Difference between revisions of "LPIC-3 300 Objectives V1"

From LPI Wiki
Jump to: navigation, search
m (314.3 Samba4 as an AD compatible Domain Controller (weight: 3))
m (Topic 314: Working with CIFS, NetBIOS, and Active Directory)
Line 506: Line 506:
 
<br />
 
<br />
  
===''Topic 314: Working with CIFS, NetBIOS, and Active Directory''===
+
===''Topic 314: Working with Linux and Windows Clients''===
 +
 
 
====<span style="color:navy">314.1 CIFS Integration (weight: 3)</span>====
 
====<span style="color:navy">314.1 CIFS Integration (weight: 3)</span>====
 
{|
 
{|
Line 582: Line 583:
 
* rdesktop
 
* rdesktop
 
* workgroup
 
* workgroup
* smbget  
+
* smbget
 +
 
 
===''Topic 315: Security and Performance''===
 
===''Topic 315: Security and Performance''===
 
====<span style="color:navy">315.1 Linux File System and Share/Service Permissions (weight: 3)</span>====
 
====<span style="color:navy">315.1 Linux File System and Share/Service Permissions (weight: 3)</span>====

Revision as of 09:24, 4 June 2013

Contents

Introduction


Version Information

These objectives are version 1.0.0rc1. Objective renumbering will need to be done.


Addenda

Version Update Addendum (Apr 1st, 2013)

  • released version 1.0.0rc1.


Translations of Objectives

The following translations of the objectives are available on this wiki:


Objectives

Topic 303: OpenLDAP Configuration

303.3 OpenLDAP Replication (weight: 4)

Weight

4

Description

Candidates should be familiar with the server replication available with OpenLDAP.

Key Knowledge Areas:

  • Replication concepts.
  • Configure OpenLDAP replication.
  • Analyze replication log files.
  • Understand replica hubs.
  • LDAP referrals.
  • LDAP sync replication.

The following is a partial list of the used files, terms and utilities:


  • master / slave server
  • multi-master replication
  • consumer
  • replica hub
  • one-shot mode
  • referral
  • syncrepl
  • pull-based / push-based synchronization
  • refreshOnly and refreshAndPersist
  • replog


303.4 Securing the Directory (weight: 3)

Weight

3

Description

Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

  • Securing the directory with SSL and TLS.
  • Firewall considerations.
  • Unauthenticated access methods.
  • User / password authentication methods.
  • Maintanence of SASL user DB.
  • Client / server certificates.

The following is a partial list of the used files, terms and utilities:

  • SSL / TLS
  • Security Strength Factors (SSF)
  • SASL
  • proxy authorization
  • StartTLS
  • iptables


303.5 OpenLDAP Server Performance Tuning (weight: 2)

Weight

2

Description

Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives

Key Knowledge Areas:

  • Measure OpenLDAP performance.
  • Tune software configuration to increase performance.
  • Understand indexes.

The following is a partial list of the used files, terms and utilities:

  • index
  • DB_CONFIG


Topic 305: Integration and Migration

305.1 LDAP Integration with PAM and NSS (weight: 1)

Weight

1

Description

Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

  • Configure PAM to use LDAP for authentication.
  • Configure NSS to retrieve information from LDAP.
  • Configure PAM modules in various Unix environments.

The following is a partial list of the used files, terms and utilities:

  • PAM
  • NSS
  • /etc/pam.d/*
  • /etc/nsswitch.conf


305.5 Integrating LDAP with Active Directory and Kerberos (weight: 1)

Weight

1

Description

Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

  • Kerberos integration with LDAP.
  • Cross platform authentication.
  • Single sign-on concepts.
  • Integration and compatibility limitations between OpenLDAP and Active Directory.

