07 Xaydunghethongmangubuntu

1
XY DNG H THNG MNG UBUNTU
Ging vin hng dn: Lu Thanh Tr
TRCH YU
ti n chuyn ngnh ca chng ti l : xy dng h thng mng ubuntu bao gm LDAP servre, Web Server , Mail Server , DNS , DHCP , File Server , Firewall . Qua vic nghin cu cc ti liu v Ubuntu v thc hnh cc bi lab , chng ti xy dng c mt h thng mng c bn vi LDAP Server lm c s d liu cho cc dch v khc nh SAMBA , MAIL ,WEB .v.v trong mi trng qun l tp trung trn h iu hnh Ubuntu .
Khoa Khoa Hc Cng Ngh
Ngnh : Mng My Tnh
TRCH YU .......................................................................................................................................................... 1 LI CM N ........................................................................................................................................................ 5 PHN CNG TRONG NHM .............................................................................................................................. 6 GII THIU .......................................................................................................................................................... 7 PHN L THUYTPHN 1: LDAP ................................................................................................................. 8 I. Gii Thiu : .................................................................................................................................................... 9 II. Tng qut v LDAP : ............................................................................................................................... 10 III. CU TRC LDAP : ................................................................................................................................ 11 1. Cu Trc Cy Th Mc Trong H iu Hnh dng Unix .............................................................................. 11 2. Directory Servive .......................................................................................................................................... 11 3. LDAP Directory ........................................................................................................................................... 12 4. Distinguished Name...................................................................................................................................... 12 5. LDAP Schema .............................................................................................................................................. 12 6. Object class .................................................................................................................................................. 13 7. LDIF ............................................................................................................................................................ 13 8. LDAP l mt giao thc hng thng ip...................................................................................................... 13 PHN 2: SAMBA SERVER ............................................................................................................................ 16 I. Gii thiu Samba: ......................................................................................................................................... 16 II. Gii Thiu NFS (Network File System) :.................................................................................................. 17 III. Cu hnh v khi ng dch v Samba ...................................................................................................... 17 IV. SAMBA v LDAP : ................................................................................................................................. 21 PHN 3: MAIL SERVER ................................................................................................................................ 22 I. Mt s thut ng : ......................................................................................................................................... 22 1. MTA ( Mail Transfer Agent ) : ...................................................................................................................... 22 2. MDA ( Mail Delivery Agent ) : ..................................................................................................................... 22 3. MUA ( Mail User Agent ) : ........................................................................................................................... 22 4. SMTP ( Simple Mail Transfer Protocol ) : ..................................................................................................... 22 5. POP3 ( Post Office Protocol 3 ) : .................................................................................................................. 23 6. IMAP (Internet Message Access Protocol) : .................................................................................................. 23 II. Qu trnh gi v nhn 1 email nh th no :.............................................................................................. 23 III. Postfix : ................................................................................................................................................... 24 1. Gii Thiu : .................................................................................................................................................. 24 2. Cu trc ca Postfix : .................................................................................................................................... 24 a. Thnh Phn ca Postfix :............................................................................................................................... 24 b. Messages vo h thng Postfix nh th no: .................................................................................................. 25 c. The Postfix Queue : ...................................................................................................................................... 27 d. Mail Delivery : ............................................................................................................................................. 27 e. Tracing a Message Through Postfix :............................................................................................................ 29 3. Postfix vi LDAP : ....................................................................................................................................... 31 IV. DOVECOT :............................................................................................................................................ 31 1. Gii Thiu : .................................................................................................................................................. 31 2. C bn v cu hnh dovecot : ........................................................................................................................ 31 3. Dovecot v LDAP :....................................................................................................................................... 33 a. Password lookups: ........................................................................................................................................ 34 b. Authentication binds : ................................................................................................................................... 35 PHN 4 : FIREWALL ..................................................................................................................................... 36 I. FireWall l g :.............................................................................................................................................. 36 II. Phn Loi Firewall : ................................................................................................................................. 36 1. Firewall cng : L nhng firewall c tch hp trn Router. ........................................................................ 36 2. Firewall mm: L nhng Firewall c ci t trn Server. ........................................................................... 36 III. Ti sao cn Firewall ? .............................................................................................................................. 37 IV. IPTABLE FRIWALL: ............................................................................................................................. 37 1. Gii thiu : ................................................................................................................................................... 37 2. Cu Trc Iptable : ......................................................................................................................................... 37 Khoa Khoa Hc Cng Ngh Ngnh : Mng My Tnh

3.
Trnh t x l gi tin ca iptables : ................................................................................................................ 38 PHN 5 : DNS SERVER ................................................................................................................................. 41 I. Gii Thiu: ................................................................................................................................................... 41 II. The Reverse Zone File : ........................................................................................................................... 41 III. Master (Primary) Name Servers : ............................................................................................................. 41 IV. Slave (Secondary) Name Servers :............................................................................................................ 42 V. Stealth (a.k.a. DMZ or Split) Name Server : ............................................................................................. 43 PHN 6: WEB SEVER (APACHE) ................................................................................................................. 45 I. Gii Thiu : .................................................................................................................................................. 45 1. M Hnh Hot ng: .................................................................................................................................... 46 2. a Ch URL : .............................................................................................................................................. 46 II. Gii Thiu V APACHE :........................................................................................................................ 46 1. Tng Quan :.................................................................................................................................................. 46 III. APACHE V LDAP : ............................................................................................................................. 47 1. The Authentication Phase :............................................................................................................................ 48 2. The Authorization Phase : ............................................................................................................................. 48 3. The Require Directives : ............................................................................................................................... 49 a. Require ldap-user : ........................................................................................................................................ 49 b. Require ldap-group : ..................................................................................................................................... 50 c. Require ldap-dn: ........................................................................................................................................... 51 d. Require ldap-attribute : ................................................................................................................................. 51 e. Require ldap-filter :....................................................................................................................................... 52 PHN 7 : DHCP .............................................................................................................................................. 53 I. Vai Tr Ca DHCP Trong Mt H Thng Mng : ......................................................................................... 53 1. DHCP l g : ................................................................................................................................................. 53 2. DHCP lm vic nh th no: ......................................................................................................................... 53 II. B Sung V Cp Php Cho Dch V DHCP Hot ng : .......................................................................... 53 1. Ti sao s dng dch v DHCP: .................................................................................................................... 53 2. a ch IP ng c bit l g ? ...................................................................................................................... 53 3. Cch thc cp pht a ch IP ng :.............................................................................................................. 53 III. Cu Hnh Phm Vi Cp Pht Ca Dch V DHCP: ................................................................................... 54 1. Phm vi cp pht DHCP l g : ...................................................................................................................... 54 2. Ti sao phi s dng phm vi cp pht DHCP?.............................................................................................. 54 IV. Cu hnh a ch DHCP ginh sn (Reservations) v cc ty chn ca DHCP: .......................................... 54 1. a ch DHCP dnh sn l g? ....................................................................................................................... 54 2. Mt di a ch IP dnh sn bao gm c cc thng tin sau : ............................................................................ 54 3. Ty chn DHCP l g? .................................................................................................................................. 54 4. Ti sao phi s dng ty chn DHCP? .......................................................................................................... 54 5. Mt s ty chn chung ca DHCP: ............................................................................................................... 54 V. CU HNH DHCP DHCP Relay Agent: .................................................................................................. 55 1. DHCP relay agent l g?................................................................................................................................ 55 2. Ti sao phi s dng DHCP relay agent: ....................................................................................................... 55 VI. Phng thc hot ng ca dch v DHCP: .............................................................................................. 55 I. Chun b : ..................................................................................................................................................... 59 II. Ci t v cu hnh LDAP v SAMBA server........................................................................................... 59 III. Cu hnh client Winodws Xp v Windows 7 vo h thng SAMBA: ......................................................... 74 1. To user trn SAM PDC : ............................................................................................................................. 74 2. Join windows Xp SP2 : ................................................................................................................................. 75 3. Join Windows 7 : .......................................................................................................................................... 77 PHN 2 : MAIL SERVER V DNS SERVER ................................................................................................. 79 I. Ci t v cu hnh DNS: .............................................................................................................................. 79 1. Ci t : ........................................................................................................................................................ 79 2. Cu hnh DNS server : .................................................................................................................................. 79 II. Ci t v cu hnh Mail server vi Postfix v Dovecot : .......................................................................... 81 Khoa Khoa Hc Cng Ngh Ngnh : Mng My Tnh

1. 2.
Ci t : ........................................................................................................................................................ 81 Cu hnh : .................................................................................................................................................... 83 PHn 4: FTP V FIREWALL ......................................................................................................................... 89 I. FTP : ............................................................................................................................................................ 89 1. Gii thiu : ................................................................................................................................................... 89 2. Ci t : ........................................................................................................................................................ 89 3. Cu hnh Proftpd vi LDAP : ........................................................................................................................ 90 II. FIREWALL:............................................................................................................................................ 91 1. Gii thiu : ................................................................................................................................................... 91 2. Cu hnh NAT : ............................................................................................................................................ 91 3. NAT inbound cho web server : ...................................................................................................................... 93 PHN 5: WEB SERVER ................................................................................................................................. 94 1. Ci t : ....................................................................................................................................................... 94 PHN 6 : CU HNH DHCP ........................................................................................................................... 98
Ngnh : Mng My Tnh
LI CM N
Nhm chng em xin chn thnh cm n thy Lu Thanh Tr v anh L Hu Ti , ging vin ph trch hng dn n hng ngnh ca chng em . Thy Tr v anh Ti gip chng em v l thuyt cng nh thc thnh chng em hon thnh c n ny .
Ngnh : Mng My Tnh
PHN CNG TRONG NHM
Cng Vic
c v nghin cu ti liu
Chu trch nhim

Hiu-Hu-Cng
Thc hnh Cu hnh LDAP Server , SAMBA server Hiu Mailserver , file server Thc hnh Cu hnh DHCP , Firewall Hu
Thc hnh cu hnh DNS, WEB server
Cng
Vit v Chnh Bo Co
Hiu-Hu-Cng
Ngnh : Mng My Tnh
GII THIU
Ubuntu l mt h iu hnh m ngun m xy dng xung quanh nhn Linux , c cng ng cng pht trin. H iu hnh Ubuntu c y chc nng ca mt h iu hnh hin i, hot ng tt trn my tnh bn, my tnh xch tay v h thng my ch. Tuy ra i cha lu, nhng h iu hnh ny ang c nhng bc tin nhy vt, sc lan to rt ln, hin ang c s dng rt rng ri trn th gii v ang dn dn ph bin Vit Nam. Lch s ca Ubuntu bt u t thng T nm 2004, khi Mark Shuttleworth tp hp mt nhm cc nh pht trin phn mm m ngun m to ra mt h iu hnh mi. Vi quyt tm hin thc ho nhng tng, cc lp trnh vin ny t tn nhm l Warthogs v cng nhau lm vic trong su thng cho ra i phin bn th hin khi nim ca h iu hnh mi. H ly tn nhm t cho phin bn Ubuntu u tin ny, Warty Warthog. Da trn nn tng chc chn ca bn phn phi Debian, cng vi nhng nguyn tc v thi gian pht hnh, chng trnh GNOME qun l giao din Desktop, v mt cam kt mnh m v s t do, ch trong vng ba nm, Ubuntu pht trin mt cng ng ln n mi hai ngn thnh vin v s lng ngi dng c tnh n hn tm triu (thng By nm 2007). Nhng nm gn y Ubuntu c bit n nh mt h iu hnh thn thin trong mi trng Desktop nhng cc phin bn server ca Ubuntu cng pht trin mnh, qua y chng ti xin c trin khai mt h thng mng c bn da trn cc nn tng Ubuntu, to ra mt trng Domain tng tc gia ngi dng windows l Linux c qun l tp trung , chia s ngun ti nguyn ng thi xy dng h thng email trong mng.
Ngnh : Mng My Tnh
PHN L THUYT
Ngnh : Mng My Tnh
PHN 1: LDAP
I. Gii Thiu :
LDAP vit tt Lightweight Directory Access Protocol (ting Vit c th gi l: giao thc truy cp nhanh cc dch v th mc) l mt chun m rng cho phng thc truy cp th mc, hay l mt ngn ng LDAP server v client s dng giao tip vi nhau. Cc tnh cht ca LDAP: y l mt giao thc hng thng ip. L mt giao thc tm, truy nhp cc thng tin dng th mc trn server. N l mt giao thc Client/Server dng truy cp dch v th mc, da trn dch v th mc X500. LDAP chy trn TCP/IP hoc nhng dch v hng kt ni khc. L mt m hnh thng tin cho php xc nh cu trc v c im ca thng tin trong th mc. L mt khng gian tn cho php xc nh cch cc thng tin c tham chiu v t chc Mt m hnh cc thao tc cho php xc nh cc tham chiu v phn b d liu L mt giao thc m rng, c nh ngha nhiu phng thc m rng cho vic truy cp v update thng tin trong th mc. L mt m hnh thng tin m rng. V LDAP t chc d liu theo th mc phn cp nn c tnh m t cao, c ti u cho vic tm kim. LDAP c so snh vi lightweight v s dng gi tin overhead thp, c xc nh chnh xc trn lp TCP (v X.500 l mt giao thc ng dng v cha nhiu th hn nh network header c bao quanh cc gi tin mi layer trc khi n
Ngnh : Mng My Tnh
10
chuyn i trong mng). Mt khc LDAP c coi l lightweight v lc b rt nhiu phng thc t c dng ca X.500.
y chng ta cn trnh hiu nhm t "th mc" nh trn Windows l folder hay directory, l th mc theo ngha hp qun l h thng tp tin. T th mc trong LDAP mang ngha rng hn, n bao hm cc cu trc d liu dng lit k theo th mc (hay mc lc) - mt "t kho" ca dn th vin nhm m ch cch thc sp xp d liu tin truy xut nht. OpenLDAP l 1 m hnh qun l tp trung khng th thiu i vi admin v open source, n tng ng vi AD bn Windows Server 2003 v u da trn chun X.500 v X.509 v qun l mng trn m hnh logical phn cp.
II.
Tng qut v LDAP :

Mt cch tng qut m ni, LDAP thng phn chia theo O (Organisation t chc) v cc OU (Organisation Unit - phn b). Trong cc OU c th c nhng OU con v trong cc OU c cc CN (Common Name), nhng nhm gi tr ny thng c gi l DN (Distinguished Name - tn gi phn bit). Mi gi tr cha trong LDAP thuc dng tn:gi tr, thng c gi l LDAP Attribute (vit tt l
Ngnh : Mng My Tnh
11
attr,
mi
attr
nhn
din
nh
mt
LDAP
Object.
Nhng im trn hnh thnh mt ci gi l LDAP schema v c tiu chun thng nht gia cc ng dng pht trin LDAP. y l l do LDAP c a chung cho cng tc lu tr v tch hp vi cc c phn authentication / authorisation v chng c th c dng gia cc LDAP system (bt k cng ty sn xut) min sao cc cty sn xut tun th ng tiu chun chung. LDAP ng vai tr rt quan trng trong vic ng dng SSO (single sign on). iu ny c ngha l mt ngi ng nhp vo mt h thng, ngi y c th truy cp n cc servers / services / ti nguyn... cho php m khng cn phi xc thc li. Th hnh dung vic logon mail.yahoo.com, sau c th nhy n yahoo 360, yahoo mailing list.... m khng cn phi xc thc ti khon na. Th hnh dung yahoo s c nhng dch v khc v mi yahoo account ch cn cha 1 ni v cc dch v dng chung mt LDAP cha account xc thc ngi dng. Th hnh dung yahoo c 1000 servers v 1000 /etc/passwd file bo tr ). Ngoi ra, LDAP c to ra c bit cho hnh ng "c". Bi th, xc thc ngi dng bng phng tin "lookup" LDAP nhanh, hiu sut, t tn ti nguyn, n gin hn l query 1 user account trn CSDL.
III.
CU TRC LDAP : 1. Cu Trc Cy Th Mc Trong H iu Hnh dng Unix

