Cari di RHE Linux 
     RHE Linux User Manual
Daftar Isi
(Sebelumnya) 13 : Chapter 12. OpenSSH - Dep ...13 : Chapter 14. DNS Servers - ... (Berikutnya)

Deployment Guide

Part V. Servers

This part discusses various topics related to servers such as how to set up a Web server or share files and directories over the network.

Daftar Isi

13. DHCP Servers
13.1. Why Use DHCP?
13.2. Configuring a DHCP Server
13.2.1. Configuration File
13.2.2. Lease Database
13.2.3. Starting and Stopping the Server
13.2.4. DHCP Relay Agent
13.3. Configuring a DHCP Client
13.4. Configuring a Multihomed DHCP Server
13.4.1. Host Configuration
13.5. DHCP for IPv6 (DHCPv6)
13.6. Additional Resources
13.6.1. Installed Documentation
14. DNS Servers
14.1. Introduction to DNS
14.1.1. Nameserver Zones
14.1.2. Nameserver Types
14.1.3. BIND as a Nameserver
14.2. BIND
14.2.1. Configuring the named Service
14.2.2. Editing Zone Files
14.2.3. Using the rndc Utility
14.2.4. Using the dig Utility
14.2.5. Advanced Features of BIND
14.2.6. Common Mistakes to Avoid
14.2.7. Additional Resources
15. Web Servers
15.1. The Apache HTTP Server
15.1.1. New Features
15.1.2. Notable Changes
15.1.3. Updating the Configuration
15.1.4. Running the httpd Service
15.1.5. Editing the Configuration Files
15.1.6. Working with Modules
15.1.7. Setting Up Virtual Hosts
15.1.8. Setting Up an SSL Server
15.1.9. Additional Resources
16. Mail Servers
16.1. Email Protocols
16.1.1. Mail Transport Protocols
16.1.2. Mail Access Protocols
16.2. Email Program Classifications
16.2.1. Mail Transport Agent
16.2.2. Mail Delivery Agent
16.2.3. Mail User Agent
16.3. Mail Transport Agents
16.3.1. Postfix
16.3.2. Sendmail
16.3.3. Fetchmail
16.3.4. Mail Transport Agent (MTA) Configuration
16.4. Mail Delivery Agents
16.4.1. Procmail Configuration
16.4.2. Procmail Recipes
16.5. Mail User Agents
16.5.1. Securing Communication
16.6. Additional Resources
16.6.1. Installed Documentation
16.6.2. Useful Websites
16.6.3. Related Books
17. Directory Servers
17.1. OpenLDAP
17.1.1. Introduction to LDAP
17.1.2. Installing the OpenLDAP Suite
17.1.3. Configuring an OpenLDAP Server
17.1.4. Running an OpenLDAP Server
17.1.5. Configuring a System to Authenticate Using OpenLDAP
17.1.6. Additional Resources
18. File and Print Servers
18.1. Samba
18.1.1. Introduction to Samba
18.1.2. Samba Daemons and Related Services
18.1.3. Connecting to a Samba Share
18.1.4. Configuring a Samba Server
18.1.5. Starting and Stopping Samba
18.1.6. Samba Server Types and the smb.conf File
18.1.7. Samba Security Modes
18.1.8. Samba Account Information Databases
18.1.9. Samba Network Browsing
18.1.10. Samba with CUPS Printing Support
18.1.11. Samba Distribution Programs
18.1.12. Additional Resources
18.2. FTP
18.2.1. The File Transfer Protocol
18.2.2. The vsftpd Server
18.2.3. Files Installed with vsftpd
18.2.4. Starting and Stopping vsftpd
18.2.5. vsftpd Configuration Options
18.2.6. Additional Resources
18.3. Printer Configuration
18.3.1. Starting the Printer Configuration Tool
18.3.2. Starting Printer Setup
18.3.3. Adding a Local Printer
18.3.4. Adding an AppSocket/HP JetDirect printer
18.3.5. Adding an IPP Printer
18.3.6. Adding an LPD/LPR Host or Printer
18.3.7. Adding a Samba (SMB) printer
18.3.8. Selecting the Printer Model and Finishing
18.3.9. Printing a Test Page
18.3.10. Modifying Existing Printers
18.3.11. Additional Resources

