Apress.Pro.Ubuntu.Server.Administration

NI N D E X 391

hierarchical structure of, 197 sender_canonical, 271
integrating Samba with transport, 272
virtual, 272
configuring secure connections, 239 lost administrator password, dealing with,
connecting Samba to LDAP, 238–239
preparing LDAP, 237–238 380–381
preparing Samba, 236–237 low memory, 59
specifying where to put objects, 240 ls command (debugfs utility), 122
object attributes, 198 lsdel command (debugfs utility), 123
schema, 198–200 ls -i command, 110
using for authentication lsof command, 71, 73
nsswitch.conf file, 228–229 lsscsi command, 174
PAM, configuring, 223–228 lvchange command, 374
testing client connectivity, 230 lvdisplay command, 369–373
LDAP Directory LVM logical volumes
default schema files, 200–201
schema file, 198–200 boot problems, fixing, 368–373
using, 197 creating on top of software RAID device,
ldapmodify command, 201, 221
ldappasswd command, 223 16–22
ldapsearch command, 201, 217–220 device not activated automatically,
ldap-utils package, 217
ldd command, 223 374–375
libpam-ldap package, 227 excluding devices for, 374
Lightweight Directory Access Protocol. See troubleshooting, 368
lvscan command, 371–373
LDAP
Linux M

open-iscsi solution, 173 mail delivery agent (MDA)
servers, installing NRPE service on, description of, 250
procmail, 278–279
152–153
users, authenticating, 245–246 mail server
VPN client, configuring, 316–319 configuring simple, 267–268
load average for system, 46 configuring Ubuntu Server as, 249
load balancing, 88
local certificate authority, 283 mail solution
local time zone setting, 322 components of, 249–250
log file, NTP, configuring, 328 receiving e-mail
logging in with Kerberos client, 340–341 Cyrus IMAPd, using, 275–278
logging slapd.conf file, 213–214 overview of, 274
logical blocks, and file systems, 109 procmail, using, 278–279
logical partitions for RAID setup, 5 Qpopper, using, 279–280
lookup tables, configuring Postfix to use
access, 270 mail transfer agent (MTA)
aliases, 273 description of, 250
canonical, 270 Postfix, configuring
overview of, 269–270 components, 262–263
recipient_canonical, 271 dpkg-reconfigure command, 257–262
relocated, 271 global settings, 264–266
initial settings, 256–257
master daemon, 263–264
overview of, 250–251
simple mail server, 267–268

392 NINDEX

to handle inbound and outbound global settings, 264–266
mail, 251–255 initial settings, 256–257
master daemon, 263–264
to use lookup tables, 269–273 overview of, 250–251
Postfix management tools, 273–274 simple mail server, 267–268
mail user agent (MUA), 250 to handle inbound and outbound
management tools, Postfix MTA, 273–274
managing mail, 251–255
AppArmor profiles, 294–299 to use lookup tables, 269–273
Nagios tool, 155–159 Postfix management tools, 273–274
user mailboxes, 277–278 MUA (mail user agent), 250
XFS file system, 126 multi core environment
man -k xfs utility (XFS), 127 benefits of, 88
master boot record (MBR) symmetric multiprocessing kernel, 88
in boot process, 344 Multidisk utility, 15
troubleshooting, 364 multipathing, setting up, 26–27
master daemon, 263–264 multitasking system, performance in, 52
MDA (mail delivery agent)
description of, 250 N
procmail, 278–279
memory Nagios tool
analyzing performance of, 57– 65 check_disk plug-in, output from,
configuring huge pages, 92–93 144–147
inter-process communication, optimiz- commands, 148–149
configuration files, creating
ing, 94–96 contacts.cfg, 139
optimizing usage of, 92–96 contacts group, defining, 140
overview of, 91 hosts and host groups, defining,
write cache, optimizing, 93–94 141–143
memory monitoring with top utility, 49–50 overview of, 138–139
mirroring, and shared storage, 161 services.cfg, 144–148
MIT Kerberos, 321 timeperiods_nagios2.cfg, 149–151
mkdir /share command, 232 configuring
modifying entries in LDAP database, 221 location of configuration files,
modules (OpenLDAP), 201 135–136
monitoring master configuration file, 136–138
AppArmor status, 299–302 Nagios server to use NRPE, 154–155
DRBD, 168–169 installing, 131
monitoring network. See Nagios tool managing
mount command, 235 Host Detail window, 157
mounting Reporting section, 159
Ext2/Ext3 file system, 119 Service Detail window, 156
file systems, 112–113 Tactical Monitor Overview window,
moving processes to other CPU cores, 88 155
MTA (mail transfer agent) restarting with configuration, 151
description of, 250 user authentication, 132–134
Postfix, configuring
netstat tool
components, 262–263 options, 80
dpkg-reconfigure command, 257–262 -tulpn option, 78

