CHAPTER 8. Installing, Configuring as a Server
Exam objectives in this chapter
■ Network Services
■ Web Services
■ Application Services
Introduction
Servers provide network services to clients, such as Domain name server (DNS) and Dynamic Host Configuration Protocol (DHCP), or they serve as an application server, such as printing and mail. The main network and application services are explained in this chapter.
Network Services
There are many network services that can be deployed to a system, and this section will look at the most commonly deployed ones: DHCP, DNS, Network Time Protocol (NTP), and the interoperability with Microsoft Windows systems.
DHCP
DHCP servers are used to configure Transmission Control Protocol/Internet Protocol (TCP/IP) parameters for a host as they connect to a network, including
■ IP address
■ Name servers
■ Configuring the routing, including the default route
Fast Facts
The main aspects of the DHCP you need to remember are as follows:
■ DHCP allocates IP addresses to hosts on a permanent or temporary basis.
■ Temporary IP addresses are said to be leased to a client by the server.
■ Leased IP addresses can be renewed or relinquished.
■ The list of leases is kept in dhcpd.leases, usually in /var/db.
■ DHCP maximizes the usage of IP addresses available by allocating addresses on an as-needed basis.
■ DHCP servers usually have fixed or static IP address.
DHCP Server Configuration
Before starting to configure the DHCP server, it is very important to understand your network and what parameters you will be configuring.
Did You Know?
The basic parameters you will want to configure with DHCP are as follows:
■ Domain name
■ DNSes
■ Lease times
■ Routing
■ Static IP addresses
■ Logging
■ Primary or secondary DHCP server
The configuration file for DHCP is /etc/dhcpd.conf. Each subnet that you going to provide DHCP services for must be defined in the file. The main options that can be used are described below:
# Sample configuration file for dhcpd
# Set the time a client can keep the IP address
default-lease-time 600;
max-lease-time 7200;
# set the default gateway to be used by clients
option routers 10.254.239.1;
# Set-up the NTP server
option ntp-server 10.254.239.6;
# set the nameserver to be used by the clients
option domain-name-servers 10.254.239.5
# This is a very basic subnet declaration.
subnet 10.254.239.0 netmask 255.255.255.224 {
range 10.254.239.10 10.254.239.20;
option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;
}
# Fixed IP addresses can also be specified for hosts.
# Names or IP addresses can be used
host adminprinter{
hardware ethernet 08:00:07:26:c0:a5;
fixed-address adminprinter.fugue.com;
}
This setup is allocating a number of IP addresses using DHCP, both leased and fixed.
DNS
The DNS resolves machine names to an IP address or it converts from the IP address to the name. In principle, a DNS resolves a name to its IP address.
Fast Facts
The Domain namespace can be regarded as structured in a tree form.
■ Each domain within the tree is a node, with each node having a set of resource records (RRs) associated with it.
■ RRs will define (at least) the ownership, name, and IP address.
■ Domains can have subdomains, often referred to as children.
■ The root is named . (dot), a corollary of the root drive / in the filesystem.
■ Subdomains prepend their name to the root name, separated with another “.”.
■ Actual machines in each domain are defined by their machine name and the domain they are in or their fully qualified domain name (FQDN).
The Domain name system is a distributed database, and the nodes of this database are name servers with one or more authoritative DNSes that publish all the information about a domain, included in zone files on the DNS. The forward and reverse zones are defined as follows: reverse zones associate an IP address with a hostname and forward zones associate a name with an IP address. The DNS resolver is the client part of the client-server architecture and is the process that performs the resolution of the query, for example, the translation of the FQDN to its actual IP address.
DNS RRs
RRs are the most basic part of the Domain name system and have a number of basic elements to them: type, Time to Live (TTL), class, and possibly some data specific to the type of record. These records were described in Chapter 4, “Configuring the Base System,” in the section “DNS Record Type and DNS Resolution.”
Caching Nameserver
A caching nameserver will build a local cache of resolved domain names and use this list to serve other hosts on your network. A large number of DNS requests are the same, and this will increase the speed of resolution and decrease the amount of traffic you send upward to another nameserver provided by named. A sample listing showing how a primary or master nameserver is set up is shown below, which is in the named.conf file (normally in /etc or /etc/named.d).
zone “mydomain.com” IN {
type master;
file “mydomain.com.xone”;
allow-update [ none; ];
};
There is a control utility called rndc that allows you to administer the named daemon. The configuration file for rndc is /etc/rndc.conf, and additionally, you need to specify authentication keys in both /etc/rndc.conf and /etc/named.conf, which must match. You need to generate HMAC-MD5 keys for both the configu-ration files using the following command:
dnssec-keygen -a hmac-md5 -b <bit-length> -n HOST <key-file-name>
The default port used by rndc to connect to is 953. Once the command is set up, the rndc command can be used with the following options shown in Table 8.1.