Chapter 13. DHCP Servers

13.1. Why Use DHCP?
13.2. Configuring a DHCP Server
13.2.1. Configuration File
13.2.2. Lease Database
13.2.3. Starting and Stopping the Server
13.2.4. DHCP Relay Agent
13.3. Configuring a DHCP Client
13.4. Configuring a Multihomed DHCP Server
13.4.1. Host Configuration
13.5. DHCP for IPv6 (DHCPv6)
13.6. Additional Resources
13.6.1. Installed Documentation
Dynamic Host Configuration Protocol (DHCP) is a network protocol that automatically assigns TCP/IP information to client machines. Each DHCP client connects to the centrally located DHCP server, which returns the network configuration (including the IP address, gateway, and DNS servers) of that client.

13.1. Why Use DHCP?

DHCP is useful for automatic configuration of client network interfaces. When configuring the client system, you can choose DHCP instead of specifying an IP address, netmask, gateway, or DNS servers. The client retrieves this information from the DHCP server. DHCP is also useful if you want to change the IP addresses of a large number of systems. Instead of reconfiguring all the systems, you can just edit one configuration file on the server for the new set of IP addresses. If the DNS servers for an organization changes, the changes happen on the DHCP server, not on the DHCP clients. When you restart the network or reboot the clients, the changes go into effect.
If an organization has a functional DHCP server correctly connected to a network, laptops and other mobile computer users can move these devices from office to office.

13.2. Configuring a DHCP Server

The dhcp package contains an Internet Systems Consortium (ISC) DHCP server. First, install the package as the superuser:
~]# yum install dhcp
Installing the dhcp package creates a file, /etc/dhcp/dhcpd.conf, which is merely an empty configuration file:
~]# cat /etc/dhcp/dhcpd.conf## DHCP Server Configuration file.#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
The sample configuration file can be found at /usr/share/doc/dhcp-<version>/dhcpd.conf.sample. You should use this file to help you configure /etc/dhcp/dhcpd.conf, which is explained in detail below.
DHCP also uses the file /var/lib/dhcpd/dhcpd.leases to store the client lease database. Refer to Section 13.2.2, "Lease Database" for more information.

13.2.1. Configuration File

The first step in configuring a DHCP server is to create the configuration file that stores the network information for the clients. Use this file to declare options and global options for client systems.
The configuration file can contain extra tabs or blank lines for easier formatting. Keywords are case-insensitive and lines beginning with a hash sign (#) are considered comments.
There are two types of statements in the configuration file:
  • Parameters - State how to perform a task, whether to perform a task, or what network configuration options to send to the client.
  • Declarations - Describe the topology of the network, describe the clients, provide addresses for the clients, or apply a group of parameters to a group of declarations.
The parameters that start with the keyword option are referred to as options. These options control DHCP options; whereas, parameters configure values that are not optional or control how the DHCP server behaves.
Parameters (including options) declared before a section enclosed in curly brackets ({ }) are considered global parameters. Global parameters apply to all the sections below it.

Restart the DHCP daemon for the changes to take effect

If the configuration file is changed, the changes do not take effect until the DHCP daemon is restarted with the command service dhcpd restart.

Use the omshell command

Instead of changing a DHCP configuration file and restarting the service each time, using the omshell command provides an interactive way to connect to, query, and change the configuration of a DHCP server. By using omshell, all changes can be made while the server is running. For more information on omshell, refer to the omshell man page.
In Example 13.1, "Subnet declaration", the routers, subnet-mask, domain-search, domain-name-servers, and time-offset options are used for any host statements declared below it.
For every subnet which will be served, and for every subnet to which the DHCP server is connected, there must be one subnet declaration, which tells the DHCP daemon how to recognize that an address is on that subnet. A subnet declaration is required for each subnet even if no addresses will be dynamically allocated to that subnet.
In this example, there are global options for every DHCP client in the subnet and a range declared. Clients are assigned an IP address within the range.