NI N D E X 393

network NTP time server
monitoring performance of, 73–80 client, configuring, 325–326
optimizing performance customizing
generic network, 106 drift file, 327
kernel parameters, tuning, 98, 100 log file, 328
overview of, 98 security restrictions, applying,
Samba and NFS, 105–106 328–329
TCP acknowledgements, 102–103 description of, 321–323
TCP read and write buffers, 101–102 pulling or pushing time, 324–325
TCP Syn queue, 103–105 stand-alone, configuring, 323–324
TCP tunables, 100 synchronization status, checking,
326–327
network card, second, setting up, 30
networking in boot process, 349 ntptrace command, 326
network monitoring. See Nagios tool
Network Time Protocol (NTP), 322 O
NFS performance optimization, 105
NIC bonding, setting up, 24–26 open-iscsi solution (Linux), 173
NIC teaming, and installation program, 8 OpenLDAP
nice command, adjusting process priority
commands, 201
with, 89–90 configuration files, 201
ni performance category (top utility), 48 configuring, 202
noatime option (XFS), 126 database, adding information to,
noninterruptible hang, 378
Noop scheduler (I/O scheduler), 97 215–217
normal processes, priority of, 88–89 installing, 202
notail option (ReiserFS), 128 modules, 201
nr_pdflush_threads parameter, 93 server, configuring
NRPE
apt-get purge slapd command, 205
configuring Nagios server to use, dpkg-reconfigure slapd command,
154–155
203–206
configuring on monitored server, slapd.conf file, 207–215
152–154 slapd daemon, 201
slurpd daemon, 201
nss_ldap module (LDAP), 201, 228 utilities
nsswitch.conf file, configuring to find ldapdelete command, 222
ldapmodify command, 221
LDAP services, 228–229 ldappasswd command, 223
ntp.conf file overview of, 220–221
verifying configuration with ldapsearch
driftfile parameter, 328
listing, 323 command, 217–220
logfile statement, 328 open source SAN. See SAN
restrict settings, 328 openssl command, 284
synchronization interval, configuring, OpenVPN

324 certificate authority, configuring,
ntpdate command, 325 305–308
ntpd (NTP daemon), 291–292, 327–328
NTP (Network Time Protocol), 322 client keys, creating, 310–311
ntpq command, 326 copying keys to client, 312
ntpq -p command, 326 Diffie-Hellman parameters, generating,

311–312

394 NINDEX

installing, 303 performance baselining, 80
server keys, creating, 308–310 performance monitoring
openvpn command, 314
/opt/drbl/sbin/drbl-client-switch com- CPU, analyzing performance of, 51–57
memory problems, finding, 57– 65
mand, 37–38 network, 73– 80
/opt/drbl/sbin/drblpush -i command, 32 overview of, 45
/opt/drbl/sbin/select-in-client command, storage, 65–73
top utility
38
optimizing file systems CPU monitoring with, 46–49
memory monitoring with, 49–50
Ext2/Ext3 output from, 45
analyzing and repairing, 119–124 process monitoring with, 50–51
creating, 116–119 performance optimization
mounting, 119 CPU
adjusting process priority with nice
overview of, 116
ReiserFS, 128–130 command, 89–90
XFS overview of, 87– 89
SMP environments, 90–91
management of, 126 thread scheduler, 87, 88
organization of, 124–125 memory
setting properties, 125–126 configuring huge pages, 92–93
utilities, 127–128 inter-process communication, 94– 96
optimizing performance. See performance overview of, 91–92
write cache, 93–94
optimization network
outbound mail generic, 106
kernel parameters, tuning, 98–100
for local user, processing, 254 overview of, 98
Postfix and, 251 Samba and NFS, 105–106
for remote system user, processing, 254 TCP acknowledgements, 102–103
undeliverable, processing, 255 TCP read and write buffers, 101–102
TCP Syn queue, 103–105
P TCP tunables, 100–101
overview of, 83
page size, default, in memory, 57 storage
pam_ldap module (LDAP), 201 I/O scheduler, 96– 98
PAM (Pluggable Authentication Modules), overview of, 96
read requests, tuning, 98
configuring for LDAP authentica- testing changes to settings before ap-
tion, 223–228
parameters for Samba configuration as plying, 85–87
primary domain controller, 242 permissions, applying to local directory
Partition Disk screen, 13
Partition Disks interface, 17, 21 for Samba, 232
partitions pickup daemon, 251
boot, creating, 12 PKI (public key infrastructure)
logical, for RAID setup, 5
troubleshooting, 365–368 advantages of, 321
passwords for VPN, 305
for LDAP administrator, 202
in LDAP environment, changing, 223
lost administrator, dealing with,
380–381

