Upgrading To Novell Certified Linux Professional 11 Workbook

Novell Training Services (en) 15 April 2009
Upgrading to Novell Certified Linux

Professional 11
Workbook
3100
Novell Training Services www.novell.com
AU THO RIZED CO UR SEWARE
Novell, Inc. Copyright 2009-1 HARDCOPY PERMITTED. NO OTHER PRINTING, COPYING, OR DISTRIBUTION ALLOWED.
Legal Notices
Novell, Inc., makes no representations or warranties with respect to the contents
or use of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
Novell, Inc., reserves the right to revise this publication and to make changes to
its content, at any time, without obligation to notify any person or entity of such
revisions or changes.
Further, Novell, Inc., makes no representations or warranties with respect to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, Novell, Inc.,
reserves the right to make changes to any and all parts of Novell software, at any
time, without any obligation to notify any person or entity of such changes.
Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You agree to
comply with all export control regulations and to obtain any required licenses or
classification to export, re-export or import deliverables. You agree not to export
or re-export to entities on the current U.S. export exclusion lists or to any
embargoed or terrorist countries as specified in the U.S. export laws. You agree
to not use deliverables for prohibited nuclear, missile, or chemical biological
weaponry end uses. See the Novell International Trade Services Web page (http:/
/www.novell.com/info/exports/) for more information on exporting Novell
software. Novell assumes no responsibility for your failure to obtain any
necessary export approvals.
Copyright © 2008 Novell, Inc. All rights reserved. No part of this publication
may be reproduced, photocopied, stored on a retrieval system, or transmitted
without the express written consent of the publisher.
Novell, Inc., has intellectual property rights relating to technology embodied in
the product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the U.S.
patents listed on the Novell Legal Patents Web page (http://www.novell.com/
company/legal/patents/) and one or more additional patents or pending patent
applications in the U.S. and in other countries.
Novell, Inc.
404 Wyman Street, Suite 500
Waltham, MA 02451
U.S.A.
www.novell.com
Online Documentation: To access the latest online documentation for

this and other Novell products, see the Novell Documentation Web
page (http://www.novell.com/documentation).
Novell Trademarks
For Novell trademarks, see the Novell Trademark and Service Mark list (http://
www.novell.com/company/legal/trademarks/tmlist.html).
Third-Party Materials
All third-party trademarks are the property of their respective owners.
Contents
Introduction 5
SECTION 1 Manage Software for SUSE Linux Enterprise 11 7
Exercise 1-1 Manage Software with zypper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Task I: Add an Installation Source and Alias with zypper . . . . . . . . . . . . . . . . . . . . 8
Task II: Remove an Installation Source with zypper . . . . . . . . . . . . . . . . . . . . . . . . 8
Task III: Remove a Software Package with zypper . . . . . . . . . . . . . . . . . . . . . . . . . 8
SECTION 2 Manage Hardware 9
Exercise 2-1 Modify udev Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
SECTION 3 Configure NFS (Network File System) 13
Exercise 3-1 Set Up and Manage Network File System (NFS). . . . . . . . . . . . . . . . . . . . . . . . . . 14

Detailed Steps to Complete the Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
SECTION 4 Configure and Use OpenLDAP 19
Exercise 4-1 Configure OpenLDAP on SLES 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

SECTION 5 Configure and Use Samba 33
Exercise 5-1 Create a Basic Samba Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

Exercise 5-2 Configure Samba to Use LDAP Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Exercise 5-3 Work with Samba Shares . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
SECTION 6 Internet Protocol Version 6 (IPv6) 41
Exercise 6-1 Configure IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

Detailed Steps to Complete this Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
SECTION 7 Deploy SUSE Linux Enterprise 11 45
Exercise 7-1 Set Up an Installation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Exercise 7-2 Set Up PXE Boot for installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Exercise 7-3 Create an AutoYaST Control File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Detailed Steps to Complete This Exercise:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Exercise 7-4 Activate PXE Booting and Install SUSE Linux Enterprise Server . . . . . . . . . . . . 56
Version 1 Copying all or part of this manual, or distributing such copies, is strictly prohibited. 3
To report suspected copying, please call 1-800-PIRATES.
Upgrading to Novell Certified Linux Professional 11 / Workbook
Detailed Steps to Complete This Exercise: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
SECTION 8 Manage Virtualization with Xen 59
Exercise 8-1 Install a Xen Server and an Unprivileged Doman. . . . . . . . . . . . . . . . . . . . . . . . . . 60

Exercise 8-2 Change Memory Allocation of a Guest Domain. . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Exercise 8-3 Automate Domain Startup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Exercise 8-4 Check the Network Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4 Copying all or part of this manual, or distributing such copies, is strictly prohibited. Version 1
Introduction
Introduction
This workbook is designed to help you practice the skills associated with Upgrading
To Novell Certified Linux Professional 11 (course 3100) objectives.
These skills prepare a Novell Certified Linux Professional 10 to take the Novell®
Certified Linux® Professional 11 (Novell CLP11) certification practicum test.
NOTE: Instructions for setting up a self-study environment are in the directory Setup on the Course
DVD.
Before starting the exercises in this workbook, you need to review the following:
 “Course Scenario” on page 5
 “Exercise Conventions” on page 5
Course Scenario
The exercises in this course center around the fictional Digital Airlines Company that
has offices at various airports around the globe.
The Digital Airlines management has made the decision to migrate several back-end
services to Linux servers running SUSE Linux Enterprise Server 11.
You have already installed SUSE Linux Enterprise Server 10 before and are familiar
with administering SUSE Linux Enterprise Server 10. You need to become familiar
with SUSE Linux Enterprise Server 11 and SUSE Linux Enterprise Desktop 11
The migration plan includes the following:
 Providing software and patch management
 Providing basic networking services as well as file and print services
 Introducing IPv6
 Installing of desktops and servers using AutoYaST
 Virtualizing with Xen
Your task is to set up a test server in the lab to enhance your skills in these areas.
Exercise Conventions
When working through an exercise, you will see conventions that indicate
information you need to enter that is specific to your server.
The following describes the most common conventions:

 italicized text: This is refers to your unique situation, such as the hostname of
your server.
For example, supposing the hostname of your server is da50 and you see the
following
hostname.digitalairlines.com
You would enter
da50.digitalairlines.com
 172.17.8.xx: This is the IP address that is assigned to your SUSE Linux
Enterprise Server 11.
For example, supposing your IP address is 172.17.8.50 and you see the following
172.17.8.xx
You would enter
172.17.8.50
 Select: The word select is used in exercise steps with reference to menus where
you can choose between different entries, such as drop-down menus.
 Enter and Type: The words enter and type have distinct meanings.
The word enter means to type text in a field or at a command line and press the
Enter key when necessary. The word type means to type text without pressing the
Enter key.
If you are directed to type a value, make sure you do not press the Enter key or
you might activate a process that you are not ready to start.
Manage Software for SUSE Linux Enterprise 11
SECTION 1 Manage Software for SUSE Linux Enterprise

11
In this section of the workbook, you learn how to do the following:

1. “Manage Software with zypper” on page 8
Exercise 1-1 Manage Software with zypper

In this exercise, you practice adding and removing software repositories with the
zypper command.
This exercise is performed on da-host.
Task I: Add an Installation Source and Alias with zypper

1. Log in as geeko on the da-host machine.
2. Open a terminal window and enter su - to switch to the root account.
3. List your existing installation sources (repositories) by entering the following
command at the command line:
zypper sl
4. Add the new installation source with an alias by entering the following
command:
zypper ar http://172.17.8.101/suse repo1
5. List your installation sources again by entering
zypper sl
You should now see the new installation repository.
Task II: Remove an Installation Source with zypper

1. To remove an installation source, enter the following command at the command
line:
zypper rr repo1
2. List the installation sources again to see the change:
zypper sl
Task III: Remove a Software Package with zypper

1. Check the status of the package joe using the following command:
zypper info joe
2. To remove the software package joe, enter the following command:
zypper remove joe
3. Check that the package has been removed by entering:
zypper info joe
(End of Exercise)
Manage Hardware
SECTION 2 Manage Hardware
In this section of the workbook, you can find the following exercises:
n “Modify udev Rules” on page 10
In this exercise, you modify a udev rule to rename your Ethernet interface.
Exercise 2-1 Modify udev Rules

In this exercise, you modify a udev rule that renames your eth0 interface to eth1.
Complete the following:
1. If necessary, power on your DA1 virtual server and log in as geeko with a
password of novell.
2. Open a terminal window and switch to the root user account by entering su -
followed by a password of novell.
3. At the shell prompt, enter cd /etc/udev/rules.d.
4. Open the 70-persistent-net.rules file in the vi editor.
5. Locate and scroll down to the line that sets the name of your network interface to
eth0.
6. Change the NAME= eth0 parameter to NAME=eth1.
7. Save your changes and exit vi.
8. Reboot your DA1 virtual server by entering init 6 at the shell prompt.
9. When the system starts to boot, press Esc so you can view your system’s boot
messages.
You should see a message indicating eth0 is being renamed to eth1 by udev, as
shown below:
Figure 2-1
Manage Hardware
You should also see a message indicating the eth1 interface has not been
configured, as shown below:
Figure 2-2
This happens because there is no configuration for eth1 in /etc/sysconfig.