Mt th mc l danh sch cc thng tin v cc i tng, c sp xp mt cch chi tit v mi i tng. Trong my tnh, th mc l mt c s d liu c bit lu tr thng tin v cc i tng. Th mc thng c c nhiu hn l update v ghi H thng tp tin ca Unix c t chc theo mt h thng phn bc tng t cu trc ca mt cy th mc, bao gm 1 thn thng ng v cc cnh ln chi ra. Bc cao nht ca h thng tp tin l th mc gc, c k hiu bng vch cho / (root directory). i vi cc h iu hnh Unix v Linux tt cc thit b kt ni vo my tnh u c nhn ra nh cc tp tin, k c nhng linh kin nh i cng, cc phn vng i cng v cc USB, chng hn.
2. Directory Servive
y l mt loi service c th nm trong client hoc server.Tuy nhin mt s ngi thng nhm ln Directory service ging nh mt database. Tuy gia hai ci c mt s chc nng ging nhau nh h tr tm kim d liu v cha cc file cu hnh h thng nhng Directory service c hitt k ly d liu nhiu hn l ghi cn Database cung cp kh nng c v ghi d liu lin tc.
Khoa Khoa Hc Cng Ngh Ngnh : Mng My Tnh
12
3. LDAP Directory
Thnh phn c bn ca LDAP directory l ENTRY, y l ni cha ton b thng tin ca mt i tng. Mi entry c mt tn c trng gi l DN (Distinguished Name) Mi entry l tp hp ca cc thuc tnh, tng thuc tnh ny m t mt nt c trng tiu biu ca mt i tng. Mi thuc tnh c kiu mt hay nhiu gi tr, kiu ca thuc tnh m t loi thng tin c cha, gi tr l d liu thc s.
Hnh nh th him s lin quan gia Entry v Attribute
4. Distinguished Name
Distinguished Name (DN) l tn ca mt entry trong LDAP. DN ch ra cch bn c th tham chiu n cc entry trn th mc, hai entru khsc nhau trn th mc c hai DNs khc nhau. Tn ca mt entry LDAP c hnh thnh bng cch ni tt c cc tn ca tng entry cp trn (cha) cho n khi tr ln root, ging nh ng dn cu h thng tp tin. V d: uid=John, ou=people, dc=abc, dc=com
5. LDAP Schema
Thit lp cc m t nhng loi data no c lu tr gip qun l mt cch nht qun v cht lng ca data v gim s trng lp data. LDAP Schema ch nhng thng tin sau: Nhng thuc tnh yu cu. Nhng thuc tnh c php. So snh cc thuc tnh nh th no. Gii hn nhng thuc tnh g c th lu tr. Nhng thuc tnh g th b cm lu tr hay sao lu.
13
6. Object class
y l cng c dng nhm cc thng tin li vi nhau. Objectclass cung cp nhng thng tin sau: Thuc tnh yu cu. Thuc tnh c php. D dng ly c nhm thng tin. Entry bt buc phi c objectclass v c th c nhiu objectclass. Cc objectclass theo chun LDAP l: Groups in the directory, Locations, Organizations in the directory, People in the directory.
7. LDIF
c vit tt t LDAP Interchange Format. c s dng thm d liu mi vo trong directory hoc thay i d liu c. y l mt chun nh dng file text lu tr nhng thng tin cu hnh LDAP v ni dung th mc. Thng thng mt file LDIF s theo dng sau: Mi tp entry khc nhau c phn cch bi mt dng trng. Tn thuc tnh c sp theo gi tr. Mt tp cc ch dn c php lm sao x l c thng tin. D liu trong file LDIF tun theo lut trong schema ca LDP Directory. V vy mi thnh phn c thm vo hoc thay i trong directory s c kim tra li trong schema m bo s chnh xc.
8. LDAP l mt giao thc hng thng ip

Client s to mt thng ip (LDAP Message) cha yu cu v gi n n cho server. Khi nhn c thng ip server s x l yu cu ca client sau gi tr cho client cng bng mt thng ip LDAP V d: khi Client mun tm kim trn th mc, client s to LDAP tm kim v gi thng ip cho server. Khi nhn c thng ip server s tin hnh tm kim trong c s d liu v gi kt qu bng mt thng ip LDAP.
Ngnh : Mng My Tnh
14
Hnh nh m phng thao tc tm kim theo hng thng ip ca LDAP Client c php pht ra nhiu thng ip yu cu ng thi cng mt lc. Trong LDAP, message ID dng phn bit cc yu cu ca client v kt qu tr v ca server. Vic cho php nhiu thng ip cng x l ng thi ny lm cho LDAP linh ng hn cc giao thc khc. V d: giao thc HTTP vi mi yu cu t client phi c tr li trc khi mt yu cu khc gi i, mt HTTP client program nh web browser mun ti cng mt lc nhiu file th web browser phi thc hin m tng kt ni cho tng file Trong khi LDAP qun l tt c thao tc trn mt kt ni.
Ngnh : Mng My Tnh
15
Hnh nh cc thng ip c x l ng thi ca LDAP
Ngnh : Mng My Tnh
16
PHN 2: SAMBA SERVER

I. Gii thiu Samba:
Cc h thng Linux s dng giao thc TCP/IP trong kt ni mng, trong khi h iu hnh ca Microsoft s dng mt giao thc kt ni mng khc giao thc Server Message Block (SMB), giao thc ny s dng NetBIOS cho php cc my tnh chy Windows chia s cc ti nguyn vi nhau trong mng cc b. kt ni ti cc mng ln, bao gm c nhng h thng Unix, Microsoft pht trin Common Internet File System (CIFS), CIFS vn s dng SMB v NetBIOS cho mng Windows. C mt phin bn ca SMB c gi l Samba, Samba cho php cc h thng Unix v Linux kt ni ti mng Windows. Cc h thng Unix/Linux c th s dng cc ti nguyn trn h thng Windows, ng thi n cng chia s ti nguyn trn h thng cho my tnh Windows. Gi phn mm Samba c cha hai daemon dch v v nhiu chng trnh tin ch. mt daemon l smbd cung cp cc dch v tp tin v in n cho cc h thng khc c h tr SMB. Mt daemon l nmbd cung cp chc nng phn gii tn NetBIOS v h tr dch v duyt th mc. Samba cung cp bn dch v chnh: dch v chia s tp tin v my in, xc thc v cp php, phn gii tn v thng bo dch v. Daemon SMB, smbd, cung cp cc dch v chia s tp tin v my in, cng nh xc thc v cp php cho nhng dch v ny. iu ny c ngha l ngi dng trn mng c th dng chung cc tp tin v my in. Ngi dng c th iu khin truy nhp ti nhng dch v ny bng cch yu cu ngi dng phi nhp mt m truy nhp, iu khin truy nhp c th c thc hin hai ch : ch dng chung (share mode) v ch ngi dng (user mode). Ch ng dng chung s dng mt mt m truy nhp ti nguyn chung cho nhiu ngi dng . Ch ngi dng cung cp cho mi ti khon ngi dng mt m truy nhp ti nguyn khc nhau. V l do phi qun l mt m truy nhp, Samba c s dng tp tin /etc/samba/smbpassword lu tr cc mt m truy nhp ngi dng. cu hnh v truy nhp mt h thng Samba v Linux, ngi dng cn thc hin cc th tc chnh sau: Cu hnh dch v v khi ng dch v Samba. Khai bo ti khon s dng Samba. Truy nhp dch v Samba. Cc tp tin cu hnh dch v: /etc/samba/smb.conf Tp tin cu hnh ca Samba /etc/samba/smbpasssword Cha mt m truy nhp ca ngi dng /etc/samba/smbusers Cha tn hiu cho cc ti khon ca Samba
17
Cc tin ch ca dch v Samba smbadduser To ti khon Samba. smbpasswd Thay i thng tin ti khon Samba. smbclient Truy nhp dch v SMB smbstatus Theo di tnh trng kt ni hin hnh.
II.
Gii Thiu NFS (Network File System) :

Network File System - NFS do cng ty Sun Microsystems to ra vi mc ch dng chia s cc tp tin v th mc gia nhng h iu hnh UNIX. Vi NFS, khi mt tp tin hoc th mc c dng chung, n gn nh tr thnh mt phn h thng ca ngi dng thay v c mt trn my xa. V d nu ngi dng c mt my Linux cha y h thng tp tin gm cc tr chi th NFS s cho php ngi dng thit lp h thng tp tin game ny n xut hin trn my ca ngi dng nh l mt phn cu trc th mc chun. Mi khi truy cp khu vc cha game, ngi dng s i qua mng n my khc nhng nh c NFS nn chng c g kh khn (ngoi tr nhng chm tr v thi gian). NFS c th s dng cho nhiu kiu mng khc nhau nhng thc t n c thit k lm vic vi TCP/IP v hin nay NFS vn c s dng ph bin trn cc mng TCP/IP. Do nhiu ngi a chung nn NFS hnh thnh trn cc h iu hnh khc c th dng chung th mc trn cc mng a chng loi. Bn trong h iu hnh Linux v UNIX, NFS s hot ng ch ngang hng. iu ny c ngha my tnh ca ngi dng c vai tr nh mt my khch ca dch v NFS trn mt my khc v l my phc v cho nhng my khc trn mng hoc ng thi ng c hai vai tr. Nhiu ngi thch dng dch v NFS phc v cho cng vic kinh doanh nhng h ngi lp cu hnh NFS cho h thng Linux nh v cho rng tin trnh lp cu hnh s ri rm, phc tp v phi nm vng nhiu kin thc v cc h iu hnh. Chnh v l do ny nn nhiu ngi khng mng quan tm n NFS. iu ny tht ng tic v NFS l mt trong nhng dch v hiu qu nht do TCP/IP cung cp Ghi ch: Mt vi sn phm mi hn nh Visionfs c th lm cho vic ci t v s dng cc trnh iu khin trn mng tr nn d dng hn. Mc du, y l nhng sn phm mang tnh thng mi nhng chng c th kh dng i vi Linux.
III.
Cu hnh v khi ng dch v Samba

Daemon ca dch v Samba s dng tp tin cu hnh /etc/samba/smb.conf. Tp tin ny c chia thnh hai phn chnh: mt phn dnh cho nhng la chn ton cc ca dch v v phn cn li dnh cho khai bo ti nguyn c a ln mng dng chung. Cc la chn ton cc c khai bo phn u tp tin cu hnh. Trong mi phn c cha mt hay nhiu nhm. Mi nhm (ngoi tr nhm
Ngnh : Mng My Tnh
18
[global]) cha cc khai bo v mt ti nguynn c hia s. Mt nhm c bt u bi tn nhm (share_name, c t trong cp du ngoc vung []), tip theo sau l cc khai bo tham s ca nhm, mi khai bo tham s nm trn mt dng v c dng nh sau: name=value(ch l tn ca nhm v tham s khng phn bit ch thng v ch hoa), nhng dng no c bt u bi k t ; hoc # l nhng dng ghi ch. Trong tp tin smb.conf c ba nhm c bit c khai bo sn l [global], [homes] v [printers] Cc tham s xc nh cc thuc tnh ca nhm. Nhm [global] c th cha mi tham s. Mt s tham s ch c th c khai bo trong nhm [global]. Mt s tham s c th c s dng trong bt k nhm no. V mt s tham s ch cho php khai bo trong cc nhm bnh thng. Nhm [global] Cc tham s trong nhm ny c p dng mt cch ton cc cho ton dch v, ng thi, mt s tham s trong nhm ny cng l cc tham s mc nh ca cc nhm khng khai bo tng minh. Nhm ny phi c t ti phn u trong tp tin cu hnh /etc/samba/smb.conf. Mt s tham s c bn trong nhm [global] cn c cu hnh bao gm: workgroup Ch ra tn ca nhm (workgroup) mun hin th trn mng. Trn Windows, tn ny c hin th trong ca s Network Neighborhood. host allow Ch ra nhng a ch mng hay a ch my c truy nhp ti dch v Samba. Cc a ch trong danh sch c vit cch nhau mt khong trng. encrypt passwords Gi tr mc nh l yes. Vi tham s ny, Samba s thc hin m ho mt m tng thch c vi cch m ha ca windows. Trong trng hp khng m ha mt m, ngi dng ch c th s dng dch v Samba gia cc my Linux vi nhau hoc ngi dng phi cu hnh li my tnh Windows nu mun s dng dch v Samba trn Linux. smb passwd file Nu encrypt passwords=yes, tham s ny s xc nh tp cha mt m c m ha. Mc nh l /etc/samba/smbpasswd username map Ch ra tp tin cha cc tn hiu (alias) cho mt ti khon h thng. mc nh l /etc/samba/smbusers printcap file Cho php Samba np cc m t my in t tp tin printcap. Gi tr mc nh l /etc/printcap security
Ngnh : Mng My Tnh
19
Khai bo ny xc nh cch thc cc my tnh tr li dch v Samba. Mc nh tham s ny c gi tr l user, gi tr cn s dng khi kt ni ti cc my tnh windows. Th d v cc khai bo trong phn [global] nh sau: [global] #workgroup = ten mien hoac ten nhom workgroup = SMB-GROUP # chi cho cac may trong mang cuc bo truy nhap host allow = 172.16.10. 127.0.0.1 # yeu cau Samba su dung mot tap tin nhat ky rieng cho moi may truy nhap log file = /var/log/samba/%m.log #che do bao mat security = user #ma hoa mat ma de tuong thich voi Windows encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd #nguoi dung Unix co the su dung nhieu ten truy nhap SMB. username map = /etc/samba/smbusers Nhm [homes] Nhm [homes] xc nh cc iu khin mc nh cho truy nhp th mc ch ca ngi dng thng qua giao thc SMB bi ngi dng t xa. Khi c yu cu kt ni, Samba s thc hin kim tra cc nhm hin c, nu nhm no p ng c yu cu, nhm s c s dng. Nu khng p ng c yu cu, tn nhm c yu cu s c coi nh tn ti khon ngi dng v tm kim trong tp tin cha mt m ca Samba. Nu tn ti khon ny tn ti ( v ng mt m) mt ti nguyn s c to a trn nhm [homes] Th d v cc khai bo trong nhm [homes] nh sau: [homes] comment = Home Directories browseable = no writeable = yes Ch : Trng hp khng c khai bo tham s path trong nhm [homes], ng dn s c gn ti th mc ch ca ngi dng. Nu trong nhm ny c khai bo cho php guest c truy nhp, tt c cc th mc ch ca ngi dng u cho php mi ngi t do truy nhp. Nhm [printers] Tng t nh nhm [homes] nhng dnh ring cho my in. Khi c yu cu kt ni. Samba s thc hin kim tra cc nhm hin c, nu nhm no p ng c yu cu, nhm s c s dng. Nu khng p ng c
20
yu cu, nhng nhm [homes] tn ti n s c x l nh m t trn. Mt khc, tn nhm c yu cu cng c x l nh mt tn ca my in v Samba thc hin tm kim tp tin printcap tng ng xc nh xem tn nhm c yu cu c hp l khng. Nu hp l, mt ti nguyn dng chung s c da trn nhm [ printers]. Th d v cc khai bo trong nhm [printers] nh sau: [printers] comment = All Printers path = /var/spool/samba browserable = no public = yes printable = yes Ngoi ba nhm c bit c nu trn, thc hin to cc nguyn dng chung khc, ngi dng cn thc hin to thm cc nhm khai bo thng tin v ti nguyn ny. Cc nhm dnh cho cc ti nguyn dng chung, nh l cc th mc trn h thng, thng c t sau nhm [homes] v [printers] v c th t tn bt k. Cc tham s thng c khai bo trong cc nhm khai bp ti nguyn dng chung trong tp tin cu hnh /etc/samba/smb.conf bao gm : comment M t tu cho ti nguyn c a ln mng dng chung path Ch ra ng dn n th mc trn h thng tp tin m ti nguyn dng chung tham chiu ti. public C gi tr l yes hoc no. Nu l public = yes, Samba cho php mi ngi dng u c th truy nhp ti nguyn dng chung . browseable C gi tr l yes hoc no. Nu l browseable = yes, th th mc c dng chung s c nhn thy trn mng. Gi tr mc nh l yes valid users Danh sch nhng ngi dng c quyn truy nhp ti nguyn dng chung. Tn ngi dng c cch nhau bi khong trng hoc k t ,. Tn nhm c ng trc bi k t @ invalid users Danh sch nhng ngi dng khng c quyn truy nhp ti nguyn dng chung. Tn ngi dng c cch nhau bi khong trng hoc k t ,. Tn nhm c ng trc bi k t @ writeable C gi tr l yes hoc no. Nu l writeable = yes ngi dng c php ghi vo th mc dng chung.
21
write list Xc nh danh sch ngi dng/nhm c quyn ghi ti th mc dng chung. Trong trng hp ch ra tn nhm, trc tn nhm phi l mt k t @. printable C gi tr l yes hoc no. Nu l printable=yes ngi dng c php truy nhp n dch v in. create mask Thit lp quyn trn th mc/tp tin c to trong th mc c dng chung. Gi tr mc nh l 0744 Th d di y l cc khai bo thc hin a mt ti nguyn c tn dng chung l mydoc (th mc trn h thng l /home/shired) cho hai ti khon allan, piter v cc ti nguyn thuc nhm staff c php truy nhp: [mydoc] path=/home/shired public=no valid users = allan piter @staff writable = yes create mask = 0766 Ch : Th mc c a ln mng dng chung phi cung cp quyn tng ng cho ngi dng Cc tham s c ch ra nhm ti nguyn c dng chung s c hiu lc thay th cc tham s c thit lp nhm [global] Trong tp tin smb.conf c th s dng mt s bin thay th nh %m tn NetBIOS ca my client, %Samba- tn dch v hin hnh (nu c), %u tn ngi dng hin hnh (nu c) Th d : path = /home/%u s c phin dch l path=/ymp/foo nu ti khon foo thc hin truy nhp. Khi ng dch v Samba Sau mi ln thay i ni dung tp tin /etc/samba/smb.conf, ngi dng cn khi ng li dch v Samba cp nht li cu hnh mi. khi ng li dch v Samba, ngi dng thi hnh lnh sau: # /etc/rc.d/init.d/smb restart | start | stop
IV.
SAMBA v LDAP :
SAMBA c th s dng lu tr thng tin ng nhp ca user , printer , objectsfiles .. 1 trong 3 dng ,v c nh ngha bng kha passdb backend: A flat text file : A trivial database (tdb) file An LDAP directory service
Ngnh : Mng My Tnh
22
PHN 3: MAIL SERVER