NTP
The NTP synchronizes computer clocks over a network, including the Internet. There are primary (Stratum 1) and secondary (Stratum 2) servers with servers at a lower level that synchronize to a server at a higher level.
An NTP client is implemented as a continuously running daemon process, which runs in the kernel space due to the sensitivity of timing. The main configuration file is /etc/ntp.conf and defines the servers to synchronize to, as well as what networks are allowed to synchronize to, your server. A number of servers need to be defined to ensure redundancy, as shown below:
server lerc-dns.lerc.nasa.gov # Stratem 1 server
server ntp.time.edu# Stratem 2 server
The utility program ntpq is used to monitor the NTP daemon to determine the performance, and ntpq –p is useful to see what time servers are currently being polled. The local date and time can be set using ntpdate or ntpd.
Date
date displays or sets the date on a system that does not have an NTP with common options shown in Table 8.2.
Windows Interoperability
Interoperability between Linux and Windows is normally an essential task that any system administrator needs to undertake.
Remote Desktop
rdesktop uses the Remote Desktop Protocol (RDP) and can be used to present remote desktops. To connect to a remote host, hostname.mycorp.com with IP address 10.10.100.23, either of the following commands can be used:
rdesktop hostname.mycorp.com
redesktop 10.10.100.23
Crunch Time
The target server or client must have the remote desktop connection enabled for this to work. In addition, you may need to supply username and password credentials applicable to the target host. The protocol runs on port 3389, which will need to be open on any intermediate firewalls.
Virtual Network Computing
Virtual network computing (VNC) is a client-server application used to administer remote machines, operating on port 5901. A client for X Windows is vncviewer, which will connect to any VNC-compatible server.
Samba
Samba will implement the basic Server Message Block/Common Internet File System (SMB/CIFS) services, namely:
■ File and print services
■ Authentication and authorization
■ Name resolution
■ Browsing or service announcement
Users may wish to share some of all their files and allow only certain users to access (authentication and authorization). All these are handled by the daemon that is included within Samba.
Fast Facts
The two daemons included with Samba are smbd and nmbd.
■ smbd handles file and printer sharing, including user access (authentication and authorization).
■ nmbd undertakes name resolution on a point-to-point basis or broadcast basis, using the NetBIOS protocol.
■ In broadcast mode, an nmbd client will send out a request to all machines on the network, for example, asking who is running a particular service.
■ The other name resolution element of the nmbd daemon revolves around the NetBIOS Name Service (NBNS) or Windows Internet Name Service (WINS).
■ Within NBNS, there is a master server that holds the IP address and NetBIOS name of each client or server on the network and will serve these upon request.
■ The network browsing or service announcement part of Samba is also handled by the nmbd daemon.
■ There is one local master browser (LMB) on a network that holds the list of available services and provide these upon request. These lists can be populated across domains via domain master browsers (DMBs).
Configuration Files
The main configuration file for Samba is smb.conf, usually residing in /etc/samba/smb.conf or /usr/local/samba/lib/smb.conf. The smb.conf layout is similar to that used in older Microsoft Windows .ini files, comprising a number of sections with a section name in brackets ([]) delimitating the sections. The sections or stanzas will contain information about the shares, printers, and services on the server. There is one special stanza called global, which specifies parameters that apply to all other stanzas in the smb.conf file. A very minimal smb.conf file can be defined that just defines a couple of global parameters and some shares.
[global]
workgroup = mycorp
netbios name = computer_name
[share1]
path = /etc
comment = share the /etc folder to the world
[share2]
path = /documents
comment = share the global documents folder to the world
If you are setting up a server and want to share everyone's home directories, there is a special stanza called homes, which will enable the default home directory shares.
[homes]
comment = Home Directories
browseable = yes
Comment = only allow users to connect to their own directory, \serverusername
valid users = %S
comment = allow user to write to the directory
writable = yes
lmhosts File
The lmhosts file is built into Samba and is the NetBIOS name to IP address mapping, in a similar format to the /etc/hosts file. The file is located in the /etc/samba or /usr/local/samba/lib directories.
