Exam Code: 300-100
About Objective Weights: Each objective is assigned a weighting value. The weights indicate the relative importance of each objective on the exam. Objectives with higher weights will be covered in the exam with more questions.
Exam Topics
Topic 390: OpenLDAP Configuration
390.1 OpenLDAP Replication
Description: Candidates should be familiar with the server replication available with OpenLDAP.
Weight: 3
Key Knowledge Areas:
◈ Replication concepts
◈ Configure OpenLDAP replication
◈ Analyze replication log files
◈ Understand replica hubs
◈ LDAP referrals
◈ LDAP sync replication
The following is a partial list of the used files, terms and utilities:
◈ master / slave server
◈ multi-master replication
◈ consumer
◈ replica hub
◈ one-shot mode
◈ referral
◈ syncrepl
◈ pull-based / push-based synchronization
◈ refreshOnly and refreshAndPersist
◈ replog
390.2 Securing the Directory
Description: Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.
Weight: 3
Key Knowledge Areas:
◈ Securing the directory with SSL and TLS
◈ Firewall considerations
◈ Unauthenticated access methods
◈ User / password authentication methods
◈ Maintanence of SASL user DB
◈ Client / server certificates
Terms and Utilities:
◈ SSL / TLS
◈ Security Strength Factors (SSF)
◈ SASL
◈ proxy authorization
◈ StartTLS
◈ iptables
390.3 OpenLDAP Server Performance Tuning
Weight: 2
Description: Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.
Key Knowledge Areas:
◈ Measure OpenLDAP performance
◈ Tune software configuration to increase performance
◈ Understand indexes
Terms and Utilities:
◈ index
◈ DB_CONFIG
Topic 391: OpenLDAP as an Authentication Backend
391.1 LDAP Integration with PAM and NSS
Weight: 2
Description: Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.
Key Knowledge Areas:
◈ Configure PAM to use LDAP for authentication
◈ Configure NSS to retrieve information from LDAP
◈ Configure PAM modules in various Unix environments
Terms and Utilities:
◈ PAM
◈ NSS
◈ /etc/pam.d/
◈ /etc/nsswitch.conf
391.2 Integrating LDAP with Active Directory and Kerberos
Weight: 2
Description: Candidates should be able to integrate LDAP with Active Directory Services.
Key Knowledge Areas:
◈ Kerberos integration with LDAP
◈ Cross platform authentication
◈ Single sign-on concepts
◈ Integration and compatibility limitations between OpenLDAP and Active Directory
Terms and Utilities:
◈ Kerberos
◈ Active Directory
◈ single sign-on
◈ DNS
Topic 392: Samba Basics
392.1 Samba Concepts and Architecture
Weight: 2
Description: Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.
Key Knowledge Areas:
◈ Understand the roles of the Samba daemons and components
◈ Understand key issues regarding heterogeneous networks
◈ Identify key TCP/UDP ports used with SMB/CIFS
◈ Knowledge of Samba3 and Samba4 differences
The following is a partial list of the used files, terms and utilities:
◈ /etc/services
◈ Samba daemons: smbd, nmbd, samba, winbindd
392.2 Configure Samba
Weight: 4
Description: Candidates should be able to configure the Samba daemons for a wide variety of purposes.
Key Knowledge Areas:
◈ Knowledge of Samba server configuration file structure
◈ Knowledge of Samba variables and configuration parameters
◈ Troubleshoot and debug configuration problems with Samba
Terms and Utilities:
◈ smb.conf
◈ smb.conf parameters
◈ smb.conf variables
◈ testparm
◈ secrets.tdb
392.3 Regular Samba Maintenance
Weight: 2
Description: Candidates should know about the various tools and utilities that are part of a Samba installation.
Key Knowledge Areas:
◈ Monitor and interact with running Samba daemons
◈ Perform regular backups of Samba configuration and state data
Terms and Utilities:
◈ smbcontrol
◈ smbstatus
◈ tdbbackup
392.4 Troubleshooting Samba
Weight: 2
Description: Candidates should understand the structure of trivial database files and know how troubleshoot problems.