I. Mt s thut ng :
Trc tin , chng ta tm hiu 1 s thut ng nh sau :
1. MTA ( Mail Transfer Agent ) :

MTA ( Mail Transfer Agent) l thnh phn chuyn nhn mail. Khi cc email c gi n t MUA, MTA c nhim v nhn din ngi gi v ngi nhn t thng tin ng gi trong phn header ca th v in cc thng tin cn thit vo header. Sau MTA chuyn th cho MDA chuyn n hp th ngay ti MTA, hoc chuyn cho Remote MTA. Mt phn hay c bc th c th phi vit li ti cc MTA trn ng i. SMTP l ngn ng ca MTAs Mt s phn mm l MTA : Postfix, Exim, Mdaemon, Exchange Server, Sendmail, Qmail
2. MDA ( Mail Delivery Agent ) :

MDA (Mail Delivery Agent) l mt chng trnh c MTA s dng y th vo hp th ca ngi dng. Hp th ca ngi dng c th dng nh dng Mailbox hay Maildir. MDA c kh nng lc th, nh hng th, MTA c tch hp vi mt MDA hoc mt vi MDA. Mt s MDA l : Maildrop, Promail, Dovecot
3. MUA ( Mail User Agent ) :

MUA l chng trnh qun l th u cui cho php ngi dng c th c vit l ly th v t MTA. MUA c th ly th t Mail server v x l thng qua cc giao thc IMAP , POP3 Chuyn th cho mt MUA khc thng qua MTA. Cung cp giao din cho ngi dng tng tc vi th. Cc phn mm MUA thng dng: Microsoft Outlook, Netscape, Pine,
4. SMTP ( Simple Mail Transfer Protocol ) :

SMTP l th tc c pht trin mc ng dng trong m hnh 7 lp OSI. SMTP s dng cng 25 ca TCP SMTP khng h tr cc th khng phi dng vn bn. SMTP h tr thm 2 th tc khc h tr cho vic ly th l POP3 v IMAP4 SMTP i hi l MUA v MTA u phi dng giao thc SMTP
23
5. POP3 ( Post Office Protocol 3 ) :

POP (Post Office Protocol) l mt trong 2 giao thc ph bin ly th t my ch (server mail) v MUA . POP c pht trin nm 1984 v c nng cp ln thnh POP3 vo nm 1988 (c s dng ph bin hin nay). POP3 kt ni trn nn TCP/IP n my ch th in t (s dng cng mc nh 110). Ngi dng in username v password. Sau khi xc thc u client s s dng cc lnh ca POP3 ly hoc xo th. POP3 lm vic vi ch offline, ngha l th c ly v MUA s b xo trn server
6. IMAP (Internet Message Access Protocol) :

IMAP l mt giao thc nhn th t server. IMAP c pht trin vo nm 1986 bi i hc Stanford v nng cp ln IMAP2 vo nm 1987. IMAP4 l bn ph bin hin nay, n c chun ho vo nm 1994. IMAP s dng cng 143 ca TCP IMAP h tr hot ng ch online, offline hoc disconnect IMAP cho php ngi dng thao tc nh : tp hp cc th t my ch, tm kim v ly th hay chuyn th t th mc ny sang th mc khc hoc xo th trn my ch. IMAP cho php ly th v MUA m khng xa trn my ch.
II.
Qu trnh gi v nhn 1 email nh th no :
Ngnh : Mng My Tnh
24
Hnh 1- qu trnh gi 1 email
Trong hnh 1 khi 1 E-mail Client peter@a.de son 1 email bng cc chng trnh MUA gi n user E-mail Client tim@b.de do th MDA ca domain s vn chuyn ti MTA domain a.de v kim tra ci policy v nu ph hp th MTA domain a.de s nhn l mail ny. Bc tip theo, MTA ca domain a.de s truy vn DNS tm ra bn ghi MX Record ca domain b.de. Bn ghi tr v IP no ni l MTA ca domain b.de . Sau khi nhn c kt qu tr v t DNS th MTA ca domain a.de s telnet vo MTA ca domain b.de bng port SMTP(25) send mail. Qu trnh HELO\EHLO, check policies (PTR, SPF, Blacklist...) din ra. Khi passed qua, MTA ca domain b.de s nhn l mail v chuyn cho MDA ca domain b.de. MDA ca domain b.de tip nhn v chuyn cho End-Users ca domain b.de. . End-Users tim@b.de ca domain b.de s dng MUA nhn v c mail.
III.
Postfix : 1. Gii Thiu :

Postfix - Mail Transfer Agent (MTA) l mt phn mm m ngun m (min ph) dng gi nhn email. N c pht hnh di Giy php Cng cng IBM 1,0 l mt phn mm min ph cp giy php. Postfix c vit bi Wietse Venema trong thi gian ti trung tm Nghin cu Thomas J. Watson (IBM), v tip tc c tch cc pht trin ngy hm nay. Postfix ln u tin c pht hnh vo gia nm 1999. u im ca Postfix : Nhanh chng, d dng qun l, an ton v c s dng rng ri.
2. Cu trc ca Postfix : a. Thnh Phn ca Postfix :

Cu trc ca Postfix hon ton khc vi vi cc h thng nguyn khi nh Sendmail, m theo truyn thng th ngi dng s dng duy nht 1 chng trnh ln qun l email messages. Postfix chia nh cng vic ra thnh cch chc nng ring bit v c 1 chng trnh c nhn thc thi, hon ton khng lin quan ti cc tin trnh khc. Hu ht cc chng trnh dng daemons, ngha l chy ch background trong h thng. the master daemons c khi ng u tin, v n s gi cc chng trnh lin quan khi cn thit. Master daemons lun hin din v n ly thng tin cu hnh khi khi ng t 2 file main.cf v master.cf. Nhn chung th ta c th ni cu trc ca Postfix nh sau : nhn messages (receives messages), a vo hng i (queue them); v cui cng l chuyn chng i (delivery them). mi mt bc nh vy s c 1 tp hp cc chng
Ngnh : Mng My Tnh
25
trnh ca postfix lm vic ring bit, ta xem hnh 2 nhn r 3 nhim v ca postfix.
Hnh 2 Tng quan cu trc ca postfix
b. Messages vo h thng Postfix nh th no:

Messages vo h thng Postfix vi 4 cch nh sau : 1 Messages c chp nhn khi n t localy ( c gi t user trn cng 1 my tnh ). 1 Message c th c chp nhn khi vn chuyn thng qua network 1 Message c th c Postfix chp nhn khi thng qua 1 phng thc nh resubmitted forwarding n 1 a ch khc. Postfix to ra messages khi n phi gi thng bo khng chuyn c messages hay hon messages. Local Email Submission : Cc thnh phn Postfix lm vic vi nhau bng cch ghi v c thng tin t hng i ( queue ) ca Postfix. Queue manager c trch nhim qun l thng tin , qun l messages trong hng i ( queue ) v thng bo cho ng thnh phn ca postfix khi thnh phn c vic phi lm. Hnh 3 bn di minh hoa ng i ca local email message vo h thng ca Postfix nh th no. Local message c gi vo maildrop directoty ca Postfix queue bng lnh postdrop. The pickup daemon c message trong hng i v a qua cleanup daemon. 1 vi message khi gi i hon ton thiu nhng thng tin cn thit cho 1 message hp l , v vy vi s kt hp gia cleanup daemon v trivial-rewrite s thm vo cc message header , chuyn i a ch thnh dng user@domain.tld hay da trn canonical , virtual lookup table. The cleanup daemon thc thi trn tt c inbound mail v s thng bo cho queue manager sau khi a message c chnh sa vo incoming queue. Tip sau queue manager s gi MDA thch hp chuyn message i.
Ngnh : Mng My Tnh
26
Hnh 3- Local Email Submission Email From Network : Hnh 4 bn di minh ha cho chng ta thy ng i ca mt network email message i vo h thng Postfix. Message nhn t network c chp nhn bng Postfix smtpd daemon. Smtpd daemon thc hin vic kim tra v c th cu hnh cho php client relay email trn server hoc t chi . smtpd daemon a message vo cleanup deamon, ni m thc hin vic kim tra v in thng tin cho message v sau a vo incoming queue . Queue manager s gi MDA ph hp vn chuyn messaga.
Ngnh : Mng My Tnh
27
Hnh 4- Email from network Postfix Email Notifications : Khi user manager b hon hay khng th chuyn i c, Postfix s dng defer hay bounce daemon to ra 1 error message. Error message khng b a vo cleanup daemon m c kim tra bnh thng trc khi a v incoming queue. Email Forwarding : i khi sau khi x l 1 email Postfix nhn ra rng a ch ngi nhn thc s tr ti 1 a ch khc trn 1 h thng khc. Postfix c th n gin chuyn message n smtp client chuyn i 1 cch trc tip , nhng m bo tt c cc ngi nhn c x l v ghi nhn chnh xc, postfix resubmitted message nh l 1 new message v c x l nh locally submitted message.
c. The Postfix Queue :

Postfix queue manager lm phn ln cng vic trong vic x l email. Cc message c chp nhn vo cc queue sau khi c clenup deamon kim tra, khi queue manager c 1 message mi s dng trivialrewrite xc nh cc thng tin nh tuyn nh : transport method, the next host to delivery, v recipients address. The queue manager gm 4 hng i khc nhau : incoming , active, deferred, v corrupt. Sau khi thc hin bc cleanup , th incoming queue l im dng u tin ca message. Nu ti nguyn ca h thng vn cung cp th message s c di chuyn vo active queue v gi 1 trong cc delivery agents chuyn message i. Message khng chuyn i c th message s b a vo deferred queue. The queue manager cng c trch nhim lm vic vi bounce v defer daemon to ra cc bo co trng thi vn chuyn cho cc vn ca message gi ngc li ngi gi, hay system administrator , hay c hai. Thm vo message queue directories v Postfix spool directories cha bounce v defer directories. Nhng directory ny cha thng tin trng thi ti sao mt message b hon hay khng gi i c. the bounce v defer daemon s dng cc thng tin cha nhng directory trn to ra cc thng bo.
d. Mail Delivery :
Postfix s dng cc nh ngha ca cc lp a ch ( address class ) khi xc ch n no ( destinations ) c chp nhn gi i v bng cch no vn chuyn. Cc lp a ch chnh gm c : local, virtual alias, virtual mailbox, v relay. Nhng ch n no khng phi nhng lp trn s
28
c vn chuyn qua network bi smtp client. Da vo cc lp a ch trn, the queue manager gi cc delivery agent ph hp x l message Local Delivery : The Local Delivery Agent iu khin mail cho cc users c shell account trn h thng m Postfix ang chy. Domain names cho local delivery c lit k trong bin mydestination. Nhng messages c gi ti bt k mydestination domain u c chuyn n cc shell account c nhn cho user. Ni 1 cch n gin l Local Delivery Agent chuyn email message n cc ni lu tr cc b ( local message store ). Khi mt message c chuyn tip ( forward ) n 1 ni khc, n s c gi li cho Postfix c chuyn n a ch mi. Nu xy ra li th delivery agent s bo cho queue manager nh du message ny s c gng gi i li trong thi gian ti v cha n defer queue. Virtual Alias Messages : Virtual alias Message l nhng email c chuyn tip n 1 a ch khc. Vd : user name tom cho a ch emai l tom@hoasen.net , ng thi cng c 1 alias email khc l tom.weslly@hoasen.com , vy khi 1 email gi ti tom.weslly@hoasen.com s kim tra v nhn thy rng a ch email thc ca ngi nhn l tom@hoasen.net . postfix s resubmitted email gi n tom@hoasen.net . Domain name ca virtual alias c nh ngha trong bin virtual_alias_domian v nhng user v a ch email thc s ca chng c nh ngha trong bng tm kim ( lookup table ) c nh ngha trong virtual_alias_maps. Virtual Mailbox Messages : Virtual Delivery Agent iu khin vic gi v nhn mail ca a ch virtual mailbox. Nhng Mailboxs ny khng c lin kt no vi bt k user no trn h thng ( shell account ). Domain name v user ca virtual mailboxs c nh ngha trong 2 bin virtual_mailbox_domain v virtual_mailbox_maps . Rrelay Messages : Smtp Delivery Agents iu khin mail ca cc relay domains. a ch Email trong relay domain l nhng a ch c lu tr trn h thng khc, nhng Postfix chp nhn cc messages v chuyn tip chng n ng
Ngnh : Mng My Tnh
29
h thng lu tr email . Domain names ca relay domain c khai bo trong bin relay_domain. Ch : ngoi nhng delivery agent nu trn Postfix cn h tr cc delivery agent khc, nh ngha mt delivery agents c thc hin trong file master.cf .
e. Tracing a Message Through Postfix :

