Key System Components

In no particular order. N.B. This is not intended to 100% accurate technically speaking, but it should give an overview of the involved system components.

• Click here for description by functionality.
• Click here for a listing describing which system component runs where.
• Click here for a listing of the (incoming) Cisco ports needing to be open for the correct operation of the system
• Click here for a listing of the directories used by the system
• Click here for a description of the config files used by the system

Samba

Samba provides the windows file and print services.

• allows users on Windows workstation to access their homedirectory.
• provides central time to workstations.
• handles workstation/user authentication.
• handles user profiles
• WINS windows SMB name server.
• Handles user authentication for Squid
• Allows windows machines to print to network printers.

Can be configured.

LPRng Unix printer deamon (lpd)

• handles the centralized management of printers

Apache web server

• serves school's and students' web pages to internal & external browsers
• needed as a infrastructure of Webmin and the IMP webmail server
• stores the proxy.pac proxy configuration for netscape
• serves "empty" pages to local clients where normally cookie-infested banner advertisements would be

Can be configured.

---

Mail

Sendmail

Sendmail handles the sending and delivery of email. Clients connect directly to sendmail for sending mail, but connect to imap for reading their mail. Can be configured.

Imapd

The Internet Mail Access Protocol Daemon serves out e-mail to individual clients (such as netscape or imp). It allows users to browse their mail and organize it into folders.

IMP

IMP is the web mail server; it is written in PHP, it runs over Apache connects to mail server via the imap protocol (browsing mail) and sendmail (sending mail), and servers it to the client via http.

It allows people to browse their LTNB mail from anywhere in the world, from a simple Web browser.

---

Unix networking

NIS/YP

The Network Information Service, also known as yellow pages distributes information like usernames, passwords (encrypted), home directory location etc to other Unix systems. This service is not needed for the Windows clients, it is only necessary for Unix clients such as telco1 (modem server) and the Linux workstations in the conference and physics.

NFS

The Network file system is used for file sharing among Unix systems, used in conjunction with NIS/YP to allow Unix users to have access to their home directory from any Unix machine (telco, conference, physics) in the network.

Identd

Identd is the Unix identification deamon.

If machine A receives a network connection from machine B, A can query identd on B to know which user on B owns that network connection. This is used by squid to authenticate users surfing from Linux machines.

---

XNTPD

The eXtended Netword Time Protocol Daemon is responsible for time synchronisation, and has the following purposes:

1. gets the precise time from the internet (and acts thus as the primary time source, which samba reads and sends to the clients on login)
2. synchronizes the Linux machines among each other.

Bind DNS

The Berkeley Internet Naming Daemon is our Domain name server, and handles host name to IP translation:

1. It resolves external network names on behalf of internal clients (for instance, if one of our machines asks for the IP address of www.pt.lu, our DNS supplies it). In order to do so, it talks to other DNS servers around the world (in our example, ns.pt.lu)
2. It resolves internal network names on behalf of internal and external clients (for instance
3. It redirects a few addresses of well known advertising services to our own web servers, so that it can supply empty pages instead

Can be configured.

Ipchains

Ipchains handles the packet filtering (firewall). It blocks any connection attempts which may subvert the system.

Squid

Squid is a caching proxy for the http (www) protocol. Everytime a web page is requested from inside the LTNB, the request is handled by the Squid. Squid requests the page from the original web server, and when the answer arrives, Squid not only supplies it to the requesting browser, but also keeps a copy of it in its cache. It can then serve that copy on subsequent requests for the same page, without needing to fetch it from outside again. Of course dates on pages are checked to make sure the page hasn't changed since (checking dates is much quicker than requesting the entire page).

Squid also handles user authentication for web browsing, in co-operation with samba and identd. Can be configured.

Quota

Quota is a daemon that checks disk usage and enforces storage limits on users. Quota does not only keept track of disk usage in the user's home directory, but everywhere on the disk volume for which it is activated (including ecole and membres directories). Two limits are set: a "soft" limit and a "hard" limit. When the soft limit is reached, the user (and root) gets a warning mail. When the hard limit is reached, the user can no longer create any further files.

Dhcpd

DHCPD is a server that allocates IP addresses to (booting) computers that request one.

---

Dialin networking

I4l

I4L (Isdn for Linux) handles the ISDN line (522508), and the connections to that line. In Isdn, authentication is done by calling number.

Mgetty

Mgetty handles the serial lines (521632) to which the modems are connected. Authentication is done using username and password.

pppd

PPPD (point-to-point protocol daemon) sets up the TCP/IP connectivity with the computer connected through the modem.

---

SSH

SSH (tm) (Secure shell) is an intercept-proof remote login facility; useful for remote maintainance; can be blocked in the firewall.

Perl

Perl is a programming language; used for most of the LLL-specific system components, such as webmin and userd.

Php

PHP is a programming language used on the webserver apache, used for the Imp webmail server.

Netscape

Netscape is the internet web client (browser); it is also used for handling mail; it connects to Squid, Apache, SMTP (sendmail) and imap.

Webmin

Webmin is a http based utility giving a GUI for administration of most of the system components; includes specific modules for LLL administration; written in Perl. There is a webmin running on ltnb0 (user configuration, dhcp configuration, windows client configuration) at the address http://webmin.ltnb.lu/ and another one on ltnb10 (firewall configuration, squid configuration): http://ltnb10.ltnb.lu:10000/. Webmin help is available online at http://webmin.ltnb.lu/help.cgi/school/intro

Userd

Userd is the backend for webmin, it is also written in Perl, and resides in /home/admin/userd on ltnb0. The functionality of the ltnb10 webmin does not need userd, hence there is none on ltnb10.

Layout of user directories is available here.

Pdf converter

If you print to the pdfconf printer, your printjob is automatically converted to PDF, and mailed back to you, ready for forwarding by mail/putting it on the Web. PDF is the preferred format for exchanging printable documents; indeed, it is a portable format.