An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)

561
-1

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
561
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)

  1. 1. An Open Source Network Infrastructure(Is OS Software suitable for SMEs?) Jack Wearden @JackWeirdy Barcamp Blackpool 2012
  2. 2. [META]
  3. 3. SSOSingle Sign-On
  4. 4. AAAAuthentication, Authorisation and Accounting
  5. 5. DNSDomain Name System
  6. 6. DHCPDynamic Host Configuration Protocol
  7. 7. DDNSDynamic DNS
  8. 8. NTPNetwork Time Protocol
  9. 9. LDAPLightweight Directory Access Protocol
  10. 10. Kerberos
  11. 11. RADIUSRemote Authentication Dial In User Service
  12. 12. NFSNetwork File System
  13. 13. SMBServer Message Block
  14. 14. CIFSCommon Internet File System
  15. 15. Example Time!
  16. 16. authoritative;default-lease-time 600;max-lease-time 7200;subnet 10.20.40.0 netmask 255.255.252.0 { range 10.20.42.1 10.20.43.254; option domain-name "network"; option domain-name-servers 10.20.40.1, 10.20.40.2; option routers 10.20.40.11; option ntp-servers 10.20.40.1;}
  17. 17. DHCP Based on DORA model:Discovery, Offer, Response, Acknowledgement
  18. 18. From Client To 255.255.255.255:67Message type: Boot Request (1)Hardware type: EthernetTransaction ID: 0x2da9d67fClient IP address: 0.0.0.0 (0.0.0.0)Your (client) IP address: 0.0.0.0 (0.0.0.0)Client MAC address: 80:00:27:bc:59:29Magic cookie: DHCPOption: (t=53,l=1) DHCP Message Type = DHCP RequestOption: (t=12,l=9) Host Name = "testmachine"Option: (t=55,l=17) Parameter Request List 1 = Subnet Mask 2 = Time Offset 3 = Router 6 = Domain Name Server 12 = Host Name 15 = Domain Name 26 = Interface MTU 28 = Broadcast Address 42 = Network Time Protocol Servers 44 = NetBIOS over TCP/IP Name Server 47 = NetBIOS over TCP/IP Scope 119 = Domain Search [TODO:RFC3397] 121 = Classless Static Route 249 = Private/Classless Static Route (Microsoft) 252 = Private/Proxy autodiscoveryEnd Option
  19. 19. From Server to [MAC]:68Message type: Boot Reply (2)Hardware type: EthernetTransaction ID: 0x2da9d67fBootp flags: 0x0000 (Unicast)Client IP address: 0.0.0.0 (0.0.0.0)Your (client) IP address: 10.20.42.5Next server IP address: 0.0.0.0 (0.0.0.0)Relay agent IP address: 0.0.0.0 (0.0.0.0)Client MAC address: 80:00:27:bc:59:29Server host name not givenBoot file name not givenMagic cookie: DHCPOption: (t=53,l=1) DHCP Message Type = DHCP ACKOption: (t=54,l=4) DHCP Server Identifier = 10.20.40.1Option: (t=51,l=4) IP Address Lease Time = 600Option: (t=1,l=4) Subnet Mask = 255.255.252.0Option: (t=3,l=4) Router = 10.20.40.1Option: (t=6,l=8) Domain Name Server IP Address: 10.20.40.1 IP Address: 10.20.40.2End Option
  20. 20. From Server to [MAC]:68 Message type: Boot Reply (2) Hardware type: Ethernet Transaction ID: 0x2da9d67f Bootp flags: 0x0000 (Unicast) Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 10.20.42.5 Next server IP address: 0.0.0.0 (0.0.0.0) Relay agent IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 80:00:27:bc:59:29 Server host name not given Boot file name not given Magic cookie: DHCP Option: (t=53,l=1) DHCP Message Type = DHCP ACK Option: (t=54,l=4) DHCP Server Identifier = 10.20.40.1--> Option: (t=51,l=4) IP Address Lease Time = 600 Option: (t=1,l=4) Subnet Mask = 255.255.252.0 Option: (t=3,l=4) Router = 10.20.40.1 Option: (t=6,l=8) Domain Name Server IP Address: 10.20.40.1 IP Address: 10.20.40.2 End Option
  21. 21. From Client To 255.255.255.255:67 Message type: Boot Request (1) Hardware type: Ethernet Transaction ID: 0x2da9d67f Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 80:00:27:bc:59:29 Magic cookie: DHCP Option: (t=53,l=1) DHCP Message Type = DHCP Request--> Option: (t=50,l=4) Requested IP Address = 10.20.42.5 Option: (t=12,l=9) Host Name = "testmachine" Option: (t=55,l=17) Parameter Request List 1 = Subnet Mask 2 = Time Offset 3 = Router 6 = Domain Name Server 12 = Host Name 15 = Domain Name 26 = Interface MTU 28 = Broadcast Address 42 = Network Time Protocol Servers 44 = NetBIOS over TCP/IP Name Server 47 = NetBIOS over TCP/IP Scope 119 = Domain Search [TODO:RFC3397] 121 = Classless Static Route 249 = Private/Classless Static Route (Microsoft) 252 = Private/Proxy autodiscovery End Option
