ITS 2330 - Linux III

Chapter 11: Managing Network Clients

Objectives:

This lesson takes place in week 12. Objectives important to this lesson:

  1. DHCP
  2. PAM
  3. LDAP
Concepts:

Chapter 11 begins with a discussion of DHCP, Dynamic Host Configuration Protocol, the method by which most computers receive an IP address on boot. In an IP network, each device needs a unique IP address. Assignment of these addresses takes some planning. First, there are two major approaches:

  • Static assignment - someone has to manually configure the address on each device, including workstations, servers, and printers. Unless your network is small, this is very painful.
  • Dynamic assignment - a server on the network can assign an address to workstations as they are powered up or as a user logs in to a network. You will still want to manually configure addresses on servers, printers, routers, and other network resource devices. However, you can automate the "manual" part (see below).

You may have to do this in a simulation for a certification test, so you should know how to open the Windows Network and Sharing Center, open the Status dialog of the Local Area Connection, open the Properties of that connection, and the Properties of the IPv4 stack.

Dynamic Host Configuration Protocol (DHCP) service allows us to dynamically assign IP addresses to hosts on an IP network. You need to understand that, as far as IP is concerned, "host" means any device on the network. It can also set the subnet mask, the default gateway, and the DNS server. Three methods for assigning addresses:

  • Automatic Allocation: DHCP assigns a permanent IP address to a host.
  • Dynamic Allocation: An IP address is assigned to a host for a limited period of time (or until the host relinquishes the address). Also called address leasing.
  • Manual Allocation: This method requires that you assign the address. DHCP simply delivers the address to the host. Read that carefully: you can make the assignment, but you tell the DHCP server to deliver it, so you don't have to visit the host yourself.

It is good to know what you may see if a DHCP server fails. Automatic Private IP Addressing (APIPA) could be described as a Windows error condition, if you are using DHCP on your Windows-based network. The first clue may be that a workstation cannot reach the Internet, because APIPA does not set a default gateway. What it does is to set a private IP address instead of one that matches your network scheme. It will be in the range 169.254.0.0 - 169.254.255.254. APIPA is meant to be a fallback method of assigning addresses. It will result in communications failures if some of your workstations have APIPA addresses, and others have DHCP assigned addresses. The two groups will essentially be on two different networks. APIPA addressing can only happen if DHCP fails, and if your workstations are configured to use APIPA as a fallback solution.

If a Windows workstation is configured for DHCP, but has an address in the APIPA range, try opening a command line interface and entering two commands:

ipconfig -release
ipconfig -renew

The first command tells the computer to let go of the lease it has (or thinks it has). The second command tells the computer to start a DHCP discover, offer, request, acknowledge sequence. These commands will have no effect if your DHCP server is not running, or is not reachable.

  • discover - a device makes a broadcast request for service from a DHCP server
  • offer - one or more servers reply to the requester with unicast offers of IP addresses
  • request - the requester selects one of the servers making offers and requests the offered address, but it copies this message to all servers that made offers so their addresses can be offered to other requesters
  • acknowledge - the selected server sends an acknowledgement message to the original requester

You should also know the Linux/UNIX/OS X version of these commands:

sudo ifconfig eth0 down
sudo ifconfig eth0 up

You may not need to type sudo.

The text spends several pages discussing how to install a DHCP server on a Linux system. On page 585, it explains that a DHCP server should be included in most Linux distros, and that the first installation step differs depending on the family of the distro you are using:

  • Debian: sudo apt-get install isc-dhcp-server
  • Red Hat: yum install dhcp

In the video shown below, the presenter performs an installation. From the notes above, we can tell which kind distro he is using.


Of course, this is Linux, so such instructions are addressing a moving target. Expect change.

The same page in the text mentions three DHCP client programs that can be installed on Linux workstations: Some names are easier to remember. The text explains that the dhclient package may be installed by default, and it may require no configuration. If it does, it will look a lot like a Windows configuration on distros with graphic interfaces.

  • dhcpcd
  • pump
  • dhclient

Having learned this about the client software, you may be confused by being told to look in the /etc/dhcp folder on the server for a file called dhcpd.conf. Several settings are discussed on pages 586 and 587 that you need to configure for general operation and and for subnets. (Remember how to calculate subnet ranges?)

The chapter changes topics on page 591, discussing general authentication first, then moving into the concept of Pluggable Authentication Modules. Note: searching for videos on the subject, I found several links to proprietary technologies that their owners also call "PAM", and that have nothing to do with our topic. Always watch out for bait-and-switch links that lead you to things you never wanted. This video from the Urban Penguin is on target, if a little heavy at first.


So, PAM is a concept that manages authentication features. It can only be used with applications that are PAM aware. Follow that link to a TecMint article about PAM that is more readable and understandable than the chapter. So, the idea of using PAM for everything on your network is flawed. It is complicated, hard to use, and less useful than it might be.

The third topic in the chapter is LDAP, Lightweight Directory Access Protocol. LDAP was developed from the X.500 standard developed by the ITU and from Directory Access Protocol, which does more than LDAP. The text shows us a tree structure that starts at a root object, flows through country objects, organizational unit objects, then layers of organization objects, and finally to leaf objects. Leaf objects don't branch, but the others can. The thing about LDAP is that it can be used by workstations, but its bigger brother DAP can only run on servers.

The text tells us that OpenLDAP is a commonly used LDAP server on Linux machines. This link will take you to a tutorial on installing and setting up OpenLDAP. It should only take the rest of the week to do it. You will probably enjoy the video I have provided below more than that lesson.