Difference between revisions of "LPIC-3 300 Objectives V1"
GMatthewRice (Talk | contribs) m (→312.1 Configure Samba (weight: 6)) |
GMatthewRice (Talk | contribs) |
||
(157 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
__FORCETOC__ | __FORCETOC__ | ||
==Introduction== | ==Introduction== | ||
+ | |||
+ | A complete description of the [[LPIC-3|LPIC-3 certification program]] can be found [[LPIC-3|here]]. | ||
<br /> | <br /> | ||
Line 6: | Line 8: | ||
==Version Information== | ==Version Information== | ||
− | These objectives are version 1.0. | + | These objectives are version 1.0.0. |
+ | |||
+ | They were partially formed from content in the [[LPIC-3_301_Objectives|301]] and [[LPIC-3_302_Objectives|302]] exams. This is also a [[LPIC2AndLPIC3SummaryVersion3To4|summary and detailed information]] on the changes from those objectives to version 1 of these objectives. | ||
<br /> | <br /> | ||
Line 12: | Line 16: | ||
==Addenda== | ==Addenda== | ||
− | ===''Version | + | ===''Version Release (Oct 1st, 2013)''=== |
− | * released version 1.0. | + | * released version 1.0.0 |
<br /> | <br /> | ||
Line 22: | Line 26: | ||
The following translations of the objectives are available on this wiki: | The following translations of the objectives are available on this wiki: | ||
− | * [[LPIC- | + | * [[LPIC-3_300_Objectives_V1|English]] |
− | * [[LPIC- | + | * [[LPIC-3_300_Objectives_V1(FR)|French]] |
− | * [[LPIC- | + | * [[LPIC-3_300_Objectives_V1(ES)|Spanish]] |
<br /> | <br /> | ||
Line 30: | Line 34: | ||
==Objectives== | ==Objectives== | ||
− | ===''Topic | + | ===''Topic 390: OpenLDAP Configuration''=== |
− | ====<span style="color:navy"> | + | ====<span style="color:navy">390.1 OpenLDAP Replication (weight: 3)</span>==== |
{| | {| | ||
Line 39: | Line 43: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 3 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | | | style="background:#dadada; padding-right:1em" | | ||
Line 53: | Line 57: | ||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * Replication concepts | + | * Replication concepts |
− | * Configure OpenLDAP replication | + | * Configure OpenLDAP replication |
− | * Analyze replication log files | + | * Analyze replication log files |
− | * Understand replica hubs | + | * Understand replica hubs |
− | * LDAP referrals | + | * LDAP referrals |
− | * LDAP sync replication | + | * LDAP sync replication |
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | |||
* master / slave server | * master / slave server | ||
Line 76: | Line 79: | ||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">390.2 Securing the Directory (weight: 3)</span>==== |
{| | {| | ||
| style="background:#dadada" | | | style="background:#dadada" | | ||
Line 96: | Line 99: | ||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * Securing the directory with SSL and TLS | + | * Securing the directory with SSL and TLS |
− | * Firewall considerations | + | * Firewall considerations |
− | * Unauthenticated access methods | + | * Unauthenticated access methods |
− | * User / password authentication methods | + | * User / password authentication methods |
− | * Maintanence of SASL user DB | + | * Maintanence of SASL user DB |
− | * Client / server certificates | + | * Client / server certificates |
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 114: | Line 117: | ||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">390.3 OpenLDAP Server Performance Tuning (weight: 2)</span>==== |
{| | {| | ||
Line 129: | Line 132: | ||
| style="background:#eaeaea" | | | style="background:#eaeaea" | | ||
− | Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives | + | Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives. |
|} | |} | ||
Line 135: | Line 138: | ||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * Measure OpenLDAP performance | + | * Measure OpenLDAP performance |
− | * Tune software configuration to increase performance | + | * Tune software configuration to increase performance |
− | * Understand indexes | + | * Understand indexes |
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 146: | Line 149: | ||
<br /> | <br /> | ||
− | ===''Topic | + | ===''Topic 391: OpenLDAP as an Authentication Backend''=== |
− | ====<span style="color:navy"> | + | ====<span style="color:navy">391.1 LDAP Integration with PAM and NSS (weight: 2)</span>==== |
{| | {| | ||
Line 155: | Line 158: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 2 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | | | style="background:#dadada; padding-right:1em" | | ||
Line 169: | Line 172: | ||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * Configure PAM to use LDAP for authentication | + | * Configure PAM to use LDAP for authentication |
− | * Configure NSS to retrieve information from LDAP | + | * Configure NSS to retrieve information from LDAP |
