Do An Tot Nghiep

N TT NGHIP
Tn ti:
QUN L XC THC TP TRUNG VI DCH V LDAP LINUX
GVHD: TRN VN TI
SVTH:
1. DNG QUC TUN
2. TRN HUNH AN DUY
3. TRN ON KIN
M lp:03CCHT01
Kha:03
Tp H Ch Minh, Ngy 19 Thng 10 Nm 2011
MSSV: 99510030043
MSSV: 99510030007
MSSV: 99510030017
NHN XT CA GING VIN HNG DN

...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
...............................................................................................................................................................
TRNG CAO NG NGH CNTT iSPACE

240 V Vn Ngn, QunTh c, TP. H Ch Minh
T: 08.6. 2678999 Fax: 08 6261 0304
MC LC
LI CM N ............................................................................................................................ 13
MC TIU TI ................................................................................................................... 14
CHNG I: GII THIU TNG QUAN .................................................................................. 15
I. Lch s pht trin ca Linux:....................................................................... 15
II. u im & khuyt im ca Linux: ............................................................. 16
1. u im: .................................................................................................... 16
1.1 Kinh t: .................................................................................................. 16
1.2 Linh hot, uyn chuyn: ........................................................................ 16
1.3 an ton cao: ..................................................................................... 16
1.4 Thch hp cho qun tr mng:................................................................ 17
2. Khuyt im: ............................................................................................... 18
2.1 i hi ngi dng phi thnh tho: ..................................................... 18
2.2 Tnh tiu chun ha: .............................................................................. 18
2.3 S lng cc ng dng cht lng cao trn Linux cn hn ch: ......... 18
2.4 Phn cng: ............................................................................................ 19
CHNG II: CI T H IU HNH LINUX (CENTOS) ..................................................... 20
I. Yu cu phn cng: ..................................................................................... 20
II. a cng v phn vng a trong Linux: .................................................... 20
III. Qun l a v partition trong Linux: ...................................................... 20
IV. Cc bc ci t h iu hnh Linux: ...................................................... 22
1. Chn phng thc ci t: ........................................................................ 22
2. Chn ch ci t: ................................................................................... 22
3. Chn ngn ng hin th trong qu trnh ci t: .......................................... 23
4. Cu hnh bn phm:..................................................................................... 23
5. Chia partition: .............................................................................................. 24
6. Ci t chng trnh Boot Loader:.............................................................. 25
7. Cu hnh mng:........................................................................................... 26
8. Cu hnh khu vc a l: ............................................................................. 27
9. t mt khu cho ngi qun tr:................................................................ 27
Khoa CNTT n Tt Nghip: Qun l xc thc tp trung vi dch v LDAP Linux Trang 3/164

T: 08.6. 2678999 Fax: 08 6261 0304
10. Chn loi ci t: ...................................................................................... 28
11. Tin hnh ci t h iu hnh: ................................................................ 30
12. S dng h iu hnh:.............................................................................. 31
CHNG III: GII THIU CC DCH V LIN QUAN .......................................................... 33
I. Dch v DNS (Domain Name System): ........................................................ 33
1. Gii thiu:................................................................................................... 33
2. Cch phn b d liu qun l domain name: .............................................. 36
3. Phn gii thun: .......................................................................................... 37
4. Phn gii nghch:......................................................................................... 37
5. S khc nhau gia Zone v Domain: ......................................................... 37
6. Chng nhn tn min: ................................................................................ 38
7. Phn loi Domain Name Server: ................................................................. 38
8. S y quyn (Delegation domain)............................................................... 39
9. Resource record:......................................................................................... 39
10. Gii thiu phn mm BIND: ...................................................................... 42
II. Dch v FTP (File Transfer Protocol): ......................................................... 46
1. Gii thiu:................................................................................................... 46
2. M hnh hot ng: ..................................................................................... 46
3.Chng trnh FTP Client:............................................................................. 49
4. Mt s tp lnh ca FTP Client: .................................................................. 50
5. Ci t v cu hnh FTP: ............................................................................ 51
III. Dch v Web: ................................................................................................ 54
1. Gii thiu giao thc HTTP: ........................................................................ 54
2. Web server v hot ng: ........................................................................... 55
3. Web client: .................................................................................................. 57
4. Web ng: ................................................................................................... 57
5. Ci t v cu hnh Web server: ................................................................. 58
5.1 Gii thiu phn mm Apache: ............................................................... 58
5.2 Ci t Apache: ..................................................................................... 59
5.3 Thng tin cu hnh: ................................................................................ 59
5.4 Cu hnh c bn: ................................................................................... 59
5.5 Cu hnh chng thc:............................................................................ 60

T: 08.6. 2678999 Fax: 08 6261 0304
IV. Dch v Squid Proxy: .................................................................................. 63
1. Gii thiu Squid: ........................................................................................ 64
2. Nhng giao thc h tr trn Squid: ............................................................ 64
3. Trao i cache: ........................................................................................... 65
4. Ci t v cu hnh Squid Proxy: ................................................................ 65
V. Dch v Mail Server: ..................................................................................... 69
1. Gii thiu:................................................................................................... 69
2. H thng mail: ............................................................................................. 70
3. Cc khi nim: ............................................................................................ 73
4. Mail v DNS: ............................................................................................... 74
5. Phn mm mail Postfix: .............................................................................. 75
6. Phn mm webmail:.................................................................................... 76
VI. Dch v Samba: ........................................................................................... 76
1. Gii thiu:................................................................................................... 76
2. Ci t:........................................................................................................ 77
CHNG IV: C S L THUYT LDAP .............................................................................. 83
I. Gii thiu v LDAP: ...................................................................................... 83
1. Khi nim c bn: ...................................................................................... 83
II. Phng thc hot ng ca LDAP: ........................................................... 84
1. Mt nghi thc client/sever: .......................................................................... 84
2. LDAP L mt nghi thc hng thng ip: ................................................. 84
3. Cc thao tc ca nghi thc LDAP: .............................................................. 86
4. Cc thao tc m rng: ................................................................................ 87
5. M hnh kt ni Client Server: .................................................................. 87
III. Cc m hnh LDAP: ..................................................................................... 88
1. LDAP Information Model: ............................................................................ 88
2. LDAP Naming Model: .................................................................................. 92
3. M hnh LDAP Function: ............................................................................. 96
4. M hnh LDAP Security: ............................................................................ 104
IV. S dng LDAP:.......................................................................................... 104
1. ng dng xc thc dng LDAP: ............................................................... 104
2. Mt s ng dng s dng nghi thc LDAP:.............................................. 105

T: 08.6. 2678999 Fax: 08 6261 0304
CHNG V: TRIN KHAI H THNG ................................................................................. 107
I. Phn tch hin trng h thng: .................................................................. 107
II. Ci t v cu hnh Open LDAP Replication Multi Master: ..................... 109
1.Ci t:....................................................................................................... 109
1.1 Cc gi ci t: .................................................................................... 109
2.Cc file cu hnh: ....................................................................................... 109
2.1 Cu hnh file /usr/local/etc/openldap/slapd.conf: ................................. 109
III. Xy dng Primary Domain Controller (Openldap with Samba): ............ 113
1. Ci t: ..................................................................................................... 113
1.1 Cc gi ci t: .................................................................................... 113
2. Cc file cu hnh: ...................................................................................... 114
2.1 Cu hnh file /etc/openldap/slapd.conf:................................................ 114
2.2 Cu hnh file /etc/samba/smb.conf: ..................................................... 116
2.3 To file script logon trong /var/lib/samba/netlogon/scripts ................... 117
2.4 Cu hnh file /var/lib/samba/sbin/smbldap_tools.pm:........................... 119
IV. Xy dng File-Server chng thc LDAP (Samba): ................................ 121
1. Ci t: ..................................................................................................... 121
1.1 Cc gi ci t: .................................................................................... 121
2. Cc file cu hnh: ...................................................................................... 121
2.1 Cu hnh file /etc/samba/smb.conf: ..................................................... 121
2.2 Gim st truy cp ti nguyn chia s: ................................................ 123
V. Xy dng Mail-Server chng thc LDAP (Postfix): ................................ 124
1. Ci t: ..................................................................................................... 124
1.1 Cc gi ci t: .................................................................................... 124
2. Cc file cu hnh: ...................................................................................... 124
2.1 Cu hnh file /etc/postfix/main.cf: ......................................................... 124
2.2 To file /etc/postfix/accountsmap.cf: .................................................... 125
2.3 To file /etc/postfix/ldap-aliases.cf: ...................................................... 125
2.4 Cu hnh file dovecot-ldap.conf: .......................................................... 125
2.5 Cu hnh file dovecot.conf: .................................................................. 125
3. To mail v kim tra: ................................................................................. 126
3.1 To email account: .............................................................................. 126

T: 08.6. 2678999 Fax: 08 6261 0304
3.2 Kim tra gi nhn mail:..................................................................... 127
4. Cu hnh webmail: .................................................................................... 128
4.1 Cu hnh file /etc/squirrelmail/config.php ............................................. 128
4.2 S dng webmail:................................................................................ 128
VI. Xy dng FTP-Server chng thc LDAP (vsftpd): ................................. 130
1. Ci t: ..................................................................................................... 130
1.1 Cc gi ci t: .................................................................................... 130
2. Cc file cu hnh: ...................................................................................... 130
2.1 Cu hnh file /etc/pam.d/vsftpd (chng thc ldap): .............................. 130
2.2 Cu hnh file /etc/vsftpd/ vsftpd.conf (cu hnh c bn):...................... 130
3. Kim tra s dng:................................................................................... 130
VII. Xy dng Web-Server chng thc LDAP (apache): ............................. 132
1. Ci t: ..................................................................................................... 132
1.1 Cc gi ci t: .................................................................................... 132
2. Cc file cu hnh: ...................................................................................... 132
2.1 Cu hnh file /etc/httpd/conf/httpd.conf (chng thc ldap): .................. 132
3. Kim tra chng thc truy cp: ................................................................... 133
VIII. Xy dng Proxy, Firewall, VPN Server (IPCOP):.................................. 134
1. Ci t: ..................................................................................................... 134
1.1 Ci t IPCOP: .................................................................................... 134
1.2 Cc bc ci t: ................................................................................ 134
1.3 Cu hnh Proxy Server: ....................................................................... 146
1.4 Cu hnh firewall: ................................................................................. 150
1.5 Cu hnh logs: ..................................................................................... 153
1.6 Cu hnh VPN Server: ......................................................................... 158
CHNG VI: NH GI V HNG PHT TRIN ........................................................... 164
I. Kt qu thc hin ti: ............................................................................ 164
1. Yu cu ti: ......................................................................................... 164
2. Hng pht trin ti: ............................................................................ 164
II. Ti liu tham kho: ..................................................................................... 164
III. Cc website: ............................................................................................... 164

T: 08.6. 2678999 Fax: 08 6261 0304
DANH MC HNH
Hnh 1: Partition trong Linux ..................................................................................................... 21
Hnh 2: Chn ch ci t ..................................................................................................... 22
Hnh 3: Chn ngn ng s dng .............................................................................................. 23
Hnh 4: Chn kiu bn phm ..................................................................................................... 24
Hnh 5: Chia partition................................................................................................................ 25
Hnh 6: Ci Boot Loader ........................................................................................................... 26
Hnh 7: Cu hnh mng ............................................................................................................ 27
Hnh 8: Cu hnh khu vc a l ............................................................................................... 27
Hnh 9: t mt khu cho ngi qun tr ................................................................................. 28
Hnh 10: Chn loi ci t ........................................................................................................ 29
Hnh 11: Qu trnh ci t h iu hnh ................................................................................... 30
Hnh 12: Ci t hon tt ......................................................................................................... 30
Hnh 13: Cu hnh firewall ........................................................................................................ 31
Hnh 14: Ci t ngy gi h thng.......................................................................................... 31
Hnh 15: To user..................................................................................................................... 32
Hnh 16: Giao din Desktop ..................................................................................................... 32
Hnh 17a: C ch phn cp DNS ............................................................................................. 34
Hnh 17b: C ch phn cp DNS ............................................................................................. 35
Hnh 18: Zone v Domain ........................................................................................................ 38
Hnh 19: Delegation Domain .................................................................................................... 39
Hnh 20: File cu hnh zone thun............................................................................................ 45
Hnh 21: File cu hnh zone nghch .......................................................................................... 45
Hnh 22: S kt ni active FTP ........................................................................................... 47
Hnh 23: S kt ni passive FTP......................................................................................... 49
Hnh 20: Hot ng ca giao thc HTTP ................................................................................. 55
Hnh 21: M t pht sinh web ng t chng trnh CGI ........................................................ 58
Hnh 22: Chng thc Digest .................................................................................................... 62
Hnh 22: Squid Proxy ............................................................................................................... 64
Hnh 23: S h thng mail................................................................................................... 71

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 24: H thng mail cc b ................................................................................................. 72
Hnh 25: H thng mail cc b c kt ni t xa ........................................................................ 72
Hnh 26: H thng mail hai Domain & mt Gateway ................................................................ 73
Hnh 27: Truy xut samba swat ................................................................................................ 80
Hnh 28: ng nhp samba thnh cng ................................................................................... 80
Hnh 29: Thao tc tm kim c bn .......................................................................................... 85
Hnh 30: Nhng thng ip Client gi cho Server ................................................................... 85
Hnh 31: Nhiu kt qu tm kim c tr v ........................................................................... 86
Hnh 32: M hnh kt ni gia client v server ......................................................................... 87
Hnh 33: Cy th mc vi cc entry l cc thnh phn c bn................................................ 89
Hnh 34: Cy th mc LDAP .................................................................................................... 92
Hnh 35: H thng tp tin ca UNIX ......................................................................................... 93
Hnh 36: Mt phn th mc LDAP vi cc entry cha thng tin. ............................................. 94
Hnh 37: V d v relative distingguished name (RDN) ............................................................ 95
Hnh 38: LDAP vi alias entry .................................................................................................. 96
Hnh 39: Thao tc tm kim vi phm vi base .......................................................................... 97
Hnh 40: Thao tc tm kim vi phm vi onelevel..................................................................... 98
Hnh 41: Thao tc tm kim vi phm vi subtree ...................................................................... 98
Hnh 42: Xc thc dng LDAP ............................................................................................... 105
Hnh 43: M hnh n gin lu tr ......................................................................................... 105
Hnh 44: Dng LDAP qun l th ...................................................................................... 106
Hnh 45: Khai bo schema ..................................................................................................... 109
Hnh 46: Khai bo tham s ldap ............................................................................................. 109
Hnh 47: nh ngha database, tn phn gii, user qun tr, th mc lu tr database. ........ 110
Hnh 48: Khai bo cc tham s ng b ldap......................................................................... 110
Hnh 49: Ch nh logfile ......................................................................................................... 110
Hnh 50: To cc i tng cho ldap ..................................................................................... 110
Hnh 51: Khai bo schema ..................................................................................................... 111
Hnh 54: Khai bo cc tham s ng b ldap......................................................................... 111
Hnh 55: User u1 c ng b sang ldap-svr2 ............................................................... 112

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 56: User u2 c ng b sang ldap-svr1 ............................................................... 113
Hnh 57: Khai bo samba.schema ......................................................................................... 114
Hnh 60: Khai bo ch mc cho database ............................................................................... 115
Hnh 61: Phn quyn cho cc i tng ................................................................................ 115
Hnh 62: Khai bo thng tin chng thc bng ldap ................................................................ 115
Hnh 63: Khai bo tn Domain, kiu chng thc ................................................................... 116
Hnh 64: Khai bo logfile, logsize, script to cc i tng cho DC ....................................... 116
Hnh 65: Cu hnh logon script, kiu chng thc ................................................................... 116
Hnh 66: Cu hnh netlogon, to Profiles cho user ................................................................. 117
Hnh 67: Ni dung file logon ................................................................................................... 118
Hnh 68: Ch nh ng dn file smbldap_bind.conf; smbldap.conf ..................................... 119
Hnh 69: Nhp cc thng s cu hnh .................................................................................... 119
Hnh 70: Join Domain thnh cng .......................................................................................... 120
Hnh 71: Client Windows XP c thm vo C s d liu LDAP ................................... 120
Hnh 72: Cc th mc chia s ................................................................................................ 122
Hnh 73: Truy xut file server t client.................................................................................... 122
Hnh 74: Thng s samba swat .............................................................................................. 123
Hnh 75: Gim st chia s ti nguyn..................................................................................... 123
Hnh 76: Ch nh hostname, domain, origin, network ............................................................ 124
Hnh 77: Khai bo virtual_alias_maps, virtual_mailbox_maps.. ............................................. 124
Hnh 78: Ni dung file accountsmap.cf ................................................................................... 125
Hnh 79: Ni dung file ldap-aliases.cf ..................................................................................... 125
Hnh 80: Cu hnh file dovecot-ldap.conf ............................................................................... 125
Hnh 81: Cu hnh file dovecot.conf ....................................................................................... 126
Hnh 82: To email account ................................................................................................... 127
Hnh 83: Cu hnh outlook express ........................................................................................ 127
Hnh 84: Gi nhn mail thnh cng..................................................................................... 128
Hnh 85: Trang ng nhp webmail ....................................................................................... 129
Hnh 86: Giao din webmail ................................................................................................... 129
Hnh 87: Ni dung file /etc/pam.d/vsftpd................................................................................. 130

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 88: Cu hnh thng s ftp c bn. ................................................................................. 130
Hnh 89: Truy cp FTP Server ............................................................................................... 131
Hnh 90: Yu cu chng thc khi truy cp vo trang /admin ................................................. 132
Hnh 91: Chng thc truy cp ................................................................................................ 133
Hnh 92: Chng thc truy cp thnh cng ............................................................................. 133
Hnh 93: Chn ngn ng s dng .......................................................................................... 134
Hnh 94: Chn source ci t ................................................................................................. 135
Hnh 95: Thng bo prepare harddisk .................................................................................... 135
Hnh 96: Qu trnh ci t bt u ......................................................................................... 136
Hnh 97: Cu hnh mng ........................................................................................................ 136
Hnh 98: Thit lp a ch IP cho GREEN interface ................................................................ 137
Hnh 99: Chn kiu bn phm ................................................................................................. 137
Hnh 100: Nhp hostname ..................................................................................................... 138
Hnh 101: Nhp Domain name ............................................................................................... 138
Hnh 102: Cu hnh mng ...................................................................................................... 139
Hnh 103: Chn kiu cu hnh mng ...................................................................................... 139
Hnh 104: Ch nh drivers cho NIC ........................................................................................ 140
Hnh 105: Thit lp IP address ............................................................................................... 140
Hnh 106: t ip cho ORANGE interface ............................................................................... 141
Hnh 107: t ip cho RED interface ....................................................................................... 141
Hnh 108: Thit lp DNS v Gateway..................................................................................... 142
Hnh 109: Ch nh DNS v Gateway ..................................................................................... 142
Hnh 110: Cu hnh DHCP Server.......................................................................................... 143
Hnh 111: t password cho user root ................................................................................... 143
Hnh 112: t password cho user admin ............................................................................... 144
Hnh 113: t password backup ............................................................................................ 144
Hnh 114: Hon tt ci t...................................................................................................... 145
Hnh 115: Giao din qun tr firewall ...................................................................................... 146
Hnh 116: Cu hnh Proxy Server........................................................................................... 147
Hnh 117: Khai bo thng s chng thc LDAP .................................................................... 148
Hnh 118: Chng thc user truy cp web .............................................................................. 149
Hnh 119: Thit lp rule puplic dch v ................................................................................... 150

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 120: Thit lp rule DNZ zone. ........................................................................................ 151
Hnh 121: Thit lp ping response.......................................................................................... 152
Hnh 122: Thit lp cc thng s log ...................................................................................... 153
Hnh 123: Proxy logs .............................................................................................................. 154
Hnh 124: Firewall logs ........................................................................................................... 155
Hnh 125: IDS logs ................................................................................................................. 156
Hnh 126: URL Filter logs ....................................................................................................... 157
Hnh 127: Cu hnh VPN Server ............................................................................................ 158
Hnh 128: Khai bo thng tin user .......................................................................................... 159
Hnh 129: Download key chng thc ..................................................................................... 160
Hnh 130: Ci t OpenVPN client ......................................................................................... 161
Hnh 131: Gii nn key xc thc ............................................................................................ 161
Hnh 132: Kt ni VPN thnh cng......................................................................................... 162
Hnh 133: Truy cp mng internal thnh cng ....................................................................... 163

T: 08.6. 2678999 Fax: 08 6261 0304
LI CM N
c th hon tt c bi n ny, trc tin phi k n cng
sc ca thy
TRN VN TI.
Nhm chng em knh gi li cm n n
thy tn tnh hng dn v gip trong thi gian thc hin n

ny.
Nhm chng em xin chn thnh cm n cc thy c khoa Cng Ngh
Thng Tin Trng Cao ng Ngh iSPACE truyn t nhng kin
thc, nhng kinh nghim qu bu cho chng em trong qu trnh hc
tp ti trng.
Xin chn thnh cm n n cc bn gip ti liu cng nh trao
i hc thut mi c th thc hin n ny.
Tp.H Ch Minh, ngy 19 thng 10 nm 2011
Hc vin thc hin

Dng Quc Tun
Trn Hunh An Duy
Trn on Kin

T: 08.6. 2678999 Fax: 08 6261 0304
MC TIU TI
Xy dng h thng mng chng thc tp trung vi OpenLDAP.
Xy dng h thng chng thc tp trung cho cc dch v: mail, ftp, samba,
web.
Xy dng h thng qun l tp trung trn HDH Linux thay th cho h thng
MS Active Directory.

