LPIC3

LPIC-3 300: محیط های مختلط (Mixed Environment)

این آزمون از سری برنامه های آموزشی LPI در سطوح حرفه ای مدیریت سیستم های لینوکس است و به مدیریت حرفه ای لینوکس در محیط مختلط (شامل سیستم های ویندوزی و لینوکسی) می پردازد.

نسخه سرفصل های آزمون: نسخه 1.0 (آخرین بروز رسانی عمده:  1 اکتبر2013 ، آخرین به روز رسانی شامل قالب بندی جزئی: 4 دسامبر 2014)

آزمون: شامل یک آزمون LPIC-3  300

پیش نیاز: اعتبار مدارک LPIC-1 و LPIC-2

درباره وزن سرفصل ها: هر قسمت از سرفصل ها دارای یک وزن مشخص شده (از 1 تا 10) می باشد. هر سرفصل با وزن بالاتر، تعداد سوالات بیشتری را در آزمون خواهد داشت.

 

عناوین سرفصل ها:

390- تنظیمات OpenLDAP

391- OpenLDAP به عنوان  Authentication Backend

392- مبانی Samba

393- تنظیمات Samba Share

394- مدیریت گروه و کاربر Samba

395- ادغام دومین در Samba

396- Name Services در Samba

397- کار با کلاینت های ویندوزی و لینوکسی

 

 

سرفصل های آزمون LPIC3 – 300:

Topic 390: OpenLDAP Configuration

390.1 OpenLDAP Replication

Weight: 3

Description: Candidates should be familiar with the server replication available with OpenLDAP.

Key Knowledge Areas:

  • Replication concepts
  • Configure OpenLDAP replication
  • Analyze replication log files
  • Understand replica hubs
  • LDAP referrals
  • LDAP sync replication

 

The following is a partial list of the used files, terms and utilities:
  • master / slave server
  • multi-master replication
  • consumer
  • replica hub
  • one-shot mode
  • referral
  • syncrepl
  • pull-based / push-based synchronization
  • refreshOnly and refreshAndPersist
  • replog

 

 390.2 Securing the Directory

Weight: 3

Description: Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Key Knowledge Areas:

  • Securing the directory with SSL and TLS
  • Firewall considerations
  • Unauthenticated access methods
  • User / password authentication methods
  • Maintanence of SASL user DB
  • Client / server certificates

 

Terms and Utilities:
  • SSL / TLS
  • Security Strength Factors (SSF)
  • SASL
  • proxy authorization
  • StartTLS
  • iptables

 

 390.3 OpenLDAP Server Performance Tuning

Weight: 2

Description: Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.

Key Knowledge Areas:

  • Measure OpenLDAP performance
  • Tune software configuration to increase performance
  • Understand indexes

 

Terms and Utilities:
  • index
  • DB_CONFIG

 

Topic 391: OpenLDAP as an Authentication Backend

391.1 LDAP Integration with PAM and NSS

Weight: 2

Description: Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

  • Configure PAM to use LDAP for authentication
  • Configure NSS to retrieve information from LDAP
  • Configure PAM modules in various Unix environments

 

Terms and Utilities:
  • PAM
  • NSS
  • /etc/pam.d/
  • /etc/nsswitch.conf

 

 391.2 Integrating LDAP with Active Directory and Kerberos

Weight: 2

Description: Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

  • Kerberos integration with LDAP
  • Cross platform authentication
  • Single sign-on concepts
  • Integration and compatibility limitations between OpenLDAP and Active Directory
Terms and Utilities:
  • Kerberos
  • Active Directory
  • single sign-on
  • DNS

 

Topic 392: Samba Basics

392.1 Samba Concepts and Architecture

Weight: 2

Description: Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.

Key Knowledge Areas:

  • Understand the roles of the Samba daemons and components
  • Understand key issues regarding heterogeneous network
  • Identify key TCP/UDP ports used with SMB/CIFS
  • Knowledge of Samba3 and Samba4 differences

 

Terms and Utilities:
  • /etc/services
  • Samba daemons: smbd, nmbd, samba, winbindd

 

 392.2 Configure Samba

Weight: 4

Description: Candidates should be able to configure the Samba daemons for a wide variety of purposes.

