Difference between revisions of "LPIC-3 300 Objectives V1"

From LPI Wiki
Jump to: navigation, search
m (314.2 placeholder (weight: 6))
 
(186 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
__FORCETOC__
 
__FORCETOC__
 
==Introduction==
 
==Introduction==
 +
 +
A complete description of the [[LPIC-3|LPIC-3 certification program]] can be found [[LPIC-3|here]].
  
 
<br />
 
<br />
Line 6: Line 8:
 
==Version Information==
 
==Version Information==
  
These objectives are version 1.0.0rc1Objective renumbering will need to be done.
+
These objectives are version 1.0.0.
 +
 
 +
They were partially formed from content in the [[LPIC-3_301_Objectives|301]] and [[LPIC-3_302_Objectives|302]] examsThis is also a [[LPIC2AndLPIC3SummaryVersion3To4|summary and detailed information]] on the changes from those objectives to version 1 of these objectives.
  
 
<br />
 
<br />
Line 12: Line 16:
 
==Addenda==
 
==Addenda==
  
===''Version Update Addendum (Apr 1st, 2013)''===
+
===''Version Release (Oct 1st, 2013)''===
  
* released version 1.0.0rc1.
+
* released version 1.0.0
  
 
<br />
 
<br />
Line 22: Line 26:
 
The following translations of the objectives are available on this wiki:
 
The following translations of the objectives are available on this wiki:
  
* [[LPIC-301|English]].
+
* [[LPIC-3_300_Objectives_V1|English]]
* [[LPIC-301(ES)|Spanish]].
+
* [[LPIC-3_300_Objectives_V1(FR)|French]]
* [[LPIC-301(FR)|French]]
+
* [[LPIC-3_300_Objectives_V1(ES)|Spanish]]
  
 
<br />
 
<br />
Line 30: Line 34:
 
==Objectives==
 
==Objectives==
  
===''Topic 303: Configuration''===
+
===''Topic 390: OpenLDAP Configuration''===
  
====<span style="color:navy">303.3 LDAP Replication (weight: 4)</span>====
+
====<span style="color:navy">390.1 OpenLDAP Replication (weight: 3)</span>====
  
 
{|
 
{|
Line 39: Line 43:
 
'''Weight'''
 
'''Weight'''
  
| style="background:#eaeaea" | 4
+
| style="background:#eaeaea" | 3
 
|-
 
|-
 
| style="background:#dadada; padding-right:1em" |  
 
| style="background:#dadada; padding-right:1em" |  
Line 53: Line 57:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Replication concepts.
+
* Replication concepts
* Configure OpenLDAP replication.
+
* Configure OpenLDAP replication
* Analyze replication log files.
+
* Analyze replication log files
* Understand replica hubs.
+
* Understand replica hubs
* LDAP referrals.
+
* LDAP referrals
* LDAP sync replication.
+
* LDAP sync replication
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 
  
 
* master / slave server
 
* master / slave server
Line 76: Line 79:
 
<br />
 
<br />
  
====<span style="color:navy">303.4 Securing the Directory (weight: 3)</span>====
+
====<span style="color:navy">390.2 Securing the Directory (weight: 3)</span>====
 
{|
 
{|
 
| style="background:#dadada" |  
 
| style="background:#dadada" |  
Line 96: Line 99:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Securing the directory with SSL and TLS.
+
* Securing the directory with SSL and TLS
* Firewall considerations.
+
* Firewall considerations
* Unauthenticated access methods.
+
* Unauthenticated access methods
* User / password authentication methods.
+
* User / password authentication methods
* Maintanence of SASL user DB.
+
* Maintanence of SASL user DB
* Client / server certificates.
+
* Client / server certificates
 
   
 
   
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
Line 114: Line 117:
 
<br />
 
<br />
  
====<span style="color:navy">303.5 LDAP Server Performance Tuning (weight: 2)</span>====
+
====<span style="color:navy">390.3 OpenLDAP Server Performance Tuning (weight: 2)</span>====
  
 
{|
 
{|
Line 129: Line 132:
 
| style="background:#eaeaea" |  
 
| style="background:#eaeaea" |  
  
Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives  
+
Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.
  
 
|}
 
|}
Line 135: Line 138:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Measure LDAP performance.
+
* Measure OpenLDAP performance
* Tune software configuration to increase performance.
+
* Tune software configuration to increase performance
* Understand indexes.
+
* Understand indexes
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
Line 146: Line 149:
 
<br />
 
<br />
  
 +
===''Topic 391: OpenLDAP as an Authentication Backend''===
  
 
+
====<span style="color:navy">391.1 LDAP Integration with PAM and NSS (weight: 2)</span>====
===''Topic 305: Integration and Migration''===
+
 
+
====<span style="color:navy">305.1 LDAP Integration with PAM and NSS (weight: 1)</span>====
+
  
 
{|
 
{|
Line 157: Line 158:
 
'''Weight'''
 
'''Weight'''
  
| style="background:#eaeaea" | 1
+
| style="background:#eaeaea" | 2
 
|-
 
|-
 
| style="background:#dadada; padding-right:1em" |  
 
| style="background:#dadada; padding-right:1em" |  
Line 171: Line 172:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Configure PAM to use LDAP for authentication.
+
* Configure PAM to use LDAP for authentication
* Configure NSS to retrieve information from LDAP.
+
* Configure NSS to retrieve information from LDAP
* Configure PAM modules in various Unix environments.
+
* Configure PAM modules in various Unix environments
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
Line 179: Line 180:
 
* PAM
 
* PAM
 
* NSS
 
* NSS
* /etc/pam.d/*
+
* /etc/pam.d/
 
* /etc/nsswitch.conf
 
* /etc/nsswitch.conf
  
 
<br />
 
<br />
  
====<span style="color:navy">305.3 Integrating LDAP with Unix Services (weight: 1)</span>====
+
====<span style="color:navy">391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2)</span>====
  