T: 08.6. 2678999 Fax: 08 6261 0304
CHNG I: GII THIU TNG QUAN

I. Lch s pht trin ca Linux:
Linux l mt HDH dng UNIX (Unix-like Operating System) chy trn my PC vi b
iu khin trung tm (CPU) Intel 80386 tr ln, hay cc b vi x l trung tm tng
thch AMD, Cyrix. Linux ngy nay cn c th chy trn cc my Macintosh hoc SUN
Sparc .
Linux c vit li ton b t con s khng, tc l khng s dng mt dng lnh no
ca Unix trnh vn bn quyn ca Unix. Tuy nhin hot ng ca Linux hon
ton da trn nguyn tc ca h iu hnh Unix. V vy nu mt ngi nm c
Linux, th s nm c UNIX. Gia cc h thng Unix s khc nhau cng khng km
g gia Unix v Linux.
Nm 1991 Linus Torvalds, sinh vin ca i hc tng hp Helsinki, Phn lan, bt u
xem xt Minix, mt phin bn ca Unix lm ra vi mc ch nghin cu cch to ra mt
h iu hnh Unix chy trn my PC vi b vi x l Intel 80386.
Ngy 25/8/1991, Linus cho ra version 0.01 v thng bo trn comp.os.minix ca
Internet v d nh ca mnh v Linux.
Thng 01/1992, Linus cho ra version 0.12 vi shell v C compiler. Linus khng cn
Minix na recompile HDH ca mnh. Linus t tn HDH ca mnh l Linux.
Nm 1994, phin bn chnh thc 1.0 c pht hnh.
Qu trnh pht trin ca Linux c tng tc bi s gip ca chng trnh GNU
(GNUs Not Unix), l chng trnh pht trin cc Unix c kh nng chy trn nhiu
platform. Phin bn mi nht ca Linux kernel l 2.6.25, c kh nng iu khin cc
my a b vi x l ( hin ti Linux h tr my tnh c ti a 16 CPUs). Linux kernel
2.6.25 cng ng thi nng cp h thng file Ext4 (phin bn c l Ext3), gip h tr
dung lng block ln hn - t 4K ln 64K v rt nhiu cc tnh nng khc (c th
download ti (http://www.kernel.org).
Cc phin bn ca H iu hnh Linux c xc nh bi h thng s dng X.YY.ZZ.
Nu YY l s chn phin bn n nh, YY l s l phin bn th nghim .

T: 08.6. 2678999 Fax: 08 6261 0304
II. u im & khuyt im ca Linux:
1. u im:
1.1 Kinh t:
l mt c im khng th b qua ca Linux. Tuy nhin i vi Linux
vn cha l tt c. H iu hnh ny cn rt nhiu u im khc m khng
mt h iu hnh no c. Chnh nhng c im ny mi l nguyn nhn
khin cho Linux ngy cng tr nn ph bin khng ch Vit Nam m c
trn th gii.
1.2 Linh hot, uyn chuyn:
Linux l mt H iu hnh m ngun m nn chng ta c th ty sa cha
theo nh mnh thch (tt nhin l trong kh nng kin thc ca mi ngi).
Chng ta c th chnh sa Linux v cc ng dng trn sao cho ph hp vi
mnh nht. Mt khc do Linux c mt cng ng rt ln nhng ngi lm
phn mm cng pht trin trn cc mi trng, hon cnh khc nhau nn tm
mt phin bn ph hp vi yu cu ca mi ngi s khng phi l mt vn
qu kh khn.
Tnh linh hot ca Linux cn c th hin ch n tng thch c vi rt
nhiu mi trng. Hin ti, ngoi Linux dnh cho server, PCnhn Linux
(Linux kernel) cn c nhng vo cc thit b iu khin nh my tnh palm,
robot..Phm vi ng dng ca Linux c xem l rt rng ri.
1.3 an ton cao:
Trc ht, trong Linux c mt c cu phn quyn ht sc r rng. Ch c
"root" (ngi dng ti cao) mi c quyn ci t v thay i h thng. Ngoi ra
Linux cng c c ch mt ngi dng bnh thng c th tm thi chuyn
sang quyn "root" thc hin mt s thao tc. iu ny gip cho h thng c
th chy n nh v trnh phi nhng sai st dn n v h thng (trong
nhng phin bn Windows gn y, c ch phn quyn ny cng bc
u c p dng, nhng so vi Linux th vn km cht ch hn).

T: 08.6. 2678999 Fax: 08 6261 0304
Ngoi ra chnh tnh cht "m" cng to nn s an ton ca Linux. Nu nh
mt l hng no trn Linux c pht hin th n s c c cng ng m
ngun m cng sa v thng th ch sau 24h s c th cho ra bn sa li.
Mt khc i vi nhng H iu hnh m ngun ng nh Windows, chng ta
khng th bit c ngi ta vit g, v vit ra sao m ch bit c chng
chy nh th no. V vy nu nh Windows c cha nhng on m cho php
to nhng "back door" xm nhp vo h thng ca chng ta th chng ta
cng khng th bit c. i vi ngi dng bnh thng nh chng ta vn
ny c v nh khng quan trng nhng i vi mt h thng tm c nh
h thng quc phng th vn nh th ny li mang tnh sng cn. Cc nhn
vin an ninh khng c php l mt k h no, d l nh nht v n lin
quan n an ninh ca c mt quc gia. V mt ln na cc phn mm m
ngun m ni chung v Linux ni ring li l s la chn s 1. Trong Linux
mi th u cng khai, ngi qun tr c th tm hiu ti mi ng ngch ca h
iu hnh. iu cng c ngha l an ton c nng cao.
1.4 Thch hp cho qun tr mng:
c thit k ngay t u cho ch a ngi dng, Linux c xem l mt
h iu hnh mng rt gi tr. Nu nh Windows t ra l mt H iu hnh
thch hp vi my tnh Desktop th Linux li l h iu hnh thng tr i vi
cc Server. l do Linux c rt nhiu u im tha mn i hi ca mt h
iu hnh mng: tnh bo mt cao, chy n nh, cc c ch chia s ti nguyn
tt..Giao thc TCP/IP m chng ta vn thy ngy nay chnh l mt giao thc
truyn tin ca Linux (sau ny mi c a vo Windows).
1.5 Chy thng nht trn cc h thng phn cng:
D cho c rt nhiu phin bn Linux c cc nh phn phi khc nhau ban
hnh nhng nhn chung u chy kh n nh trn mi thit b phn cng, t
Intel 486 n nhng my Core 2 Duo, t nhng my c dung lng RAM ch
4MB n nhng my c cu hnh cc mnh (tt nhin l tc s khc nhau
nhng v nguyn tc vn c th chy c). Nguyn nhn l Linux c rt

T: 08.6. 2678999 Fax: 08 6261 0304
nhiu lp trnh vin nhiu mi trng khc nhau cng pht trin (khng nh
Windows ch do Microsoft pht trin) v chng ta s bt gp nhiu ngi c
"cng cnh ng" nh mnh v d dng tm c cc driver tng ng vi thit
b ca mnh . Tnh cht ny hon ton tri ngc vi Windows. Mi khi c mt
phin bn Windows mi ra i th bao gi km theo cng l mt cn kht
v phn cng v H iu hnh mi thng khng h tr cc thit b qu c.
2. Khuyt im:
D cho hin nay Linux ang c tc pht trin nhanh hn hn Windows nhng
khch quan m ni so vi Windows, Linux vn cha th n vi ngi s dng
cui. l do Linux vn cn c nhng nhc im c hu:
2.1 i hi ngi dng phi thnh tho:
Trc kia vic s dng v cu hnh Linux c xem l mt cng vic ch dnh
cho nhng k thut vin CNTT. Hu nh mi cng vic u thc hin trn cc
dng lnh v phi cu hnh nh sa trc tip cc file. Mc d trong nhng
phin bn gn y, cc H iu hnh Linux c nhng ci tin ng k,
nhng so vi Windows tnh thn thin ca Linux vn cn l mt vn ln.
y l mt trong nhng nguyn nhn ch yu khin Linux mc d c rt nhiu
c tnh k thut tt nhng vn cha n c vi ngi dng cui.
2.2 Tnh tiu chun ha:
Linux c pht hnh min ph nn bt c ai cng c th t mnh ng gi,
phn phi theo nhng cch ring. Hin ti c kh nhiu bn Linux pht trin t
mt nhn ban u cng tn ti nh: RedHat, SuSE, Knoppix.. Ngi dng
phi t so snh xem bn no l ph hp vi mnh. iu ny c th gy kh
khn cho ngi dng, nht l nhng ngi cn c kin thc v tin hc hn
ch.
2.3 S lng cc ng dng cht lng cao trn Linux cn hn ch:

T: 08.6. 2678999 Fax: 08 6261 0304
Mc d Windows c sn phm no th Linux cng gn nh c phn mm
tng t, (VD: OpenOffice trn Linux tng t nh MSOffice, hay GIMP tng
t nh Photoshopv..v..) Tuy nhin cht lng nhng sn phm ny l cha
th so snh c vi cc sn phm vit cho Windows.
2.4 Phn cng:
Mt s nh sn xut phn cng khng c driver h tr Linux: Do hin nay
Linux cha ph bin bng Windows nn nhiu nh sn xut khng h tr cc
driver chy trn Linux. Tuy nhin chng ta vn c th tm thy cc driver ny
trn internet do cng ng m ngun m vit.
Trn c s nhn nhn mt cch khch quan cc u, nhc im ca H iu
hnh Linux cng nh xem xt xu hng pht trin tin hc nc ta c th thy:
i vi ngi dng thng thng vic chuyn t Windows sang Linux trong ngy
mt ngy hai l cha th. Tuy nhin i vi nhng ngi lm tin hc, c bit l
i vi sinh vin, vic tm hiu v nghin cu Linux v phn mm m ngun m l
mt iu kin rt tt nng cao hiu bit ca mnh. Linux du sao vn l mt h
iu hnh rt c gi tr: chi ph thp, linh hot, n inh, v bo mt cao.

T: 08.6. 2678999 Fax: 08 6261 0304
CHNG II: CI T H IU HNH LINUX (CENTOS)

I. Yu cu phn cng:
Linux khng i hi my c cu hnh mnh. Tuy nhin nu phn cng c cu hnh
thp qu th c th khng chy c Xwindow hay cc ng dng c sn. Cu hnh ti
thiu nn dng:
CPU: Pentium 3 tr ln.
RAM: 64 MB tr ln cho text mode, 192 MB cho mode Graphics.
a cng: Dung lng a ph thuc vo loi ci t:
Custom Instalation (minimum): 520MB.
Server (minimum): 870 MB.
Personal Desktop: 1.9 GB.
Custom Instalation (everything): 5.3 GB.
2M cho cardd mn hnh nu mun s dng mode cho ha.
II. a cng v phn vng a trong Linux:

a cng c phn ra nhiu vng khc nhau gi l Partion. Mi partion s dng mt
h thng tp tin v d liu lu tr d liu. Mi a chng ta ch chia c ti a 4
partion chnh (primary). Gii hn nh vy l do Master Boot Record ca a ch ghi ti
a 4 ch mc ti 4 partion.
to nhiu partion lu tr d liu (hn 4) ngi ta dng partion m rng (extended
pariton). Thc ra partion m rng cng l primary partition nhng cho php to ra cc
partition con c gi l logical partition trong n.
III. Qun l a v partition trong Linux:

Linux s dng c ch truy xut a thng qua tp tin. Mi a c gn vi mt
tp tin trong th mc /dev/. K hiu a fd cho mm, hd cho cng, sd dnh cho
SCSI. K t a, b, c gn thm vo xc nh cc a khc nhau cng loi.

T: 08.6. 2678999 Fax: 08 6261 0304
K t m t a
hda
hdb
hdc
hdd
sda
sdb
Cc thit b lu tr (Physical block devices)

Primary Master
Primary Slave
Secondary Master
Secondary Slave
First SCSI disk
Second SCSI dish
Bng k t m t a
V d: cng th nht hda, cng th 2 hdb . xc nh cc parttion trong a

ngi ta dng cc s i km. Theo qui nh partition chnh v m rng c gn s 1
- 4. Cc logical partition c gn cc gi tr t 5 tr i.
Hnh 1: Partition trong Linux

Nh hnh v trn l cc partition ca cng th nht hda: c 2 partition chnh k hiu
l hda1 v hda2, mt partition m rng l hda3. Trong partition m rng hda3 c 2
partition logic c k hiu l hda6 v hda5.
Trong Linux bt buc phi c ti thiu 2 partition sau:
Partition chnh cha th mc gc (/) v ht nhn (gi l Linux Native partition).
Partition swap c dng lm khng gian hon i d liu khi vng nh chnh
c s dng ht. Kch thc ca phn swap s dng ty thuc h thng mnh
s dng nhiu hay t ng dng. Thng thng th kch thc vng swap bng kch
thc b nh chnh.

T: 08.6. 2678999 Fax: 08 6261 0304
IV. Cc bc ci t h iu hnh Linux:
1. Chn phng thc ci t:
CD-ROM: C th khi ng t CD-ROM hoc khi ng bng a mm boot.
a cng: Cn s dng a mm boot (dng lnh dd hoc mkbootdisk to a
mm boot).
NFS image: S dng a khi ng mng. Kt ni ti NFS server.
FTP: S dng a khi ng mng. Ci trc tip qua kt ni FTP.
HTTP: S dng a khi ng mng. Ci trc tip qua kt ni HTTP.
2. Chn ch ci t:
Khi chng trnh ci t khi ng s hin th mn hnh:
Hnh 2: Chn ch ci t
Chng ta c th chn cc ch :
Linux text: Chng trnh ci t h iu hnh di ch text (text mode).

T: 08.6. 2678999 Fax: 08 6261 0304
[ENTER]: Chng trnh ci t h iu hnh di ch ha (Graphical
mode).
3. Chn ngn ng hin th trong qu trnh ci t:
Mc nh trong bc ny h thng s chn English lm ngn ng chnh hin th
trong qu trnh ci t. Thng thng trong bc ny ta s chp nhn phng
thc chn mc nh ca h thng, tip tc chn Next sang trang k tip.
Hnh 3: Chn ngn ng s dng

4. Cu hnh bn phm:
Chn loi bn phm thch hp Next

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 4: Chn kiu bn phm

5. Chia partition:
Remove all partition on selected drivers and create default layout: Loi b tt c
cc partition c sn trong h thng v h thng s to t ng theo mc nh.
Remove linux partition on selected drivers and create default layout: Loi b tt c
cc Linux partition c sn trong h thng v h thng s to t ng theo mc
nh.
Use free space on selected drivers and create default layout: Dng khng gian cn
trng trn a vn h thng s to t ng theo mc nh.
Create custom layout: Chia partition theo ty chn ca ngi dng (manually).
Ty theo tng yu cu m chng ta chn cc cch chia partition cho ph hp, sau chn
Next.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 5: Chia partition

6. Ci t chng trnh Boot Loader:
Boot Loader l chng trnh cho php chng ta chn cc h iu hnh khi
ng qua menu. Khi chng ta chn, th chng xc nh cc tp tin cn thit khi
ng h iu hnh v giao quyn iu khin li cho h iu hnh. Boot Loader c
th c ci vo Master Boot record hoc vo sector u tin ca partition.
Linux cho php chng ta s dng chng trnh Boot Loader l GRUB hoc LILO.
C hai Boot Loader u c th h tr qun l nhiu h iu hnh trn mt h
thng:
Chng ta chn ci Boot Loader vo Master Boot Record (MBR) khi cha c
chng trnh Boot Loader no (v d nh ca Windows) c ci, hoc
chng ta chc chn chng trnh Boot Loader ca mnh c th khi ng
c cc h iu hnh khc trong my. Khi ci ln MBR th cc chng trnh
Boot Loader trc s b thay th bng Boot Loader mi.
Chng ta khng ci chng trnh Boot Loader, khi cn phi s dng a
mm boot khi ng h iu hnh.
Ta c th t mt khu cho boot loader thng qua ty chn User a boot
loader password v nhn nt Change password.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 6: Ci Boot Loader

7. Cu hnh mng:
Mc nh h thng cu hnh mng DHCP, cu hnh a ch IP c th chng ta
nhp nhng thng s cu hnh mng bng cch Click nt Edit.
IP Address: Ch nh a ch IP cho my.
Prefix (Netmask): Ch nh netmask cho my.
Active on boot: Card mng c kch hot khi h iu hnh khi ng.
Hostname: Nu chng ta c tn dns y th khai bo tn y . Trong
trng hp khng kt ni vo mng chng ta cng t tn cho my thng
qua mc chn manually. Nu khng tn no c in vo th gi tr mc
nhin s dng l localhost
Miscellaneous Settings: ch nh a ch Gateway v Primary DNS, v mt
s thng s khc. Cc trng khng c gi tr th trng khng c s
dng trong h thng.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 7: Cu hnh mng

8. Cu hnh khu vc a l:
Cc v tr chia theo chu lc. Vit Nam l Asia/Ho_Chi_Minh, ta c th chn mc
ny mt cch d dng thng qua vic nh v chut ti ng v tr trn bng
Next.
Hnh 8: Cu hnh khu vc a l

9. t mt khu cho ngi qun tr:

T: 08.6. 2678999 Fax: 08 6261 0304
Trn Linux ngi qun tr thng c gi l ngi root. Mt khu ca user root
bt buc c chiu di ti thiu ca password l 6 k t. Chng ta nn t
password gm c k t, s v cc k t c bit bo m an ton. Lu
password phn bit ch hoa v thng Next.
Hnh 9: t mt khu cho ngi qun tr

10. Chn loi ci t:
Mt s ci t thng dng:
Desktop: Ci t h iu hnh phc v cho cng vic ca mt my trm.
Server: Ci t h iu hnh phc v cho my ch.
Customize now: C th tch hp cc ty chn trn mt cch ty .