Example 13.1. Subnet declaration

subnet 192.168.1.0 netmask 255.255.255.0 { option routers  192.168.1.254; option subnet-mask  255.255.255.0; option domain-search  "example.com"; option domain-name-servers   192.168.1.1; option time-offset  -18000; # Eastern Standard Timerange 192.168.1.10 192.168.1.100;}

To configure a DHCP server that leases a dynamic IP address to a system within a subnet, modify Example 13.2, "Range parameter" with your values. It declares a default lease time, maximum lease time, and network configuration values for the clients. This example assigns IP addresses in the range 192.168.1.10 and 192.168.1.100 to client systems.

Example 13.2. Range parameter

default-lease-time 600;max-lease-time 7200;option subnet-mask 255.255.255.0;option broadcast-address 192.168.1.255;option routers 192.168.1.254;option domain-name-servers 192.168.1.1, 192.168.1.2;option domain-search "example.com";subnet 192.168.1.0 netmask 255.255.255.0 {   range 192.168.1.10 192.168.1.100;}

To assign an IP address to a client based on the MAC address of the network interface card, use the hardware ethernet parameter within a host declaration. As demonstrated in Example 13.3, "Static IP address using DHCP", the host apex declaration specifies that the network interface card with the MAC address 00:A0:78:8E:9E:AA always receives the IP address 192.168.1.4.
Note that you can also use the optional parameter host-name to assign a host name to the client.

Example 13.3. Static IP address using DHCP

host apex {   option host-name "apex.example.com";   hardware ethernet 00:A0:78:8E:9E:AA;   fixed-address 192.168.1.4;}

All subnets that share the same physical network should be declared within a shared-network declaration as shown in Example 13.4, "Shared-network declaration". Parameters within the shared-network, but outside the enclosed subnet declarations, are considered to be global parameters. The name of the shared-network must be a descriptive title for the network, such as using the title 'test-lab' to describe all the subnets in a test lab environment.

Example 13.4. Shared-network declaration

shared-network name { option domain-search  "test.redhat.com"; option domain-name-servers  ns1.redhat.com, ns2.redhat.com; option routers  192.168.0.254; more parameters for EXAMPLE shared-network subnet 192.168.1.0 netmask 255.255.252.0 { parameters for subnet range 192.168.1.1 192.168.1.254; } subnet 192.168.2.0 netmask 255.255.252.0 { parameters for subnet range 192.168.2.1 192.168.2.254; }}

As demonstrated in Example 13.5, "Group declaration", the group declaration is used to apply global parameters to a group of declarations. For example, shared networks, subnets, and hosts can be grouped.

Example 13.5. Group declaration

group {   option routers  192.168.1.254;   option subnet-mask  255.255.255.0;   option domain-search  "example.com";   option domain-name-servers   192.168.1.1;   option time-offset  -18000; # Eastern Standard Time   host apex {  option host-name "apex.example.com";  hardware ethernet 00:A0:78:8E:9E:AA;  fixed-address 192.168.1.4;   }   host raleigh {  option host-name "raleigh.example.com";  hardware ethernet 00:A1:DD:74:C3:F2;  fixed-address 192.168.1.6;   }}

Using the sample configuration file

You can use the provided sample configuration file as a starting point and add custom configuration options to it. To copy this file to the proper location, use the following command:
cp /usr/share/doc/dhcp-<version_number>/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
... where <version_number> is the DHCP version number.
For a complete list of option statements and what they do, refer to the dhcp-options man page.

13.2.2. Lease Database

On the DHCP server, the file /var/lib/dhcpd/dhcpd.leases stores the DHCP client lease database. Do not change this file. DHCP lease information for each recently assigned IP address is automatically stored in the lease database. The information includes the length of the lease, to whom the IP address has been assigned, the start and end dates for the lease, and the MAC address of the network interface card that was used to retrieve the lease.
All times in the lease database are in Coordinated Universal Time (UTC), not local time.
The lease database is recreated from time to time so that it is not too large. First, all known leases are saved in a temporary lease database. The dhcpd.leases file is renamed dhcpd.leases~ and the temporary lease database is written to dhcpd.leases.
The DHCP daemon could be killed or the system could crash after the lease database has been renamed to the backup file but before the new file has been written. If this happens, the dhcpd.leases file does not exist, but it is required to start the service. Do not create a new lease file. If you do, all old leases are lost which causes many problems. The correct solution is to rename the dhcpd.leases~ backup file to dhcpd.leases and then start the daemon.