 
{|
 
{|
Line 191: Line 192:
 
'''Weight'''
 
'''Weight'''
  
| style="background:#eaeaea" | 1
+
| style="background:#eaeaea" | 2
 
|-
 
|-
 
| style="background:#dadada; padding-right:1em" |  
 
| style="background:#dadada; padding-right:1em" |  
Line 199: Line 200:
 
| style="background:#eaeaea" |  
 
| style="background:#eaeaea" |  
  
Candidates should be able to integrate LDAP authentication with a number of common Unix services.
+
Candidates should be able to integrate LDAP with Active Directory Services.
  
 
|}
 
|}
Line 205: Line 206:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Integrate SSH with LDAP.
+
* Kerberos integration with LDAP
* Integrate FTP with LDAP.
+
* Cross platform authentication
* Integrate HTTP with LDAP.
+
* Single sign-on concepts
* Integrate FreeRADIUS with LDAP.
+
* Integration and compatibility limitations between OpenLDAP and Active Directory
* Integrate print services with LDAP.
+
* Integrate with Kerberos.
+
* Plan LDAP schema structure for email services.
+
* Create email attributes in LDAP.
+
* Integrate Postfix with LDAP.
+
* Integrate Sendmail with LDAP.
+
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
  
* sshd.conf
+
* Kerberos
* ftp
+
* Active Directory
* httpd.conf
+
* single sign-on
* radiusd.conf
+
* DNS
* cupsd.conf
+
* ldap.conf
+
* Postfix
+
* Sendmail
+
* schema
+
* SASL
+
* POP
+
* IMAP
+
  
 
<br />
 
<br />
  
====<span style="color:navy">305.5 Integrating LDAP with Active Directory and Kerberos (weight: 1)</span>====
+
===''Topic 392: Samba Basics''===
 +
 
 +
====<span style="color:navy">392.1 Samba Concepts and Architecture (weight: 2)</span>====
  
 
{|
 
{|
Line 240: Line 229:
 
'''Weight'''
 
'''Weight'''
  
| style="background:#eaeaea" | 1
+
| style="background:#eaeaea" | 2
 
|-
 
|-
 
| style="background:#dadada; padding-right:1em" |  
 
| style="background:#dadada; padding-right:1em" |  
Line 248: Line 237:
 
| style="background:#eaeaea" |  
 
| style="background:#eaeaea" |  
  
Candidates should be able to integrate LDAP with Active Directory Services.
+
Candidates should understand the essential concepts of Samba.  As well, the major differences between Samba3 and Samba4 should be known.
  
 
|}
 
|}
Line 254: Line 243:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Kerberos integration with LDAP.
+
* Understand the roles of the Samba daemons and components
* Cross platform authentication.
+
* Understand key issues regarding heterogeneous networks
* Single sign-on concepts.
+
* Identify key TCP/UDP ports used with SMB/CIFS
* Integration and compatibility limitations between OpenLDAP and Active Directory.
+
* Knowledge of Samba3 and Samba4 differences
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
  
* Kerberos
+
* /etc/services
* Active Directory
+
* Samba daemons: smbd, nmbd, samba, winbindd
* single sign-on
+
* DNS
+
  
 
<br />
 
<br />
  
===''Topic 310: Samba Concepts, Architecture and Design''===
+
====<span style="color:navy">392.2 Configure Samba (weight: 4)</span>====
====<span style="color:navy">310.3 Trivial Database Files (weight: 1)</span>====
+
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 +
| style="background:#eaeaea" | 4
 +
|-
 +
| style="background:#dadada; padding-right:1em" |
 +
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |
 +
 
 +
Candidates should be able to configure the Samba daemons for a wide variety of purposes.
 +
 
 +
|}
 +
 
 +
'''Key Knowledge Areas:'''
 +
 
 +
* Knowledge of Samba server configuration file structure
 +
* Knowledge of Samba variables and configuration parameters
 +
* Troubleshoot and debug configuration problems with Samba
 +
 
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
 +
* smb.conf
 +
* smb.conf parameters
 +
* smb.conf variables
 +
* testparm
 +
* secrets.tdb
 +
 
 +
<br />
 +
 
 +
====<span style="color:navy">392.3 Regular Samba Maintenance (weight: 2)</span>====
 +
 
 +
{|
 +
| style="background:#dadada" |
 +
 
 +
'''Weight'''
 +
 
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should understand the structure of trivial database files and know how troubleshoot problems
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should know about the various tools and utilities that are part of a Samba installation.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
 +
 +
* Monitor and interact with running Samba daemons
 +
* Perform regular backups of Samba configuration and state data
 +
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
 +
* smbcontrol
 +
* smbstatus
 +
* tdbbackup
 +
 +
<br />
 +
 +
====<span style="color:navy">392.4 Troubleshooting Samba (weight: 2)</span>====
 +
 +
{|
 +
| style="background:#dadada" |
 +
 +
'''Weight'''
 +
 +
| style="background:#eaeaea" | 2
 +
|-
 +
| style="background:#dadada; padding-right:1em" |
 +
 +
'''Description'''
 +
 +
| style="background:#eaeaea" |
 +
 +
Candidates should understand the structure of trivial database files and know how troubleshoot problems.
 +
 +
|}
 +
 +
'''Key Knowledge Areas:'''
 +
 +
* Configure Samba logging
 
* Backup TDB files
 
* Backup TDB files
 
* Restore TDB files
 
* Restore TDB files
 
* Identify TDB file corruption
 
* Identify TDB file corruption
* Edit / list TDB file content  
+
* Edit / list TDB file content
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 +
* /var/log/samba/
 +
* log level
 +
* debuglevel
 +
* smbpasswd
 
