Listing 255 Output of ldapsearch for the Entire LDAP Database

Bible etc openldap schema ldapsearch -x -b o Acme,c UK base < o Acme,c UK> with scope sub objectClass top objectClass organization dn ou Sales,o Acme,c UK ou Sales objectClass top objectClass organizationalUnit dn ou Marketing,o Acme,c UK ou Marketing objectClass top objectClass organizationalUnit objectClass top objectClass organizationalUnit objectClass top objectClass organizationalUnit dn ou Services,o Acme,c UK ou Services objectClass top objectClass organizationalUnit dn ou...

Listing 31 Output of the fdisk l Command

Disk dev hda 82.3 GB, 82348277760 bytes 255 heads, 63 sectors track, 10011 cylinders Units cylinders of 16065 * 512 8225280 bytes Device Boot Start End Blocks Id System dev Ma * 1 13 104391 83 Linux dev hda2 14 268 2048287+ 83 Linux dev hda3 269 395 1020127+ 82 Linux swap dev hda4 396 10011 77240520 f Win95 Ext'd (LBA) dev hda5 396 2945 20482843+ 83 Linux dev hda6 2946 4857 15358108+ 83 Linux dev hda7 4858 6132 10241406 83 Linux dev hda8 6133 10011 31158036 83 Linux The output of fdisk -l shows...

Using the CUPS Web Interface

The CUPS web interface can be viewed from a browser using port 631 (see Figure 19-8). By default, SUSE's settings allow only administrative changes through the browser interface when connecting from the local machine. This can be changed in the cupsd.conf file, but for now we will look at administering the server from a browser running on itself. So from the local machine, you need to browse to http localhost 631. If you click the link Do Administrative Tasks or other links that require...

Setting Up a Samba Server

Like most administrative tasks on a SUSE Linux system, configuring and starting a Samba server is most easily done through YaST. You can start YaST in the same way as discussed earlier in the chapter in the section Configuring a Samba Client. To configure and start a Samba server, follow these steps 1. Click the Network Services icon in the left pane of the YaST Control Center and scroll down the right pane until you see the Samba Server icon, as shown in Figure 18-12. 2. Click the Samba Server...

Installing Additional Software with YaST

Unless you installed every available package when you installed your SUSE system, you'll eventually hear (or read about) some additional software package from the SUSE distribution CDs or DVD that you wish you'd installed. Chapter 12 explains how to install additional software packages from the command line, but if this software is on the SUSE distribution CDs or DVD, you'll have to figure out where to find it first. Luckily, SUSE's YaST tool makes it easy to both locate and install additional...

Configuring Your Hardware

When you have read the release notes, click Next and you will be asked to configure your hardware (see Figure 1-30). The YaST installer and the YaST system configuration manager runs the same modules to configure hardware. For now you will configure the video card so that you can use X KDE GNOME. YaST in SUSE 10 has changed the way it detects your graphics capabilities. YaST will automatically sense what your current configuration is and will then allow you to change those individual settings....

Searching Files with grep

The grep (global regular expression print) command is a very useful tool for finding stuff in files. It can do much more than even the examples that follow this paragraph indicate. Beyond simply searching for text, it can search for regular expressions. It's a regular expression parser, and regular expressions are a subject for a book in themselves. When using or administering a system, you often need to look for lines in a file that contain a certain string. In the first example that follows,...

The SUSE Rescue System

We have talked about fixing system problems by changing the boot runlevel of the system temporarily, but what if you encounter a dire problem such as forgetting the root password This requires another approach because you will need the root password at some point. dev fdG on media floppy type subfs Loading required kernel nodules done Restore device permissions done Activating remaining swap-devices in etc fstab done Sett i ng schedu1i ng t imes1 ices unused Setting up hostname 'bible' done...

Setting Up a Windows Client to Print to the CUPS Server

Recent versions of Windows support the IPP protocol, so you can set them up to print to a CUPS server. Note j0 use pp prjntjng on Windows 95 and 98 you need to download the file Printing from a Windows client using IPP is an alternative to using Samba as the print server on Linux. The printer does not appear as a Windows shared printer from the point of view of the Windows client, and unfortunately this means that you can't just browse for it as you would for a Windows shared printer or Samba...

Office Formats

The .rtf (Rich Text Format) format is often mentioned as an open text-based format for interchanging documents. This file format was developed by Microsoft. It is a plain text format with markup, and there is an openly published specification for it, unlike the binary .doc files. An RTF file is actually not so nice when you look inside it user bible > less afile.rtf rtf1 ansi deff0 adeflang1025 fonttbl f0 froman fprq2 fcharset0 Nimbus Roman No9 L * falt Times New Roman f1 froman fprq2...