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 10: Chn loi ci t

T: 08.6. 2678999 Fax: 08 6261 0304
11. Tin hnh ci t h iu hnh:
Sau khi thit lp cc thng s, chng trnh s tin hnh ci t h iu hnh.
Hnh 11: Qu trnh ci t h iu hnh

Sau khi qu trnh ci t hon tt, h thng yu cu reboot
Hnh 12: Ci t hon tt


T: 08.6. 2678999 Fax: 08 6261 0304
12. S dng h iu hnh:
Sau khi hon tt qu trnh ci t, s dng h iu hnh chng ta phi thit lp
mt vi thng s:
Cu hnh Firewall: Trong linux c tch hp firewall bo v h thng chng
li mt s truy xut bt hp php t bn ngoi. Ta c th chn Enable hoc
Disable Forward.
Hnh 13: Cu hnh firewall

Ty chnh ngy, gi h thng:
Hnh 14: Ci t ngy gi h thng


T: 08.6. 2678999 Fax: 08 6261 0304
To user ng nhp:
Hnh 15: To user

Hon tt, ng nhp v s dng:
Hnh 16: Giao din Desktop


T: 08.6. 2678999 Fax: 08 6261 0304
CHNG III: GII THIU CC DCH V LIN QUAN

I. Dch v DNS (Domain Name System):
1. Gii thiu:
Mi my tnh trong mng mun lin lc hay trao i thng tin, d liu cho nhau cn
phi bit r a ch IP ca nhau. Nu s lng my tnh nhiu th vic nh nhng
a ch IP ny l rt kh khn.
Mi my tnh ngoi a ch IP ra cn c mt tn my cn gi l Computer name.
i vi con ngi vic nh tn my d sao cng d dng hn v chng c tnh
trc quan v gi nh hn a ch IP. V th ngi ta ngh ra cch lm sao nh x
a ch IP thnh tn my tnh.
Ban u do quy m mng ARPAnet (tin than ca mng Internet) cn nh (ch vi
trm my), nn ch c mt tp tin n HOSTS.TXT lu thong tin v nh x tn
my tnh thnh a ch IP. Trong tn my ch l mt chui vn bn khng phn
cp (flat name). Tp tin ny c duy tr ti mt my ch v cc my ch khc lu
gi bn sao ca n. Tuy nhin khi quy m mng ln hn, vic s dng tp tin
HOSTS.TXT c cc nhc im sau:
Lu lng mng v my ch duy tr tp tin HOSTS.TXT b qu ti do hiu
ng c chai.
Xung t tn v khng th c hai my tnh cng tn trong tp tin HOSTS.TXT.
Tuy nhin do tn my khng phn cp v khng c g bo m ngn chn
vic to hai tn trng nhau v khng c c ch y quyn qun l tp tin nn
c nguy c b xung t tn.
Khng m bo s ton vn: vic duy tr mt tp tin trn mng ln rt kh
khn. V d nh khi tp tin HOSTS.TXT va cp nht cha kp chuyn n
my ch xa th c s thay i a ch trn mng.
Tm li vic dng tp tin HOSTS.TXT khng ph hp cho mng ln v thiu c
ch phn tn v m rng. Do , dch v DNS ra i nhm khc phc cc nhc
im ny. Ngi thit k cu trc ca dch v DNS l Paul Mockapetris USCs

T: 08.6. 2678999 Fax: 08 6261 0304
Information Sciences Institute, v cc khuyn ngh RFC ca DNS RFC 882 v 883,
sau c b sung ca RFC 1034, 1035.
Dch v DNS hot ng theo m hnh Client-Server: Phn Server gi l my ch
phc v tn hay cn gi l Nameserver, cn phn Client l chng trnh yu cu
phn gii tn hay cn gi l Resolver. Nameserver cha cc thng tin CSDL ca
DNS, cn Resolver n gin ch l cc hm th vin dng to cc truy vn
(query) v gi chng qua n Nameserver.
DNS l mt CSDL phn tn. iu ny cho php ngi qun tr cc b qun l
phn d liu ni b thuc phm vi ca h, ng thi d liu ny cng d dng truy
cp c trn ton b h thng mng theo m hnh Client-Server. Hiu sut s
dng dch v c tng cng thng qua c ch nhn bn (replication) v lu
tm (caching). Mt hostname trong domain l s kt hp gia nhng t phn
cch nhau bi du .. V d: hostname l server.thanhlong.com, trong server l
tn my v thanhlong.com l tn vng. Domain name phn b theo c ch phn
cp tng t nh s phn cp ca h thng tp tin Unix/Linux.
Hnh 17a: C ch phn cp DNS

T: 08.6. 2678999 Fax: 08 6261 0304
C s d liu (CSDL) ca DNS l mt cy o ngc. Mi nt trn cy cng l

gc ca 1 cy con. Mi cy con l mt phn vng con trong ton b CSDL DNS
gi l 1 min (domain). Mi domain c th phn chia thnh cc phn vng con nh
hn gi l cc min con (subdomain).
Mi domain c 1 tn (domain name). Tn domain ch ra v tr ca n trong CSDL
DNS. Trong DNS tn min l chui tun t cc tn nhn ti nt i ngc ln
nt gc ca cy v phn cch nhau bi du chm. Tn nhn bn phi trong mi
domain name c gi l top-level domain.
Hnh 17b: C ch phn cp DNS

Tn min
M t
.com
.org
.net
Cc t chc, cng ty thng mi

Cc t chc phi li nhun
Cc trung tm h tr v mng
.edu
Cc t chc gio dc
.gov
Cc t chc thuc chnh ph
.mil
Cc t chc qun s
.int
Cc t chc c thnh lp bi cc hip c quc t

T: 08.6. 2678999 Fax: 08 6261 0304
V s qu ti ca nhng domain name tn ti, do lm pht sinh nhng
top-level domain mi.
Tn min
M t
.arts
.nom
Nhng t chc lin quan n ngh thut v kin trc

Nhng a ch c nhn v gia nh
.rec
.firm
.info
Nhng t chc c tnh cht gii tr, th thao

Nhng t chc kinh doanh, thng mi
Nhng dch v lin quan n thng tin
Bn cnh , mi nc cng c mt top-level domain. V d top-level domain ca

Vit Nam l .vn, M l .us, .. Mi quc gia khc nhau c c ch t chc phn
cp domain khc nhau.
2. Cch phn b d liu qun l domain name:
Nhng root nameserver (.) qun l nhng top-level domain trn internet. Tn my
v a ch IP ca nhng nameserver ny c cng b cho mi ngi bit, chng
c lit k trong bng sau:
Tn my tnh
a ch IP
a.root-servers.net.
b.root-servers.net.
c.root-servers.net.
d.root-servers.net.
e.root-servers.net.
198.41.0.4
128.9.0.107
192.33.4.12
128.8.10.90
192.203.230.10
f.root-servers.net.
192.5.5.241
g.root-servers.net.
192.112.36.4
h.root-servers.net.
128.63.2.53
i.root-servers.net.
192.36.148.17
j.root-servers.net.
192.58.128.30
k.root-servers.net.
193.0.14.129
l.root-servers.net.
198.32.64.12
m.root-servers.net.
202.12.27.33

T: 08.6. 2678999 Fax: 08 6261 0304
Thng thng mt t chc c ng k mt hay nhiu domain name. Sau ,
mi t chc s ci t mt hay nhiu nameserver v duy tr c s d liu cho tt
c nhng my tnh trong domain. Nhng nameserver ca t chc c ng k
trn internet. Mt trong nhng nameserver ny c bit nh l Primary Server.
Nhiu Secondary Name Server c dung lm backup cho Primary Name
Server. Trong trng hp Primary b li, Secondary c s dng phn gii
tn min. Primary Name Server c th to ra nhng subdomain v y quyn
nhng subdomain ny cho nhng nameserver khc.
3. Phn gii thun:
Vai tr ca Root Name Server: l my ch qun l cc name server mc toplevel domain.
Khi c truy vn v mt tn min no th root name server phi cung cp tn v
a ch IP ca name server qun l top-level domain m tn min ny thuc vo.
C hai loi truy vn:
Truy vn quy: bt buc phi tr v kt qu tm c hoc thng bo li
nu nh truy vn ny khng phn gii c.
Truy vn tng tc: tr li cho resolver thng tin tt nht m n c c vo
thi im lc .
4. Phn gii nghch:
nh x a ch IP thnh tn my tnh c dng trong mt s trng hp chng
thc trn h thng UNIX/LINUX.
Khng gian c tn min in-addr.arpa l mt nhnh tn min b sung c lp ch
mc theo a ch IP.
Mi nt trong min in-addr.arpa c tn nhn l ch s thp phn ca a ch IP.
5. S khc nhau gia Zone v Domain:
Zone: bao gm mt domain hay nhiu subdomain.
Domain : bao gm nhiu subdomain v zone.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 18: Zone v Domain

6. Chng nhn tn min:
FULL QUALIFIED DOMAIN NAME (FQDN):
Mt tn min y ca mt nt chnh l chui tun t cc tn gi ca nt
hin ti i ngc ln gc, mi tn gi cch nhau bi du chm
Tn tuyt i (l tn c xut hin du chm sau cng) cng c xem l tn
min u c chng nhn.
7. Phn loi Domain Name Server:
MASTER NAME SERVER:
Mi min phi c mt Master Name Server. Ngi qun tr DNS s t chc
nhng tp tin CSDL trn Master Name Server. Server ny c nhim v phn
gii tt c cc my trong min hay zone.
SLAVE NAME SERVER:
C nhim v sao lu nhng d liu trn Master Name Server. C th c mt
hay nhiu Slave Name Server.
CACHING NAME SERVER:

T: 08.6. 2678999 Fax: 08 6261 0304
Khng c bt k tp tin CSDL no. N c chc nng phn gii tn my trn
nhng mng xa thng qua nhng Name Server khc.
Lm tng tc phn gii bng cch s dng cache.
Gim bt gnh nng phn gii tn my cho name server.
Gim vic lu thng trn nhng mng ln.
8. S y quyn (Delegation domain)
Thng thng, min cha cung cp cc domain cho min con di hnh thc y
quyn cho min con t qun l v t chc CLDS cho min con.
Hnh 19: Delegation Domain

9. Resource record:
Record SOA (Start of Authority):
Trong mi tp tin CSDL phi c mt v ch mt record SOA.
Record SOA ch ra rng my ch name server l ni cung cp thng tin tin
cy t d liu c trong zone
C php:
[tn-min] IN SOA [tn-server-dns] [a ch email] (
serial number;

T: 08.6. 2678999 Fax: 08 6261 0304
refresh number;
retry number;
experi number;
time-to-live number; )
serial number: Khi mt Slave Server lin lc vi Master Server ly d liu,
trc tin n s kim tra s serial. Nu s serial ca master ln hn tc l
d liu ht hn s dng v n s load li d liu mi. Thng thng ta
nh dng theo thi gian nh sau:
YYYYMMDDNN
V d: 2004122901
refresh number: Khong thi gian (giy) m Slave Server kim tra d liu
trn Master Server cp nht.
V d: 10800 ; Refresh sau 3 gi.
retry number: Nu Slave Server khng th kt ni vi Master Server sau mt
khong thi gian refresh th n s c gng kt ni li sau retry giy. Gi tr
ny nh hn gi tr refresh.
V d: 3600 ; Retry sau 1 gi
experi number: Nu Slave Server khng th kt ni vi Master Server sau
khong thi gian expire (giy) ny, th Slave Server s khng tr li mi truy
vn v zone ny na, v n cho rng d liu ny qu c. Gi tr ny phi
ln hn gi tr refresh v retry.
V d: 604800 ; Expire sau 1 tun.
time-to-live number: gi tr ny c dng cho tt c cc record trong tp tin
c s d liu. Gi tr ny cho php nhng server khc cache li d liu trong
1 khong thi gian xc nh TTL.
V d : 86400 ; TTL l 1 ngy
Record NS (Name Server):

T: 08.6. 2678999 Fax: 08 6261 0304
Mi name server cho zone s c mt NS record.
C php:
[tn-domain] IN NS [DNS Server]
V d:
thanhlong.com. IN NS dns-svr.thanhlong.com.
Khai bo trn ch ra name server qun l d liu cho min thanhlong.com l
dns-svr.thanhlong.com.
Record A (Address):
nh x tn my thnh a ch IP.
C php:
[tn my] IN A [a ch IP]
V d:
dns-svr.thanhlong.com.
IN A 172.31.0.3
ldap-svr1.thanhlong.com. IN A 172.31.0.1
Record CNAME (Canonical Name):
To tn b danh tr vo mt tn canonical
C php:
[tn my alias] IN CNAME [tn my gc]
V d:
www.thanhlong.com. IN CNAME mail-svr.thanhlong.com.
Record MX (Mail Exchanger):

DNS dng record MX trong vic chuyn mail trn mng Internet.
C php:
[tn-domain] IN MX [ u tin] [tn mail server]
V d:
thanhlong.com IN MX 0 mail-svr.thanhlong.com.

T: 08.6. 2678999 Fax: 08 6261 0304
Record PTR (Pointer):
Dng nh x a ch IP vo tn.
C php:
[a ch IP] IN PTR [tn my]
V d:
1.0.31.172.in-addr.arpa IN PTR ldap-svr.thanhlong.com.
hoc
1
IN
PTR
ldap-svr.thanhlong.com
10. Gii thiu phn mm BIND:

Hu ht cc phin bn ca Linux s dng phn mm Bind l DNS server.
Mt s package ca BIND:
bind-9.3.6-4.P1.el5: l package chnh ca DNS Server, cung cp file cu hnh
dch v, file script ci t h thng DNS.
bind-libs-9.3.6-4.P1.el5: cung cp cc th vin tr gip cho DNS Server.
bind-utils-9.3.6-4.P1.el5: cung cp cc tin ch tch hp cho DNS Server.
bind-chroot-9.3.6-4.P1.el5: l package cung cp mt s tnh nng bo mt
mi gii hn truy xut file cu hnh ca dch v DNS.
Mt s tp tin cu hnh:
/etc/named.conf
/var/named/
Tn tp tin
ngha
/var/named/zone_file
Khai bo zone file, ch nh ty chn cu hnh
named.conf
Khai bo zone thun v zone nghch
named.ca
Cha cc root name server
named.empty
Ch nh CSDL cho zone 0.in-addr.arpa

T: 08.6. 2678999 Fax: 08 6261 0304
named.localhost
CSDL ca zone thun localhost
named.loopback
CSDL ca zone nghch
Cc bc cu hnh DNS
Khai bo zone trong tp tin /etc/named.conf.
Khai bo resource record cho zone thun v zone nghch.
Hiu chnh cc ty chn cho dch v DNS trong tp tin /etc/named.conf.
Cu hnh DNS Client.
Kim tra hot ng.
Khai bo zone trong tp tin /etc/named.conf:
Zone: nh ngha mt zone qun l CSDL cho min hay min con. Thng
thng khi cu hnh, ta khai bo hai zone: zone thun v zone nghch.
C php:
zone tn_min" {
type master/slave/hint/stub;
[ masters {/c IP ca Primary Name server;};]
file tn_file_CSDL";
};
type: ch ra loi name server.
master: ch ra a ch IP ca master name server.
file: ch nh tp tin m t cc resource record.
V d: cu hnh cho zone thun thanhlong.com v zone nghch
0.31.172.in-addr.arpa, ta khai bo nh sau:

T: 08.6. 2678999 Fax: 08 6261 0304
//zone thun
zone thanhlong.com" {
type master;
file db.thanhlong.com";
allow-query { any; };
};
//zone nghch
zone 0.31.172.in-addr.arpa" {
type master;
file db.172.31.0";
allow-query { any; };
};
Cu hnh zone file:
To tp tin CSDL phn gii tn my tnh thnh a ch IP
To tp tin CSDL phn gii a ch IP thnh tn my tnh
Tp tin CSDL phn gii thun

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 20: File cu hnh zone thun

Tp tin CSDL phn gii nghch
Hnh 21: File cu hnh zone nghch

Cu hnh DNS Client:
Cu hnh DNS Client c th s dng cng c nslookup kim tra hot
ng ca name server va cu hnh.
Trong Linux, nhng thng s cu hnh DNS Client c lu trong tp tin
/etc/resolv.conf.
Ni dung tp tin /etc/resolv.conf
nameserver [a ch IP ca Name-Server]
search [tn min]

T: 08.6. 2678999 Fax: 08 6261 0304
V d :
nameserver 172.31.0.3
search thanhlong.com
Kim tra hot ng:
Cc cng c gip kim tra cu hnh DNS l lnh nslookup, lnh host, lnh named-checkconf,
lnh named-checkzone.
Lnh named-checkconf named.conf kim tra li trn tp tin cu hnh zone.
Lnh named-checkzone d zonename zonefile.zone kim tra li trong
tp tin phn gii thun.
Lnh named-checkzone d reversezonename zonefile.rev kim tra li trn
file phn gii nghch.
Lnh nslookup
# nslookup
Lnh host kim tra DNS tng ng vi lnh nslookup
# host www.thanhlong.com
II. Dch v FTP (File Transfer Protocol):

1. Gii thiu:
FTP l t vit tt ca File Transfer Protocol. Giao thc ny c xy dng da
trn chun TCP/IP, FTP cung cp c ch truyn tin di dng tp tin (file) thng
qua mng TCP/IP, FTP l mt dch v c bit v n dng n 02 cng: cng 20
dng truyn d liu (data port) v cng 21 dng truyn lnh (command
port).
2. M hnh hot ng:
FTP c 02 ch hot ng l: Active FTP (ch ch ng) v Passive FTP
(ch th ng).
Active FTP:

T: 08.6. 2678999 Fax: 08 6261 0304
ch ch ng (active), my khch FTP (FTP Client) dng mt cng ngu
nhin khng dnh ring (cng N > 1024) kt ni vo cng 21 ca FTP Server.
Sau , my khch lng nghe trn cng N + 1 v gi lnh PORT N + 1 n
FTP Server. Tip theo t cng d liu ca mnh, FTP Server s kt ni ngc
li vo cng d liu ca Client khai bo trc (tc l N + 1).
kha cnh Firewall, FTP Server h tr ch active cc knh truyn sau
phi m:
Cng 21 phi c m cho bt c ngun gi no ( Client khi to kt
ni).
FTP Servers port 21 to ports > 1024 (Server tr li v cng iu khin ca
Client).
Cho kt ni t cng 20 ca FTP Server n cc cng > 1024 (Server khi
to kt ni vo cng d liu ca Client).
Nhn kt ni hng n cng 20 ca FTP Server t cc cng > 1024
(Client gi xc nhn ACKs n cng data ca Server).
Hnh 22: S kt ni active FTP

Bc 1: Client khi to kt ni vo cng 21 ca Server v gi lnh PORT
1027.
Bc 2: Server gi xc nhn ACK v cng lnh ca Client.
Bc 3: Server khi to kt ni t cng 20 ca mnh n cng d liu m
Client khai bo trc .
Bc 4: Client gi phn hi cho Server.

