Configure SAMBA Server on your Red Hat Enterprise Linux5 (Part-2)

Configure samba as a Member Server of windows domain

A domain member server is similar to a stand-alone server that is logged in to a windows based (Server 2003) domain controller. An example of a domain member server would be a departmental server that is running Samba Server which has a machine account in Primary domain controller on a windows machine (Server 2003). All of the department's clients can authenticate with the PDC, and desktop profiles and all network policy files are included. The difference is that the departmental server has the ability to control printer and network shares. 

Preparing windows server 2003 as a domain controller:

Operating System:      Windows Server 2003 Enterprise Edition

Machine Name:           wdc01

Machine IP:                 210.207.201.100

Domain Name:            alphabd.net

FQDN:                        wdc1.alphabd.net

Step-1: Install & Configure DNS server on windows server 2003

            Start → Program → Administrative tools → Configure Your Server Wizard → Next → Next → Custom Configuration → Next → Select DNS → Next → Next → wait a moment → Next

            Select Create forward and reverse lookup zones (2^nd option) → Next → Select Yes create a forward lookup zone now → Next → Primary zone → Next → Provide zone name into the Zone name field as “alphabd.net” → Next → keep the default settings → Next → Select “Allow both nonsecure and secure dynamic update → Next

            Select Yes create a reverse lookup zone now → Next → Primary zone → Next → Type “210.207.201.” in to the Network ID field → Next → Keep the default settings → Next → Select “Allow both nonsecure and secure dynamic update → Next → Next → Cancel → Finish → OK → Finish → Manager the server wizard page will display, close the page.

Edit the DNS Resources Record

HOST Add (A):

            Start → Program → Administrative tools → DNS → Right click on “wdc01” → All tasks → Restart → Expand the Forward lookup zones → Right click on “alphabd.net” → New host (A) → Type “wdc01” in to the Name field → Type “210.207.201.100” in to the IP address field → Select the “Create associated pointer (PTR) record” check box → Add Host → OK → Done

PTR Record defines:

            Expand the Reverse lookup zone → Select “210.207.201.x Subnet” from the right pane you will see that the PTR record is added automatically, if not added then Right click on Right pane → Refresh

SOA & Name Server Record define:

Expand Forward lookup Zone → Click alphabd.net → Double click on Start of Authority (SOA) → Ensure that SOA tab is selected → Click Browse from the Primary server: section → Then double click on your machine name (in this case my machine is wdc01) → Double click on Forward lookup Zone → alphabd.net double click → Select wdc01 → OK

Click Browse from the Responsible person: section → Then double click on your machine name (in this case my machine is wdc01) → Double click on Forward lookup Zone → Select All Record From the Record type section → Double click on alphabd.net → Select wdc01 → OK → Just remove the wdc01 and type hostmaster → OK

Do the Same Task into the Reverse Lookup Zone file.

Name Server Record Edit:

From the Forward lookup Zone Double Click on Name Server record → Edit → Type the Full name of the DNS domain (wdc01.alphabd.net.) → Click Resolve → OK

Do the Same Task into the Reverse Lookup Zone file.

Prepare Samba for acting as Member Server

 Basic Configuration

Step-1: Check samba rpm package is installed or not by following this command:

                       

[root@srv1 ~]# rpm -qa | grep –i samba*    or

[root@srv1 ~]#  rpm –qa samba*

samba-common-3.0.33-3.14.el5

samba-swat-3.0.33-3.14.el5 

samba-3.0.33-3.14.el5

samba-client-3.0.33-3.14.el5

system-config-samba-1.2.41-5.el5

If not installed then install the packages using yum command

[root@srv1 ~]# Yum Install samba* -y 

Step-2: Check and Configure the Network Card:

[root@srv1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0

(Modified File):

#Broadcom Corporation Net link BCM57875 Gigabyte Ethernet PCI Express

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29: EB: B2: CA

ONBOOT=yes

TYPE=Ethernet

PEERDNS=no

USERCTL=no

IPV6INIT=no

IPADDR=210.207.201.8

NETMASK=255.255.255.0

NETWORK=210.207.201.0

BROADCAST=210.207.201.255

After changing you have to reload/restart the NIC(eth0) card by following command:

[root@srv1 ~]# ifdown eth0

[root@srv1 ~]# ifup eth0

[root@srv1 ~]# service network restart

Step-3: After complete the NIC configure you have to change the host name by following this command:

[root@samba ~]# vi /etc/sysconfig/network

(Modified File):

NETWORKING=yes

NETWORKING_IPV6=no

HOSTNAME=srv1

Additional configuration for Samba Server

Creating & Managing Users & Groups:

Step-1: Create A Group Named “samba-users” & define a directory Named “Resources” for sharing resources.

