Home Network Linux Server
The first step to Installing the network is to configure the Linux server. Since it is the computing heart of the system, lets start there.
Network on the Linux Server
We will begin by setting up the networking beginning with the server. Now if you are installing the linux server from scratch you can assign the name and IP address at installation. If not you will need to modify some parameters in the configuration files.
For the sake of this tutorial, lets assume you have not setup the name and IP address during installation of Linux. We will then go to the files concerned and make the changes there.
IP address
To start the network configuration have a look at the file: /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=
BOOTPROTO=
BROADCAST=
IPADDR=
NETMASK=
NETWORK=
ONBOOT=The lines in this file specify how the network will be configured. Here is a brief explaination of these lines:
- DEVICE , we are interested in the Ethernet card.
- BOOTPROTO , type of ethernet card.
- BROADCAST , what the network does when it starts up.
- IPADDR , the ip address of this machine
- NETMASK , the filter which says how large a range of address to use.
- NETWORK , The beginning address of your network.
- ONBOOT , should the networking be initialized at boot up?
For our configuration this machine is the server, so it’s configuration should be changed to:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=192.168.1.255
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yesHost name and Gateway
The next file we will modify is: /etc/sysconfig/network
NETWORKING=
HOSTNAME=
GATEWAY=Here is a quick definition of the entries in this file.
- NETWORKING , do you want networking?
- HOSTNAME , is the name of the computer.
- GATEWAY , this will be the ip address of the firewall.
So for our server install it should say:
NETWORKING=yes
HOSTNAME=wizard.home.org
GATEWAY=192.168.1.254Once we have made these changes, we should run the command “/etc/rc.d/init.d/network start” to activate them.
Users
We are going to create users on the server at this time so each of the users will already be known to the server once the workstation start talking to the server. The allows the user to have a home directory on the server as well as common areas.
The program we will be using is called “useradd”. The syntax of the command looks like:
usage: useradd [-u uid [-o]] [-g group] [-G group,...]
[-d home] [-s shell] [-c comment] [-m [-k template]]
[-f inactive] [-e expire ] [-p passwd] [-M] [-n] [-r] nameSo to add the first user we would use the command:
useradd -d /home/frank -s /bin/bash -c “Frank Smith” frank
Now that we have added the user lets assign the password for this user. We will use the normal password command. The difference is that as the root user you can set or change the password for any user on the system. The command then is:
passwd frank
Enter the password specified in your table twice.
Now that you see how it is done, repeat the process for the other two users.
Name Translation
Since we would normally prefer to enter a computer name rather than it’s IP address, we need to give the computer a way of looking up the IP address from the name. There are normally two methods used in Linux. The first is to configure a DNS server. We might learn how to do this later, but for now we will enter the computer names into the /etc/hosts file.
So we need to open the /etc/hosts file in the editor and add the entries to the file. Our file should end up looking like this:
# File: /etc/hosts
# Date: Mon Dec 2 22:00:54 EST 2002
# Last Revised: Time-stamp: <2002-12-02 22:01:44 root> maintained by emacs
# Description: host name lookup
# ===================================================================
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
192.168.1.254 samson.home.org samson
192.168.1.1 wizard.home.org wizard
192.168.1.5 apollo.home.org apollo
192.168.1.7 demeter.home.org demeterYou might notice the first 5 lines of the file. They are a comment, and not strictly needed. I put them in the file to remind me what I did to it and when. You don’t need them, but they are often worth the time needed to type them.
Name search Info
You should configure the file /etc/resolv.conf to know who you are and where to find a name server. It should be setup like this:
domain home.org
nameserver 192.168.1.254This tells the system to use the domain home.org and to look for the DNS information on samson.
Samba
Now that the server exists and knows who it is, lets configure the tool which allows us to share the files and printers with our users.
Lets start by looking at part of the Unix install pages distributed with Samba.
Step 3: Create the smb configuration file.
There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them carefully so you can see how the options go together in practice. See the man page for all the options.