T: 08.6. 2678999 Fax: 08 6261 0304
Passive FTP:
gii quyt vn l Server phi to kt ni n Client, mt phng thc kt
ni FTP khc c pht trin. Phng thc ny gi l FTP th ng
(passive) hoc PASV (l lnh m client gi cho Server bo cho bit l n
ang ch passive).
ch th ng, FTP client to kt ni n Server, trnh vn Firewall lc
kt ni n cng ca my bn trong t Server. Khi kt ni FTP c m,
Client s m 02 cng khng dnh ring N, N + 1 (N > 1024). Cng th nht
dng lin lc vi cng 21 ca Server, nhng thay v gi lnh PORT v sau
l server kt ni ngc v client, th lnh PASV c pht ra. Kt qu l
server s m 01 cng khng dnh ring bt k P (P > 1024) v gi lnh PORT
P ngc v cho client. Sau client s khi to kt ni t cng N + 1 vo cng
P trn server truyn d liu.
T quan im Firewall trn server FTP, h tr FTP ch passive, cc
knh truyn sau phi c m:
Cng FTP 21 ca server nhn kt ni t bt k ngun no (cho client khi
to kt ni).
Cho php tr li t cng 21 FTP server n cng bt k trn 1024 (Server
tr li cho cng Control ca Client).
Nhn kt ni trn cng FTP server > 1024 t bt c ngun no (Client to
kt ni truyn d liu n cng ngu nhin m server ch ra).
Cho php tr li t cng FTP server > 1024 n cc cng > 1024 (Server
gi xc nhn ACKs n cng d liu ca Client).

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 23: S kt ni passive FTP

Bc 1: Client kt ni vo cng lnh ca Server v pht lnh PASV.
Bc 2: Server tr li bng lnh PORT 2024, cho Client bit cng 2024
ang m nhn kt ni d liu.
Bc 3: Client to kt ni truyn d liu t cng d liu ca n n cng
d liu 2024 ca server.
Bc 4: Server tr li xc nhn ACK v cho cng d liu ca Client.
Trong khi FTP ch th ng gii quyt c vn pha Client th n li
gy ra nhiu vn khc pha Server. Th nht l cho php my xa kt
ni vo cng bt k > 1024 ca Server. iu ny kh nguy him tr khi FTP
cho php m t dy cc cng >= 1024 m FTP server s dng.
Vn th hai l mt s FTP client li khng h tr ch th ng. Khi
cn phi c thm trnh FTP client. Hu ht cc trnh duyt Web ch h tr FTP
th ng khi truy cp FTP server theo ng dn URL ftp://.
3. Chng trnh FTP Client:
L chng trnh giao tip vi FTP server, hu ht cc h iu hnh u h tr
FTP client, trn Linux hoc trn Windows m kt ni ti FTP server ta dng
lnh: ftp <ftp_address>.
thit lp mt phin giao dch, ta cn phi c a ch IP (hoc tn my tnh), mt
ti khon (username, password). Username m FTP h tr sn cho ngi dng
m mt giao dch FTP c tn l: anonymous vi password rng.

T: 08.6. 2678999 Fax: 08 6261 0304
4. Mt s tp lnh ca FTP Client:
TN LNH
C PHP
NGHA
? hoc lnh help
? [Command]
Hin th gip v [Command]
append
Append local-file[remote-file]
Ghp 1 file cc b vi 1 file

trn server.
ascii
ASCII
Ch nh kiu truyn file l ascii

(y l kiu truyn mc nh)
binary
Binary
Ch nh kiu truyn file l

binary (y l kiu truyn mc
nh)
Bye
Bye
Kt thc FTP session
Cd
cd remote-directory
Thay i ng dn th mc
trn FTP server
delete
delete remote-file
Xa file trn FTP server
Dir
dir remote-directory
Lit k danh sch file
Get
get remote-file [local-file]
Download file t FTP server v

my cc b
Lcd
lcd [directory]
Thay i th mc trn my cc
b
Ls
ls [remote directory] [local file]
Lit k cc tp tin v th mc
mdelete
mdelete remote-file []
Xa nhiu file
Mget
mget remote-file []
Download nhiu file
Mkdir
mkdir directory
To th mc
Put
put local-file [remote-file]
Upload tp tin
Mput
mput local-file []
Upload nhiu tp tin
Open
open computer [port]
Kt ni ti FTP server
Prompt
Prompt
Tt c ch confirm sau mi ln
download file
Disconnect
Disconnect
Hy kt ni FTP
Pwd
Pwd
Xem th mc hin ti
Quit
Quit
Thot khi FTP session
Recv
recv remote-file [local file]
Copy file t remote v local
Rename
rename filename newfilename
Thay i tn file
Rmdir
rmdir directory
Xa th mc
Send
send local-file [remote-file]
Copy file t local n remote
User
user user-name [password]

[account]
Chuyn i user khc

T: 08.6. 2678999 Fax: 08 6261 0304
Chng ta c th s dng trnh duyt web kt ni vi FTP server theo c php
sau: ftp://<a ch FTP_server>.
5. Ci t v cu hnh FTP:
vsftpd (Very Secure FTP Daemon): l mt phn mm lm FTP server c tch
hp chung vi h iu hnh Linux. vsftpd c pht trin xoay quanh tnh nng
truy cp nhanh, n nh v an ton, h tr nhiu kt ni ng thi n FTP Server.
Sau y lit k nhng tp tin v th mc thng c quan tm khi cu hnh
vsftpd server:
/etc/pam.d/vsftpd: Tp tin cu hnh PAM cho vsftpd. Tp tin ny nh ngha
nhng yu cu m ngi dng phi cung cp khi ng nhp vo ftp server.
/etc/vsftpd/vsftpd.conf: Tp tin cu hnh vsftpd server.
/etc/vsftpd/ftpusers: Lit k nhng ngi dng khng c login vo vsftpd.
Mc nh danh sch nhng ngi dng ny gm root, bin, daemon
/etc/vsftpd/user_list: Tp tin ny c cu hnh cm hay cho php nhng
ngi dng c lit k truy cp ftp server, iu ny ph thuc vo ty chn
userlist_deny c xt YES hay NO trong tp tin vsftpd.conf. Nu nhng
ngi dng lit k trong tp tin ny th khng c xut hin trong
vsftpd.ftpusers.
/var/ftp/: Th mc cha nhng tp tin p ng cho vsftpd, n cng chc th
mc pub cho ngi dung anonymous. Th mc ny ch c th c, ch c root
mi c kh nng ghi.
Sau khi ci t vsftpd hoc sau khi chng ta hay i cu hnh, ta phi kch hot
dch v FTP. Qu trnh khi ng li s gip cho daemon vsftpd cp nht li cc
thng s m ta thay i, s dng lnh chkconfig vsftpd on t dch v FTP l
system services. Mt s lnh cn s dng khi ta mun khi ng li dch v FTP:
#service vsftpd start/stop/restart
#/etc/init.d/vsftpd start/stop/restart

T: 08.6. 2678999 Fax: 08 6261 0304
Mc nh dch v FTP s dng phn mm vsftpd cho php ngi dung
anonymous, ngi dung cc b h thng c quyn login vo ftp_server, ch c
user root v nhng user khc c UID<100 khng c login.
i vi anonymous c login vo ftp_server v c th mc gc /var/ftp vi
quyn truy xut read (c v truy xut d liu).
i vi ngi dng cc b (localuser) c quyn login vo dch v ftp v c th
mc ftp root l /home/username (username l tn user login) vi quyn read &
write.
Tt c nhng cu hnh ca vsftpd c lu gi trong tp tin cu hnh
/etc/vsftpd/vsftpd.conf. Mi ty chn trong tp tin c nh dng sau: <ty
chn>=<value>. Nhng dng ch thch c nh du #.
Daemon:
Listen: Khi n c gi tr YES th vsftpd chy trong ch standalone. Thuc
tnh ny khng c xt vi listen_ipv6, mc nh c gi tr l YES.
ng nhp v iu khin truy cp:
anonymous_enable: nu ty chn ny c gi tr l YES th ngi dng
anonymous c php login vo, gi tr mc nh l YES.
banned_email_file: nu ty chn deny_email_enable c xt l YES, ty
chn ny ch ra tp tin cha danh sch nhng password email ca anonymous
khng
cho
php
truy
cp
server,
gi
tr
mc
nh:
/etc/vsftpd/banned_emails.
banner_file: ch ra tp tin text s c hin th khi kt ni n server c thit
lp.
cmds_allowed: ch ra danh sch nhng lnh ftp (phn cch nhau b du phy)
c cho php bi ftp server. Tt c nhng lnh khc s b t chi.
deny_email_enable: nu ty chn ny c gi tr l YES th ngi dng
anonymous
dng
password
ch
ra
trong
tp
tin
/etc/vsftpd/banned_emails b cm truy cp n server, gi tr mc nh l NO.


T: 08.6. 2678999 Fax: 08 6261 0304
ftpd_banner: nu ty chn ny c gi tr l YES th chui c ch ra trong ty
chn ny s hin th khi ngi dng thit lp kt ni vi server. Ty chn ny
s ghi ln banner_file. Mc nh vsftpd hin th banner chun.
local_enable: nu ty chn ny c gi tr l YES th nhng ngi dng cc b
c login vo h thng.
userlist_deny: c s dng khi ty chn userlist_enable c t l NO, tt
c nhng ngi dng cc b b cm truy cp tr nhng ngi dng c ch
ra trong userlist_file. Bi v nhng truy cp b cm trc khi client c yu
cu nhp vo password, t ty chn ny l NO ngn chn nhng ngi
dng cc b gi password khng m ha trn mng.
userlist_enable: nu ty chn ny c gi tr YES th nhng ngi dng c
ch ra trong tp tin userlist_file b cm truy cp. Bi v client b cm trc khi
client nhp password, ngi dng b ngn chn gi password khng m ha
trn mng, mc nh l YES.
Ngi dng anonymous:
anon_mkdir_write_enable: nu ty chn ny c gi tr l YES v kt hp vi
write_enable=YES th ngi dng anonymous c php to th mc mi
trong th mc cha c quyn write.
anon_other_write_enable: nu ty chn ny c gi tr l YES v kt hp vi
write_enable=YES th ngi dng anonymous c php xa v i tn th
mc.
anon_root: ch ra th mc vsftpd trao i khi ngi dng anonymous login vo.
anon_upload_enable: nu ty chn ny c gi tr l YES v cng vi
write_enable=YES th ngi dng anonymous c php upload tp tin trong
th mc cha vi quyn ghi.
anon_world_readable_only: nu ty chn ny c gi tr l YES th ngi dng
anonymous ch c php download nhng tp tin c quyn c.
Ngi dng cc b:

T: 08.6. 2678999 Fax: 08 6261 0304
Nhng ty chn lit k sau y s nh hng n cch truy cp ca ngi
dng cc b n server. s dng nhng ty chn ny, ty chn
local_enable=YES.
Local_enable: cho php ngi dng cc b truy cp n ftp server.
chmod_enable: cho php ngi dng c php thay i quyn hn trn tp
tin.
chroot_local_user: nu ty chn ny c gi tr l YES th ngi dng c th di
chuyn n home directory ca h sau khi login vo.
local_root: ch ra th mc vsftpd sau khi ngi dng cc b login vo.
III. Dch v Web:

1. Gii thiu giao thc HTTP:
HTTP l mt giao thc cho php trnh duyt Web Browser v servers c th giao
tip vi nhau. N chun ha cc thao tc c bn m mt Web server phi lm
c.
HTTP bt u l mt giao thc n gin ging nh vi cc giao thc chun khc
trn Internet, thng tin iu khin c truyn di dng vn bn th thng qua
kt ni TCP. Do , kt ni HTTP c th thay th bng cch dng lnh telnet
chun.
V d:
> telnet www.ispace.edu.vn 80
GET /index.html HTTP/1.0
Cng 80 l cng mc nh dnh cho Web server lng nghe cc kt ni c gi
n. p ng lnh HTTP GET, Web server tr v cho client trang index.html
thng qua phin lm vic telnet ny v sau ng kt ni. Thng tin tr v di
dng cc tag HTML:
<HTML>
<HEAD>
<TITLE>ispace Homepage</TITLE>
</HEAD>
[..]

T: 08.6. 2678999 Fax: 08 6261 0304
</HTML>
Giao thc ch thc thi n gin hai thao tc yu cu / p ng (request /
response). Mt trong cc thay i ln nht trong HTML/1.1 l n h tr kt ni lu
di (persistent connection).
Hnh 20: Hot ng ca giao thc HTTP

Trong HTTP/1.0, mt kt ni phi c thit lp n server cho mi i tng m
Browser mun download. Nhiu trang Web c rt nhiu hnh nh, ngoi vic ti
trang HTML c bn, browser phi ly v mt s lng hnh nh. Nhiu ci trong
chng thng l nh hoc ch n thun l trang tr cho phn cn li ca trang
HTML. Thit lp mt kt ni cho mi hnh nh tht lng ph, v s c nhiu gi
thng tin mng s c lun chuyn gia Web browser v Web server trc khi
d liu nh c truyn v.
Ngc li, m mt kt ni TCP truyn ti liu HTML v sau mi hnh nh s
truyn ni tip theo nh th s thun tin hn v qu trnh thit lp cc kt ni
TCP s c gim xung.
2. Web server v hot ng:

T: 08.6. 2678999 Fax: 08 6261 0304
Ban u Web server ch phc v cc ti liu HTML v hnh nh n gin. Tuy
nhin, n thi im hin ti n c th lm nhiu hn th. u tin xt Web server
mc c bn, n ch phc v cc ni dung tnh. Ngha l khi web server nhn
mt yu cu t web browser http://www.ispace.edu.vn/index.html, n s nh x
ng dn ny (Uniform Resource Locator URL) thnh mt tp tin cc b trn
my web server.
My ch sau s np tp tin ny t a v a n thng qua mng n web
browser ca ngi dng. Web browser v web server s dng giao thc HTTP
trong qu trnh trao i d liu. Cc trang ti liu HTML l mt vn bn th (raw
text). Chng cha cc th nh dng (HTML tag).
V d:
<html>
<head> <title> WWW </title>
</head>
<body>

<a href=http://www.ispace.edu.vn/>Trng Cao ng ngh CNTT
iSPACE</a>


</body>
</html>
Trn c s phc v nhng trang web tnh n gin ny, ngy nay web server
c pht trin vi nhiu thng tin phc tp hn c chuyn gia web server v
web browser, trong quan trng nht c l l ni dung ng (dynamic content).
Vi phin bn u tin, web server hot ng theo m hnh sau:
Tip nhn cc yu cu t Browsers.
Trch ni dung t a.
Chy cc chng trnh CGI
Truyn d liu ngc li cho client.
Chy cng nhanh cng tt.

T: 08.6. 2678999 Fax: 08 6261 0304
Tuy nhin, cch hot ng ca m hnh trn khng hon ton tng thch ln
nhau. V d, mt web server n gin phi theo cc lut logic sau:
Chp nhn kt ni.
Sinh ra cc ni dung tnh hoc ng cho browser.
ng kt ni.
Chp nhn kt ni.
Lp li qu trnh trn.
iu ny s thc hin tt i vi cc web site n gin, nhng server s bt u
gp phi vn khi c nhiu ngi truy cp hoc c qu nhiu trang web ng
phi tn thi gian tnh ton cho ra kt qu.
V d: Nu mt chng trnh CGI tn 30 giy sinh ra ni dung, trong thi gian
ny web server c th s khng phc v cc trang khc na. Do vy, mc d m
hnh ny hot ng c, nhng n vn cn phi thit k li phc v c
nhiu ngi trong cng mt lc. Web server c xu hng tn dng u im ca
c hai phng php khc nhau gii quyt vn ny l: a tiu trnh (multithreading) hoc a tin trnh (multi-processing) hoc cc h lai gia multiprocessing v multi-threading.
3. Web client:
L nhng chng trnh duyt web pha ngi dng, nh internet Explorer,
Netscape, Fire fox, opera.., hin th nhng thng tin trang web cho ngi
dng, web client s gi yu cu n web server, sau i web server x l tr
kt qu v cho web client hin th cho ngi dng. Tt c mi yu cu u c
x l bi web server.
4. Web ng:
Mt trong cc ni dung ng (thng gi tt l web ng) c bn l cc trang web
c to ra p ng cc d liu nhp vo ca ngi dng trc tip hay gin
tip.

T: 08.6. 2678999 Fax: 08 6261 0304
Cch c in nht c dng ph bin nht cho vic to ni dung ng l s
dng Common Gateway Interface (CGI). C th l CGI nh ngha cch thc Web
server chy mt chng trnh cc b, sau nhn kt qu v tr v cho Web
browser ca ngi dng gi yu cu.
Web browser thc s khng bit ni dung ca thng tin l ng, bi v CGI v c
bn l mt giao thc m rng ca Web server. Hnh v sau minh ha khi Web
browser yu cu mt trang web ng pht sinh t mt chng trnh CGI
Hnh 21: M t pht sinh web ng t chng trnh CGI

Mt giao thc m rng na ca HTTP l HyperText Transmission Protocol Secure
(HTTPS) dng bo mt cc thng tin nhy cm khi chuyn chng qua mng.
5. Ci t v cu hnh Web server:
5.1 Gii thiu phn mm Apache:
Apache hay l chng trnh my ch web s dng giao thc HTTP. Apache
ng mt vai tr quan trng trong qu trnh pht trin ca mng WWW trn
Internet.