The following is a partial list of the used files, terms and utilities:

  • Kerberos
  • Active Directory
  • single sign-on
  • DNS


Topic 310: Samba Concepts, Architecture and Design

310.3 Trivial Database Files (weight: 1)

Weight 2
Description Candidates should understand the structure of trivial database files and know how troubleshoot problems

Key Knowledge Areas:

  • Backup TDB files
  • Restore TDB files
  • Identify TDB file corruption
  • Edit / list TDB file content

The following is a partial list of the used files, terms and utilities:

  • pdbedit
  • secrets.tdb
  • tdbbackup
  • tdbdump
  • tdbtool
  • smbpasswd



Topic 312: Samba Share Configuration

312.1 Configure Samba (weight: 6)

Weight 6
Description Candidates should be able to configure the Samba daemons for a wide variety of purposes

Key Knowledge Areas:

  • Knowledge of Samba server configuration file structure
  • Knowledge of Samba variables and configuration parameters
  • Identify key TCP/UDP ports used with SMB/CIFS
  • Configure Samba logging
  • Troubleshoot and debug problems with Samba

The following is a partial list of the used files, terms and utilities:

  • smb.conf parameters
  • smb.conf variables
  • /etc/services
  • /var/log/samba/*
  • log level
  • debuglevel
  • testparm
  • smbtar
  • strace


312.2 File Services (weight: 4)

Weight 4
Description Candidates should be able to create and configure file shares in a mixed environment

Key Knowledge Areas:

  • Create and configure file sharing
  • Plan file service migration
  • Hide IPC$
  • Create scripts for user and group handling of file shares
  • smbcquotas
  • smbsh

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • [homes]
  • browseable, writeable, valid users
  • IPC$
  • mount, smbmount


312.3 Print Services (weight: 2)

Weight 2
Description Candidates should be able to create and manage print shares in a mixed environment

Key Knowledge Areas:

  • Create and configure printer sharing
  • Configure integration between Samba and CUPS
  • Manage Windows print drivers and configure downloading of print drivers
  • Configure [print$]
  • Understand security concerns with printer sharing
  • Setup and manage print accounting

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • [print$]
  • CUPS
  • cupsd.conf
  • /var/spool/samba
  • print accounting
  • smbprngenpdf
  • smbspool


312.6 Internationalization (weight: 1)

Weight 1
Description Candidates should be able to work with internationalization character codes and code pages

Key Knowledge Areas:

  • Understand internationalization character codes and code pages
  • Patch and build appropriate code conversion libraries
  • Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
  • Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

The following is a partial list of the used files, terms and utilities:

  • internationalization
  • character codes
  • code pages
  • smb.conf
  • code conversion libraries



Topic 313: Samba User and Group Management

313.1 Managing User Accounts and Groups (weight: 4)

Weight 4
Description Candidates should be able to manage user and group accounts in a mixed environment

Key Knowledge Areas:

  • Manager user and group accounts
  • Understand user and group mapping
  • Knowledge of user account management tools
  • Use of the smbpasswd program
  • Force ownership of file and directory objects

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • samba-tool setpassword
  • /usr/bin/smbpasswd
  • /etc/passwd
  • /etc/group
  • force user, force group
  • idmap


313.2 Authentication, Authorization and Winbind (weight: 8)

Weight 8
Description Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

  • Setup a local password database
  • Knowledge of the smbpasswd file format
  • Perform password synchronization
  • Knowledge of alternative backend storage for passwords
  • Integrate Samba with LDAP
  • Understand access control lists
  • Configure Winbind

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • smbpasswd
  • passdb backend
  • security mask
  • libnss_winbind
  • libpam_winbind
  • wbinfo
  • PAM
  • NSS
  • password synchronization
  • LDAP
  • PAM
  • NSCD
  • SID
  • /etc/passwd
  • /etc/group
  • foreign SID



Topic 314: Samba Domain Integration

312.4 Samba3 as a PDC and BDC (weight: 4)

Weight 4
Description Candidates should be able to setup and maintain primary and backup domain controllers, and manage Windows/Linux clients' access to the domain

Key Knowledge Areas:

  • Understand domain membership
  • Create and maintain a primary domain controller
  • Create and maintain a backup domain controller
  • Add computers to an existing domain
  • Configure logon scripts
  • Configure roaming profiles
  • Configure system policies

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • primary domain controller
  • backup domain controller
  • domain membership
  • roaming profiles
  • system policies
  • logon scripts
  • Active Directory
  • LDAP
  • trust relationships


314.2 Samba4 as a PDC (weight: 6)

Weight 6
Description Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing

Key Knowledge Areas:

  • Understand WINS concepts
  • Understand NetBIOS concepts
  • Understand the role of a local master browser
  • Understand the role of a domain master browser
  • Understand the role of Samba as a WINS server
  • Understand name resolution
  • Configure Samba as a WINS server
  • Configure WINS replication
  • Understand NetBIOS browsing, service announcements and elections