− | * Configure PAM modules in various Unix environments | + | * Configure PAM modules in various Unix environments |
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 177: | Line 180: | ||
* PAM | * PAM | ||
* NSS | * NSS | ||
− | * /etc/pam.d/ | + | * /etc/pam.d/ |
* /etc/nsswitch.conf | * /etc/nsswitch.conf | ||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2)</span>==== |
{| | {| | ||
Line 189: | Line 192: | ||
'''Weight''' | '''Weight''' | ||
− | | style="background:#eaeaea" | | + | | style="background:#eaeaea" | 2 |
|- | |- | ||
| style="background:#dadada; padding-right:1em" | | | style="background:#dadada; padding-right:1em" | | ||
Line 203: | Line 206: | ||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * Kerberos integration with LDAP | + | * Kerberos integration with LDAP |
− | * Cross platform authentication | + | * Cross platform authentication |
− | * Single sign-on concepts | + | * Single sign-on concepts |
− | * Integration and compatibility limitations between OpenLDAP and Active Directory | + | * Integration and compatibility limitations between OpenLDAP and Active Directory |
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
Line 217: | Line 220: | ||
<br /> | <br /> | ||
− | ===''Topic | + | ===''Topic 392: Samba Basics''=== |
+ | |||
+ | ====<span style="color:navy">392.1 Samba Concepts and Architecture (weight: 2)</span>==== | ||
− | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 2 | | style="background:#eaeaea" | 2 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known. | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
+ | * Understand the roles of the Samba daemons and components | ||
+ | * Understand key issues regarding heterogeneous networks | ||
* Identify key TCP/UDP ports used with SMB/CIFS | * Identify key TCP/UDP ports used with SMB/CIFS | ||
* Knowledge of Samba3 and Samba4 differences | * Knowledge of Samba3 and Samba4 differences | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
* /etc/services | * /etc/services | ||
− | * | + | * Samba daemons: smbd, nmbd, samba, winbindd |
− | + | ||
− | + | ||
− | + | ||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">392.2 Configure Samba (weight: 4)</span>==== |
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
− | | style="background:#eaeaea" | | + | |
+ | '''Weight''' | ||
+ | |||
+ | | style="background:#eaeaea" | 4 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to configure the Samba daemons for a wide variety of purposes. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
* Knowledge of Samba server configuration file structure | * Knowledge of Samba server configuration file structure | ||
+ | * Knowledge of Samba variables and configuration parameters | ||
+ | * Troubleshoot and debug configuration problems with Samba | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
* smb.conf | * smb.conf | ||
− | * | + | * smb.conf parameters |
+ | * smb.conf variables | ||
+ | * testparm | ||
* secrets.tdb | * secrets.tdb | ||
+ | |||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">392.3 Regular Samba Maintenance (weight: 2)</span>==== |
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
+ | |||
| style="background:#eaeaea" | 2 | | style="background:#eaeaea" | 2 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should know about the various tools and utilities that are part of a Samba installation. | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should know about the various tools and utilities that are part of a Samba installation. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * | + | |
+ | * Monitor and interact with running Samba daemons | ||
+ | * Perform regular backups of Samba configuration and state data | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
* smbcontrol | * smbcontrol | ||
* smbstatus | * smbstatus | ||
− | |||
* tdbbackup | * tdbbackup | ||
− | |||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">392.4 Troubleshooting Samba (weight: 2)</span>==== |
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 2 | | style="background:#eaeaea" | 2 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should understand the structure of trivial database files and know how troubleshoot problems | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should understand the structure of trivial database files and know how troubleshoot problems. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
+ | * Configure Samba logging | ||
* Backup TDB files | * Backup TDB files | ||
* Restore TDB files | * Restore TDB files | ||
* Identify TDB file corruption | * Identify TDB file corruption | ||
− | * Edit / list TDB file content | + | * Edit / list TDB file content |
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
+ | * /var/log/samba/ | ||
+ | * log level | ||
+ | * debuglevel | ||