13.2.3. Starting and Stopping the Server

Starting the DHCP server for the first time

When the DHCP server is started for the first time, it fails unless the dhcpd.leases file exists. Use the command touch /var/lib/dhcpd/dhcpd.leases to create the file if it does not exist.
If the same server is also running BIND as a DNS server, this step is not necessary, as starting the named service automatically checks for a dhcpd.leases file.
To start the DHCP service, use the command /sbin/service dhcpd start. To stop the DHCP server, use the command /sbin/service dhcpd stop.
By default, the DHCP service does not start at boot time. For information on how to configure the daemon to start automatically at boot time, refer to Chapter 10, Services and Daemons.
If more than one network interface is attached to the system, but the DHCP server should only be started on one of the interfaces, configure the DHCP server to start only on that device. In /etc/sysconfig/dhcpd, add the name of the interface to the list of DHCPDARGS:
# Command line options hereDHCPDARGS=eth0
This is useful for a firewall machine with two network cards. One network card can be configured as a DHCP client to retrieve an IP address to the Internet. The other network card can be used as a DHCP server for the internal network behind the firewall. Specifying only the network card connected to the internal network makes the system more secure because users can not connect to the daemon via the Internet.
Other command line options that can be specified in /etc/sysconfig/dhcpd include:
  • -p <portnum> - Specifies the UDP port number on which dhcpd should listen. The default is port 67. The DHCP server transmits responses to the DHCP clients at a port number one greater than the UDP port specified. For example, if the default port 67 is used, the server listens on port 67 for requests and responds to the client on port 68. If a port is specified here and the DHCP relay agent is used, the same port on which the DHCP relay agent should listen must be specified. Refer to Section 13.2.4, "DHCP Relay Agent" for details.
  • -f - Runs the daemon as a foreground process. This is mostly used for debugging.
  • -d - Logs the DHCP server daemon to the standard error descriptor. This is mostly used for debugging. If this is not specified, the log is written to /var/log/messages.
  • -cf <filename> - Specifies the location of the configuration file. The default location is /etc/dhcp/dhcpd.conf.
  • -lf <filename> - Specifies the location of the lease database file. If a lease database file already exists, it is very important that the same file be used every time the DHCP server is started. It is strongly recommended that this option only be used for debugging purposes on non-production machines. The default location is /var/lib/dhcpd/dhcpd.leases.
  • -q - Do not print the entire copyright message when starting the daemon.

13.2.4. DHCP Relay Agent

The DHCP Relay Agent (dhcrelay) allows for the relay of DHCP and BOOTP requests from a subnet with no DHCP server on it to one or more DHCP servers on other subnets.
When a DHCP client requests information, the DHCP Relay Agent forwards the request to the list of DHCP servers specified when the DHCP Relay Agent is started. When a DHCP server returns a reply, the reply is broadcast or unicast on the network that sent the original request.
The DHCP Relay Agent listens for DHCP requests on all interfaces unless the interfaces are specified in /etc/sysconfig/dhcrelay with the INTERFACES directive.
To start the DHCP Relay Agent, use the command service dhcrelay start.

13.3. Configuring a DHCP Client

To configure a DHCP client manually, modify the /etc/sysconfig/network file to enable networking and the configuration file for each network device in the /etc/sysconfig/network-scripts directory. In this directory, each device should have a configuration file named ifcfg-eth0, where eth0 is the network device name.
Make sure that the /etc/sysconfig/network-scripts/ifcfg-eth0 file contains the following lines:
DEVICE=eth0BOOTPROTO=dhcpONBOOT=yes
To use DHCP, set a configuration file for each device.
Other options for the network script include:
  • DHCP_HOSTNAME - Only use this option if the DHCP server requires the client to specify a hostname before receiving an IP address.
  • PEERDNS=<answer>, where <answer> is one of the following:
    • yes - Modify /etc/resolv.conf with information from the server. If using DHCP, then yes is the default.
    • no - Do not modify /etc/resolv.conf.
If you prefer using a graphical interface, refer to Chapter 8, NetworkManager for instructions on using NetworkManager to configure a network interface to use DHCP.

