Home Network Linux Server

The first step to Installing the network is to configure the Linux server. Since it is the computing heart of the system, lets start there.

Network on the Linux Server

We will begin by setting up the networking beginning with the server. Now if you are installing the linux server from scratch you can assign the name and IP address at installation. If not you will need to modify some parameters in the configuration files.

For the sake of this tutorial, lets assume you have not setup the name and IP address during installation of Linux. We will then go to the files concerned and make the changes there.

IP address

To start the network configuration have a look at the file: /etc/sysconfig/network-scripts/ifcfg-eth0

    DEVICE=
    BOOTPROTO=
    BROADCAST=
    IPADDR=
    NETMASK=
    NETWORK=
    ONBOOT=

The lines in this file specify how the network will be configured. Here is a brief explaination of these lines:

  1. DEVICE , we are interested in the Ethernet card.
  2. BOOTPROTO , type of ethernet card.
  3. BROADCAST , what the network does when it starts up.
  4. IPADDR , the ip address of this machine
  5. NETMASK , the filter which says how large a range of address to use.
  6. NETWORK , The beginning address of your network.
  7. ONBOOT , should the networking be initialized at boot up?

For our configuration this machine is the server, so it’s configuration should be changed to:

    DEVICE=eth0
    BOOTPROTO=static
    BROADCAST=192.168.1.255
    IPADDR=192.168.1.1
    NETMASK=255.255.255.0
    NETWORK=192.168.1.0
    ONBOOT=yes

Host name and Gateway

The next file we will modify is: /etc/sysconfig/network

    NETWORKING=
    HOSTNAME=
    GATEWAY=

Here is a quick definition of the entries in this file.

  • NETWORKING , do you want networking?
  • HOSTNAME , is the name of the computer.
  • GATEWAY , this will be the ip address of the firewall.

So for our server install it should say:

    NETWORKING=yes
    HOSTNAME=wizard.home.org
    GATEWAY=192.168.1.254

Once we have made these changes, we should run the command “/etc/rc.d/init.d/network start” to activate them.

Users

We are going to create users on the server at this time so each of the users will already be known to the server once the workstation start talking to the server. The allows the user to have a home directory on the server as well as common areas.

The program we will be using is called “useradd”. The syntax of the command looks like:

    usage: useradd  [-u uid [-o]] [-g group] [-G group,...]
                    [-d home] [-s shell] [-c comment] [-m [-k template]]
                    [-f inactive] [-e expire ] [-p passwd] [-M] [-n] [-r] name

So to add the first user we would use the command:

useradd -d /home/frank -s /bin/bash -c “Frank Smith” frank

Now that we have added the user lets assign the password for this user. We will use the normal password command. The difference is that as the root user you can set or change the password for any user on the system. The command then is:

passwd frank

Enter the password specified in your table twice.

Now that you see how it is done, repeat the process for the other two users.

Name Translation

Since we would normally prefer to enter a computer name rather than it’s IP address, we need to give the computer a way of looking up the IP address from the name. There are normally two methods used in Linux. The first is to configure a DNS server. We might learn how to do this later, but for now we will enter the computer names into the /etc/hosts file.

So we need to open the /etc/hosts file in the editor and add the entries to the file. Our file should end up looking like this:

    # File: /etc/hosts
    # Date: Mon Dec  2 22:00:54 EST 2002
    # Last Revised: Time-stamp: <2002-12-02 22:01:44 root> maintained by emacs
    # Description: host name lookup
    # ===================================================================
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1           localhost.localdomain   localhost
    192.168.1.254       samson.home.org         samson
    192.168.1.1         wizard.home.org         wizard
    192.168.1.5         apollo.home.org         apollo
    192.168.1.7         demeter.home.org        demeter

You might notice the first 5 lines of the file. They are a comment, and not strictly needed. I put them in the file to remind me what I did to it and when. You don’t need them, but they are often worth the time needed to type them.

Name search Info

You should configure the file /etc/resolv.conf to know who you are and where to find a name server. It should be setup like this:

    domain home.org
    nameserver 192.168.1.254

This tells the system to use the domain home.org and to look for the DNS information on samson.

Samba

Now that the server exists and knows who it is, lets configure the tool which allows us to share the files and printers with our users.