NI N D E X 395

Pluggable Authentication Modules (PAM), Q
configuring for LDAP authentica-
tion, 223–228 Qpopper, 279–280

plug-ins available in Nagios, 144 R
pmap command, 63–65
POP3 server, setting up, 279–280 RAID
POSIX standard, 290 setting up at installation, 4–5
postdrop command, 251 software-based
Postfix MTA creating at installation, 9–16
creating LVM logical volumes on top
configuring of, 16–22
components, 262–263
dpkg-reconfigure command, 257–262 read requests,
global settings, 264–266 reordering, 114
for handling inbound and outbound tuning, 98
mail, 251–255
initial settings, 256–257 realm, 330
master daemon, 263–264 real-time processes, priority of, 88
overview of, 250–251 receiving e-mail
simple mail server, 267–268
for using lookup tables, 269–273 Cyrus IMAPd, 275–278
overview of, 274
management tools, 273–274 procmail, 278–279
post-installation tasks Qpopper, 279–280
recipient_canonical lookup table, config-
multipathing, setting up, 26–27
NIC bonding, setting up, 24–26 uring Postfix to use, 271
primary domain controllers, Samba serv- redundancy

ers as, 241–243 See also RAID
problem, identifying, 344–350 in enterprise environment, 2
/proc/drbd file, 184 NIC bonding and, 24
process files, slapd.conf file, 211 in storage area network, 2
process monitoring with top utility, 50–51 reference clocks, 324
process priority, adjusting with nice com- reinstalling Grub, 361
reiserfsck command, 380
mand, 89–90 ReiserFS file system
procmail MDA, 278–279 description of, 6, 116, 128–130
/proc/net/iet/volume file, 171 repairing, 380
ps utility, 62 relocated lookup table, configuring Postfix
public IP address, and VPN connection,
to use, 271
316 remounting file system, 110
public key infrastructure (PKI) reordering read and write requests, 114
repairing
advantages of, 321
for VPN, 305 Ext2/Ext3 file system
public/private key pairs, 282 debugfs utility, 122–124
pulling time, 324–325 dumpe2fs and tune2fs utilities,
purging database and slapd configuration, 120–122
e2fsck utility, 120
205
pushing time, 324–325 ReiserFS file system, 380
pvdisplay command, 369 Reporting section (Nagios), 159
pvscan command, 368 Rescue a Broken System option, 353–356

396 NINDEX

restarting Nagios tool with configuration, schema files, slapd.conf file, 211
151 schema of LDAP, 198–200
Secure Sockets Layer (SSL) protocol
restoredisk option (Clonezilla), 40
runlevel scripts, order of, 347–349 certificate authority
runnable process, 51 creating, 284–289
run queue, 51 need for, 283–284

