Configuration Tools
netconfig
redhat-config-network
redhat-config-network-druid
redhat-config-network-gui
redhat-config-network-tui (replaces netconfig)
vconfig
Useful Commands
redhat-control-network
redhat-config-network-cmd
service network restart
ifconfig
ifup
Name resolution
Name resolution is configured via the DNS tab in redhat-config-networks. You can specify the FQDN, list the DNS servers, and define the search domain.
Note that if DHCP is used for an interface, it does NOT default to automatically obtain the DNS information - you have to check that manually.
Hostname resolution can be configured in the /etc/hosts file using the format
<ip address> <fqdn> <alias>
10.1.1.17 yourbox.yourdomain.com yourbox
Nameservers and search domain are configured in /etc/resolv.conf -
search <domain>
nameserver <ip>
nameserver <ip>
By default, /etc/hosts takes precedence over DNS. To switch that, edit /etc/host.conf and change the list order from hosts, bind to bind, hosts.
VLANs
RHL9 supports 802.1q VLAN tagging using the configuration tool vconfig.
vconfig add eth0 1
vconfig rem eth0.1
The VLAN shows up as a regular network interface; the naming convention is <ifname>.<vlan#>, so the config file is /etc/sysconfig/network-scripts/ifcfg-eth0.101
Device aliases
Device aliases are virtual network interfaces that can have a different IP address from the parent interface. If you set up a device alias, neither the virtual interface nor the parent interface can use DHCP.
To create a device alias in redhat-config-network, make sure the ethernet interface is set to use a static IP address. Then select that device, create a new ethernet connection on the same ethernet card, and give it a different static IP address. The alias will be created inactive; click Activate to enable it.
The device alias shows up as a regular network interface; the naming convention is <ifname>:<alias#>, so the config file would be /etc/sysconfig/network-scripts/ifcfg-eth0:1
Virtual interfaces didn't honor ONBOOT=no; they were always brought up with parent interface.
To prevent this, use the new parameter ONPARENT=no (making ONBOOT=no work would have been an unpleasant surprise for sysadmins who unknowingly had that in their config files).
Network profiles
Multiple network profiles can be set up, allowing you to store separate configurations for different networks. To create a new profile in redhat-config-network, select Profile, New, and name the profile. You can then enable and disable network devices and specify network configurations for the selected profile. The active profile can be changed by selecting the desired profile from the Profile menu.
Once you have created a new profile, use Copy to create a logical network device in that profile. (Don't use New, or you'll just get a device alias!). You can edit the logical network device to give it a more descriptive name (ie eth0-test). Checking the profile box makes the device active in whatever profile you're configuring.
(This doesn't appear to work in the manner I would expect. If you choose a profile, select which devices should be active in that profile, save the profile, and then choose a different profile, your selected-device configuration follows you to the new profile. I would expect that the selected-device configuration would switch to what's already configured for that profile. Am I just weird, or does that seem like a bug? Also, the documentation states that two logical network devices associated with the same physical device can't be activated simultaneously in the same profile, but the tool allows you to save that configuration with no warnings, and they both show up in that profile when you run redhat-control-network. The documentation for this feature doesn't appear to match the implementation very well.)
Note that by default the Common profile is always used on boot; once the computer is booted, you can switch to another profile using redhat-control-network or redhat-config-network-cmd --profile <profilename> --activate.
Guru Labs says you can boot your RHL box directly into a profile from the GRUB boot screen. To do this, create a separate /etc/boot/grub.conf entry for each network profile, and in each entry add the kernel argument netprofile=profilename.
The search path for:
# ifup $DEV
is:
/etc/sysconfig/networking/profiles/$CURRENT_PROFILE/ifcfg-$DEV
/etc/sysconfig/networking/profiles/default/ifcfg-$DEV
/etc/sysconfig/network-scripts/ifcfg-$DEV
Overall, the configuration for this functionality seems very counterintuitive; I haven't had a chance to experiment with it to see if the behavior is more consistent with the docs.
Samba uses the SMB protocol to share files and printers across a network connection between Linux and Windows boxes.
Configuration Tools
redhat-config-samba
Useful Commands
smbclient
smbmount / smbumount
service smb restart
Configuring the Samba server
The GUI config tool is redhat-config-samba. The configurations are saved and the samba server is restarted when you click OK, so your changes take effect immediately.
From the Preferences menu, select Server Settings and fill in the Windows workgroup and server description in the Basic tab. In the Security tab, specify the authentication method. The default, User, requires each user to have a username and password on each Samba server (and is necessary for Windows Username to work). Encrypted passwords is the default, and should be used in anything other than a completely secure network (which we all know doesn't exist), since otherwise the authentication information is sent in the clear and susceptible to sniffing. A guest account uses an existing username on the system; when guests log in to the Samba server, they get the privileges of the existing user. The guest account should be left disabled unless you have a specific need for it.
An existing user account must exist on the server to add a Samba account for that user. From the Preferences menu, select Samba Users, and click Add User. Select the user account from the pulldown menu; if you're using User authentication, you have to fill in the Windows Username field even if their Windows username is the same as their Unix username. RH recommends that Samba passwords be different from Linux passwords even if you're using encrypted passwords.
