Skip to content

LPIC-3 Exam 300 Topics

  • Open LDAP Configuration
  • Open LDPA as an Authentication Backnd
  • Samba Basics
  • Samba Share Configuration
  • Samba User and Group Management
  • Samba Domain Integration
  • Samba Name Services
  • Working with Linux and Windows Clients


LPIC-3 Exam 303 Topics
Cryptography
Host Security
Access Control
Network Security

LPIC-3 Exam 304 Topics

  • Cloud Engineer
  • Cloud Administrator
  • Virtualization Expert
  • High Availability Expert
  • Enterprise Architect


Prerequisites

You must have an active LPIC-2 certification to receive LPIC-3 certification, but the LPIC-2 and LPIC-3 exams may taken in any order.To become LPIC-3 certified, a candidate with an active LPIC-2 certification must pass at least one of the specialty exams.

Why take the LPIC-3 Exam?

LPIC-3 is designed for the enterprise-level Linux professional and represents the highest level of professional, distribution-neutral Linux certification within the industry.

What jobs can I get with the LPIC-3 300 Certification?

  • Samba Expert
  • System Integrator
  • Enterprise Architect

What jobs can I get with the LPIC-3 303 Certification?

  • Security Expert
  • Security Consultant
  • Enterprise Architect

What jobs can I get with the LPIC-3 304 Certification?

  • Cloud Engineer
  • Cloud Administrator
  • Virtualization Expert
  • High Availability Expert
  • Enterprise Architect


What are the exam objectives?

Topic 390: OpenLDAP Configuration
390.1 OpenLDAP Replication

Description: Candidates should be familiar with the server replication available with OpenLDAP.

Weight: 3

Key Knowledge Areas:

  • Replication concepts
  • Configure OpenLDAP replication
  • Analyze replication log files
  • Understand replica hubs
  • LDAP referrals
  • LDAP sync replication

The following is a partial list of the used files, terms and utilities:

  • master / slave server
  • multi-master replication
  • consumer
  • replica hub
  • one-shot mode
  • referral
  • syncrepl
  • pull-based / push-based synchronization
  • refreshOnly and refreshAndPersist
  • replog

390.2 Securing the Directory
Description: Candidates should be able to configure encrypted access to the LDAP directory, and restrict access at the firewall level.
Weight: 3

Key Knowledge Areas:

  • Securing the directory with SSL and TLS
  • Firewall considerations
  • Unauthenticated access methods
  • User / password authentication methods
  • Maintenance of SASL user DB
  • Client / server certificates


Terms and Utilities:

SSL / TLS
Security Strength Factors (SSF)
SASL
proxy authorization
StartTLS
iptables

390.3 OpenLDAP Server Performance Tuning
Weight: 2

Description: Candidates should be capable of measuring the performance of an LDAP server, and tuning configuration directives.

Key Knowledge Areas:

  • Measure OpenLDAP performance
  • Tune software configuration to increase performance
  • Understand indexes

Terms and Utilities:

index
DB_CONFIG

Topic 391: OpenLDAP as an Authentication Backend
391.1 LDAP Integration with PAM and NSS
Weight: 2

Description: Candidates should be able to configure PAM and NSS to retrieve information from an LDAP directory.

Key Knowledge Areas:

  • Configure PAM to use LDAP for authentication
  • Configure NSS to retrieve information from LDAP
  • Configure PAM modules in various Unix environments

Terms and Utilities:

PAM
NSS
/etc/pam.d/
/etc/nsswitch.conf

391.2 Integrating LDAP with Active Directory and Kerberos
Weight: 2

Description: Candidates should be able to integrate LDAP with Active Directory Services.

Key Knowledge Areas:

  • Kerberos integration with LDAP
  • Cross platform authentication
  • Single sign-on concepts
  • Integration and compatibility limitations between OpenLDAP and Active Directory

Terms and Utilities:

Kerberos
Active Directory
single sign-on
DNS

Topic 392: Samba Basics
392.1 Samba Concepts and Architecture
Weight: 2

Description: Candidates should understand the essential concepts of Samba. As well, the major differences between Samba3 and Samba4 should be known.

Key Knowledge Areas:

  • Understand the roles of the Samba daemons and components
  • Understand key issues regarding heterogeneous networks
  • Identify key TCP/UDP ports used with SMB/CIFS
  • Knowledge of Samba3 and Samba4 differences

The following is a partial list of the used files, terms and utilities:

/etc/services
Samba daemons: smbd, nmbd, samba, winbindd

392.2 Configure Samba
Weight: 4
Description: Candidates should be able to configure the Samba daemons for a wide variety of purposes.