* pdbedit
 
* pdbedit
 
* secrets.tdb
 
* secrets.tdb
 
* tdbbackup
 
* tdbbackup
 
* tdbdump
 
* tdbdump
 +
* tdbrestore
 
* tdbtool
 
* tdbtool
* smbpasswd
+
 
<br />
+
 
<br />
 
<br />
  
===''Topic 312: Samba Share Configuration''===
+
====<span style="color:navy">392.5 Internationalization (weight: 1)</span>====
  
====<span style="color:navy">312.1 Configure Samba (weight: 6)</span>====
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
| style="background:#eaeaea" | 6
+
 
 +
'''Weight'''
 +
 
 +
| style="background:#eaeaea" | 1
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to configure the Samba daemons for a wide variety of purposes
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to work with internationalization character codes and code pages.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Knowledge of Samba server configuration file structure
+
 
* Knowledge of Samba variables and configuration parameters
+
* Understand internationalization character codes and code pages
* Identify key TCP/UDP ports used with SMB/CIFS
+
* Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
* Configure Samba logging
+
* Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
* Troubleshoot and debug problems with Samba
+
* Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
* smb.conf parameters
+
 
* smb.conf variables
+
* internationalization
* /etc/services
+
* character codes
* /var/log/samba/*
+
* code pages
* log level
+
* smb.conf
* debuglevel
+
* dos charset, display charset and unix charset
* testparm
+
 
* smbtar
+
* strace
+
 
<br />
 
<br />
====<span style="color:navy">312.2 File Services (weight: 4)</span>====
+
 
 +
===''Topic 393: Samba Share Configuration''===
 +
 
 +
====<span style="color:navy">393.1 File Services (weight: 4)</span>====
 +
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 4
 
| style="background:#eaeaea" | 4
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to create and configure file shares in a mixed environment  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to create and configure file shares in a mixed environment.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
 +
 
* Create and configure file sharing
 
* Create and configure file sharing
 
* Plan file service migration
 
* Plan file service migration
* Hide IPC$
+
* Limit access to IPC$
 
* Create scripts for user and group handling of file shares
 
* Create scripts for user and group handling of file shares
* smbcquotas
+
* Samba share access configuration parameters
* smbsh
+
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* smb.conf
 
* smb.conf
 
* [homes]
 
* [homes]
* browseable, writeable, valid users
+
* smbcquotas
 +
* smbsh
 +
* browseable, writeable, valid users, write list, read list, read only and guest ok
 
* IPC$
 
* IPC$
* mount, smbmount  
+
* mount, smbmount
 
<br />
 
<br />
====<span style="color:navy">312.3 Print Services (weight: 2)</span>====
+
 
 +
====<span style="color:navy">393.2 Linux File System and Share/Service Permissions (weight: 3)</span>====
 +
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 +
| style="background:#eaeaea" | 3
 +
|-
 +
| style="background:#dadada; padding-right:1em" |
 +
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |
 +
 
 +
Candidates should understand file permissions on a Linux file system in a mixed environment.
 +
 
 +
|}
 +
 
 +
'''Key Knowledge Areas:'''
 +
 
 +
* Knowledge of file / directory permission control
 +
* Understand how Samba interacts with Linux file system permissions and ACLs
 +
* Use Samba VFS to store Windows ACLs
 +
 
 +
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
 +
* smb.conf
 +
* chmod, chown
 +
* create mask, directory mask, force create mode, force directory mode
 +
* smbcacls
 +
* getfacl, setfacl
 +
* vfs_acl_xattr, vfs_acl_tdb and vfs objects
 +
<br />
 +
 
 +
====<span style="color:navy">393.3 Print Services (weight: 2)</span>====
 +
 
 +
{|
 +
| style="background:#dadada" |
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 2
 
| style="background:#eaeaea" | 2
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to create and manage print shares in a mixed environment  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to create and manage print shares in a mixed environment.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
 +
 
* Create and configure printer sharing
 
* Create and configure printer sharing
 
* Configure integration between Samba and CUPS
 
* Configure integration between Samba and CUPS
Line 355: Line 502:
 
* Configure [print$]
 
* Configure [print$]
 
* Understand security concerns with printer sharing
 
* Understand security concerns with printer sharing
* Setup and manage print accounting
+
* Uploading printer drivers for Point'n'Print driver installation using 'Add Print Driver Wizard' in Windows
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* smb.conf
 
* smb.conf
 
* [print$]
 
* [print$]
 
* CUPS
 
* CUPS
 
* cupsd.conf
 
* cupsd.conf
* /var/spool/samba
+
* /var/spool/samba/
* print accounting
+
* smbspool
* smbprngenpdf
+
* rpcclient
* smbspool  
+
* net
<br />
+
====<span style="color:navy">312.6 Internationalization (weight: 1)</span>====
+
{|
+
| style="background:#dadada" | '''Weight'''
+
| style="background:#eaeaea" | 1
+
|-
+
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#eaeaea" | Candidates should be able to work with internationalization character codes and code pages
+
|}
+
'''Key Knowledge Areas:'''
+
* Understand internationalization character codes and code pages
+
* Patch and build appropriate code conversion libraries
+
* Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
+
* Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment
+
'''The following is a partial list of the used files, terms and utilities:'''
+
* internationalization
+
* character codes
+
* code pages
+
* smb.conf
+
* code conversion libraries
+
<br />
+
 
<br />
 
<br />
  
===''Topic 313: Samba User and Group Management''===
+
===''Topic 394: Samba User and Group Management''===
====<span style="color:navy">313.1 Managing User Accounts and Groups (weight: 4)</span>====
+
 
 +
====<span style="color:navy">394.1 Managing User Accounts and Groups (weight: 4)</span>====
 +
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 4
 
| style="background:#eaeaea" | 4
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to manage user and group accounts in a mixed environment  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to manage user and group accounts in a mixed environment.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
 +
 
* Manager user and group accounts
 
* Manager user and group accounts
 
* Understand user and group mapping
 
* Understand user and group mapping
 
* Knowledge of user account management tools
 
* Knowledge of user account management tools
 
* Use of the smbpasswd program
 
* Use of the smbpasswd program
* Force ownership of file and directory objects  
+
* Force ownership of file and directory objects
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 +
* pdbedit
 
