LPIC-3 300 Objectives V1

Introduction

Version Information

These objectives are version 1.0.0.

They were partially formed from content in the 301 and 302 exams. This is also a summary and detailed information on the changes from those objectives to version 1 of these objectives.

Addenda

Version Release (Oct 1st, 2013)

• released version 1.0.0

Translations of Objectives

The following translations of the objectives are available on this wiki:

• English
• French
• Spanish

Objectives

Topic 390: OpenLDAP Configuration

390.1 OpenLDAP Replication (weight: 3)

Weight	3
Description	Candidates should be familiar with the server replication available with OpenLDAP.

Key Knowledge Areas:

• Replication concepts.
• Configure OpenLDAP replication.
• Analyze replication log files.
• Understand replica hubs.
• LDAP referrals.
• LDAP sync replication.

The following is a partial list of the used files, terms and utilities:

• master / slave server
• multi-master replication
• consumer
• replica hub
• one-shot mode
• referral
• syncrepl
• pull-based / push-based synchronization
• refreshOnly and refreshAndPersist
• replog

390.2 Securing the Directory (weight: 3)

Weight	3
Description	Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

• Securing the directory with SSL and TLS.
• Firewall considerations.
• Unauthenticated access methods.
• User / password authentication methods.
• Maintanence of SASL user DB.
• Client / server certificates.

The following is a partial list of the used files, terms and utilities:

• SSL / TLS
• Security Strength Factors (SSF)
• SASL
• proxy authorization
• StartTLS
• iptables

390.3 OpenLDAP Server Performance Tuning (weight: 2)

Weight	2
Description	Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.

Key Knowledge Areas:

• Measure OpenLDAP performance.
• Tune software configuration to increase performance.
• Understand indexes.

The following is a partial list of the used files, terms and utilities:

• index
• DB_CONFIG

Topic 391: OpenLDAP as an Authentication Backend

391.1 LDAP Integration with PAM and NSS (weight: 2)

Weight	2
Description	Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

• Configure PAM to use LDAP for authentication.
• Configure NSS to retrieve information from LDAP.
• Configure PAM modules in various Unix environments.

The following is a partial list of the used files, terms and utilities:

• PAM
• NSS
• /etc/pam.d/*
• /etc/nsswitch.conf

391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2)

Weight	2
Description	Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

• Kerberos integration with LDAP.
• Cross platform authentication.
• Single sign-on concepts.
• Integration and compatibility limitations between OpenLDAP and Active Directory.

The following is a partial list of the used files, terms and utilities:

• Kerberos
• Active Directory
• single sign-on
• DNS

Topic 392: Samba Basics

392.1 Samba Concepts and Architecture (weight: 2)

Weight	2
Description	Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.

Key Knowledge Areas:

• Understand the roles of the Samba daemons and components.
• Understand key issues regarding heterogeneous networks.
• Identify key TCP/UDP ports used with SMB/CIFS.
• Knowledge of Samba3 and Samba4 differences.

The following is a partial list of the used files, terms and utilities:

• /etc/services.
• Samba daemons: smbd, nmbd, samba, winbindd.

392.2 Configure Samba (weight: 4)

Weight	4
Description	Candidates should be able to configure the Samba daemons for a wide variety of purposes.

Key Knowledge Areas:

• Knowledge of Samba server configuration file structure.
• Knowledge of Samba variables and configuration parameters.
• Troubleshoot and debug configuration problems with Samba.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• smb.conf parameters.
• smb.conf variables.
• testparm.
• secrets.tdb.

392.3 Regular Samba Maintenance (weight: 2)

Weight	2
Description	Candidates should know about the various tools and utilities that are part of a Samba installation.

Key Knowledge Areas:

• Monitor and interact with running Samba daemons.
• Perform regular backups of Samba configuration and state data.

The following is a partial list of the used files, terms and utilities:

• smbcontrol.
• smbstatus.
• tdbbackup.

