LPIC-3 300 Objectives V1

From LPI Wiki
Revision as of 04:36, 23 August 2013 by EricDeschamps (Talk | contribs) (396.2 Active Directory Name Resolution (weight: 2): updated to be more OmegaT friendly)

Jump to: navigation, search

Contents

Introduction


Version Information

These objectives are version 1.0.0.

They were partially formed from content in the 301 and 302 exams. This is also a summary and detailed information on the changes from those objectives to version 1 of these objectives.


Addenda

Version Release (Oct 1st, 2013)

  • released version 1.0.0


Translations of Objectives

The following translations of the objectives are available on this wiki:


Objectives

Topic 390: OpenLDAP Configuration

390.1 OpenLDAP Replication (weight: 3)

Weight

3

Description

Candidates should be familiar with the server replication available with OpenLDAP.

Key Knowledge Areas:

  • Replication concepts.
  • Configure OpenLDAP replication.
  • Analyze replication log files.
  • Understand replica hubs.
  • LDAP referrals.
  • LDAP sync replication.

The following is a partial list of the used files, terms and utilities:

  • master / slave server
  • multi-master replication
  • consumer
  • replica hub
  • one-shot mode
  • referral
  • syncrepl
  • pull-based / push-based synchronization
  • refreshOnly and refreshAndPersist
  • replog


390.2 Securing the Directory (weight: 3)

Weight

3

Description

Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

  • Securing the directory with SSL and TLS.
  • Firewall considerations.
  • Unauthenticated access methods.
  • User / password authentication methods.
  • Maintanence of SASL user DB.
  • Client / server certificates.

The following is a partial list of the used files, terms and utilities:

  • SSL / TLS
  • Security Strength Factors (SSF)
  • SASL
  • proxy authorization
  • StartTLS
  • iptables


390.3 OpenLDAP Server Performance Tuning (weight: 2)

Weight

2

Description

Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.

Key Knowledge Areas:

  • Measure OpenLDAP performance.
  • Tune software configuration to increase performance.
  • Understand indexes.

The following is a partial list of the used files, terms and utilities:

  • index
  • DB_CONFIG


Topic 391: OpenLDAP as an Authentication Backend

391.1 LDAP Integration with PAM and NSS (weight: 2)

Weight

2

Description

Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

  • Configure PAM to use LDAP for authentication.
  • Configure NSS to retrieve information from LDAP.
  • Configure PAM modules in various Unix environments.

The following is a partial list of the used files, terms and utilities:

  • PAM
  • NSS
  • /etc/pam.d/*
  • /etc/nsswitch.conf


391.2 Integrating LDAP with Active Directory and Kerberos (weight: 2)

Weight

2

Description

Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

  • Kerberos integration with LDAP.
  • Cross platform authentication.
  • Single sign-on concepts.
  • Integration and compatibility limitations between OpenLDAP and Active Directory.

The following is a partial list of the used files, terms and utilities:

  • Kerberos
  • Active Directory
  • single sign-on
  • DNS


Topic 392: Samba Basics

392.1 Samba Concepts and Architecture (weight: 2)

Weight

2

Description

Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.

Key Knowledge Areas:

  • Understand the roles of the Samba daemons and components.
  • Understand key issues regarding heterogeneous networks.
  • Identify key TCP/UDP ports used with SMB/CIFS.
  • Knowledge of Samba3 and Samba4 differences.

The following is a partial list of the used files, terms and utilities:

  • /etc/services.
  • Samba daemons: smbd, nmbd, samba, winbindd.


392.2 Configure Samba (weight: 4)

Weight

4

Description

Candidates should be able to configure the Samba daemons for a wide variety of purposes.

Key Knowledge Areas:

  • Knowledge of Samba server configuration file structure.
  • Knowledge of Samba variables and configuration parameters.
  • Troubleshoot and debug configuration problems with Samba.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • smb.conf parameters.
  • smb.conf variables.
  • testparm.
  • secrets.tdb.


392.3 Regular Samba Maintenance (weight: 2)

Weight


2

Description

Candidates should know about the various tools and utilities that are part of a Samba installation.