Webmin and YaST

The variety of modules that Webmin includes can be seen from the Networking tab and Servers tab (see Figure 14-10). These include items that have only recently become part of YaST (such as IPsec configuration and HTTP configuration) and others that are still not included in YaST (such as Point-to-Point Tunneling Protocol PPTP server and client, CVS server, MySQL server, and others). Webmin provides a convenient alternative to YaST that you can use from anywhere. In the longer term it would be...

CSV Files

CSV (comma-separated values) is a common format for interchanging data, particularly as an export format from various commercial applications running on Windows. A CSV file consists of a set of lines of text. Each line is broken into fields by a field separator, which is usually the comma, and each field is usually surrounded by quotes. First Name,Second Name,Street Address,City The OpenOffice.org imports a CSV file into its spreadsheet how perfectly it will do this depends on the exact format...

Using the Qlogic Driver

The most common QLA card in circulation at the moment is the QLA2300 chipset, which is fully supported by SUSE. It is very likely that YaST would have found your Qlogic card during installation and would have configured the driver to load at boot time. If you have installed the driver after installation, you may need to configure your SAN access manually from Linux 1. Manually load the driver and see if you can access your storage. While the driver loads, you may see your system lock up. This...

Configuring and Using DHCP Services

Today's networks are more complex than ever before. In addition to traditional requirements that each user's desk top system be connected to the network, many other devices such as printers, fax machines, laptop and notebook computers, and personal digital assistants (PDAs) now typically require network connections. Because today's networks typically use numerous IP addresses, system administrators must manage the set of IP addresses available to them more effectively within an enterprise and...

Listing 78 Apache logrotate Entry for accesslog

var log apache2 access_log compress dateext maxage 3 6 5 rotate 99 size +4096k notifempty missingok etc init.d apache2 reload endscript As you can see in the listing, a given logrotate entry is made up of multiple directives. Each of these directives gives logrotate some instruction as to how to behave toward the log files covered by that particular logrotate entry. Table 7-3 details each of the directives in this file and the actions they inspire. No,e Each file that you would like to be...

Future Directions for Linux Logging

Although this chapter discussed two different system logging applications for Linux, there are actually many more, each designed to solve or simplify different types of logging concerns. One of the more interesting developments in system logging is the evlog (Event Log) application originally developed by IBM for use in its enterprise AIX environments and later released to the open source community. Although still maturing, the evlog project is an ambitious effort that is POSIX-compliant and...

NFS Security Considerations

Just as with SMB shares, you certainly should not make it available beyond the private network. The lists of allowed client IPs or host names in the exports file are no defense against someone who is able to alter a machine's IP address (which with physical access in practice means anyone). The point made in the previous section about UIDs means that a user may have the wrong permissions on another user's files on the server, but if a user has root access on...

Listing 152 Output of route n with No Default Route

Bible route -n Kernel IP routing table Destination Gateway Gtemask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo As you can see, this example uses the -n option to suppress the use of name resolution. When you suppress name resolution, it speeds up the execution of the command because it will not try to resolve an IP address to a name using your name resolver, which could at best be your local host's file or at worst be your...

Browsing Available Windows Resources

SUSE Linux provides a number of different ways to browse Windows networks to identify and access available resources. The most common of these is to use the Konqueror browser, shown in Figure 18-5. SMB support in Konqueror is constantly being improved, so make sure that you have installed the latest version of the kdebase3 package using YaST's Online Update control (discussed in Chapter 9) if you encounter problems. Figure 18-5 Browsing SMB resources in Konqueror Figure 18-5 Browsing SMB...

Using Squid as a Transparent Proxy

One of the difficulties in running a web proxy is that each client browser has to be configured to use it. A much neater solution is to force all attempts to access a web site to go through the proxy. This can be achieved quite simply by using iptables firewall rules on the machine where Squid runs. What you want to do is to intercept all outbound packets to external hosts on port 80 (and certain others perhaps) and redirect them to port 3128 on the server. Squid will then do the proxying. So...

Running Microsoft Windows Applications Using Wine

Even the most rabid Linux fanatic has to recognize that there are times when you must run Microsoft Windows applications for compatibility reasons with other applications or your co-workers. As discussed elsewhere in this chapter, one solution is to run software such as VMWare that emulates an entire Windows system. Within the context of this virtual machine, you can then install and execute the Windows applications that you need to run because the virtual machine looks like an actual Windows...

