Tuesday 24 December 2019

LPIC-3 Exam 300: Mixed Environment

LPIC-3, Mixed Environment, LPI Study Materials, LPI Guides, LPI Tutorial and Material, LPI Certifications

Exam Objectives Version: Version 1.0

Exam Code: 300-100

About Objective Weights: Each objective is assigned a weighting value. The weights indicate the relative importance of each objective on the exam. Objectives with higher weights will be covered in the exam with more questions.

Exam Topics


LPIC-3, Mixed Environment, LPI Study Materials, LPI Guides, LPI Tutorial and Material, LPI Certifications

Topic 390: OpenLDAP Configuration


390.1 OpenLDAP Replication

Description: Candidates should be familiar with the server replication available with OpenLDAP.

Weight: 3

Key Knowledge Areas:

◈ Replication concepts
◈ Configure OpenLDAP replication
◈ Analyze replication log files
◈ Understand replica hubs
◈ LDAP referrals
◈ LDAP sync replication

The following is a partial list of the used files, terms and utilities:

◈ master / slave server
◈ multi-master replication
◈ consumer
◈ replica hub
◈ one-shot mode
◈ referral
◈ syncrepl
◈ pull-based / push-based synchronization
◈ refreshOnly and refreshAndPersist
◈ replog

390.2 Securing the Directory

Description: Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.

Weight: 3

Key Knowledge Areas:

◈ Securing the directory with SSL and TLS
◈ Firewall considerations
◈ Unauthenticated access methods
◈ User / password authentication methods
◈ Maintanence of SASL user DB
◈ Client / server certificates

Terms and Utilities:

◈ SSL / TLS
◈ Security Strength Factors (SSF)
◈ SASL
◈ proxy authorization
◈ StartTLS
◈ iptables

390.3 OpenLDAP Server Performance Tuning

Weight: 2

Description: Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.

Key Knowledge Areas:

◈ Measure OpenLDAP performance
◈ Tune software configuration to increase performance
◈ Understand indexes

Terms and Utilities:

◈ index
◈ DB_CONFIG

Topic 391: OpenLDAP as an Authentication Backend


391.1 LDAP Integration with PAM and NSS

Weight: 2

Description: Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

◈ Configure PAM to use LDAP for authentication
◈ Configure NSS to retrieve information from LDAP
◈ Configure PAM modules in various Unix environments

Terms and Utilities:

◈ PAM
◈ NSS
◈ /etc/pam.d/
◈ /etc/nsswitch.conf

391.2 Integrating LDAP with Active Directory and Kerberos

Weight: 2

Description: Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

◈ Kerberos integration with LDAP
◈ Cross platform authentication
◈ Single sign-on concepts
◈ Integration and compatibility limitations between OpenLDAP and Active Directory

Terms and Utilities:

◈ Kerberos
◈ Active Directory
◈ single sign-on
◈ DNS

Topic 392: Samba Basics


392.1 Samba Concepts and Architecture

Weight: 2

Description: Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.

Key Knowledge Areas:

◈ Understand the roles of the Samba daemons and components
◈ Understand key issues regarding heterogeneous networks
◈ Identify key TCP/UDP ports used with SMB/CIFS
◈ Knowledge of Samba3 and Samba4 differences

The following is a partial list of the used files, terms and utilities:

◈ /etc/services
◈ Samba daemons: smbd, nmbd, samba, winbindd

392.2 Configure Samba

Weight: 4

Description: Candidates should be able to configure the Samba daemons for a wide variety of purposes.

Key Knowledge Areas:

◈ Knowledge of Samba server configuration file structure
◈ Knowledge of Samba variables and configuration parameters
◈ Troubleshoot and debug configuration problems with Samba

Terms and Utilities:

◈ smb.conf
◈ smb.conf parameters
◈ smb.conf variables
◈ testparm
◈ secrets.tdb

392.3 Regular Samba Maintenance

Weight: 2

Description: Candidates should know about the various tools and utilities that are part of a Samba installation.

