An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)

An Open Source Network
Infrastructure
(Is OS Software suitable for SMEs?)
Jack Wearden
@JackWeirdy
Barcamp Blackpool 2012

AAA
Authentication, Authorisation and Accounting

DHCP
Dynamic Host Configuration Protocol

LDAP
Lightweight Directory Access Protocol

RADIUS
Remote Authentication Dial In User Service

CIFS
Common Internet File System

authoritative;
default-lease-time 600;
max-lease-time 7200;
subnet 10.20.40.0 netmask 255.255.252.0 {
range 10.20.42.1 10.20.43.254;
option domain-name "network";
option domain-name-servers 10.20.40.1, 10.20.40.2;
option routers 10.20.40.11;
option ntp-servers 10.20.40.1;
}

DHCP Based on DORA model:
Discovery, Offer, Response, Acknowledgement

From Client To 255.255.255.255:67
Message type: Boot Request (1)
Hardware type: Ethernet
Transaction ID: 0x2da9d67f
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: 80:00:27:bc:59:29
Magic cookie: DHCP
Option: (t=53,l=1) DHCP Message Type = DHCP Request
Option: (t=12,l=9) Host Name = "testmachine"
Option: (t=55,l=17) Parameter Request List
1 = Subnet Mask
2 = Time Offset
3 = Router
6 = Domain Name Server
12 = Host Name
15 = Domain Name
26 = Interface MTU
28 = Broadcast Address
42 = Network Time Protocol Servers
44 = NetBIOS over TCP/IP Name Server
47 = NetBIOS over TCP/IP Scope
119 = Domain Search [TODO:RFC3397]
121 = Classless Static Route
249 = Private/Classless Static Route (Microsoft)
252 = Private/Proxy autodiscovery
End Option

From Server to [MAC]:68
Message type: Boot Reply (2)
Bootp flags: 0x0000 (Unicast)
Your (client) IP address: 10.20.42.5
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (t=53,l=1) DHCP Message Type = DHCP ACK
Option: (t=54,l=4) DHCP Server Identifier = 10.20.40.1
Option: (t=51,l=4) IP Address Lease Time = 600
Option: (t=1,l=4) Subnet Mask = 255.255.252.0
Option: (t=3,l=4) Router = 10.20.40.1
Option: (t=6,l=8) Domain Name Server
IP Address: 10.20.40.1
End Option

From Server to [MAC]:68
Message type: Boot Reply (2)
Bootp flags: 0x0000 (Unicast)
Your (client) IP address: 10.20.42.5
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (t=53,l=1) DHCP Message Type = DHCP ACK
Option: (t=54,l=4) DHCP Server Identifier = 10.20.40.1
--> Option: (t=51,l=4) IP Address Lease Time = 600
Option: (t=1,l=4) Subnet Mask = 255.255.252.0
Option: (t=3,l=4) Router = 10.20.40.1
Option: (t=6,l=8) Domain Name Server
End Option

From Client To 255.255.255.255:67
Magic cookie: DHCP
--> Option: (t=50,l=4) Requested IP Address = 10.20.42.5
Option: (t=12,l=9) Host Name = "testmachine"
1 = Subnet Mask
2 = Time Offset
3 = Router
12 = Host Name
15 = Domain Name
26 = Interface MTU
End Option

/var/lib/dhcp/dhcpd.leases:
lease 10.20.42.5 {
starts 4 2012/09/13 22:16:20;
ends 4 2012/09/13 22:26:20;
tstp 4 2012/09/13 22:26:20;
cltt 4 2012/09/13 22:16:20;
binding state free;
hardware ethernet 80:00:27:bc:59:29;
}

From Client To 255.255.255.255:67
Magic cookie: DHCP
Option: (t=50,l=4) Requested IP Address = 10.20.42.5
--> Option: (t=12,l=9) Host Name = "testmachine"
1 = Subnet Mask
2 = Time Offset
3 = Router
12 = Host Name
15 = Domain Name
26 = Interface MTU
End Option

$ nslookup testmachine.network
Server: 10.20.40.1
Address: 10.20.40.1#53
Name: testmachine.network
Address: 10.20.42.5
$ nslookup 10.20.42.5
Server: 10.20.40.1
Address: 10.20.40.1#53
5.42.20.10.in-addr.arpa name = testmachine.network.

dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
userPassword: johnldap
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john
Taken from Ubuntu Server Guide for 12.04

dn: ou=People,dc=example,dc=com
objectClass: organizationalUnit
ou: People
dn: ou=Groups,dc=example,dc=com
objectClass: organizationalUnit
ou: Groups
dn: cn=miners,ou=Groups,dc=example,dc=com
objectClass: posixGroup
cn: miners
gidNumber: 5000

dn: uid=john,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: john
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
uidNumber: 10000
gidNumber: 5000
--> userPassword: johnldap
gecos: John Doe
loginShell: /bin/bash
homeDirectory: /home/john

This is a Kerberos ticket:
$ klist
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: user@NETWORK
Valid Starting Expires Service principal
28/09/12 12:44:10 28/09/12 22:44:10 krbtgt/NETWORK@NETWORK
renew until 29/09/12 12:44:09

_kerberos._udp.EXAMPLE.COM. IN SRV 10 0 88 kdc1.example.com.
_kerberos._udp.EXAMPLE.COM. IN SRV 20 0 88 kdc2.example.com.
_kerberos-master._udp.EXAMPLE.COM. IN SRV 0 0 88 kdc1.example.com.
_kerberos-adm._tcp.EXAMPLE.COM. IN SRV 0 0 749 kdc1.example.com.
_kpasswd._udp.EXAMPLE.COM. IN SRV 0 0 464 kdc1.example.com.
Taken from
"http://www.rjsystems.nl/en/2100-dns-discovery-kerberos.php#srvr"

$ host -t SRV _kerberos._udp
_kerberos._udp.example.com has SRV record 20 0 88 kdc2.example.com.
_kerberos._udp.example.com has SRV record 10 0 88 kdc1.example.com.
Taken from
"http://www.rjsystems.nl/en/2100-dns-discovery-kerberos.php#srvr"

I DHCP - ISC DHCPD
I DNS - ISC BIND
I LDAP - OpenLDAP
I Kerberos - MIT Kerberos

An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (18)

Similar to An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)

Similar to An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?) (20)

An Open Source Network Infrastructure (Is OS Software Suitable for SMEs?)