10. When the system has rebooted, log in as geeko with a password of novell.
11. Open a terminal session and switch to root with the su - command and a
password of novell.
12. At the shell prompt, enter cd /etc/udev/rules.d.
13. Open the 70-persistent-net.rules file in the vi editor .
14. Change the NAME= eth1 parameter back to NAME=eth0.
15. Save your changes and exit vi.
16. Reboot your DA1 virtual server by entering init 6 at the shell prompt.
17. When the system starts to boot, press Esc so you can view your system’s boot
messages.
18. Verify that your network interface is now named eth0 and that the appropriate
network configuration parameters are applied, as shown in the following:
Figure 2-3
(End of Exercise)
Configure NFS (Network File System)
SECTION 3 Configure NFS (Network File System)
This section contains the following exercises:

n “Set Up and Manage Network File System (NFS)” on page 14
Set up and manage NFS on the server and on the client.
Exercise 3-1 Set Up and Manage Network File System (NFS)

In the first part of this exercise, you create a /export/documentation
directory, copy documents from /usr/share/doc/manual/ into it, and export
it to others using NFS.
In the second part, you create the /import/docs directory and use it as
mountpoint to import the /export/documentation directory from your own
server using NFS. Create an /etc/fstab entry to mount the directory
automatically at boot time.
In the third part, you create the /data and /export/data directories, and then
create some files in /data. Export the /export and /data directories using
NFSv4. The /export directory should be the pseudo-root directory, with the
content of /data appearing in /mountpoint/data for the clients. Mount the
exported pseudo-root directory to /mnt using NFSv4 and check if the content of /
mnt/ and /mnt/data is as expected.
In the fourth part, you configure the automounter on da-host to mount the /home
directory from the server to the /remote-home directory.
You can use the command line interface or YaST to do parts one to three. The
following step-by-step description uses YaST. The automounter configuration is done
with a text editor.
Detailed Steps to Complete the Exercise

n “Part I: Set Up an NFS Server” on page 14
n “Part II: Add a Remote File System to the NFS Client” on page 15
n “Part III: Export a File System Using NFS Version 4” on page 16
n “Part IV: Configure the automounter” on page 17
Part I: Set Up an NFS Server
On da-host, do the following:

1. Open a terminal window and su - to root (password: novell).
2. Create the /export/documentation directory by entering
mkdir -p /export/documentation
3. Copy some files into that directory using the following commands
cd /export/documentation
cp /usr/share/doc/manual/sles-admin_en-pdf/* .
4. Start the YaST NFS Server Configuration module by entering yast2
nfs_server &.
If a dialog appears that informs you that packages, such as nfs-kernel-server,
need to be installed, select Install.
A NFS Server Configuration dialog appears.
5. Select the Start button in the NFS server section of the dialog.
6. Deselect the Enable NFSv4 check box, then continue by selecting Next.
A Directories to Export dialog appears.
7. Add the /export/documentation directory to the list of directories:
a. Select Add Directory.
A dialog appears where you have to specify the directory to export.
b. Type /export/documentation, then select OK.
In case the directory does not exist, a message informs you of the fact and
asks if you want to create it. After confirmation, a dialog appears with fields
for specifying a Host Wild Card and Options.
c. Change the preset values to match the following, then select OK.
n Hosts Wild Card: *
n Options: rw,root_squash,sync,no_subtree_check (make sure you
replace “ro” with “rw”)
The directory is added to the list.
8. Save the changes to the system by selecting Finish.
9. At the terminal window, verify that the file system was exported by entering the
following:
showmount -e localhost
10. View the entry made by YaST to the file /etc/exports by entering cat /etc/
exports.
You should see the settings you entered in YaST.
Part II: Add a Remote File System to the NFS Client
This exercise uses localhost as the NFS server. This does not require a separate NFS
server. On da-host, do the following:
1. In the terminal window where you switched to the root account, create a
mountpoint named /import/docs for the remote file system to be mounted on your
server by entering the following:
mkdir -p /import/docs
2. Add a remote file system to the NFS Client Configuration.
a. Start the NFS Client Configuration from the terminal window by entering
yast2 nfs &.
Mount a remote file system by selecting the NFS Shares tab, then click
Add.
A dialog appears for adding the remote file system.
b. Specify the following, then select OK.
n NFS Server Hostname: 127.0.0.1 (this is the local host address)
n Remote Directory: /export/documentation/

n Mount Point (local): /import/docs
n NFSv4 Share: unchecked
n Options: defaults,soft
You are returned to the NFS Client Configuration dialog which now lists
the remote Directory.
3. Select the NFS Settings tab and deselect Enable NFSv4.
4. Save the changes to the system by selecting OK.
5. At the terminal window, verify that the file system is mounted by entering
mount.
You see the remote host’s directory mounted on /import/docs.
6. List the files in the mounted file system by entering
ls -l /import/docs
7. Check the entry entered by YaST in the /etc/fstab file by entering
cat /etc/fstab.
This entry ensures that the file system is mounted each time the server boots.
Part III: Export a File System Using NFS Version 4
Do the following:
1. If your da1 virtual machine is not running, start the VMware player and the da1
virtual machine.
2. Log in to da1 as geeko, open a terminal window, and su - to root (password:
novell).
3. On da1, create the /data directory and some files in it using these commands:
mkdir /data
touch /data/file{1,2,3}
4. Edit the /etc/exports file so it contains the following lines (delete any lines
that might already exist in the file first):
/export *(fsid=0,crossmnt,ro,no_subtree_check,sync)
/export/data *(ro,no_subtree_check,sync,bind=/data)
5. Save the file and close the editor
6. Make sure that NFSv4 support is turned on.
Open the /etc/sysconfig/nfs file in an editor and make sure the variable
NFS4 support is set to “yes”. If set to “no,” change it so it looks like the
following:
NFS4_SUPPORT="yes"
7. Save the file and close the editor.

8. Restart the NFS server with this command:
rcnfsserver restart
9. Check if the bind-mount is correct using these commands:
mount
ls /export/data
You should see the files you created in /data.
10. On da-host, open a terminal window, su - to root, and mount the directories
you just exported on da1 to the /mnt directory using NFSv4:
mount -t nfs4 da1.digitalairlines.com:/ /mnt
11. Using ls, check if the files from /data on the server are visible in /mnt/data on
the client.
Part IV: Configure the automounter
Do the following:
1. If your da1 virtual machine is not running, start the VMware player and the
virtual machine.
2. Log in to da1 as geeko, open a terminal window, and su - to root (password:
novell).
3. On da1, open the /etc/exports file in an editor to include the following two
lines (the first line should already exist from Part III of this exercise, and the line
starting with /export/data can remain in the file):
/export *(fsid=0,crossmnt,ro,root_squash,sync,no_subtree_check)
/export/home *(rw,root_squash,sync,no_subtree_check,bind=/home)
5. On da1, restart the NFS server with the command rcnfsserver restart.
6. On da1, make sure the NFS server is started automatically when the system boots
by entering the command chkconfig nfsserver on.
7. On da-host, open a terminal window and su - to root.
8. Open the /etc/auto.master file in an editor and make the following
changes:
n Add a comment sign (#) in front of +auto.master.
n Add the following line at the end of the file:
/remote-home /etc/auto.remote-home

10. Create the /remote-home directory with this command:
mkdir /remote-home
11. Create the new /etc/auto.remote-home file by entering
vi /etc/auto.remote-home
then add the following line to it:
* -fstype=nfs4,rw,nosuid,nodev 172.17.8.101:/home/&
13. Start the automounter with the command rcautofs start.
14. View the content of /remote-home using ls.
15. View the content of /remote-home/geeko using ls.
16. View the mounted file system using mount
17. Stop the automounter again with rcautofs stop.
(End of Exercise)
Configure and Use OpenLDAP
SECTION 4 Configure and Use OpenLDAP
This section contains the following exercise:

 “Configure OpenLDAP on SLES 11” on page 20
Install and configure OpenLDAP on your SLES 11 server.
Exercise 4-1 Configure OpenLDAP on SLES 11

In this exercise, you install and configure an LDAP server on da-host. You then
configure the LDAP client on your DA1 server and on your workstation such that
they can use either their local files or the LDAP directory for authentication.