T: 08.6. 2678999 Fax: 08 6261 0304
Apache c pht trin v duy tr bi mt cng ng m ngun m di s
bo tr ca Apache Software License v l mt phn mm min ph.
Apache h tr y cc chc nng ca Web service.
Apache l mt phn mm c nhiu tnh nng mnh v linh hot dng lm
Web server:
H tr y nhng giao thc HTTP trc y nh HTTP/1.1.
C th cu hnh v m rng vi nhng module ca cng ty th ba.
Cung cp source code y vi license khng hn ch.
Chy trn nhiu h iu hnh nh: Windows, Netware, OS/2 v trn hu ht
cc h iu hnh Linux.
5.2 Ci t Apache:
Ci t package httpd-2.2.3-4.el5.centos.rpm t cdrom hoc ti t Internet
# rpm -ivh httpd-2.2.3-4.el5.centos.rpm
5.3 Thng tin cu hnh:
/etc/httpd/conf: th mc lu gi tp tin cu hnh nh httpd.conf.
/etc/httpd/modules: lu cc module ca Web Server.
/etc/httpd/logs: lu cc tp tin log ca Apache.
/var/www/html: lu cc trang Web.
/var/www/cgi-bin: lu cc script s dng cho cc trang Web.
Cc tp tin khc ca phn mm Apache c th tham kho thm qua lnh rpm
ql httpd.
5.4 Cu hnh c bn:
Cho php publish websize c ni dung l trang web tnh dng HTML.
Cc bc thc hin:
Chp ni dung Website vo th mc /var/www/html/
To tn Website (v d: www.thanhlong.com)

T: 08.6. 2678999 Fax: 08 6261 0304
Thay i thng s ServerName www.thanhlong.com
Ch nh trang ch hin th cho ni dung Website thng qua t kha
DirectoryIndex default.html (gi s trang default.html l trang ch ca Website)
Khi to li dch v httpd qua lnh: # service httpd restart
Dng lnh lynx www.thanhlong.com kim tra
5.5 Cu hnh chng thc:
i vi nhng thng tin cn bo mt, khi c yu cu truy xut thng tin ny,
Webserver phi chng thc nhng yu cu ny c hp l hay khng.
Thng tin chng thc thng bao gm: username v password
C hai loi chng thc:
Basic Authentication.
Digest Authentication.
Basic Authentication:
Vi username v password m ngi dng cung cp ch c tc dng
trong ln giao dch ca Web Browser vi Web Server lc . Nu ln
sau truy cp li website ny, ngi dng phi nhp li username v
password.
Cc bc cu hnh chng thc Basic:
- To tp tin lu mt khu ca ngi dng v cp quyn truy xut cho
tp tin ny.
- To tp tin group (nu mun chng thc cho nhm).
- Cu hnh Apache.
Bc 1: To tp tin lu mt khu v cp quyn truy xut
C php:
# htpasswd c <v tr tp tin password> <username>

T: 08.6. 2678999 Fax: 08 6261 0304
- Ty chn c s to tp tin password mi. Nu tp tin ny tn ti, n
s xa ni dung c v ghi li ni dung mi.
- <v tr tp tin password>: thng thng to ti th mc cha tp tin cu
hnh Apache /etc/httpd/conf
- V d: To tp tin lu mt khu cho user tuandq
# htpasswd -c /etc/httpd/conf/passwords tuandq
Cp quyn truy xut
# chmod 755 <tp_tin_password>
Bc 2: To tp tin group
- Nhm to iu kin thun li cho ngi qun tr trong vic qun l s
chng thc, Apache h tr thm tnh nng chng thc nhm ngi
dng.
- Dng tng qut ca tp tin group:
<groupname>: <user lists>
- groupname: tn nhm.
- user list: danh sch cc thnh vin trong nhm (cch nhau bi khong
trng).
- V d: authors: tuandq duytha kientd
Bc 3: Cu hnh Apache
- Sau khi to tp tin password v group, cu hnh chng thc ca
Apache c thit lp vi nhng ch dn sau:
Alias <path_HTTP> </th mc cc b>
<Directory [/th mc cc b]>
AuthType Basic
AuthName [tn_chng_thc]
AuthUserFile [v_tr_tp_tin_password]

T: 08.6. 2678999 Fax: 08 6261 0304
AuthGroupFile [v_tr_tp_tin_group]
Require user [tn_user1] [tn_user2] . . .
Require group [tn_nhm1] [tn_nhm2] . . .
Option Indexes (hin th nhng file dng khc html)
</Directory>
Digest Authentication
Digest Authentication cung cp mt phng php bo v ni dung web
mt cch lun phin.
M hnh chng thc:
Hnh 22: Chng thc Digest

Cc bc thc hin tng t nh Basic Authentication
Bc 1: To tp tin lu mt khu v cp quyn truy xut
C php:
# htdigest c <tp tin pass> <Auth_name> <username>
- Ty chn c s to tp tin password mi. Nu tp tin ny tn ti, n
s xa ni dung c v ghi li ni dung mi.
- <v tr tp tin password>: thng thng to ti th mc cha tp tin cu
hnh Apache /etc/httpd/conf

T: 08.6. 2678999 Fax: 08 6261 0304
- V d: To tp tin lu mt khu cho user tuandq
# htpasswd -c /etc/httpd/conf/passwords tn_chng_thc tuandq
Bc 2: To tp tin group
- Nhm to iu kin thun li cho ngi qun tr trong vic qun l s
chng thc, Apache h tr thm tnh nng chng thc nhm ngi
dng.
- Dng tng qut ca tp tin group:
<groupname>: <user lists>
- groupname: tn nhm.
- user list: danh sch cc thnh vin trong nhm (cch nhau bi khong
trng).
- V d: authors: tuandq duytha kientd
Bc 3: Cu hnh Apache
- Sau khi to tp tin password v group, cu hnh chng thc ca
Apache c thit lp vi nhng ch dn sau:
Alias <path_HTTP> </th mc cc b>
<Location [/path_HTTP]>
AuthType Digest
AuthName [tn_chng_thc]
AuthDigestProvider file
AuthUserFile [v_tr_tp_tin_password]
AuthGroupFile [v_tr_tp_tin_group]
Require user [tn_user1] [tn_user2] . . .
Require group [tn_nhm1] [tn_nhm2] . . .
</Location>
IV. Dch v Squid Proxy:


T: 08.6. 2678999 Fax: 08 6261 0304
1. Gii thiu Squid:
Squid l mt chng trnh Internet proxy-caching c vai tr tip nhn cc yu cu
t cc client v chuyn cho Internet server thch hp. ng thi, n s lu ln a
nhng d liu c tr v t Internet server gi l caching. Chng trnh ny
dng cu hnh Proxy server, v vy u im ca Squid l khi mt d liu m
c yu cu nhiu ln th Proxy server s ly thng tin t cache tr v cho client.
iu ny lm cho tc truy xut Internet nhanh hn v tit kim bng thng.
Hnh 22: Squid Proxy

Squid da trn nhng c t ca giao thc HTTP nn n ch l mt HTTP Proxy.
Do , Squid ch c th l mt Proxy cho nhng chng trnh m chng dng giao
thc ny truy cp Internet.
2. Nhng giao thc h tr trn Squid:
Squid s nhn nhng yu cu t client. Squid h tr nhng giao thc sau:
HTTP.
FTP.
Gopher.
Wide Area Information.
Secure Socket Layer c ch bo mt cho nhng giao dch trn mng.

T: 08.6. 2678999 Fax: 08 6261 0304
3. Trao i cache:
Squid c kh nng chia s d liu gia nhng cache vi nhau. Vic chia s ny
mang li nhng li ch nh:
User Base: Nu s lng client truy cp Internet thng qua Proxy cng nhiu
th kh nng mt i tng no c yu cu 2 ln s cao hn.
Reduce load: Gim ti truy xut cho ng truyn.
Disk space: Nu chng ta chuyn cn bng gia cc cache vi nhau s trnh
c vic sao li d liu lu. Do dung lng a cng dnh cho vic lu
tr cache s gim.
4. Ci t v cu hnh Squid Proxy:
Ci t package squid-version.i386.rpm
/usr/local/squid: th mc ci t squid
/usr/local/squid/bin: th mc lu binary squid v tool c h tr
/usr/local/squid/cache: th mc lu nhng d liu c cache.
/usr/local/squid/etc: nhng tp tin cu hnh squid.
/usr/local/squid/src: th mc lu source code squid.
V tr cc th mc mc nh c nhng im khc sau:
/usr/sbin: Lu nhng th vin ca Squid .
/etc/squid: Lu cc tp tin cu hnh squid.
/var/log/squid: Lu cc tp tin log ca squid.
Cu hnh squid:
Tp tin cu hnh

T: 08.6. 2678999 Fax: 08 6261 0304
Tt c nhng tp tin cu hnh squid c lu trong th mc
/usr/local/squid/etc (Linux: /etc/squid). Mt tp tin cu hnh quan trng quyt
nh s hot ng ca squid /etc/squid/squid.conf
Nhng ty chn c bn
- http_port: cu hnh cng HTTP
http_port <cng>
- cache_dir: cu hnh th mc lu tr d liu c cache, th mc ny c
kch thc mc nh l 100MB.
cache_dir /usr/local/squid/cache 100 16 256
- 16 level-1 subdirectory ca th mc /usr/local/squid/cache, level-2
subdirectory cho mi level-1
- cache_access_log: ch ra ni lu tp tin log.
cache_access_log /var/log/squid/access.log
- Cache_log: Lu tr cc thng tin chung v cache.
cache_log /var/log/squid/cache.log
- Cache_store_log: Lu tr cc thng tin v i tng c cache trn
proxy, thi gian lu tr,
- Cache_effective_user, cache_effective_group: ngi dng v nhm c th
thay i squid.
- V d:
cache_effective_user squid
cache_effective_group squid
- Access Control List v Access Control Operators: Bn dng Access Control

List v Access Control Operators ngn chn, gii hn vic truy xut da
vo tn min, a ch IP ch.

T: 08.6. 2678999 Fax: 08 6261 0304
- C php:
acl aclname acltype string

acl aclname acltype file
- V d: Cu trc mu v ACL
acl
acl
acl
acl
acl
acl
acl
acl
acl
aclname
aclname
aclname
aclname
aclname
aclname
aclname
aclname
aclname
src ip-address/netmask ...

srcdomain .foo.com ...
dst
ip-address/netmask ...
dstdomain .foo.com ...
time [day-abbrevs] [h1:m1-h2:m2]
url_regex
[-i] ^http:// ...
port 80 70 21 ...
proto HTTP FTP ...
method
GET POST ...
- Th iu khin truy xut HTTP

http_access allow/deny [!]aclname
- Th iu khin truy xut cache_peer
cache_peer_access cache-host allow|deny [!]aclname ...
- V d 1: Cho php mng 172.31.0.0/24 dng proxy server bng t kha src
trong acl.
acl MyNetwork src 172.31.0.0/255.255.255.0
http_access allow MyNetwork
http_access deny all
- V d 2: Cm cc my truy xut n cc site bng t kha dstdomain trong
acl.
acl BadDomain dstdomain .yahoo.com
http_access deny BadDomain

T: 08.6. 2678999 Fax: 08 6261 0304
- V d 3: Cm cc my truy xut n cc site s dng tp tin dng vn bn
bng t kha dstdomain trong acl.
acl BadDomain dstdomain /etc/squid/danhsachcam
http_access deny BadDomain
- Lu : ng vi mi acl phi c mt http_access.
- Gii hn thi gian truy xut: m t cho php truy cp internet trong gi hnh
chnh (M: th hai, T: th ba, W: th t, H: th nm, F: th su )
acl business_hours time MTWHF 9:00-17:00
http_access allow business_hours
- Ch nh hostname cho Proxy Server
Visible_hostname <hostname>
- Cache_peer: cho php truy vn n proxy khc
cache_peer hostname type http_port icp_port
type = 'parent','sibling' hoc multicast
- V d: Cho php truy vn n proxy cha vnuserv.vnuhcm.edu.vn
cache_peer vnuserv.vnuhcm.edu.vn parent 8080 8082
Khi to squid:
To th mc cache bng lnh : # squid -z

T: 08.6. 2678999 Fax: 08 6261 0304
Chuyn quyn s hu trn th mc squid:
# chown squid:squid /var/spool/squid
# chmod 770 /var/spool/squid
Sau khi to xong th mc cache, khi ng squid bng lnh :
# /usr/local/squid/squid D&
Trong mi trng Linux, bn khng cn phi to cache. Khi khi ng bng
script, n s t ng to cache cho bn:
# chkconfig squid on
# service squid restart
Qun l kt ni:
theo di v qun l kt ni qua proxy server ta c th dng lnh:
# tail f /var/log/squid/access.log
V. Dch v Mail Server:

1. Gii thiu:
H thng mail c xy dng trn mt s giao thc sau: Simple Mail Transfer
Protocol (SMTP), Post Office Protocol (POP), Multipurpose Internet Mail
Extensions (MIME) v Interactive Mail Access Protocol (IMAP).
Giao thc SMTP:
L giao thc tin cy chu trch nhim phn pht mail.
Cc tp lnh trong giao thc SMTP
Lnh
Hello
From
C php
HELLO <sending-host>
MAIL FROM:<from-addr>
Din gii
Nhn din SMTP
a ch ngi gi

T: 08.6. 2678999 Fax: 08 6261 0304
Recipient
Data
Reset
Verify
Expand
Help
RCPT TO:<to-addr>
DATA
RSET
VRFY <string>
EXPN <string>
HELP [string]
c ch ngi nhn
Bt u gi thng ip
Hy b thng in
Kim tra username
M rng danh sch mail
Yu cu gip
s dng cc lnh SMTP, ta dng lnh telnet theo port 25 trn h thng
xa.
SMTP l h thng phn pht mail trc tip t Mail server gi n Mail server
nhn.
Giao thc POP:
C hai phin bn ca POP c s dng rng ri l POP2 v POP3.
Cc tp lnh trong giao thc POP3 (s dng cng 110)
Lnh
USER username
PASS password
START
RETR/DELE n
LAST
LIST [n]
RSET
TOP n
QUIT
Din gii
Cho bit thng tin v username cn nhn mail
Password ca username cn nhn mail
Hin th s thng ip cha c c (n v bytes)
Nhn/Xa thng ip th n
Hin th thng ip message cui cng
Hin th kch thc ca thng ip th n
Quay li thng ip u tin
In cc HEADER v dng th n ca thng ip
Kt thc phin giao dch POP3
2. H thng mail:
Mt h thng mail yu cu phi c t nht hai thnh phn, n c th nh v trn hai
h thng khc nhau hoc trn cng mt h thng: mail server v mail client.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 23: S h thng mail

Mail Gateway:
L my kt ni gia cc mng dng giao thc truyn thng khc nhau hoc kt
ni cc mng khc nhau dng chung giao thc.
Mail Host:
L my gi vai tr my ch mail chnh trong h thng mng.
Mail Server:
Cha cc mailbox ca ngi dng.
Mail Client:
L nhng h thng m n cho php tp tin mail spool ca user c c thng
qua c ch mount NFS th mc /var/mail t mail hub.
Cc h thng Mail thng s dng:
H thng mail cc b:

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 24: H thng mail cc b

H thng mail cc b c kt ni t xa:
Hnh 25: H thng mail cc b c kt ni t xa

H thng hai domain v mt gateway
- Cu hnh di y gm hai domain v mt mail gateway. Trong h thng
ny mail server, mail host v mail gateway cung cp trn domain hot ng
nh mt h thng c lp.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 26: H thng mail hai Domain & mt Gateway

3. Cc khi nim:
Mail User Agent (MUA):
L nhng chng trnh m ngi s dng dng c, son tho v gi mail.
Mail Transfer Agent (MTA):
L chng trnh chuyn th gia cc my mail hub. Sendmail l mt Mail
Transfer Agent (MTA) dng giao thc SMTP ng vai tr l mt SMTP
Server lm nhim v nh tuyn trong vic phn th .
Mailbox:
L mt tp tin lu tr tt c cc mail ca ngi dng. Thng thng, tn ca
mailbox trng vi tn ng nhp ca ngi dng. Tp tin ny t trong th
mc /var/spool/mail.
Mail queue:

T: 08.6. 2678999 Fax: 08 6261 0304
Cc mail gi i c th c chuyn i ngay hoc cng c th c chuyn
vo hng i.
Mail b danh:
Phn phi n cho cng nhiu ngi qua nhiu a ch khc nhau.
Phn phi n cho cng nhiu ngi qua cng mt a ch
Kt ni th vi mt tp tin lu tr hoc dng cho cc mc ch khc nhau.
Lc th thng qua cc chng trnh hay cc script
Trn h thng Linux, tp tin cu hnh l: /etc/aliases
Mailing List v Forward:
Mailing list ni b: l mt mc trong tp tin aliases vi phn bn phi c nhiu
hn mt ngi nhn.
- V d: trong tp tin aliases c cc dng sau
admin : bob, jim, phil
bob : \bob, /u/bob/admin/maillog
- admin v bob chnh l hai danh sch mail (mailing list) v n c phn tch
ra thnh nhiu a ch ngi nhn.
Forwarder: chng trnh mail postfix cho php mi ngi dng c mt tp tin
lu danh sch cc a ch s nhn mail ca mnh.Tp tin ny c tn .forward
nm trong Home Directory ca ngi dng.
- V d: Trong Home Directory ca user tuandq to tp tin .forward c ni
dng: abc@yahoo.com
4. Mail v DNS:

T: 08.6. 2678999 Fax: 08 6261 0304
DNS v postfix l hai dch v c mi quan h mt thit vi nhau. Postfix da vo
dch v DNS chuyn mail t mng bn trong ra bn ngoi v ngc li. Khi
chuyn mail, postfix tm MX record xc nh my ch no cn chuyn mail n.
C php: [domain name] IN MX 0 [mail server]
V d: t3h.com.vn. IN MX 0 mailserver.t3h.com.vn
Mt a ch email thng c dng sau:
username@subdomain.subdomain1.top-level-domain
Thnh phn bn phi du @ l a ch min. N phn bit ch hoa v ch thng.
5. Phn mm mail Postfix:
Postfix l mt Mail Transport Agent (MTA) c vit bi Wietse Venema khi ng
ang lm vic trung tm nghin cu T. J. Watson ca IBM. c im ca
Postfix: d qun l, nhanh, an ton. Ch cn mt server vi hardware thng
thng, Postfix c th chuyn giao hng triu email mt ngy. Ngy nay postfix l
mt trong nhng MTA kh ph bin trn cc mail server.
File cu hnh: /etc/postfix/main.cf
Khi cu hnh Mail Server vi postfix, ta cn quan tm n mt vi tham s quan
trong sau:
myhostname: Tn Mail Server
mydomain: Tn Domain (v d: thanhlong.com)
myorigin: Tn t chc (c th ly t bin mydomain, v d = $mydomain).
inet_interfaces: Ch nh Interfaces
mydestination: Ch nh destination
mynetworks: Ch nh network.
Cu hnh POP v IMAP Server:
Ci t gi dovecot-1.0.7-7.el5.i386.rpm t CDROM , sau ta m file cu
hnh /etc/dovecot.conf thay i cc thng s sau:

T: 08.6. 2678999 Fax: 08 6261 0304
protocols = imap imaps pop3 pop3s ;ch nh cc protocol s dng
imap_listen = * ;ch nh trng thi listen trn card mng cho IMAP
pop3_listen = * ;ch nh trng thi listen trn card mng cho POP3
Sau thc thi lnh:
# chkconfig dovecot on
# service dovecot restar
6. Phn mm webmail:
Ci t gi:
php-mbstring-5.1.6-23.2.el5_3.i386.rpm.
squirrelmail-1.4.8-5.el5.centos.7.noarch.rpm.
Cu hnh: file /etc/squirrelmail/config.php
$domain = thanhlong.com;
Sau thc hin lnh:
# chkconfig httpd on
# service httpd start
M trnh duyt nhp vo: http://ip_address/webmail
VI. Dch v Samba:

1. Gii thiu:
Samba l chng trnh tin ch h tr vic chia s ti nguyn cho nhng my khc
nh Linux, Windows.
Phn mm Samba gm nhiu thnh phn. Daemon mang tn smbd cung cp dch
v in n v tp tin. Tp tin cu hnh ca Daemon ny l smb.conf, cn daemon
nmbd th h tr dch v tn NETBIOS.

T: 08.6. 2678999 Fax: 08 6261 0304
2. Ci t:
Chng ta c th ci t Samba trong qu trnh ci CentOS hoc ci sau bng tin
ch RPM. Cc tp tin ci t bao gm:
Samba-3.0.33-3.14.el5.i386.rpm
Samba-client-3.0.33-3.14.el5.i386.rpm
Samba-common-3.0.33-3.14.el5.i386.rpm
System-config-samba
Samba-swat
Khi to dch v:
Khi to dch v ti thi im h thng khi ng
# chkconfig smb on
Khi to dch v thng qua lnh
# service smb start|stop|restart
Kim tra hot ng ca dch v Samba
# pgrep smb
Cu hnh samba:
/etc/samba/smb.conf: l tp tin cu hnh chnh ca Samba. Tp tin ny c
nhiu phn, mi phn bt u bng du [] v tip tc n bt u ca phn
mi.
C php ca mi dng: Paramater = value.
Cc thnh phn trong tp tin cu hnh chnh
Thnh phn
Gii thch
[global]
Cha cc tham s cu hnh chung ca Samba server
[printers]
Cha cc tham s s dng cho vic cu hnh my in.
[home]
Ch nh SMB chia s th mc home directory ca user.
[netlogon]
Chia s logon script.