+ | * smbpasswd | ||
* pdbedit | * pdbedit | ||
* secrets.tdb | * secrets.tdb | ||
* tdbbackup | * tdbbackup | ||
* tdbdump | * tdbdump | ||
+ | * tdbrestore | ||
* tdbtool | * tdbtool | ||
− | |||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">392.5 Internationalization (weight: 1)</span>==== |
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
− | | style="background:#eaeaea" | | + | |
+ | '''Weight''' | ||
+ | |||
+ | | style="background:#eaeaea" | 1 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to work with internationalization character codes and code pages. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * | + | |
− | * | + | * Understand internationalization character codes and code pages |
− | * | + | * Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment |
− | * | + | * Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment |
+ | * Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
+ | * internationalization | ||
+ | * character codes | ||
+ | * code pages | ||
* smb.conf | * smb.conf | ||
− | * | + | * dos charset, display charset and unix charset |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<br /> | <br /> | ||
− | ===''Topic | + | ===''Topic 393: Samba Share Configuration''=== |
+ | ====<span style="color:navy">393.1 File Services (weight: 4)</span>==== | ||
− | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 4 | | style="background:#eaeaea" | 4 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to create and configure file shares in a mixed environment | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to create and configure file shares in a mixed environment. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
* Create and configure file sharing | * Create and configure file sharing | ||
* Plan file service migration | * Plan file service migration | ||
− | * | + | * Limit access to IPC$ |
* Create scripts for user and group handling of file shares | * Create scripts for user and group handling of file shares | ||
− | * | + | * Samba share access configuration parameters |
− | + | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
* smb.conf | * smb.conf | ||
* [homes] | * [homes] | ||
− | * browseable, writeable, valid users | + | * smbcquotas |
+ | * smbsh | ||
+ | * browseable, writeable, valid users, write list, read list, read only and guest ok | ||
* IPC$ | * IPC$ | ||
− | * mount, smbmount | + | * mount, smbmount |
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">393.2 Linux File System and Share/Service Permissions (weight: 3)</span>==== |
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
+ | | style="background:#eaeaea" | 3 | ||
+ | |- | ||
+ | | style="background:#dadada; padding-right:1em" | | ||
+ | |||
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should understand file permissions on a Linux file system in a mixed environment. | ||
+ | |||
+ | |} | ||
+ | |||
+ | '''Key Knowledge Areas:''' | ||
+ | |||
+ | * Knowledge of file / directory permission control | ||
+ | * Understand how Samba interacts with Linux file system permissions and ACLs | ||
+ | * Use Samba VFS to store Windows ACLs | ||
+ | |||
+ | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
+ | * smb.conf | ||
+ | * chmod, chown | ||
+ | * create mask, directory mask, force create mode, force directory mode | ||
+ | * smbcacls | ||
+ | * getfacl, setfacl | ||
+ | * vfs_acl_xattr, vfs_acl_tdb and vfs objects | ||
+ | <br /> | ||
+ | |||
+ | ====<span style="color:navy">393.3 Print Services (weight: 2)</span>==== | ||
+ | |||
+ | {| | ||
+ | | style="background:#dadada" | | ||
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 2 | | style="background:#eaeaea" | 2 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to create and manage print shares in a mixed environment | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to create and manage print shares in a mixed environment. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
* Create and configure printer sharing | * Create and configure printer sharing | ||
* Configure integration between Samba and CUPS | * Configure integration between Samba and CUPS | ||
Line 394: | Line 502: | ||
* Configure [print$] | * Configure [print$] | ||
* Understand security concerns with printer sharing | * Understand security concerns with printer sharing | ||
− | * | + | * Uploading printer drivers for Point'n'Print driver installation using 'Add Print Driver Wizard' in Windows |
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
* smb.conf | * smb.conf | ||
* [print$] | * [print$] | ||
* CUPS | * CUPS | ||
* cupsd.conf | * cupsd.conf | ||
− | * /var/spool/samba | + | * /var/spool/samba/ |
− | + | * smbspool | |
− | + | * rpcclient | |
− | * smbspool | + | * net |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | * | + | |
− | * | + | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
<br /> | <br /> | ||
− | ===''Topic | + | ===''Topic 394: Samba User and Group Management''=== |
− | ====<span style="color:navy"> | + | |
+ | ====<span style="color:navy">394.1 Managing User Accounts and Groups (weight: 4)</span>==== | ||
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 4 | | style="background:#eaeaea" | 4 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to manage user and group accounts in a mixed environment | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to manage user and group accounts in a mixed environment. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
* Manager user and group accounts | * Manager user and group accounts | ||
* Understand user and group mapping | * Understand user and group mapping | ||
* Knowledge of user account management tools | * Knowledge of user account management tools | ||
* Use of the smbpasswd program | * Use of the smbpasswd program | ||
− | * Force ownership of file and directory objects | + | * Force ownership of file and directory objects |
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
+ | * pdbedit | ||
* smb.conf | * smb.conf | ||
− | * samba-tool | + | * samba-tool user (with subcommands) |
− | * | + | * samba-tool group (with subcommands) |
+ | * smbpasswd | ||
* /etc/passwd | * /etc/passwd | ||
* /etc/group | * /etc/group | ||
* force user, force group | * force user, force group | ||
− | * idmap | + | * idmap |
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | |
+ | ====<span style="color:navy">394.2 Authentication, Authorization and Winbind (weight: 5)</span>==== | ||
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
− | | style="background:#eaeaea" | | + | |
+ | '''Weight''' | ||
+ | |||
+ | | style="background:#eaeaea" | 5 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service. | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
* Setup a local password database | * Setup a local password database | ||
− | |||
* Perform password synchronization | * Perform password synchronization | ||
− | * Knowledge of | + | * Knowledge of different passdb backends |
+ | * Convert between Samba passdb backends | ||
* Integrate Samba with LDAP | * Integrate Samba with LDAP | ||
− | * | + | * Configure Winbind service |
− | * Configure | + | * Configure PAM and NSS |
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
* smb.conf | * smb.conf | ||
− | * smbpasswd | + | * smbpasswd, tdbsam, ldapsam |
* passdb backend | * passdb backend | ||
− | |||
* libnss_winbind | * libnss_winbind | ||
* libpam_winbind | * libpam_winbind | ||
+ | * libpam_smbpass | ||
* wbinfo | * wbinfo | ||
− | * | + | * getent |
− | + | * SID and foreign SID | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | * SID | + | |
* /etc/passwd | * /etc/passwd | ||
* /etc/group | * /etc/group | ||
− | + | ||
− | + | ||
<br /> | <br /> | ||
− | ===''Topic | + | ===''Topic 395: Samba Domain Integration''=== |
+ | |||
+ | ====<span style="color:navy">395.1 Samba as a PDC and BDC (weight: 3)</span>==== | ||
− | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
− | | style="background:#eaeaea" | | + | |
+ | '''Weight''' | ||
+ | |||
+ | | style="background:#eaeaea" | 3 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to setup and maintain primary and backup domain controllers | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * Understand domain membership | + | |
− | * Create and maintain a primary domain controller | + | * Understand and configure domain membership and trust relationships |
− | * Create and maintain a backup domain controller | + | * Create and maintain a primary domain controller with Samba3 and Samba4 |
+ | * Create and maintain a backup domain controller with Samba3 and Samba4 | ||
* Add computers to an existing domain | * Add computers to an existing domain | ||
* Configure logon scripts | * Configure logon scripts | ||
* Configure roaming profiles | * Configure roaming profiles | ||
− | * Configure system policies | + | * Configure system policies |
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
* smb.conf | * smb.conf | ||
− | * | + | * security mode |
− | * | + | * server role |
− | * domain | + | * domain logons |
− | * | + | * domain master |
− | * | + | * logon script |
− | * logon | + | * logon path |
− | * | + | * NTConfig.pol |
− | * | + | * net |
− | * | + | * profiles |
+ | * add machine script | ||
+ | * profile acls | ||
+ | |||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">395.2 Samba4 as an AD compatible Domain Controller (weight: 3)</span>==== |
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 3 | | style="background:#eaeaea" | 3 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to configure Samba 4 as an AD Domain Controller | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to configure Samba 4 as an AD Domain Controller. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