mc II chng ta 1 cch tng qut 1 email c gi v nhn nh th no. phn ny chng ta s tm hiu 1 cch hon chnh 1 email s di chuyn nh th no trong h thng Postfix. Trong v d bn di : Helene ( helene@oreilly.com ) c ti khon trn h thng ang chy Postfix gi email ti Frank ( frank@postfix.org ) v frank c 1 alias l doel@onlamp.com .
Hnh 5- Tracing A Message 1 V Helene c account tren h thng nn email c gi bng lnh postdrop v a vo maildrop directory, email s c cc daemon pickup, cleanup, trivial-rewrite in cch thng tin cn thit cho email v c a vo incoming queue trong queue manager. Tip tc email c chuyn n active queue, bi v ch n ca email ny nm bn ngoi h thng nn
30
queue manager gi smtp delivery agent iu khin vic gi email ny. Stmp agent truy vn DNS bit c a ch ca mail server ca domain postfix.org v gi email i.
Hnh 6 Tracing A Message 2 Hnh 6 cho ta thy daemon smtp ca domain postfix.org nhn email t daemon smtp ca domain oreilly.com. email ln lt c cc daemon cleanup , trivial-rewrite kim tra trc khi t email vo incoming queue, tip n email c chuyn sang active queue v queue manager nhn thy phi gi local delivery agent chuyn email i. Local delivery agent kim tra v nhn ra frank l 1 alias ( b danh ) v local delivery agent resubmitted email qua clenup daemon v gi i vi a ch mi.
Ngnh : Mng My Tnh
31
Hnh 7 Tracing A Message 3 hnh 7 , cc bc nhn email c thc hin ging nh hnh 6 cho n bc gi local delivery agent chuyn email n ngi nhn th local delivery agent kim tra v nhn thy email hp l v lu vo Message store cho ngi nhn.
3. Postfix vi LDAP :
Postfix c th s dng LDAP Directory nh l ngun d liu cho mi lookup ca postfix nh : alias, virtual, canonical. iu ny gip bn gi thng tin ca cc ti khon email an ton v c bo v tt hn. V khng c thng tin no lu trn local nn c th c nhiu mail server cng s dng chung 1 th vin thng tin m khng gp vn v s tr hon khi update d liu cho nhiu server. Postfix hot ng c vi LDAP directory th postfix phi ci t gi postfix-ldap bng lnh sau : apt-get install postfix-ldap Ngoi ra bn cng cn phi khai bo trong file main.cf postfix bit lookup thng tin bng giao thc no : Vd : alias_maps = ldap:/etc/postfix/ldap-aliases.cf Trong file ldap-aliases.cf cn khai bo nhng thng tin nh sau : server_host = ldap.example.com \\ ch ra a ch ca LDAP server search_base = dc=example, dc=com query_filter = mail=%s \\ attribute cn thit tm kim result_attribute = maildrop \\ attribute c tr v.
IV.
DOVECOT : 1. Gii Thiu :

Dovecot l mt Mail Delivery Agent, c vit rt bo mt , n h tr c hai nh dng mailbox l mbox v maildir. Dovecot cng l mt phn mm m ngun m xy POP v IMAP server cho h thng Linux/Unix. Dovecot l mt la chn hon ha cho 1 h thng email nh cng nh 1 h thng email ln bi v n hot ng nhanh , d dng ci t v s dng rt t b nh v ti nguyn ca h thng. Dovecot cn rt nhiu tnh nng mnh m khc nh : c th hot ng c vi NFS v clustered filesystems, h tr nhiu authentication databases v mechanisms, c th lm nhim v chng thc smtp , v c th tch hp nhiu plugins nh quota v ACL.
2. C bn v cu hnh dovecot :
cu hnh Dovecot bn tinh chnh file sau /etc/dovecot/dovecot.conf
32
u tin bn chn cc protocol m dovecot s h tr bng bin sau : protocols = pop3 pop3s imap imaps k n bn chn nh dng mailbox m dovecot s dng : mail_location = maildir:~/Maildir # (for maildir) or mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox) ch : l bn cng phi cu hnh MTA s dng mailbox ging nh bn chn trn. y l nhng cu hnh c bn m bn nn tm hiu, ng thi bn cng nn hiu Authentication Databases ca Dovecot. Authentication Databases : Dovecot h tr cc dng authentication databases sau : Passwd: System users (NSS, /etc/passwd, or similiar) Passwd-file: /etc/passwd-like file in specified location LDAP: Lightweight Directory Access Protocol SQL: SQL database (PostgreSQL, MySQL, SQLite) VPopMail: External software used to handle virtual domains Nhng Databases nn trn c s dng cha thng tin user v password ca cc ti khon email m dovecot gi l password databases v user databases. Password Databases : Dovecot chng thc user da vo cc Password Databases v bn c th s dng nhiu password databases cng mt lc. Nu Dovecot kim tra vi Databases th nht m khng ph hp n s tip tc kim tra tip Databases th 2. iu ny rt thun li nu nh bn mun h tr cho c local user v virtual user. Success/failure databases : Nhng loi thuc databases ny n gin kim tra password bn cung cp c ng hay khng , Dovecot khng ly password t database m ch ly li thng tin success hay failure. Nhng Databases thuc loi ny gm c: Khoa Khoa Hc Cng Ngh
PAM: Pluggable Authentication Modules. BSDAuth: BSD authentication.

Ngnh : Mng My Tnh
33
CheckPassword: External checkpassword program.
Lookup databases : C hai loi databases thuc Lookup databases nh sau : Databases ch h tr looking up password , khng h tr cc thng tin m rng ca user : - Passwd: System users (NSS, /etc/passwd, or similiar). - Shadow: Shadow passwords for system users (NSS, /etc/shadow or similiar). - VPopMail: External software used to handle virtual domains. Database h tr tm kim tt c cc thng tin : - Passwd-file: /etc/passwd-like file in specified location. - LDAP: Lightweight Directory Access Protocol. - SQL: SQL database (PostgreSQL, MySQL, SQLite). User Databases : sau khai user chng thc thnh cng, Dovecot tm kim thng tin ca user, vic tm kim c thc hin bi cc delivery tm ra cc thng tin cn thit vn chuyn mail cho user. Cc thng tin c tm kim l : uid: User's UID (UNIX user ID) gid: User's GID (UNIX group ID) home: Home directory mail: Mail location (khi c tm kim th kt u tr v s thay th gi tr ca mail_location) nhng user databases c dovecot h tr gm c : Passwd: System users (NSS, /etc/passwd, or similiar) Passwd-file: /etc/passwd-like file in specified location NSS: Name Service Switch (v1.1+) LDAP: Lightweight Directory Access Protocol SQL: SQL database (PostgreSQL, MySQL, SQLite) Static: Userdb information generated from a given template VPopMail: External software used to handle virtual domains Prefetch: This assumes that the passdb already returned also all the required user database information
3. Dovecot v LDAP :
Nh trnh by pha trn ta thy Dovecot c kh nng s dng LDAP l Authentication Databases.
34
Chng ta c 2 cch chng thc LDAP : Password lookups Authentication binds
a. Password lookups:
u im ca Password lookups so vi Authentication binds : - Nhanh hn , v Dovecot c th gi nhiu yu cu ng b LDAP cng mt lc ti server. Vi Authentication binds th phi ch hon thnh xong 1 request ri mi gi tip. - H tr non-plaintext authentication mechanisms - Khi s dng Delivery v static userdb, delivery c th kim tra s tn ti ca user. Cn vi Authentication th khng th thc hin c vic ny. LDAP server permissions : thng thng th LDAP server khng cp quyn cho bt c user ny c quyn truy xut password ca user, cho nn bn cn to 1 administrator account c quyn truy xut userPassword field. Bng cch thm dng sau trong file /etc/ldap/slapd.conf: # there should already be something like this in the file: access to attribute=userPassword by dn="<dovecot's dn>" read # just add this line by anonymous auth by self write by * none Thay "<dovecot's dn>" bng DN m bn khai bo trong dovecot-ldap.conf. Dovecot configuration : c 2 cu hnh quan trong trong password lookup l : pass_filter : ch ra b lc Ldap no c th tm c user. Pass_attrs : ch ra cc attributes no c tr v t LDAP sever. Nu trng th s tr v tt c cc attributes. Thng thng th LDAP attribute khng c tn trng vi cc attribute ca Dovecot s dng , do chng ta phi nh x chng vi nhau. C cu trc nh sau : <ldap attribute>=<dovecot field>. Vd : pass_attrs = uid=user, userPassword=password Sau y l 1 v d c cu hnh trong file dovecot-ldap.conf : auth_bind = no pass_attrs = uid=user, userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u))
35
default_pass_scheme = MD5
b. Authentication binds :
u im : - LDAP server kim tra password cho nn Dovecot khng cn bit nh dng lu tru ca password. - C thm 1 cht bo mt, v khng cn to dovecot user c th truy xut n password ca tt c user trn LDAP server. Ta c th bt chc nng Authentication binds bng bin auth_bind=yes Vd :
auth_bind = yes pass_attrs = uid=user pass_filter = (&(objectClass=posixAccount)(uid=%u)) auth_bind_userdn = cn=%u,ou=people,o=org
Ngnh : Mng My Tnh
36
PHN 4 : FIREWALL
I.
-
FireWall l g :
Thut ng FireWall c ngun gc t mt k thut thit k trong xy dng ngn chn, hn ch ho hon. Trong Cng ngh mng thng tin, FireWall l mt k thut c tch hp vo h thng mng chng li s truy cp tri php nhm bo v cc ngun thng tin ni b cng nh hn ch s xm nhp vo h thng ca mt s thng tin khc khng mong mun. Internet FireWall l mt tp hp thit b (bao gm phn cng v phn mm) c t gia mng ca mt t chc, mt cng ty, hay mt quc gia (Intranet) v Internet. Trong mt s trng hp, Firewall c th c thit lp trong cng mt mng ni b v c lp cc min an ton. V d nh m hnh di y th hin mt mng Firewall ngn cch phng my, ngi s dng v Internet.
II.
Phn Loi Firewall :
Firewall c chia lm 2 loi, gm Firewall cng v Firewall mm:
1. Firewall cng : L nhng firewall c tch hp trn Router.
c im ca Firewall cng: Khng c linh hot nh Firewall mm: (Khng th thm chc nng, thm quy tc nh firewall mm) Firewall cng hot ng tng thp hn Firewall mm (Tng Network v tng Transport) Firewall cng khng th kim tra c nt dung ca gi tin. V d Firewall cng: NAT (Network Address Translate).
2. Firewall mm: L nhng Firewall c ci t trn Server.
c im ca Firewall mm: Tnh linh hot cao: C th thm, bt cc quy tc, cc chc nng Firewall mm hot ng tng cao hn Firewall cng (tng ng dng)
Ngnh : Mng My Tnh
37

-
Firewal mm c th kim tra c ni dung ca gi tin (thng qua cc t kha). + V d v Firewall mm: ISA , iptables
III.
Ti sao cn Firewall ?
Nu my tnh ca bn khng c bo v, khi bn kt ni Internet, tt c cc giao thng ra vo mng u c cho php, v th hacker, trojan, virus c th truy cp v ly cp thng tin c nhn cu bn trn my tnh. Chng c th ci t cc on m tn cng file d liu trn my tnh. Chng c th s dng my tnh cu bn tn cng mt my tnh ca gia nh hoc doanh nghip khc kt ni Internet. Mt firewall c th gip bn thot khi gi tin him c trc khi n n h thng ca bn. Chc nng chnh ca Firewall: Chc nng chnh ca Firewall l kim sot lung thng tin t gia Intranet v Internet. Thit lp c ch iu khin dng thng tin gia mng bn trong (Intranet) v mng Internet. C th l: - Cho php hoc cm nhng dch v truy nhp ra ngoi (t Intranet ra Internet). - Cho php hoc cm nhng dch v php truy nhp vo trong (t Internet vo Intranet). - Theo di lung d liu mng gia Internet v Intranet. - Kim sot a ch truy nhp, cm a ch truy nhp. - Kim sot ngi s dng v vic truy nhp ca ngi s dng. - Kim sot ni dung thng tin thng tin lu chuyn trn mng.
IV.
IPTABLE FRIWALL:
1. Gii thiu :
Trong mi trng Linux phn mm firewall ph bin v c bn nht l iptables, thng qua n bn c th d dng hiu c nguyn l hot ng ca mt h thng firewall ni chung.
2. Cu Trc Iptable :
Iptables c bn gm ba bng FILTER, MANGLE, NAT v cc chain trong mi bng, vi chng ngi qun tr c th to ra cc rules cho php cc gi tin vo ra h
38
thng (c bo v bng iptables) tu theo mun ca mnh. Chc nng c th ca chng nh sau. Mangle: dng chnh sa QOS(qulity of service) bit trong phn TCP Header ca gi tin Filter: ng nh tn gi n dng lc cc gi tin gm cc build-in chain - Forward chain: lc nhng gi tin i qua h thng (i vo mt h thng khc). - Input chain: lc nhng gi tin i vo h thng. - Output chain: nhng gi tin i ra t h thng. Nat: sa a ch gi tin gm cc build-in chain - Pre-routing: sa a ch ch ca gi tin trc khi n c routing bi bng routing ca h thng (destination NAT hay DNAT). - Post-routing: ngc li vi Pre-routing, n sa a ch ngun ca gi tin sau khi gi tin c routing bi h thng (SNAT). Mi rule m bn to ra phi tng ng vi mt chain, table no y. Nu bn khng xc nh tables no th iptables coi mc nh l cho bng FILTER.
3. Trnh t x l gi tin ca iptables :

C th tm tt trnh t x l gi tin ca iptables bng hnh v sau cc gi tin t ngoi i vo s c kim tra bi cc Pre-routing chain u tin xem xem n c cn DNAT khng sau gi tin c routing. Nu gi tin cn i ti mt h thng khc ( protected network ) n s c lc bi cc FORWARD chain ca bng FILTER v nu cn n c th c SNAT bi cc Post-routing chain trc khi n c h thng ch. Tng t khi h thng ch cn tr li, gi tin s i theo th t nh vy nhng theo chiu ngc li. Lu trong hnh v nhng FORWARD v Post-routing chain ca bng mangle ch tc ng vo c im QOS ( Quality of Service ) ca gi tin. Nu gi tin c gi ti h thng ( h thng cha iptables ) n s c x l bi cc INPUT chain v nu khng b lc b n s c x l bi mt dch v ( System Service ) no chy trn h thng. Khi h thng gi tr li, gi tin m n gi i c x l bi cc OUTPUT chain v c th c x k bi cc Post-routing chain ca bng FILTER v bng MANGLE nu n cn SNAT hay QoS. Targets v Jumps nhng iptables rules kim tra nhng gi ip v c gng xc nh n s c x l theo kiu no (target), khi c xc nh gi ip s c x l theo kiu .
Sau y l mt s build-in targets thng c s dng.

