMB
- CIFS
- smb.conf
310.2 Samba Roles
| Weight | 1 |
| Description | Candidates should be aware of Samba's security modes, and the keys roles of the Samba daemons |
Key Knowledge Areas:
- Understand Samba security modes
- Identify roles of core Samba daemons
- Manage Samba daemons
The following is a partial list of the used files, terms and utilities:
- User Level Security
- Share Level Security
- Domain Security Mode
- ADS Security Mode
- smb.conf
- smbd
- nmbd
- winbindd
- smbcontrol
310.3 Trivial Database Files
| Weight | 2 |
| Description | Candidates should understand the structure of trivial database files and know how troubleshoot problems |
Key Knowledge Areas:
- Backup TDB files
- Restore TDB files
- Identify TDB file corruption
- Edit / list TDB file content
The following is a partial list of the used files, terms and utilities:
- pdbedit
- secrets.tdb
- tdbbackup
- tdbdump
- tdbtool
- smbpasswd
Topic 311: Compile and Install Samba
311.1 Configure and Build From Source
| Weight | 1 |
| Description | Candidates should be able to compile Samba from source and resolve dependencies |
Key Knowledge Areas:
- Identify key Samba packages and content
- Indentify and resolve dependencies
- Describe Samba software structure
- Knowledge of common Samba compilation options
The following is a partial list of the used files, terms and utilities:
- gzip
- gpg
- make
311.2 Install and Upgrade Samba
| Weight | 1 |
| Description | Candidates should be able to install and upgrade Samba from source and from packages |
Key Knowledge Areas:
- Install Samba from packages
- Install Samba from source
- Upgrade Samba
The following is a partial list of the used files, terms and utilities:
- gpg
- dpkg
- rpm
Topic 312: Samba Configuration and Usage
312.1 Configure Samba
| Weight | 6 |
| Description | Candidates should be able to configure the Samba daemons for a wide variety of purposes |
Key Knowledge Areas:
- Knowledge of Samba server configuration file structure
- Knowledge of Samba variables and configuration parameters
- Identify key TCP/UDP ports used with SMB/CIFS
- Configure Samba logging
- Troubleshoot and debug problems with Samba
The following is a partial list of the used files, terms and utilities:
- smb.conf parameters
- smb.conf variables
- /etc/services
- /var/log/samba/*
- log level
- debuglevel
- testparm
- smbtar
- strace
312.2 File Services
| Weight | 4 |
| Description | Candidates should be able to create and configure file shares in a mixed environment |
Key Knowledge Areas:
- Create and configure file sharing
- Plan file service migration
- Hide IPC$
- Create scripts for user and group handling of file shares
- smbcquotas
- smbsh
The following is a partial list of the used files, terms and utilities:
- smb.conf
- [homes]
- browseable, writeable, valid users
- IPC$
- mount, smbmount
312.3 Print Services
| Weight | 2 |
| Description | Candidates should be able to create and manage print shares in a mixed environment |
Key Knowledge Areas:
- Create and configure printer sharing
- Configure integration between Samba and CUPS
- Manage Windows print drivers and configure downloading of print drivers
- Configure [print$]
- Understand security concerns with printer sharing
- Setup and manage print accounting
The following is a partial list of the used files, terms and utilities:
- smb.conf
- [print$]
- CUPS
- cupsd.conf
- /var/spool/samba
- print accounting
- smbprngenpdf
- smbspool
312.4 Domain Control
| Weight | 4 |
| Description | Candidates should be able to setup and maintain primary and backup domain controllers, and manage Windows/Linux clients' access to the domain |
Key Knowledge Areas:
- Understand domain membership
- Create and maintain a primary domain controller
- Create and maintain a backup domain controller
- Add computers to an existing domain
- Configure logon scripts
- Configure roaming profiles
- Configure system policies
The following is a partial list of the used files, terms and utilities:
- smb.conf
- primary domain controller
- backup domain controller
- domain membership
- roaming profiles
- system policies
- logon scripts
- Active Directory
- LDAP
- trust relationships
312.5 SWAT Configuration
| Weight | 1 |
| Description | Candidates should be able to install and configure the Samba web administration tool, and be comfortable with configuring changes to Samba within it |
Key Knowledge Areas:
- Knowledge of SWAT features
- Install and configure SWAT
- Configure the Samba server via the SWAT interface
The following is a partial list of the used files, terms and utilities:
- smb.conf
- /usr/sbin/swat
- internationalization
- SSL
- SWAT wizard
312.6 Internationalization
| Weight | 1 |
| Description | Candidates should be able to work with internationalization character codes and code pages |
Key Knowledge Areas:
- Understand internationalization character codes and code pages
- Patch and build appropriate code conversion libraries
- Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
- Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment
The following is a partial list of the used files, terms and utilities:
- internationalization
- character codes
- code pages