* smb.conf
 
* smb.conf
* samba-tool setpassword
+
* samba-tool user (with subcommands)
* /usr/bin/smbpasswd
+
* samba-tool group (with subcommands)
 +
* smbpasswd
 
* /etc/passwd
 
* /etc/passwd
 
* /etc/group
 
* /etc/group
 
* force user, force group
 
* force user, force group
* idmap  
+
* idmap
 
<br />
 
<br />
====<span style="color:navy">313.2 Authentication, Authorization and Winbind (weight: 8)</span>====
+
 
 +
====<span style="color:navy">394.2 Authentication, Authorization and Winbind (weight: 5)</span>====
 +
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
| style="background:#eaeaea" | 8
+
 
 +
'''Weight'''
 +
 
 +
| style="background:#eaeaea" | 5
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should understand the various authentication mechanisms and configure access control.  Candidates should be able to install and configure the Winbind service.
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should understand the various authentication mechanisms and configure access control.  Candidates should be able to install and configure the Winbind service.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
 +
 
* Setup a local password database
 
* Setup a local password database
* Knowledge of the smbpasswd file format
 
 
* Perform password synchronization
 
* Perform password synchronization
* Knowledge of alternative backend storage for passwords
+
* Knowledge of different passdb backends
 +
* Convert between Samba passdb backends
 
* Integrate Samba with LDAP
 
* Integrate Samba with LDAP
* Understand access control lists
+
* Configure Winbind service
* Configure Winbind
+
* Configure PAM and NSS
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* smb.conf
 
* smb.conf
* smbpasswd
+
* smbpasswd, tdbsam, ldapsam
 
* passdb backend
 
* passdb backend
* security mask
 
 
* libnss_winbind
 
* libnss_winbind
 
* libpam_winbind
 
* libpam_winbind
 +
* libpam_smbpass
 
* wbinfo
 
* wbinfo
* PAM
+
* getent
* NSS
+
* SID and foreign SID
* password synchronization
+
* LDAP
+
* PAM
+
* NSCD
+
* SID
+
 
* /etc/passwd
 
* /etc/passwd
 
* /etc/group
 
* /etc/group
* foreign SID
+
 
<br />
+
 
<br />
 
<br />
  
===''Topic 314: Samba Domain Integration''===
+
===''Topic 395: Samba Domain Integration''===
 +
 
 +
====<span style="color:navy">395.1 Samba as a PDC and BDC (weight: 3)</span>====
  
====<span style="color:navy">312.4 Samba3 as a PDC and BDC (weight: 4)</span>====
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
| style="background:#eaeaea" | 4
+
 
 +
'''Weight'''
 +
 
 +
| style="background:#eaeaea" | 3
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to setup and maintain primary and backup domain controllers, and manage Windows/Linux clients' access to the domain
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to setup and maintain primary and backup domain controllers.  Candidates should be able to manage Windows/Linux client access to the NT-Style domains.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Understand domain membership
+
 
* Create and maintain a primary domain controller
+
* Understand and configure domain membership and trust relationships
* Create and maintain a backup domain controller
+
* Create and maintain a primary domain controller with Samba3 and Samba4
 +
* Create and maintain a backup domain controller with Samba3 and Samba4
 
* Add computers to an existing domain
 
* Add computers to an existing domain
 
* Configure logon scripts
 
* Configure logon scripts
 
* Configure roaming profiles
 
* Configure roaming profiles
* Configure system policies  
+
* Configure system policies
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
 +
 
* smb.conf
 
* smb.conf
* primary domain controller
+
* security mode
* backup domain controller
+
* server role
* domain membership
+
* domain logons
* roaming profiles
+
* domain master
* system policies
+
* logon script
* logon scripts
+
* logon path
* Active Directory
+
* NTConfig.pol
* LDAP
+
* net
* trust relationships
+
* profiles
<br />
+
* add machine script
 +
* profile acls
  
====<span style="color:navy">314.2 Samba4 as a PDC (weight: 6)</span>====
 
{|
 
| style="background:#dadada" | '''Weight'''
 
| style="background:#eaeaea" | 6
 
|-
 
| style="background:#dadada; padding-right:1em" | '''Description'''
 
| style="background:#eaeaea" | Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing
 
|}
 
'''Key Knowledge Areas:'''
 
* Understand WINS concepts
 
* Understand NetBIOS concepts
 
* Understand the role of a local master browser
 
* Understand the role of a domain master browser
 
* Understand the role of Samba as a WINS server
 
* Understand name resolution
 
* Configure Samba as a WINS server
 
* Configure WINS replication
 
* Understand NetBIOS browsing, service announcements and elections
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* NetBIOS
 
* NBT
 
* WINS
 
* local master browser
 
* domain master browser
 
* service announcements
 
* elections
 
* node types
 
* smbclient
 
* findsmb
 
* name resolve order
 
* lmhosts
 
* smbtree
 
 
<br />
 
<br />
  
====<span style="color:navy">314.3 Samba4 as an AD compatible Domain Controller (weight: 3)</span>====
+
====<span style="color:navy">395.2 Samba4 as an AD compatible Domain Controller (weight: 3)</span>====
 +
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 3
 
| style="background:#eaeaea" | 3
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be able to configure Samba 4 as an AD Domain Controller  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to configure Samba 4 as an AD Domain Controller.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
 +
 
* Configure and test Samba 4 as an AD DC
 
* Configure and test Samba 4 as an AD DC
* Understand how Samba integrates with AD services; DNS, Kerberos, NTP, ACLs
+
* Using smbclient to confirm AD operation
 +
* Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
* samba-tool domain provision
+
 
 +
* smb.conf
 +
* server role
 +
* samba-tool domain (with subcommands)
 