-ACCEPT: iptables chp nhn gi tin, a n qua h thng m khng tip tc kim tra n na. - DROP: iptables loi b gi tin, khng tip tc x l n na. - LOG: thng tin ca gi tin s c ghi li bi syslog h thng, iptables tip tc x l
39
gi tin bng nhng rules tip theo. - REJECT: chc nng ca n cng ging nh DROP tuy nhin n s gi mt error message ti host gi gi tin. - DNAT: dng sa li a ch ch ca gi tin. - SNAT: dng sa li a ch ngun ca gi tin - MASQUERADE: cng l mt kiu dng sa a ch ngun ca gi tin
xy dng cc rules bn cn phi s dng cc tu chn to iu kin so snh.Sau y l mt s tu chn thng dng.
40
-t : ch ra tn ca bng m rule ca bn s dc ghi vo (mc nh l FILTER ). -j : nhy n mt kiu x l (target) tng ng nh nh ngha trn nu iu kin so snh tho mn. - A : ghi ni tip rule vo ui mt chain -p : so snh protocol gi tin. - s : so snh a ch ngun ca gi tin. - d : so snh a ch ch ca gi tin - i : so snh tn card mng m gi tin i vo h thng qua - o : so snh tn card mng m gi tin t h thng i ra qua . -p tcp sport : xc nh port ngun ca gi tin TCP. -p tcp dport : xc nh port ch ca gi tin TCP -p udp sport : xc nh port ngun ca gi tin UDP -p udp dport : xc nh port ch ca gi tin UDP syn : xc nh gi tin c phi l mt yu cu to mt kt ni TCP mi khng. icmp-type : xc nh loi gi icmp (echo-reply hay echo-request). -m multiport sport < port, port >: xc nh mt lot cc gi tr port ngun -m multiport dport < port, port >: xc nh mt lot cc gi tr port ch. -m multiport port < port, port >: xc nh mt lot cc gi tr port ( khng phn bit ngun hay ch ). -m state < state >: xc nh trng thi kt ni m gi tin th hin ESTABLISHED: gi tin thuc mt kt ni c thit lp. NEW: gi tin th hin mt yu cu kt ni. RELATED : gi tin th hin mt yu cu kt ni th hai (c lin quan n kt ni th nht, thng xut hin nhng giao thc FPT hay ICMP) INVALID : th hin mt gi tin khng hp l
Ngnh : Mng My Tnh
41
PHN 5 : DNS SERVER

I. Gii Thiu:
Duy tr mt c s d liu DNS c th gip my tnh dch tn min chng hn nh www.ubuntu.com cc a ch IP nh 91.189.94.249. Khi c nhn khng c my ch DNS lu tr ton b Internet trong c s d liu ca n th mi my ch c cu hnh theo mc nh yu cu my ch DNS khc. Mt my ch DNS cng c bit n nh l mt ci tn server hoc name server, nh nhim v m t ca n trong file cu hnh chnh DNS client / etc / resolv.conf. Cc tn c m t, v d, mt chuyn tip DNS: my ch chuyn tip yu cu. Mt tn b nh m my ch lu tr cc kt qu ca yu cu chuyn tip; yu cu lp i lp li c th s dng b nh cache khng c chuyn tip. Nh cc d liu trc tip c sn n mt my ch tng th ni chung l hn ch trong mt mng ni b, n cn c th chuyn tip yu cu l tt. Cui cng, slaver DNS server (cn gi l my ch th cp) cn truy cp vo cc c s d liu c quyn trn my ch DNS chnh. - A master DNS server : C thm quyn cc bn ghi cho domain, yu cu cho a ch IP ca my ch khc c th c lu tr hoc chuyn tip. - A secondary master DNS server Da trn mt my ch DNS cho cc d liu tng th. l cng c bit n nh mt my ch DNS n l. Yu cu a ch IP ca my khc c th c lu tr hoc chuyn tip .. - A caching-only DNS server Ni lu tr yu cu ging nh mt my ch proxy. Nu Cu tr li l khng c trong b nh cache th n dng ch my ch DNS khc. - A forwarding-only DNS server : cp n tt c cc yu cu ti my ch DNS khc.
II.
The Reverse Zone File :
cho php mt my ch DNS chuyn i ngc li, t mt a ch IP n mt tn my. Reverse tra cu khu vc c s dng bi nhiu my ch ca cc loi khc nhau (FTP, IRC,WWW, v nhng ngi khc) quyt nh xem h thm ch cn mun ni chuyn vi mt my tnh yu cu thng tin. l mt cch ph bin cho mt my ch mail kim tra xem mt e-mail n t mt tn min hp l.
III.
Master (Primary) Name Servers :
Khi master DNS nhn c cu hi cho mt khu vc m n l chnh thc sau n s tr li l 'Authoritative' (bit AA c t trong mt phn ng truy vn).
42
Nu mt master DNS nhn c mt truy vn cho mt khu vc m n khng phi l mt master cng khng phi l slaver sau n s hot ng nh cu hnh (trong BIND hnh vi ny c nh ngha trong file named.conf): - Nu hnh vi ca b nh m c php v cc truy vn quy c cho php my ch hon ton s tr li cc yu cu hoc tr li mt li. - Nu hnh vi ca b nh m c php v lp i lp li (khng quy) cc truy vn c cho php my ch c th p ng vi cu tr li hon chnh (nu n c trong b nh cache v yu cu khc), giy gii thiu, hoc tr li mt li. - Nu hnh vi ca b nh m l khng c php (mt my ch DNS 'Authoritative Ch c') cc my ch s tr v mt gii thiu hoc li. Mt master DNS c th thng bo thay i khu vc xc nh (thng l slave) cc my ch - y l hnh vi mc nh , thng bo thng ip m bo cc thay i khu vc ang nhanh chng lan truyn n nhng slave (gin on iu khin) hn l da trn my ch slave nh k b phiu cho nhng thay i. Mt tng th khu vc c th l 'n' (ch c mt hoc nhiu slave bit v s tn ti ca n). Khng c yu cu cu hnh nh vy cho cc my ch tng th xut hin trong mt RR NS cho cc tn min. Yu cu duy nht l hai (hoc nhiu) tn my ch h tr cc vng. C hai my ch c th l bt k s kt hp ca ch n, n l hay n l ch thm ch-master.
IV.
Slave (Secondary) Name Servers :
A Slave DNS ly vng d liu ca mnh bng cch s dng mt hot ng chuyn vng (thng l t mt tng th khu vc) v n s phn ng nh c thm quyn i vi nhng khu vc m n c nh ngha l mt 'slave' v mt cu hnh khu vc hin ang cn hiu lc. N l khng th xc nh t kt qu truy vn m n n t mt tng th khu vc hoc cc slave. C th c bt k s lng DNS ca slave cho bt k khu vc nht nh. Tnh trng slave c nh ngha trong BIND bng cch bao gm 'slave types'trong phn khai bo vng ca file named.conf nh th hin bi cc on sau y: // example.com fragment from named.conf // defines this server as a zone slave zone "example.com" in{ type slave; file "sec/sec.example.com"; masters {192.168.23.17;}; };
Ngnh : Mng My Tnh
43
Cc master DNS cho tng vng c xc nh trong mt tuyn b ca master ca khu iu khon v cho php slaver lm mi bn ghi khu , khi ht thi hn tham s ca Bn ghi SOA t c. Nu mt slave khng th t c master DNS khi "ht hn" thi gian t ti n s ngng p ng cc yu cu cho khu vc. N s khng s dng d liu thi gian ht hn. Cc tham s tp tin l ty chn v cho php slave ghi cc vng chuyn sang a v do nu BIND c khi ng li trc khi thi gian ht hn s dng ,cc my ch s s dng d liu lu. Trong cc h thng ln DNS ny c th tit kim mt lng ng k lu lng mng.
V.
Stealth (a.k.a. DMZ or Split) Name Server :
Mt my ch tng hnh c nh ngha nh l mt my ch tn m khng xut hin trong bt k hin th cng khai NS Records cho domain. Cc my ch tng hnh thng c s dng trong cu hnh c gi l Split Mt cu hnh Split Server c hin th trong hnh:
Cc my ch ni b (my ch Stealth) c th c cu hnh lm dch v c th nhn thy bn trong v bn ngoi, cung cp cc truy vn quy v tt c cc dch v khc. My ch ny s s dng mt tp tin khu vc ch t nhn c th nhn nh th ny: ; private zone master file used by stealth server(s) ; provides public and private services and hosts example.com. IN SOA ns.example.com. root.example.com. ( 2003080800 ; se = serial number 3h ; ref = refresh 15m ; ret = update retry 3w ; ex = expiry 3h ; min = minimum ) IN NS ns1.example.com. IN NS ns2.example.com.
44
IN MX 10 mail.example.com. ; public hosts ns1 IN A 192.168.254.1 ns2 IN A 192.168.254.2 mail IN A 192.168.254.3 www IN A 192.168.254.4 ftp IN A 192.168.254.5 ; private hosts joe IN A 192.168.254.6 bill IN A 192.168.254.7 fred IN A 192.168.254.8 .... accounting IN A 192.168.254.28 payroll IN A 192.168.254.29 Cc quy nh c th trong Internet style data - NS record l tn my ch ti nguyn ghi li - MX record l bn ghi Mail Exchange,m ch dn e-mail thng tin n mt my tnh ,Nu c nhiu hn mt my ch e-mail, bn c th thm nhiu hn mt bn ghi MX cho chuyn c s d liu tp tin. - CNAME dng ch nh cng mt a ch cho cc my ch khc nh nhng ngi lin quan n my ch FTP hoc thm ch rsync. Tuy nhin, CNAME khng cn lm vic cho cc my ch e-mail.Nu ch mun cu hnh vng chuyn tip trong / bind / etc / named.conf.local, l thi gian c li cc file cu hnh vi lnh rndc reload.
Ngnh : Mng My Tnh
45
PHN 6: WEB SEVER (APACHE)

I. Gii Thiu :
Mt my ch web l mt loi c bit ca my ch tp tin m tt c phi l tp tin cung cp c lu tr trong mt cu trc th mc chuyn dng. Cc gc ca cu trc ny c gi l gc ca ti liu, v cc nh dng tp tin m cung cp cc tp tin l HTML, ngn ng nh du siu vn bn. Nhng mt my ch web c th cung cp nhiu hn l ch tp tin HTML. Trong thc t, cc my ch web c th phc v bt c th g, min l n c ghi r trong tp tin HTML. Do , mt my ch web l mt ngun rt tt cho nhng dng m thanh v video, truy cp c s d liu, hin th hnh nh ng, hin th hnh nh, v nhiu hn na. Ngoi cc my ch web ni c ni dung c lu tr, khch hng cn c th s dng mt giao thc c th truy cp ni dung ny l tt, v giao thc ny l HTTP (cc giao thc truyn siu vn bn). Thng thng, khch hng s dng mt trnh duyt web to ra cc HTTP lnh m ly ni dung, dng HTML v cc file khc, t mt my ch web. hai phin bn khc nhau ca my ch web Apache. Vic gn y nht phin bn 2.x, l mt trong nhng ci t mc nh trn Ubuntu Server. Tuy nhin, mi trng gp phi m vn s dng trc y 1.3. iu ny thng xy ra nu, v d, cc kch bn tu chnh c pht trin s dng vi 1.3, v nhng kch bn khng tng thch vi 2.x.
Ngnh : Mng My Tnh
46
1. M Hnh Hot ng:
2. a Ch URL :
URL (vit tt ca Uniform Resource Locator) c dng tham chiu ti ti nguyn trn Internet. URL mang li kh nng siu lin kt cho cc trang mng. Mt URL bao gm tn giao thc (http,ftp), tn min, c th ch nh cng, ng dn tuyt i trn my phc v ca ti nguyn, cc truy vn, ch nh mc con.
II.
Gii Thiu V APACHE : 1. Tng Quan :

Apache l mt my ch web kiu m-un, c ngha l cc my ch li (c vai tr l c bn phc v ln cc vn bn HTML) c th c m rng bng cch s dng mt lot cc m-un ty chn: libapache2-mod-auth-mysqld: module ny cho Apache nh th no x l xc thc ngi dng vi mt c s d liu MySQL. libapache2-mod-auth-pam: module ny ch th Apache lm th no xc thc ngi dng, s dng c ch Linux PAM. libapache-mod-frontpage: module ny ch th Apache nh th no x l cc trang web
Ngnh : Mng My Tnh
47
bng cch s dng Microsoft FrontPage m rng. libapache2-mod-mono: module ny cho Apache lm th no gii m ASP.NET y l mt danh sch ngn v khng y ca tt c cc module c th s dng trn web Apache server: http://modules.apache.org hin danh sch hn 450 m-un. iu quan trng l xc nh chnh xc nhng m-un no cn cho my ch c th m rng chc nng ca n cho ph hp Cc d n Apache Directory cung cp gii php th mc hon ton c vit bng Java. Chng bao gm mt my ch th mc, m c chng nhn l LDAP v3 ph hp do Tp on Open (Apache Directory Server), v cc cng c th mc da trn Eclipse (Apache Directory Studio). Apache Directory Server ApacheDS l mt my ch th mc nhng hon ton c vit bng Java, c chng nhn tng thch LDAPv3 do Tp on Open. Bn cnh LDAP n h tr Kerberos 5 v nhng thay i mt khu Ngh nh th. N c thit k gii thiu gy nn, th tc, hng i v quan im vi th gii ca LDAP thiu cc cu trc phong ph. Apache Directory Studio Apache Directory Studio l mt th mc nn tng cng c hon chnh d nh s c s dng vi bt k my ch LDAP tuy nhin n c bit c thit k s dng vi cc ApacheDS. N l mt ng dng RCP Eclipse, bao gm mt s Eclipse (OSGi) b sung, c th d dng nng cp vi nhng ngi khc. Nhng b sung thm ch c th chy trong Eclipse chnh n.
III.
APACHE V LDAP :
APACHE s dng Module mod_authnz_ldap Cho php mt th mc LDAP c s dng lu tr cc c s d liu xc thc HTTP c bn: Module ny cung cp chng thc trc kt thc nh mod_auth_basic xc thc ngi dng thng qua mt th mc LDAP. mod_authnz_ldap h tr cc tnh nng sau: - c bit n h tr cc SDK OpenLDAP (c 1.x v 2.x), Novell LDAP SDK v iPlanet cc (Netscape) SDK. - chnh sch cp php phc tp c th c thc hin bi i din chnh sch vi cc b lc LDAP. - S dng rng b nh m ca cc hot ng LDAP thng qua mod_ldap. - H tr cho LDAP qua SSL (yu cu cc SDK Netscape) hoc TLS (yu cu OpenLDAP 2.x SDK hoc Novell LDAP SDK).
48
C hai giai on trong vic cp quyn truy cp cho ngi dng. Giai on u tin l xc thc, trong cc nh cung cp chng thc mod_authnz_ldap xc nhn rng thng tin ca ngi dng l hp l. iu ny cng c gi l tm kim / giai on kt. Giai on th hai l y quyn, trong mod_authnz_ldap quyt nh nu ngi s dng chng thc c php truy cp vo cc ti nguyn trong cu hi. iu ny cng c bit n nh l so snh cc giai on. mod_authnz_ldap ng k c hai nh cung cp xc thc v y quyn authn_ldap authz_ldap mt b x l. Cc nh cung cp authn_ldap chng thc c th c kch hot thng qua cc ch th AuthBasicProvider s dng gi tr ldap. Vic x l y quyn authz_ldap m rng cc loi ch th bng cch thm Yu cu ca ngi s dng ldap, ldap dn-v ldap-nhm cc gi tr. Trong giai on thm nh, tm kim mod_authnz_ldap cho mt mc trong th mc ph hp vi tn ngi dng m my khch HTTP qua. Nu mt trn u duy nht duy nht c tm thy, sau mod_authnz_ldap c gng gn kt vi cc my ch th mc bng cch s dng cc DN ca mc nhp cng vi cc mt khu c cung cp bi cc khch hng HTTP. Bi v n thc hin mt tm kim, sau mt lin kt, n thng c gi tt l tm kim / giai on kt. Di y l cc bc thc hin trong thi gian tm kim / giai on kt.
1. The Authentication Phase :