[root@srv1 ~]# groupadd samba-users

[root@srv1 ~]# mkdir /opt/Resources

Step-2: Create some samba users with password & add them into “samba-users” group also defines the “Resources” directory for those users.

[root@srv1 ~]# useradd –g samba-users –d /opt/Resources user1

[root@srv1 ~]# useradd –g samba-users –d /opt/Resources user2

[root@srv1 ~]# useradd –g samba-users –d /opt/Resources administrator

[root@srv1 ~]# smbpasswd –a user1

[root@srv1 ~]# smbpasswd –a user2

[root@srv1 ~]# smbpasswd –a administrator

Step-3: Set samba “root” password for login as “root” user from both windows & Linux machine.

[root@srv1 ~]# smbpasswd –a root

Step-4: Assign the appropriate permission for “Resources” directory against those users.

[root@srv1 ~]# chown root:samba-users /opt/Resources/

[root@srv1 ~]# chmod 750 /opt/Resources/

Step-5: Now create some sub directory into “Resources” directory named “Documents”, “Software”, & “Others”

[root@srv1 ~]# mkdir –p /opt/Resources/Documents

[root@srv1 ~]# mkdir –p /opt/Resources/Software

[root@srv1 ~]# mkdir –p /opt/Resources/Others

Step-6: Now set the permission for those sub directories that owner can read, write & delete but others users can not delete the files but should have read & write permission.

[root@srv1 ~]# chown root:samba-users /opt/Resources/Documents

[root@srv1 ~]# chown root:samba-users /opt/Resources/Software

[root@srv1 ~]# chown root:samba-users /opt/Resources/Others

[root@srv1 ~]# chmod 1770 /opt/Resources/Documents

[root@srv1 ~]# chmod 1770 /opt/Resources/Software

[root@srv1 ~]# chmod 1770 /opt/Resources/Others

Step-7: Now create an anonymous accessible directory with read & write permission that anonymous user can access this directory

[root@srv1 ~]# mkdir /opt/Public

[root@srv1 ~]# groupadd anonymous-users

[root@srv1 ~]# useradd –g anonymous-users –d /opt/Public guest

[root@srv1 ~]# useradd –g anonymous-users –d /opt/Public nobody

[root@srv1 ~]# chown root:anonymous-users /opt/Public/

[root@srv1 ~]# chmod 777 /opt/Public/

Step-8: Set blank password for anonymous users that they can access this folder without password

[root@srv1 ~]# smbpasswd –a guest

[root@srv1 ~]# smbpasswd –a nobody

Server Configuration

Step-1: To configure Samba as a member server of windows domain controller edits the smb.conf file as like below

[root@srv1 ~]# vi /etc/samba/smb.conf

#==================== Global Settings ================

      workgroup = ALPHABD

      server string = Member Server

      netios name = SRV1

      hosts allow = 127. 210.207.201.

# --------------------------- Logging Options -----------------------------

      log file = /var/log/samba/%m.log

      max log size = 50

# ----------------------- Domain Members Options ------------------------

      security = ADS

      passdb backend = tdbsam

      realm = ALPHABD.NET

      password server = *

      encrypt password = yes

# ----------------------- Browser Control Options ----------------------------

      local master = no

      os level = 33

      preferred master = no

#----------------------------- Name Resolution -------------------------------

      wins support = yes

# --------------------------- Printing Options -----------------------------

      printing = cups

#========================= Share Definitions =====================

[Resources]

      comment = All Resources for domain uers

      path = /opt/Resources

      browseable = yes

      writable = yes

      valid users = root user1 admin

      public = no

      printable = no

      create mask = 0765

      write list = @samba-users @Administrator

Step-2: Configure Kerberos authentication on member server (on samba server)

Kerberos is an authentication protocol that is used to send data from one system to another in encrypted form.