The following is a partial list of the used files, terms and utilities:

  • NetBIOS
  • NBT
  • WINS
  • local master browser
  • domain master browser
  • service announcements
  • elections
  • node types
  • smbclient
  • findsmb
  • name resolve order
  • lmhosts
  • smbtree


314.3 Samba4 as an AD compatible Domain Controller (weight: 3)

Weight 3
Description Candidates should be able to configure Samba 4 as an AD Domain Controller

Key Knowledge Areas:

  • Configure and test Samba 4 as an AD DC
  • Understand how Samba integrates with AD services; DNS, Kerberos, NTP, ACLs

The following is a partial list of the used files, terms and utilities:

  • samba-tool domain provision
  • samba
  • smbclient
  • getent


314.3 Integrating with Active Directory (weight: 2)

Weight 2
Description Candidates should be able to integrate Linux servers into an environment where Active Directory is present

Key Knowledge Areas:

  • List remove Active Directory / LDAP users
  • Configure Samba in ADS security mode
  • Knowledge of the DNS requirements for Active Directory

The following is a partial list of the used files, terms and utilities:

  • Active Directory
  • ADS Security Mode
  • DNS
  • LDAP
  • Windows' net command
  • Kerberos
  • domain
  • smb.conf
  • smbcalcs



Topic 314: Working with Linux and Windows Clients

314.1 CIFS Integration (weight: 3)

Weight 3
Description Candidates should be comfortable working with CIFS in a mixed environment

Key Knowledge Areas:

  • Understand SMB/CIFS concepts
  • Mount remote CIFS shares from a Linux client
  • Understand features and benefits of CIFS

The following is a partial list of the used files, terms and utilities:

  • SMB
  • CIFS
  • mount, smbmount
  • smbclient
  • smb.conf
  • /etc/fstab


314.2 NetBIOS and WINS (weight: 6)

Weight 6
Description Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing

Key Knowledge Areas:

  • Understand WINS concepts
  • Understand NetBIOS concepts
  • Understand the role of a local master browser
  • Understand the role of a domain master browser
  • Understand the role of Samba as a WINS server
  • Understand name resolution
  • Configure Samba as a WINS server
  • Configure WINS replication
  • Understand NetBIOS browsing, service announcements and elections

The following is a partial list of the used files, terms and utilities:

  • NetBIOS
  • NBT
  • WINS
  • local master browser
  • domain master browser
  • service announcements
  • elections
  • node types
  • smbclient
  • findsmb
  • name resolve order
  • lmhosts
  • smbtree


314.4 Working with Windows Clients (weight: 4)

Weight 4
Description Clients should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers

Key Knowledge Areas:

  • Knowledge of Windows clients
  • Explore browse lists and SMB clients from Windows
  • Share file / print resources from Windows
  • Use of the smbclient program
  • Use of the Windows net utility

The following is a partial list of the used files, terms and utilities:

  • Windows' net command
  • smbclient
  • mount, smbmount
  • control panel
  • rdesktop
  • workgroup
  • smbget

Topic 315: Security and Performance

315.1 Linux File System and Share/Service Permissions (weight: 3)

Weight 3
Description Candidates should understand file permissions on a Linux file system in a mixed environment

Key Knowledge Areas:

  • Knowledge of file / directory permission control
  • Understand how Samba interacts with Linux file system permissions

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • chmod
  • chown
  • mount, smbmount
  • create mask
  • directory mask


315.2 Samba Security (weight: 2)

Weight 2
Description Candidates should be able to secure Samba at both the firewall level, and the Samba daemons themselves

Key Knowledge Areas:

  • Configure access to and from a Samba server at the firewall level
  • Configure security relate parameters in the smb.conf file

The following is a partial list of the used files, terms and utilities:

  • iptables
  • smb.conf
  • /etc/services
  • security modes


315.3 Performance Tuning (weight: 1)

Weight 1
Description Candidates should be able to cluster services for load balancing and high availability purposes, and tune Samba settings for better server and network performance

Key Knowledge Areas:

  • Measure Samba performance
  • Optimize Samba memory usage
  • Improve file transfer speed in a SMB/CIFS environment

The following is a partial list of the used files, terms and utilities:

  • smb.conf
  • 'max *' parameters
  • netstat
  • smbstatus
  • socket options