 “Part I: Configure an LDAP Server on da-host” on page 20
 “Part II: Configure the LDAP Client on da-host” on page 25
 “Part III: Configure the LDAP Client on da1” on page 27
 “Part IV: Manage Entries in the LDAP Directory” on page 28
Part I: Configure an LDAP Server on da-host
First, you need to install and configure an LDAP directory server on da-host:
1. On da-host, start YaST and select Network Services > LDAP Server.
2. When prompted to install the openldap2 packages, select Install.
Wait while the packages are installed. When complete, an LDAP Server
Configuration, General Settings dialog appears.
3. On the General Settings screen, configure the following:
a. Under Start LDAP Server, verify that Yes is selected.
b. Select Register at an SLP Daemon.
c. If your server’s host firewall is enabled, select Open Port in Firewall.
4. Select Next.
an LDAP Server Configuration, TLS Settings dialog appears.
5. Enable encryption using TLS by doing the following:
a. Verify that Enable TLS is selected.
b. Verify that Enable LDAP Over SSL (ldaps) Interface is selected.
c. Verify that Use Common Server Certificate is selected.
NOTE: If you cannot mark Use Common Server Certificate, then this certificate wasn’t
created during installation. In this case you have to click Launch CAManagement Module
and create a CA and common server certificate.
6. Select Next.
The Basic Database Settings screen is displayed:
Figure 4-1 Configuring LDAP Database Settings
7. Configure your database settings.

a. Verify that the Database Type field is set to hdb.
b. Verify that dc=digitalairlines,dc=com has been entered for you in the Base
DN field.
c. Verify that cn=Administrator is listed in the Administrator DN field.
d. Verify that Append Base DN is marked.
e. In the Password fields, type the password novell for the Administrator user.
8. Select Next.
9. On the Summary screen, select Finish.
10. In YaST, select LDAP Server again.
11. Select Databases > dc=digitalairlines,dc=com > Password Policy

Configuration.
The following is displayed:
Figure 4-2 Configuring Password Policy Settings
12. Enable password policy settings for your LDAP server.

a. Select Enable Password Policies.
b. Select Hash Clear Text Passwords.
c. Verify that cn=Default Policy is listed in the Default Policy Object DN
field.
d. Verify that Append Base DN is selected.
e. Select Edit Policy.
f. When prompted, type a password of novell, then select OK.
g. Select the Password Aging Policies tab.

The following screen is displayed:
Figure 4-3 Configuring Password Policies
h. Specify a minimum password age of 4 hours.

i. Specify a maximum password age of 120 days.
j. In the Time before Password Expiration to Issue Warning field, specify 5
days.
k. In the Allowed Uses of an Expired Password field, enter 3.
l. Select the Lockout Policies tab.

Figure 4-4 Configuring Lockout Policies
m. Select Enable Password Locking.

n. In the Bind Failures to Lock the Password field, enter 5.
o. Specify a password lock duration of 5 minutes.
p. Specify a bind failures cache duration of 7 days.
q. Select OK.
13. On the Password Policy Setting screen, select OK.
14. Verify that the LDAP daemon is running by entering (as root) in a terminal
window rcldap status.
You should see a status of running.
Part II: Configure the LDAP Client on da-host
With the LDAP server running on da-host, you now need to configure the LDAP
client on da-host such that authentication can occur via either the local files (/etc/
passwd, /etc/shadow, and so on) or the LDAP directory on da-host.
Do the following on da-host:
1. In YaST, select Network Services > LDAP Client.
Figure 4-5 Configuring the LDAP Client
2. Select Use LDAP.

3. Verify that 127.0.0.1 is listed in the Addresses of LDAP Servers field.
4. In the LDAP Base DN field, enter dc=digitalairlines,dc=com.
5. Verify that LDAP TLS/SSL is selected.
6. Select Create Home Directory on Login.
7. Select Advanced Configuration.
8. Select the Administration Settings tab, shown below:

Figure 4-6 Configuring Administration Settings
9. Verify that ou=ldapconfig,dc=digitalairlines,dc=com is listed in the

Configuration Base DN field.
10. In the Administrator DN field, enter cn=Administrator.
11. Select Append Base DN.
12. Select Create Default Configuration Objects.
13. Configure the YaST Group and User Administration modules.

a. Select Configure User Management Settings.
b. When prompted, enter a password of novell.
c. When prompted that the ldapconfig organizational unit doesn’t exist, select
Yes to created it now.
d. Select New.
e. To create a new user configuration module, select suseUserConfiguration.
f. In the Name of New Module field, type Users; then select OK.
You should see the following:
Figure 4-7 Configuring LDAP Modules
g. On the Module Configuration screen, select New.

h. To create a new group template, make sure suseGroupConfiguration is
marked.
i. In the Name of New Module field, type Groups; then select OK.
j. On the Module Configuration screen, select OK.
k. On the Advanced Configuration screen, select OK.
14. In the LDAP Client Configuration screen, select OK.
15. Conditional: Install the pam_ldap and nss_ldap packages by selecting Install
when prompted.
Part III: Configure the LDAP Client on da1
Next, you need to configure the LDAP client on da1such that authentication can
occur via either the local files (/etc/passwd, /etc/shadow) or the LDAP
directory on da-host.
Do the following on da1:
1. If necessary, log into da1as geeko with a password of novell.
2. Start YaST and select Network Services > LDAP Client.
3. Select Use LDAP.

4. In the Addresses of LDAP Servers field, enter da-host.digitalairlines.com.
5. In the LDAP Base DN field, enter dc=digitalairlines,dc=com.
6. Verify that LDAP TLS/SSL is selected.
7. Select Create Home Directory on Login.
8. Select Advanced Configuration.
9. Select the Administration Settings tab.
10. In the Administrator DN field, enter cn=Administrator.
11. Select Append Base DN, then select OK.
12. On the LDAP Client Configuration screen, select OK.
13. Conditional: Install the pam_ldap and nss_ldap packages by selecting Install
when prompted.
Part IV: Manage Entries in the LDAP Directory
With LDAP configured on your server and your server and workstation configured to
use LDAP for authentication, you can now manage users and groups in the directory
tree.
Complete the following on either da1 or da-host:
1. Create a new user using the YaST User and Group Management module.
a. In YaST, select Security and Users > User and Group Management.
b. Select Set Filter > LDAP Users.
An LDAP Server Password dialog appears.
c. In the LDAP Server Password field, enter novell.
d. In the User and Group Administration dialog, Select Add.
e. In the New LDAP User dialog, select the User Data tab and enter the
following user information:
 First Name: Tux
 Last Name: Penguin
 Username: tux
 Password: novell
f. Select OK.
g. When prompted that the password is too simple, select Yes > Yes.
In the User and Group Adminstration dialog, you should see the tux user
account added.
h. Select OK.
i. Close YaST.
2. Test your LDAP configuration by logging in as tux.

a. Open a terminal and enter su tux.
b. When prompted, enter a password of novell.
You should see the various home directory folders created as the tux user
logs in, as shown below:
geeko@da-host:~/Desktop> su tux
Password:
Creating directory ‘/home/tux’.
Creating directory ‘/home/tux/.fonts’.
Creating directory ‘/home/tux/bin’.
Creating directory ‘/home/tux/.mozilla’.
tux@da-host:/home/geeko/Desktop>
c. At the shell prompt, enter exit.