Key Knowledge Areas:

  • Knowledge of Samba server configuration file structure
  • Knowledge of Samba variables and configuration parameters
  • Troubleshoot and debug configuration problems with Samba

Terms and Utilities:

smb.conf
smb.conf parameters
smb.conf variables
testparm
secrets.tdb

392.3 Regular Samba Maintenance
Weight: 2

Description: Candidates should know about the various tools and utilities that are part of a Samba installation.

Key Knowledge Areas:

  • Monitor and interact with running Samba daemons
  • Perform regular backups of Samba configuration and state data

Terms and Utilities:

smbcontrol
smbstatus
tdbbackup

392.4 Troubleshooting Samba
Weight: 2

Description: Candidates should understand the structure of trivial database files and know how troubleshoot problems.

Key Knowledge Areas:

  • Configure Samba logging
  • Backup TDB files
  • Restore TDB files
  • Identify TDB file corruption
  • Edit / list TDB file content

Terms and Utilities:

/var/log/samba/
log level
debuglevel
smbpasswd
pdbedit
secrets.tdb
tdbbackup
tdbdump
tdbrestore
tdbtool

392.5 Internationalization
Weight: 1

Description: Candidates should be able to work with internationalization character codes and code pages.

Key Knowledge Areas:

  • Understand internationalization character codes and code pages
  • Understand the difference in the name space between
  • Windows and Linux/Unix with respect to share, file and directory names in a non-English environment
  • Understand the difference in the name space between
  • Windows and Linux/Unix with respect to user and group naming in a non-English environment
  • Understand the difference in the name space between
  • Windows and Linux/Unix with respect to computer naming in a non-English environment

Terms and Utilities:

internationalization
character codes
code pages
smb.conf
dos charset, display charset and unix charset
Topic 393: Samba Share Configuration
393.1 File Services
Weight: 4

Description: Candidates should be able to create and configure file shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure file sharing
  • Plan file service migration
  • Limit access to IPC$
  • Create scripts for user and group handling of file shares
  • Samba share access configuration parameters

Terms and Utilities:

smb.conf
[homes]
smbcquotas
smbsh
browseable, writeable, valid users, write list, read list, read only and guest ok
IPC$
mount, smbmount

393.2 Linux File System and Share/Service Permissions
Weight: 3

Description: Candidates should understand file permissions on a Linux file system in a mixed environment.

Key Knowledge Areas:

  • Knowledge of file / directory permission control
  • Understand how Samba interacts with Linux file system permissions and ACLs
  • Use Samba VFS to store Windows ACLs

Terms and Utilities:

smb.conf
chmod, chown
create mask, directory mask, force create mode, force directory mode
smbcacls
getfacl, setfacl
vfs_acl_xattr, vfs_acl_tdb and vfs objects

393.3 Print Services
Weight: 2

Description: Candidates should be able to create and manage print shares in a mixed environment.

Key Knowledge Areas:

  • Create and configure printer sharing
  • Configure integration between Samba and CUPS
  • Manage Windows print drivers and configure downloading of print drivers
  • Configure [print$]
  • Understand security concerns with printer sharing
  • Uploading printer drivers for Point’n’Print driver installation using ‘Add Print Driver Wizard’ in Windows

Terms and Utilities:

smb.conf
[print$]
CUPS
cupsd.conf
/var/spool/samba/.
smbspool
rpcclient
net
Topic 394: Samba User and Group Management
394.1 Managing User Accounts and Groups
Weight: 4

Description: Candidates should be able to manage user and group accounts in a mixed environment.

Key Knowledge Areas:

  • Manager user and group accounts
  • Understand user and group mapping
  • Knowledge of user account management tools
  • Use of the smbpasswd program
  • Force ownership of file and directory objects

Terms and Utilities:

pdbedit
smb.conf
samba-tool user (with subcommands)
samba-tool group (with subcommands)
smbpasswd
/etc/passwd
/etc/group
force user, force group.
idmap

394.2 Authentication, Authorization and Winbind
Weight: 5

Description: Candidates should understand the various authentication mechanisms and configure access control. Candidates should be able to install and configure the Winbind service.