[root@srv1 ~]# vi /etc/krb5.conf

logging]

 default = FILE:/var/log/krb5libs.log

 kdc = FILE:/var/log/krb5kdc.log

 admin_server = FILE:/var/log/kadmind.log

[libdefaults]

 default_realm = ALPHABD.NET

 dns_lookup_realm = true

 dns_lookup_kdc = true

 ticket_lifetime = 24h

 forwardable = yes

[realms]

 ALPHABD.NET = {

  kdc = wdc01.Alphabd.net:88

  admin_server = wdc01.Alphabd.net:749

  default_domain = Alphabd.net

 }

[domain_realm]

 .example.com = ALPHABD.NET

 example.com = ALPHABD.NET

[appdefaults]

 pam = {

   debug = false

   ticket_lifetime = 36000

   renew_lifetime = 36000

   forwardable = true

   krb4_convert = false

 }

Step-3: Adding Samba as member Server of a Domain (Windows Based Domain):

            In order to join a member server to an Active directory domain you have to complete the task step by step as below:

• Create a machine account of member server in to the domain controller.
•  Associate the member server to the Active directory domain

Create Machine Account:

            To create the machine account & join the windows 2003 Active Directory, Kerberos must be initialized for the member server. To create an administrative Kerberos ticket, type the following command as root on the following command as root on the member server:

[root@srv1 ~]# kinit Administrator@ALPHABD.NET

            The kinit command is a Kerberos initialization scripts that references the Active Directory Administrator account & Kerberos realm. Since Active Directory requires Kerberos tickets, kinit obtains & caches Kerberos ticket-granting tickets for clients/server authentication.

            To join Active directory server (srv1.Alphabd.net) type the following command as root on the member server:

[root@srv1 ~]# net rpc join -U Administrator%windows machine admin password

Since the machine samba was automatically found in the corresponding Kerberos realm (kinit command succeeded), & net command connects to the Active Directory Server using its required administrator account & password. This creates appropriate machine account on the Active Directory & grants permissions to the Samba domain member server to the domain.

Note: Although it is possible for Samba to be a member of an Active directory, but it is not possible for Samba to operate as an Active directory domain controller.

Sharing & Accessing Samba Share

Step1: Accessing shared Resources from Windows machine:

Double Click on My Network Place → Click “Entire Network”→ Microsoft Windows Network → Double Click on ALPHABD icon → here you will show the Samba Server & all Windows machine → Double Click Samba Server → Double click your Share resources & create, delete, copy/paste everything you can do now.

            You can also use your home directory by using Network Drive to do this Double Click on My Computer icon → Follow the Network Device Section → Double click a Drive then put you necessary documents in to it.

Step-2: Accessing share resources by mounting Linux share on windows machine:

Samba is a program which allows you to share your files between Linux and Windows. Your Statistics Samba share contains all of your Linux files. By mounting the Samba share on your Windows machine, you will be able to access your files across the operating systems. 

Scenario:

Suppose you have some confidential files that exist on a Windows machine are not backed up by the department and are subject to be erased without notice. If your Windows machine crashes, you could permanently lose your files. Only files saved in your Samba share are backed up. Please make it a practice to keep your Windows files on your Samba share.
You must enable security protocol on windows machine. In order to mount Linux shares (Such as \\samba, Z: drive) on a Windows Xp system, you must force XP to use the NTLM protocol as well as NTLM2.

1.      Select Start → Run and type “secpol.msc”. Press “Enter” or Start → Program → Administrative Tools → Local Security Policy.

2.       Expand the Local policies Container → Security Options.

3.      Locate “Network Security: LAN Manger authentication level” → Double Click.

4.      Change the setting it from “Send LM & NTLM responses” to “Send LM & NTLM – useNTLMv2 session security if negotiated” → OK.

5.      Open My Computer → Tools → Map Network Drive.

6.      Click on “Drive: “drop down menu & choose A drive Letter (Z :)

7.      Click Browse → Select Entire Network → Microsoft windows Network → Choose you workgroup/domain name → Select Samba Machine → Select A share folder that you want to map with windows → OK.

