Sunday, January 1, 2012

Configure SAMBA Server on your Red Hat Enterprise Linux5 (Part-1)


Configuration Samba as a Stand-alone Server on RHEL5

Samba Server is used to share resources from windows to Linux & also Linux to windows. Samba use CIFS file system which use SMB protocol.

SAMBA Provide following Services:

  • File & Printer Sharing
  • Name Resolution
  • Browsing
  • Authentication & Authorization

Basic Configuration

Step-1: Check samba rpm package is installed or not by following this command:
                       
[root@srv1 ~]# rpm -qa | grep –i samba*    or
[root@srv1 ~]#  rpm –qa samba*

samba-common-3.0.33-3.14.el5
samba-swat-3.0.33-3.14.el5 
samba-3.0.33-3.14.el5
samba-client-3.0.33-3.14.el5
system-config-samba-1.2.41-5.el5

If not installed then install the packages using yum command

[root@srv1 ~]# yum Install samba* -y

Step-2: Check and Configure the Network Card:

[root@srv1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

(Modified File):

#Broadcom Corporation Net link BCM57875 Gigabyte Ethernet PCI Express
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0C:29: EB: B2: CA
ONBOOT=yes
TYPE=Ethernet
PEERDNS=no
USERCTL=no
IPV6INIT=no
IPADDR=210.207.201.8
NETMASK=255.255.255.0
NETWORK=210.207.201.0
BROADCAST=210.207.201.255

Step-3:  After complete the NIC configure you have to change the host name by following this                             command:

[root@samba ~]# vi /etc/sysconfig/network

(Modified File):

NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=srv1

After changing you have to reload/restart the NIC(eth0) card by following command:

[root@srv1 ~]# ifdown eth0
[root@srv1 ~]# ifup eth0
[root@srv1 ~]# service network restart

Additional configuration for Samba Server

Creating & Managing Users & Groups:

Step-1: Create A Group Named “samba-users” & define a directory Named “Resources” for sharing resources.

[root@srv1 ~]# groupadd samba-users
[root@srv1 ~]# mkdir /opt/Resources

Step-2: Create some samba users with password & add them into “samba-users” group also defines the “Resources” directory for those users.

[root@srv1 ~]# useradd –g samba-users –d /opt/Resources user1
[root@srv1 ~]# useradd –g samba-users –d /opt/Resources user2
[root@srv1 ~]# useradd –g samba-users –d /opt/Resources administrator
[root@srv1 ~]# smbpasswd –a user1
[root@srv1 ~]# smbpasswd –a user2
[root@srv1 ~]# smbpasswd –a administrator

Step-3: Set samba “root” password for login as “root” user from both windows & Linux machine.

[root@srv1 ~]# smbpasswd –a root

Step-4: Assign the appropriate permission for “Resources” directory against those users.

[root@srv1 ~]# chown root:samba-users /opt/Resources/
[root@srv1 ~]# chmod 750 /opt/Resources/

Step-5: Now create some sub directory into “Resources” directory named “Documents”, “Software”, & “Others

[root@srv1 ~]# mkdir –p /opt/Resources/Documents
[root@srv1 ~]# mkdir –p /opt/Resources/Software
[root@srv1 ~]# mkdir –p /opt/Resources/Others

Step-6: Now set the permission for those sub directories that owner can read, write & delete but others users can not delete the files but should have read & write permission.