S key pairs, 282
security options
Samba performance optimization,
105–106 See also authentication
AppArmor
Samba servers
integrating in Active Directory, 244–245 components of, 290–291
integrating with LDAP creating and managing profiles,
configuring secure connections, 239
connecting Samba to LDAP, 238–239 294–299
preparing LDAP, 237–238 installing and starting, 293–294
preparing Samba, 236–237 monitoring status of, 299–302
specifying where to put objects, 240 overview of, 290
overview of, 231 permissions, 293
as primary domain controllers, 241–243 updating profiles, 299
setting up cryptography
applying permissions to local direc- certificate authority, creating,
tory, 232
defining share, 232–234 284–289
local directory to share, creating, 232 certificate authority, need for,
overview of, 231
testing access to share, 235–236 283–284
user account, creating, 235 key pairs, 282
overview of, 281
SAN (storage area network) SSL and, 282
accessing with iSCSI, 169 for VPN, 303
cluster configuration, backing up, security restrictions, applying to NTP time
187–191
cluster resources, configuring, 180–187 server, 328–329
connection to, 2–3 SELinux, 290
DRBD sender_canonical lookup table, configur-
monitoring, 168–169
setting up, 164–165 ing Postfix to use, 271
starting, 166–167 Sendmail, Postfix mail server compared
hardware requirements for, 163
Heartbeat, configuring, 175–179 to, 250
iSCSI, configuring, 169–172 server certificates, creating, 284–289
iSCSI initiator, configuring, 173–175 server hardware for enterprise network
software components needed for creat-
ing, 162 installation, 2
software for, installing, 163 server keys (OpenVPN), creating, 308–310
STONITH, configuring, 191–193 servers

savedisk option (Clonezilla), 40 See also Samba servers
scheduling process of CPU, 87–88 Clonezilla imaging

assigning directory for, 35
clients for cloning, configuring, 36–38
cloning clients, 39–43
configuring, 36
Diskless Remote Boot in Linux, 30–35
setting up, 29

NI N D E X 397

DHCP, setting up, 33–35 smtpd process, 253–255
Kerberos snapshot technology for backing up files, 5
software
configuring, 332–336
starting and creating administrative Diskless Remote Boot in Linux
configuring, 32–33
user account, 337–338 installing, 31–32
user accounts, adding, 338
verifying KDC is operational, 338–339 RAID
mail, configuring, 249, 267–268 creating at installation, 9–16
NTP time creating LVM logical volumes on top
client, configuring, 325–326 of, 16–22
customizing, 327–329 implementing, 4–5
description of, 321–323
pulling or pushing time, 324–325 virtualization, creating installation con-
stand-alone, configuring, 323–324 figuration using, 4
synchronization status, checking,
SSH VPN, 303
326–327 SSL (Secure Sockets Layer) protocol
POP3, setting up, 279–280
synchronizing time between, 322–323 certificate authority
VPN, 304–305 creating, 284–289
web, and Nagios tool, 131 need for, 283–284
Service Detail window (Nagios), 156
services for Nagios tool to monitor, defin- key pairs, 282
stack trace, dumping
ing, 144–148
shared memory, 94–96 interruptible hangs, 375–377
shared storage. See SAN noninterruptible hangs, 378
shmall setting, 95 stand-alone NTP time server, configuring,
shmmax setting, 95
shmmni setting, 95 323–324
si performance category (top utility), 49 starting
slab memory, 60
slabtop utility, 61 AppArmor, 294
slapd.conf file DRBD, 166–167
installation, 8
ACLs, 214–215 iSCSI target, 170
contents of, 207–211 Kerberos server, 337–338
description of, 201 startup parameters, slapd.conf file,
logging, 213–214
schema and process files, 211 211–213
startup parameters, 211–213 stash file for Kerberos server, creating, 336
slapd daemon (OpenLDAP), 201 stat command, 110
slurpd daemon (OpenLDAP), 201 stats command, 112
smbclient command, 235 STONITH, configuring, 191–193
smbclient -L localhost command, 234 storage
smbpasswd command, 231, 235
smbpasswd -W command, 239 I/O scheduler
SMP environment. See symmetric description of, 96
optimizing, 97–98
multiprocessing (SMP) kernel
environment monitoring performance of, 65–73
optimizing performance of, 96
read requests, tuning, 98
storage area network. See SAN
st performance category (top utility), 49
stratums, 322–323
superblocks, 112–113