  22. 22. /var/lib/dhcp/dhcpd.leases: lease 10.20.42.5 { starts 4 2012/09/13 22:16:20; ends 4 2012/09/13 22:26:20; tstp 4 2012/09/13 22:26:20; cltt 4 2012/09/13 22:16:20; binding state free; hardware ethernet 80:00:27:bc:59:29; }
  23. 23. From Client To 255.255.255.255:67 Message type: Boot Request (1) Hardware type: Ethernet Transaction ID: 0x2da9d67f Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 0.0.0.0 (0.0.0.0) Client MAC address: 80:00:27:bc:59:29 Magic cookie: DHCP Option: (t=53,l=1) DHCP Message Type = DHCP Request Option: (t=50,l=4) Requested IP Address = 10.20.42.5--> Option: (t=12,l=9) Host Name = "testmachine" Option: (t=55,l=17) Parameter Request List 1 = Subnet Mask 2 = Time Offset 3 = Router 6 = Domain Name Server 12 = Host Name 15 = Domain Name 26 = Interface MTU 28 = Broadcast Address 42 = Network Time Protocol Servers 44 = NetBIOS over TCP/IP Name Server 47 = NetBIOS over TCP/IP Scope 119 = Domain Search [TODO:RFC3397] 121 = Classless Static Route 249 = Private/Classless Static Route (Microsoft) 252 = Private/Proxy autodiscovery End Option
  24. 24. $ nslookup testmachine.networkServer: 10.20.40.1Address: 10.20.40.1#53Name: testmachine.networkAddress: 10.20.42.5$ nslookup 10.20.42.5Server: 10.20.40.1Address: 10.20.40.1#535.42.20.10.in-addr.arpa name = testmachine.network.
  25. 25. LDAP!
  26. 26. dn: uid=john,ou=People,dc=example,dc=comobjectClass: inetOrgPersonobjectClass: posixAccountobjectClass: shadowAccountuid: johnsn: DoegivenName: Johncn: John DoedisplayName: John DoeuidNumber: 10000gidNumber: 5000userPassword: johnldapgecos: John DoeloginShell: /bin/bashhomeDirectory: /home/john Taken from Ubuntu Server Guide for 12.04
  27. 27. dn: ou=People,dc=example,dc=comobjectClass: organizationalUnitou: Peopledn: ou=Groups,dc=example,dc=comobjectClass: organizationalUnitou: Groupsdn: cn=miners,ou=Groups,dc=example,dc=comobjectClass: posixGroupcn: minersgidNumber: 5000 Taken from Ubuntu Server Guide for 12.04
  28. 28. dn: uid=john,ou=People,dc=example,dc=com objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount uid: john sn: Doe givenName: John cn: John Doe displayName: John Doe uidNumber: 10000 gidNumber: 5000--> userPassword: johnldap gecos: John Doe loginShell: /bin/bash homeDirectory: /home/john Taken from Ubuntu Server Guide for 12.04
  29. 29. Kerberos!
  30. 30. This is a Kerberos ticket:$ klistTicket cache: FILE:/tmp/krb5cc_1000Default principal: user@NETWORKValid Starting Expires Service principal28/09/12 12:44:10 28/09/12 22:44:10 krbtgt/NETWORK@NETWORK renew until 29/09/12 12:44:09
  31. 31. Finding Kerberos
  32. 32. _kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc1.example.com._kerberos._udp.EXAMPLE.COM. IN SRV 20 0 88 kdc2.example.com._kerberos-master._udp.EXAMPLE.COM. IN SRV 0 0 88 kdc1.example.com._kerberos-adm._tcp.EXAMPLE.COM. IN SRV 0 0 749 kdc1.example.com._kpasswd._udp.EXAMPLE.COM. IN SRV 0 0 464 kdc1.example.com. Taken from "http://www.rjsystems.nl/en/2100-dns-discovery-kerberos.php#srvr"
  33. 33. $ host -t SRV _kerberos._udp_kerberos._udp.example.com has SRV record 20 0 88 kdc2.example.com._kerberos._udp.example.com has SRV record 10 0 88 kdc1.example.com. Taken from "http://www.rjsystems.nl/en/2100-dns-discovery-kerberos.php#srvr"
  34. 34. Back to AAA
  35. 35. RADIUS
  36. 36. DHCP - ISC DHCPDDNS - ISC BINDLDAP - OpenLDAPKerberos - MIT Kerberos
  37. 37. Making It Easy
  38. 38. Questions?@JackWeirdy

×