1 / 92

Installing Samba 3 on OpenServer 6 Kirk Farquhar, SCO Canada kirkf@sco

Installing Samba 3 on OpenServer 6 Kirk Farquhar, SCO Canada kirkf@sco.com. Agenda. What is Samba?. Samba is an open-source application suite that enables SMB/CIFS based services on Unix servers SMB – Server Message Block – is the underlying protocol for Windows File & Print Sharing

rumor
Download Presentation

Installing Samba 3 on OpenServer 6 Kirk Farquhar, SCO Canada kirkf@sco

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Installing Samba 3 on OpenServer 6Kirk Farquhar, SCO Canada kirkf@sco.com

  2. Agenda

  3. What is Samba? • Samba is an open-source application suite that enables SMB/CIFS based services on Unix servers • SMB – Server Message Block – is the underlying protocol for Windows File & Print Sharing • Licensed under the GPL • Maintained by the Samba Team (12-20 people) • Web Site for resources – www.samba.org

  4. Business Benefits of Samba • Samba allows you to merge the resources of your Windows & Unix networks • Provides seamless access to Unix based files from Windows clients • Provides a secure & stable file server • Provides an upgrade path from Windows to “big iron” • Eliminates the need for Windows servers in organizations that don’t require Windows Server based applications

  5. Samba 3 • Installation

  6. OSR6-Installing from Media • Insert the OpenServer 6 CD • Start scoadmin • Select Software Manager, Software, Install New • Select “From Servername” • Select the media device CDROM 0 • Expand SCO OpenServer Release 6.0.0 • Expand Connectivity • Highlight SAMBA and click on Install • N.B. If Heimdal Kerberos was not installed, install it in the same manor. • Run mkdev samba

  7. OSR6-Installing from Downloads • Download CPIO file from the SCO site to /tmp • Extract the VOL files • cat *.cpio | cpio – ivcd “*.*” • Start scoadmin • Select Software Manager, Software, Install New • Select “From Servername” • Select the media images option and directory /tmp • Highlight samba and click Install • Run mkdev samba

  8. mkdev samba • Run the command mkdev samba • Choose 1 – Configure and Activate Samba • Enter your Windows Domain or Workgroup name • Accept the default machine name provided • If your network has a WINS server select yes and provide its IP address • If there is no WINS server on Windows this server can be set as a WINS server • Select whether you want to participate in an MS Domain • Provide the NetBIOS name of the PDC

  9. mkdev samba command - Workgroup

  10. mkdev samba command-Workgroup Defaults

  11. mkdev samba command-Workgroup • Changes made to /etc/samba/smb.conf • workgroup = WORKGROUP • netbios name = FANGORN • Security = User • WINS server = 192.168.0.2

  12. State of Server after this mkdev samba • nmbd and smbd are running • The server is a member of the workgroup named WORKGROUP • No shares are created and only root can connect

  13. mkdev samba – Domain Member

  14. mkdev samba – Domain Member • Changes to /etc/samba/smb.conf • workgroup = ME • netbios name = FANGORN • security = domain • password server = RIVENDELL • wins server = 192.168.0.2

  15. State of Server after this mkdev samba • nmbd and smbd are running • The server is a member of the domain ME • The only user is root/administrator • Shares aren’t set-up • Password backend is smbpasswd • Passwords are encrypted

  16. Introduction to SWAT

  17. What is SWAT? • SWAT = Samba Web Administration Tool • Included and configured by default with SCO Samba implementations • Swat will allow you to perform most Samba administration functions from any browser that can contact the server • Alternative to command line interfaces or configuring smb.conf • Available on port 901 by default • Controlled by inet and services file entry

  18. Issues & Concerns with SWAT • Completely replaces smb.conf on each use • Only stores non-default settings in intermediate file • Doesn’t retain set-up comments • Can be viewed as a security risk • Never run in demo mode • Never run outside firewalls • Doesn’t like some passwords

  19. SWAT Connection & Login Use your browser to connect to http://192.168.0.4:901

  20. SWAT HomePage • Primary use of the home page is to access the docs

  21. SWAT Screens - • Allows you to set all Global variables that control the servers behaviour: • Server Type • Security Settings • Master Browser status & participation • WINS Options

  22. SWAT Screens - • Allows you to configure File Shares on the Server, including the specific permissions and performance modifiers for the shares.