Lets start by looking at part of the Unix install pages distributed with Samba.


Step 3: Create the smb configuration file.

There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them carefully so you can see how the options go together in practice. See the man page for all the options.

The simplest useful configuration file would be something like this:

        [global]
           workgroup = MYGROUP

           [homes]
              guest ok = no
              read only = no

which would allow connections by anyone with an account on the server, using either their login name or “homes” as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details)

Note that make install will not install a smb.conf file. You need to create it yourself.

Make sure you put the smb.conf file in the same place you specified in theMakefile (the default is to look for it in /usr/local/samba/lib/).

For more information about security settings for the [homes] share please refer to the document UNIX_SECURITY.txt.

Step 4: Test your config file with testparm

It’s important that you test the validity of your smb.conf file using the testparm program. If testparm runs OK then it will list the loaded services. If not it will give an error message.

Make sure it runs OK and that the services look reasonable before proceeding.


Now that we know what the minimum amount of information is for the smb.conf file. Lets look at the file itself. I have added the configuration for our network which I will point out as we go. This file normally lives, on the Linux server in the directory /etc/samba.

    # This is the main Samba configuration file. You should read the
    # smb.conf(5) manual page in order to understand the options listed
    # here. Samba has a huge number of configurable options (perhaps too
    # many!) most of which are not shown in this example
    #
    # Any line which starts with a ; (semi-colon) or a # (hash) 
    # is a comment and is ignored. In this example we will use a #
    # for commentry and a ; for parts of the config file that you
    # may wish to enable
    #
    # NOTE: Whenever you modify this file you should run the command "testparm"
    # to check that you have not many any basic syntactic errors. 
    #
    #======================= Global Settings =====================================
    [global]

    # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
       workgroup = home.org  # <-- Changed for our network -->

    # server string is the equivalent of the NT Description field
       server string = Samba Server

    # This option is important for security. It allows you to restrict
    # connections to machines which are on your local network. The
    # following example restricts access to two C class networks and
    # the "loopback" interface. For more examples of the syntax see
    # the smb.conf man page
       hosts allow = 192.168.1. 127.  # <-- Changed for our network -->

    # If you want to automatically load your printer list rather
    # than setting them up individually then you'll need this
       load printers = yes

    # you may wish to override the location of the printcap file
       printcap name = /etc/printcap  # <-- Changed for our network -->

    # on SystemV system setting printcap name to lpstat should allow
    # you to automatically obtain a printer list from the SystemV spool
    # system
       printcap name = lpstat         # <-- Changed for our network -->

    # It should not be necessary to specify the print system type unless
    # it is non-standard. Currently supported print systems include:
    # bsd, sysv, plp, lprng, aix, hpux, qnx
       printing = lprng               # <-- Changed for our network -->

    # Uncomment this if you want a guest account, you must add this to /etc/passwd
    # otherwise the user "nobody" is used
    ;  guest account = pcguest

    # this tells Samba to use a separate log file for each machine
    # that connects
       log file = /usr/local/samba/var/log.%m

    # Put a capping on the size of the log files (in Kb).
       max log size = 5000             # <-- Changed for our network -->

    # Security mode. Most people will want user level security. See
    # security_level.txt for details.
       security = user

    # Use password server option only with security = server
    # The argument list may include:
    #   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
    # or to auto-locate the domain controller/s
    #   password server = *
    ;   password server = <NT-Server-Name>

    # Note: Do NOT use the now deprecated option of "domain controller"
    # This option is no longer implemented.

    # You may wish to use password encryption. Please read
    # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
    # Do not enable this option unless you have read those documents
      encrypt passwords = no        # <-- Changed for our network -->

    # Using the following line enables you to customise your configuration
    # on a per machine basis. The %m gets replaced with the netbios name
    # of the machine that is connecting
    ;   include = /usr/local/samba/lib/smb.conf.%m

    # Most people will find that this option gives better performance.
    # See speed.txt and the manual pages for details
    # You may want to add the following on a Linux system:
    #         SO_RCVBUF=8192 SO_SNDBUF=8192
       socket options = TCP_NODELAY 

    # Configure Samba to use multiple interfaces
    # If you have multiple network interfaces then you must list them
    # here. See the man page for details.
    ;   interfaces = 192.168.12.2/24 192.168.13.2/24 