Listing 1515 Using ping to Test Network Connectivity

PING zen.palmcoder.net (212.13.208.115) 56(84) bytes of data. 64 bytes from icmp_seq 1 ttl 55 time 64 bytes from icmp_seq 2 ttl 55 time 28.4 ms 64 bytes from icmp_seq 3 ttl 55 time 30.0 ms zen.palmccder.net ping statistics 3 packets transmitted, 3 received, 0 packet less, time 2001ms rtt min avg max mdev 27.015 28.482 30.028 1.231 ms Here, you can see the machine thinkpad sending an Internet Control Message Protocol (ICMP) echo request to the machine zen. When zen receives this ICMP echo...

Configuring a Samba Client

Like most administrative tasks on a SUSE Linux system, configuring and starting a Samba client is most easily done through YaST. If you are running the X Window system KDE desktop (SUSE's default graphical environment), you can execute by selecting YaST from the Control Center menu, which is available by clicking the SUSE icon at the bottom-left corner of your KDE desktop. If you start YaST as the root user, the YaST dialog box is displayed, as shown in Figure 18-1. Note f y0U start YaST as any...

Installing and Running QEMU

To use QEMU without the accelerator module, all you need to do is to install the package on the SUSE media. If you want to try a version that is newer than the one currently offered by SUSE, you can download a binary distribution from the QEMU web site, which can be installed simply by copying it to the root directory and unpacking it You can also build QEMU from source, although there is normally no real need to do so unless you want to apply some obscure options at compile time. If you want...

Top Level Domains

Top-level domains (TLDs) encompass the .com, .net, .erg, .co.uk, and other similar domains on the Internet. These top-level domains contain information about lower-level domains in the DNS address space. For example, palmcoder.net is under the control of the .net namespace (not the Microsoft programming architecture ). In Figure 21-1, you can see that palmcoder.net falls under the administrative domain of the .net TLD. Figure 21-1 Top-level domain organization Figure 21-1 Top-level domain...

Configuring a DNS Server

We have talked about a few backbone services of the Internet in this book, but one of the most important ones is the role of the nameserver. Imagine life without names going to your favorite search engine e.g., www.google.com would involve your having to type http 66.l02.ll.l04. Not so bad, but if you had ten favorite sites, you would have to remember all of those addresses. As TCP IP needs to use IP addresses to make a connection to another machine, the Domain Name System DNS is important to...

Logging with syslog

The standard Linux logging facility is syslog. The syslog daemon intercepts messages logged to the system logging facility and then processes those messages based on the configuration specified in etc syslog.conf. The other side of syslog is the klogd process, the kernel logging process that processes kernel-specific messages such as kernel crashes or a failure in a component of the kernel for example, a kernel module . No,e Not all processes use the syslog method of logging. You will see in...

Configuring sendmail

Sendmail's primary configuration information is stored in the file etc sendmail f. Additional configuration information is stored in the directory etc mail. The file etc sendmail.cf is a text file that contains configuration information consisting of name value pairs on separate lines of the file. Most systems that run sendmail create the file etc sendmail.cf from another file, sendmail.mc, which is often stored in the etc mail Linux systems such as Red Hat or usr lib mail cf Solaris directory....

Creating Xen Virtual Machines Using YaST

SUSE's YaST provides a Virtual Machine Installation module that makes it easy to create and configure Xen virtual machines. In order to use this module, you must first be running a Xen-enabled kernel. You can then configure a Xen virtual machine by doing the following 1. Start the Control Center and select YaST2 Modules, or start YaST2 directly. Select the Software topic from the left pane and click the Virtual Machine Installation XEN icon. If you are not already running as the root user, you...

Configuration Parameters

The Postfix configuration format is quite easy to follow if you have some background in Linux and the SMTP protocol, which is one of its strengths. The next sections provide a breakdown of the configuration file's options with a description of the parameter uses. When mail is received by Postfix, it is held in the mail queue for further processing until it is delivered to the user's mailbox. Each mail is stored in a separate file in the queue directory for Postfix to pick up when needed. This...

Getting Started with Squid on SUSE

The SUSE installation media contain the Squid installation package first, you need to install this in the usual way using YaST. Squid is included in the YaST installation selection Network Server. For this discussion, we assume that you are setting up Squid on a machine on your network that has adequate access to the outside world. Depending on which version of SUSE you are running, simply installing and starting Squid may not be enough. SLES 9 and older versions of SUSE Professional come with...