+ | |||
* Configure and test Samba 4 as an AD DC | * Configure and test Samba 4 as an AD DC | ||
− | * Understand how Samba integrates with AD services | + | * Using smbclient to confirm AD operation |
+ | * Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | * samba-tool domain | + | |
+ | * smb.conf | ||
+ | * server role | ||
+ | * samba-tool domain (with subcommands) | ||
* samba | * samba | ||
− | + | ||
− | + | ||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | ====<span style="color:navy">395.3 Configure Samba as a Domain Member Server (weight: 3)</span>==== |
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
− | | style="background:#eaeaea" | | + | |
+ | '''Weight''' | ||
+ | |||
+ | | style="background:#eaeaea" | 3 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to integrate Linux servers into an environment where Active Directory is present | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to integrate Linux servers into an environment where Active Directory is present. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * | + | |
− | * | + | * Joining Samba to an existing NT4 domain |
− | * | + | * Joining Samba to an existing AD domain |
+ | * Ability to obtain a TGT from a KDC | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
* smb.conf | * smb.conf | ||
− | * | + | * server role |
+ | * server security | ||
+ | * net command | ||
+ | * kinit, TGT and REALM | ||
+ | |||
<br /> | <br /> | ||
<br /> | <br /> | ||
− | ===''Topic | + | ===''Topic 396: Samba Name Services''=== |
+ | |||
+ | |||
+ | |||
+ | ====<span style="color:navy">396.1 NetBIOS and WINS (weight: 3)</span>==== | ||
− | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 3 | | style="background:#eaeaea" | 3 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * Understand | + | |
− | * | + | * Understand WINS concepts |
− | * Understand | + | * Understand NetBIOS concepts |
+ | * Understand the role of a local master browser | ||
+ | * Understand the role of a domain master browser | ||
+ | * Understand the role of Samba as a WINS server | ||
+ | * Understand name resolution | ||
+ | * Configure Samba as a WINS server | ||
+ | * Configure WINS replication | ||
+ | * Understand NetBIOS browsing and browser elections | ||
+ | * Understand NETBIOS name types | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
* smb.conf | * smb.conf | ||
− | * | + | * nmblookup |
+ | * smbclient | ||
+ | * name resolve order | ||
+ | * lmhosts | ||
+ | * wins support, wins server, wins proxy, dns proxy | ||
+ | * domain master, os level, preferred master | ||
+ | |||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | |
+ | ====<span style="color:navy">396.2 Active Directory Name Resolution (weight: 2)</span>==== | ||
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
− | | style="background:#eaeaea" | | + | |
+ | '''Weight''' | ||
+ | |||
+ | | style="background:#eaeaea" | 2 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be familiar with the internal DNS server with Samba4. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | + | ||
− | * | + | * Understand and manage DNS for Samba4 as an AD Domain Controller |
− | * | + | * DNS forwarding with the internal DNS server of Samba4 |
− | + | ||
− | + | ||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | ===''Topic | + | * samba-tool dns (with subcommands) |
− | ====<span style="color:navy"> | + | * smb.conf |
+ | * dns forwarder | ||
+ | * /etc/resolv.conf | ||
+ | * dig, host | ||
+ | |||
+ | <br /> | ||
+ | |||
+ | ===''Topic 397: Working with Linux and Windows Clients''=== | ||
+ | |||
+ | ====<span style="color:navy">397.1 CIFS Integration (weight: 3)</span>==== | ||
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 3 | | style="background:#eaeaea" | 3 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be comfortable working with CIFS in a mixed environment. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * | + | |
− | * | + | * Understand SMB/CIFS concepts |
+ | * Access and mount remote CIFS shares from a Linux client | ||
+ | * Securely storing CIFS credentials | ||
+ | * Understand features and benefits of CIFS | ||
+ | * Understand permissions and file ownership of remote CIFS shares | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
+ | |||
+ | * SMB/CIFS | ||
+ | * mount, mount.cifs | ||
+ | * smbclient | ||
+ | * smbget | ||
+ | * smbtar | ||
+ | * smbtree | ||
+ | * findsmb | ||
* smb.conf | * smb.conf | ||
− | * | + | * smbcquotas |
− | * | + | * /etc/fstab |
− | + | ||
− | + | ||
− | + | ||
<br /> | <br /> | ||
− | ====<span style="color:navy"> | + | |
+ | ====<span style="color:navy">397.2 Working with Windows Clients (weight: 2)</span>==== | ||
+ | |||
{| | {| | ||
