Feeds:
Posts
Comments

Archive for October 28th, 2007

Samba Server part 2 # 2

Practice 4: Primary Domain Controller (Provide center Authorization and Authentication for directories)

Samba can act as Domain Controller. It will centralize the Authorization and Authentication services.

 

taufanlubis@zyrex:~$ sudo gedit /etc/samba/smb.conf

 

[global]

workgroup = UbuntuWorkgroup

netbios name = UbuntuZyrex

server string = UbuntuZyrexServer

hosts allow = 192.168.0.0/24 127.

hosts deny = ALL

log file = /var/log/samba/log.%m

dns proxy = no

max log size = 1000

syslog = 0

obey pam restrictions = yes

domain logons = yes

domain master = auto

wins support = no

logon path = \\%N\%U\profile

logon home = \\%N\%U

logon script = logon.cmd

socket options = TCP_NODELAY

 

[sharing_data]

path = /home/sharing_data/

comment = Taufan Sharing Folder at Ubuntu

public = yes

encrypt passwords = no

security = share

read only = yes

browseable = yes

directory mask = 0700

create mask = 0600

 

[Amanda]

path = /home/amanda/

comment = Angela Folder at Ubuntu

public = no

read only = no

encrypt passwords = yes

browseable = yes

security = user

valid users = amanda, alice, mark, taufanlubis, nadine

force user = amanda

force group = amanda

 

[netlogon]

comment = Network Logon Service

path = /home/samba/netlogon

guest ok = yes

writable = no

share modes = no

 

[profiles]

comment = Users profiles

path = /home/samba/profiles

guest ok = no

browseable = no

create mask = 0600

directory mask = 0700

 

[printers]

comment = All Printers

load printers = yes

printing = cups

printcap name = cups

browseable = no

path = /var/spool/samba

printable = yes

public = no

writable = no

create mode = 0700

 

[print$]

comment = Printer Drivers

path = /var/lib/samba/printers

browseable = yes

read only = yes

guest ok = no

 

[cdrom]

comment = Samba server’s CD-ROM

writable = no

locking = no

path = /cdrom

public = yes

#printer

load printers = yes

printing = cups

printcap name = cups

 

taufanlubis@zyrex:~$

 

If you have clients that still use Windows, you have to set the ‘encrypt passwords = no’ because Windows only can access the plain password from Samba Server. That’s why, I put the encrypt password into different share-directories.

If it’s accessed by Linux the I set encrypt passwords = yes and it’s accessed by Windows Clients then I set encrypt passwords = no.

 

Now, let’s check our configuration.

taufanlubis@zyrex:~$ sudo smbclient -L 192.168.0.2

Password:

session setup failed: NT_STATUS_LOGON_FAILURE

taufanlubis@zyrex:~$

When you use smbclient, just don’t put ‘sudo’, it will create an error like above. Now, I repeat the command without ‘sudo‘. This command is used to check sharing directories in Samba Servers.

taufanlubis@zyrex:~$ smbclient -L 192.168.0.2

Password:

Domain=[UBUNTUWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]

 

Sharename Type Comment

——— —- ——-

sharing_data Disk Taufan Sharing Folder at Ubuntu

Amanda Disk Angela Folder at Ubuntu

netlogon Disk Network Logon Service

print$ Disk Printer Drivers

cdrom Disk Samba server’s CD-ROM

IPC$ IPC IPC Service (UbuntuZyrexServer)

PDF Printer PDF

LX-1050 Printer LX-1050

Laserjet1320 Printer Laserjet1320

Domain=[UBUNTUWORKGROUP] OS=[Unix] Server=[Samba 3.0.26a]

 

Server Comment

——— ——-

UBUNTUZYREX UbuntuZyrexServer

 

Workgroup Master

——— ——-

UBUNTUWORKGROUP UBUNTUZYREX

taufanlubis@zyrex:~$

What is smbclient?

Smbclient is almost the like ftp program. It’s used to access SMB resources on the servers.

 

Connect to your directory using smbclient

After you are connected, you can browse, add, delete files or directories. Of course, it will be depended on your access level. You can use common Linux command line, such as cp, mv, mkdir, rm, rmdir, ls etc..

taufanlubis@zyrex:~$ smbclient -U amanda //192.168.0.2/amanda

Password:

Domain=[UBUNTUZYREX] OS=[Unix] Server=[Samba 3.0.26a]

smb: \> ls

. D 0 Mon Oct 22 08:49:20 2007

.. D 0 Mon Oct 22 08:51:01 2007

pictures D 0 Mon Oct 22 08:49:20 2007

.profile H 566 Mon Oct 22 08:48:42 2007

Examples D 0 Sun Apr 15 18:52:21 2007

Tekken.jpg A 61344 Mon Oct 22 08:49:00 2007

.bash_logout H 220 Mon Oct 22 08:48:42 2007

.bashrc H 2298 Mon Oct 22 08:48:42 2007

 

48209 blocks of size 262144. 15950 blocks available

smb: \> cd pictures/

smb: \pictures\> ls

. D 0 Mon Oct 22 08:49:20 2007

.. D 0 Mon Oct 22 08:49:20 2007

Robot.jpg A 87919 Mon Oct 22 08:49:21 2007

 

48209 blocks of size 262144. 15950 blocks available

smb: \pictures\> cd ..

smb: \>

smb: \> exit

taufanlubis@zyrex:~$

 

Well, you’ve done the 4 practices. Now, we can go further with our lesson.

 

 

Firewall and Security

Samba need port 137 and 139 for the connection. If you are using Firewall application (Such as Firestarter, smoothwall or others), please make sure that you enable this port. Usually, every firewall applications block these ports as a default. If you are using Iptables and you want to open this ports, you can see my article about setting ports using Iptables.

 

Starting Samba when the machine boot

You set the Samba server to run automatically when the system booting. (see my articles about Run Level)

taufanlubis@zyrex:~$ sudo update-rc.d samba defaults

Adjust the configuration file to your need

For example, you want to create a directory for training_modules and only 5 persons can access and modify that directory. First you create the training_modules directory, Second add the configuration at smb.conf and restart the Samba Server and the Third, don’t forget to add the user to Samba Server User List (Practice 3, part 2).

 

[Training_modules]

path = /home/training_modules/

comment = Training_modules directory at Ubuntu

public = no

read only = no

browseable = yes

security = user

valid users = amanda, alice, mark, taufanlubis, nadine

force user = training_modules

force group = training_modules

 

 

Read Full Post »

Follow

Get every new post delivered to your Inbox.

Join 70 other followers