Listing 211 Using dig to Test a DNS Server

Warning ID mismatch expected ID 23997, got 50172 Warning ID mismatch expected ID 23997, got 50172 lt lt gt gt DiG 9.2.3 lt lt gt gt www.palmcoder.net global options printcnri Got answer - gt gt HEADER lt lt - opcode QUERY, status NOERROR, id 23997 flags qr rd ra QUERY 1, ANSWER 2, AUTHORITY 1, ADDITIONAL 0 QUESTION SECTION www.palm oder.net. IN A www.palmcoder.net. 38396 IN CNAME zen.palncoder.net. zen.palncoder.net. 38400 IN A 212.13.208.115 palmcoder.net. 38400 IN NS zen.palmcoder.net. Query...

Using the YaSt Dhcp Server Wizard

The first time that you configure a DHCP server in YaST, YaST provides an easy-to-use DHCP Server Wizard that walks you through the basic stages of DHCP server configuration. After you have set up a DHCP server, YaST provides a slightly different interface to the same configuration information, which is discussed in the following section. To set up and configure a DHCP server for the first time using YaST, do the following 1. Start YaST and select the Network Services item from the left pane,...

The SOA Record

The brackets around the rest of the data dictate that everything else up to the closing bracket is part of the SOA record. All time settings are in seconds. The first entry is the serial number for the zone. This is one of the most important parts of the SOA because it must be changed any time you edit the zone file. It is the serial number that tells other DNS servers that are querying your DNS server that data has changed. If you do not change the serial number, your changes will not get...

User Authentication

A common requirement is to add user authentication so that only known users within the network can get web access via Squid. The simplest way to do this is to make use of whatever authentication methods are available on the machine where Squid is running, using PAM Pluggable Authentication Modules . To do this, you need something like the following in etc squid squid.conf auth_param basic program usr sbin pam_auth This says that you should use PAM for authentication Whatever authentication...

Troubleshooting DHCP Clients

Most of the problems that you may see in DHCP environments are related to DHCP clients that somehow retrieve erroneous information from a DHCP server. This is almost always the result of people starting DHCP servers on other systems that either serve the same range of IP addresses as your DHCP server or serve an entirely different set of IP addresses. If a DHCP client on your system retrieves an IP address that is in the same range as those delivered by your DHCP server but any other aspect of...

Listing 174 Testing the POP3 Server with Telnet

Bible telnet localhost 110 Trying 127.0.0.1 Connected to localhost. Escape character is OK ready lt 2282.1088970620 bible gt user justin OK Password required for justin. pass password OK justin has 1 visible message 0 hidden in 544 octets. As you can see, the user justin has one unread mail that is 544 octets in length. You can pass other parameters to Qpopper to extend its functionality. For example, if you want to allow your users to enter their usernames in uppercase or mixed case format,...

The Start of Authority

At the start of the zone, you have the SOA record. The Start of Authority dictates that this zone is authoritative for the domain in question, palmcoder.net. No,e Notice that palmcoder.net ends in a full stop a period for our American cousins . This is extremely important in the zone file for any domain. As you saw in Figure 21-1, the top of the DNS tree is the root of the DNS tree. A full stop is the delimiter for the end of the DNS tree, following the palmcoder.net domain all the way up the...

Listing 173 Enabling Qpopper in inetd

The network process inetd accepts connections from standard ports and passes control over to a specific application. Whereas Postfix listens on port 25 in daemon mode, Qpopper relies on inetd to provide its listening services. When enabled, start inetd to enable POP3 access to your mail. Once started, you can test connectivity with Telnet as we discuss in more detail in Chapter 15. Listing 17-4 shows an example.

Listing 205 Using tcpdump

tcpdump -lenx -s 1500 dhcpdump Error in paCkEt . TIME 01 27 46.168382 IP 192.168.6.200.1024 00 30 65 3c 7e 22 gt 255.255.255.255.514 ff ff ff ff ff ff n OP 60 Boot file size HTYPE 49 null HLEN 52 HOPS 50 XID 3E303537 SECS 14112 FLAGS 33fc CIADDR 48.32.68.72 YIADDR 67.80.32.83 SIADDR 69.82.86.69 GIADDR 82.32.79.102 CHADDR SNAME Offering 192.168.6.243 To 00112F8D94B8 By 192.168.6.200. FNAME . Error in packet TIME 01 28 15.044104 IP 192.168.6.246.2190 00 06 25 07 f7 0e gt 192.168.6.255.2190 ff ff...