* samba
 
* samba
* smbclient
+
 
* getent
+
<br />
+
 
<br />
 
<br />
  
===''Topic 314: Working with CIFS, NetBIOS, and Active Directory''===
+
====<span style="color:navy">395.3 Configure Samba as a Domain Member Server (weight: 3)</span>====
====<span style="color:navy">314.1 CIFS Integration (weight: 3)</span>====
+
 
 
{|
 
{|
| style="background:#dadada" | '''Weight'''
+
| style="background:#dadada" |  
 +
 
 +
'''Weight'''
 +
 
 
| style="background:#eaeaea" | 3
 
| style="background:#eaeaea" | 3
 
|-
 
|-
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#dadada; padding-right:1em" |  
| style="background:#eaeaea" | Candidates should be comfortable working with CIFS in a mixed environment  
+
 
 +
'''Description'''
 +
 
 +
| style="background:#eaeaea" |  
 +
 
 +
Candidates should be able to integrate Linux servers into an environment where Active Directory is present.
 +
 
 
|}
 
|}
 +
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
* Understand SMB/CIFS concepts
+
 
* Mount remote CIFS shares from a Linux client
+
* Joining Samba to an existing NT4 domain
* Understand features and benefits of CIFS
+
* Joining Samba to an existing AD domain
 +
* Ability to obtain a TGT from a KDC
 +
 
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
* SMB
+
 
* CIFS
+
* mount, smbmount
+
* smbclient
+
 
* smb.conf
 
* smb.conf
* /etc/fstab
+
* server role
<br />
+
* server security
====<span style="color:navy">314.2 NetBIOS and WINS (weight: 6)</span>====
+
* net command
{|
+
* kinit, TGT and REALM
| style="background:#dadada" | '''Weight'''
+
| style="background:#eaeaea" | 6
+
|-
+
| style="background:#dadada; padding-right:1em" | '''Description'''
+
| style="background:#eaeaea" | Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing
+
|}
+
'''Key Knowledge Areas:'''
+
* Understand WINS concepts
+
* Understand NetBIOS concepts
+
* Understand the role of a local master browser
+
* Understand the role of a domain master browser
+
* Understand the role of Samba as a WINS server
+
* Understand name resolution
+
* Configure Samba as a WINS server
+
* Configure WINS replication
+
* Understand NetBIOS browsing, service announcements and elections
+
'''The following is a partial list of the used files, terms and utilities:'''
+
* NetBIOS
+
* NBT
+
* WINS
+
* local master browser
+
* domain master browser
+
* service announcements
+
* elections
+
* node types
+
* smbclient
+
* findsmb
+
* name resolve order
+
* lmhosts
+
* smbtree
+
<br />
+
  
====<span style="color:navy">314.3 Integrating with Active Directory (weight: 2)</span>====
 
{|
 
| style="background:#dadada" | '''Weight'''
 
| style="background:#eaeaea" | 2
 
|-
 
| style="background:#dadada; padding-right:1em" | '''Description'''
 
| style="background:#eaeaea" | Candidates should be able to integrate Linux servers into an environment where Active Directory is present
 
|}
 
'''Key Knowledge Areas:'''
 
* List remove Active Directory / LDAP users
 
* Configure Samba in ADS security mode
 
* Knowledge of the DNS requirements for Active Directory
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* Active Directory
 
* ADS Security Mode
 
* DNS
 
* LDAP
 
* Windows' net command
 
* Kerberos
 
* domain
 
* smb.conf
 
* smbcalcs
 
 
<br />
 
<br />
====<span style="color:navy">314.4 Working with Windows Clients (weight: 4)</span>====
 
{|
 
| style="background:#dadada" | '''Weight'''
 
| style="background:#eaeaea" | 4
 
|-
 
| style="background:#dadada; padding-right:1em" | '''Description'''
 
| style="background:#eaeaea" | Clients should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers
 
|}
 
'''Key Knowledge Areas:'''
 
* Knowledge of Windows clients
 
* Explore browse lists and SMB clients from Windows
 
* Share file / print resources from Windows
 
* Use of the smbclient program
 
* Use of the Windows net utility
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* Windows' net command
 
* smbclient
 
* mount, smbmount
 
* control panel
 
* rdesktop
 
* workgroup
 
* smbget
 
===''Topic 315: Security and Performance''===
 
====<span style="color:navy">315.1 Linux File System and Share/Service Permissions (weight: 3)</span>====
 
{|
 
| style="background:#dadada" | '''Weight'''
 
| style="background:#eaeaea" | 3
 
|-
 
| style="background:#dadada; padding-right:1em" | '''Description'''
 
| style="background:#eaeaea" | Candidates should understand file permissions on a Linux file system in a mixed environment
 
|}
 
'''Key Knowledge Areas:'''
 
* Knowledge of file / directory permission control
 
* Understand how Samba interacts with Linux file system permissions
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* smb.conf
 
* chmod
 
* chown
 
* mount, smbmount
 
* create mask
 
* directory mask
 
 
<br />
 
<br />
====<span style="color:navy">315.2 Samba Security (weight: 2)</span>====
 
{|
 
| style="background:#dadada" | '''Weight'''
 
| style="background:#eaeaea" | 2
 
|-
 
| style="background:#dadada; padding-right:1em" | '''Description'''
 
| style="background:#eaeaea" | Candidates should be able to secure Samba at both the firewall level, and the Samba daemons themselves
 
|}
 
'''Key Knowledge Areas:'''
 
* Configure access to and from a Samba server at the firewall level
 
* Configure security relate parameters in the smb.conf file
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* iptables
 
* smb.conf
 
* /etc/services
 
* security modes
 
<br />
 
====<span style="color:navy">315.3 Performance Tuning (weight: 1)</span>====
 
{|
 
| style="background:#dadada" | '''Weight'''
 
| style="background:#eaeaea" | 1
 
|-
 
| style="background:#dadada; padding-right:1em" | '''Description'''
 
| style="background:#eaeaea" | Candidates should be able to cluster services for load balancing and high availability purposes, and tune Samba settings for better server and network performance
 
|}
 
'''Key Knowledge Areas:'''
 