398 NINDEX

swap memory, 57 output from, 45
switching off barriers, 114 process monitoring with, 50–51
symmetric multiprocessing (SMP) kernel tools
See also Nagios tool; troubleshooting
environment
description of, 88 tools
optimizing, 90–91 debugfs, 110–111, 122–124, 378
synchronization status, NTP, checking, debugreiserfs, 129–130
dumpe2fs, 120–122
326–327 e2fsck, 120
synchronizing time between servers, fsck.reiserfs, 128
management, Postfix MTA, 273–274
322–323 man –k xfs, 127
sy performance category (top utility), 48 Multidisk, 15
sysctl command, 84, 85 OpenLDAP
/sys/kernel/security/apparmor/profiles
ldapdelete command, 222
file, 300 ldapmodify command, 221
sysvconfig tool, 172 ldappasswd command, 223
sysvconfig utility, 89 overview of, 220–221
sysvconfig, 172
T tune2fs, 120–122
XFS file system, 127–128
Tactical Monitor Overview window Transport Layer Security (TLS), 282
(Nagios), 155 transport lookup table, configuring Postfix

target ID of iSCSI target, 171 to use, 272
taskset command, 90–91 trivial-rewrite daemon, 253–255
TCP acknowledgements, 102–103 troubleshooting
tcp_keepalive_intvl parameter, 104
tcp_keepalive_time parameter, 104 chroot environment and, 357
tcp_max_syn_backlog parameter, 103 file systems
TCP read and write buffers, 101–102
tcp_synack_retries parameter, 104 Ext3, accessing damaged, 378–380
TCP Syn queue, 103–105 ReiserFS, 380
TCP tunables, 100–101 Grub
testing loading manually, 362–364
reinstalling, 361
access to Samba share, 235–236 identifying problem, 344–350
changes to settings before applying, kernel
interruptible hang, 375–377
85–87 noninterruptible hang, 378
LDAP client connectivity, 230 lost administrator password, 380–381
thread scheduler, 87–88 LVM logical volumes
Ticket Granting Ticket (TGT), 330 boot problems, 368–373
tickless kernel, 52 device not activated automatically,
time command, 80, 86
time periods for Nagios tool, defining, 374–375
excluding devices for, 374
149–151 master boot record, 364
TLS (Transport Layer Security), 282 overview of, 343
top utility partitions, 365–368
troubleshooting tools
CPU cycles and, 89
CPU monitoring with, 46–49
Last used cpu (SMP) option, 54
memory monitoring with, 49–50

NI N D E X 399

init=/bin/bash, 351–353 vmstat -s command
Knoppix Rescue CD, 357–360 CPU performance and, 52, 57
overview of, 351
Rescue a Broken System option, vmstat utility
active and inactive memory informa-
353–356 tion, 58
trusted root certificate authority, 283 cpu section, 55
tun device, adding to VPN server, 315 disk performance and, 67– 69
tune2fs utility, 120–122 sample mode, 55, 57, 68
tuning CPU swap information, 58

adjusting process priority using nice VPN
command, 89–90 See also VPN server
normal configuration of, 304–305
overview of, 87–89 public key infrastructure for, 305
SMP environments, 90–91
thread scheduler, 87–88 VPN server
See also OpenVPN
U configuring, 313–316
description of, 303
unconfined command, 301 Linux VPN client, configuring, 316–319
Universal Time Coordinated (UTC), 322 Windows VPN client, configuring, 320
updating AppArmor profiles, 299
Upstart, 347 W
user accounts
wa parameter (top utility), 90
for Kerberos server, adding, 338 wa performance category (top utility), 48
for Samba, creating, 235 web servers, and Nagios tool, 131
user authentication for Nagios tool, winbind package, 245–246
Windows VPN client, configuring, 320
132–134 workstation accounts for Samba, creating,
user mailboxes, managing, 277–278
us performance category (top utility), 48 243
UTC= setting, 322 write cache, optimizing, 93–94
UTC (Universal Time Coordinated), 322 write requests, reordering, 114
utilities. See tools
X
V
X.509 standard, 282
van Vugt, Sander, Beginning Ubuntu xfsctl function, 125
Server Administration, 131 xfsdump command, 127
XFS file system
/var/lib/ldap/DB_CONFIG file, 204
/var/run/slapd/slapd.args file, 211 description of, 6, 124
Venema, Wietse, 251 management of, 126
versions of Ubuntu Server, 64- compared organization of, 124–125
setting properties, 125–126
to 32-bit, 7 utilities, 127–128
vgdisplay command, 370 xfs_freeze command, 128
vgscan command, 370 xfs_growfs command, 125–127
virtualization software, creating installa- xfs_info command, 125
xfs_repair command, 127
tion configuration using, 4 xfs_rtcp command, 127
virtual lookup table, configuring Postfix to xinetd, running Qpopper through, 279

use, 272
virtual memory, 91
Virtual Private Network server. See VPN

server