  23. SWAT Screens - Allows you to set-up the Unix printers to be shared by the server and to configure the printing and security options for those printers

  24. SWAT Screens - This screen allows you to re-write the smb.conf file and easily re-set the Server type, WINS status and basic security access. Probably the first screen you’ll use, but this is very dangerous as it can undo much configuration work.

  25. SWAT Screens - Displays current status of the Samba Server including active connections. Can be used to shut-down or restart the server.

  26. SWAT Screens - View the current smb.conf file. Note – you cannot change the file here. By default shows only the non-default entries you’ve created for the file. The Full View option shows the entire smb.conf file.

  27. SWAT Screens - Add, enable and disable users as well as resetting passwords for users.

  28. Files & Directories

  29. Files & Directories • /etc/samba • smb.conf primary samba configuration file • lmhosts file of netbios host names & ip addresses • secrets.tdb holds SID information • smbusers maps Unix to Windows account names • smbpasswd Equivalent to the Unix Password file • smbstab Info about file & print shares • /usr/sbin • Daemons smbd and nmbd • /usr/bin • Executables, testparm, smbnet etc

  30. smb.conf file • The smb.conf file contains all non-default entries you make to configure the Samba server • Other entries are automatically set to defaults by Samba • Re-read on each new connection and every 60 seconds • Rebuilt dynamically if you use SWAT

  31. S99smbd & S99nmbd • Located in /etc/rc2.d – linked to smb & nmb in /etc/init.d • Created by mkdev samba or you can manually create links • /etc/init.d/smb enable, /etc/init.d/nmb enable • Starts and stops daemons • Syntax • /etc/rc2.d/S99smbd start|stop|restart|enable|disable • /etc/rc2.d/S99nmbd start|stop|restart|enable|disable • Can be modified to change location of Samba files • Attempts to delete PID files and starts smbd and nmbd

  32. Daemons • Located in /usr/sbin • smbd • tcp/ip daemon handles all file and print requests as well as authentication and security • nmbd • Handles name look-up and resolution and manages network browsing • Handles all UDP traffic • smbd will not work without nmbd

  33. Using testparm • Utility to test syntax of smb.conf file • Located in /usr/lib/samba/bin • Usage • testparm (-v) (smb.conf file location) • By default only lists changes you’ve made • The –v option will show all defaults added by Samba • Giving smb.conf file location lets you test multiple files • Besides displaying data does a very simple syntax check – Note: this doesn’t guarantee your server will work

  34. Configuring Your Server

  35. Configuring the Samba Server • Decisions to be made • Do you have an existing Windows Network? • Is it a Workgroup or Domain? • If a Domain, what security profile? • What type of Server will this be? • What Security Mode do you want? • Will you join an existing Workgroup or Domain? • Do you have a Windows Domain? • Do you use Active Directory? • Is the Samba Server to be a Domain Controller? • Are Unix userids and network ids to be the same? • What type of clients will you have, Win95, Win2K?