392.4 Troubleshooting Samba (weight: 2)

Weight	2
Description	Candidates should understand the structure of trivial database files and know how troubleshoot problems.

Key Knowledge Areas:

• Configure Samba logging.
• Backup TDB files.
• Restore TDB files.
• Identify TDB file corruption.
• Edit / list TDB file content.

The following is a partial list of the used files, terms and utilities:

• /var/log/samba/*
• log level.
• debuglevel.
• smbpasswd.
• pdbedit.
• secrets.tdb.
• tdbbackup.
• tdbdump.
• tdbrestore.
• tdbtool.

392.5 Internationalization (weight: 1)

Weight	1
Description	Candidates should be able to work with internationalization character codes and code pages.

Key Knowledge Areas:

• Understand internationalization character codes and code pages.
• Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment.
• Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment.
• Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment.

The following is a partial list of the used files, terms and utilities:

• internationalization.
• character codes.
• code pages.
• smb.conf.
• dos charset, display charset and unix charset.

Topic 393: Samba Share Configuration

393.1 File Services (weight: 4)

Weight	4
Description	Candidates should be able to create and configure file shares in a mixed environment.

Key Knowledge Areas:

• Create and configure file sharing.
• Plan file service migration.
• Limit access to IPC$.
• Create scripts for user and group handling of file shares.
• Samba share access configuration parameters.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• [homes].
• smbcquotas.
• smbsh.
• browseable, writeable, valid users, write list, read list, read only and guest ok.
• IPC$.
• mount, smbmount.

393.2 Linux File System and Share/Service Permissions (weight: 3)

Weight	3
Description	Candidates should understand file permissions on a Linux file system in a mixed environment.

Key Knowledge Areas:

• Knowledge of file / directory permission control.
• Understand how Samba interacts with Linux file system permissions and ACLs.
• Use Samba VFS to store Windows ACLs.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• chmod, chown.
• create mask, directory mask, force create mode, force directory mode.
• smbcacls.
• getfacl, setfacl.
• vfs_acl_xattr, vfs_acl_tdb and vfs objects.

393.3 Print Services (weight: 2)

Weight	2
Description	Candidates should be able to create and manage print shares in a mixed environment.

Key Knowledge Areas:

• Create and configure printer sharing.
• Configure integration between Samba and CUPS.
• Manage Windows print drivers and configure downloading of print drivers.
• Configure [print$].
• Understand security concerns with printer sharing.
• Uploading printer drivers for Point'n'Print driver installation using 'Add Print Driver Wizard' in Windows.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• [print$].
• CUPS.
• cupsd.conf.
• /var/spool/samba.
• smbspool.
• rpcclient.
• net.

Topic 394: Samba User and Group Management

394.1 Managing User Accounts and Groups (weight: 4)

Weight	4
Description	Candidates should be able to manage user and group accounts in a mixed environment.

Key Knowledge Areas:

• Manager user and group accounts.
• Understand user and group mapping.
• Knowledge of user account management tools.
• Use of the smbpasswd program.
• Force ownership of file and directory objects.

The following is a partial list of the used files, terms and utilities:

• pdbedit.
• smb.conf.
• samba-tool user (with subcommands).
• samba-tool group (with subcommands).
• smbpasswd.
• /etc/passwd.
• /etc/group.
• force user, force group.
• idmap.

394.2 Authentication, Authorization and Winbind (weight: 5)

Weight	5
Description	Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

• Setup a local password database.
• Perform password synchronization.
• Knowledge of different passdb backends.
• Convert between Samba passdb backends.
• Integrate Samba with LDAP.
• Configure Winbind service.
• Configure PAM and NSS.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• smbpasswd, tdbsam, ldapsam.
• passdb backend.
• libnss_winbind.
• libpam_winbind.
• libpam_smbpass.
• wbinfo.
• getent.
• SID and foreign SID.
• /etc/passwd.
• /etc/group.