Advanced configurations

For advanced configurations of client DHCP options such as protocol timing, lease requirements and requests, dynamic DNS support, aliases, as well as a wide variety of values to override, prepend, or append to client-side configurations, refer to the dhclient and dhclient.conf man pages.

13.4. Configuring a Multihomed DHCP Server

A multihomed DHCP server serves multiple networks, that is, multiple subnets. The examples in these sections detail how to configure a DHCP server to serve multiple networks, select which network interfaces to listen on, and how to define network settings for systems that move networks.
Before making any changes, back up the existing /etc/sysconfig/dhcpd and /etc/dhcp/dhcpd.conf files.
The DHCP daemon listens on all network interfaces unless otherwise specified. Use the /etc/sysconfig/dhcpd file to specify which network interfaces the DHCP daemon listens on. The following /etc/sysconfig/dhcpd example specifies that the DHCP daemon listens on the eth0 and eth1 interfaces:
DHCPDARGS="eth0 eth1";
If a system has three network interfaces cards - eth0, eth1, and eth2 - and it is only desired that the DHCP daemon listens on the eth0 card, then only specify eth0 in /etc/sysconfig/dhcpd:
DHCPDARGS="eth0";
The following is a basic /etc/dhcp/dhcpd.conf file, for a server that has two network interfaces, eth0 in a 10.0.0.0/24 network, and eth1 in a 172.16.0.0/24 network. Multiple subnet declarations allow you to define different settings for multiple networks:
default-lease-time 600;max-lease-time 7200;subnet 10.0.0.0 netmask 255.255.255.0 {option subnet-mask 255.255.255.0;option routers 10.0.0.1;range 10.0.0.5 10.0.0.15;}subnet 172.16.0.0 netmask 255.255.255.0 {option subnet-mask 255.255.255.0;option routers 172.16.0.1;range 172.16.0.5 172.16.0.15;}
subnet 10.0.0.0 netmask 255.255.255.0;
A subnet declaration is required for every network your DHCP server is serving. Multiple subnets require multiple subnet declarations. If the DHCP server does not have a network interface in a range of a subnet declaration, the DHCP server does not serve that network.
If there is only one subnet declaration, and no network interfaces are in the range of that subnet, the DHCP daemon fails to start, and an error such as the following is logged to /var/log/messages:
dhcpd: No subnet declaration for eth0 (0.0.0.0).dhcpd: ** Ignoring requests on eth0.  If this is not whatdhcpd: you want, please write a subnet declarationdhcpd: in your dhcpd.conf file for the network segmentdhcpd: to which interface eth1 is attached. **dhcpd:dhcpd:dhcpd: Not configured to listen on any interfaces!
option subnet-mask 255.255.255.0;
The option subnet-mask option defines a subnet mask, and overrides the netmask value in the subnet declaration. In simple cases, the subnet and netmask values are the same.
option routers 10.0.0.1;
The option routers option defines the default gateway for the subnet. This is required for systems to reach internal networks on a different subnet, as well as external networks.
range 10.0.0.5 10.0.0.15;
The range option specifies the pool of available IP addresses. Systems are assigned an address from the range of specified IP addresses.
For further information, refer to the dhcpd.conf(5) man page.

Do not use alias interfaces

Alias interfaces are not supported by DHCP. If an alias interface is the only interface, in the only subnet specified in /etc/dhcp/dhcpd.conf, the DHCP daemon fails to start.