− | | style="background:#dadada" | '''Weight''' | + | | style="background:#dadada" | |
+ | |||
+ | '''Weight''' | ||
+ | |||
| style="background:#eaeaea" | 2 | | style="background:#eaeaea" | 2 | ||
|- | |- | ||
− | | style="background:#dadada; padding-right:1em" | '''Description''' | + | | style="background:#dadada; padding-right:1em" | |
− | | style="background:#eaeaea" | Candidates should be able to | + | |
+ | '''Description''' | ||
+ | |||
+ | | style="background:#eaeaea" | | ||
+ | |||
+ | Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers. | ||
+ | |||
|} | |} | ||
+ | |||
'''Key Knowledge Areas:''' | '''Key Knowledge Areas:''' | ||
− | * | + | |
− | * | + | * Knowledge of Windows clients |
+ | * Explore browse lists and SMB clients from Windows | ||
+ | * Share file / print resources from Windows | ||
+ | * Use of the smbclient program | ||
+ | * Use of the Windows net utility | ||
+ | |||
'''The following is a partial list of the used files, terms and utilities:''' | '''The following is a partial list of the used files, terms and utilities:''' | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | + | * Windows net command | |
− | <br/> | + | * smbclient |
+ | * control panel | ||
+ | * rdesktop | ||
+ | * workgroup | ||
+ | |||
+ | <br /> |
Latest revision as of 19:19, 4 December 2014
Contents
- 1 Introduction
- 2 Version Information
- 3 Addenda
- 4 Translations of Objectives
- 5 Objectives
- 5.1 Topic 390: OpenLDAP Configuration
- 5.2 Topic 391: OpenLDAP as an Authentication Backend
- 5.3 Topic 392: Samba Basics
- 5.4 Topic 393: Samba Share Configuration
- 5.5 Topic 394: Samba User and Group Management
- 5.6 Topic 395: Samba Domain Integration
- 5.7 Topic 396: Samba Name Services
- 5.8 Topic 397: Working with Linux and Windows Clients
Introduction
A complete description of the LPIC-3 certification program can be found here.
Version Information
These objectives are version 1.0.0.
They were partially formed from content in the 301 and 302 exams. This is also a summary and detailed information on the changes from those objectives to version 1 of these objectives.
Addenda
Version Release (Oct 1st, 2013)
- released version 1.0.0
Translations of Objectives
The following translations of the objectives are available on this wiki:
Objectives
Topic 390: OpenLDAP Configuration
390.1 OpenLDAP Replication (weight: 3)
Weight |
3 |
Description |
Candidates should be familiar with the server replication available with OpenLDAP. |
Key Knowledge Areas:
- Replication concepts
- Configure OpenLDAP replication
- Analyze replication log files
- Understand replica hubs
- LDAP referrals
- LDAP sync replication
The following is a partial list of the used files, terms and utilities:
- master / slave server
- multi-master replication
- consumer
- replica hub
- one-shot mode
- referral
- syncrepl
- pull-based / push-based synchronization
- refreshOnly and refreshAndPersist
- replog
390.2 Securing the Directory (weight: 3)
Weight |
3 |
Description |
Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level. |
Key Knowledge Areas:
- Securing the directory with SSL and TLS
- Firewall considerations
- Unauthenticated access methods
- User / password authentication methods
- Maintanence of SASL user DB
- Client / server certificates
The following is a partial list of the used files, terms and utilities:
- SSL / TLS
- Security Strength Factors (SSF)
- SASL
- proxy authorization
- StartTLS
- iptables
390.3 OpenLDAP Server Performance Tuning (weight: 2)
Weight |
2 |
Description |
Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives. |
Key Knowledge Areas:
- Measure OpenLDAP performance
- Tune software configuration to increase performance
- Understand indexes
The following is a partial list of the used files, terms and utilities:
- index
- DB_CONFIG
Topic 391: OpenLDAP as an Authentication Backend
391.1 LDAP Integration with PAM and NSS (weight: 2)
Weight |
2 |
Description |
Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory. |
Key Knowledge Areas:
- Configure PAM to use LDAP for authentication
- Configure NSS to retrieve information from LDAP
- Configure PAM modules in various Unix environments
The following is a partial list of the used files, terms and utilities:
- PAM
- NSS
- /etc/pam.d/
- /etc/nsswitch.conf
391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2)
Weight |
2 |
Description |
Candidates should be able to integrate LDAP with Active Directory Services. |
Key Knowledge Areas:
- Kerberos integration with LDAP
- Cross platform authentication
- Single sign-on concepts
- Integration and compatibility limitations between OpenLDAP and Active Directory
The following is a partial list of the used files, terms and utilities:
- Kerberos
- Active Directory
- single sign-on
- DNS
Topic 392: Samba Basics
392.1 Samba Concepts and Architecture (weight: 2)
Weight |
2 |