Topic 395: Samba Domain Integration

395.1 Samba as a PDC and BDC (weight: 3)

Weight	3
Description	Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.

Key Knowledge Areas:

• Understand and configure domain membership and trust relationships.
• Create and maintain a primary domain controller with Samba3 and Samba4.
• Create and maintain a backup domain controller with Samba3 and Samba4.
• Add computers to an existing domain.
• Configure logon scripts.
• Configure roaming profiles.
• Configure system policies.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• security mode.
• server role.
• domain logons.
• domain master.
• logon script.
• logon path.
• NTConfig.pol.
• net.
• profiles.
• add machine script.
• profile acls.

395.2 Samba4 as an AD compatible Domain Controller (weight: 3)

Weight	3
Description	Candidates should be able to configure Samba 4 as an AD Domain Controller.

Key Knowledge Areas:

• Configure and test Samba 4 as an AD DC.
• Using smbclient to confirm AD operation.
• Understand how Samba integrates with AD services; DNS, Kerberos, NTP, LDAP.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• server role.
• samba-tool domain (with subcommands).
• samba.

395.3 Configure Samba as a Domain Member Server (weight: 3)

Weight	3
Description	Candidates should be able to integrate Linux servers into an environment where Active Directory is present.

Key Knowledge Areas:

• Joining Samba to an existing NT4 domain.
• Joining Samba to an existing AD domain.
• Ability to obtain a TGT from a KDC.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• server role.
• server security.
• net command.
• kinit, TGT and REALM.

Topic 396: Samba Name Services

396.1 NetBIOS and WINS (weight: 3)

Weight	3
Description	Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.

Key Knowledge Areas:

• Understand WINS concepts.
• Understand NetBIOS concepts.
• Understand the role of a local master browser.
• Understand the role of a domain master browser.
• Understand the role of Samba as a WINS server.
• Understand name resolution.
• Configure Samba as a WINS server.
• Configure WINS replication.
• Understand NetBIOS browsing and browser elections.
• Understand NETBIOS name types.

The following is a partial list of the used files, terms and utilities:

• smb.conf.
• nmblookup.
• smbclient.
• name resolve order.
• lmhosts.
• wins support, wins server, wins proxy, dns proxy.
• domain master, os level, preferred master.

396.2 Active Directory Name Resolution (weight: 2)

Weight	2
Description	Candidates should be familiar with the internal DNS server with Samba4.

Key Knowledge Areas:

• Understand and manage DNS for Samba4 as an AD Domain Controller.
• DNS forwarding with the internal DNS sever of Samba4.

The following is a partial list of the used files, terms and utilities:

• samba-tool dns (with subcommands).
• smb.conf.
• dns forwarder.
• /etc/resolv.conf.
• dig, host.

Topic 397: Working with Linux and Windows Clients

397.1 CIFS Integration (weight: 3)

Weight	3
Description	Candidates should be comfortable working with CIFS in a mixed environment

Key Knowledge Areas:

• Understand SMB/CIFS concepts
• Access and mount remote CIFS shares from a Linux client
• Securely storing CIFS credentials
• Understand features and benefits of CIFS
• Understand permissions and file ownership of remote CIFS shares

The following is a partial list of the used files, terms and utilities:

• SMB/CIFS
• mount, mount.cifs
• smbclient
• smbget
• smbtar
• smbtree
• findsmb
• smb.conf
• smbcquotas
• /etc/fstab

397.2 Working with Windows Clients (weight: 2)

Weight	2
Description	Clients should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers

Key Knowledge Areas:

• Knowledge of Windows clients
• Explore browse lists and SMB clients from Windows
• Share file / print resources from Windows
• Use of the smbclient program
• Use of the Windows net utility

The following is a partial list of the used files, terms and utilities:

• Windows net command
• smbclient
• control panel
• rdesktop
• workgroup