- smb.conf
- code conversion libraries
Topic 313: User and Group Management
313.1 Managing User Accounts and Groups
| Weight | 4 |
| Description | Candidates should be able to manage user and group accounts in a mixed environment |
Key Knowledge Areas:
- Manager user and group accounts
- Understand user and group mapping
- Knowledge of user account management tools
- Use of the smbpasswd program
- Force ownership of file and directory objects
The following is a partial list of the used files, terms and utilities:
- smb.conf
- /usr/bin/smbpasswd
- /etc/passwd
- /etc/group
- force user, force group
- idmap
313.2 Authentication and Authorization
| Weight | 8 |
| Description | Candidates should understand the various authentication mechanisms and configure access control |
Key Knowledge Areas:
- Setup a local password database
- Knowledge of the smbpasswd file format
- Perform password synchronization
- Knowledge of alternative backend storage for passwords
- Integrate Samba with LDAP
- Understand access control lists
The following is a partial list of the used files, terms and utilities:
- smb.conf
- smbpasswd
- passdb backend
- security mask
- PAM
- NSS
- password synchronization
- LDAP
313.3 Winbind
| Weight | 2 |
| Description | Candidates should be able to install and configure the Winbind service |
Key Knowledge Areas:
- Install Winbind
- Configure Winbind
The following is a partial list of the used files, terms and utilities:
- smb.conf
- winbindd
- PAM
- NSCD
- SID
- /etc/passwd
- /etc/group
- foreign SID
Topic 314: Working with CIFS, NetBIOS, and Active Directory
314.1 CIFS Integration
| Weight | 3 |
| Description | Candidates should be confortable working with CIFS in a mixed environment |
Key Knowledge Areas:
- Understand SMB/CIFS concepts
- Mount remote CIFS shares from a Linux client
- Understand features and benefits of CIFS
The following is a partial list of the used files, terms and utilities:
- SMB
- CIFS
- mount, smbmount
- smbclient
- smb.conf
- /etc/fstab
314.2 NetBIOS and WINS
| Weight | 7 |
| Description | Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing |
Key Knowledge Areas:
- Understand WINS concepts
- Understand NetBIOS concepts
- Understand the role of a local master browser
- Understand the role of a domain master browser
- Understand the role of Samba as a WINS server
- Understand name resolution
- Configure Samba as a WINS server
- Configure WINS replication
- Understand NetBIOS browsing, service announcements and elections
The following is a partial list of the used files, terms and utilities:
- NetBIOS
- WINS
- local master browser
- domain master browser
- service announcements
- elections
- node types
- smbclient
- findsmb
- name resolve order
- lmhosts
- smbtree
314.3 Integrating with Active Directory
| Weight | 2 |
| Description | Candidates should be able to integrate Linux servers into an environment where Active Directory is present |
Key Knowledge Areas:
- List remove Active Directory / LDAP users
- Configure Samba in ADS security mode
- Knowledge of the DNS requirements for Active Directory
The following is a partial list of the used files, terms and utilities:
- Active Directory
- ADS Security Mode
- DNS
- LDAP
- Windows' net command
- Kerberos
- domain
- smb.conf
- smbcalcs
314.4 Working with Windows Clients
| Weight | 4 |
| Description | Clients should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers |
Key Knowledge Areas:
- Knowledge of Windows clients
- Explore browse lists and SMB clients from Windows
- Share file / print resources from Windows
- Use of the smbclient program
- Use of the Windows net utility
The following is a partial list of the used files, terms and utilities:
- Windows' net command
- smbclient
- mount, smbmount
- control panel
- rdesktop
- workgroup
- smbget
Topic 315: Security and Performance
| Weight | 3 |
| Description | Candidates should understand file permissions on a Linux file system in a mixed environment |
Key Knowledge Areas:
- Knowledge of file / directory permission control
- Understand how Samba interacts with Linux file system permissions
The following is a partial list of the used files, terms and utilities:
- smb.conf
- chmod
- chown
- mount, smbmount
- create mask
- directory mask
315.2 Samba Security
| Weight | 2 |
| Description | Candidates should be able to secure Samba at both the firewall level, and the Samba daemons themselves |
Key Knowledge Areas:
- Configure access to and from a Samba server at the firewall level
- Configure security relate parameters in the smb.conf file
The following is a partial list of the used files, terms and utilities:
- iptables
- smb.conf
- /etc/services
- security modes
315.3 Performance Tuning
| Weight | 1 |
| Description | Candidates should be able to cluster services for load balancing and high availability purposes, and tune Samba settings for better server and network performance |
Key Knowledge Areas:
- Measure Samba performance
- Optimize Samba memory usage
- Improve file transfer speed in a SMB/CIFS environment
The following is a partial list of the used files, terms and utilities:
- smb.conf
- 'max *' parameters
- netstat
- smbstatus
- socket options