    # Browser Control Options:
    # set local master to no if you don't want Samba to become a master
    # browser on your network. Otherwise the normal election rules apply
       local master = yes          # <-- Changed for our network -->

    # OS Level determines the precedence of this server in master browser
    # elections. The default value should be reasonable
       os level = 33               # <-- Changed for our network -->

    # Domain Master specifies Samba to be the Domain Master Browser. This
    # allows Samba to collate browse lists between subnets. Don't use this
    # if you already have a Windows NT domain controller doing this job
       domain master = yes         # <-- Changed for our network -->

    # Preferred Master causes Samba to force a local browser election on startup
    # and gives it a slightly higher chance of winning the election
       preferred master = yes      # <-- Changed for our network -->

    # Enable this if you want Samba to be a domain logon server for 
    # Windows95 workstations. 
    ;   domain logons = yes

    # if you enable domain logons then you may want a per-machine or
    # per user logon script
    # run a specific logon batch file per workstation (machine)
    ;   logon script = %m.bat
    # run a specific logon batch file per username
    ;   logon script = %U.bat

    # Where to store roving profiles (only for Win95 and WinNT)
    #        %L substitutes for this servers netbios name, %U is username
    #        You must uncomment the [Profiles] share below
    ;   logon path = \\%L\Profiles\%U

    # Windows Internet Name Serving Support Section:
    # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
    ;   wins support = yes

    # WINS Server - Tells the NMBD components of Samba to be a WINS Client
    #   Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    ;   wins server = w.x.y.z

    # WINS Proxy - Tells Samba to answer name resolution queries on
    # behalf of a non WINS capable client, for this to work there must be
    # at least one      WINS Server on the network. The default is NO.
    ;   wins proxy = yes

    # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
    # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
    # this has been changed in version 1.9.18 to no.
       dns proxy = no 

    #============================ Share Definitions ==============================
    [homes]
       comment = Home Directories
       browseable = yes                  # <-- Changed for our network -->
       writable = yes

    # Un-comment the following and create the netlogon directory for Domain Logons
    ; [netlogon]
    ;   comment = Network Logon Service
    ;   path = /usr/local/samba/lib/netlogon
    ;   guest ok = yes
    ;   writable = no
    ;   share modes = no


    # Un-comment the following to provide a specific roving profile share
    # the default is to use the user's home directory
    ;[Profiles]
    ;    path = /usr/local/samba/profiles
    ;    browseable = no
    ;    guest ok = yes


    # NOTE: If you have a BSD-style print system there is no need to 
    # specifically define each individual printer
    [printers]
       comment = All Printers
       path = /usr/spool/samba
       browseable = no
    # Set public = yes to allow user 'guest account' to print
       guest ok = no
       writable = no
       printable = yes

    # This one is useful for people to share files
    [tmp]                                   # <-- Changed for our network -->
       comment = Temporary file space       # <-- Changed for our network -->
       path = /tmp                          # <-- Changed for our network -->
       read only = no                       # <-- Changed for our network -->
       public = yes                         # <-- Changed for our network -->

    # A publicly accessible directory, but read only, except for people in
    # the "staff" group
    [public]                                # <-- Changed for our network -->
       comment = Public Stuff               # <-- Changed for our network -->
       path = /home/samba                   # <-- Changed for our network -->
       public = yes                         # <-- Changed for our network -->
       writable = yes                       # <-- Changed for our network -->
       printable = no                       # <-- Changed for our network -->
       write list = @staff                  # <-- Changed for our network -->

    # Other examples. 
    #
    # A private printer, usable only by fred. Spool data will be placed in fred's
    # home directory. Note that fred must have write access to the spool directory,
    # wherever it is.
    ;[fredsprn]
    ;   comment = Fred's Printer
    ;   valid users = fred
    ;   path = /homes/fred
    ;   printer = freds_printer
    ;   public = no
    ;   writable = no
    ;   printable = yes

    # A private directory, usable only by fred. Note that fred requires write
    # access to the directory.
    ;[fredsdir]
    ;   comment = Fred's Service
    ;   path = /usr/somewhere/private
    ;   valid users = fred
    ;   public = no
    ;   writable = yes
    ;   printable = no