3. Create an LDIF file to create a new LDAP user account from the shell prompt by
doing the following:
a. Open a terminal session.
b. Using a text editor, create a newuser.ldif file with the following
content:
# trixi LDIF
dn: cn=trixi,ou=People,dc=digitalairlines,dc=com
changetype: add
objectClass: inetOrgPerson
cn: trixi
givenName: Trixi
sn: Penguin
mail: trixi@digitalairlines.com
uid: trixi
telephoneNumber: 801-555-7000
NOTE: You can find this file on your 3103 Course DVD
c. Save the file and close the editor.

4. At the shell prompt, enter in one line:
ldapadd -x -D
cn=Administrator,dc=digitalairlines,dc=com -W -f
newuser.ldif
5. When prompted, enter a password of novell.

You should see the trixi user added, as shown below:
da-host:~ # vi newuser.ldif
da-host:~ # ldapadd -x -D
cn=Administrator,dc=digitalairlines,dc=com -W -f newuser.ldif
Enter LDAP Password:
adding new entry "cn=trixi,ou=People,dc=digitalairlines,dc=com"
da-host:~ #
6. View your LDAP directory tree using the YaST LDAP Browser module.
a. Start YaST and select Network Services > LDAP Browser.
b. On the LDAP Connections screen, select Add.
c. Type a name of da-host for the connection, then select OK.
d. In the LDAP Server field, type da-host.digitalairlines.com.
e. In the Administrator DN field, type
cn=Administrator,dc=digitalairlines,dc=com.
f. In the LDAP Server Password field, type novell.
g. Select the LDAP TLS option, then select OK.
h. In the left pane, click dc=digitalairlines,dc=com.
i. Expand ou=people.
You should see the trixi and tux users, as shown below:
Figure 4-8 Viewing LDAP Users in the LDAP Browser
j. If time permits, explore the attributes and values associated with the two
users you added.
k. When complete, select Close.
l. Close YaST, then close the terminal window.
(End of Exercise)
Configure and Use Samba
SECTION 5 Configure and Use Samba

n “Create a Basic Samba Share” on page 34
Create a Samba share.
n “Configure Samba to Use LDAP Authentication” on page 36
Configure Samba to store its user accounts in an LDAP directory.
n “Work with Samba Shares” on page 38
Access a share with smbclient and you mount a Samba share in the file system of
a Linux workstation.
Exercise 5-1 Create a Basic Samba Share

In this exercise, you create a Samba share.
In the first part of the exercise, configure the Samba server as a member of the
digitalairlines workgroup and to use user level security.
In the second part of the exercise, create the /srv/samba/geeko-data directory
and create a share named geeko-data.

n “Part I: Configure the Samba Server” on page 34
n “Part II: Create the [geeko-data] Share” on page 34
Part I: Configure the Samba Server
In this part of the exercise, you configure global settings for the Samba service on da-
host.
1. In YaST on da-host, select Network Services > Samba Server.
2. In the Workgroup or Domain Name field, type digitalairlines, then select
Next.
3. Under Samba Server Type, select Not a Domain Controller, then select Next.
4. On the Start-Up tab, select the following options:
n During Boot
n Open Port in Firewall (if necessary)
5. Select the Identity tab.
6. In the NetBIOS Hostname field, type da-host.
7. Select WINS Server Support.
8. Deselect Retrieve WINS Server via DHCP, then select Use WINS for
Hostname Resolution.
9. Select Advanced Settings > Expert Global Settings.
Confirm the warnings by clicking OK.
10. Verify that security is set to user and that printing is set to cups.
11. Select OK.
12. Select OK to close the Samba Configuration module.
Part II: Create the [geeko-data] Share
In this part of the exercise, you create a share named geeko-data that points to the
/srv/samba/geeko-data directory.

1. Create the /srv/samba/geeko-data directory on da-host.
a. At the shell prompt, (as root) enter mkdir -p /srv/samba/geeko-
data.
b. Create a test file in the directory by entering touch /srv/samba/
geeko-data/my_file at the shell prompt.
c. Adjust the permissions assigned to the directory and file to allow access by
the geeko user by entering chown -R geeko: /srv/samba/geeko-
data/ at the shell prompt.
2. Create the [geeko-data] share by doing the following:
a. In YaST, select Network Services > Samba Server.
b. On the Shares tab, select Add.
c. On the New Share screen, enter the following information:
n Share Name: geeko-data
n Share Description: Geeko’s Data Directory
n Share Path: /srv/samba/geeko-data
d. Select OK.
e. With the geeko-data share selected, select Edit.
f. On the Share geeko-data screen, select Add.
g. In the Selected Option drop-down list, select valid users; then select OK.
h. In the valid users field, enter geeko, then select OK.
i. Select OK to close the Share geeko-data dialog.
j. Select OK to close the Samba Configuration.
3. Close YaST.
4. Test the configuration of the Samba server and the [geeko-data] share by
entering testparm at the shell prompt.
You should see no error messages.
5. Press Enter to see a dump of your share defintions.
You will use this share in a later exercise in this section.
(End of Exercise)
Exercise 5-2 Configure Samba to Use LDAP Authentication

In this exercise, you learn how to configure Samba to store its user accounts in the
OpenLDAP directory service your configured on da-host in the previous section of
this course.

Complete the following on da-host:
1. Start YaST and select Network Services > Samba Server.
2. Select the LDAP Settings tab.
Figure 5-1 Configuring Samba LDAP Settings
3. Select Use LDAP Password Back-End.

4. When prompted that all values will be rewritten, select Yes to continue.
The various fields in this interface are automatically populated for you using the
default values found in your server’s /etc/openldap/ldap.conf file.
5. Verify that the following settings are set to the following values:
n LDAP Server URL: ldap://127.0.0.1
n Use LDAP Idmap Back-End: Selected
n LDAP Server URL: ldap://127.0.0.1
n Search Base DN: dc=digitalairlines,dc=com

n Administration DN: cn=Administrator,dc=digitalairlines,dc=com
6. Type an administration password of novell.
7. Select Test Connection.
8. If the test was successful, select OK.
9. Select OK to apply your settings.
10. Verify that the LDAP integration occured correctly.
a. In YaST, select Network Services > LDAP Browser.
b. From the LDAP Connections drop-down list, select da-host.
c. In the LDAP Server Password field, type novell.
d. Select OK.
e. Expand dc=digitalairlines,dc=com.
You should see the following objects and containers added:
n ou=Idmap
n ou=Machines
n ou=group
n sambaDomainName=DA-HOST
f. Leave the LDAP Browser running.
11. Samba enable your geeko user.
a. Open a terminal session and switch to root using the su - command and a
password of novell.
b. At the shell prompt, enter smbpasswd -a geeko.
c. When prompted, enter a SMB password of novell.
12. Switch back to your LDAP Browser window.
13. Select Reload.
14. Expand dc=digitalairlines,dc=com.
15. Expand ou=people.
You should see the geeko user added.

16. Select the geeko user.
You should see that the geeko user has a variety of Samba-related attributes
added.
17. Select Close.
(End of Exercise)
Exercise 5-3 Work with Samba Shares

In Part I of this exercise, you access the geeko-data share you defined earlier using
the smbclient utility.
In Part II of this exercise, you mount the geeko-data share on da-host to the file
system of your da1server.

n “Part I: Access a Share with smbclient” on page 38
n “Part II: Mount a Share in the File System” on page 38
Part I: Access a Share with smbclient
To access a share with smbclient, complete the following:

1. Switch to your da1server.
2. If necessary, log in as your geeko user with a password of novell.
3. Open a terminal session.
4. Verify that the Samba server is responding to SMB requests by entering
smbclient -L //da-host at the shell prompt.
5. When prompted for a password, press Enter.
You should see a list of shares on da-host, including the geeko-data share.
6. Access the data share by entering smbclient -U geeko //da-host/
geeko-data at the shell prompt.
7. When prompted for a password, enter novell.
You should see the smb:\ prompt displayed.
8. List the content of the share by entering ls at the smb:\ prompt.
You should see the my_file file that you created earlier.
9. Copy the my_file file to the current directory by entering get my_file at the
smb:\ prompt.
You should see the my_file file appear on the desktop.
10. Exit smbclient by entering exit.
11. Close your terminal window.
Part II: Mount a Share in the File System
To mount a share in the file system, complete the following:

1. On your da1 server, open a terminal window and switch to root using the su -
command and a password of novell.
2. Mount the data share in the /mnt directory by entering the following command at
the shell prompt:
mount -t cifs -o username=geeko //da-host/geeko-data /
mnt
When prompted for a password, enter novell.
3. At the shell prompt, enter mount.
You should see that //da-host/geeko-data is mounted on /mnt.
4. Display the content of the mounted share by entering ls /mnt/ at the shell
prompt.
You should see the my_file file.
5. Umount the share by entering umount /mnt at the shell prompt.
6. Optional: Create an entry in the /etc/samba/smbfstab file to mount the
share using the rcsmbfs start command. Test your entry using rcsmbfs
start and rcsmbfs stop.
7. Close your terminal window.
(End of Exercise)
Internet Protocol Version 6 (IPv6)
SECTION 6 Internet Protocol Version 6 (IPv6)
This section contains the following exercise:

 “Configure IPv6” on page 42
Configure and use different aspects of IPv6.
Exercise 6-1 Configure IPv6

In this exercise, you configure and use different aspects of IPv6.
This exercise has two parts.
In the first part you ping6 da1 from da-host, using the link local IPv6 address. In the
second part, you set a globally unique IPv6 address and configure the router
advertisement daemon to distribute your IPv6 prefix to other machines.
Detailed Steps to Complete this Exercise

 “Part I: Use Link Local Addresses to ping6 Other Hosts.” on page 42.
 “Part II: Set up radvd” on page 43
Part I: Use Link Local Addresses to ping6 Other Hosts.
To use the link local address, do the following:

1. If necessary, start the VMware player and the da1 virtual machine.
2. Log in to da1 as geeko, open a terminal window and su - to root (password:
novell).
3. In the terminal window on da1, enter ip address show and note the IPv6
link local address of the eth0 interface (inet6 fe80... scope link).
4. On your host da-host, log in as geeko, open a terminal window, and su - to root
(password: novell).
5. In the terminal window on da-host, enter ip address show and note the
IPv6 link local address of the vmnet1 interface.
vmnet1 is the VMware interface that is used to connect to da1 using a host-only
network.
6. Ping your own interface using the command
ping6 -I vmnet1 ipv6_address_of_vmnet1
Stop the ping6 by enetering Ctrl+c.
7. Ping da1 using the IPv6 address established in step 3 and the command
ping6 -I vmnet1 ipv6_address_of_eth0-da1
Stop the ping6 by enetering Ctrl+c.
Internet Protocol Version 6 (IPv6)
Part II: Set up radvd
This exercise you set an IPv6 address and configure radvd on da1.
Do the following:
1. On da1, in a terminal window as root, install the radvd package using the
command
yast2 -i radvd
2. On da1, add an IPv6 address (from the range reserved for examples and
documentation) to the eth0 interface with the command
ip address add 3fff:ffff::1/64 dev eth0
3. View the IPv6 addresses of the eth0 interface with the command
ip address show dev eth0
The address you just added has the scope “global.”
4. In an editor, open the /etc/radvd.conf file and scroll down to the following
lines.
#
# example of a standard prefix
#
prefix 2001:db8:1:0::/64
5. Change the line beginning with “prefix” to read
prefix 3fff:ffff::/64
6. Add the following lines to the section below your prefix:

AdvPreferredLifetime 120;
AdvValidLifetime 300;
The whole section should look now like the following:
#
# example of a standard prefix
#
prefix 3fff:ffff::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
AdvPreferredLifetime 120;
AdvValidLifetime 300;
};
7. Delete all lines below the above section, with the exception of the last line that
reads
};
9. Turn on IPv6 routing on da1 with the command

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
10. Start radvd with the command
rcradvd start
11. On da-host, in a terminal window, enter
ip -6 a s dev vmnet1
You should see that the interface has now an additional IPv6 address with the
prefix 3fff:ffff and the scope “global dynamic.”
12. On da-host, ping6 da1 using the IP address you added in step 1 with the
command
ping6 3fff:ffff::1
13. From da-host, log in to da1 using the IP address you added in step 1 with the
command
ssh 3fff:ffff::1
Enter yes when prompted and the password novell.
You are logged in to da1.
14. Log out from da1 by entering exit.
(End of Exercise)
Deploy SUSE Linux Enterprise 11
SECTION 7 Deploy SUSE Linux Enterprise 11

 “Set Up an Installation Server” on page 46
Set up an installation server and an add-on repository.
 “Set Up PXE Boot for installations” on page 50
Set up a TFTP server, fill the /tftpboot directory with the files needed for
PXE boot and set up a DHCP server.
 “Create an AutoYaST Control File” on page 55
Create an AutoYaST control file by using the Create Reference Profile feature of
the YaST AutoYaST module.
 “Activate PXE Booting and Install SUSE Linux Enterprise Server” on page 56
Boot your machine using PXE and start the installation of SUSE Linux
Enterprise Server 11.
Exercise 7-1 Set Up an Installation Server

In this exercise, you set up an installation server and an add-on repository.
In the first part, copy the files of the installation DVD to a directory and make this
directory accessible over the network using NFS.
In the second part, prepare an add-on products repository to allow the installation of
additional RPMs.

 “Part I: Prepare the Installation Repository” on page 46
 “Part II: Set Up an Add-on Products Repository” on page 47
Part I: Prepare the Installation Repository
To prepare the installation repository, do the following on da-host:

1. At a terminal window, su - to root (password: novell).
2. Create the /srv/install-repo/sles11/CD1 directory using the
command
mkdir -p /srv/install-repo/sles11/CD1
3. Insert the SUSE Linux Enterprise Server 11 DVD, then copy the content of the
DVD to the directory you just created using the command
cp -a /media/SUSE_SLES-11-0-0.001/* /srv/install-repo/
sles11/CD1
NOTE: Some steps in this exercise refer to the /srv/install-repo/sles11/CD1

directory as the root of the installation directory.
4. As copying the content will take some time, open another terminal window, su
- to root (password: novell).
5. Edit the /etc/exports file to add the following line:
/srv/install-repo/sles11 *(ro,sync,no_subtree_check)
6. Restart the NFS server using the command

rcnfsserver restart
7. Make sure the NFS server is started every time the system starts up by entering
insserv nfsserver
NOTE: You can also use the YaST Installation Server module to accomplish the above.
Part II: Set Up an Add-on Products Repository
To add a repository for add-on products or RPMs of your own, do the following:
1. At a terminal window as root, install the inst-sourc-utils package if not yet
installed, using the command
rpm -q inst-source-utils || yast -i inst-source-utils
2. Create the directory structure for the files you want to make available, using the
command
create_update_source.sh /srv/install-repo/sles11/CD1
3. Explore the directory structure created in the /srv/install-repo/
sles11/CD1/updates/ directory using ls.
4. Create the /srv/install-repo/sles11/CD1/updates/suse/i586
directory using the mkdir command.
5. Insert the Student DVD from your Student Kit into the DVD drive and copy the
Exercises/Section_09/tree-1.5.1-2.8.i586.rpm file from the
Student DVD to the /srv/install-repo/sles11/CD1/updates/
suse/i586 directory.
6. Change to the /srv/install-repo/sles11/CD1/updates/suse/
directory and run the command
create_package_descr -x setup/descr/EXTRA_PROV
7. Change to the /srv/install-repo/sles11/CD1/updates/suse/
setup/descr/ directory.
8. View the content of the packages, packages.en, and packages.DU files
in the /srv/install-repo/sles11/CD1/updates/suse/setup/
descr/ directory using cat.
9. In the /srv/install-repo/sles11/CD1/updates/suse/setup/
descr/ directory run
ls > directory.yast
10. Change to the /srv/install-repo/sles11/CD1/updates/ directory
and run the command
create_sha1sums -x -n .
(Note the dot at the end of the command for the current directory.)
11. View the content file using cat.
12. Look up your current IP address of the physical interface connected to other
computers in your network (usually eth0) using the ip address show
command and record it here:
IP address:
13. Change to the /srv/install-repo/sles11/CD1/ directory (the root of the installation
repository).
14. In the root of the installation repository, use a text editor to create an
add_on_products.xml file with the following content:
<?xml version="1.0"?>
<add_on_products xmlns="http://www.suse.com/1.0/yast2ns"
xmlns:config="http://www.suse.com/1.0/configns">
<product_items config:type="list">
<product_item>
<name>SLES11 Add-ons</name>
<url>nfs://your_ip/srv/install-repo/sles11/CD1/updates</url>
<path>/</path>
<ask_user config:type="boolean">false</ask_user>
<selected config:type="boolean">true</selected>
</product_item>