Key Knowledge Areas:

◈ Monitor and interact with running Samba daemons
◈ Perform regular backups of Samba configuration and state data

Terms and Utilities:

◈ smbcontrol
◈ smbstatus
◈ tdbbackup

392.4 Troubleshooting Samba

Weight: 2

Description: Candidates should understand the structure of trivial database files and know how troubleshoot problems.

Key Knowledge Areas:

◈ Configure Samba logging
◈ Backup TDB files
◈ Restore TDB files
◈ Identify TDB file corruption
◈ Edit / list TDB file content

Terms and Utilities:

◈ /var/log/samba/
◈ log level
◈ debuglevel
◈ smbpasswd
◈ pdbedit
◈ secrets.tdb
◈ tdbbackup
◈ tdbdump
◈ tdbrestore
◈ tdbtool

392.5 Internationalization

Weight: 1

Description: Candidates should be able to work with internationalization character codes and code pages.

Key Knowledge Areas:

◈ Understand internationalization character codes and code pages
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment

Terms and Utilities:

◈ internationalization
◈ character codes
◈ code pages
◈ smb.conf
◈ dos charset, display charset and unix charset

Topic 393: Samba Share Configuration


393.1 File Services

Weight: 4

Description: Candidates should be able to create and configure file shares in a mixed environment.

Key Knowledge Areas:

◈ Create and configure file sharing
◈ Plan file service migration
◈ Limit access to IPC$
◈ Create scripts for user and group handling of file shares
◈ Samba share access configuration parameters

Terms and Utilities:

◈ smb.conf
◈ [homes]
◈ smbcquotas
◈ smbsh
◈ browseable, writeable, valid users, write list, read list, read only and guest ok
◈ IPC$
◈ mount, smbmount

393.2 Linux File System and Share/Service Permissions

Weight: 3

Description: Candidates should understand file permissions on a Linux file system in a mixed environment.

Key Knowledge Areas:

◈ Knowledge of file / directory permission control
◈ Understand how Samba interacts with Linux file system permissions and ACLs
◈ Use Samba VFS to store Windows ACLs

Terms and Utilities:

◈ smb.conf
◈ chmod, chown
◈ create mask, directory mask, force create mode, force directory mode
◈ smbcacls
◈ getfacl, setfacl
◈ vfs_acl_xattr, vfs_acl_tdb and vfs objects

393.3 Print Services

Weight: 2

Description: Candidates should be able to create and manage print shares in a mixed environment.

Key Knowledge Areas:

◈ Create and configure printer sharing
◈ Configure integration between Samba and CUPS
◈ Manage Windows print drivers and configure downloading of print drivers
◈ Configure [print$]
◈ Understand security concerns with printer sharing
◈ Uploading printer drivers for Point’n’Print driver installation using ‘Add Print Driver Wizard’ in Windows

Terms and Utilities:

◈ smb.conf
◈ [print$]
◈ CUPS
◈ cupsd.conf
◈ /var/spool/samba/.
◈ smbspool
◈ rpcclient
◈ net

Topic 394: Samba User and Group Management


394.1 Managing User Accounts and Groups

Weight: 4

Description: Candidates should be able to manage user and group accounts in a mixed environment.

Key Knowledge Areas:

◈ Manager user and group accounts
◈ Understand user and group mapping
◈ Knowledge of user account management tools
◈ Use of the smbpasswd program
◈ Force ownership of file and directory objects

Terms and Utilities:

◈ pdbedit
◈ smb.conf
◈ samba-tool user (with subcommands)
◈ samba-tool group (with subcommands)
◈ smbpasswd
◈ /etc/passwd
◈ /etc/group
◈ force user, force group.
◈ idmap

394.2 Authentication, Authorization and Winbind

Weight: 5

Description: Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

◈ Setup a local password database
◈ Perform password synchronization
◈ Knowledge of different passdb backends
◈ Convert between Samba passdb backends
◈ Integrate Samba with LDAP
◈ Configure Winbind service
◈ Configure PAM and NSS

Terms and Utilities:

◈ smb.conf
◈ smbpasswd, tdbsam, ldapsam
◈ passdb backend
◈ libnss_winbind
◈ libpam_winbind
◈ libpam_smbpass
◈ wbinfo
◈ getent
◈ SID and foreign SID
◈ /etc/passwd
◈ /etc/group

Topic 395: Samba Domain Integration


395.1 Samba as a PDC and BDC

Weight: 3

Description: Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.