Key Knowledge Areas:
◈ Configure Samba logging
◈ Backup TDB files
◈ Restore TDB files
◈ Identify TDB file corruption
◈ Edit / list TDB file content
Terms and Utilities:
◈ /var/log/samba/
◈ log level
◈ debuglevel
◈ smbpasswd
◈ pdbedit
◈ secrets.tdb
◈ tdbbackup
◈ tdbdump
◈ tdbrestore
◈ tdbtool
392.5 Internationalization
Weight: 1
Description: Candidates should be able to work with internationalization character codes and code pages.
Key Knowledge Areas:
◈ Understand internationalization character codes and code pages
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to user and group naming in a non-English environment
◈ Understand the difference in the name space between Windows and Linux/Unix with respect to computer naming in a non-English environment
Terms and Utilities:
◈ internationalization
◈ character codes
◈ code pages
◈ smb.conf
◈ dos charset, display charset and unix charset
Topic 393: Samba Share Configuration
393.1 File Services
Weight: 4
Description: Candidates should be able to create and configure file shares in a mixed environment.
Key Knowledge Areas:
◈ Create and configure file sharing
◈ Plan file service migration
◈ Limit access to IPC$
◈ Create scripts for user and group handling of file shares
◈ Samba share access configuration parameters
Terms and Utilities:
◈ smb.conf
◈ [homes]
◈ smbcquotas
◈ smbsh
◈ browseable, writeable, valid users, write list, read list, read only and guest ok
◈ IPC$
◈ mount, smbmount
393.2 Linux File System and Share/Service Permissions
Weight: 3
Description: Candidates should understand file permissions on a Linux file system in a mixed environment.
Key Knowledge Areas:
◈ Knowledge of file / directory permission control
◈ Understand how Samba interacts with Linux file system permissions and ACLs
◈ Use Samba VFS to store Windows ACLs
Terms and Utilities:
◈ smb.conf
◈ chmod, chown
◈ create mask, directory mask, force create mode, force directory mode
◈ smbcacls
◈ getfacl, setfacl
◈ vfs_acl_xattr, vfs_acl_tdb and vfs objects
393.3 Print Services
Weight: 2
Description: Candidates should be able to create and manage print shares in a mixed environment.
Key Knowledge Areas:
◈ Create and configure printer sharing
◈ Configure integration between Samba and CUPS
◈ Manage Windows print drivers and configure downloading of print drivers
◈ Configure [print$]
◈ Understand security concerns with printer sharing
◈ Uploading printer drivers for Point’n’Print driver installation using ‘Add Print Driver Wizard’ in Windows
Terms and Utilities:
◈ smb.conf
◈ [print$]
◈ CUPS
◈ cupsd.conf
◈ /var/spool/samba/.
◈ smbspool
◈ rpcclient
◈ net
Topic 394: Samba User and Group Management
394.1 Managing User Accounts and Groups
Weight: 4
Description: Candidates should be able to manage user and group accounts in a mixed environment.
Key Knowledge Areas:
◈ Manager user and group accounts
◈ Understand user and group mapping
◈ Knowledge of user account management tools
◈ Use of the smbpasswd program
◈ Force ownership of file and directory objects
Terms and Utilities:
◈ pdbedit
◈ smb.conf
◈ samba-tool user (with subcommands)
◈ samba-tool group (with subcommands)
◈ smbpasswd
◈ /etc/passwd
◈ /etc/group
◈ force user, force group.
◈ idmap
394.2 Authentication, Authorization and Winbind
Weight: 5
Description: Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.
Key Knowledge Areas:
◈ Setup a local password database
◈ Perform password synchronization
◈ Knowledge of different passdb backends
◈ Convert between Samba passdb backends
◈ Integrate Samba with LDAP
◈ Configure Winbind service
◈ Configure PAM and NSS
Terms and Utilities:
◈ smb.conf
◈ smbpasswd, tdbsam, ldapsam
◈ passdb backend
◈ libnss_winbind
◈ libpam_winbind
◈ libpam_smbpass
◈ wbinfo
◈ getent
◈ SID and foreign SID
◈ /etc/passwd
◈ /etc/group
Topic 395: Samba Domain Integration
395.1 Samba as a PDC and BDC
Weight: 3
Description: Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.
