The first step to Installing the network is to configure the Linux server. Since it is the computing heart of the system, lets start there.
We will begin by setting up the networking beginning with the server. Now if you are installing the linux server from scratch you can assign the name and IP address at installation. If not you will need to modify some parameters in the configuration files.
For the sake of this tutorial, lets assume you have not setup the name and IP address during installation of Linux. We will then go to the files concerned and make the changes there.
To start the network configuration have a look at the file: /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE= BOOTPROTO= BROADCAST= IPADDR= NETMASK= NETWORK= ONBOOT=
The lines in this file specify how the network will be configured. Here is a brief explaination of these lines:
For our configuration this machine is the server, so it’s configuration should be changed to:
DEVICE=eth0 BOOTPROTO=static BROADCAST=192.168.1.255 IPADDR=192.168.1.1 NETMASK=255.255.255.0 NETWORK=192.168.1.0 ONBOOT=yes
The next file we will modify is: /etc/sysconfig/network
NETWORKING= HOSTNAME= GATEWAY=
Here is a quick definition of the entries in this file.
So for our server install it should say:
NETWORKING=yes HOSTNAME=wizard.home.org GATEWAY=192.168.1.254
Once we have made these changes, we should run the command “/etc/rc.d/init.d/network start” to activate them.
We are going to create users on the server at this time so each of the users will already be known to the server once the workstation start talking to the server. The allows the user to have a home directory on the server as well as common areas.
The program we will be using is called “useradd”. The syntax of the command looks like:
usage: useradd [-u uid [-o]] [-g group] [-G group,...] [-d home] [-s shell] [-c comment] [-m [-k template]] [-f inactive] [-e expire ] [-p passwd] [-M] [-n] [-r] name
So to add the first user we would use the command:
useradd -d /home/frank -s /bin/bash -c “Frank Smith” frank
Now that we have added the user lets assign the password for this user. We will use the normal password command. The difference is that as the root user you can set or change the password for any user on the system. The command then is:
Enter the password specified in your table twice.
Now that you see how it is done, repeat the process for the other two users.
Since we would normally prefer to enter a computer name rather than it’s IP address, we need to give the computer a way of looking up the IP address from the name. There are normally two methods used in Linux. The first is to configure a DNS server. We might learn how to do this later, but for now we will enter the computer names into the /etc/hosts file.
So we need to open the /etc/hosts file in the editor and add the entries to the file. Our file should end up looking like this:
# File: /etc/hosts # Date: Mon Dec 2 22:00:54 EST 2002 # Last Revised: Time-stamp: <2002-12-02 22:01:44 root> maintained by emacs # Description: host name lookup # =================================================================== # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 192.168.1.254 samson.home.org samson 192.168.1.1 wizard.home.org wizard 192.168.1.5 apollo.home.org apollo 192.168.1.7 demeter.home.org demeter
You might notice the first 5 lines of the file. They are a comment, and not strictly needed. I put them in the file to remind me what I did to it and when. You don’t need them, but they are often worth the time needed to type them.
You should configure the file /etc/resolv.conf to know who you are and where to find a name server. It should be setup like this:
domain home.org nameserver 192.168.1.254
This tells the system to use the domain home.org and to look for the DNS information on samson.
Now that the server exists and knows who it is, lets configure the tool which allows us to share the files and printers with our users.
Lets start by looking at part of the Unix install pages distributed with Samba.
There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them carefully so you can see how the options go together in practice. See the man page for all the options.
The simplest useful configuration file would be something like this:
[global] workgroup = MYGROUP [homes] guest ok = no read only = no
which would allow connections by anyone with an account on the server, using either their login name or “homes” as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details)
Note that make install will not install a
smb.conf file. You need to create it yourself.
Make sure you put the smb.conf file in the same place you specified in the
Makefile (the default is to look for it in
For more information about security settings for the [homes] share please refer to the document UNIX_SECURITY.txt.
It’s important that you test the validity of your
smb.conf file using the testparm program. If testparm runs OK then it will list the loaded services. If not it will give an error message.
Make sure it runs OK and that the services look reasonable before proceeding.
Now that we know what the minimum amount of information is for the smb.conf file. Lets look at the file itself. I have added the configuration for our network which I will point out as we go. This file normally lives, on the Linux server in the directory /etc/samba.
# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = home.org # <-- Changed for our network --> # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.1. 127. # <-- Changed for our network --> # If you want to automatically load your printer list rather # than setting them up individually then you'll need this load printers = yes # you may wish to override the location of the printcap file printcap name = /etc/printcap # <-- Changed for our network --> # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system printcap name = lpstat # <-- Changed for our network --> # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # <-- Changed for our network --> # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /usr/local/samba/var/log.%m # Put a capping on the size of the log files (in Kb). max log size = 5000 # <-- Changed for our network --> # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = <NT-Server-Name> # Note: Do NOT use the now deprecated option of "domain controller" # This option is no longer implemented. # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = no # <-- Changed for our network --> # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # <-- Changed for our network --> # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # <-- Changed for our network --> # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # <-- Changed for our network --> # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # <-- Changed for our network --> # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = yes # <-- Changed for our network --> writable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /usr/local/samba/lib/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /usr/local/samba/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /usr/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files [tmp] # <-- Changed for our network --> comment = Temporary file space # <-- Changed for our network --> path = /tmp # <-- Changed for our network --> read only = no # <-- Changed for our network --> public = yes # <-- Changed for our network --> # A publicly accessible directory, but read only, except for people in # the "staff" group [public] # <-- Changed for our network --> comment = Public Stuff # <-- Changed for our network --> path = /home/samba # <-- Changed for our network --> public = yes # <-- Changed for our network --> writable = yes # <-- Changed for our network --> printable = no # <-- Changed for our network --> write list = @staff # <-- Changed for our network --> # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %U option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765
That was a rather long run through the configuration file. But it determined how the users can use the Server from their windows computers.
Lets now use the command testparm /etc/samba/smb.conf , to check our smb.conf file. The output should look something like:
# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[tmp]" Processing section "[public]" Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages workgroup = HOME.ORG netbios name = netbios aliases = netbios scope = server string = Samba Server interfaces = bind interfaces only = No security = USER encrypt passwords = No update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = No passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No log level = 2 syslog = 1 syslog only = No log file = /usr/local/samba/var/log.%m max log size = 5000 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 10000 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = lpstat disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 33 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = No wins hook = kernel oplocks = Yes oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 inherit permissions = No guest only = No guest ok = No only user = No hosts allow = 192.168.1. 127. hosts deny = status = Yes nt acl support = Yes max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = lprng print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name = use client driver = No default devmode = No printer driver = printer driver file = /etc/samba/printers.def printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes hide unreadable = No delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = No share modes = Yes copy = include = exec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filemode = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object = vfs options = msdfs root = No [homes] comment = Home Directories read only = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [public] comment = Public Stuff path = /home/samba write list = @staff read only = No guest ok = Yes
For more information, or another explaination about using Samba, allow me to point to smbd – Samba NT Server from the Rute book.
At this point we are ready to move on to the configuring the Firewall.
Written by John F. Moore
Last Revised: Wed Oct 18 11:01:34 EDT 2017