About Me

My photo
Hi Friends, I am Sandeep CC and some people know me as System Administrator. I have started my professional career from 2008. I have been working as System Administrator on Linux Server and Windows Client. I am here to share my Knowledge in which I have experienced and which I have come across till now, It could be help to you people. In case anything wrong or any improvements in my post steps, Please comment to the post, Feel free to contact me by posting comments on this blog. Thanks and Regards, Sandeep CC

Tuesday, May 4, 2010

Configure Samba On REDHAT LINUX-4


SAMBA SERVER

SAMBA SERVER
Samba uses /etc/samba/smb.conf as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the command service smb restart.
To specify the Windows workgroup and a brief description of the Samba server, edit the following lines in your smb.conf file:
workgroup = "WORKGROUPNAME"


Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong. To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):
[general]
path = /home/general/
valid users = tech,general
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users tech and general to read and write to the directory /home/general, on the Samba server, from a Samba client.
Encrypted Passwords:
Encrypted passwords are enabled by default because it is more secure. If encrypted passwords are not used, plain test password are used, which can be intercepted by someone using a network packet sniffer. It is recommended that encrypted passwords be used.
To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:
1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:
cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
If the system uses NIS, type the following command:
ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd
The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.
2. Change the permissions of the Samba password file so that only root has read and write permissions:
chmod 600 /etc/samba/smbpasswd
3. The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's Red Hat Linux password. To set each Samba user's password, use the following command (replace username with each user's username):
smbpasswd username
4. Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
5. Make sure the smb service is started by typing the command service smb restart at a shell prompt.
6. If you want the smb service to start automatically, use Chkconfig smb on

Starting and Stopping Samba the Server
On the server that is sharing directories via Samba, the smb service must be running.
View the status of the Samba daemon with the following command:
/sbin/service smb status
Start the daemon with the following command:
/sbin/service smb start
Stop the daemon with the following command:
/sbin/service smb stop
To start the smb service at boot time, use the command:
/sbin/chkconfig smb on

Creating Users & File,Folder Permissions

Create two users with password as general & tech

[root@localhost ~]# useradd general
[root@localhost ~]# passwd general

[root@localhost ~]# useradd tech
[root@localhost ~]# passwd tech

Create one group as gtssamba

[root@localhost ~]# groupadd gtssamba
[root@localhost ~]#

Add both user to gtssamba group

[root@localhost ~]# usermod -G gtssamba tech
[root@localhost ~]# usermod -G gtssamba general
[root@localhost ~]#

Check whether both users has added in gtssamba group

[root@localhost ~]# id tech
uid=507(tech) gid=512(tech) groups=512(tech),514(gtssamba)
[root@localhost ~]# id general
uid=508(general) gid=513(general) groups=513(general),514(gtssamba)
[root@localhost ~]#

Check with /etc/group file

[root@localhost ~]# cat /etc/group
root:x:0:root
tech:x:512:
general:x:513:
gtssamba:x:514:tech,general
[root@localhost ~]#

Give full group permissions to general home directory

[root@localhost home]# chmod g=rwx general
[root@localhost home]# ls -ltr
drwxrwx--- 3 general general 4096 Dec 14 11:33 general
drwx------ 3 tech tech 4096 Dec 14 11:34 tech
[root@localhost home]#

Add general directory/user to gtssamba group:

[root@localhost home]# chgrp gtssamba general
[root@localhost home]# ls -ltr
drwxrwx--- 3 general gtssamba 4096 Dec 14 11:33 general
drwx------ 3 tech tech 4096 Dec 14 11:34 tech
[root@localhost home]#

Give group special permission to general home directory

[root@localhost home]# chmod g+s general/
[root@localhost home]# ls -ltr
drwxrws--- 3 general gtssamba 4096 Dec 14 11:33 general
drwx------ 3 tech tech 4096 Dec 14 11:34 tech

Now check both users has got full permissions to access for general home directory,

1. go to general user and create some file folders

[general@localhost ~]$ mkdir general
[general@localhost ~]$ touch general.txt
[general@localhost ~]$ ls -ltr
-rw-rw-r-- 1 general gtssamba 0 Dec 14 12:01 general.txt
drwxrwsr-x 2 general gtssamba 4096 Dec 14 12:01 general

2. go to tech user and try to create some file and folders in general home directory,

[tech@localhost general]$ mkdir fromtech
[tech@localhost general]$ vi fromtech.txt
[tech@localhost general]$ ls -ltr
drwxrwsr-x 2 tech gtssamba 4096 Dec 14 12:02 fromtech
-rw-rw-r-- 1 tech gtssamba 11 Dec 14 12:02 fromtech.txt

3. try to modify all created files folder by both users.

[general@localhost ~]$ ls -ltr
total 28
-rw-rw-r-- 1 general gtssamba 0 Dec 14 12:01 general.txt
drwxrwsr-x 2 general gtssamba 4096 Dec 14 12:01 general
drwxrwsr-x 2 tech gtssamba 4096 Dec 14 12:03 fromtech
-rw-rw-r-- 1 tech gtssamba 25 Dec 14 12:03 fromtech.txt


SAMBA USER CREATION, SHARE HOME DIRECTORY & FILE PERMISSIONS.

Add both users in samba server (users password should be different than local login password)

[root@localhost ~]# smbpasswd tech
New SMB password:
Retype new SMB password:
[root@localhost ~]# smbpasswd general
New SMB password:
Retype new SMB password:
[root@localhost ~]#

Share both users home directory

Share & Give full permission to general home directory for both users,

[root@localhost ~]# cd /etc/samba/
[root@localhost samba]# vi smb.conf (add bellow lines in end of the smb.conf page)


[GENERAL]
path = /home/general
broweable = yes
writeable = yes
write list = general tech
create mask = 0770
directory mask = 0770

Share & Give default permission to tech home directory for only tech local user.

[TECH]
path = /home/tech
valid users = tech
writeable = yes
create mask = 0700

START, RESTART & STOP SAMBA SERVER SERVICE

After sharing home directories for both user once restart smb service

[root@localhost ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@localhost ~]#

For getting status of samba server
[root@localhost ~]# service smb status
smbd (pid 3858 3857) is running...
nmbd (pid 3862) is running...
For stopping samba server
[root@localhost ~]# service smb stop
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]

For Starting samba server
[root@localhost ~]# service smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]

In case any modification done in /etc/samba/smb.conf file then once restart the samba server/service.
[root@localhost ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]


Now check with Window local Samba machine.

Go to XP Machine

Go Start
|
Run
|
\\192.168.1.11 (Samba Server IP address)
|
tech (Samba User Name)
tech12345 (Samba user password)
|
Click On Tech shared folder & try with creatation of File & folders.



Go Start
|
Run
|
\\192.168.1.11 (Samba Server IP address)
|
general (Samba User Name)
general12345 (Samba user password)
|
Click On Tech shared folder & try with creatation of File & folders.


Now both users are having full permission for accessing/modifying/deleting/creating for general home directory.

SAMBA WITH FIREWALL SETUP:

[root@gtslinux3 ~]# vi /etc/sysconfig/iptables [check with Red bold ed sentence]
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1560:712733]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -p udp -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
:wq [Save and exit]

[root@gtslinux3 ~]# service iptables restart
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
[root@gtslinux3 ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]