To mt b lc tm kim bng cch kt hp cc thuc tnh v cc b lc c cung cp trong ch th AuthLDAPURL vi tn ngi dng thng qua cc giao thc. Tm kim th mc bng cch s dng to ra b lc. Nu tm kim khng tr v ng mt mc, t chi hoc t chi truy cp. Ly tn phn bit ca mc nhp ly t cc tm kim v c gng kt ni ti cc my ch LDAP bng cch s dng m DN v mt khu thng qua cc giao thc. Nu lin kt l khng thnh cng, t chi hoc t chi truy cp.
2. The Authorization Phase :

Trong giai on cp php, c gng mod_authnz_ldap xc nh xem ngi s dng c u quyn truy cp ti nguyn. Nhiu ngi trong s cc yu cu kim tra mod_authnz_ldap lm mt so snh hot ng trn my ch LDAP. y l l do ti sao giai on ny thng c gi l so snh cc giai on. mod_authnz_ldap chp nhn nhng iu sau y Yu cu ch th xc nh xem cc thng tin c chp nhn: Cp quyn truy cp nu c mt Yu cu ngi s dng ldap ch th, v tn ngi dng trong ch th ph hp vi tn ngi dng thng qua bi khch hng.
49
Cp quyn truy cp nu c mt Yu cu ldap-dn ch th, v cc DN trong ch th ph hp vi DN ly t cc th mc LDAP. Cp quyn truy cp nu c mt Yu cu ldap nhm ch th, v cc DN ly t cc th mc LDAP (hoc tn ngi dng thng qua khch hng) xy ra nhm LDAP hay, c kh nng, trong mt nhm con ca n. Cp quyn truy cp nu c mt Yu cu ldap-thuc tnh ch th, v thuc tnh ly t cc th mc LDAP ph hp vi gi tr nht nh. Cp quyn truy cp nu c mt Yu cu ldap-lc ch th, v tm kim cc b lc thnh cng tm thy mt i tng ngi dng duy nht ph hp vi dn ca ngi s dng chng thc. nu khng, ph nhn hoc t chi truy cp Yu cu cc gi tr khc cng c th c s dng m c th yu cu cc m-un ti u quyn b sung. Cp quyn truy cp n tt c ngi dng xc thc thnh cng nu c mt Yu cu hp l ca ngi s dng ch th. (yu cu mod_authz_user) Cp quyn truy cp nu c mt nhm Yu cu cc ch th, v mod_authz_groupfile c ti vi cc ch th AuthGroupFile thit lp.
3. The Require Directives :

Yu cu ch th ca Apache c s dng trong giai on cp php m bo rng ngi dng c php truy cp vo mt ngun ti nguyn. mod_authnz_ldap m rng cc loi hnh y quyn vi ngi s dng ldap, ldap dn-, ldap nhm, ldap thuc tnh v ldap-lc. Cc loi giy php khc cng c th c s dng nhng c th yu cu thm module cho php c np.
a. Require ldap-user :
Cc Yu cu ngi s dng ldap ch th xc nh nhng g tn ngi dng c th truy cp cc ti nguyn. Mt khi ly mod_authnz_ldap mt DN c o t th mc, n c mt LDAP so snh hot ng bng cch s dng tn ngi dng quy nh ti cc Yu cu ngi s dng ldap xem tn ngi dng l mt phn ca ch mc LDAP cng iu. Nhiu ngi s dng c th c cp quyn truy cp bng cch t nhiu tn ngi dng trn dng, ngn cch vi khng gian. Nu tn ngi dng mt c mt khng gian trong n, sau n phi c bao quanh vi du ngoc kp. Nhiu ngi dng cng c th c cp quyn truy cp bng cch s dng nhiu ldap Yu cu ngi s dng ch th, vi mt ngi s dng trn mi dng. V d, vi mt AuthLDAPURL ca ldap: / ldap / / o = V d cn (tc l, cn c s dng cho
Ngnh : Mng My Tnh
50
cc tm kim), cc ch th Yu cu sau y c th c s dng hn ch truy cp: Require ldap-user "Barbara Jenson" Require ldap-user "Fred User" Require ldap-user "Joe Manager" Bi v cch x l mod_authnz_ldap ch th ny, Barbara Jenson c th ng nhp vo nh Barbara Jenson, Babs Jenson hoc cn no khc m c c trong mc LDAP ca c. Ch c duy nht dng ldap Yu cu ngi s dng l cn thit h tr tt c cc gi tr ca thuc tnh trong mc nhp ca ngi dng. Nu cc thuc tnh c s dng thay v uid ca thuc tnh cn trong URL trn, ba trn ng c th c c c Require ldap-user bjenson fuser jmanager
b. Require ldap-group :
Ch th ny quy nh mt nhm LDAP m cc thnh vin c php truy cp. N c tn phn bit ca nhm LDAP. Lu : Khng bao quanh tn nhm vi du ngoc kp. V d, gi s rng cc mc sau y tn ti trong th mc LDAP: dn: cn=Administrators, o=Example objectClass: groupOfUniqueNames uniqueMember: cn=Barbara Jenson, o=Example uniqueMember: cn=Fred User, o=Example Ch th sau y s cp quyn truy cp cho c Fred v Barbara: Require ldap-group cn=Administrators, o=Example Cc thnh vin cng c th c tm thy trong cc nhm ca mt nhm LDAP quy nh nu AuthLDAPMaxSubGroupDepth c thit lp l gi tr ln hn 0. V d, gi s cc mc sau y tn ti trong th mc LDAP: dn: cn=Employees, o=Example objectClass: groupOfUniqueNames uniqueMember: cn=Managers, o=Example uniqueMember: cn=Administrators, o=Example uniqueMember: cn=Users, o=Example dn: cn=Managers, o=Example objectClass: groupOfUniqueNames
51
uniqueMember: cn=Bob Ellis, o=Example uniqueMember: cn=Tom Jackson, o=Example dn: cn=Administrators, o=Example objectClass: groupOfUniqueNames uniqueMember: cn=Barbara Jenson, o=Example uniqueMember: cn=Fred User, o=Example dn: cn=Users, o=Example objectClass: groupOfUniqueNames uniqueMember: cn=Allan Jefferson, o=Example uniqueMember: cn=Paul Tilley, o=Example uniqueMember: cn=Temporary Employees, o=Example dn: cn=Temporary Employees, o=Example objectClass: groupOfUniqueNames uniqueMember: cn=Jim Swenson, o=Example uniqueMember: cn=Elliot Rhodes, o=Example
c. Require ldap-dn:
Cc Yu cu ldap-dn ch th cho php ngi qun tr cp quyn truy cp da trn tn phn bit. N ch nh mt DN m phi ph hp cho vic truy cp c cp. Nu tn phn bit c ly t my ch th mc ph hp vi tn phn bit trong Yu cu dn-ldap, sau y quyn c cp. Lu : ng bao quanh tn phn bit vi du ngoc kp. Ch th sau y s cp quyn truy cp vo mt DN c th: Require ldap-dn cn=Barbara Jenson, o=Example
d. Require ldap-attribute :
Cc Yu cu ldap-thuc tnh ch th cho php ngi qun tr cp quyn truy cp da trn cc thuc tnh ca ngi s dng chng thc trong th mc LDAP. Nu cc thuc tnh trong th mc ph hp vi gi tr a ra trong cu hnh, truy cp c cp. Ch th sau y s cp quyn truy cp cho bt k ai vi cc employeeType thuc tnh = hot ng Require ldap-attribute employeeType=active
Ngnh : Mng My Tnh
52
Nhiu thuc tnh / gi tr cc cp c th c ch nh trn cng mt dng cch nhau bi khong trng hoc chng c th c quy nh ti nhiu ldap-Yu cu ch th thuc tnh. Hiu qu ca vic nim yt nhiu thuc tnh / gi tr cp l mt hot ng hoc. Truy cp s c cp nu c ca cc gi tr thuc tnh c lit k ph hp vi gi tr ca thuc tnh tng ng trong cc i tng ngi dng. Nu gi tr ca thuc tnh c mt khng gian, ch c gi tr phi nm trong du ngoc kp. Ch th sau y s cp quyn truy cp cho bt k ai vi cc thnh ph thuc tnh bng "San Jose" hoc tnh trng bng "Active" Require ldap-attribute city="San Jose" status=active
e. Require ldap-filter :
Cc Yu cu ldap-filter ch th cho php ngi qun tr cp quyn truy cp da trn mt b lc tm kim LDAP phc tp. Nu cc dn tr li ca b lc tm kim ph hp vi dn ngi dng xc thc, truy cp c cp. Ch th sau y s cp quyn truy cp cho bt c ai c mt in thoi di ng v l trong b phn tip th Require ldap-filter &(cell=*)(department=marketing) S khc bit gia cc th ldap-filter Yu cu v cc ch th Yu cu ldapthuc tnh l ldap-lc thc hin mt hot ng tm kim trn cc th mc LDAP bng cch s dng b lc tm kim quy nh ch khng phi l mt so snh thuc tnh n gin. Nu so snh thuc tnh n gin l tt c nhng g l cn thit, cc hot ng so snh c thc hin bi thuc tnh-ldap s c nhanh hn cc hot ng tm kim c s dng bi ldap-lc c bit l trong mt th mc ln.
Ngnh : Mng My Tnh
53
PHN 7 : DHCP
I. Vai Tr Ca DHCP Trong Mt H Thng Mng : 1. DHCP l g :
DHCP l vit tt ca Dynamic Host Configuration Protocol, l giao thc Cu hnh Host ng c thit k lm gim thi gian chnh cu hnh cho mng TCP/IP bng cch t ng gn cc a ch IP cho khch hng khi h vo mng. Dich v DHCP l mt thun li rt ln i vi ngi iu hnh mng. N lm yn tm v cc vn c hu pht sinh khi phi khai bo cu hnh th cng. Ni mt cch tng quan hn DHCP l dich v mang n cho chng ta nhiu li im trong cng tc qun tr v duy tr mt mng TCP/IP nh: - Tp chung qun tr thng tin v cu hnh IP. - Cu hnh ng cc my. - Cu hnh IP cho cc my mt cch lin mch - S linh hot - Kh nng m rng.
2. DHCP lm vic nh th no:

DHCP t ng qun l cc a ch IP v loi b c cc li c th lm mt lin lc. N t ng gn li cc a ch cha c s dng v cho thu a ch trong mt khong thi gian.
II.
B Sung V Cp Php Cho Dch V DHCP Hot ng : 1. Ti sao s dng dch v DHCP:
Gim bt c cc hin tng xung t v IP, hay cc li v IP, lun m bo cho cc my client c cu hnh ng. n gin ha trong cng tc qun tr.
2. a ch IP ng c bit l g ?
a ch IP ng c bit (Automatic private IP Addressing) hay APIPA l mt dc trng ca h iu hnh Microsoft windows cho php gn mt di a ch IP t ng trn cc my Client di a ch ny c gi tr trong khong t: 169.254.0.0 n 169.254.255.255. khi m dch v DHCP server khng c php cp pht IP cho cc my Client.
3. Cch thc cp pht a ch IP ng :

Dch v DHCP s thit lp Hp ng thu a ch IP v ra gn hp ng cho thu a ch IP nhm cp pht a ch IP ng cho cc my Client.
Ngnh : Mng My Tnh
54
III.
Cu Hnh Phm Vi Cp Pht Ca Dch V DHCP: 1. Phm vi cp pht DHCP l g :

Phm vi cp pht l di a ch IP hp l c dng thu hoc gn cho cc my Client trn cng mt Subnet. Ta cu hnh mt pham vi cp pht trn DHCP Server xc nh di a ch IP m cc Server c th gn cho cc my Client.
2. Ti sao phi s dng phm vi cp pht DHCP?

Phm vi cp pht s xc nh xem nhng a ch IP no s c php cp pht cho cc my client
IV.
Cu hnh a ch DHCP ginh sn (Reservations) v cc ty chn ca DHCP: 1. a ch DHCP dnh sn l g?

a ch IP dnh sn l mt di a ch IP c gn c nh. N l di a ch IP c to ra trong mt phm vi (scope) dnh ring, di a ch IP dnh ring ny c dng gn cho cc my Client (Chng l cc a ch IP tnh trong mng c gn cho cc my client).
2. Mt di a ch IP dnh sn bao gm c cc thng tin sau :

Reservation Name :L tn c gn bi nh qun tr. IP Address : L phm vi di a ch IP c gn cho cc my Client. MAC Address: L a ch MAC ca mi thit b m bn mun dnh sn mt a ch IP cho n. Description: Nhng m t do nh qun tr a ra. Supported Type:Kiu h tr ny c th l: DHCP dnh sn, BOOTP dnh sn, hoc c hai.
3. Ty chn DHCP l g?
Cc ty chn DHCP l cc tham s cu hnh my khch b sung m mt my ch DHCP c th gn khi phc v cc my khch DHCP.
4. Ti sao phi s dng ty chn DHCP?

Cc ty chn DHCP c cu hnh s dng bng iu khin DHCP v c th c p dng cho nhiu phm vi v s dnh sn.Mt ty chn DHCP s lm tng thm cc chc nng cho h thng mng. Cc ty chn DHCP cho php bn thm d liu cu hnh IP cc client.
5. Mt s ty chn chung ca DHCP:

Router (Default Gateway): a ch ca bt c cng ra mc nh (default gateway) hay b nh tuyn (router) no.
Ngnh : Mng My Tnh
55
DNS Domain Name: Tn min DNS xc nh min m my khch s ph thuc. My khch c th s dng thng tin ny d cp nht thng tin ln my ch DNS cc my tnh khc c th tm thy n. DNS Servers: a ch ca bt c my ch DNS no m my khch c th s dng trong qu trnh truyn thng WINS Servers: a ch ca bt c my ch WINS no m my khch c th s dng trong qu trnh truyn thng WINS Node Type: L mt kiu phng thc phn gii tn NetBIOS m cc my khch (Client) c th s dng.
V.
CU HNH DHCP DHCP Relay Agent: 1. DHCP relay agent l g?