Key Knowledge Areas:

  • Knowledge of Samba server configuration file structure
  • Knowledge of Samba variables and configuration parameters
  • Troubleshoot and debug configuration problems with Samba

 

Terms and Utilities:
  • conf
  • conf parameters
  • conf variables
  • testparm
  • tdb

 

392.3 Regular Samba Maintenance

Weight: 2

Description: Candidates should know about the various tools and utilities that are part of a Samba installation.

Key Knowledge Areas:

  • Monitor and interact with running Samba daemons
  • Perform regular backups of Samba configuration and state data

 

Terms and Utilities:
  • smbcontrol
  • smbstatus
  • tdbbackup

 

 392.4 Troubleshooting Samba

Weight: 2

Description: Candidates should understand the structure of trivial database files and know how troubleshoot problems.

Key Knowledge Areas:

  • Configure Samba logging
  • Backup TDB files
  • Restore TDB files
  • Identify TDB file corruption
  • Edit / list TDB file content

 

Terms and Utilities:
  • /var/log/samba/.
  • log level
  • debuglevel
  • smbpasswd
  • pdbedit
  • tdb
  • tdbbackup
  • tdbdump
  • tdbrestore
  • tdbtool

 

 392.5 Internationalization

Weight: 1

Description: Candidates should be able to work with internationalization character codes and code pages.

Key Knowledge Areas:

  • Understand internationalization character codes and code pages
  • Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
  • Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
  • Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

 

Terms and Utilities:
  • internationalization
  • character codes
  • code pages
  • conf
  • dos charset, display charset and unix charset

 

Topic 393: Samba Share Configuration

393.1 File Services

Weight: 4

Description: Candidates should be able to create and configure file shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure file sharing
  • Plan file service migration
  • Limit access to IPC$
  • Create scripts for user and group handling of file shares
  • Samba share access configuration parameters

 

Terms and Utilities:
  • conf
  • [homes]
  • smbcquotas
  • smbsh
  • browseable, writeable, valid users, write list, read list, read only and guest ok
  • IPC$
  • mount, smbmount

 

 393.2 Linux File System and Share/Service Permissions

Weight: 3

Description: Candidates should understand file permissions on a Linux file system in a mixed environment.

Key Knowledge Areas:

  • Knowledge of file / directory permission control
  • Understand how Samba interacts with Linux file system permissions and ACLs
  • Use Samba VFS to store Windows ACLs

 

Terms and Utilities:
  • conf
  • chmod, chown
  • create mask, directory mask, force create mode, force directory mode
  • smbcacls
  • getfacl, setfacl
  • vfs_acl_xattr, vfs_acl_tdb and vfs objects

 

 393.3 Print Services

Weight: 2

Description: Candidates should be able to create and manage print shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure printer sharing
  • Configure integration between Samba and CUPS
  • Manage Windows print drivers and configure downloading of print drivers
  • Configure [print$]
  • Understand security concerns with printer sharing
  • Uploading printer drivers for Point’n’Print driver installation using ‘Add Print Driver Wizard’ in Windows

 

Terms and Utilities:
  • conf
  • [print$]
  • CUPS
  • conf
  • /var/spool/samba/.
  • smbspool
  • rpcclient
  • net

 

Topic 394: Samba User and Group Management

394.1 Managing User Accounts and Groups

Weight: 4

Description: Candidates should be able to manage user and group accounts in a mixed environment.

Key Knowledge Areas:

  • Manager user and group accounts
  • Understand user and group mapping
  • Knowledge of user account management tools
  • Use of the smbpasswd program
  • Force ownership of file and directory objects

 

Terms and Utilities:
  • pdbedit
  • conf
  • samba-tool user (with subcommands)
  • samba-tool group (with subcommands)
  • smbpasswd
  • /etc/passwd
  • /etc/group
  • force user, force group.
  • idmap

 

394.2 Authentication, Authorization and Winbind

Weight: 5

Description: Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

  • Setup a local password database
  • Perform password synchronization
  • Knowledge of different passdb backends
  • Convert between Samba passdb backends
  • Integrate Samba with LDAP
  • Configure Winbind service
  • Configure PAM and NSS

 

Terms and Utilities:
  • conf
  • smbpasswd, tdbsam, ldapsam
  • passdb backend
  • libnss_winbind
  • libpam_winbind
  • libpam_smbpass
  • wbinfo
  • getent
  • SID and foreign SID
  • /etc/passwd
  • /etc/group

 

Topic 395: Samba Domain Integration

395.1 Samba as a PDC and BDC

Weight: 3

Description: Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.