  36. Prerequisites • You need to have a running network interface • DNS should be configured • Optionally use /etc/hosts • Test with ping & nslookup • If joining an AD domain DNS should probably be running from the Win2K server • i.e. nslookup fangorn.me.local returns 192.168.0.4 • nslookup 192.168.0.4 should return fangorn.me.local • Apache is necessary for SWAT to function • Other smb services must not be operating (AFPS VFS) • Ports 137,139, and 901 must be available

  37. Windows Networking Issues • Existing Win2K+ Domains with AD need to be configured with a Domain Functional Level of: • Windows 2000 Mixed • This allows servers using NT4 style Domain functionality to participate in the Domain • Or Native • This allows for native AD authentication using kerberos – this will require the Heimdal modules

  38. Server Types • Stand-alone Server • A stand-alone server is a Workgroup member, but does not participate in Domain Security. Domain members may access it using local authentication. • Domain Member Server • A Domain Member Server participates in a Domain and provides for a Single Sign-on Environment • Domain Controller • Acts as either a Primary or Back-up Domain Controller

  39. Security Levels • User Security • Security=user • Client sends session request as username/password • Server checks user and hostname only since no share info is available • Once authenticated client “expects” to be able to mount shares with a tree connection without further authentication • Client can send multiple session requests and gets a separate UID for each • Share Security • Security=share • Each tree connection request has a password submitted • Unlike NT, Unix needs a username/password combo • Samba will try to resolve a username by checking the PW against possible users • Not recommended – may create problems with newer Win Clients • Primarily to support legacy implementations – Win9?

  40. Security Levels • Domain Security (NT4 Domains) • Security=Domain • Workgroup=ME • Encrypt Passwords=Yes • Server has a trust account on the domain server –gotcha! • Authentication requests passed to domain server to be resolved • You must join a domain after Samba is started ( you only need to do this once) • As root execute: • /usr/lib/samba/bin/smbnet rpc join –U Administrator%adminpw • You must have a standard Unix user account for each user of the server or define acceptable users by share • Populate /etc/passwd with • /usr/lib/samba/bin/smbnet rpc vampire –S pdcnbname –U administrator%pw

  41. Security Levels • Domain Security (Native AD Domains) • Security=Domain • Workgroup=ME • Encrypt Passwords=Yes • Server has a trust account on the domain server –gotcha! • Authentication requests passed to domain server to be resolved • You must join a domain after Samba is started ( you only need to do this once) • As root execute: • /usr/lib/samba/bin/smbnet rpc join –U Administrator%adminpw • You must have a standard Unix user account for each user of the server or define acceptable users by share • Populate /etc/passwd with • /usr/lib/samba/bin/smbnet rpc vampire –S pdcnbname –U administrator%pw

  42. Security Levels • Server Security • smb.conf entries needed • Security=Server • Encrypt passwords=yes • Password Server=nbnameofserver • Variation of user level security – client “thinks” this is user level • When the server gets a session setup request it uses the username/password combo to try to login to the password server • Requires a standard Unix user account on the Samba Server • You may want to block shell connections for this account • May cause account lockouts on servers for failed authentications • If the PW server shuts down Samba won’t work

  43. Setting Up a Standalone Server

  44. Setting up a Stand-alone Server - • In the Globals Screen: • Define your Workgroup name • Define the netbios name • Set security level • Set Encrypted Passwords to Yes • Set Password Backend to smbpasswd • Commit changes

  45. Setting up a Stand-alone Server - • In the Wizard Screen: • Select Stand-alone Server • Configure WINS Server • Expose Home Dirs? • Commit changes

  46. Create Machine Accounts for Workstations • You need to create machine accounts for workstations running W2K or above • Create a Unix Group machines • groupadd machines • Add an account for each machine • useradd –g machines –d /var/nobody –c “Kirks Workstation” –s /bin/false bilbo$ • Note $ at end of machine name

  47. Add Users - • In the Password Screen • Add users • Set passwords to match Windows PW • Click Add New User for each user • Click Enable User

  48. Setting up a Stand-alone Server - • In the Status screen: • Click on Restart All to shutdown and restart the Server • From a windows Workstation go to My Network Places, and select • Entire Network, • Microsoft Windows Network • Your Domain • Your Samba Server • To display current shares.

  49. smb.conf Entries • Security = User • Workgroup = SCO • Encrypted Passwords = Yes • Password Backend = smbpasswd

  50. Check Access to Resources

More Related