[root@srv1 ~]# chown root:samba-users /opt/Resources/Documents
[root@srv1 ~]# chown root:samba-users /opt/Resources/Software
[root@srv1 ~]# chown root:samba-users /opt/Resources/Others
[root@srv1 ~]# chmod 1770 /opt/Resources/Documents
[root@srv1 ~]# chmod 1770 /opt/Resources/Software
[root@srv1 ~]# chmod 1770 /opt/Resources/Others

Step-7: Now create an anonymous accessible directory with read & write permission that anonymous user can access this directory

[root@srv1 ~]# mkdir /opt/Public
[root@srv1 ~]# groupadd anonymous-users
[root@srv1 ~]# useradd –g anonymous-users –d /opt/Public guest
[root@srv1 ~]# useradd –g anonymous-users –d /opt/Public nobody
[root@srv1 ~]# chown root:anonymous-users /opt/Public/
[root@srv1 ~]# chmod 777 /opt/Public/

Step-8: Set blank password for anonymous users that they can access this folder without password

[root@srv1 ~]# smbpasswd –a guest
[root@srv1 ~]# smbpasswd –a nobody

Tips: [One complication is fact that Windows encrypts user passwords differently from Unix/Linux - it uses NTLM hash, rather than the MD5 has commonly found in Linux. Worse still, both of these are one-way algorithms - in other words, there's no way to decrypt the NTLM hash to get back the plaintext password and then re-encrypt that with MD5 to compare against the Linux shadow password file. ]

Main Configuration

You can configure samba to use in different field, such as

ü  Samba can be configured to use as a stand-alone computer in a windows workgroup.
ü  Samba can act as a member server of Windows Network.
ü  Can act as domain controller for both windows & Linux environment.

In this term you will show that how to configure samba to use as a Stand-alone Server. But keep in mind that you cannot configure samba to use all of that at the same time in a same machine. But can configure virtual samba server to use more than one samba server, that will described next tutorial.

Configuring Samba as a Standalone Server:

            A stand-alone computer can be a workgroup server or a member of a workgroup environment. A stand-alone server is not a domain controller and does not participate in a domain in any way. 

Step-1: To configure Samba as a Stand-alone server on windows platform, then edit the smb.conf file as like below.

[root@srv1 ~]# vi /etc/samba/smb.conf

#======================= Global Settings =========================

# ----------------------- Network Related Options -------------------------

     workgroup = ALPHABD
     server string = Stand-alone Server
     netbios name = srv1
     hosts allow = 127. 210.207.201.

# --------------------------- Logging Options -----------------------------

     log file = /var/log/samba/%m.log
     max log size = 1000

# -------------------- Standalone Server Options -------------

     security = user
     passdb backend = tdbsam
encrypt password = yes

#----------------------------- Name Resolution -------------------------------

     wins support = yes

#========================== Share Definitions ======================

;    [homes]
;    comment = Home Directories
;    browseable = yes
;    writable = yes
;    valid users = %S
;    valid users = ALPHABD\%S

[Resources]
     comment = All Resources for ALPHABD
     browseable = yes  //shares will appear or not in My Network Places.
     path = /opt/Resources
     public = no
     writable = no
     printable = no
     guest ok = no
     read only = yes
     fource group = samba-users
     fource user = Administrator root
     write list = +samba-users
     valid users = samba-users

# Use this lines if you want members of that group but not others to be able to read or write files and folder in this share.

     create mask = 0770
     force create mode = 0660
     directory mask = 0770
force directory mode = 0770

[public]
     comment = Anonymous user Accessible Directory
     path = /opt/Public
     public = yes
     writable = yes
     printable = no
     write list = +anonymous
     Guest only = no
     Guest ok = yes
     Guest account = guest nobody
     no password = yes
     valid users = anonymous-users

Sharing & Accessing Samba Share

Step1: Accessing shared Resources from Windows machine:

Double Click on My Network Place → Click “Entire Network”→ Microsoft Windows Network → Double Click on ALPHABD icon → here you will show the Samba Server & all Windows machine → Double Click Samba Server → Double click your Share resources & create, delete, copy/paste everything you can do now.

            You can also use your home directory by using Network Drive to do this Double Click on My Computer icon → Follow the Network Device Section → Double click a Drive then put you necessary documents in to it.

Step-2: Accessing share resources by mounting Linux share on windows machine:

Samba is a program which allows you to share your files between Linux and Windows. Your Statistics Samba share contains all of your Linux files. By mounting the Samba share on your Windows machine, you will be able to access your files across the operating systems.
 