8.      Make Sure the “Reconnect at Logon” box is checked → Finish.

9.      Samba should now be Visible in “My Computer”.

Step-3: Sharing windows Resources that you can access from Linux machine

You can also share so many Resources of windows machine for accessing from Linux machine. You can share CD-ROM, DVD, floppy or hard disk drive installed on a Windows machine. In this section I'll show you how to share a CD-ROM drive from windows machine & also how to access it from Linux machine. 

The Windows client machine should be setup first as a member of a Samba domain or workgroup. The next step is to make the CD-ROM drive shared. The steps you used depend on which version of Windows you have.

For Windows XP:

1. Double click 'My Computer'
2. Right click on the CD-ROM drive and choose ' Properties' then Sharing
3. Set the Share Name as 'cdrom' and the appropriate access control
4. Logout and login again as normal using your current login 

 After you have completed this task, you'll have to go to the next step of testing your configuration.

Step-4: Mount the shared CD-ROM drive on Linux machine and put a share definition on smb.conf file that you can access it from both Linux & all other windows machine. To do it follow the below.

[root@ srv1]# mkdir /opt/CDROM

[root@ srv1]# chown root:samba-users /opt/CDROM

[root@ srv1]# smbmount //IP or machine name/Share_name /opt/CDROM 

OR

[root@ srv1]# mount –t smbfs //IP or machine name/share_name /opt/CDROM 

After that you should permanently mount the drive that it can load the share on every restart.

[root@ ~]# vi /etc/fstab 

Then type this path following by space or tab key

//windows_IP/Share_name    /opt/CDROM   smbfs    username=nobody  0 0

Now put a share definition in to the share section on smb.conf

From Linux machine:

[root@ srv1]# smbclient –L //Win_IP 

Now you can use various command like: - dir, cd, put, get, pwd, ls, mget, q etc

Testing the Samba Configuration File

            To test the configuration file for syntax errors, use the “testparm” command. It will also list all settings currently in place, including defaults that may not appear in the configuration file.

[root@samba ~]# testparm –v 

Testing Share Configuration:

Use the smbclient command to test your share. You should substitute the name of your Windows client PC for "Client1," and in place of "username" provide a valid workgroup/domain username that normally has access to the Windows client. You should get output like this when using the username's corresponding password:

[root@srv1 ~]# smbclient -L Client1 -U user1

Read More

Fundamental Concepts of E-Mail Exchanging on Linux System

Basics of Mail Exchanging

E-Mail:

You can send message from one computer to another computer using electronic-mail around the world. E-mail is more powerful and more usable tools in today’s world. This E-mail is transfer via into the computer and the computer network. There are many Server are used to exchange these e-mail among the computer to computer and the one network to different network. The mail server is responsible or used to exchange this mail that means a mail server receive or store an e-mail message from client and deliver it to the other client. In this tutorial you will show that how an e-mail message is transfer from sender to receiver and you will also know that what happen during the time of exchanging the mail.

How a Mail Server Works:

Before we begin to configure the Linux Mail Server we need to understand that how an E-Mail system is work. An E-mail system is build-up some element which is described below:

Mail User Agent (MUA)

It works in user machine which is directly run by a user. This is used to compose e-mail message and send it to mail server or receive the mail message from server. It Just an application, such as Outlook, Thunderbird, Pine (used in Linux).

Mail Transfer Agent (MTA)

Mail Transfer Agent is used to transfer message between the machines. After receiving the mail from MUA, Mail Transfer Agent starts its work. In Red Hat Linux the default Mail Transfer Agent is Sendmail or you can also use Postfix to more secure your mail server. In Unix the MTA is qmail. When an email is sent, the message is routed from server to server, all the way to the recipient's email server. After receiving the mail from MUA, MTA read the receiver address from the header part of the mail and find out the receiver server IP address, then MTA try to communicate with the 25 No Port of Server IPs of receiver . If the sender server MTA could establish the connection with receiver server MTA then sender server handover the mail of receiver server MTA using the Simple Mail Transfer Protocol (SMTP).