* Measure Samba performance
 
* Optimize Samba memory usage
 
* Improve file transfer speed in a SMB/CIFS environment
 
'''The following is a partial list of the used files, terms and utilities:'''
 
* smb.conf
 
* 'max *' parameters
 
* netstat
 
* smbstatus
 
* socket options
 
  
<br/>
+
===''Topic 396: Samba Name Services''===
<br/>
+
  
===''Topic 390: FreeIPA and Kerberos''===
 
  
====<span style="color:navy">390.1 Deploying Kerberos (weight: 2)</span>====
+
 
 +
====<span style="color:navy">396.1 NetBIOS and WINS (weight: 3)</span>====
  
 
{|
 
{|
Line 701: Line 732:
 
'''Weight'''
 
'''Weight'''
  
| style="background:#eaeaea" | 2
+
| style="background:#eaeaea" | 3
 
|-
 
|-
 
| style="background:#dadada; padding-right:1em" |  
 
| style="background:#dadada; padding-right:1em" |  
Line 709: Line 740:
 
| style="background:#eaeaea" |  
 
| style="background:#eaeaea" |  
  
Candidates should be familiar with deploying a Kerberos on a single domain.
+
Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.
  
 
|}
 
|}
Line 715: Line 746:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Key Distribution Centre
+
* Understand WINS concepts
* Principals
+
* Understand NetBIOS concepts
* Tickets
+
* Understand the role of a local master browser
 +
* Understand the role of a domain master browser
 +
* Understand the role of Samba as a WINS server
 +
* Understand name resolution
 +
* Configure Samba as a WINS server
 +
* Configure WINS replication
 +
* Understand NetBIOS browsing and browser elections
 +
* Understand NETBIOS name types
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
  
* kinit
+
* smb.conf
* krb5.conf
+
* nmblookup
* krb5kdc/kdc.conf
+
* smbclient
* kdb5_util
+
* name resolve order
* rb5kdc/kadm5.acl
+
* lmhosts
* klist
+
* wins support, wins server, wins proxy, dns proxy
* kadmin, kadmin.local
+
* domain master, os level, preferred master
  
 
<br />
 
<br />
  
====<span style="color:navy">390.2 FreeIPA Installation (weight: 2)</span>====
+
====<span style="color:navy">396.2 Active Directory Name Resolution (weight: 2)</span>====
  
 
{|
 
{|
Line 746: Line 784:
 
| style="background:#eaeaea" |  
 
| style="background:#eaeaea" |  
  
Candidates should be familiar with FreeIPA v3.x installation process of creating a server instance.  Knowledge of the components used by FreeIPA.
+
Candidates should be familiar with the internal DNS server with Samba4.
  
 
|}
 
|}
Line 752: Line 790:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* System and configuration prerequisites for installing FreeIPA
+
* Understand and manage DNS for Samba4 as an AD Domain Controller
* FreeIPA Components: LDAP, Kerberos, PKI, DNS, Certmonger
+
* DNS forwarding with the internal DNS server of Samba4
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
  
* ipa-server-install and options
+
* samba-tool dns (with subcommands)
* ipa
+
* smb.conf
 +
* dns forwarder
 +
* /etc/resolv.conf
 +
* dig, host
  
 
<br />
 
<br />
  
====<span style="color:navy">390.3 Integrating FreeIPA with Samba (weight: 2)</span>====
+
===''Topic 397: Working with Linux and Windows Clients''===
 +
 
 +
====<span style="color:navy">397.1 CIFS Integration (weight: 3)</span>====
  
 
{|
 
{|
Line 769: Line 812:
 
'''Weight'''
 
'''Weight'''
  
| style="background:#eaeaea" | 2
+
| style="background:#eaeaea" | 3
 
|-
 
|-
 
| style="background:#dadada; padding-right:1em" |  
 
| style="background:#dadada; padding-right:1em" |  
Line 777: Line 820:
 
| style="background:#eaeaea" |  
 
| style="background:#eaeaea" |  
  
Candidates should be able to integrate with Samba for group management, Kerberized CIFS and as an AD DC with FreeIPA.
+
Candidates should be comfortable working with CIFS in a mixed environment.
  
 
|}
 
|}
Line 783: Line 826:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* Cross-realm trusts
+
* Understand SMB/CIFS concepts
 +
* Access and mount remote CIFS shares from a Linux client
 +
* Securely storing CIFS credentials
 +
* Understand features and benefits of CIFS
 +
* Understand permissions and file ownership of remote CIFS shares
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
  
* ipa trust-add-ad
+
* SMB/CIFS
* ipa config-mod
+
* mount, mount.cifs
* net
+
* smbclient
* ldapadd
+
* smbget
 +
* smbtar
 +
* smbtree
 +
* findsmb
 +
* smb.conf
 +
* smbcquotas
 +
* /etc/fstab
  
 
<br />
 
<br />
  
====<span style="color:navy">390.4 System Security Services Daemon (weight: 2)</span>====
+
====<span style="color:navy">397.2 Working with Windows Clients (weight: 2)</span>====
  
 
{|
 
{|
Line 809: Line 862:
 
| style="background:#eaeaea" |  
 
| style="background:#eaeaea" |  
  
Candidates should be able to configure and use SSSD manage access to remote directories and authentication mechanisms
+
Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers.
  
 
|}
 
|}
Line 815: Line 868:
 
'''Key Knowledge Areas:'''
 
'''Key Knowledge Areas:'''
  
* SSSD daemon and command line tools
+
* Knowledge of Windows clients
* Configuring NSS and PAM for use with SSSD
+
* Explore browse lists and SMB clients from Windows
* Authenticate against a local, LDAP and Kerberos domain
+
* Share file / print resources from Windows
 +
* Use of the smbclient program
 +
* Use of the Windows net utility
  
 
'''The following is a partial list of the used files, terms and utilities:'''
 
'''The following is a partial list of the used files, terms and utilities:'''
  
* SSSD
+
* Windows net command
* sss_* commands
+
* smbclient
* sssd.conf
+
* control panel
* nsswitch.conf
+
* rdesktop
 +
* workgroup
  
<br />
 
 
<br />
 
<br />

Latest revision as of 19:19, 4 December 2014

Contents

Introduction

A complete description of the LPIC-3 certification program can be found here.