Managing a Samba Server
The Samba server has a number of daemons (notably, nmbd and smbd) that need to be started, normally upon boot, and will read the smb.conf file. Once started, the server can be managed from the command line or through a graphical user interface (GUI). The command-line interface is very easy to use, and the main command is smbstatus, which can display the full status of the servers and connected clients. Some of the options available are shown in Table 8.3.
Connecting to a Samba Server
Assume that there is a Samba server located on the server syngress with a shared directory called rosie; you could map a drive on Windows to this from the command line using: net use h: \syngress
osie.
Linux has a client to access a Samba server called smbclient, with a syntax: smbclient //servername/sharename.
This client will display a new prompt to the user (typically, smb: >) and will have very similar functionality to a File Transfer Protocol (FTP) session with get, put, ls, and so forth.
winbind
The integration of Linux and Microsoft Windows can be time consuming as there is no real underlying unified login. The winbind component of Samba tries to solve this by allowing Windows domain users to appear and operate as a Linux user. The mappings between the Linux and Microsoft Windows user IDs are stored by winbind.
Web Services
The following sections will show how Web services are configured and how they can be accessed by the client.
Fast Facts
The setting up of Web services on a Linux server includes FTP servers, proxy servers, and add-ons such as Java servers.
■ Web servers will serve pages to the requestor using the Hypertext Transfer Protocol (HTTP).
■ An FTP server will transfer data between a remote client and the server using the FTP.
■ A proxy server will act as an intermediate server between a client and other networks, typically the Internet, to reduce the load on the connection.
Remote Access from the Command Line
The common utilities that can be used are telnet, curl, and wget. Telnet is a client-server protocol operating on port 23, and the syntax is telnet hostname | IP address, which will connect to a Telnet server at the hostname or IP address.
curl and wget retrieve files using HTTP, HTTPS, and FTP. The syntax for wget to download a URL is wget URL and for FTP is wget ftp://URL.
For sites that have FTP usernames and passwords, these can be specified in the command line, such as –ftp-user=user. As the command is not interactive, it can be built into scripts to automate the process.
curl can transfer data using a wide range of protocols and was designed to work without user interaction to facilitate its use in scripts. The syntax is curl URL.
Apache (HTTP) and Tomcat
The default installation of Apache will be /usr/local/apache2 and will be about 50 MB. The following sections will look at how you can configure the server.
Apache Configuration
The actual directory where the server is installed is configured during the configure task and is changed from the default using –prefix=PREFIX, where PREFIX will be defined as the installation directory. This directory is referred to as the ServerRoot.
apachectl
The Apache server runs as the httpd daemon, and the control script apachectl should be used to invoke httpd ensuring that the correct environment variables are set. The syntax is apachectl [http-argument] with the main arguments being start, stop, restart, and status.
httpd
Upon starting, httpd reads its configuration file httpd.conf, stored relative to the ServerRoot in conf/httpd.conf. Once started, it will create a pool of processes to handle all the requests that are generated at the server. The main options are shown in Table 8.4.
Apache Modules
The Apache server can be customized with modules that can add a variety of functionalities to the Apache server such as bandwidth management, Common Gateway Interface (CGI), or authentication. The modules that are currently loaded can be listed using
apache2 –l (shows those modules compiled in code)
apache2 –t –D DUMP_MODULES (show all loaded modules)
Modules can be enabled and disabled using the a2enmod and a2dismod commands.
Apache Containers
Within the Apache configuration files, there are individual units that contain directives that alter the configuration called Apache containers. The filesystem container contains all the directives regarding the directories and files, for example, location and access rights. The Webspace container contains all the information about the Web site you are developing, for example, the URL name.
As an example, to enable directory indexes for the /var/web/dir directory, the following would need to be included:
<Directory /var/web/dir>
Options +Indexes
</Directory>
The virtual host's container can be used when you have multiple hosts being served from the same machine, allowing different configuration options for each virtual host. The virtual hosts can be IP-based (one IP per Web site) or name-based (multiple names on a single IP address).
Exam Warning
You should know that the Apache Web files are located in the directory specified by the DocumentRoot directive specified in the httpd.conf file.
.htaccess Files
The .htaccess file allows the Apache server to have a decentralized management of its Web tree and has directives in the plain text configuration file. These directives will apply to the directory where the .htaccess file resides and is read upon every access; so any changes will have an immediate effect. If the .htaccess file has options in it, the Apache configuration file must be configured with the AllowOverride Options set.
Hypertext Preprocessor
Hypertext Preprocessor (PHP) is a general purpose scripting language, mainly used for dynamic Web creation. When PHP starts, it reads its configuration file php.ini, usually in /usr/local/lib/php.