DHCP relay agent l mt my tnh hoc mt Router c cu hnh lng nghe cc thng ip qung b DHCP/BOOTP t DHCP client, chuyn tip cc thng ip qung b t mt giao tip ny n giao tip khc. v hng chng ti mt hoc nhiu my ch DHCP c th.
2. Ti sao phi s dng DHCP relay agent:

V: DHCP clients s dng mt a ch qung b (broadcast) bo mt vic thu mt a ch IP t DFHCP server. Mt Router thong thng khng th thng qua mt broadcast tr khi n c cu hnh ring bit. - Tit kim c s a ch IP tht ( Public IP) - Ph hp vi cc my tnh thng xuyn di chuyn gia cc lp mng. - Kt hp vi h thng mng khng dy ( Wireless) cung cp ti cc im Hotspot nh: nh ga, sn bay, khch sn, trng hc. - Thun tin cho vic b xung cc thit b mi vo lp mng.
VI.
Phng thc hot ng ca dch v DHCP:
Dch v DHCP hot ng theo m hnh Client / Server. Theo qu trnh tng tc gia DHCP client v server s din ra theo cc bc sau. Bc 1: Khi my Client khi ng, my s gi broadcast gi tin DHCP DISCOVER, yu cu mt Server phc v mnh. Gi tin ny cng cha a ch MAC ca client. Nu client khng lin lc c vi DHCP Server th sau 4 ln truy vn khng thnh cng n s t ng pht sinh ra 1 a ch IP ring cho chnh mnh nm trong dy 169.254.0.0 n 169.254.255.255 dng lin lc tm thi. V client vn duy tr vic pht tn hiu Broad cast sau mi 5 pht xin cp IP t DHCP Server. Bc 2: Cc my Server trn mng khi nhn c yu cu . Nu cn kh nng cung cp a ch IP, u gi li cho my Client mt gi tin DHCP OFFER, ngh cho thu mt a ch IP trong mt khong thi gian nht nh, km theo l mt Subnet Mask v a ch ca Server. Server s khng cp pht ia ch IP va ngh cho client thu trng sut thi gian thng thuyt.
Ngnh : Mng My Tnh
56
Bc 3:My Client s la chn mt trong nhng li n ngh ( DHCPOFFER) v gi broadcast li gi tin DHCPREQUEST v chp nhn li ngh . iu ny cho php cc li ngh khng c chp nhn s c cc Server rt li v dng cp pht cho cc Client khc. Bc 4: My Server c Client chp nhn s gi ngc li mt gi tin DHCP ACK nh mt li xc nhn, cho bit a ch IP , Subnet Mask v thi hn cho s dng s chnh thc c p dng. Ngoi ra server cn gi km nhng thng tin b xung nh a ch Gateway mc nh, a ch DNS Server...
Ngnh : Mng My Tnh
57
PHN THC HNH
Ngnh : Mng My Tnh
58
Ngnh : Mng My Tnh
59
PHN 1 : LDAP V SAMPA PDC SERVER

I. Chun b :
Ci ubuntu server 10.04 32bit hay 64bit t a ch IP tnh v my c th kt ni internet. Update ubuntu server bng lnh sau : apt-get update apt-get dist-upgrade reboot.
II.
Ci t v cu hnh LDAP v SAMBA server.

Bc 1: m 1 terminal v ly quyn root bng lnh sudo su va nh password ca h thng
Bc 2 : install LDAP server bng lnh apt-get install slapd ldap-utils
Bc 3 : ta add cc schema cn thit cho LDAP bng cc lnh sau :

ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
Ngnh : Mng My Tnh
60
Bc 4 : ta to 1 file backend.hosen.net.ldif nh sau :
Ngnh : Mng My Tnh
61
Bc 5 : bc ny ta s thc hin add file ldif va mi to trn vo h thng LDAP bng lnh sau :
ldapadd -Y EXTERNAL -H ldapi:/// -f backend.example.com.ldif
Bc 6: ci t SAMVA v cc gi cn thit bng lnh sau :
Ngnh : Mng My Tnh
62
apt-get install samba samba-doc libpam-smbpass smbclient smbldap-tools
Bc 7 : cu hnh SAMBA. Ta cu hnh file /etc/samba/smb.conf nh sau :

[global] workgroup = VT071A netbios name = PDC-SAMBA obey pam restrictions = Yes passdb backend = ldapsam:ldap://localhost pam password change = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 server signing = auto server schannel = Auto printcap name = cups add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon script = allusers.bat logon path = logon home = domain logons = Yes os level = 35 domain master = Yes Khoa Khoa Hc Cng Ngh Ngnh : Mng My Tnh
63
dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=hoasen,dc=local ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers unix password sync = no ldap passwd sync = yes ldap suffix = dc=hoasen,dc=local ldap ssl = no ldap user suffix = ou=Users panic action = /usr/share/samba/panic-action %d [homes] comment = Home Directories valid users = %S read only = No browseable = No browsable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon admin users = root guest ok = Yes browseable = No browsable = No [Profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes browseable = No browsable = No [printers] comment = All Printers path = /var/spool/samba admin users = root write list = root read only = No create mask = 0600 guest ok = Yes printable = Yes use client driver = Yes browseable = No browsable = No [print$] comment = Printer Drivers Share path = /var/lib/samba/printers admin users = root write list = root create mask = 0664 directory mask = 0775 Khoa Khoa Hc Cng Ngh Ngnh : Mng My Tnh
64
[shared] path = /var/lib/samba/shared read only = No guest ok = Yes
lu : phn cu hnh trn ta nn quan tm mt s bin quan trong sau :

workgroup = VT071A netbios name = PDC-SAMBA passdb backend = ldapsam:ldap://localhost ldap admin dn = cn=admin,dc=hoasen,dc=local ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers unix password sync = no ldap passwd sync = yes ldap suffix = dc=hoasen,dc=local
y l nhng khai bo SAMBA c th hot ng vi LDAP Bc 8: tao to password cho user ca samba bng lnh smbpasswd bn nn to password ging bc 4
Bc 9: restart samba bng lnh service
smbd restart .
Bc 10 : kim tra xem SAMBA c hot ng hay khng, ta dng lnh sau y, nu c hi password th ch nhn Enter. bc kim tra ny th out phi ging nh hnh bn di nu khng th SAMBA cu hnh sai.
smbclient -L localhost
Ngnh : Mng My Tnh
65
Bc 11 : bc ny ta to cc th mc cho samba hot ng cng nh gii nn file samba.schema
Bc 12 : to file schema_convert.conf tao file ldif add schema samba vo h thng ca LDAP bng lnh nano schema_convert.conf
File schema_convert.conf c ni dung nh sau : include /etc/ldap/schema/core.schema include /etc/ldap/schema/collective.schema include /etc/ldap/schema/corba.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/duaconf.schema include /etc/ldap/schema/dyngroup.schema include /etc/ldap/schema/inetorgperson.schema include /etc/ldap/schema/java.schema include /etc/ldap/schema/misc.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/openldap.schema
66
include /etc/ldap/schema/ppolicy.schema include /etc/ldap/schema/samba.schema

Bc 13 : to th mc /tmp/ldif_output cha file convert

mkdir /tmp/ldif_output
Bc 14: convert file schema_convert.conf

slapcat -f schema_convert.conf -F /tmp/ldif_output -n0 -s "cn={12}samba,cn=schema,cn=config" > /tmp/cn=samba.ldif
Bc 15: edit file /tmp/cn\=samba.ldif phn u ca file bn s thy : dn: cn{12}=samba,cn=schema,cn=config cn: {12}samba i thnh : dn: cn=samba,cn=schema,cn=config cn: samba
phn cui ca file, xa phn c chn nh trong hnh sau
Ngnh : Mng My Tnh
67
Bc 16: add file ldif va mi to vo h thng LDAP.

ldapmodify -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -W -f samba_indexes.ldif
Bc 17: chng ta s kim tra LDAP xem c hot ng tt vi samba.chema c hot ng tt khng. Nu output ca dng lnh sau ging nh trong hnh th LDAP hot ng tt.
ldapsearch -Y EXTERNAL -H ldapi:/// -D cn=admin,cn=config -b cn=config -W olcDatabase={1}hdb
Ngnh : Mng My Tnh
68
Bc 18 : ta cng kim tra SAMBA c hot ng hay khng. Ta dng lnh sau. Nu output ging nh trong hnh th SAMBA hot ng tt.
net getlocalsid
Bc 19: gii nn cng c ng b ha SAMBA v LDAP

gzip -d /usr/share/doc/smbldap-tools/configure.pl.gz
Bc 20 : dng lnh sau s lm LDAP v SAMBA hot ng vi nhau. Khi chy, chng trnh s hi nhp vo thng tin cn thit, bn ch cn nh Enter. Ch c 2 trng hp bn cn in vo l : - L trng hp "Logon Home" v "Logon Path", hy in vo k t . - Khi hi v password ca master v slave LDAP server, trong trng hp ny bn in vo password bn in vo bc 4
Ngnh : Mng My Tnh
69
Bc 21: to cc groups trong LDAP server

smbldap-populate
Ngnh : Mng My Tnh
70
Bc 22 : ta thc hin cc lnh sau hon tt vic cu hnh

/etc/init.d/slapd stop slapindex chown openldap:openldap /var/lib/ldap/*
/etc/init.d/slapd start
Bc 23 : dng lnh sau to user root thnh Domain administrator

smbldap-groupmod -m 'root' 'Administrators'
Bc 24: cu hnh authentication vi LDAP v SAMBA Ta dng dng lnh sau :

apt-get --yes install ldap-auth-client
chng trnh s hi nhng thng tin cn thit nh cc hnh bn di :

71
nh Enter
nh Enter
in vo dn ca LDAP server, ri ok
72
Chn version 3
nh vo DN admin ca LDAP server LDAP
Ngnh : Mng My Tnh
73
nh Enter.
in vo Password ca dn admin ca LDAP server. Lu : nu mun cu hnh li nhng thng tin trn ta dng lnh sau :
dpkg-reconfigure ldap-auth-config
Bc 25 : thc hin dng lnh sau.

auth-client-config -t nss -p lac_ldap
Bc 26: dng lnh sau bt chc nng authentication Unix,LDAP,SAMBA

pam-auth-update ldap
Chn ok
Ngnh : Mng My Tnh
74
Bn chn tt c cc mc nh trong hnh. Bc 27: nh vy ta hon thnh cu hnh SAMBA PDC kt hp vi LDAP Ta reboot h thng hon thnh cu hnh.
III.
Cu hnh client Winodws Xp v Windows 7 vo h thng SAMBA: 1. To user trn SAM PDC :
Ta to 1 user test trn server l : username : user1 , password =123456 Ta dng lnh sau : smbldap-useradd a m P user1
Ta to 1 user adminpdc thuc nhm domain administrator khi join domain my client ta nh username v password. iu ny tng tnh bo mt ca h thng. Ta dng cc dng lnh nh tronh hnh sau:
Ngnh : Mng My Tnh
75
2. Join windows Xp SP2 :

join windows XP vo SAMBA Domain cn cc cu hnh sau : - Chnh Registry sau : [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\Netlogon\Par ameters] "requirestrongkey"=dword:00000000 "requiresignorseal"=dword:00000000
Trong Group policy , enable policy l Donot check for user ownership of Roaming profile folders
Ngnh : Mng My Tnh
76
Nh vy ta c th join domain cho windows XP
Reboot h thng kim tra.
Ngnh : Mng My Tnh
77
3. Join Windows 7 :
joing windows 7 vo h thng SAMBA ta cn cu hnh nh sau : Trong Windows 7 Registry ta to thm 2 gi tr sau :
HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0
ng thi ta cng phi m bo cc parameter c gi tr sau:

HKLM\System\CCS\Services\Netlogon\Parameters DWORD RequireSignOrSeal = 1 DWORD RequireStrongKey = 1
Nh vy ta c th join windows 7 vo SAMBA Domain
Ngnh : Mng My Tnh
78
Ngnh : Mng My Tnh
79
PHN 2 : MAIL SERVER V DNS SERVER

xy dng mt Mail Server ta c th chn cc phn mm thnh phn khc nhau hp thnh . y chng ta s dng cc phn mm thng dng v d cu hnh nh : Postfix , Dovecot. ng thi cn mt s chi tit cn gii thiu nh : Mail server xy dng trn virtual mailbox v mail location l maildir v trc ht mun mailserver hot ng th domain ca server phi c 1 MX record .
I.
Ci t v cu hnh DNS: 1. Ci t :
Ta dng lnh sau ci t DNS server (BIND9) apt-get install bind9
2. Cu hnh DNS server :

Ta cu hnh file /etc/bind/name.conf.local khai bo cc zone c ni dung nh sau :
zone "hoasen.net" { type master; file "/etc/bind/db.hoasen.net"; }; zone "193.168.192.in-addr.arpa" { type master; notify no; file "/etc/bind/db.192"; };
Ngnh : Mng My Tnh
80
V ta hai file nh khai bo trn vi ni dung nh 2 hnh di : File /etc/bind/db.hoasen.net
Ngnh : Mng My Tnh
81
File /etc/bind/db.192
Nh vy ta cu hnh xong DNS server , ta restart server hot ng.
II.
Ci t v cu hnh Mail server vi Postfix v Dovecot : 1. Ci t :

ci t postfix bng lnh sau , trong qu trnh ci t postfix s hi mt s thng tin ca email server. Sau khai ci t postfix xong, Postfix hot ng c vi LDAP th chng ta phi ci thm gi post-ldap. Ta thc hin ci t bng lnh sau : apt-get install postfix-ldap
Ngnh : Mng My Tnh
82
K tip ta ci t Dovecot ( Dovecot ng vai tr l IMAP/POP3 server, MDA, v cng l 1 authentication server cho mail server )
ng thi ta cng c th cu hnh Postfix v Dovecot dng SASL bng cch ci gi dovecot-posfix.
Ngnh : Mng My Tnh
83
2. Cu hnh :
cu hnh mail vi postfix ta c 2 file cu hnh quan trng l /etc/postfix/main.cf v /etc/postfix/master.cf Bc 1 : to virtual user vi user name l vmail thuc group vmail vi th mc home l /home/vmail cng l th mc cha email ca tt c cc user. Ta thc hin cc dng lnh sau vi quyn root : groupadd g 5000 vmail useradd g vmail u 5000 vmail d /home/vmail m Hai dng lnh trn l to group vmail vi gid l 5000, to user vmail vi uid l 5000 v home directory l /home/vmail Dng lnh sau kim tra gid v uid ca vmail trong file /etc/passwd cat /etc/passwd | grep vmail Out ca cc dng lnh trn s ging nh trong hnh sau
Bc 2 : cu hnh Postfix , cu hnh mail vi postfix ta c 2 file cu hnh quan trng l /etc/postfix/main.cf v /etc/postfix/master.cf Cu hnh file main.cf ging on text di y : (lu : nhng s u dng l dng nh du v d gii thch, khng c nm trong file cu hnh )
1 2 3 4 5 6 7 8 9 10 11 alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix debug_peer_level = 5 debug_peer_list = 127.0.0.1 home_mailbox = Maildir/ inet_interfaces = all mailbox_size_limit = 0
Ngnh : Mng My Tnh
84