<product_item />
</product_items>
</add_on_products>
16. Create a SHA1SUMS file, containing the SHA1 hash value of the file you just
created, using the command
sha1sum add_on_products.xml > SHA1SUMS
17. Create a gpg public private key pair using the command
gpg --gen-key
Use the default values and answer the questions (name, e-mail address,
comment) appropriately. For the purposes of this exercise you can use a simple
password like “secret”.
If you get a “Can’t connect to ‘/root/.gnupg/S.gpg-agent’” message, switch to a
text console (Ctrl+F1), log in as root, enter the gpg command as above, then
switch back to the graphical interfacd (Ctrl+F7).
18. Sign the SHA1SUMS file with the command
gpg -b --sign --armor SHA1SUMS

or
gpg -b --sign --armor -u your_keyID > SHA1SUMS
with, for instance, the e-mail address you entered in Step 17 on page 48 as
your_keyID.
This will create the SHA1SUMS.asc file.
text console (Ctrl+F1), log in as root, change to the /srv/install-repo/
sles11/CD1 directory, enter the gpg command as above, and switch back to
the graphical interfacd (Ctrl+F7).
19. Export your GPG public key to the SHA1SUMS.key file, using the following
command (with, for instance, the e-mail address you entered in Step 17 on
page 48 as your_keyID):
gpg --export --armor your_keyID > SHA1SUMS.key

20. Create an updated directory.yast file in the root of your installation
repository with the command
ls > directory.yast
21. Sign the content file created in Step 10 on page 47:
cd updates/
gpg -b --sign --armor content
This will create the content.asc file.
text console (Ctrl+F1), log in as root, change to the /srv/install-repo/
sles11/CD1/updates directory, enter the gpg command as above, and
switch back to the graphical interfacd (Ctrl+F7).
22. If you want to use a different name or location for the updates directory, such
as add-ons or /srv/install-repo/sles11/add-ons, proceed as
follows:
a. Rename the updates directory using the mv command.
b. Edit <url>...</url> entry in the add_on_products.xml file to
reflect the new name or location of the repository.
c. Create a new SHA1SUMS file in the root directory of the installation
repository, using the command
sha1sum add_on_products.xml > SHA1SUMS
d. Sign the SHA1SUMS file as in Step 18 on page 48, overwriting the existing
SHA1SUMS.asc file.
23. To include your GPG public key in the initrd, enter the following commands:
cd /tmp
cp /srv/install-repo/sles11/CD1/SHA1SUMS.key my-
key.gpg
cp /srv/install-repo/sles11/CD1/boot/i386/loader/
initrd .
mv initrd initrd.gz
gunzip initrd.gz
find my-key.gpg | cpio -o -A -F initrd -H newc
gzip initrd
You will copy the new initrd.gz file you just created to the /tftpboot
directory in a later exercise.
(End of Exercise)
Exercise 7-2 Set Up PXE Boot for installations

In this exercise, set up a TFTP server, fill the /tftpboot directory with the files needed
for PXE boot, and set up a DHCP server.
In the first part, install the tftp package and configure xinetd to listen on port 69 for
TFTP requests.
In the second part, copy the files needed for PXE boot to the /tftpboot directory
and create a default pxelinux configuration file that can be used to install clients.
In the third part, you work together with another student. Install the dhcp-server
package and configure the DHCP server to provide an IP address to your partner’s
computer and any other needed information to boot the partner’s computer using
PXE.
In the fourth part, test your setup.

 “Part I: Install and Configure TFTP” on page 50
 “Part II: Configure pxelinux” on page 51
 “Part III: Configure the DHCP Server” on page 52
 “Part IV: Test Your Setup” on page 53
Part I: Install and Configure TFTP
To configure TFTP, do the following:

2. Install the tftp package using the command
yast -i tftp
3. Create the directory to hold the files that will be served by the TFTP server by
entering the command
mkdir /tftpboot
4. Edit the /etc/xinetd.d/tftp file to put a comment sign in front of the line
disable = yes and add -r blksize to the server_args line.
The file should then look similar to the following:
# default: off
# description: tftp service is provided primarily for
# booting or when a router need an upgrade. Most sites
# run this only on machines acting as "boot servers".
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot -r blksize
# disable = yes
}
5. Start xinetd using the command
rcxinetd start
6. Make sure xinetd is started every time the system starts up by entering
insserv xinetd
Part II: Configure pxelinux
To configure pxelinux, do the following:

2. Install the syslinux package using the command
rpm -q syslinux || yast -i syslinux
3. Create the /tftpboot/pxelinux.cfg directory.
4. Copy the /usr/share/syslinux/pxelinux.0 file to /tftpboot,
then do the same with the linux and message files from the /srv/
instal-repo/sles11/CD1/boot/i386/loader/ directory.
Copy the initrd.gz you created in Step 23 on page 49 file to the /
tftpboot directory using the command
cp /tmp/initrd.gz /tftpboot/initrd
5. Using an editor, create a /tftpboot/pxelinux.cfg/default file that
contains the following:
default harddisk
# SLES11
label SLES11
kernel linux
append initrd=initrd install=nfs://your_IP/srv/install-repo/
sles11/CD1
# hard disk (default)

label harddisk
localboot 0
implicit 0
display message
prompt 1
timeout 100
Adapt the IP address of the NFS server according to your setup and make sure
that the options after “append” are written in one line.
6. Edit the file /tftpboot/message to match your default file.
It should look similar to the following:

To boot from harddisk, just press <return>.
Available boot options:
SLES11 - Installation of SLES11
Part III: Configure the DHCP Server
To configure the DHCP server, do the following:

2. In the main menu of YaST, select Software > Software Management.
3. Search for “dhcp”, select dhcp-server from the search results, then select
Accept.
4. If additional packages need to be installed, select Continue.
5. Edit the /etc/sysconfig/dhcpd file and add the name of your interface to
the DHCPD_INTERFACE parameter.
The line should look like the following:
DHCPD_INTERFACE=”eth0”
6. Look up your current IP address on eth0 using the ip address show

command and record it here:
IP address:
7. Get the following values from your partner,
Partner’s computer IP address:
Corresponding MAC address:
NOTE: You can ping your partner’s IP address and then use the arp command in a terminal
window to find out the MAC address of his network interface card.
8. Edit the /etc/dhcpd.conf file by adding the values established in the

previous step in the host declaration as shown below.
This will make sure that your DHCP server distributes an IP address only to your
partner’s computer and does not interfere with other students.
Your /etc/dhcpd.conf should look similar to the following:
#
# /etc/dhcpd.conf
#
ddns-update-style none;
#
# specify default and maximum lease time
#
default-lease-time 600;
max-lease-time 7200;
#
# What is the DNS domain and where is the name server?
#
option domain-name "digitalairlines.com";
option domain-name-servers 172.17.8.101;
#
# This is a router - adapt to your network
#
option routers 172.17.8.1;
#
# A subnet
# (Use the values that fit your eth0 device)
#
subnet 172.17.0.0 netmask 255.255.0.0 {
}
#
# This dhcp server serves just one machine
# Use the values established in the previous step
#
host da49 {
fixed-address 172.17.8.149;
hardware ethernet 00:11:22:33:44:55;
}
#
# Parameters necessary for bootp and PXE
#
allow bootp;
# your machine’s IP:
next-server 172.17.8.110;
server-name "da-host.digitalairlines.com";
filename "pxelinux.0";
9. Start the DHCP server with the rcdhcpd start command and watch for any
error messages and correct your /etc/dhcpd.conf file as needed.
10. Make sure the DHCP server is started every time the system starts up by entering
insserv dhcpd
Part IV: Test Your Setup
To test your PXE setup, do the following:

1. (Conditional) If there is another DHCP server running that distributes addresses
to your eth0 interface, turn it off or, if in a classroom, ask the instructor to turn it
off.
2. Decide on which of your machines (yours or your partner’s) will act as

installation server.
3. On the machine that acts as installation server, check in YaST if the eth0 interface
uses DHCP; if so, change the configuration to a fixed IP address using the IP
address DHCP assigned to your machine for eth0, as established in Part III, Step
6 on page 52.
4. Reboot the other machine.
Make sure the BIOS is configured to allow booting via the network card.
The computer should get the IP address from the DHCP server running on its
partner’s computer and display the message file.
5. Enter SLES11 at the prompt. The computer should fetch the necessary files via
TFTP and should start YaST.
A possible source of errors is SuSEfirewall running on the installation server,
forbidding access to the TFTP service. Check this by entering as root at a
terminal window rcSuSEfirewall status and if SuSEfirewall is running,
stop it with rcSuSEfirewall stop.
6. To test your add-on repository, proceed with the installation workflow up to the
Installation Settings dialog, accepting the suggested default values (at the
Installation Mode Screen, do not select Include Add-On Products).
7. In the Installation Settings dialog, select Software > Details and in the Filter
drop-down menu select Search. In the Search text box, type tree and click
Search.
The tree package should appear in the upper right pane of the dialog.
If it does not appear, there is an error in the configuration of your add-on
repository (see Set Up an Installation Server, “Part II: Set Up an Add-on
Products Repository” on page 47.
8. Do not procede with the installation, but reset the computer and boot SUSE
Linux Enterprise Server 11 from the hard disk.
9. Once the server is running again, switch roles and reboot the machine that acted
as the DHCP server before.
(End of Exercise)
Exercise 7-3 Create an AutoYaST Control File

In this exercise, create an AutoYaST control file by using the Create Reference
Profile feature of the YaST AutoYaST module.
Detailed Steps to Complete This Exercise:

To create a AutoYaST control file, do the following:
1. Start YaST and select Miscellaneous > Autoinstallation.
2. Select Tools > Create Reference Profile.
3. In the Create Reference Control File dialog, select the following entries, then
click Create.
 Boot Loader
 Package Selection
 Partitioning
 User and Group Management
4. Browse through the created profile by selecting sections of the tree on the left
side of the dialog and selecting entries in the main window.
Change the configuration if you like.
5. Save the file by selecting File > Save, typing sles11.xml as the filename,
then selecting Save.
7. Review the /var/lib/autoinstall/repository/sles11.xml file
in an editor, then quit the editor when done.
(End of Exercise)
Exercise 7-4 Activate PXE Booting and Install SUSE Linux Enterprise Server
In this exercise, work with a fellow student (or use a second computer if there is no
one with whom to do the exercise) to boot your machine using PXE and start the
installation of SUSE Linux Enterprise Server 11.
NOTE: A prerequisite for this exercise is a network card that is PXE capable.
Detailed Steps to Complete This Exercise:

To activate PXE boot and to start the installation of SUSE Linux Enterprise Server
11, do the following:
1. Decide with a fellow student whose machine you will use as the installation
server and which of you will reboot his computer.
2. Create the /srv/install-repo/sles11/ay/ directory and copy the
autoyast file you created in the exercise “Create an AutoYaST Control File” on
page 55 into this directory as sles11.xml.
3. On the installation server, make sure that the file /tftpboot/
pxelinux.cfg/default contains the autoyast parameter in the
append line, using your own IP address instead of 172.17.8.110, like in the
following (note: the “append” options have to be in one line):
# SLES11
label SLES11
kernel linux
append initrd=initrd install=nfs://172.17.8.110/srv/install-
repo/sles11 autoyast=nfs://172.17.8.110/srv/install-repo/sles11/
ay/sles11.xml
4. The following steps apply to the student who reboots his machine:
a. Reboot your computer.
If your computer does not try to get an IP address during the first stages of
the boot process right after Power On Self Test and before starting the
operating system, make sure PXE is activated in the BIOS.
b. Consult the manual that came with the computer hardware on how to change
the respective setting in the BIOS.
If everything is set up correctly, the computer will get an IP address from the
DHCP server and load the pxelinux.0 file, as well as the message file.
5. At the message screen, enter SLES11.
NOTE: If you do not want to reinstall the machine at this point, you have to power it off
before the hard drive gets partitioned!
The kernel and initrd are transfered from the TFTP server. YaST will start, fetch
the sles11.xml file, and automatically install SLES11, based on the
configuration contained in the sles11.xml file.
(End of Exercise)
Manage Virtualization with Xen
SECTION 8 Manage Virtualization with Xen

 “Install a Xen Server and an Unprivileged Doman” on page 60“
Install Xen and configure Dom0, and install SLES 11 in a Xen guest domain
using vm-install.
 “Change Memory Allocation of a Guest Domain” on page 63
Change the memory allocation of a guest domain using the Virtual Machine
Manager.
 “Automate Domain Startup” on page 65“
Start up domains automatically when the system is booted.
 “Check the Network Configuration” on page 66“
Use the brctl show command to view the bridge setup and changes to it.
Exercise 8-1 Install a Xen Server and an Unprivileged Doman

In this exercise, you learn how to install Xen and configure Dom0 and how to install
SLES 11 in a Xen guest domain using vm-install..
IMPORTANT: VMware cannot run on SLES11 running the Xen kernel. Therefore, the da1
VMware virtual machine will not be available in this section.
In the first part, install the software necessary to run a Xen virtual machine server.
In the second part, change the grub menu to load the Xen kernel by default, turn off
the firewall, and reboot your machine. Then use xm list to find out if domain0 is
running as expected.
In the third part, create a virtual machine for SUSE Linux Enterprise Server 11 and
install it, using the installation server created in the previous section.

 “Part I: Install Xen Packages” on page 60
 “Part II: Prepare and Test Xen” on page 61
 “Part III: Install a Guest Domain” on page 61
Part I: Install Xen Packages
Do the following:
1. If the VMware player is running, shut down da1 and close the VMware player.
2. Open a terminal window and su - to root (password: novell).
3. Unload the VMware kernel modules using the command
/etc/init.d/vmware stop
4. Make sure the modules are not loaded automatically using the command
chkconfig vmware off
5. Insert the SUSE Linux Enterprise Server 11 DVD into the DVD drive.
6. Start the YaST and select Virtualization > Install Hypervisor and Tools.
7. Select Accept and let YaST install all required software packages.
Confirm the installation of any automatically selected packages by selecting
Continue.
8. Select Yes in the Network Bridge Configuration dialog.
9. Close the YaST Control Center.
Part II: Prepare and Test Xen
Do the following:
1. Open a terminal window and su - to the root user (password: novell).
2. Open the /boot/grub/menu.lst file with a text editor (such as vi).
3. Make sure the file contains a section with the title “Xen”.
4. In the Xen section, make sure that the root= parameter points to the root
partition of your installation.
5. Change the “default” line to point to the Xen entry.
If the Xen entry is the first entry in the file, change the default value to 0; if it is
the second, change the default entry to 1, and so on:
default 0

7. Turn off SuSEfirewall by entering the following commands:
insserv -r SuSEfirewall2_setup
and
insserv -r SuSEfirewall2_init
8. Close the terminal window.
9. Reboot your system.
10. At the boot menu, make sure the Xen entry is selected and press Enter.
11. When the system has booted, log in as user geeko with the password novell.
12. Open a terminal window and su - to root.
13. Enter the command xm list.
In the output, you should see one domain (Domain-0) with the status running.
Part III: Install a Guest Domain
Do the following:
1. Start YaST and select Virtualization > Create Virtual Machines.
2. Read the information displayed, then select Forward.
3. Select I need to install an operating system, then select Forward.
4. Select SUSE Linux Enterprise Server 11, then select Forward.
5. On the Summary page, select Name of Virtual Machine.
6. Type da-xen in the Name field and select Apply.
You are returned to the Summary page.
7. On the Summary page, select Network Adapters.
8. Make sure the network adapter is selected, then select Edit.

9. Select Specified MAC address and enter some random hexadecimal numbers,
such as 01:cf:43, in the spaces provided.
10. Select Apply to return to the Network Adapters dialog.
Select Apply again to return to the Summary page.

11. On the Summary page, select Disks > Edit, increase the suggested value for a 4
GB disk to 6 GB, then select OK.
12. In the Disks dialog, select Apply.
You are returned to the Summary page.