    # a service which has a different directory for each machine that connects
    # this allows you to tailor configurations to incoming machines. You could
    # also use the %U option to tailor it by user name.
    # The %m gets replaced with the machine name that is connecting.
    ;[pchome]
    ;  comment = PC Directories
    ;  path = /usr/pc/%m
    ;  public = no
    ;  writable = yes

    # A publicly accessible directory, read/write to all users. Note that all files
    # created in the directory by users will be owned by the default user, so
    # any user with access can delete any other user's files. Obviously this
    # directory must be writable by the default user. Another user could of course
    # be specified, in which case all files would be owned by that user instead.
    ;[public]
    ;   path = /usr/somewhere/else/public
    ;   public = yes
    ;   only guest = yes
    ;   writable = yes
    ;   printable = no

    # The following two entries demonstrate how to share a directory so that two
    # users can place files there that will be owned by the specific users. In this
    # setup, the directory should be writable by both users and should have the
    # sticky bit set on it to prevent abuse. Obviously this could be extended to
    # as many users as required.
    ;[myshare]
    ;   comment = Mary's and Fred's stuff
    ;   path = /usr/somewhere/shared
    ;   valid users = mary fred
    ;   public = no
    ;   writable = yes
    ;   printable = no
    ;   create mask = 0765

That was a rather long run through the configuration file. But it determined how the users can use the Server from their windows computers.

Lets now use the command testparm /etc/samba/smb.conf , to check our smb.conf file. The output should look something like:

     # testparm /etc/samba/smb.conf
    Load smb config files from /etc/samba/smb.conf
    Processing section "[homes]"
    Processing section "[printers]"
    Processing section "[tmp]"
    Processing section "[public]"
    Loaded services file OK.
    Press enter to see a dump of your service definitions

