Tag Archives: samba

Red Hat Certification – RHCE – Network Services – SMB

1st post – System Management and Configuration

Objectives

Network services

Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:

  • Install the packages needed to provide the service.
  • Configure SELinux to support the service.
  • Configure the service to start when the system is booted.
  • Configure the service for basic operation.
  • Configure host-based and user-based security for the service.

User should be able to do the following for all these services:

SMB:

Testing an SMB server may be quite easy from Windows, but from Linux I suppose it’s a bit trickier.

The CLI client is called ‘smbclient’

The tool to set passwords: ‘smbpasswd’

You can also get some information with commands starting with ‘net’, for example ‘net -U username session’

testparm is another tool you can use to test that the config file – smb.conf – is not missing anything structural or in syntax.

The server is called ‘samba’.

There are more packages, for example ‘samba-doc’, samba4. You can find them by typing: ‘yum install samba*’

samba-doc installs lots of files in /usr/share/doc/samba*

  • Install the packages needed to provide the service.
    • yum install samba
  • Configure SELinux to support the service
    • getsebool -a |grep smb; getsebool -a|grep samba
    • /etc/samba/smb.conf # has some information about selinux
  • Configure the service to start when the system is booted.
    • chkconfig samba on
  • Configure the service for basic operation.
    • server#: open firewall (check man smb.conf, port 445 and 139 are mentioned)
    • server#: mkdir /samba; chcon -t type_in_smb_conf /samba
    • server#: edit /etc/samba/smb.conf:
      • copy an existing share – make it browseable and allow guest to access
    • server#: service smb start
    • server#: touch /samba/fileonshare
    • client#: smbclient \\\\ip.to.smb.server\\share
      • hit enter and it will attempt to log in as anonymous (guest)
    • client#: get fileonehsare
  • Configure host-based and user-based security for the service
    • server#: check that ‘security = user’ in smb.conf.
    • server#: add” writable = yes” or “read only = no” to the share in smb.conf
    • server#: smbpasswd -a username
    • server#: mkdir /samba/upload
    • server#: chown username /samba/upload
    • server#: chmod 777 /samba/upload
    • client#: smbclient -U username \\\\ip.to.smb.server\\share
    • client#: cd upload; mkdir newfolder; cd newfolder
    • client#: put file

Extra

  • Provide network shares to specific clients.
    • things you can set on the share:
      • write list = +staff
      • invalid users =
      • valid users =
      • hosts allow = 192.168.0.0/255.255.255.0
      • hosts deny =
  • Provide network shares suitable for group collaboration.
    • groupadd staff
    • usermod -a -G staff bosse
    • chown root.staff /samba/upload
    • chmod 775 /samba/upload
    • connect with bosse – do things,
    • connect with another user – can you do things?

File share from Ubuntu 10.10 with Windows 7 Client

Figured I would give this a shot and see how this is done in Linux.

Overview

1x Ubuntu 10.10 VM in VMWare Workstation. Installed with virtual kernel.
1x Windows 7 VM. All updates.

Not going to go through the installations in this post, just the domain/LDAP part. See previous posts for installation stuffs.

Found this article on ubuntu.com -> -> 10.10/serverguide/C/network-authentication.html .. But this does not exist anymore.

Whoa, quite a lot to do. Think I will read the manuals this time :)

Basically I think I just need to install and then configure Samba.
Because it has file-sharing and authentication/authorization.

So, first step will be to install Samba and try file-sharing.

File Sharing

sudo apt-get install samba

installs these:

The following NEW packages will be installed:
libavahi-client3 libavahi-common-data libavahi-common3 libcups2
libfile-copy-recursive-perl libgnutls26 libldap-2.4-2 libsasl2-2
libsasl2-modules libtalloc2 libtasn1-3 libwbclient0 samba samba-common
samba-common-bin update-inetd

After that I can run \\192.168.0.ip which is the IP of the VM running samba – it gives me a login prompt.

Uncommenting this in /etc/samba/smb.conf

[homes] comment = Home Directories
browseable = yes

Still asks for a password. Tried with user@ip – this seems to work. It shows a directory called “homes” but it doesn’t work to browse into it.

[2011/02/06 16:30:45.949726,  1] smbd/service.c:678(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED

Set ‘share’ and set the guest account = nobody  then I got this:

[2011/02/07 13:22:06.770082,  0] smbd/service.c:988(make_connection_snum)
canonicalize_connect_path failed for service foo, path /mnt/foo

Then what I did was this:

  1. created a directory called /samba
  2. sudo chmod +x /samba
  3. sudo chmod 777 /samba
  4. sudo chown nobody /samba
  5. add this to /etc/samba/smb.conf
  6. [foo] comment = foo
    path = /samba
    read only = no
    guest ok = yes
    guest only = yes
    browseable = yes
  7. security = share
  8. guest account = nobody

And then \\ip\foo and woopsie! I can both write and read :)

[2011/02/07 13:23:14.022980,  1] smbd/service.c:1070(make_connection_snum)
192.168.0.ip (192.168.0.ip) connect to service foo initially as user nobod

yay!