CGI Scripts
Apache can be configured to treat any file in a particular directory as a CGI script, referred to as the cgi-bin directory. The directory where the CGI scripts are held can be set up in the httpd.conf file using ScriptAlias. The syntax of this is
ScriptAlias URL Path Name
It is possible to run CGI scripts from any directory. The cgi-script handler must be activated using the AddHandler directive, and the ExecCGI directive must be specified in the Options directive. The httpd.conf file will need to be modified by adding the lines
AddHandler cgi-script .cgi
Options +ExecCGI
Configuring Apache Server Logs
The Apache error log is set by the ErrorLog directive, and it is the log file where the httpd daemon will send errors and diagnostic information to – normally called error_log. The LogLevel directive in the configuration file will define the amount of error logs or how verbose they are. There are eight levels of logs: emergency, alert, critical, error, warning, notice, info, and debug.
Crunch Time
Do not allow anyone to write to the Apache log directory as this will almost certainly give them access to the UID that the server is started as, which is often root. In addition, the raw logs can have control characters inserted into it by malicious users, so care must be taken when viewing the raw files.
Tomcat Configuration
Tomcat is a servlet and JavaServer Pages (JSP) container. JSP allows developers to create dynamically generated Web pages using HTML and XML. Servlets are the Java equivalent to PHP, CGI, and ASP.NET and can be automatically generated by a JSP compiler.
FTP
The FTP server is used to upload and download files to a server from an FTP client. An FTP server that allows anyone to connect to it is called an anonymous server.
Fast Facts
FTP servers can be set up in active mode or passive mode.
■ In active mode, clients connect from a random port P > greater than 1023 to the port 21 on the server.
■ Clients listen on port P+1 and send this information to the server using PORT P+1.
■ The server will then connect to the P+1 port from its data port, port 20.
■ Ports P and P+1 will be open on the client, and ports 20 and 21 will be open on the server.
■ In passive mode, the client initiates both connections, opening ports P and P+1 (P > 1023).
■ Port P connects to port 21 and then uses PASV to get the server to open a port above 1023, say S, and transmits this to the client using PORT S.
■ The client connects to this port S.
An FTP server can restrict the local usernames that can be used, stopping users using, for example, root. This is achieved by putting the list of users in /etc/ftpusers, and this list of names must also appear in /etc/passwd. /etc/ftpchroot is in a similar format to /etc/ftpusers and contains the list of users whose session root directory needs to be changed, often listed in /etc/ftpd.conf, to ensure that the user cannot traverse into an unauthorized area.
Squid
Squid can be configured to cache HTTP and FTP traffic to reduce the amount of traffic destined for the Internet. Web clients are configured to access the Internet through this cache.
Fast Facts
Squid is a proxy server and Web caching service. It has many uses, namely:
■ Caching Web lookups for the network
■ Additional security for Web access
■ Speeding up a Web server through caching of repeated requests.
Squid Configuration Files
The configuration file is /etc/squid/squid.conf, and the software is installed in /usr/local/squid. Squid can be configured to listen on any port, which is often useful if you are trying to hide some servers from general browsing. The default port for squid is 3128, although a lot of people change this to port 80. To allow squid to listen on ports 3128, 80, and 8080, change the squid.conf file:
http_port 3128 80 8080
Access control lists (ACLs) can be used which can restrict the networks that are allowed to connect to the server and with which protocol. The squid proxy can filter individual sites so that users cannot access them.
Exam Warning
Squid can be used as a proxy server and as a caching server. When it is a caching server, it displays data to the client that it has already in its cache, for example, a Web page. When it is used as a proxy server, it acts as a go-between for requests from a client to the target server. The target server will, therefore, not be able to communicate directly with the client.
Application Services
The following section will explain the common application services of printing and e-mail.
Printing
The print server that is common within Linux is CUPS, and it is accessed via a Web browser using port 631, http://localhost:631, substituting the localhost part with a machine name or IP address if you are accessing a remote CUPS instance. Some pages require the root username and password.
Network Printers
Network printers require the IP address or can be found using Simple Network Management Protocol (SNMP) built into CUPS. There are three network protocols supported by CUPS:
■ AppSocket Protocol, usually associated with HP JetDirect
■ Internet Printing Protocol (IPP), normally port 631
■ Line Printer Daemon (LPD) Protocol, port 515
Managing Operation Policies
There are rules built into CUPS to allow the administrator to define a number of policies, such as the user must supply a password, stored in cupsd.conf and are changed via the CUPS interface using the Edit Configuration File on the Administration tab.