Scenario:
 
Suppose you have some confidential files that exist on a Windows machine are not backed up by the department and are subject to be erased without notice. If your Windows machine crashes, you could permanently lose your files. Only files saved in your Samba share are backed up. Please make it a practice to keep your Windows files on your Samba share.

 You must first enable security protocol on windows machine. In order to mount Linux shares (such as \\samba, Z: drive) on a Windows XP system, you must force XP to use the NTLM protocol as well as NTLM2.


1.      Select Start → Run and type “secpol.msc”. Press “Enter” or Start → Program → Administrative Tools → Local Security Policy.
2.       Expand the Local policies Container → Security Options.
3.      Locate “Network Security: LAN Manger authentication level” → Double Click.
4.      Change the setting it from “Send LM & NTLM responses” to “Send LM & NTLM – useNTLMv2 session security if negotiated” → OK.
5.      Open My Computer → Tools → Map Network Drive.
6.      Click on “Drive: “drop down menu & choose A drive Letter (Z :)
7.      Click Browse → Select Entire Network → Microsoft windows Network → Choose you workgroup/domain name → Select Samba Machine → Select A share folder that you want to map with windows → OK.
8.      Make Sure the “Reconnect at Logon” box is checked → Finish.
9.      Samba should now be Visible in “My Computer”.
Step-3: Sharing windows Resources that you can access from Linux machine

You can also share so many Resources of windows machine for accessing from Linux machine. You can share CD-ROM, DVD, floppy or hard disk drive installed on a Windows machine. In this section I'll show you how to share a CD-ROM drive from windows machine & also how to access it from Linux machine.

The Windows client machine should be setup first as a member of a Samba domain or workgroup. The next step is to make the CD-ROM drive shared. The steps you used depend on which version of Windows you have.

For Windows XP

  1. Double click 'My Computer'
  2. Right click on the CD-ROM drive and choose ' Properties' then Sharing
  3. Set the Share Name as 'cdrom' and the appropriate access control
  4. Logout and login again as normal using your current login

After you have completed this task, you'll have to go to the next step of testing your configuration.

Step-4: Mount the shared CD-ROM drive on Linux machine and put a share definition on smb.conf file that you can access it from both Linux & all other windows machine. To do it follow the below.
 
[root@ srv1]# mkdir /opt/CDROM
[root@ srv1]# chown root:samba-users /opt/CDROM
[root@ srv1]# smbmount //IP or machine name/Share_name /opt/CDROM 
OR
[root@ srv1]# mount –t smbfs //IP or machine name/share_name /opt/CDROM
 
After that you should permanently mount the drive that it can load the share on every restart.
 
[root@ ~]# vi /etc/fstab
 
Then type this path following by space or tab key
 
//windows_IP/Share_name    /opt/CDROM   smbfs    username=nobody  0 0
           
Now put a share definition in to the share section on smb.conf

From Linux machine:

[root@ srv1]# smbclient –L //Win_IP 

Now you can use various command like: - dir, cd, put, get, pwd, ls, mget, q etc

Testing the Samba Configuration File

            To test the configuration file for syntax errors, use the “testparm” command. It will also list all settings currently in place, including defaults that may not appear in the configuration file.

[root@samba ~]# testparm –v

Testing Share Configuration:

Use the smbclient command to test your share. You should substitute the name of your Windows client PC for "Client1," and in place of "username" provide a valid workgroup/domain username that normally has access to the Windows client. You should get output like this when using the username's corresponding password:

[root@srv1 ~]# smbclient -L Client1 -U user1

1 comments:

  1. Hi Admin,
    Actually i wants to get my career foundation on Linux so i have planned to take Linux Administration and got certification also, now am searching a blog related to linux, i had more useful info's in your post, keep sharing your updates relevant to linux for helping the beginner like me.

    ReplyDelete