T: 08.6. 2678999 Fax: 08 6261 0304
[profile]
Chia s profile
on [global]
workgroup = MYGROUP; ch ra nhm m my s tham gia.
server string = Samba Server; ch tn dch v
hosts allow = 172.31.0.1 173.31.0.3; ch nh cc a ch c php truy
cp n samba server.
guest account = pcguest; cung cp username cho 1 account khch trn
server. Account ny nhn din nhng user c dng dch v samba
dnh cho khch.
log file = /var/log/samba/smb.%m; xc nh v tr tp tin log ca tng client
truy cp samba.
max log size = 50; kch thc ti a ca tp tin log (KB).
encrypt password = yes; m ha mt khu.
smb passwd file = /etc/samba/smbpasswd; tp tin lu tr nhng user
c php truy cp n server smb.
on [homes]
comment = Home Directory; ch nh dng ch thch.
path = %H; ch nh th mc gc cho user.
read only = no; ch c quyn c trong th mc path.
valid users = %S; ch nh tn user c php truy xut. Nu ta cho php
group ta dng c php @group_name hoc + group_name
browseable = no; hin th trn danh sch duyt mng.
writeable = yes; ch nh quyn ghi.
create mask = 0750; kim tra xem trong s nhng tp tin to ra trong th
mc chia s, th tp tin no c php lm g.
on [printers]
comment = All Printer
path = /var/spool/samba
browseable = no
public = yes
guest ok = no

T: 08.6. 2678999 Fax: 08 6261 0304
writable = no
printable = yes ; cho php in.
create mask = 0700
Chia s th mc [dirshare]
[soft]
comment = chia s th mc
path = /usr/local/share
valid users = tuandq
browseable = yes
public = no
writable = yes
on trn to ra mt th mc chia s mang tn soft, nh x n th mc
/usr/local/share.
Samba SWAT:
Samba SWAT l cng c cho php cu hnh Samba qua giao din Web.
Tp tin cu hnh Samba SWAT:
Thit lp mt s thng s trong tp tin /etc/xinetd.d/swat
service swat
{
disable
= no
port
= 901
socket_type
= stream
wait
= no
only_from
= 172.31.0.0/24
user
= root
server
= /usr/sbin/swat
log_on_failure += USERID
}
Truy xut SWAT t Internet Explorer:

T: 08.6. 2678999 Fax: 08 6261 0304
- T trnh duyt Web, truy xut SMB SWAT thng qua a ch http://<IPSamba-Server>:<Port>
- V d: http://172.31.0.1:901
Hnh 27: Truy xut samba swat
Hnh 28: ng nhp samba thnh cng


T: 08.6. 2678999 Fax: 08 6261 0304
Cu hnh samba swat:
Thnh phn
Gii thch
Cung cp cc ti liu tham kho v Samba.
Qun l thng tin cu hnh.
Qun l ti nguyn chia s.
Qun l vic chia s my in.
Qun l Server Type, Wins v cc tham s khc.
Qun l trng thi SAMBA, theo di connection.
Xem cc thng tin cu hnh trong file smb.conf
Qun l mt khu.
S dng samba client:

T du nhc lnh, s dng smbclient truy xut th mc chia s trn SMB
Server theo c php sau:
$smbclient <//SMB_Server/Sharename><option> <user>
V d: #smbclient //samba-svr/data -U tuandq
Password:
smb: \>
T du nhc smb: \>, c th ra bt k lnh no truy xut ti nguyn.
Mount ti nguyn:
Ta c th nh x mt th mc chia s trn Samba Server vo a cc thng
qua lnh smbmount.
C php :
#mount
t
smbfs
<//Server/Sharename>
username=<user>,password=<pass>
<mount_point>
-o

T: 08.6. 2678999 Fax: 08 6261 0304
V d : #mount t smbfs //smb_server/data /mnt/smb -o
username=tuandq,password=123456
Mount t ng:
t ng mount mt ti nguyn chia s ta thc hin cc bc sau:
Bc 1: to th mc mount_point (V d: /mnt/smb)
Bc 2: m t dng lnh trong tp tin /etc/fstab
//SMB_Server/ShareName /mnt/smb smbfs credential=/etc/cred 0 0
Bc 3: to tp tin /etc/cred lu thng tin username v mt khu
usermane = <username>
password = <password>
Bc 4: dng lnh mount a update tp tin /etc/fstab v kim tra.
M ha mt khu:
To ra mt khu ca ngi dng ring cho samba server qun l.
Cc bc to mt khu
Bc 1: To mt tp tin mt khu ring cho Samba
#cat /etc/passwd | mksmbpasswd.sh >/etc/samba/smbpasswd
Bc 2: Cp quyn c ghi cho root v cp mt khu cho user
#chmod 600 /etc/samba/smbpasswd
#smbpasswd <username>
Bc 3: Chnh tp tin smb.conf
encrypt passwd = yes
smb passwd file = /etc/samba/smbpasswd
Bc 4: Khi ng li samba server #/etc/init.d/smb restar

T: 08.6. 2678999 Fax: 08 6261 0304
CHNG IV: C S L THUYT LDAP

I. Gii thiu v LDAP:
1. Khi nim c bn:
Th mc (Directory): l ni dng cha v cho php thc hin cc thao tc truy
xut thng tin.
Nghi thc truy cp th mc (LDAP):
LDAP (Lightweight Directory Access Protocol) l mt chun m rng cho nghi
thc truy cp th mc, hay l mt ngn ng LDAP client v severs s dng
giao tip vi nhau.
LDAP l mt nghi thc lightweight c ngha l y l mt giao thc c tnh
hiu qu, n gin v d dng ci t. trong khi chng s dng cc hm
mc cao. iu ny tri ngc vi nghi thc heavyweight nh l nghi thc
truy cp th mc X.500 (DAP). Nghi thc ny s dng cc phng thc m
ho qu phc tp.
LDAP s dng cc tp cc phng thc n gin v l mt nghi thc thuc
tng ng dng.
LDAP pht trin vi phin bn LDAP v2 c nh ngha trong chun RFC
1777 v
1778, LDAP v3 l mt phn trong chun Internet, c nh ngha trong RFC
2251 cho n RFC 2256, do chng qu mi nn khng phi tt c mi th cc
nh cung cp h tr hon ton cho LDAP v3.
Ngoi vai tr nh l mt th tc mng, LDAP cn nh ngha ra bn m hnh,
cc m hnh ny cho php linh ng trong vic sp t cc th mc:
M hnh LDAP information - nh ngha ra cc loi d liu m bn cn
t vo th mc.
M hnh LDAP Naming - nh ngha ra cch bn sp xp v tham chiu
n th mc.

T: 08.6. 2678999 Fax: 08 6261 0304
M hnh LDAP Functional - nh ngha cch m bn truy cp v cp nht
thng tin trong th mc ca bn.
M hnh LDAP Security - nh ngha ra cch thng tin trong trong th
mc ca bn c bo v trnh cc truy cp khng c php.
Ngoi cc m hnh ra LDAP cn nh ngha ra khun dng trao i d liu
LDIF (LDAP Data Interchange Format), dng thc vn bn dng m t
thng tin v th mc. LDIF cn c th m t mt tp hp cc th mc hay cc
cp nht c th c p dng trn th mc.
II. Phng thc hot ng ca LDAP:

1. Mt nghi thc client/sever:
L mt m hnh giao thc gia mt chng trnh client chy trn mt my tnh gi
mt yu cu qua mng n cho mt my tnh khc ang chy mt chng trnh
sever (phc v), chng trnh ny nhn ly yu cu v thc hin sau n tr li
kt qu cho chng trnh client. V d nhng nghi thc client/server khc l nghi
thc truyn siu vn bn (Hypertext transfer protocol ) vit tt l HTTP, nghi thc
ny c nhng ng dng rng ri phc v nhng trang web v nghi thc Internet
Message Access Protocol (IMAP), l mt nghi thc s dng truy cp n cc
th thng bo in t.
tng c bn ca nghi thc client/server l cng vic c gn cho nhng my
tnh c ti u ho lm thc hin cng vic . V d tiu biu cho mt
my server LDAP c rt nhiu RAM(b nh) dng lu tr ni dung cc th
mc cho cc thao tc thc thi nhanh v my ny cng cn a cng v cc b vi
s l tc cao.
2. LDAP L mt nghi thc hng thng ip:
Do client v sever giao tip thng qua cc thng ip, Client to mt thng ip
(LDAP message) cha yu cu v gi n n cho server. Server nhn c
thng ip v s l yu cu ca client sau gi tr cho client cng bng mt
thng ip LDAP.

T: 08.6. 2678999 Fax: 08 6261 0304
V d: khi LDAP client mun tm kim trn th mc, client to LDAP tm kim v
gi thng ip cho server. Sever tm trong c s d liu v gi kt qu cho client
trong mt thng ip LDAP.
Hnh 29: Thao tc tm kim c bn

Nu client tm kim th mc v nhiu kt qu c tm thy, th cc kt qu ny
c gi n client bng nhiu thng ip.
Hnh 30: Nhng thng ip Client gi cho Server

Do nghi thc LDAP l nghi thc thng ip nn, client c php pht ra nhiu
thng ip yu cu ng thi cng mt lc. Trong LDAP, message ID dng
phn bit cc yu cu ca client v kt qu tr v ca server.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 31: Nhiu kt qu tm kim c tr v
Vic cho php nhiu thng ip cng x l ng thi lm cho LDAP linh ng hn
cc nghi thc khc v d nh HTTP, vi mi yu cu t client phi c tr li
trc khi mt yu cu khc c gi i, mt HTTP client program nh l Web
browser mun ti xung cng lc nhiu file th Web browser phi thc hin m
tng kt ni cho tng file, LDAP thc hin theo cch hon ton khc, qun l tt
c thao tc trn mt kt ni.
3. Cc thao tc ca nghi thc LDAP:
LDAP c 9 thao tc c bn, chia thnh 3 nhm thao tc chnh:
Thao tc thm tra (interrogation) : search, compare. Hai thao tc ny cho php
chng ta thc hin thm tra trn th mc.
Thao tc cp nht (update): add, delete, modify, modify DN ( rename ). Nhng
thao tc ny cho php chng ta thc hin cp nht thng tin trn th mc.
Thao tc xc thc v iu kin(authentiaction and control) : bind, unbind,
abandon. Thao tc bind cho php client t xc nh c mnh vi th mc,
thao tc ny cung cp s xc nhn v xc thc chng th; unbind cho php
client hu b phn on lm vic hin hnh; v cui cng l thao tc abandon
cho php client ch ra cc thao tc m kt qu client khng cn quan tm n
na.

T: 08.6. 2678999 Fax: 08 6261 0304
4. Cc thao tc m rng:
Ngoi 9 thao tc c bn. LDAP version 3 c thit k m rng thng qua 3 thao
tc.
Thao tc m rng LDAP(LDAP extended operations) y l mt nghi thc
thao tc mi. Trong tng lai nu cn mt thao tc mi, th thao tc ny c th
nh ngha v tr thnh chun m khng yu cu ta phi xy dng li cc
thnh phn ct li ca LDAP. V d mt thao tc m rng l StarTLS, ngha l
bo cho sever rng client mun s dng transport layer security(TLS) m
ho v tu chn cch xc thc khi kt ni.
LDAP control - Nhng phn ca thng tin km theo cng vi cc thao tc
LDAP, thay i hnh vi ca thao tc trn cng mt i tng.
Xc thc n gin v tng bo mt (Simple Authentication and Security Layer
SASL) l mt m hnh h tr cho nhiu phng thc xc thc. Bng cch s
dng m hnh SASL thc hin chng thc. LDAP c th d dng thch nghi
vi cc phng thc xc thc mi khc, SASL cn h tr mt m hnh cho
client v server c th m phn trn h thng bo mt din ra cc tng
thp(dn n an ton cao). Mt d nh vy nhng cc m hnh ny ca
SASL u thch nghi vi cc nghi thc ca internet.
5. M hnh kt ni Client Server:
Sau y l mt l mt tin trnh hot ng trao i gia LDAP client/server:
Hnh 32: M hnh kt ni gia client v server


T: 08.6. 2678999 Fax: 08 6261 0304
LDAP client v server thc hin theo cc bc sau:
Client m mt kt ni TCP n LDAP server v thc hin mt thao tc bind.
Thao tc bind bao gm tn ca mt directory entry ,v u nhim th s c
s dng trong qu trnh xc thc, u nhim th thng thng l pasword
nhng cng c th l chng ch in t dng xc thc client.
Sau khi th mc c c s xc nh ca thao tc bind, kt qu ca hao tc
bind c tr v cho client.
Client pht ra cc yu cu tm kim.
Server thc hin s l v tr v kt qu cho client. Server thc hin s l v tr
v kt qu cho client. Server gi thng ip kt thc vic tm kim.
Client pht ra yu cu unbind, vi yu cu ny server bit rng client mun hu
b kt ni.
Server ng kt ni.
III. Cc m hnh LDAP:

LDAP nh ngha ra 4 m hnh gm c LDAP informmation, LDAP Naming, LDAP
Functional, LDAP Security.
1. LDAP Information Model:
M hnh LDAP Information nh ngha ra cc kiu ca d liu v cc thnh phn
c bn ca thng tin m bn c th cha trong th mc. Hay chng ta c th ni
rng LDAP Information m t cch xy dng ra cc khi d liu m chng ta c
th s dng to ra th mc.
Thnh phn c bn ca thng tin trong mt th mc gi l entry y l mt tp
hp cha cc thng tin v i tng (Object). Thng th cc thng tin trong mt
entry m t mt i tng tht nh l thng tin v ngi, nhng y khng phi l
qui nh bt buc vi m hnh. V d nh trn th mc di y.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 33: Cy th mc vi cc entry l cc thnh phn c bn

Mt entry l tp hp ca cc thuc tnh, tng thuc tnh ny m t mt nt t
trng tiu biu ca mt i tng. Mi thuc tnh c kiu mt hay nhiu gi tr,
kiu ca thuc tnh m t loi thng tin c cha, gi tr l d liu thc s.
V d mt entry m t mt ngi vi cc thuc tnh: tn h, tn, s in thoi, v
a ch email.
Atrribute type
cn :
sn :
telephone number :
mail :
Atrribute values
Barbara jensen
Bads jensen
jensen
+1 408 555 1212
bads@arius.com
LDAP Data Interchange Format (LDIF):

LDAP nh ngha ra LDIF l dng vn bn m t thng tin th mc. LDIF c
th m t mt tp hp cc entry th mc hay l tp hp cc cp nht ln th
mc d liu ca cc th mc c th trao i cho nhau bng cch dng LDIF

T: 08.6. 2678999 Fax: 08 6261 0304
V d thng tin th mc dng vn bn LDIF, y l dng chun dnh cho vic
nhp v xut thng tin trn th mc, v cc tp tin LDIF u dng ASCII iu
ny lm cho chng d dng chuyn ti trn h thng email.
Mt entry th mc dang LDIF:
dn:uid=bjensen,dc=airius,dc=com objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
mail:bjensen@airius.com
telephoneNumber:+14085551212
description: A big sailing fan.
Dng mt entry LDIF bao gm nhiu dng, u tin l distinguished name (dn)
l tn ca entry th mc tt c c vit trn mt dng, sau ln lt l cc
thuc tnh ca entry, mi thuc tnh trn mt dng theo th t l: kiu thuc
tnh : gi tr thuc tnh.
Th t cc thuc tnh khng quan trng tuy nhin d c c thng tin
chng ta nn t cc gi tr objectclass trc tin v nn lm sao cho cc gi
tr ca cc thuc tnh cng kiu gn nhau.
KiuThuc tnh d liu qui nh, m t d liu c t vo v cch th mc
so snh gi tr khi d tm. V d nh c php caseIgnoreString: qui nh trong
trong mt ng cnh no th chng ta xem nh nhau v khng cn thc hin
so snh nh l Tom v tom nh nhau khng phn bit ch hoa v
thngcaseExactString : tri ngc li vi c php trn phn bit r rng ch
hoa v ch thng do Tom v tom l khng tng ng nhau.
LDAP sever khng h tr cc kiu d liu tr tng ch h tr duy nht cho
cc kiu chun. Khng nh nhng nghi thc khc chng hn l X.500 ngoi
mt s liu d liu chun (chui, s, kiu bool) v mt s kiu d liu phc tp
xy dng t cc kiu d liu trn. Tuy nhin nhng giao din plug-in cho php
nh ngha cc c php mi.

T: 08.6. 2678999 Fax: 08 6261 0304
Cc thuc tnh cng phn thnh 2 loi: thuc tnh ngi dng, thuc tnh thao
tc
Thuc tnh ngi dng (user attributes) l cc thuc tnh bnh thng
ca mt entry th mc, cc thuc tnh ny c th c iu chnh bi
user ca th mc(tt nhin l cc thao tc sa cha c php).
Thuc tnh thao tc (operational attributes) y l cc thuc tnh c bit
v ch c th c iu chnh bi directory server hay l cc thuc tnh
cho bit trng thi ca th mc, v d mt thuc tnh thao tc l mt
thuc tnh modifytimestamp, nhng thuc tnh ny c bo tr bi th
mc v n cho bit thi im cui cng m entry ny c cp nht.
Khi entry c gi n cho client, cc operational attributes s khng
c gi i cng tr khi client yu cu.
C mt s rng buc trn gi tr ca thuc tnh. Mt s server software cho
php nh qun tr khai bo rng mt thuc tnh c th gi mt hay nhiu gi tr.
V d nh thuc tnh givenName c th cha nhiu gi tr, khi mt ngi mun
thm vo nhiu tn (v d nh l Jim v James chng hn) v cng c mt s
thuc tnh ch cha duy nht mt gi tr. nhng nh qun tr h thng t ra
phm vi gii hn ca d liu ngn chn cc user s dng vt qua gii hn
cho php.
Bo tr cc h thng th mc:
Bt k mt entry trong th mc c tp cc kiu thuc tnh y l cc kiu c
yu cu v c cho php, v d nh mt entry m t mt ngi th thuc tnh
yu cu cho entry l phi c cn(common name) v sn(surname). Mt s
thuc tnh cho php nhng phi l cn thit cho entry m t mt ngi, cc
thuc tnh khc khng c yu cu hay khng c php s khng c mt
trong entry.
Nhng tp hp cc tp thuc tnh yu cu v thuc tnh c php c gi l
m hnh th mc(directory schemas). Directory schemas c th c thit k
cho php chng ta c quyn iu kin v bo tr cc thng tin cha trong entry.
Chng ta c mt khi thng tin c bn l entry, nhng lm sao c th

T: 08.6. 2678999 Fax: 08 6261 0304
sp xp xy dng mt cy thng tin th mc (directory information tree) DIT.
Chng ta s nghin cu cc qui tc xy dng trong phn LDAP Naming Model.
2. LDAP Naming Model:
M hnh LDAP Naming nh ngha ra cch chng ta c th sp xp v tham
chiu n d liu ca mnh. Hay chng ta c th ni rng m hnh ny m t cch
sp xp cc entry ca chng vo mt cu trc c logical, v m hnh LDAP
Naming ch ra cch chng ta c th tham chiu n bt k mt entry th mc
no nm trong cu trc .
M hnh LDAP Naming cho php chng ta c th t d liu vo th mc theo
cch m chng ta c th d dng qun l nht. V d nh chng ta c th to ra
mt container(khi nim vt th cha ng) cha tt c cc entry m t ngi
trong mt t chc, v mt container cha tt c cc group ca bn, hoc bn c
th thit k entry theo m hnh phn cp theo cu trc t chc ca bn. Vic thit
k tt cn phi c nhng nghin cu tho ng.
Hnh 34: Cy th mc LDAP

Chng ta a ra h thng tp tin UNIX thy c nhng im khc bit vi h
thng th mc LDAP, sau phn tch m hnh cy th mc LDAP.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 35: H thng tp tin ca UNIX

C ba im khc bit quan trng :
im khc bit u tin gia hai m hnh l trong m hnh LDAP khng thc
s c mt entry gc(root). Root l ni m chng ta c th t cc entry vo.
Trn h thng LDAP c mt entry c bit c gi l root DES cha cc
thng tin v server, nhng y khng phi l mt entry th mc bnh thng.
Khc bit th hai l th mc LDAP mi mt node cha d liu, v cng c
th l mt container cha cc entry khc. y l mt khc bit vi h thng
tp tin do h thng tp tin ch c th mc c th cha th mc con v ch
c tp tin mi cha d liu. Ta c th thy rng entry trong th mc c th
ng thi l tp tin v th mc. Hnh 33 minh ho khi nim trn cc
entry dc=airius, dc=com, ou=People v ou=devices tt c u cha d liu
nhng tt c u c node con cp di.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 36: Mt phn th mc LDAP vi cc entry cha thng tin.