Printer Classes
Administrators can group printers together to form a class, allowing users to send a document to this group, and CUPS will decide the best printer to use.
An e-mail server can have a number of different clients seamlessly connecting to it. The mail server for a domain needs DNS configured to ensure that there is a valid MX record.
The main transport mechanism between e-mail servers is the Simple Mail Transfer Protocol (SMTP), which operates on port 25. Mail is transferred from one e-mail server to another using a mail transfer agent (MTA), such as sendmail, or Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) are used by e-mail clients to retrieve e-mail from a server.
How Mail Works
Users will have usernames for a domain such as username@your_domain, and mail will be sent to the mail server at this domain as specified by the DNS MX record. When users send e-mail destined for a local user, the mail server will simply put the e-mail in the appropriate user's mailbox. If it is for someone outside the domain, the mail server will look up the MX record of the target domain and then try to send or relay the mail to that server.
Sendmail
The following sections will outline how to set up a sendmail server.
Starting and Stopping Sendmail
Sendmail is usually started upon boot, when it reads the configuration file Changes to the configuration file require it to be restarted.
service sendmail start
service sendmail stop
service sendmail restart
Sendmail Configuration
The main configuration file is sendmail.cf, normally located in /etc/mail/sendmail.cf or /etc/sendmail.cf. A common method of producing the sendmail.cf file is through the use of m4 macro processor, which works on the configuration parameters in the file /etc/mail/sendmail.mc.
Mail Relaying
Mail relaying needs to be set up to ensure that your server is not used by spammers. You want to relay (or deliver) all mail that originates from your domain to the target domain. If your domain is mycorp.com, then you need to add this into the /etc/mail/relay-domains file. As it is relatively easy to spoof the from address, /etc/mail/access can be used, which is more specific on who can use the relay server. This file can be used to configure a number of actions such as relay, reject, and discard. The file is a simple two column list, which needs to be converted into a sendmail compatible file.
Postfix
An alternative to sendmail is postfix, which was designed to be simpler to configure than sendmail. Although there are several hundred configuration parameters that are controlled by the configuration file /etc/postfix/main.cf., the variables are defined and used in a similar way to shell variables.
parameter = value
new_parameter =$parameter
The domain that is used in outbound mail is defined in the myorigin parameter, which defaults to the local machine name. The server can accept mail for a number of domains, and these will be specified in the mydestination parameter. As with sendmail, you must ensure you only relay mail from hosts or network you know and trust. This is undertaken using the mynetworks parameter.
The postfix daemon reports all errors to the syslog daemon, which itself sorts out events by class and severity. The logging classes, levels, and logfile names must be entered into /etc/syslog.conf to ensure these are logged correctly.
Fast Facts
You need to have a number of valid e-mail addresses “aliased” to another account.
■ Aliases work for both sendmail and postfix.
■ The aliases file is normally /etc/aliases or /etc/mail/aliases.
■ Aliases are often configured to root.
■ The aliases file needs converting to a format that can be parsed by the mail server, using newaliases.
■ Aliases can be used to set up simple mailing lists.
MySQL
MySQL is a relational database management system (RDBMS) and will store data in tables, which can be linked together to enable manipulation of the data much easier.
MySQL Configuration
The main configuration file is /etc/my.cnf, and databases are located in a subdirectory of /var/lib/mysql. The MySQL data directory does need to be owned by the user which runs MySQL, and this directory should be set to 700 using chown.
Starting and Stopping MySQL
The MySQL service can be started and stopped using the commands listed below:
service mysqld start
service mysqld stop
service mysqld restart
Testing the Connection
The MySQL server can be tested very easily using the in-built command-line interpreter. The basic command is mysql, and the options are shown in Table 8.5.
| -u username | Connects a username to the database |
| -p | Prompts for password |
| -h hostname | Connects to the MySQL server on the remote host hostname |
mysql will attempt to connect to a remote database server using port 3306.
Summary of Exam Objectives
In this chapter, you learned about how to configure a Linux system when it used as a server. The DHCP service provides the client with an IP address and other data, such as the local nameserver. The basics of DNS configuration were discussed, and how to set up the different files for forward and reverse name resolution was outlined. The interoperability with Microsoft Windows using a Samba server and how to modify the various configuration files to undertake this task were defined.