Key Knowledge Areas:

  • Monitor and interact with running Samba daemons.
  • Perform regular backups of Samba configuration and state data.

The following is a partial list of the used files, terms and utilities:

  • smbcontrol.
  • smbstatus.
  • tdbbackup.


392.4 Troubleshooting Samba (weight: 2)

Weight

2

Description

Candidates should understand the structure of trivial database files and know how troubleshoot problems.

Key Knowledge Areas:

  • Configure Samba logging.
  • Backup TDB files.
  • Restore TDB files.
  • Identify TDB file corruption.
  • Edit / list TDB file content.

The following is a partial list of the used files, terms and utilities:

  • /var/log/samba/*
  • log level.
  • debuglevel.
  • smbpasswd.
  • pdbedit.
  • secrets.tdb.
  • tdbbackup.
  • tdbdump.
  • tdbrestore.
  • tdbtool.


392.5 Internationalization (weight: 1)

Weight

1

Description

Candidates should be able to work with internationalization character codes and code pages.

Key Knowledge Areas:

  • Understand internationalization character codes and code pages.
  • Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment.
  • Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment.
  • Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment.

The following is a partial list of the used files, terms and utilities:

  • internationalization.
  • character codes.
  • code pages.
  • smb.conf.
  • dos charset, display charset and unix charset.


Topic 393: Samba Share Configuration

393.1 File Services (weight: 4)

Weight

4

Description

Candidates should be able to create and configure file shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure file sharing.
  • Plan file service migration.
  • Limit access to IPC$.
  • Create scripts for user and group handling of file shares.
  • Samba share access configuration parameters.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • [homes].
  • smbcquotas.
  • smbsh.
  • browseable, writeable, valid users, write list, read list, read only and guest ok.
  • IPC$.
  • mount, smbmount.


393.2 Linux File System and Share/Service Permissions (weight: 3)

Weight

3

Description

Candidates should understand file permissions on a Linux file system in a mixed environment.

Key Knowledge Areas:

  • Knowledge of file / directory permission control.
  • Understand how Samba interacts with Linux file system permissions and ACLs.
  • Use Samba VFS to store Windows ACLs.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • chmod, chown.
  • create mask, directory mask, force create mode, force directory mode.
  • smbcacls.
  • getfacl, setfacl.
  • vfs_acl_xattr, vfs_acl_tdb and vfs objects.


393.3 Print Services (weight: 2)

Weight

2

Description

Candidates should be able to create and manage print shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure printer sharing.
  • Configure integration between Samba and CUPS.
  • Manage Windows print drivers and configure downloading of print drivers.
  • Configure [print$].
  • Understand security concerns with printer sharing.
  • Uploading printer drivers for Point'n'Print driver installation using 'Add Print Driver Wizard' in Windows.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • [print$].
  • CUPS.
  • cupsd.conf.
  • /var/spool/samba.
  • smbspool.
  • rpcclient.
  • net.


Topic 394: Samba User and Group Management

394.1 Managing User Accounts and Groups (weight: 4)

Weight

4

Description

Candidates should be able to manage user and group accounts in a mixed environment.

Key Knowledge Areas:

  • Manager user and group accounts.
  • Understand user and group mapping.
  • Knowledge of user account management tools.
  • Use of the smbpasswd program.
  • Force ownership of file and directory objects.

The following is a partial list of the used files, terms and utilities:

  • pdbedit.
  • smb.conf.
  • samba-tool user (with subcommands).
  • samba-tool group (with subcommands).
  • smbpasswd.
  • /etc/passwd.
  • /etc/group.
  • force user, force group.
  • idmap.


394.2 Authentication, Authorization and Winbind (weight: 5)

Weight

5

Description

Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

  • Setup a local password database.
  • Perform password synchronization.
  • Knowledge of different passdb backends.
  • Convert between Samba passdb backends.
  • Integrate Samba with LDAP.
  • Configure Winbind service.
  • Configure PAM and NSS.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • smbpasswd, tdbsam, ldapsam.
  • passdb backend.
  • libnss_winbind.
  • libpam_winbind.
  • libpam_smbpass.
  • wbinfo.
  • getent.
  • SID and foreign SID.
  • /etc/passwd.
  • /etc/group.