Description |
Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known. |
Key Knowledge Areas:
- Understand the roles of the Samba daemons and components
- Understand key issues regarding heterogeneous networks
- Identify key TCP/UDP ports used with SMB/CIFS
- Knowledge of Samba3 and Samba4 differences
The following is a partial list of the used files, terms and utilities:
- /etc/services
- Samba daemons: smbd, nmbd, samba, winbindd
392.2 Configure Samba (weight: 4)
Weight |
4 |
Description |
Candidates should be able to configure the Samba daemons for a wide variety of purposes. |
Key Knowledge Areas:
- Knowledge of Samba server configuration file structure
- Knowledge of Samba variables and configuration parameters
- Troubleshoot and debug configuration problems with Samba
The following is a partial list of the used files, terms and utilities:
- smb.conf
- smb.conf parameters
- smb.conf variables
- testparm
- secrets.tdb
392.3 Regular Samba Maintenance (weight: 2)
Weight
|
2 |
Description |
Candidates should know about the various tools and utilities that are part of a Samba installation. |
Key Knowledge Areas:
- Monitor and interact with running Samba daemons
- Perform regular backups of Samba configuration and state data
The following is a partial list of the used files, terms and utilities:
- smbcontrol
- smbstatus
- tdbbackup
392.4 Troubleshooting Samba (weight: 2)
Weight |
2 |
Description |
Candidates should understand the structure of trivial database files and know how troubleshoot problems. |
Key Knowledge Areas:
- Configure Samba logging
- Backup TDB files
- Restore TDB files
- Identify TDB file corruption
- Edit / list TDB file content
The following is a partial list of the used files, terms and utilities:
- /var/log/samba/
- log level
- debuglevel
- smbpasswd
- pdbedit
- secrets.tdb
- tdbbackup
- tdbdump
- tdbrestore
- tdbtool
392.5 Internationalization (weight: 1)
Weight |
1 |
Description |
Candidates should be able to work with internationalization character codes and code pages. |
Key Knowledge Areas:
- Understand internationalization character codes and code pages
- Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
- Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
- Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment
The following is a partial list of the used files, terms and utilities:
- internationalization
- character codes
- code pages
- smb.conf
- dos charset, display charset and unix charset
393.1 File Services (weight: 4)
Weight |
4 |
Description |
Candidates should be able to create and configure file shares in a mixed environment. |
Key Knowledge Areas:
- Create and configure file sharing
- Plan file service migration
- Limit access to IPC$
- Create scripts for user and group handling of file shares
- Samba share access configuration parameters
The following is a partial list of the used files, terms and utilities:
- smb.conf
- [homes]
- smbcquotas
- smbsh
- browseable, writeable, valid users, write list, read list, read only and guest ok
- IPC$
- mount, smbmount
Weight |
3 |
Description |
Candidates should understand file permissions on a Linux file system in a mixed environment. |
Key Knowledge Areas:
- Knowledge of file / directory permission control
- Understand how Samba interacts with Linux file system permissions and ACLs
- Use Samba VFS to store Windows ACLs
The following is a partial list of the used files, terms and utilities:
- smb.conf
- chmod, chown
- create mask, directory mask, force create mode, force directory mode
- smbcacls
- getfacl, setfacl
- vfs_acl_xattr, vfs_acl_tdb and vfs objects
393.3 Print Services (weight: 2)
Weight |
2 |
Description |
Candidates should be able to create and manage print shares in a mixed environment. |
Key Knowledge Areas:
- Create and configure printer sharing
- Configure integration between Samba and CUPS
- Manage Windows print drivers and configure downloading of print drivers
- Configure [print$]
- Understand security concerns with printer sharing
- Uploading printer drivers for Point'n'Print driver installation using 'Add Print Driver Wizard' in Windows
The following is a partial list of the used files, terms and utilities:
- smb.conf
- [print$]
- CUPS
- cupsd.conf
- /var/spool/samba/
- smbspool
- rpcclient
- net
Topic 394: Samba User and Group Management
394.1 Managing User Accounts and Groups (weight: 4)
Weight |
4 |
Description |
Candidates should be able to manage user and group accounts in a mixed environment. |
Key Knowledge Areas:
- Manager user and group accounts
- Understand user and group mapping
- Knowledge of user account management tools
- Use of the smbpasswd program
- Force ownership of file and directory objects
The following is a partial list of the used files, terms and utilities:
- pdbedit
- smb.conf
- samba-tool user (with subcommands)