The section on Web services was centered around the Apache Web server, showing how the server is configured. The location of the main configuration files, the definitions of modules and containers pertinent to the Apache configuration, and how PHP and CGI scripts are incorporated into the Apache server were explained. The Squid proxy server configuration was shown, and how it is used in a network was described. The configuration of an FTP server and how this could be configured for different file transfers, such as straight ASCI text or programs in a binary form, were described.
Finally, mail servers and how to configure the two most popular servers, send-mail and postfix, were discussed.
1. You have been told that your mail MTA is being used as a relay by spammers. You want to stop this happening. What is the best course of action?
A. Relocate the mailserver behind your corporate firewall and only allow TCP port 25 to and from this server.
B. Ensure that the only hosts that the mailserver will allow to relay are on your local network by configuring the /etc/mail/access file.
C. Ensure that only your domain can be relayed by configuring the relay-domains file.
D. Configure the mailserver to stop all relaying of mail and make sure all the users connect to it via an approved client.
2. Your new Apache Web server has been set up and one of the developers wants to know which directory to load the Web pages. What directive will need to be accessed in the httpd.conf file?
A. WebRoot directive
B. DocumentRoot directive
C. ServerName directive
D. WebBase directive
3. You want to set up your Apache server to capture logs as you are having problem with the application. What log level would you set to give you the most verbose logs?
A. emerg
B. error
C. info
D. alert
4. The Samba server in your office has been set up with the name samserv. You want to connect to the sammy directory that has been set up and shared on it. What will be the correct command from a terminal shell if you want to connect as a user called juliet?
A. smbclient //samserv/sammy juliet
B. smbclient //samserv/sammy –u juliet
C. smbclient //samserv/sammy –U juliet
D. smbclient //samserv/sammy U juliet
5. You want to administer your DNS using the rndc command, but you cannot connect to the server. You have pinged the server and it responds. You have just installed the client on your machine. What is the likely error?
A. You have not put your machines IP address into the rndc.conf file for the target DNS.
B. You have not inserted the correct keys into the rdnc.conf file.
C. You have run the dnssec-keygen command immediately before issuing the rndc command.
D. You must run the dnssync command on the new host and the target to ensure they can communicate with each other.
Answers
1. Correct answer and explanation: B. Answer B is correct, as this will specify which of your networks can connect to this mailserver and have their mail relayed. If you configure the networks correctly, the spam mail will not be relayed.
Incorrect answers and explanations: A, C, and D. Answer A is incorrect, as relocating the mailserver behind a firewall will not help. The server will have to have port 25 open on it, and this is used by spammers to force the mailserver to relay messages. This option would be useful if the correct configuration files as specified in answer B were done. Answer C is incorrect, as this will allow the domain users to still send e-mail, but spammers can easily spoof the domain name and could continue to use this as a relay mailserver. Answer D is incorrect, because if you stop the mailserver from relaying all mail, users will not be able to send any mail.
2. Correct answer and explanation: B. Answer B is correct, as the Document Root parameter correctly defines the root directory where the Web pages are stored.
Incorrect answers and explanations: A, C, and D. Answer A is incorrect, as there is no WebRoot parameter. Answer C is incorrect, as the Server-Name parameter defines the name of the Web site. Answer D is incorrect because, again, there is no WebBase directive.
3. Correct answer and explanation: C. Answer C is correct, as this is the lowest log level and will give the most verbose output from the options listed. Debug can also be used, which will give a more verbose output than info.
Incorrect answers and explanations: A, B, and D. Answer A is incorrect, as this will only give out emergency log message such as Child cannot open lock file. Exiting. Answer B is incorrect, as this just gives logs of errors. While this may be enough for your debugging, it does not give the most verbose logs. Answer D is incorrect, as this will just give log messages for actions that must be taken.
4. Correct answer and explanation: C. Answer C is correct, as this will invoke the smclient and connect to the share sammy on the target server (samserv). The response from the Samba server should be Password: prompting the user to enter the password they have set up on that host.
Incorrect answers and explanations: A, B, and D. Answer A is incorrect, as the option to specify the user (-U) is missing. Answer B is incorrect, as the option to specify a username is –U, not -u. Answer D is incorrect, as this does not specify the user option correctly.
5. Correct answer and explanation: B. The correct answer is B, because the rdnc command needs to have authentication keys that match those of the target server.
Incorrect answers and explanations: A, C, and D. Answer A is incorrect, as you do not need to insert the IP address of the target DNS in that file. Answer C is incorrect, because although you need to use this command to get the correct authentication key, the value must be put into the rndc.cong file. Answer D is incorrect, as there is no dnssync command.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.