12 13 14 15 16 17 18 19 20
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41
42 Gii thch : - Dng 9: cu hnh cho postfix s dng mailbox format l Maildir. - Dng 12: y l cu hnh quan trng, v chng ta mun s dng virtual mailbox nn y ta phi gi tr l localhost, v khng bao gi c t tn domain ( domain m bn mun s dng virtual mailbox ) vo trong dng ny. - Dng 18,34: dng ny cu hnh cho postfix s dng TLS trong qu trnh gi nhn mail. - Dng 21 26 : cu hnh postfix s dng SASL l c ch chng thc, v qun l SASL l Dovecot.
myhostname = localhost mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key smtpd_tls_mandatory_ciphers = medium smtpd_tls_mandatory_protocols = SSLv3, TLSv1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes tls_random_source = dev:/dev/urandom virtual_gid_maps = static:5000 virtual_mailbox_base = /home/vmail virtual_mailbox_domains = /etc/postfix/vhosts virtual_mailbox_maps = ldap:/etc/postfix/ldapmap.cf virtual_minimum_uid = 1000 virtual_transport = dovecot virtual_uid_maps = static:5000
85
Dng 2733 : cu hnh ca TLS trn postfix, ng dn ca cc file key v cert. - Dng 37 : ch ra th mc s cha tt c email ca server - Dng 38 : l dng cha thng tin cc domain c server qun l, v chp nhn gi v nhn mail, bn c th in trc tip, hay c th dng 1 file nh trong bi lab, ni dung file /etc/postfix/vhost s c trnh by bn di. - Dng 39: y l dng cu hnh postfix truy vn thng tin vi ldap server. Ni dung file ldapmap.cf s c trnh by bn di. thng tin c tr v l ni lu tr email cua mi user. - Dng 41: cu hnh postfix dng dovecot nh 1 MDA ( thay the cho virtual MDA ) - Dng 36 v 42 : y l dng khai bo uid , gid ca virtual user m ta to trn, dng cung cp quyn ghi v c trn th mc /home/vmail. Ni dung ca file /etc/postfix/vhosts : hoasen.net vt071A.net (bn tip tc lit k nhng domain m bn mun gi v nhn mail ) Ni dung file /etc/postfix/ldapmap.cf:
bind = no version = 3 timeout = 20 debuglevel = 0 size_limit = 1 expansion_limit = 0 start_tls = no tls_require_cert = no server_host = ldap://192.168.193.10 scope = sub search_base = dc=hoasen, dc=local query_filter = (|(mail=%s)(mailAlternateAddress=%s)) result_attribute = mailMessageStore
Bc 3: cu hnh Dovecot , ta c 2 file cu hnh quan trng l /etc/dovecot/dovecot.conf v /etc/dovecot/dovecot-ldap.conf Ta cu hnh file /etc/dovecot/dovecot.conf nh on text sau : (lu : nhng s u dng l dng nh du v d gii thch, khng c nm trong file cu hnh )
1 2 3 4 5 6 7 8 base_dir = /var/run/dovecot protocols = imap imaps pop3 pop3s log_path = /var/log/dovecot info_log_path = /var/log/dovecot.info log_timestamp = "%Y-%m-%d %H:%M:%S " ssl = yes ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem
Ngnh : Mng My Tnh
86

9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
ssl_parameters_regenerate = 168 verbose_ssl = yes login_dir = /var/run/dovecot/login login_chroot = yes login_user = dovecot mail_location = maildir:/home/vmail/%d/%n/Maildir mail_privileged_group = mail valid_chroot_dirs = /home/vmail maildir_copy_with_hardlinks = yes protocol imap { login_executable = /usr/lib/dovecot/imap-login mail_executable = /usr/lib/dovecot/imap } protocol pop3 { login_executable = /usr/lib/dovecot/pop3-login mail_executable = /usr/lib/dovecot/pop3 pop3_uidl_format = %08Xu%08Xv pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol managesieve { } protocol lda { postmaster_address = info@hoasen.net auth_socket_path = /var/run/dovecot/auth-master } auth_verbose = yes auth default { mechanisms = plain login passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb prefetch { } socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail group = vmail } client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } } dict { }
Ngnh : Mng My Tnh
87

59 60 plugin { }
Gii thch : - Dng 2 : khai bo cc protocol m dovecot mun h tr - Dng 610: khai bo cc cu hnh Dovecot s dng TLS - Dng 14: cu hnh mail location, vi format mailbox l maildir. Trong ta thy c hai bin %d ,v %n . vi %d l domain name v %n l phn tn trong a ch email. Vd : user1@hoasen.net th %n=user1 Nh vy vi khai bo trn user1@hoasen.net s c th mc lu tr email nh sau : /home/vmail/hoasen.net/user/Maildir - Dng 1824 : cu hnh cho protocal IMAP v POP3, khai bo cc on script to th mc cho user khi ng nhp thnh cng. - Dng 30,31,32 : cu hnh dovecot MDA - Dng 36 : khai bo c ch s dng chng thc password. - Dng 3741 : cu hnh password databases v user databases l ldap server cha thng tin chng thc. file dovecot-ldap.conf s c trnh by bn di. - Dng 4254: cu hnh postfix chng thc SASL. Ta cu hnh file /etc/dovecot/dovecot-ldap.conf chi tit nh sau:
1 2 3 4 5 6 7 8 9 10 hosts = 192.168.193.10 auth_bind = yes auth_bind_userdn = uid=%n,ou=Users,dc=hoasen,dc=local ldap_version = 3 base = ou=Users,dc=hoasen,dc=local scope = subtree user_attrs = ,=home=/home/vmail/%d/%n,=uid=5000,=gid=5000 user_filter = (&(objectClass=*)(mail=%u)) pass_attrs = mail=user,userPassword=password pass_filter = (&(objectClass=*)(mail=%u)) default_pass_scheme = CRYPT
11 Gii thch : - Dng 1 : ch ra a ch IP ca LDAP server - Dng 2 : bt ch dng c ch Authentication Bind . - Dng 3 : nh r dn bind vi LDAP server - Dng 7 : v ta dng static user nn ta nh sn gi tr cho cc attribute Bc 4: ta restart cc server service postfix restart service dovecot restart Bc 5 : thm quyn ghi cho postfix trn cc file log ca dovecot ( c 2 file l /var/log/dovecot v /var/log/dovecot.info ) chmod 666 /var/log/dovecot chmod 666 /var/log/dovecot.info Bc 6: ta c th test postfix v dovecot bng cch telnet vo servr nh hnh bn di.
88
telnet mail.hoasen.net pop3
telnet mail.hoasen.net 25
Ngnh : Mng My Tnh
89
PHn 4: FTP V FIREWALL

I. FTP : 1. Gii thiu :
FTP (File Transfer Protocol) l mt protocol trong m hnh TCP/IP c dng truyn cc file gia cc my. FTP cho php truyn nhn file v qun l trc tuyn. FTP khng cho php truy xut mt my khc thc thi chng trnh, nhng n rt tin li cho vic thao tc vi file. s dng FTP th cc my kt ni phi chy cc chng trnh c h tr cc dch v v FTP. Client gi n server v thit lp FTP thng qua mt tp cc lnh bt tay. Thng thng kt ni n cc my khc qua FTP chng ta phi l mt user c cung cp user name v password log in vo my cn truy xut. Bi v mt h thng khng th cung cp nhiu logins cho tt c cc user mun truy xut n n nn nhiu h thng s dng cc FTP mc nh. FTP mc nh cho php bt k my no cng c th login vo h thng vi user name l ftp, guest hoc mt tn mc nh no v khng cn password hay user name ca my ny.
2. Ci t :
Trong phn ny ta s dng proftpd lm server. Ta dng lnh apt-get install proftpd di quyn root ci t.
Ngnh : Mng My Tnh
90
Chng trnh s hi ch m server s dng, bn chn stand alone
3. Cu hnh Proftpd vi LDAP :

Ta cn cu hnh 2 file sau /etc/proftpd/proftpd.conf v /etc/proftpd/ldap.conf . Trc tin ta cu hnh file proftpd.conf c ni dng nh on text sau:
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 Include /etc/proftpd/modules.conf UseIPv6 off ServerName "hoasen" ServerType standalone ServerIdent on "hoasen-lotus" DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 ListOptions "-l" DenyFilter \*.*/ DefaultRoot /home/ftp DefaultChDir ftp RequireValidShell off Port 21 MaxInstances 30 IdentLookups off UseReverseDNS off User proftpd Group nogroup
Ngnh : Mng My Tnh
91

35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
57
Umask 022 022 AllowOverwrite on PersistentPasswd off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log Include /etc/proftpd/ldap.conf <Directory /*> AllowOverwrite on </Directory> <Directory /home/ftp/public> <Limit ALL> AllowAll </Limit> </Directory> <Directory /home/ftp/user1> <Limit LOGIN> AllowUser user1 </Limit> Umask 000 <Limit DIRS READ WRITE> AllowAll </Limit> </Directory>
Gii thch: Trong cu hnh trn ta cn lu cc khai bo nh sau: - Dng 26,27 : khai bo th mc cha ca ftpserver. - Dong 37,40: phi bo m c dng ny trong file cu hnh nu chng ta mun s dng chng thc qua LDAP. - Dng 4157 : ta cu hnh cc th mc c chia s trong ftp server. Ta tip tc cu hnh file ldap.conf nh sau :
1. 2. 3. LDAPServer localhost LDAPDNInfo "cn=admin,dc=hoasen,dc=local" "pwd123" LDAPDoAuth on "ou=Users,dc=hoasen,dc=local
Gii thch: Ta khai bo cc thng tin cn thit ftp server c th giao tip vi LDAP server - Dng 1: khai bo ni cha LDAP server. - Dng 2 : khai bo user v password. - Dng 3 : khai bo ni tm kim user trn LDAP.
II.
FIREWALL: 1. Gii thiu :

Iptables trong ubuntu khng phi l 1 server v c tch hp sn trong kernel ca ubutu nn ta khng cn thc hin ci t.
2. Cu hnh NAT :
Trc khi cu hnh NAT, ta nn cu hnh a ch IP tnh ch cc interface
Bc 1: ta thc hin dng lnh sau: sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward" - dng lnh trn s gn gi tr 1 trong file ip_forward, cho php chuyn tip cc gi trong cc interface ca h thng.
92
Bc 2 : ta edit file /etc/sysctl.conf v chuyn cc dng sau : net.ipv4.ip_forward=1 - iu ny gip cho gi tr ca file ip_forward trong bc lun c gi tr bng 1 khi h thng khi ng. bc 3: ta cu hnh NAT bng cc dng lnh sau : lu : h thng c 2 interface nh sau : INTERNET eth1 eth2 internal network
iptables -A FORWARD -o eth1 -i eth2 -s 192.168.193.0/24 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE
Bc 4: v iptables s b xa ht sau khi h thng khi ng li nn ta phi s dng mt scripts c th phc hi cu hnh ca iptales. Ta thc hin nh sau : To 1 file trong /opt/iptable.script vi cc dng lnh sau:
#!/bin/bash iptables -F iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP iptables -A FORWARD -o eth1 -i eth2 -s 192.168.193.0/24 -m conntrack --ctstate NEW -j ACCEPT iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -A POSTROUTING -t nat -j MASQUERADE
Sau khi to xong bn nn chmod c th chy c file script:

chmod 755 /opt/iptable.script
Ta to thm 1 file /etc/init.d/firewall vi ni dung sau

#!/bin/bash if [[ $1 == start ]] ; then sudo /opt/iptable.script else sudo iptables -F fi
Ta dng lnh chmod nh trn c th chy c file

chmod 755 /etc/init.d/firewall
Ta dng lnh sau c th to script start/stop firewall

cd /etc/
update-rc.d firewall start 20 2 3 4 5 . stop 99 0 1 6 .
Ngnh : Mng My Tnh
93
3. NAT inbound cho web server :

ngi dng bn ngoi c th truy cp n web server ta cu hnh iptables nh sau :
iptables -t nat -A PREROUTING -d 192.168.0.110 -i eth1 -p tcp m tcp --dport 80 -j DNAT --to-destination 192.168.193.12:80
dng lnh trn c ngha l tt c kt ni no c a ch ch l 192.168.0.110 n t interface mt ngoi ca firewall vi protocol la TCP v port ch l 80 th s nat vo cho a ch 192.168.193.12(a ch web server ) vi port 80. Nu mun lu cu hnh ny bn nn lm li bc 4 trong mc 2 pha trn.
Ngnh : Mng My Tnh
94
PHN 5: WEB SERVER

1. Ci t :
Ta dng lnh sau ci t sudo apt-get install apache2-doc
2.Cu hnh APACHE vi LDAP : ta cu hnh file /etc/apache/apache.config
Ngnh : Mng My Tnh
95
Ti cui file ny ta comment dng Include /etc/apache2/sites-enabled/ thnh #Include /etc/apache2/sites-enabled/ Cng trong file ny ta thm vo nhng dng sau y.
DocumentRoot /home/vanhieugdpt ServerName www.hoasen.net <Directory /home/vanhieugdpt> Order deny,allow Allow from all </Directory>
Ta save li v restart apache bng lnh

Service apache2 restart
Lc ny ta kim tra th vo trang www.hoasen.net khng cn chng thc user!
Ngnh : Mng My Tnh
96
Ba6ygio72 ta s cu hnh Apache chng thc thng qua LDAP. Trong file /etc/apache2/apache.conf ta cu hnh nh sau :
DocumentRoot /home/vanhieugdpt ServerName www.hoasen.net <Directory /home/vanhieugdpt> Order deny,allow Allow from all AuthType basic AuthName "vanhieugdpt" AuthzLDAPAuthoritative Off AuthBasicProvider ldap AuthLDAPURL ldap://dc.hoasen.net:389/ou=Users,dc=hoasen,dc=local?uid?on e?(objectClass=person) Require ldap-user user1 user2 </Directory>
on cu hnh trn s yu cu chng thc khi vo trang web www.hoasen.net vi user c trn server LDAP Ta restart apache thy c hiu qu!
Ngnh : Mng My Tnh
97
Ngnh : Mng My Tnh
98
PHN 6 : CU HNH DHCP

I. Chun b cc thng tin :
- ethernet device : eth0 - Ip range : 192.168.193.100 192.168.193.200 - Subnet address : 192.168.193.0 - Netmask : 255.255.255.0 - DNS server 192.168.193.11 - Domain : hoasen.net - Default Gateway Address : 192.168193.11 - Broadcast Address : 192.168.193.255
II. III.
Ci t DHCP Server : Cu hnh file /etc/default/dhcp3-server
sudo apt-get install dhcp3-server sudo gedit /etc/default/dhcp3-server Tm dng INTERFACES= v thay bng INTERFACES=eth0
Ngnh : Mng My Tnh
99
Save li v thot.
IV.
Cu hnh file pool:
- M file /etc/dhcp3/dhcpd.conf - Tm n dng 16. C on thng tin sau :

#option definitions common to all supported networks... option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; default-lease-time 600; max-lease-time 7200;
Sa thnh :
Ngnh : Mng My Tnh
100
-Tip tc, tm n dng 53. C on nh sau :

# A slightly different configuration for an internal subnet. #subnet 10.5.5.0 netmask 255.255.255.224 { # range 10.5.5.26 10.5.5.30; # option domain-name-servers ns1.internal.example.org; # option domain-name "internal.example.org"; # option routers 10.5.5.1; # option broadcast-address 10.5.5.31; # default-lease-time 600; # max-lease-time 7200; #} Sa thnh :
Ngnh : Mng My Tnh
101
V.
Khi ng li dch v DHCP Server:
sudo /etc/init.d/dhcp3-server restart
Ngnh : Mng My Tnh
102
VI.
My Client (XP, Ubuntu) thu IP.

1. 2. My XP : Vo run, g cmd. g ipconfig /release v ipconfig /renew g li ipconfig kim tra IP ca Client c ng trong range cp khng. XP : Terminal, g ifconfig kim tra.
Ngnh : Mng My Tnh

07 Xaydunghethongmangubuntu

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

07 Xaydunghethongmangubuntu

Uploaded by

Copyright:

Available Formats

1

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

PHN CNG TRONG NHM

Chu trch nhim

Thc hnh cu hnh DNS, WEB server

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Tng qut v LDAP :

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

CU TRC LDAP : 1. Cu Trc Cy Th Mc Trong H iu Hnh dng Unix

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Hnh nh th him s lin quan gia Entry v Attribute

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

8. LDAP l mt giao thc hng thng ip

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr

Hnh nh cc thng ip c x l ng thi ca LDAP

Khoa Khoa Hc Cng Ngh

Ngnh : Mng My Tnh

XY DNG H THNG MNG UBUNTU

Ging vin hng dn: Lu Thanh Tr