Topic 395: Samba Domain Integration

395.1 Samba as a PDC and BDC (weight: 3)

Weight

3

Description

Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.

Key Knowledge Areas:

  • Understand and configure domain membership and trust relationships.
  • Create and maintain a primary domain controller with Samba3 and Samba4.
  • Create and maintain a backup domain controller with Samba3 and Samba4.
  • Add computers to an existing domain.
  • Configure logon scripts.
  • Configure roaming profiles.
  • Configure system policies.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • security mode.
  • server role.
  • domain logons.
  • domain master.
  • logon script.
  • logon path.
  • NTConfig.pol.
  • net.
  • profiles.
  • add machine script.
  • profile acls.


395.2 Samba4 as an AD compatible Domain Controller (weight: 3)

Weight

3

Description

Candidates should be able to configure Samba 4 as an AD Domain Controller.

Key Knowledge Areas:

  • Configure and test Samba 4 as an AD DC.
  • Using smbclient to confirm AD operation.
  • Understand how Samba integrates with AD services; DNS, Kerberos, NTP, LDAP.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • server role.
  • samba-tool domain (with subcommands).
  • samba.


395.3 Configure Samba as a Domain Member Server (weight: 3)

Weight

3

Description

Candidates should be able to integrate Linux servers into an environment where Active Directory is present.

Key Knowledge Areas:

  • Joining Samba to an existing NT4 domain.
  • Joining Samba to an existing AD domain.
  • Ability to obtain a TGT from a KDC.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • server role.
  • server security.
  • net command.
  • kinit, TGT and REALM.



Topic 396: Samba Name Services

396.1 NetBIOS and WINS (weight: 3)

Weight

3

Description

Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.

Key Knowledge Areas:

  • Understand WINS concepts.
  • Understand NetBIOS concepts.
  • Understand the role of a local master browser.
  • Understand the role of a domain master browser.
  • Understand the role of Samba as a WINS server.
  • Understand name resolution.
  • Configure Samba as a WINS server.
  • Configure WINS replication.
  • Understand NetBIOS browsing and browser elections.
  • Understand NETBIOS name types.

The following is a partial list of the used files, terms and utilities:

  • smb.conf.
  • nmblookup.
  • smbclient.
  • name resolve order.
  • lmhosts.
  • wins support, wins server, wins proxy, dns proxy.
  • domain master, os level, preferred master.


396.2 Active Directory Name Resolution (weight: 2)

Weight

2

Description

Candidates should be familiar with the internal DNS server with Samba4.

Key Knowledge Areas:

  • Understand and manage DNS for Samba4 as an AD Domain Controller.
  • DNS forwarding with the internal DNS sever of Samba4.

The following is a partial list of the used files, terms and utilities:

  • samba-tool dns (with subcommands).
  • smb.conf.
  • dns forwarder.
  • /etc/resolv.conf.
  • dig, host.


Topic 397: Working with Linux and Windows Clients

397.1 CIFS Integration (weight: 3)

Weight 3
Description Candidates should be comfortable working with CIFS in a mixed environment

Key Knowledge Areas:

  • Understand SMB/CIFS concepts
  • Access and mount remote CIFS shares from a Linux client
  • Securely storing CIFS credentials
  • Understand features and benefits of CIFS
  • Understand permissions and file ownership of remote CIFS shares

The following is a partial list of the used files, terms and utilities:

  • SMB/CIFS
  • mount, mount.cifs
  • smbclient
  • smbget
  • smbtar
  • smbtree
  • findsmb
  • smb.conf
  • smbcquotas
  • /etc/fstab


397.2 Working with Windows Clients (weight: 2)

Weight 2
Description Clients should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers

Key Knowledge Areas:

  • Knowledge of Windows clients
  • Explore browse lists and SMB clients from Windows
  • Share file / print resources from Windows
  • Use of the smbclient program
  • Use of the Windows net utility

The following is a partial list of the used files, terms and utilities:

  • Windows net command
  • smbclient
  • control panel
  • rdesktop
  • workgroup