13. On the Summary page, select Operating System Installation.
14. In the Operating System Installation dialog, select Network URL as the
installation medium, then type nfs://your_IP_address/srv/install-repo/sles11/
CD1 and select Apply.
You are returned to the Summary dialog.
15. In the Summary dialog, select OK.
A VNC window opens with the SLES11 installation system starting up.
16. Within the VNC window, follow the installation workflow, using the following
values in the respective dialogs (use the suggested defaults for items not
mentioned here):
Time zone: USA Mountain
Root password: novell
Hostname: da-xen
Domain Name: digitalairlines.com
Change Hostname via DHCP: Uncheck
Write Hostname to /etc/hosts: Check
Firewall: Disable by selecting enabled
Skip the Internet connection test.
Local user:
 User’s Full Name: Geeko Novell
 Username: geeko
 Password: novell
Clone This System for Autoyast: Deselect
17. When all steps of the installation are successfully completed, test if you can log
in to the your SLES 11 server as user geeko with the password novell at the login
screen that appears.
(End of Exercise)
Exercise 8-2 Change Memory Allocation of a Guest Domain

In this exercise, you learn how to change the memory allocation of a guest domain
using the Virtual Machine Manager.
While the virtual machine is turned off, change the maximum allocation for that
machine to 750 MB and the current allocation to 600 MB.
Start the virtual machine, log in, and run the top command in a terminal window
inside the VM. Change the memory allocation in Virt-Manager and watch the change
in top.

Do the following:
1. If the virtual machine da-xen is running, shut it down.
2. Open a terminal window and su - to the root user.
3. Enter
virt-manager &
4. In Virt-Manager, double-click the localhost entry, select the da-xen entry with
the right mouse button, then select Details.
5. Select the Hardware tab; then select the Memory entry.
6. Change the Maximum Allocation to 750 MB.
7. Select Apply.
8. In the Change Allocation field, enter 600.
9. Select Apply. Leave the Details window open.
10. In the Virtual Machine Manager window, double-click the da-xen virtual
machine entry.
A VNC window opens up.
11. Start the virtual machine by selecting Run.
12. Log in to the virtual machine as geeko (password: novell) and open a terminal
window.
13. Enter the top command and note the Mem (total) value.
14. In the Virtual Machine Details window, change the memory allocation
(Change allocation field) to 500 MB, then select Apply.
15. Watch the Mem value change in the output of top.
16. In the Virtual Machine Details window, change the memory allocation
(Change allocation field) to 650 MB, then select Apply.
Note that the value is increased only to the 600 MB set when you started the
virtual machine.
17. In the Virtual Machine Manager Details window, change the memory
allocation (Change allocation field) back to 512 MB, then select Apply.
(End of Exercise)
Exercise 8-3 Automate Domain Startup

In this exercise, you learn how to start up domains automatically when the system is
booted.
Create a link in the /etc/xen/auto directory that points to the /etc/xen/vm/
da-xen configuration file and reboot your machine.

2. Create a link to the /etc/xen/vm/da-xen configuration file in the auto
using the command
ln -s /etc/xen/vm/da-xen /etc/xen/auto/da-xen
3. Shut down your virtual machine.
4. Wait a moment and verify with the xm list command that the domain has been
shut down.
Continue with the next step when the domain da-xen is no longer listed as
running.
5. Reboot your system by entering reboot.
6. At the boot prompt, make sure the Xen entry is selected.
7. When the system has been started up, log in to the graphical interface as user
geeko with the password novell.
9. Enter the xm list command.
The da-xen domain should have started automatically and should be listed in the
xm list output.
10. Remove the link again using the following command:
rm /etc/xen/auto/da-xen
11. Optional: Create a start script based on /etc/init.d/skeleton that uses
the xm or virsh commands to start and shutdown managed domains.
(End of Exercise)
Exercise 8-4 Check the Network Configuration

This exercise assumes that you have a Xen system with Dom0 and one DomU
running.
Use the brctl show command to view the bridge setup and changes to it after
shutting down and starting a virtual machine.

2. To make sure that the da-xen domain is running, enter xm list.
3. In the output of the xm command, note the ID of the da-xen domain.
4. To view the network bridge configuration, enter brctl show.
You should see the configuration of the bridge xenbr0. The following interfaces
should have been added to the bridge:
 eth0 (physical interface)
 vifx.0 (where x is the domain ID of the da-xen domain)
5. To shut down the domain, enter virsh shutdown da-xen.
6. Wait a moment, then enter xm list to verify that the domain has been shut
down. Continue with next step when the da-xen domain is no longer listed as
running.
7. Enter brctl show again.
Note that the interface of the da-xen domain has been removed from the bridge.
8. To restart the domain, enter virsh start da-xen.
9. To note the ID of da-xen, enter xm list.
10. Enter brctl show to determine if the interface of da-xen has been added
again.
(End of Exercise)

Upgrading To Novell Certified Linux Professional 11 Workbook

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Upgrading To Novell Certified Linux Professional 11 Workbook

Uploaded by

Copyright:

Available Formats

Novell Training Services (en) 15 April 2009

Upgrading to Novell Certified Linux

AU THO RIZED CO UR SEWARE

Online Documentation: To access the latest online documentation for

SECTION 1 Manage Software for SUSE Linux Enterprise 11 7

Exercise 1-1 Manage Software with zypper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

SECTION 2 Manage Hardware 9

Exercise 2-1 Modify udev Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

SECTION 3 Configure NFS (Network File System) 13

Exercise 3-1 Set Up and Manage Network File System (NFS). . . . . . . . . . . . . . . . . . . . . . . . . . 14

SECTION 4 Configure and Use OpenLDAP 19

Exercise 4-1 Configure OpenLDAP on SLES 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

SECTION 5 Configure and Use Samba 33

Exercise 5-1 Create a Basic Samba Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

SECTION 6 Internet Protocol Version 6 (IPv6) 41

Exercise 6-1 Configure IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

SECTION 7 Deploy SUSE Linux Enterprise 11 45

Exercise 7-1 Set Up an Installation Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Upgrading to Novell Certified Linux Professional 11 / Workbook

Detailed Steps to Complete This Exercise: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

SECTION 8 Manage Virtualization with Xen 59

Exercise 8-1 Install a Xen Server and an Unprivileged Doman. . . . . . . . . . . . . . . . . . . . . . . . . . 60

Upgrading to Novell Certified Linux Professional 11 / Workbook

The following describes the most common conventions:

SECTION 1 Manage Software for SUSE Linux Enterprise

In this section of the workbook, you learn how to do the following:

Upgrading to Novell Certified Linux Professional 11 / Workbook

Exercise 1-1 Manage Software with zypper

Task I: Add an Installation Source and Alias with zypper

Task II: Remove an Installation Source with zypper

Task III: Remove a Software Package with zypper

SECTION 2 Manage Hardware

Upgrading to Novell Certified Linux Professional 11 / Workbook

Exercise 2-1 Modify udev Rules

This happens because there is no configuration for eth1 in /etc/sysconfig.

13. Open the 70-persistent-net.rules file in the vi editor .

14. Change the NAME= eth1 parameter back to NAME=eth0.

15. Save your changes and exit vi.

Upgrading to Novell Certified Linux Professional 11 / Workbook

SECTION 3 Configure NFS (Network File System)

This section contains the following exercises:

Upgrading to Novell Certified Linux Professional 11 / Workbook

Exercise 3-1 Set Up and Manage Network File System (NFS)

Detailed Steps to Complete the Exercise

Part I: Set Up an NFS Server

On da-host, do the following:

Part II: Add a Remote File System to the NFS Client

Upgrading to Novell Certified Linux Professional 11 / Workbook

n Remote Directory: /export/documentation/

Part III: Export a File System Using NFS Version 4

7. Save the file and close the editor.

Part IV: Configure the automounter

9. Save the file and close the editor.

Upgrading to Novell Certified Linux Professional 11 / Workbook

12. Save the file and close the editor.

13. Start the automounter with the command rcautofs start.

14. View the content of /remote-home using ls.

15. View the content of /remote-home/geeko using ls.

16. View the mounted file system using mount

17. Stop the automounter again with rcautofs stop.

SECTION 4 Configure and Use OpenLDAP

This section contains the following exercise:

Upgrading to Novell Certified Linux Professional 11 / Workbook