Key Knowledge Areas:

◈ Understand and configure domain membership and trust relationships
◈ Create and maintain a primary domain controller with Samba3 and Samba4
◈ Create and maintain a backup domain controller with Samba3 and Samba4
◈ Add computers to an existing domain
◈ Configure logon scripts
◈ Configure roaming profiles
◈ Configure system policies

Terms and Utilities:

◈ smb.conf
◈ security mode
◈ server role
◈ domain logons
◈ domain master
◈ logon script
◈ logon path
◈ NTConfig.pol
◈ net
◈ profiles
◈ add machine script
◈ profile acls

395.2 Samba4 as an AD compatible Domain Controller

Weight: 3

Description: Candidates should be able to configure Samba 4 as an AD Domain Controller.

Key Knowledge Areas:

◈ Configure and test Samba 4 as an AD DC
◈ Using smbclient to confirm AD operation
◈ Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP

Terms and Utilities:

◈ smb.conf
◈ server role
◈ samba-tool domain (with subcommands)
◈ samba

395.3 Configure Samba as a Domain Member Server

Weight: 3

Description: Candidates should be able to integrate Linux servers into an environment where Active Directory is present.

Key Knowledge Areas:

◈ Joining Samba to an existing NT4 domain
◈ Joining Samba to an existing AD domain
◈ Ability to obtain a TGT from a KDC

Terms and Utilities:

◈ smb.conf
◈ server role
◈ server security
◈ net command
◈ kinit, TGT and REALM

Topic 396: Samba Name Services


396.1 NetBIOS and WINS

Weight: 3

Description: Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.

Key Knowledge Areas:

◈ Understand WINS concepts
◈ Understand NetBIOS concepts
◈ Understand the role of a local master browser
◈ Understand the role of a domain master browser
◈ Understand the role of Samba as a WINS server
◈ Understand name resolution
◈ Configure Samba as a WINS server
◈ Configure WINS replication
◈ Understand NetBIOS browsing and browser elections
◈ Understand NETBIOS name types

Terms and Utilities:

◈ smb.conf
◈ nmblookup
◈ smbclient
◈ name resolve order
◈ lmhosts
◈ wins support, wins server, wins proxy, dns proxy
◈ domain master, os level, preferred master

396.2 Active Directory Name Resolution

Weight: 2

Description: Candidates should be familiar with the internal DNS server with Samba4.

Key Knowledge Areas:

◈ Understand and manage DNS for Samba4 as an AD Domain Controller
◈ DNS forwarding with the internal DNS server of Samba4

Terms and Utilities:

◈ samba-tool dns (with subcommands)
◈ smb.conf
◈ dns forwarder
◈ /etc/resolv.conf
◈ dig, host

Topic 397: Working with Linux and Windows Clients


397.1 CIFS Integration

Weight: 3

Description: Candidates should be comfortable working with CIFS in a mixed environment.

Key Knowledge Areas:

◈ Understand SMB/CIFS concepts
◈ Access and mount remote CIFS shares from a Linux client
◈ Securely storing CIFS credentials
◈ Understand features and benefits of CIFS
◈ Understand permissions and file ownership of remote CIFS shares

Terms and Utilities:

◈ SMB/CIFS
◈ mount, mount.cifs
◈ smbclient
◈ smbget
◈ smbtar
◈ smbtree
◈ findsmb
◈ smb.conf
◈ smbcquotas
◈ /etc/fstab

397.2 Working with Windows Clients

Weight: 2

Description: Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers.

Key Knowledge Areas:

◈ Knowledge of Windows clients
◈ Explore browse lists and SMB clients from Windows
◈ Share file / print resources from Windows
◈ Use of the smbclient program
◈ Use of the Windows net utility

Terms and Utilities:

◈ Windows net command
◈ smbclient
◈ control panel
◈ rdesktop
◈ workgroup

Related Posts

0 comments:

Post a Comment