Version Information

These objectives are version 1.0.0.

They were partially formed from content in the 301 and 302 exams. This is also a summary and detailed information on the changes from those objectives to version 1 of these objectives.


Addenda

Version Release (Oct 1st, 2013)

  • released version 1.0.0


Translations of Objectives

The following translations of the objectives are available on this wiki:


Objectives

Topic 390: OpenLDAP Configuration

390.1 OpenLDAP Replication (weight: 3)

Weight

3

Description

Candidates should be familiar with the server replication available with OpenLDAP.

Key Knowledge Areas:

  • Replication concepts
  • Configure OpenLDAP replication
  • Analyze replication log files
  • Understand replica hubs
  • LDAP referrals
  • LDAP sync replication

The following is a partial list of the used files, terms and utilities:

  • master / slave server
  • multi-master replication
  • consumer
  • replica hub
  • one-shot mode
  • referral
  • syncrepl
  • pull-based / push-based synchronization
  • refreshOnly and refreshAndPersist
  • replog


390.2 Securing the Directory (weight: 3)

Weight

3

Description

Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

  • Securing the directory with SSL and TLS
  • Firewall considerations
  • Unauthenticated access methods
  • User / password authentication methods
  • Maintanence of SASL user DB
  • Client / server certificates

The following is a partial list of the used files, terms and utilities:

  • SSL / TLS
  • Security Strength Factors (SSF)
  • SASL
  • proxy authorization
  • StartTLS
  • iptables


390.3 OpenLDAP Server Performance Tuning (weight: 2)

Weight

2

Description

Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.

Key Knowledge Areas:

  • Measure OpenLDAP performance
  • Tune software configuration to increase performance
  • Understand indexes

The following is a partial list of the used files, terms and utilities:

  • index
  • DB_CONFIG


Topic 391: OpenLDAP as an Authentication Backend

391.1 LDAP Integration with PAM and NSS (weight: 2)

Weight

2

Description

Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

  • Configure PAM to use LDAP for authentication
  • Configure NSS to retrieve information from LDAP
  • Configure PAM modules in various Unix environments

The following is a partial list of the used files, terms and utilities:

  • PAM
  • NSS
  • /etc/pam.d/
  • /etc/nsswitch.conf


391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2)

Weight

2

Description

Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

  • Kerberos integration with LDAP
  • Cross platform authentication
  • Single sign-on concepts
  • Integration and compatibility limitations between OpenLDAP and Active Directory

The following is a partial list of the used files, terms and utilities:

  • Kerberos
  • Active Directory
  • single sign-on
  • DNS


Topic 392: Samba Basics

392.1 Samba Concepts and Architecture (weight: 2)

Weight

2

Description

Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.

Key Knowledge Areas:

  • Understand the roles of the Samba daemons and components
  • Understand key issues regarding heterogeneous networks
  • Identify key TCP/UDP ports used with SMB/CIFS
  • Knowledge of Samba3 and Samba4 differences

The following is a partial list of the used files, terms and utilities:

  • /etc/services
  • Samba daemons: smbd, nmbd, samba, winbindd


392.2 Configure Samba (weight: 4)

Weight

4

Description

Candidates should be able to configure the Samba daemons for a wide variety of purposes.

Key Knowledge Areas:

  • Knowledge of Samba server configuration file structure
  • Knowledge of Samba variables and configuration parameters
  • Troubleshoot and debug configuration problems with Samba

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • smb.conf parameters
  • smb.conf variables
  • testparm
  • secrets.tdb


392.3 Regular Samba Maintenance (weight: 2)

Weight


2

Description

Candidates should know about the various tools and utilities that are part of a Samba installation.

Key Knowledge Areas:

  • Monitor and interact with running Samba daemons
  • Perform regular backups of Samba configuration and state data

The following is a partial list of the used files, terms and utilities:

  • smbcontrol
  • smbstatus
  • tdbbackup


392.4 Troubleshooting Samba (weight: 2)

Weight

2

Description

Candidates should understand the structure of trivial database files and know how troubleshoot problems.

Key Knowledge Areas:

  • Configure Samba logging
  • Backup TDB files
  • Restore TDB files
  • Identify TDB file corruption
  • Edit / list TDB file content

The following is a partial list of the used files, terms and utilities:

  • /var/log/samba/
  • log level
  • debuglevel
  • smbpasswd
  • pdbedit
  • secrets.tdb
  • tdbbackup
  • tdbdump
  • tdbrestore
  • tdbtool


392.5 Internationalization (weight: 1)

Weight

1

Description

Candidates should be able to work with internationalization character codes and code pages.

Key Knowledge Areas:

  • Understand internationalization character codes and code pages
  • Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
  • Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
  • Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

The following is a partial list of the used files, terms and utilities:

  • internationalization
  • character codes
  • code pages
  • smb.conf
  • dos charset, display charset and unix charset


Topic 393: Samba Share Configuration

393.1 File Services (weight: 4)

Weight

4

Description

Candidates should be able to create and configure file shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure file sharing
  • Plan file service migration
  • Limit access to IPC$
  • Create scripts for user and group handling of file shares
  • Samba share access configuration parameters

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • [homes]
  • smbcquotas
  • smbsh
  • browseable, writeable, valid users, write list, read list, read only and guest ok
  • IPC$
  • mount, smbmount


393.2 Linux File System and Share/Service Permissions (weight: 3)

Weight

3

Description

Candidates should understand file permissions on a Linux file system in a mixed environment.