Mail Delivery Agent (MDA)

MDA/LDA is Mail Delivery Agent or Local Delivery Agent. Both are essentially synonymous. (Actually there are subtle differences between the two).  MDA receive the message from Mail Transfer Agent and lace into the user mailbox. In Red Hat Linux MDA/LDA is procmail.

Simple Mail Transfer Protocol (SMTP)

The SMTP is responsible for transferring the mail message from one MTA to another MTA. That means this is used to transfer mail between the computers in network. It can transfer only ASCII text. It can’t handle font, color, graphics, or attachment with messages. For this you can use MIME (Multi-purpose Internet Mail Extensions or Multimedia Internet Mail Extensions). It’s an encoding protocol like BinHex in Mac and UUEncode in UNIX. That support font, color, graphics, or attachment.  At first it was used as a way of sending more than just text via email. Later the protocol was extended to manage file typing by Web servers. MUAs and MTAs use this protocol for sending e-mails.

Post Office Protocol (POP3)

POP3 stands for a Post Office Protocol version 3. POP3 is a client/server protocol. The POP3 protocol is designed to allow the users to retrieve e-mail messages when they are connected to the email server (via Internet, Ethernet or VPN network connection). Once the email messages are downloaded from the server they can be modified, read and manipulated offline. MUAs can use this protocol to sen and receive e-mails from the server.

Internet Message Access Protocol (IMAP)

The IMAP (Internet Message Access Protocol) is a newer and modern alternative to the POP3 protocol. Unlike POP3, the IMAP allows the users to work with their messages in both online and offline modes. The IMAP-capable email client programs retrieve the messages' headers from the server and can store local copies of the messages in a local (temporary) cache. All the messages are left on the server until they are deleted by the user. This mechanism allows multiple email clients to access a single mailbox and is often used for corporate / business e-mails. MUAs can use this protocol to send and receive e-mails on the server.

Mail-Boxes (Inbox)

A mail-box is container or directory of files, where incoming messages are stored.

Server Configure

In this tutorial you will see that how to configure mail server in a sub domain DNS server named mail.mydomain.com who’s FQDN is ns3.mail.mydomain.com that I have already created. You can also configure the mail server under your main DNS domain that will describe later. So let’s start.

Package required for mail server:  Server Side Packages

Package Name	Description
Sendmail	Default MTA In Red Hat/Fedora Linux
m4	Known as a Macro Processor, used to create sendmail.cf file
Postfix	Another MTA In Linux, used to Exchange secure e-mail
Dovecot	A Package for  Accessing the mailbox
POP3	It’s a Protocol to retrieve the e-mail messages from server
IMAP	It’s an alternative Protocol of POP3
SMTP	Used to transfer e-mail message from one MTA to another MTA
Squirrelmail	A Web Mail Configuration Tool
Php	It’s a scripting language for web development to produce dynamic web pages
Mysql	The most popular Open Source SQL database management system
System-switch-mail	Graphical Tools for Mail Transport Agent Switcher

Client Side Software

Software	Description
Outlook Express	POP3- and IMAP-compatible mail client with a built-in newsreader.
Thunderbird	It’s a graphical email client and newsreader developed by the Mozilla Foundation.
Pine	It’s an application for sending and receiving email in Linux/Unix
Mozilla Firefox, Internet Explorer, Opera, Safari, Or Any Suitable Browser.	Will be used to access mailbox using webmail.

Required configuration file for sendmail:

Sendmail is the default Mail Transfer Agent (MTA) in FreeBSD. sendmail's job is to accept mail from Mail User Agents (MUA) and deliver it to the appropriate mailer as defined by its configuration file. sendmail can also accept network connections and deliver mail to local mailboxes or deliver it to another program.

                sendmail uses the following configuration files:

File Name                                                                                          Function

/etc/mail/access                                                                      sendmail access database file

/etc/mail/aliases                         Mailbox aliases

/etc/mail/local-host-names                Lists of hosts sendmail accepts mail for

/etc/mail/mailer.conf                     Mailer program configuration

/etc/mail/mailertable                     Mailer delivery table

/etc/mail/sendmail.cf                     sendmail master configuration file

/etc/mail/virtusertable                   Virtual users and domain tables

Read More