Khc bit cui cng l h thng tp tin phn cp v h thng LDAP: Trong mt
h thng tp tin khi ta i t tri sang phi tn tp tin l cch ta thc hin i t
gc(/) n tp tin. V d nh hnh 35 h thng file Unix tn file ca node m
mu l : /user/bin/grep. Vi h thng th mc LDAP ti node m mu c tn
l uid=bjensen, ou=people, dc=airius, dc=com nu chng ta i t tri sang phi
th chng ta c th quay ngc li nh ca cy. Ta thy rng h thng th
mc LDAP sp t c trt t cc entry ca th mc, tuy nhin LDAP khng quy
nh bt k s phn cp t bit no, chng ta c th t do sp xp h thng
tp tin ca bn mt cch c ngha nht vi bn. Ngoi vic ch cho bn cch
sp xp d liu vo trong cc cu trc phn cp, m hnh LDAP Naming cn
ch ra cch tham chiu n t entry trong th.
Distinguished names & Relative Distingguished name:
Distinguished names (DNs) trong LDAP y l tn ca mt entry ch ra cch
bn c th tham chiu n cc entry trn th mc, hai entry khc nhau trn th
mc hai DNs cng khc nhau.
Ging nh ng dn ca h thng tp tin, tn ca mt entry LDAP c hnh
thnh bng cch ni tt c cc tn ca tng entry cp trn (cha) cho n khi
tr ln root, nh hnh trn ta thy node c mu m s c tn l uid=bjensen,
ou=people, dc=airius, dc=com nu chng ta i t tri sang phi th chng ta c
th quay ngc li nh ca cy, chng ta thy rng cc thnh phn ring l

T: 08.6. 2678999 Fax: 08 6261 0304
ca cy c phn cch bi du phy khong trng sau du phy l tu , do
hai DNs sau l tng ng:
uid=bjensen, ou=people, dc=airius, dc=com
uid=bjensen,ou=people,dc=airius,dc=com
Vi bt k mt DN, thnh phn tri nht c gi l relative distingguished
name (RDN), nh ni DN l tn duy nht cho mi entry trn th mc, do
cc entry c chng cha th RDN cng phi phn bit, v d hnh di y ta
thy trn th mc.
Hnh 37: V d v relative distingguished name (RDN)

Mc d cho c hai entry c cng RDN cn=Joohn Smith nh hai entry hai
nhnh khc nhau.
B danh (Aliases):
Nhng entry b danh (Aliases entry)trong th mc LDAP cho php mt entry
ch n mt entry khc, do chng ta c th xy dng ra cu trc m th bt
khng cn chnh xc na, khi nim Aliases entry ging nh khi nim
symbolic links trong UNIX hay shortcuts trn Windows9x/NT. Hnh di y
cho ta thy c mt aliases entry tr n mt entry tht s.
to ra mt alias entry trong th mc trc tin bn phi to ra mt entry vi
tn thuc tnh l aliasedOjecctName vi gi tr thuc tnh l DN ca entry m
chng ta mun alias entry ny ch n.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 38: LDAP vi alias entry

Nhng khng phi tt c cc LDAP Directory Server u h tr Aliases. Bi v
mt alias entry c th ch n bt k mt entry no, k c cc entry LDAP
server khc. Do vic tm kim khi gp phi mt b danh c th phi thc hin
tm kim trn mt cy th mc khc nm trn cc server khc, do lm tng
chi phi cho vic tm kim v y cng l l do chnh m cc phn mm khng
h tr alias.
3. M hnh LDAP Function:
Phn trn chng ta ni n m hnh LDAP Information v LDAP Naming, by
gi chng ta s xem xt m hnh LDAP Functional, y l m hnh m t cc thao
tc cho php chng ta c th thao tc trn th mc. Chng ta nhc li khi qut v
m hnh LDAP Functional.
M hnh LDAP Functional cha mt tp cc thao tc chia thnh 3 nhm. Thao tc
thm tra (interrogation) cho php bn c th search trn th mc v nhn d liu
t th mc. Thao tc cp nht (update): add, delete, rename v thay i cc entry
th mc. Thao tc xc thc v iu kin(authentiaction and control) cho php
client xc nh mnh n cho th mc v iu kin cc hot ng ca phin kt
ni. Vi version 3 nghi thc LDAP ngoi 3 nhm thao tc trn, cn c thao tc
LDAP extended, thao tc ny cho php nghi thc LDAP sau ny c th m rng

T: 08.6. 2678999 Fax: 08 6261 0304
mt cch c t chc v khng lm thay i n nghi thc. By gi chng s phn
tch k cc thao tc theo tng nhm v u tin l cc thao tc LDAP interrogation.
Cc thao tc thm tra (LDAP Interrogation):
Hai thao tc thm tra (LDAP Interrogation) cho php client c th tm v nhn
li thng tin t th mc nhng nghi thc LDAP khng c thao tc c mt
entry th mc, do khi chng ta mun c mt entry th ta phi thc hin
tm kim v dng tm kim ngay khi nhn c kt qu u tin. Thao tc tm
kim (LDAP search operation) yu cu 8 tham s:
Tham s u tin l i tng c s m cc thao tc tm kim thc
hin trn y, tham s ny l DN ch n nh ca cy m chng ta
mun tm.
Tham s th hai l phm vi cho vic tm kim, chng ta c 3 phm vi
thc hin tm kim:
- Phm vi base ch ra rng bn mun tm ngay ti i tng c s
- Phm vi onelevel thao tc tm kim din ra ti cp di (con trc
tip ca i tng c s)
- Phm vi subtree thao tc ny thc hin tm ht trn cy m i
tng c s l nh.
- Sau y l cc hnh minh ho cc trng hp tm kim tng ng vi
cc phm vi trn:
Hnh 39: Thao tc tm kim vi phm vi base


T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 40: Thao tc tm kim vi phm vi onelevel
Hnh 41: Thao tc tm kim vi phm vi subtree

Tham s th ba derefAliases , cho server bit rng liu b danh aliases
c b b qua hay khng tham kho n khi thc hin tm kim, c 4 gi
tr m derefAliases c th nhn c:
- nerverDerefAliases - ngha l thc hin tm kim v khng b qua b
danh (aliases) trong lc thc hin tm kim v p dng vi c i
tng c s.
- derefInsearching - b qua cc aliases trong trong cc entry cp di

T: 08.6. 2678999 Fax: 08 6261 0304
ca i tng c s, v khng quan tm n thuc tnh ca i
tng c s.
- derefFindingBaseObject - ngc li vi gi tr thuc tnh trn vi gi
tr ny th vic tm kim s b qua cc aliases ca i tng c s, v
khng quan tm n thuc tnh ca cc entry thp hn i tng c
s.
- derfAlways - b qua c hai nu vic tm kim thy i tng c s
hay l cc entry cp thp l cc entry aliases.
Tham s th bn cho server bit c ti a bao nhiu entry kt qu
c tr v, v d nh nu client cho bit tham s ny l 100, nhng
server li tm c 500 entry tho mn, nhng lc ny server s gi 100
entry cho cilent, nu client t tham s ny l zero th client nhn c
tt c cc kt qu ca vic d tm(ch tham s ny c th c p t
bi server v nhng ngi dng bnh thng khng th thay i c).
Tham s th nm qui nh thi gian ti a cho vic thc hin tm kim,
khi thi gian tm kim vt qu thi gian ti a th server s gi cho
client LDAP_TIMELIMIT_EXCEEDED, nu tham s ny c thit lp l
zero th ngha l khng c gii hn thi gian cho vic tm kim, cng nh
tham s th bn tham s ny c th do server thit lp mt gii hn v
ch c nhng ngi dng c c quyn mi c th thay i c.
Tham s th su attrOnly l mt tham s kiu bool, nu c thit
lp l true, th server ch gi cc kiu thuc tnh ca entry cho client,
nhng sever khng gi gi tr ca cc thuc tnh i, iu ny l cn thit
nu nh client ch quan tm n cc kiu thuc tnh cha trong ldap.
Tham s th by l b lc tm kim(search filter) y l mt biu thc
m t cc loi entry s c gi li. Trong LDAP chc nng tm kim
vi biu thc lc nh vy l rt linh ng, tham kho chi tit cc loi b
lc vi phn tip theo.

T: 08.6. 2678999 Fax: 08 6261 0304
Tham s th tm v y l tham s cui cng y l mt danh sch
cc thuc tnh c gi li vi mi entry. Bn c th ch nh cc thuc
tnh c gi li.
Cc kiu b lc p dng cho vic tm kim.
Filter Type
Format
Example
Matches
Equality
(attr=value)
sn=jensen
Tm kim cc
entry
c surname l
jensen
Substring
(attr=[leading]
*[any]*[trailin
g])
(sn=*jensen*)
Surname cha
chui con
jensen
(sn=jensen*)
(sn=*jensen)
(sn=je*nse*n)
Surname bt
u l chui
jensen
Surname kt
thc vi chui
jensen
Surname bt
u vi chui
je cha
chuinse v
kt thc l chui
n
Approximat
e
(attr~=value)
(attr=~jensen)
Surname xp x
nh l chui
jensen chng
hn nh jensin
hay jenson
Greater
than or
equal to
(attr>=value)
(sn>=jensen)
Surname
>=jensen, b
lc ny p dng
cho cc
thuc tnh l
kiu c gi tr
Less than
or equal to
(attr<=value)
(sn<=jensen)
Surname
>=jensen
Presence
(attr=*)
(sn=*)
Tt c cc
entry c thuc
tnh atrr

T: 08.6. 2678999 Fax: 08 6261 0304
AND
(&(filter1)(filte
r2))
(&(sn=jensen)(obj
ectclass=person))
Cc entry l
objectclass
person v
surname=jensen
OR
(|(filter1)(filter
2))
(|(sn~=jensen)(tel
ephonenumber=89
44570))
Cc entry
csurname xp
s nh chui
jensen hay c
s in thoi l
8944570
NOT
(!(filter))
(!(age>=22))
Cc entry c
thuc tnh tui
<22
Ch c LDAP version 3 h tr cho b lc ny: y l mt b lc thit k cho cc

thao tc tm kim pht trin trong tng lai. B lc ny mang tnh d dng m
rng ca LDAP khi cc thao tc tm kim pht trin. Mt v d cho thy s hu
dng ca c tnh ny l:
C php ca b lc m rng ny kh phc tp, gm c 5 phn v 3
trong l cc tu chn, nhng phn l:
-Tn ca thuc tnh.

- Chui tu chn : dn ch ra rng cc thuc tnh hnh thnh nn DN ca
entry c xem nh l mt thuc tnh ca entry trong sut thi gian thc
hin tm kim.
- Tu chn du : i sau l qui tc thc hin so snh nu trng
th mt qui tc mc nh thch hp s c la chn cho vic tm kim
trn thuc tnh, nu thuc tnh tn b b st th tu chn ny buc phi
c mt.
Chui :=.
Mt gi tr dng so snh.
- V d: attr [:dn] [: matchingrule] : value

Cc k t c bit

T: 08.6. 2678999 Fax: 08 6261 0304
Nu khi chng ta thc hin tm kim m mt s gi tr thuc tnh cha mt trong 5 k t c
bit trong bng bn di:
Bng cc k t trnh s dng trong b lc tm kim

K t
Gi tr h 10
Gi tr h 16
* (du hoa th)
42
0x2A
\2A
( (m ngoc)
) (ng ngoc)
\ (xt ngc)
40
41
92
0x28
0x29
0x5C
\28
\29
\5c
NULL
0x00
\00
Escap Sequence
thc hin tm kim mt thuc tnh cn=star* th chng ta s s dng b lc l

(cn=star\2A) y \2A thay th cho k t *.
Thao tc cp nht:
Chng ta c 4 thao tc cp nht l add, delete, rename(modify DN), v modify.
Add: Thao tc add to ra mt entry mi vi tn DN v danh sch cc thuc tnh
truyn vo, khi thc hin add mt entry mi vo th mc phi tho cc iu
kin sau :
- Entry l nt cha ca entry mi phi tn ti.
- Cha tn ti mt entry no c cng tn DN vi entry mi trn th mc
Cc thao tc iu kin truy cp trn th mc l cc thao tc c php.
Delete: Thao tc xo (delete) ch cn truyn vo tn ca entry cn xo v thao
tc thc hin c nu nh:
-
Entry tn ti vi tn l DN truyn vo.

Entry b xo khng c cc entry con.
Cc thao tc iu kin truy cp trn th mc l cc thao tc c php xo.

Rename: Thao tc rename hay modify DN s dng i tn hay dng di
chuyn cc entry trong th mc, cc tham s cn truyn vo l DN ca entry
cn i tn, RDN mi ca entry v mt s tham s tu chn dnh cho cc entry
l cha mi ca entry di chuyn n, v cui cng l mt c cho php xo hay
khng xa vi RDN c. Cng nh trn thao tc thc hin c nu nh tho:

T: 08.6. 2678999 Fax: 08 6261 0304
-
Cc entry b i tn phi tn ti.
Tn mi ca entry phi cha tn ti.
Cc thao tc iu kin truy cp trn th mc l cc thao tc c php.

LDAP version 2 khng h tr thao tc modify DN, ch c thao tc modify RDN,
do ch thay i RDN ca entry cho nn LDAP version 2 ch cho php thc hin
rename tn ca entry nhng khng c kh nng di chuyn c n ni khc
trn cy.
Update: Thao tc cui cng l thao tc cp nht vi tham s DN v tp hp
cc thay i c p dng ln y. V thao tc ny i hi
-
Entry vi DN truyn vo phi tn ti.
Tt c cc thuc tnh thay i u thc hin thnh cng
Cc thao tc cp nht phi l cc thao tc c php
Nu mt iu kin no trn khng tho th cch cp nhn s khng c p dng trn

entry.
Cc thao tc xc thc v iu kin(LDAP authentiaction and control
Operations):
- Thao tc xc thc gm: thao tc bind v unbind.
-
Thao tc iu kin ch c abandon.

Bind:
Thao tc bind l cch client xc thc vi server, client a ra DN v u

nhim th, server kim tra DN v u nhim th nu thnh cng th client c
quyn thc hin cc thao tc ln th mc.
C nhiu phng thc bind khc nhau, n gin l client a ra mt DN v

password cc thng tin ny dng hiu c. Lc ny server ch cn tm
entry vi tn DN v kim tra xem gi tr thuc tnh userpassword c ng vi
password truyn vo hay khng. Tuy cc phng thc an ton hn l SSL
hay l TLS.
Vi LDAP version 3 c mt thao tc bind, l SASL bind y l mt nghi thc

c lp vi cc m hnh xc thc, vi SASL cho php client chn thao tc
xc thc v nu thao tc ny c server h tr th y l thao tc dng

T: 08.6. 2678999 Fax: 08 6261 0304
xc thc client.
Unbind:
-
Thao tc unbind, khi client pht ra thng bo ny th server s hu b cc

thng tin lin quan n khch hng hu b tt c cc thao tc ang thi hnh
trn th mc v ng kt ni TCP.
Abandon:
Thao tc abandon c mt tham s duy nht l ID ca thng ip, client

thc hin thao tc ny khi khng quan tm n kt qu ca thao tc bt k
trc .
4. M hnh LDAP Security:

Vn cui cng trong cc m hnh LDAP l vic bo v thng tin trong th mc
khi cc truy cp khng c php. Khi thc hin thao tc bind di mt tn DN
hay c th client mt ngi v danh th vi mi user c mt s quyn thao tc trn
entry th mc. V nhng quyn no c entry chp nhn tt c nhng iu trn
gi l truy cp iu kin (access control). Hin nay LDAP cha nh ngha ra mt
m hnh Access Control, cc iu kin truy cp ny c thit lp bi cc nh
qun tr h thng bng cc server software.
IV. S dng LDAP:

1. ng dng xc thc dng LDAP:
Dng LDAP xc thc mt user ng nhp vo mt h thng qua chng trnh
thm tra, chng trnh thc hin nh sau u tin chng trnh thm tra to ra
mt i din xc thc vi LDAP thng qua (1) sau so snh mt khu ca
user A vi thng tin cha trong th mc. Nu so snh thnh cng th user A
xc thc thnh cng.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 42: Xc thc dng LDAP

2. Mt s ng dng s dng nghi thc LDAP:
Mt chng trnh mail c th thc hin dng chng ch in t cha trong th
mc trn server LDAP k, bng cch gi yu cu tm kim cho LDAP server ,
LDAP server gi li cho client chng ch in t ca n sau chng trnh mail
dng chng ch in t k v gi cho Message sever. Nhng gc ngi
dng th tt c qu trnh trn u hot ng mt cch t ng v ngi dng
khng phi quan tm.
Hnh 43: M hnh n gin lu tr

Message server c th s dng LDAP directory thc hin kim tra cc mail. Khi
mt mail n t mt a ch, messeage server tm kim a ch email trong th mc
trn LDAP server lc ny Message server bit c hp th ngi s dng c
tn ti v nhn th.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 44: Dng LDAP qun l th

T: 08.6. 2678999 Fax: 08 6261 0304
CHNG V: TRIN KHAI H THNG

I. Phn tch hin trng h thng:
Hin nay, trong h thng mng ca cng ty Thnh Long cc dch v v ang
c trin khai ngy cng nhiu. iu ny phn nh c hiu qu ca h thng;
Tuy nhin, cc h thng dch v ny vn ang s dng cc h thng xc thc
ring l. Mi mt dch v c mt h thng d liu v ngi dng khc nhau gy
kh khn trong vic qun l v bo mt h thng. Do vy, cn xy dng mt h
thng d liu xc thc chun m bo cc tiu ch v bo mt v an ton d liu
c th cung cp dch v xc thc cho cc dch v sn c v c bit l cc dch
v tch hp thm.
gii quyt vn c qu nhiu h thng ngi dng ring r, cn nghin cu
mt h thng c kh nng tp trung cc h thng ngi dng thnh mt h d liu
thng nht phc v vic chng thc cho tt c cc ng dng. S dng h
thng chng thc tp trung c cc u im sau:
Tp trung qun l ngi dng: Ton b ngi dng s c qun l ti mt h
d liu thng nht. Cc thao tc t cp pht, loi b, phn quyn n sao lu
d phng, khi phc d liu s ch thc hin ti mt h d liu ny.
Tin li cho ngi s dng: Ngi dng khng cn phi nh qu nhiu tn
ng nhp v mt khu khi s dng h thng.
Tit kim chi ph u t: Cc ng dng s khng cn phi quan tm n vic
cp pht v qun l ngi dng.
Qua phn tch hin trng cc dch v hin ti ca cng ty Thnh Long, nhm thc
hin nhn thy vic t chc d liu tp trung phc v chng thc cho cc ng
dng l cn thit v hon ton c kh nng thc hin.
Trong ti ny, nhm thc hin xin a ra gii php s dng h thng d liu
LDAP xy dng h thng d liu phc v xc thc tp trung cho cc ng dng
vi cc u im sau:
Gn nh, m bo truy xut nhanh thng tin.