Key Knowledge Areas:
◈ Understand and configure domain membership and trust relationships
◈ Create and maintain a primary domain controller with Samba3 and Samba4
◈ Create and maintain a backup domain controller with Samba3 and Samba4
◈ Add computers to an existing domain
◈ Configure logon scripts
◈ Configure roaming profiles
◈ Configure system policies
Terms and Utilities:
◈ smb.conf
◈ security mode
◈ server role
◈ domain logons
◈ domain master
◈ logon script
◈ logon path
◈ NTConfig.pol
◈ net
◈ profiles
◈ add machine script
◈ profile acls
395.2 Samba4 as an AD compatible Domain Controller
Weight: 3
Description: Candidates should be able to configure Samba 4 as an AD Domain Controller.
Key Knowledge Areas:
◈ Configure and test Samba 4 as an AD DC
◈ Using smbclient to confirm AD operation
◈ Understand how Samba integrates with AD services: DNS, Kerberos, NTP, LDAP
Terms and Utilities:
◈ smb.conf
◈ server role
◈ samba-tool domain (with subcommands)
◈ samba
395.3 Configure Samba as a Domain Member Server
Weight: 3
Description: Candidates should be able to integrate Linux servers into an environment where Active Directory is present.
Key Knowledge Areas:
◈ Joining Samba to an existing NT4 domain
◈ Joining Samba to an existing AD domain
◈ Ability to obtain a TGT from a KDC
Terms and Utilities:
◈ smb.conf
◈ server role
◈ server security
◈ net command
◈ kinit, TGT and REALM
Topic 396: Samba Name Services
396.1 NetBIOS and WINS
Weight: 3
Description: Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.
Key Knowledge Areas:
◈ Understand WINS concepts
◈ Understand NetBIOS concepts
◈ Understand the role of a local master browser
◈ Understand the role of a domain master browser
◈ Understand the role of Samba as a WINS server
◈ Understand name resolution
◈ Configure Samba as a WINS server
◈ Configure WINS replication
◈ Understand NetBIOS browsing and browser elections
◈ Understand NETBIOS name types
Terms and Utilities:
◈ smb.conf
◈ nmblookup
◈ smbclient
◈ name resolve order
◈ lmhosts
◈ wins support, wins server, wins proxy, dns proxy
◈ domain master, os level, preferred master
396.2 Active Directory Name Resolution
Weight: 2
Description: Candidates should be familiar with the internal DNS server with Samba4.
Key Knowledge Areas:
◈ Understand and manage DNS for Samba4 as an AD Domain Controller
◈ DNS forwarding with the internal DNS server of Samba4
Terms and Utilities:
◈ samba-tool dns (with subcommands)
◈ smb.conf
◈ dns forwarder
◈ /etc/resolv.conf
◈ dig, host
Topic 397: Working with Linux and Windows Clients
397.1 CIFS Integration
Weight: 3
Description: Candidates should be comfortable working with CIFS in a mixed environment.
Key Knowledge Areas:
◈ Understand SMB/CIFS concepts
◈ Access and mount remote CIFS shares from a Linux client
◈ Securely storing CIFS credentials
◈ Understand features and benefits of CIFS
◈ Understand permissions and file ownership of remote CIFS shares
Terms and Utilities:
◈ SMB/CIFS
◈ mount, mount.cifs
◈ smbclient
◈ smbget
◈ smbtar
◈ smbtree
◈ findsmb
◈ smb.conf
◈ smbcquotas
◈ /etc/fstab
397.2 Working with Windows Clients
Weight: 2
Description: Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers.
Key Knowledge Areas:
◈ Knowledge of Windows clients
◈ Explore browse lists and SMB clients from Windows
◈ Share file / print resources from Windows
◈ Use of the smbclient program
◈ Use of the Windows net utility
Terms and Utilities:
◈ Windows net command
◈ smbclient
◈ control panel
◈ rdesktop
◈ workgroup
Posts
0 comments:
Post a Comment