To create a share, click Add, then specify the directory and give it a description. Global permissions for that share can be set to read-only or read/write; the Access tab allows you to restrict which users are allowed to access the share.
The Samba server can also be configured by editing the /etc/samba/smb.conf file. Server settings correspond to:
workgroup = <workgroup name>
server string = <description>
Encrypted passwords are enabled be the lines:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
To set up shares:
[sharename]
comment = <description>
path = /path/to/share
valid users = <user1> <user2>
public = no
writable = yes
printable = no
create mask = 0765
Once you've done that, you have to set up the encrypted passwords for Samba to use:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
chmod 600 /etc/samba/mksmbpasswd
smbpassword
You can map a Samba username to a Windows username (or multiple Windows usernames) in /etc/samba/smbusers
<samba username> = <windows username>
lisa = lisa administrator
Remember to run service smb restart if configuring from the command line.
Printers are all shared by default if you're using a BSD-style print system. There's an example for setting up a printer that can only be used by a specific user, but I haven't gone there yet.
Using Samba
smbclient -L <hostname or IP address> will give you a list of shares available. If you're running the command from a user account different from your Samba username, you can specify the username with -U <username>
smbclient //<server>/<share> -U <username> will give you an smb connection with commands similar to ftp (cd, lcd, get, mget, put...)
To mount a share via Samba, create a mount point (for example, mkdir /tmp/<dirname>) and then use
smbmount //<server>/<share> /tmp/<dirname> -o username=<samba-user>
and use smbumount /tmp/<dirname> to umount it when you're done.
To use a printer via Samba, run redhat-config-printer (which Jeremy covered last week). Should this be set to raw print queue or PostScript printer or... ?
Troubleshooting Samba
Samba stores logs individually for each connecting machine in /var/log/samba/<hostname>.log along with general logs such as smbd.log, smbmount.log, and log.nmbd. The latter is useful for troubleshooting if you're having conflicts of what server will be the master browser for your domain.
If an individual user is having a problem, rather than the issue being server-wide, try deleting that user's samba user account and recreating it.
Configuration Tools
redhat-config-httpd
service httpd restart
Migrating
RHL9 uses Apache HTTP Server was updated to version 2.0, which has different configuration options from 1.x - if you're migrating a config by hand, there's a guide: /usr/share/doc/httpd-<ver>/migration.html
If you configured the Apache HTTP Server with the HTTP Configuration Tool in previous versions of Red Hat Linux and then performed an upgrade, you can use the application to migrate the configuration file to the new format for version 2.0. Start the HTTP Configuration Tool, make any changes to the configuration, and save it. The configuration file saved will be compatible with version 2.0.
Configuring Apache httpd
The GUI config tool, redhat-config-httpd, can be used for basic setup. The Server name should be a FQDN. The default is for httpd to listen on port 80 on all IP addresses configured on the system; specific IP addresses and ports can be defined instead. If you wish to run SSL, access should also be enabled on port 443.
If you're not running multiple web servers or SSL, you can just edit the default settings in the Virtual Hosts tab: specify index files and custom error pages; customize the log files and specify whether to log by hostname or IP address; define environment variables and specify which CGI scripts they get passed to; and define directory options for the document root and specified subdirectories.
Note - reverse lookups add overhead and can affect performance on a busy server.
To configure SSL in redhat-config-httpd, even if you're only running one web servers, you have to create the default virtual host. Virtual hosts allow you to run multiple web servers on the same system. The default virtual host has the same configuration options as the default settings, plus an additional SSL configuration tab. The Apache server comes with a dummy digital certificate allowing SSL configuration, which shouldn't be used on a production server.
IP-based (HTTP 1.0) virtual hosts require separate IP addresses for each web server; name-based (HTTP 1.1) virtual hosts can run multiple separate domain names on the same IP address. Note that you can't run SSL on a name-based virtual host - the SSL handshake occurs before the HTTP request that provides the name of the desired host.
After running redhat-config-httpd, you must run service httpd restart for your changes to take effect.
One thing to note is that redhat-config-httpd only uses /etc/httpd/conf/httpd.conf file, but the SSL configuration for the main server is pulled in from /etc/httpd/conf.d/ssl.conf - I ran into a possible bug based on this. If you define the main server on all addresses on port 80, then define the default virtual host on all addresses on port 443, service httpd restart will give you a warning that _default_ VirtualHost overlaps on port 443, and the first has precendence. "The first" appears to be the config in ssl.conf, but you can't edit that from redhat-config-network. It looks like there ought to be an SSL tab in the Default settings that edits the settings in ssl.conf, or the VirtualHosts in httpd.conf should take precedence over the settings in ssl.conf - another thing to check on in bugzilla.
Other module-specific scripts in /etc/httpd/conf.d include perl.conf, php.conf, and python.conf - perl and python appear to be commented out by default, while php is enabled by default. (Seems odd considering how many php-related security alerts I've seen...)