Key Knowledge Areas:

  • Understand and configure domain membership and trust relationships
  • Create and maintain a primary domain controller with Samba3 and Samba4
  • Create and maintain a backup domain controller with Samba3 and Samba4
  • Add computers to an existing domain
  • Configure logon scripts
  • Configure roaming profiles
  • Configure system policies

 

Terms and Utilities:
  • conf
  • security mode
  • server role
  • domain logons
  • domain master
  • logon script
  • logon path
  • pol
  • net
  • profiles
  • add machine script
  • profile acls

 

 395.2 Samba4 as an AD compatible Domain Controller

Weight: 3

Description: Candidates should be able to configure Samba 4 as an AD Domain Controller.

Key Knowledge Areas:

  • Configure and test Samba 4 as an AD DC
  • Using smbclient to confirm AD operation
  • Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP

 

Terms and Utilities:
  • conf
  • server role
  • samba-tool domain (with subcommands)
  • samba

 

 395.3 Configure Samba as a Domain Member Server

Weight: 3

Description: Candidates should be able to integrate Linux servers into an environment where Active Directory is present.

Key Knowledge Areas:

  • Joining Samba to an existing NT4 domain
  • Joining Samba to an existing AD domain
  • Ability to obtain a TGT from a KDC

 

Terms and Utilities:
  • conf
  • server role
  • server security
  • net command
  • kinit, TGT and REALM

 

Topic 396: Samba Name Services

396.1 NetBIOS and WINS

Weight: 3

Description: Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.

Key Knowledge Areas:

  • Understand WINS concepts
  • Understand NetBIOS concepts
  • Understand the role of a local master browser
  • Understand the role of a domain master browser
  • Understand the role of Samba as a WINS server
  • Understand name resolution
  • Configure Samba as a WINS server
  • Configure WINS replication
  • Understand NetBIOS browsing and browser elections
  • Understand NETBIOS name types

 

Terms and Utilities:
  • conf
  • nmblookup
  • smbclient
  • name resolve order
  • lmhosts
  • wins support, wins server, wins proxy, dns proxy
  • domain master, os level, preferred master

 

 396.2 Active Directory Name Resolution

Weight: 2

Description: Candidates should be familiar with the internal DNS server with Samba4.

Key Knowledge Areas:

  • Understand and manage DNS for Samba4 as an AD Domain Controller
  • DNS forwarding with the internal DNS server of Samba4

 

Terms and Utilities:
  • samba-tool dns (with subcommands)
  • conf
  • dns forwarder
  • /etc/resolv.conf
  • dig, host

 

Topic 397: Working with Linux and Windows Clients

397.1 CIFS Integration

Weight: 3

Description: Candidates should be comfortable working with CIFS in a mixed environment.

Key Knowledge Areas:

  • Understand SMB/CIFS concepts
  • Access and mount remote CIFS shares from a Linux client
  • Securely storing CIFS credentials
  • Understand features and benefits of CIFS
  • Understand permissions and file ownership of remote CIFS shares

 

Terms and Utilities:
  • SMB/CIFS
  • mount, mount.cifs
  • smbclient
  • smbget
  • smbtar
  • smbtree
  • findsmb
  • conf
  • smbcquotas
  • /etc/fstab

 

 397.2 Working with Windows Clients

Weight: 2

Description: Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers.

Key Knowledge Areas:

  • Knowledge of Windows clients
  • Explore browse lists and SMB clients from Windows
  • Share file / print resources from Windows
  • Use of the smbclient program
  • Use of the Windows net utility

 

Terms and Utilities:
  • Windows net command
  • smbclient
  • control panel
  • rdesktop
  • workgroup