- samba-tool group (with subcommands)
- smbpasswd
- /etc/passwd
- /etc/group
- force user, force group
- idmap
394.2 Authentication, Authorization and Winbind (weight: 5)
Weight |
5 |
Description |
Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service. |
Key Knowledge Areas:
- Setup a local password database
- Perform password synchronization
- Knowledge of different passdb backends
- Convert between Samba passdb backends
- Integrate Samba with LDAP
- Configure Winbind service
- Configure PAM and NSS
The following is a partial list of the used files, terms and utilities:
- smb.conf
- smbpasswd, tdbsam, ldapsam
- passdb backend
- libnss_winbind
- libpam_winbind
- libpam_smbpass
- wbinfo
- getent
- SID and foreign SID
- /etc/passwd
- /etc/group
Topic 395: Samba Domain Integration
395.1 Samba as a PDC and BDC (weight: 3)
Weight |
3 |
Description |
Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains. |
Key Knowledge Areas:
- Understand and configure domain membership and trust relationships
- Create and maintain a primary domain controller with Samba3 and Samba4
- Create and maintain a backup domain controller with Samba3 and Samba4
- Add computers to an existing domain
- Configure logon scripts
- Configure roaming profiles
- Configure system policies
The following is a partial list of the used files, terms and utilities:
- smb.conf
- security mode
- server role
- domain logons
- domain master
- logon script
- logon path
- NTConfig.pol
- net
- profiles
- add machine script
- profile acls
395.2 Samba4 as an AD compatible Domain Controller (weight: 3)
Weight |
3 |
Description |
Candidates should be able to configure Samba 4 as an AD Domain Controller. |
Key Knowledge Areas:
- Configure and test Samba 4 as an AD DC
- Using smbclient to confirm AD operation
- Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP
The following is a partial list of the used files, terms and utilities:
- smb.conf
- server role
- samba-tool domain (with subcommands)
- samba
395.3 Configure Samba as a Domain Member Server (weight: 3)
Weight |
3 |
Description |
Candidates should be able to integrate Linux servers into an environment where Active Directory is present. |
Key Knowledge Areas:
- Joining Samba to an existing NT4 domain
- Joining Samba to an existing AD domain
- Ability to obtain a TGT from a KDC
The following is a partial list of the used files, terms and utilities:
- smb.conf
- server role
- server security
- net command
- kinit, TGT and REALM
Topic 396: Samba Name Services
396.1 NetBIOS and WINS (weight: 3)
Weight |
3 |
Description |
Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing. |
Key Knowledge Areas:
- Understand WINS concepts
- Understand NetBIOS concepts
- Understand the role of a local master browser
- Understand the role of a domain master browser
- Understand the role of Samba as a WINS server
- Understand name resolution
- Configure Samba as a WINS server
- Configure WINS replication
- Understand NetBIOS browsing and browser elections
- Understand NETBIOS name types
The following is a partial list of the used files, terms and utilities:
- smb.conf
- nmblookup
- smbclient
- name resolve order
- lmhosts
- wins support, wins server, wins proxy, dns proxy
- domain master, os level, preferred master
396.2 Active Directory Name Resolution (weight: 2)
Weight |
2 |
Description |
Candidates should be familiar with the internal DNS server with Samba4. |
Key Knowledge Areas:
- Understand and manage DNS for Samba4 as an AD Domain Controller
- DNS forwarding with the internal DNS server of Samba4
The following is a partial list of the used files, terms and utilities:
- samba-tool dns (with subcommands)
- smb.conf
- dns forwarder
- /etc/resolv.conf
- dig, host
Topic 397: Working with Linux and Windows Clients
397.1 CIFS Integration (weight: 3)
Weight |
3 |
Description |
Candidates should be comfortable working with CIFS in a mixed environment. |
Key Knowledge Areas:
- Understand SMB/CIFS concepts
- Access and mount remote CIFS shares from a Linux client
- Securely storing CIFS credentials
- Understand features and benefits of CIFS
- Understand permissions and file ownership of remote CIFS shares
The following is a partial list of the used files, terms and utilities:
- SMB/CIFS
- mount, mount.cifs
- smbclient
- smbget
- smbtar
- smbtree
- findsmb
- smb.conf
- smbcquotas
- /etc/fstab
397.2 Working with Windows Clients (weight: 2)
Weight |
2 |
Description |
Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers. |
Key Knowledge Areas:
- Knowledge of Windows clients
- Explore browse lists and SMB clients from Windows
- Share file / print resources from Windows
- Use of the smbclient program
- Use of the Windows net utility
The following is a partial list of the used files, terms and utilities:
- Windows net command
- smbclient
- control panel
- rdesktop
- workgroup