13.4.1. Host Configuration

Before making any changes, back up the existing /etc/sysconfig/dhcpd and /etc/dhcp/dhcpd.conf files.
Configuring a single system for multiple networks
The following /etc/dhcp/dhcpd.conf example creates two subnets, and configures an IP address for the same system, depending on which network it connects to:
default-lease-time 600;max-lease-time 7200;subnet 10.0.0.0 netmask 255.255.255.0 {option subnet-mask 255.255.255.0;option routers 10.0.0.1;range 10.0.0.5 10.0.0.15;}subnet 172.16.0.0 netmask 255.255.255.0 {option subnet-mask 255.255.255.0;option routers 172.16.0.1;range 172.16.0.5 172.16.0.15;}host example0 {hardware ethernet 00:1A:6B:6A:2E:0B;fixed-address 10.0.0.20;}host example1 {hardware ethernet 00:1A:6B:6A:2E:0B;fixed-address 172.16.0.20;}
host example0
The host declaration defines specific parameters for a single system, such as an IP address. To configure specific parameters for multiple hosts, use multiple host declarations.
Most DHCP clients ignore the name in host declarations, and as such, this name can be anything, as long as it is unique to other host declarations. To configure the same system for multiple networks, use a different name for each host declaration, otherwise the DHCP daemon fails to start. Systems are identified by the hardware ethernet option, not the name in the host declaration.
hardware ethernet 00:1A:6B:6A:2E:0B;
The hardware ethernet option identifies the system. To find this address, run the ip link command.
fixed-address 10.0.0.20;
The fixed-address option assigns a valid IP address to the system specified by the hardware ethernet option. This address must be outside the IP address pool specified with the range option.
If option statements do not end with a semicolon, the DHCP daemon fails to start, and an error such as the following is logged to /var/log/messages:
/etc/dhcp/dhcpd.conf line 20: semicolon expected.dhcpd: }dhcpd: ^dhcpd: /etc/dhcp/dhcpd.conf line 38: unexpected end of filedhcpd:dhcpd: ^dhcpd: Configuration file errors encountered -- exiting
Configuring systems with multiple network interfaces
The following host declarations configure a single system, which has multiple network interfaces, so that each interface receives the same IP address. This configuration will not work if both network interfaces are connected to the same network at the same time:
host interface0 {hardware ethernet 00:1a:6b:6a:2e:0b;fixed-address 10.0.0.18;}host interface1 {hardware ethernet 00:1A:6B:6A:27:3A;fixed-address 10.0.0.18;}
For this example, interface0 is the first network interface, and interface1 is the second interface. The different hardware ethernet options identify each interface.
If such a system connects to another network, add more host declarations, remembering to:
  • assign a valid fixed-address for the network the host is connecting to.
  • make the name in the host declaration unique.
When a name given in a host declaration is not unique, the DHCP daemon fails to start, and an error such as the following is logged to /var/log/messages:
dhcpd: /etc/dhcp/dhcpd.conf line 31: host interface0: already existsdhcpd: }dhcpd: ^dhcpd: Configuration file errors encountered -- exiting
This error was caused by having multiple host interface0 declarations defined in /etc/dhcp/dhcpd.conf.

13.5. DHCP for IPv6 (DHCPv6)

The ISC DHCP includes support for IPv6 (DHCPv6) since the 4.x release with a DHCPv6 server, client and relay agent functionality. The server, client and relay agents support both IPv4 and IPv6. However, the client and the server can only manage one protocol at a time - for dual support they must be started separately for IPv4 and IPv6.
The DHCPv6 server configuration file can be found at /etc/dhcp/dhcpd6.conf.
The sample server configuration file can be found at /usr/share/doc/dhcp-<version>/dhcpd6.conf.sample.
To start the DHCPv6 service, use the command /sbin/service dhcpd6 start.
A simple DHCPv6 server configuration file can look like this:
subnet6 2001:db8:0:1::/64 { range6 2001:db8:0:1::129 2001:db8:0:1::254; option dhcp6.name-servers fec0:0:0:1::1; option dhcp6.domain-search "domain.example";}

13.6. Additional Resources

For additional information, refer to The DHCP Handbook; Ralph Droms and Ted Lemon; 2003 or the following resources.

13.6.1. Installed Documentation

  • dhcpd man page - Describes how the DHCP daemon works.
  • dhcpd.conf man page - Explains how to configure the DHCP configuration file; includes some examples.
  • dhcpd.leases man page - Describes a persistent database of leases.
  • dhcp-options man page - Explains the syntax for declaring DHCP options in dhcpd.conf; includes some examples.
  • dhcrelay man page - Explains the DHCP Relay Agent and its configuration options.
  • /usr/share/doc/dhcp-<version>/ - Contains sample files, README files, and release notes for current versions of the DHCP service.
(Sebelumnya) 13 : Chapter 12. OpenSSH - Dep ...13 : Chapter 14. DNS Servers - ... (Berikutnya)