    # Global parameters
    [global]
            coding system = 
            client code page = 850
            code page directory = /usr/share/samba/codepages
            workgroup = HOME.ORG
            netbios name = 
            netbios aliases = 
            netbios scope = 
            server string = Samba Server
            interfaces = 
            bind interfaces only = No
            security = USER
            encrypt passwords = No
            update encrypted = No
            allow trusted domains = Yes
            hosts equiv = 
            min passwd length = 5
            map to guest = Never
            null passwords = No
            obey pam restrictions = No
            password server = 
            smb passwd file = /etc/samba/smbpasswd
            root directory = 
            pam password change = No
            passwd program = /bin/passwd
            passwd chat = *new*password* %n\n *new*password* %n\n *changed*
            passwd chat debug = No
            username map = 
            password level = 0
            username level = 0
            unix password sync = No
            restrict anonymous = No
            lanman auth = Yes
            use rhosts = No
            log level = 2
            syslog = 1
            syslog only = No
            log file = /usr/local/samba/var/log.%m
            max log size = 5000
            timestamp logs = Yes
            debug hires timestamp = No
            debug pid = No
            debug uid = No
            protocol = NT1
            large readwrite = No
            max protocol = NT1
            min protocol = CORE
            read bmpx = No
            read raw = Yes
            write raw = Yes
            nt smb support = Yes
            nt pipe support = Yes
            announce version = 4.5
            announce as = NT
            max mux = 50
            max xmit = 65535
            name resolve order = lmhosts host wins bcast
            max packet = 65535
            max ttl = 259200
            max wins ttl = 518400
            min wins ttl = 21600
            time server = No
            unix extensions = No
            change notify timeout = 60
            deadtime = 0
            getwd cache = Yes
            keepalive = 300
            lpq cache time = 10
            max smbd processes = 0
            max disk size = 0
            max open files = 10000
            read size = 16384
            socket options = TCP_NODELAY
            stat cache size = 50
            use mmap = Yes
            total print jobs = 0
            load printers = Yes
            printcap name = lpstat
            disable spoolss = No
            enumports command = 
            addprinter command = 
            deleteprinter command = 
            show add printer wizard = Yes
            os2 driver map = 
            strip dot = No
            character set = 
            mangled stack = 50
            stat cache = Yes
            domain admin group = 
            domain guest group = 
            machine password timeout = 604800
            add user script = 
            delete user script = 
            logon script = 
            logon path = \\%N\%U\profile
            logon drive = 
            logon home = \\%N\%U
            domain logons = No
            os level = 33
            lm announce = Auto
            lm interval = 60
            preferred master = True
            local master = Yes
            domain master = True
            browse list = Yes
            enhanced browsing = Yes
            dns proxy = No
            wins proxy = No
            wins server = 
            wins support = No
            wins hook = 
            kernel oplocks = Yes
            oplock break wait time = 0
            add share command = 
            change share command = 
            delete share command = 
            config file = 
            preload = 
            lock dir = /var/cache/samba
            utmp directory = 
            wtmp directory = 
            utmp = No
            default service = 
            message command = 
            dfree command = 
            valid chars = 
            remote announce = 
            remote browse sync = 
            socket address = 0.0.0.0
            homedir map = auto.home
            time offset = 0
            NIS homedir = No
            source environment = 
            panic action = 
            hide local users = No
            host msdfs = No
            winbind uid = 
            winbind gid = 
            template homedir = /home/%D/%U
            template shell = /bin/false
            winbind separator = \
            winbind cache time = 15
            winbind enum users = Yes
            winbind enum groups = Yes
            comment = 
            path = 
            alternate permissions = No
            username = 
            guest account = nobody
            invalid users = 
            valid users = 
            admin users = 
            read list = 
            write list = 
            printer admin = 
            force user = 
            force group = 
            read only = Yes
            create mask = 0744
            force create mode = 00
            security mask = 0777
            force security mode = 00
            directory mask = 0755
            force directory mode = 00
            directory security mask = 0777
            force directory security mode = 00
            inherit permissions = No
            guest only = No
            guest ok = No
            only user = No
            hosts allow = 192.168.1. 127.
            hosts deny = 
            status = Yes
            nt acl support = Yes
            max connections = 0
            min print space = 0
            strict allocate = No
            strict sync = No
            sync always = No
            write cache size = 0
            max print jobs = 1000
            printable = No
            postscript = No
            printing = lprng
            print command = lpr -r -P%p %s
            lpq command = lpq -P%p
            lprm command = lprm -P%p %j
            lppause command = 
            lpresume command = 
            queuepause command = 
            queueresume command = 
            printer name = 
            use client driver = No
            default devmode = No
            printer driver = 
            printer driver file = /etc/samba/printers.def
            printer driver location = 
            default case = lower
            case sensitive = No
            preserve case = Yes
            short preserve case = Yes
            mangle case = No
            mangling char = ~
            hide dot files = Yes
            hide unreadable = No
            delete veto files = No
            veto files = 
            hide files = 
            veto oplock files = 
            map system = No
            map hidden = No
            map archive = Yes
            mangled names = Yes
            mangled map = 
            browseable = Yes
            blocking locks = Yes
            fake oplocks = No
            locking = Yes
            oplocks = Yes
            level2 oplocks = Yes
            oplock contention limit = 2
            posix locking = Yes
            strict locking = No
            share modes = Yes
            copy = 
            include = 
            exec = 
            preexec close = No
            postexec = 
            root preexec = 
            root preexec close = No
            root postexec = 
            available = Yes
            volume = 
            fstype = NTFS
            set directory = No
            wide links = Yes
            follow symlinks = Yes
            dont descend = 
            magic script = 
            magic output = 
            delete readonly = No
            dos filemode = No
            dos filetimes = No
            dos filetime resolution = No
            fake directory create times = No
            vfs object = 
            vfs options = 
            msdfs root = No

    [homes]
            comment = Home Directories
            read only = No

    [printers]
            comment = All Printers
            path = /usr/spool/samba
            printable = Yes
            browseable = No

    [tmp]
            comment = Temporary file space
            path = /tmp
            read only = No
            guest ok = Yes

    [public]
            comment = Public Stuff
            path = /home/samba
            write list = @staff
            read only = No
            guest ok = Yes

For more information, or another explaination about using Samba, allow me to point to smbd – Samba NT Server from the Rute book.

At this point we are ready to move on to the configuring the Firewall.



Written by John F. Moore

Last Revised: Tue Nov 1 20:56:55 EDT 2016

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
HTML5 Powered with CSS3 / Styling, and Semantics