The simplest useful configuration file would be something like this:
[global]
workgroup = MYGROUP
[homes]
guest ok = no
read only = nowhich would allow connections by anyone with an account on the server, using either their login name or “homes” as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details)
Note that make install will not install a smb.conf file. You need to create it yourself.
Make sure you put the smb.conf file in the same place you specified in theMakefile (the default is to look for it in /usr/local/samba/lib/).
For more information about security settings for the [homes] share please refer to the document UNIX_SECURITY.txt.
Step 4: Test your config file with testparm
It’s important that you test the validity of your smb.conf file using the testparm program. If testparm runs OK then it will list the loaded services. If not it will give an error message.
Make sure it runs OK and that the services look reasonable before proceeding.
Now that we know what the minimum amount of information is for the smb.conf file. Lets look at the file itself. I have added the configuration for our network which I will point out as we go. This file normally lives, on the Linux server in the directory /etc/samba.
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = home.org # <-- Changed for our network -->
# server string is the equivalent of the NT Description field
server string = Samba Server
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 192.168.1. 127. # <-- Changed for our network -->
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes
# you may wish to override the location of the printcap file
printcap name = /etc/printcap # <-- Changed for our network -->
# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
printcap name = lpstat # <-- Changed for our network -->
# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
printing = lprng # <-- Changed for our network -->
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /usr/local/samba/var/log.%m
# Put a capping on the size of the log files (in Kb).
max log size = 5000 # <-- Changed for our network -->
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
# Use password server option only with security = server
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
# Note: Do NOT use the now deprecated option of "domain controller"
# This option is no longer implemented.
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = no # <-- Changed for our network -->
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /usr/local/samba/lib/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
local master = yes # <-- Changed for our network -->
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 33 # <-- Changed for our network -->
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
domain master = yes # <-- Changed for our network -->
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
preferred master = yes # <-- Changed for our network -->
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = yes # <-- Changed for our network -->
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
# This one is useful for people to share files
[tmp] # <-- Changed for our network -->
comment = Temporary file space # <-- Changed for our network -->
path = /tmp # <-- Changed for our network -->
read only = no # <-- Changed for our network -->
public = yes # <-- Changed for our network -->
# A publicly accessible directory, but read only, except for people in
# the "staff" group
[public] # <-- Changed for our network -->
comment = Public Stuff # <-- Changed for our network -->
path = /home/samba # <-- Changed for our network -->
public = yes # <-- Changed for our network -->
writable = yes # <-- Changed for our network -->
printable = no # <-- Changed for our network -->
write list = @staff # <-- Changed for our network -->
# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes
# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no
# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes
# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no
# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765That was a rather long run through the configuration file. But it determined how the users can use the Server from their windows computers.
Lets now use the command testparm /etc/samba/smb.conf , to check our smb.conf file. The output should look something like:
# testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[tmp]"
Processing section "[public]"
Loaded services file OK.
Press enter to see a dump of your service definitions
# Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/share/samba/codepages
workgroup = HOME.ORG
netbios name =
netbios aliases =
netbios scope =
server string = Samba Server
interfaces =
bind interfaces only = No
security = USER
encrypt passwords = No
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/samba/smbpasswd
root directory =
pam password change = No
passwd program = /bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
log level = 2
syslog = 1
syslog only = No
log file = /usr/local/samba/var/log.%m
max log size = 5000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
read size = 16384
socket options = TCP_NODELAY
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = lpstat
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 33
lm announce = Auto
lm interval = 60
preferred master = True
local master = Yes
domain master = True
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/cache/samba
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
guest only = No
guest ok = No
only user = No
hosts allow = 192.168.1. 127.
hosts deny =
status = Yes
nt acl support = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = lprng
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No
[homes]
comment = Home Directories
read only = No
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes
[public]
comment = Public Stuff
path = /home/samba
write list = @staff
read only = No
guest ok = YesFor more information, or another explaination about using Samba, allow me to point to smbd – Samba NT Server from the Rute book.
At this point we are ready to move on to the configuring the Firewall.
Written by John F. Moore
Last Revised: Wed Oct 18 11:01:34 EDT 2017
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