Key Knowledge Areas:

  • Setup a local password database
  • Perform password synchronization
  • Knowledge of different passdb backends
  • Convert between Samba passdb backends
  • Integrate Samba with LDAP
  • Configure Winbind service
  • Configure PAM and NSS

Terms and Utilities:

smb.conf
smbpasswd, tdbsam, ldapsam
passdb backend
libnss_winbind
libpam_winbind
libpam_smbpass
wbinfo
getent
SID and foreign SID
/etc/passwd
/etc/group
Topic 395: Samba Domain Integration
395.1 Samba as a PDC and BDC
Weight: 3

Description: Candidates should be able to setup and maintain primary and backup domain controllers. Candidates should be able to manage Windows/Linux client access to the NT-Style domains.

Key Knowledge Areas:

  • Understand and configure domain membership and trust relationships
  • Create and maintain a primary domain controller with Samba3 and Samba4
  • Create and maintain a backup domain controller with Samba3 and Samba4
  • Add computers to an existing domain
  • Configure logon scripts
  • Configure roaming profiles
  • Configure system policies

Terms and Utilities:

smb.conf
security mode
server role
domain logons
domain master
logon script
logon path
NTConfig.pol
net
profiles
add machine script
profile acls

395.2 Samba4 as an AD compatible Domain Controller
Weight: 3

Description: Candidates should be able to configure Samba 4 as an AD Domain Controller.

Key Knowledge Areas:

  • Configure and test Samba 4 as an AD DC
  • Using smbclient to confirm AD operation
  • Understand how Samba integrates with AD services: DNS,
  • Kerberos, NTP, LDAP

Terms and Utilities:

smb.conf
server role
samba-tool domain (with subcommands)
samba

395.3 Configure Samba as a Domain Member Server
Weight: 3

Description: Candidates should be able to integrate Linux servers into an environment where Active Directory is present.

Key Knowledge Areas:

  • Joining Samba to an existing NT4 domain
  • Joining Samba to an existing AD domain
  • Ability to obtain a TGT from a KDC

Terms and Utilities:

smb.conf
server role
server security
net command
kinit, TGT and REALM
Topic 396: Samba Name Services
396.1 NetBIOS and WINS
Weight: 3

Description: Candidates should be familiar with NetBIOS/WINS concepts and understand network browsing.

Key Knowledge Areas:

  • Understand WINS concepts
  • Understand NetBIOS concepts
  • Understand the role of a local master browser
  • Understand the role of a domain master browser
  • Understand the role of Samba as a WINS server
  • Understand name resolution
  • Configure Samba as a WINS server
  • Configure WINS replication
  • Understand NetBIOS browsing and browser elections
  • Understand NETBIOS name types

Terms and Utilities:

smb.conf
nmblookup
smbclient
name resolve order
lmhosts
wins support, wins server, wins proxy, dns proxy
domain master, os level, preferred master

396.2 Active Directory Name Resolution
Weight: 2

Description: Candidates should be familiar with the internal DNS server with Samba4.

Key Knowledge Areas:

  • Understand and manage DNS for Samba4 as an AD Domain Controller
  • DNS forwarding with the internal DNS server of Samba4

Terms and Utilities:

samba-tool dns (with subcommands)
smb.conf
dns forwarder
/etc/resolv.conf
dig, host
Topic 397: Working with Linux and Windows Clients
397.1 CIFS Integration
Weight: 3

Description: Candidates should be comfortable working with CIFS in a mixed environment.

Key Knowledge Areas:

  • Understand SMB/CIFS concepts
  • Access and mount remote CIFS shares from a Linux client
  • Securely storing CIFS credentials
  • Understand features and benefits of CIFS
  • Understand permissions and file ownership of remote CIFS shares

Terms and Utilities:

SMB/CIFS
mount, mount.cifs
smbclient
smbget
smbtar
smbtree
findsmb
smb.conf
smbcquotas
/etc/fstab

397.2 Working with Windows Clients
Weight: 2

Description: Candidates should be able to interact with remote Windows clients, and configure Windows workstations to access file and print services from Linux servers.

Key Knowledge Areas:

  • Knowledge of Windows clients
  • Explore browse lists and SMB clients from Windows
  • Share file / print resources from Windows
  • Use of the smbclient program
  • Use of the Windows net utility

Terms and Utilities:

Windows net command
smbclient
control panel
rdesktop
workgroup

Privacy Policy