T: 08.6. 2678999 Fax: 08 6261 0304
D dng qun l v iu khin.
Hot ng n nh.
C giao din m tng tc vi cc ng dng khc.
C c ch m bo an ton thng tin, kh nng sao lu ng b v khi phc
khi gp s c.
C kh nng phn cp thng tin v lu tr phn tn.

T: 08.6. 2678999 Fax: 08 6261 0304
II. Ci t v cu hnh Open LDAP Replication Multi Master:
1. Ci t:
1.1 Cc gi ci t:
Berkeley Database.
Openldap-2.4.25.
Openldap-clients.
Openldap-devel.
Nss_ldap.
Libtool-ltdl-1.5.
Openldap-servers.
2. Cc file cu hnh:
/usr/local/etc/openldap/slapd.conf
; ldapserver config file and replication.
/etc/syslog.conf
; config log file.
/usr/local/libexec/slapd
; Start ldap.
2.1 Cu hnh file /usr/local/etc/openldap/slapd.conf:

Trn my ldap-svr1:
Hnh 45: Khai bo schema
Hnh 46: Khai bo tham s ldap

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 47: nh ngha database, tn phn gii, user qun tr, th mc lu tr database.
Hnh 48: Khai bo cc tham s ng b ldap
Hnh 49: Ch nh logfile
Hnh 50: To cc i tng cho ldap


T: 08.6. 2678999 Fax: 08 6261 0304
Trn my ldap-svr2:
Hnh 51: Khai bo schema
Hnh 53: nh ngha database, tn phn gii, user qun tr, th mc lu tr

database.
Hnh 54: Khai bo cc tham s ng b ldap


T: 08.6. 2678999 Fax: 08 6261 0304
Sau khi cu hnh cc tham s chng ta start | restart li dch v ldap trn c 02
my bng lnh:
#/usr/local/libexec/slapd
T my ldap-svr1 dng cng c qun tr ldap admin to user u1 quan st ta thy
user u1 s c ng b sang ldap-svr2.
Hnh 55: User u1 c ng b sang ldap-svr2

T: 08.6. 2678999 Fax: 08 6261 0304
T my ldap-svr2 dng cng c qun tr ldap admin to user u2 quan st ta thy
user u2 s c ng b sang ldap-svr1
Hnh 56: User u2 c ng b sang ldap-svr1
III. Xy dng Primary Domain Controller (Openldap with Samba):

1. Ci t:
1.1 Cc gi ci t:
Libtool-ltdl-1.5.22-6.1.i386.rpm
Openldap-servers-2.3.43-3.el5.i386.rpm
Openldap-clients-2.3.43-3.el5.i386.rpm
Openldap-2.3.43-3.el5.i386.rpm
Nss_ldap
Php_ldap
Python-ldap

T: 08.6. 2678999 Fax: 08 6261 0304
Samba-3.0.33-3.14.el5.i386.rpm
System-config-samba
Samba-swat
Smbldap-tools-0.9.3
2. Cc file cu hnh:
/etc/openldap/slapd.conf
/etc/ldap.conf
/etc/samba/smb.conf
2.1 Cu hnh file /etc/openldap/slapd.conf:
Hnh 57: Khai bo samba.schema
Hnh 59: nh ngha database, tn phn gii, user qun tr, th mc lu tr database.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 60: Khai bo ch mc cho database
Hnh 61: Phn quyn cho cc i tng
Hnh 62: Khai bo thng tin chng thc bng ldap

T: 08.6. 2678999 Fax: 08 6261 0304
2.2 Cu hnh file /etc/samba/smb.conf:
Hnh 63: Khai bo tn Domain, kiu chng thc
Hnh 64: Khai bo logfile, logsize, script to cc i tng cho DC
Hnh 65: Cu hnh logon script, kiu chng thc


T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 66: Cu hnh netlogon, to Profiles cho user

2.3 To file script logon trong /var/lib/samba/netlogon/scripts

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 67: Ni dung file logon


T: 08.6. 2678999 Fax: 08 6261 0304
2.4 Cu hnh file /var/lib/samba/sbin/smbldap_tools.pm:
Hnh 68: Ch nh ng dn file smbldap_bind.conf; smbldap.conf

Chy lnh: #./configure.pl cu hnh
Hnh 69: Nhp cc thng s cu hnh

T du nhc lnh > nhp cc thng s cu hnh, nhng thng s no khng thay
i nhn enter.
To cc i tng cho Domain (v d: ou, groups, user)
T my Windows XP tin hnh join vo Domain

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 70: Join Domain thnh cng
Hnh 71: Client Windows XP c thm vo C s d liu LDAP


T: 08.6. 2678999 Fax: 08 6261 0304
IV. Xy dng File-Server chng thc LDAP (Samba):
1. Ci t:
1.1 Cc gi ci t:
Samba-3.0.33-3.14.el5.i386.rpm
System-config-samba
Samba-swat
2. Cc file cu hnh:
/etc/samba/smb.conf.
/etc/ldap.conf.
/etc/xinetd.d/swat
2.1 Cu hnh file /etc/samba/smb.conf:
To cc th mc lu tr d liu cho cc i tng
#mkdir /home/dulieu
#mkdir /home/ketoan
#mkdir /home/kinhdoanh
#mkdir /home/software
Cu hnh chia s cc th mc:

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 72: Cc th mc chia s
T client truy xut vo file server: Start Run \\hostname | ip_address:
Hnh 73: Truy xut file server t client

T: 08.6. 2678999 Fax: 08 6261 0304
2.2 Gim st truy cp ti nguyn chia s:
Cu hnh file /etc/xinetd.d/swat
Hnh 74: Thng s samba swat

M trnh duyt truy cp vo samba-server gim st ti nguyn chia s:
http://hostname | ip_address:901
Hnh 75: Gim st chia s ti nguyn


T: 08.6. 2678999 Fax: 08 6261 0304
V. Xy dng Mail-Server chng thc LDAP (Postfix):

1. Ci t:
1.1 Cc gi ci t:
Postfix-2.3.3-2.1.el5_2.i386.rpm
Dovecot-1.0.7-7.el5.i386.rpm
Php-mbstring-5.1.6-23.2.el5_3.i386.rpm
Squirrelmail-1.4.8-5.el5.centos.7.noarch.rpm
2. Cc file cu hnh:
/etc/postfix/main.cf
/etc/ldap.conf
/etc/postfix/accountsmap.cf
/etc/postfix/ldap-aliases.cf
/etc/dovecot-ldap.conf.
/etc/squirrelmail/config.php
2.1 Cu hnh file /etc/postfix/main.cf:
Hnh 76: Ch nh hostname, domain, origin, network
Hnh 77: Khai bo virtual_alias_maps, virtual_mailbox_maps..

T: 08.6. 2678999 Fax: 08 6261 0304
2.2 To file /etc/postfix/accountsmap.cf:
Hnh 78: Ni dung file accountsmap.cf

2.3 To file /etc/postfix/ldap-aliases.cf:
Hnh 79: Ni dung file ldap-aliases.cf

2.4 Cu hnh file dovecot-ldap.conf:
Copy file dovecot-ldap-example.conf t /usr/share/doc/dovecot-1.0.7/examples
sang /etc/dovecot-ldap.conf.
Hnh 80: Cu hnh file dovecot-ldap.conf

2.5 Cu hnh file dovecot.conf:

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 81: Cu hnh file dovecot.conf

3. To mail v kim tra:
3.1 To email account:
S dng cng c ldap admin to user (nu cha c) R-click user
Properties Chn tab Business Add Nhp vo email account OK
OK.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 82: To email account

3.2 Kim tra gi nhn mail:
Cu hnh cc tham s cho outlook express:
Hnh 83: Cu hnh outlook express


T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 84: Gi nhn mail thnh cng

4. Cu hnh webmail:
4.1 Cu hnh file /etc/squirrelmail/config.php
4.2 S dng webmail:

M trnh duyt nhp vo: http://mail-server | ip_address/webmail:

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 85: Trang ng nhp webmail
Hnh 86: Giao din webmail


T: 08.6. 2678999 Fax: 08 6261 0304
VI. Xy dng FTP-Server chng thc LDAP (vsftpd):
1. Ci t:
1.1 Cc gi ci t:
Vsftpd-2.0.5-16.el5.i386.rpm.
2. Cc file cu hnh:
/etc/pam.d/vsftpd.
/etc/vsftpd/vsftpd.conf.
2.1 Cu hnh file /etc/pam.d/vsftpd (chng thc ldap):
Hnh 87: Ni dung file /etc/pam.d/vsftpd

2.2 Cu hnh file /etc/vsftpd/ vsftpd.conf (cu hnh c bn):
Hnh 88: Cu hnh thng s ftp c bn.

3. Kim tra s dng:
Chng ta c th dng trnh duyt truy cp ftp server hoc s dng chng
trnh ftp client chuyn dng, cng c th truy cp ftp server bng command
line.

T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 89: Truy cp FTP Server

T: 08.6. 2678999 Fax: 08 6261 0304
VII. Xy dng Web-Server chng thc LDAP (apache):
1. Ci t:
1.1 Cc gi ci t:
Httpd-2.2.3-43.el5.centos
2. Cc file cu hnh:
/etc/httpd/conf/httpd.conf
2.1 Cu hnh file /etc/httpd/conf/httpd.conf (chng thc ldap):
Thm vo cc dng sau:
Hnh 90: Yu cu chng thc khi truy cp vo trang /admin

T: 08.6. 2678999 Fax: 08 6261 0304
3. Kim tra chng thc truy cp:
Hnh 91: Chng thc truy cp
Hnh 92: Chng thc truy cp thnh cng


T: 08.6. 2678999 Fax: 08 6261 0304
VIII.
Xy dng Proxy, Firewall, VPN Server (IPCOP):
1. Ci t:
1.1 Ci t IPCOP:
Download file ipcop.iso (internet) ghi ra a CD chn boot t CDROM
ci t.
1.2 Cc bc ci t:
Chn ngn ng s dng OK
Hnh 93: Chn ngn ng s dng

T: 08.6. 2678999 Fax: 08 6261 0304
Chn source ci t l CDROM OK
Hnh 94: Chn source ci t

Click OK
Hnh 95: Thng bo prepare harddisk


T: 08.6. 2678999 Fax: 08 6261 0304
Hnh 96: Qu trnh ci t bt u

Cu hnh mng Click Probe
Hnh 97: Cu hnh mng


T: 08.6. 2678999 Fax: 08 6261 0304
Qu trnh kim tra driver Network Card din ra Nhp a ch IP cho
GREEN interface OK
Hnh 98: Thit lp a ch IP cho GREEN interface

Chn kiu bn phm
Hnh 99: Chn kiu bn phm


T: 08.6. 2678999 Fax: 08 6261 0304
t tn cho firewall OK
Hnh 100: Nhp hostname

Nhp tn Domain OK
Hnh 101: Nhp Domain name


T: 08.6. 2678999 Fax: 08 6261 0304
Chn Network configuration type OK
Hnh 102: Cu hnh mng

Chn GREEN + ORANGE + RED OK
Hnh 103: Chn kiu cu hnh mng


T: 08.6. 2678999 Fax: 08 6261 0304
Chn Drivers and card assignments OK
Hnh 104: Ch nh drivers cho NIC

Chn Address settings OK
Hnh 105: Thit lp IP address


T: 08.6. 2678999 Fax: 08 6261 0304
t a ch IP cho ORANGE interface
Hnh 106: t ip cho ORANGE interface

t ip cho RED interface OK Done
Hnh 107: t ip cho RED interface


T: 08.6. 2678999 Fax: 08 6261 0304
Chn DNS and Gateway settings OK
Hnh 108: Thit lp DNS v Gateway

Ch nh DNS v Gateway OK Done
Hnh 109: Ch nh DNS v Gateway


T: 08.6. 2678999 Fax: 08 6261 0304
Cu hnh DHCP Server OK
Hnh 110: Cu hnh DHCP Server

t password cho user root OK
Hnh 111: t password cho user root


T: 08.6. 2678999 Fax: 08 6261 0304
t password cho user admin (dng qun tr bng giao din web) OK
Hnh 112: t password cho user admin

t password backup OK
Hnh 113: t password backup


T: 08.6. 2678999 Fax: 08 6261 0304
Hon tt ci t OK
Hnh 114: Hon tt ci t

T: 08.6. 2678999 Fax: 08 6261 0304
1.3 Cu hnh Proxy Server:

M trnh duyt nhp vo: http://firewall_ip_address:81 vo trang qun tr:
Hnh 115: Giao din qun tr firewall

T: 08.6. 2678999 Fax: 08 6261 0304
Chn Tab Services Chn Advanced Proxy Check Enable Proxy Thit
lp Port
Hnh 116: Cu hnh Proxy Server

T: 08.6. 2678999 Fax: 08 6261 0304
Cu hnh chng thc LDAP: Chn phng thc chng thc LDAP in
cc thng s LDAP Server Clich Save and Restart
Hnh 117: Khai bo thng s chng thc LDAP

T: 08.6. 2678999 Fax: 08 6261 0304
M trnh duyt nhp vo a ch trang web bt k ta thy xut hin hp

thoi chng thc user truy cp web.
Hnh 118: Chng thc user truy cp web

T: 08.6. 2678999 Fax: 08 6261 0304
1.4 Cu hnh firewall:

Chn Tab Firewall Chn Port Forwarding Thit lp Rule public
application server
Hnh 119: Thit lp rule puplic dch v

T: 08.6. 2678999 Fax: 08 6261 0304
Chn Tab Firewall Chn DNZ PinHoles Thit lp Rule cho php cc
my trong vng DNZ truy cp GREEN network (internal):
Hnh 120: Thit lp rule DNZ zone.

T: 08.6. 2678999 Fax: 08 6261 0304
Chn Tab Firewall Chn Firewall Option Thit lp ping response
Hnh 121: Thit lp ping response

T: 08.6. 2678999 Fax: 08 6261 0304
1.5 Cu hnh logs:

Chn Tab LOGS Log settings Thit lp cc thng s log
Hnh 122: Thit lp cc thng s log

T: 08.6. 2678999 Fax: 08 6261 0304
Gim st Proxy logs:
Hnh 123: Proxy logs

T: 08.6. 2678999 Fax: 08 6261 0304
Gim st firewall logs:
Hnh 124: Firewall logs

T: 08.6. 2678999 Fax: 08 6261 0304
Gim st IDS logs:
Hnh 125: IDS logs

T: 08.6. 2678999 Fax: 08 6261 0304
Gim st URL Filter logs:
Hnh 126: URL Filter logs

T: 08.6. 2678999 Fax: 08 6261 0304
1.6 Cu hnh VPN Server:

Ci t Open VPN (ZERINA-0.9.5b):
#rpm ivh Zerina-0.9.5b.rpm
M trnh duyt Nhp vo a ch firewall Chn Tab VPNs Chn Open
VPN Nhp cc thng s cho VPN Server
Hnh 127: Cu hnh VPN Server

T: 08.6. 2678999 Fax: 08 6261 0304
Click Add cu hnh thng s cho user:
Hnh 128: Khai bo thng tin user

T: 08.6. 2678999 Fax: 08 6261 0304
Download key chng thc:
Hnh 129: Download key chng thc

T: 08.6. 2678999 Fax: 08 6261 0304
Ti my client ci t OpenVPN GUI:
Hnh 130: Ci t OpenVPN client

Gii nn key va down trn vo th mc C:\Programfile\OpenVPN\Config.
Hnh 131: Gii nn key xc thc


T: 08.6. 2678999 Fax: 08 6261 0304
R-click ln icon network (mu ) gc tri thanh taskbar Chn connect
Nhp vo password chng thc OK Thng bo kt ni thnh cng
Hnh 132: Kt ni VPN thnh cng

T: 08.6. 2678999 Fax: 08 6261 0304
Kim tra truy cp mng ni b thnh cng:
Hnh 133: Truy cp mng internal thnh cng

T: 08.6. 2678999 Fax: 08 6261 0304
CHNG VI: NH GI V HNG PHT TRIN

I. Kt qu thc hin ti:
1. Yu cu ti:
Hon thnh y cc yu cu ti t ra, c th:
Xy dng h thng chng thc tp trung cho cc dch v mng (mail, ftp,
web..) ca cng ty Thnh Long bng chng trnh OpenLDAP.
Pht trin m rng h thng chng thc LDAP Primary Domain Controller.
Trin khai h thng firewall ngun m IPCOP.
Xy dng VPN Server phc v nhu cu kt ni t xa.
2. Hng pht trin ti:
M rng h thng chng thc tp trung theo m hnh Branch Office.
II. Ti liu tham kho:

[1] Tiu ng Nhn, Gio trnh dch v mng Linux, NXB H QG TP.HCM
[2] Khoa mng truyn thng Trng CN iSPACE - Ti liu mn hc Qun tr mng
Linux
[3] Trung tm o to mng Nht Ngh - Chng ch Linux Administration.
III. Cc website:
[1] http://www.centos.org.
[2] http://www.server-world.info.
[3] http://www.ipcop.org.
[4] http://www.openldap.org.
[5] Cc website khc.

Do An Tot Nghiep

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Do An Tot Nghiep

Uploaded by

Copyright:

Available Formats

N TT NGHIP

QUN L XC THC TP TRUNG VI DCH V LDAP LINUX

NHN XT CA GING VIN HNG DN

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

Nhm chng em knh gi li cm n n

thy tn tnh hng dn v gip trong thi gian thc hin n

Hc vin thc hin

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

CHNG I: GII THIU TNG QUAN

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

CHNG II: CI T H IU HNH LINUX (CENTOS)

II. a cng v phn vng a trong Linux:

III. Qun l a v partition trong Linux:

TRNG CAO NG NGH CNTT iSPACE

Cc thit b lu tr (Physical block devices)

V d: cng th nht hda, cng th 2 hdb . xc nh cc parttion trong a

Hnh 1: Partition trong Linux

TRNG CAO NG NGH CNTT iSPACE

TRNG CAO NG NGH CNTT iSPACE

Hnh 3: Chn ngn ng s dng

TRNG CAO NG NGH CNTT iSPACE

Hnh 4: Chn kiu bn phm

TRNG CAO NG NGH CNTT iSPACE

Hnh 5: Chia partition

TRNG CAO NG NGH CNTT iSPACE

Hnh 6: Ci Boot Loader

TRNG CAO NG NGH CNTT iSPACE

Hnh 7: Cu hnh mng

Hnh 8: Cu hnh khu vc a l

TRNG CAO NG NGH CNTT iSPACE

Hnh 9: t mt khu cho ngi qun tr

TRNG CAO NG NGH CNTT iSPACE

Hnh 10: Chn loi ci t

TRNG CAO NG NGH CNTT iSPACE

Hnh 11: Qu trnh ci t h iu hnh

Hnh 12: Ci t hon tt

TRNG CAO NG NGH CNTT iSPACE

Hnh 13: Cu hnh firewall

Hnh 14: Ci t ngy gi h thng

TRNG CAO NG NGH CNTT iSPACE

Hnh 15: To user

Hnh 16: Giao din Desktop

TRNG CAO NG NGH CNTT iSPACE

CHNG III: GII THIU CC DCH V LIN QUAN

TRNG CAO NG NGH CNTT iSPACE

Hnh 17a: C ch phn cp DNS

TRNG CAO NG NGH CNTT iSPACE

C s d liu (CSDL) ca DNS l mt cy o ngc. Mi nt trn cy cng l