Key Knowledge Areas:

  • Knowledge of file / directory permission control
  • Understand how Samba interacts with Linux file system permissions and ACLs
  • Use Samba VFS to store Windows ACLs

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • chmod, chown
  • create mask, directory mask, force create mode, force directory mode
  • smbcacls
  • getfacl, setfacl
  • vfs_acl_xattr, vfs_acl_tdb and vfs objects


393.3 Print Services (weight: 2)

Weight

2

Description

Candidates should be able to create and manage print shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure printer sharing
  • Configure integration between Samba and CUPS
  • Manage Windows print drivers and configure downloading of print drivers
  • Configure [print$]
  • Understand security concerns with printer sharing
  • Uploading printer drivers for Point'n'Print driver installation using 'Add Print Driver Wizard' in Windows

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • [print$]
  • CUPS
  • cupsd.conf
  • /var/spool/samba/
  • smbspool
  • rpcclient
  • net


Topic 394: Samba User and Group Management

394.1 Managing User Accounts and Groups (weight: 4)

Weight

4

Description

Candidates should be able to manage user and group accounts in a mixed environment.

Key Knowledge Areas:

  • Manager user and group accounts
  • Understand user and group mapping
  • Knowledge of user account management tools
  • Use of the smbpasswd program
  • Force ownership of file and directory objects

The following is a partial list of the used files, terms and utilities:

  • pdbedit
  • smb.conf
  • samba-tool user (with subcommands)
  • samba-tool group (with subcommands)
  • smbpasswd
  • /etc/passwd
  • /etc/group
  • force user, force group
  • idmap


394.2 Authentication, Authorization and Winbind (weight: 5)

Weight

5

Description

Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

  • Setup a local password database
  • Perform password synchronization
  • Knowledge of different passdb backends
  • Convert between Samba passdb backends
  • Integrate Samba with LDAP
  • Configure Winbind service
  • Configure PAM and NSS

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • smbpasswd, tdbsam, ldapsam
  • passdb backend
  • libnss_winbind
  • libpam_winbind
  • libpam_smbpass
  • wbinfo
  • getent
  • SID and foreign SID
  • /etc/passwd
  • /etc/group


Topic 395: Samba Domain Integration

395.1 Samba as a PDC and BDC (weight: 3)

Weight

3

Description

Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.

Key Knowledge Areas:

  • Understand and configure domain membership and trust relationships
  • Create and maintain a primary domain controller with Samba3 and Samba4
  • Create and maintain a backup domain controller with Samba3 and Samba4
  • Add computers to an existing domain
  • Configure logon scripts
  • Configure roaming profiles
  • Configure system policies

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • security mode
  • server role
  • domain logons
  • domain master
  • logon script
  • logon path
  • NTConfig.pol
  • net
  • profiles
  • add machine script
  • profile acls


395.2 Samba4 as an AD compatible Domain Controller (weight: 3)

Weight

3

Description

Candidates should be able to configure Samba 4 as an AD Domain Controller.

Key Knowledge Areas:

  • Configure and test Samba 4 as an AD DC
  • Using smbclient to confirm AD operation
  • Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • server role
  • samba-tool domain (with subcommands)
  • samba


395.3 Configure Samba as a Domain Member Server (weight: 3)

Weight

3

Description

Candidates should be able to integrate Linux servers into an environment where Active Directory is present.

Key Knowledge Areas:

  • Joining Samba to an existing NT4 domain
  • Joining Samba to an existing AD domain
  • Ability to obtain a TGT from a KDC

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • server role
  • server security
  • net command
  • kinit, TGT and REALM



Topic 396: Samba Name Services

396.1 NetBIOS and WINS (weight: 3)

Weight

3

Description

Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.

Key Knowledge Areas:

  • Understand WINS concepts
  • Understand NetBIOS concepts
  • Understand the role of a local master browser
  • Understand the role of a domain master browser
  • Understand the role of Samba as a WINS server
  • Understand name resolution
  • Configure Samba as a WINS server
  • Configure WINS replication
  • Understand NetBIOS browsing and browser elections
  • Understand NETBIOS name types

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • nmblookup
  • smbclient
  • name resolve order
  • lmhosts
  • wins support, wins server, wins proxy, dns proxy
  • domain master, os level, preferred master


396.2 Active Directory Name Resolution (weight: 2)

Weight

2

Description

Candidates should be familiar with the internal DNS server with Samba4.

Key Knowledge Areas:

  • Understand and manage DNS for Samba4 as an AD Domain Controller
  • DNS forwarding with the internal DNS server of Samba4

The following is a partial list of the used files, terms and utilities:

  • samba-tool dns (with subcommands)
  • smb.conf
  • dns forwarder
  • /etc/resolv.conf
  • dig, host


Topic 397: Working with Linux and Windows Clients

397.1 CIFS Integration (weight: 3)

Weight

3

Description

Candidates should be comfortable working with CIFS in a mixed environment.

Key Knowledge Areas:

  • Understand SMB/CIFS concepts
  • Access and mount remote CIFS shares from a Linux client
  • Securely storing CIFS credentials
  • Understand features and benefits of CIFS
  • Understand permissions and file ownership of remote CIFS shares

The following is a partial list of the used files, terms and utilities:

  • SMB/CIFS
  • mount, mount.cifs
  • smbclient
  • smbget
  • smbtar
  • smbtree
  • findsmb
  • smb.conf
  • smbcquotas
  • /etc/fstab


397.2 Working with Windows Clients (weight: 2)

Weight

2

Description

Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers.

Key Knowledge Areas:

  • Knowledge of Windows clients
  • Explore browse lists and SMB clients from Windows
  • Share file / print resources from Windows
  • Use of the smbclient program
  • Use of the Windows net utility

The following is a partial list of the used files, terms and utilities:

  • Windows net command
  • smbclient
  • control panel
  • rdesktop
  • workgroup