File Sharing Server Setup using Samba
on CentOS 5.8
Prof Jeong Chul
tland12.wordpress.com
Computer Science
ITC and RUPP in Cambodia
File Sharing Server Setup using Samba
on CentOS 5.8 Part 1 • Step 1 Samba Service
• Step 2 Package installation and Startup
• Step 3 Samba configuration 1, 2
Part 2 • Step 4 Samba Authentication
• Step 5 Samba Password
• Step 6 Samba Client Tools
• Step 7 Samba Mount
Samba Server Testing Environment
1.sever.chul.com: 192.168.80.25
Linux Samba server
2.client.chul.com: 192.168.80.10
Linux Samba client
3.Windows 7 : 192.168.80.1
Windows samba client
Windows file sharing
Step 1 Samba Service
1.SMB/CIFS SMB (Server Message Block) : protocol to share disk and printer
developed by Microsoft and Intel using NetBIOS on TCP/IP CIFS (Common Internet File System): extended version of SMB file sharing for Internet, Internet Standard File Protocol to support Windows and Unix system
2. Four main services are provided:
authentication and authorization of users file and printer sharing service between Windows and Linux system name resolution – NetBIOS mapping to IP address browsing (service announcements)
3. Related smbclient command-line access - client access Linux can mount a Samba share using the cifs or smbfs file system
Step 2 Package Installation and Startup
1. Package installation samba-common-3.0.33-3.39.el5_8 samba-client-3.0.33-3.39.el5_8 samba-3.0.33-3.39.el5_8 system-config-samba-1.2.41-5.el5 // GUI configuration samba-swat-3.0.33-3.39.el5_8 // WEB configuration
2. Service startup # service smb start 3. Service startup checking # ps –ef | grep smbd, nmbd # netstat –nat | grep 137,138,139,445 Netbios: 137,138,139 SMB over Tcp: 445 4. Runlevel registration # chkconfig smb on # chkconfig –list smb 5. Testing : smbclient –L localhost -N
Step 3 Samba Configuration (1)
1.Configuration tools /etc/samba/smb.conf system-config-samba samba-swat (http://localhost:901) Hand-editing smb.conf is recommended
2. smb.conf section [global]: section for server generic or global settings [homes] : used to grant some or all users access to their home directories [printers] : defines printer resources and services
3. Some options public - share can be accessed by guest browsable - share is visible in browse lists writable - resource is read and write enabled printable - resource is a printer, not a disk group - all connections to the share use the specified group as their
primary group
Step 3 Samba Configuration (2) 4. Configuration file – global section workgroup = WORKGROUP netbios = Server server string = Samba Server Version %v hosts allow = 127. 192.168.10. 192.168.80. log file = /var/log/samba/%m.log max log size = 50
5. Users Home [homes] comment = Server.chul.com Home Directories browseable = no writable = yes valid users = %S
6. Public Directory [public] comment = Public Samba path = /home/samba public = yes writable = yes printable = no valid users = @samba create mask = 0775 directory mask = 0775
Step 4 Authentication
1. Specified with security = method (/etc/samba/smb.conf)
security = user
2. Valid methods are: user : validation by user and password (this is the default)
domain/server : a workgroup with a collection of authentication
data is used, need authentication server
ads : acts as an Active Directory member with Kerberos
authentication
share : user validation on per-share basis
Step 5 Samba Password (1) 1. Clear-text passwords security = user encrypt passwords = no Ignore any smb.conf passwd backend 2. Encrypted password smbpasswd security = user encrypt passwords = yes passdb backend = smbpasswd (NTLMv1, NTLMv2) # cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
U: User account LCT-375412BE: Unix Timestamp to change password
Step 5 Samba Password (2)
3. Encrypted password trivial database <- Default security = user
encrypt passwords = yes
passdb backend = tdbsam
# strings passdb.tdb
Database variant of smbpasswd with support for a richer set of attributes
4. Encrypted password LDAP
security = user
encrypte passwords = yes
passdb backend = ldapsam
5. Smbpasswd
# smbpasswd –a username //adding username
# smbpasswd username //change password
# smbpasswd –d username //disable username
# smbpasswd –e username //enable username
# smbpasswd –x username //delete username
Step 6 Samba Client Tools 1. testparm: used to check the syntax of /etc/samba/smb.conf # testparm /etc/samba/smb.conf 2. Smbclient # smbclient -L hostname (-I ipaddress) –U username # smbclient //hostname/sharingdir (–I ipaddress) –U username) 3.Nmblookup # nmblookup -U WINS_server -R name # nmblookup \* 4. Mount # mount –t cifs //server_address/sharingdir /mnt/linux –o username=username 5. Windows command for file sharing fsmgmt.msc - Windows sharing directory list C:\> net share C:\> net use t: \\server\samba /user:linux fiddle
Step 7 Samba Mount 1./etc/fstab – support automatic mount //server/public /mnt/smb cifs username=bob,password=pass 0 0
2. Avoiding username and password //server/public /mnt/smb cifs credentials=/etc/samba/cred.txt 0 0
# cat /etc/samba/cred.txt username=linux //smaba_user password=linux //samba_password # chmod 640 cred.txt
3. Using noauto //server/public /mnt/smb cifs username=bob,password=pass,noauto 0 0 4. Need netfs activation # chkconfig netfs on # service netfs start
Assignment
1.Try to test another Windows versions as Samba client
Windows server 2003, Windows Vista
Windows server 2008, Windows 8
Windows server 2012
2. Try to setup ldapsmb using OpenLDAP for passwd
3. Try to analyze SMB/CIFS packet using Wireshark
4. Try to control Remote Administration with net
File Sharing Server Setup using Samba on
CentOS 5.8
Thank you !!! See you again on Mail server, next video
Top Related