|
15. Fileserver
Warning:
This chapter is crude. It will work, but could do with some better
explanation of what is going on.
|
Introduction
One of the nicer things about having a knoppixbox is you can use it
as a Samba fileserver. Samba is the open source implementation of the
SMB protocol, used by Microsoft to do file sharing. By using Samba,
you can have all your files accessible from Windows, Macintosh or
Linux machines, and more! You can use Samba as an authentication
server or you can use it as a Print Server. You can do loads of
things with it, but for now, we'll stick to the basics: file serving.
Installation
Now, I don't think this can be any easier. It's there already!
The latest and greatest Samba3! At your hands! Waaw!
Configuration
For now, we'll keep the configuration pretty simple. It can and
updated later on, and annotated too, but just for now, make sure
your configuration file looks like this.
Code listing 15.1: The /etc/samba/smb.conf file |
[global]
netbios name = HOSTNAME
workgroup = WORKGROUP
# we are commenting out following line, which would be of
# use if we did not use an ldap backend:
passdb backend = smbpasswd, guest
# ldap admin dn = "cn=admin,ou=People,dc=bliir,dc=word,dc=mine,dc=nu"
# ldap ssl = off
# passdb backend = ldapsam:ldap://127.0.0.1
# ldap user suffix = ou=People
# ldap group suffix = ou=Groups
# ldap machine suffix = ou=Computers
# ldap suffix = dc=bliir,dc=word,dc=mine,dc=nu
# ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
# idmap gid = 1000-2000
# idmap uid = 1000-2000
os level = 33
preferred master = yes
domain master = yes
local master = yes
security = user
encrypt passwords = true
domain logons = yes
logon path = \\%N\%U\profile
logon drive = Z:
logon home = \\%L\%u\.profiles
logon script = logon.cmd
add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
wins support = yes
interfaces=eth1
printing = bsd
printcap name = /etc/printcap
load printers = yes
guest account = pcguest
# log level = 3
[netlogon]
path = /var/lib/samba/netlogon
read only = yes
write list = ntadmin
browseable = no
[homes]
path = /home/%U/
read only = no
create mask = 0600
directory mask = 0700
veto files = /Maildir/
[common]
path = /home/common/share
read only = no
force directory mode = 0770
force group = common
[printers]
comment = All Printers
browseable = no
printable = yes
public = no
writable = no
create mode = 0700
|
All you need to change is HOSTNAME into something appropriate
for your knoppixbox, like the hostname, and WORKGROUP to something
that describes your local network. Use WORKGROUP if you don't have
any inspiration if you want. It doesn't matter all that much.
We need to make sure it's started at boot time, because
that's what is not enabled by default. However, this simple
command will help us out.
Code listing 15.2: Making sure Samba starts at boot time |
kristof@knoppixbox:~# sudo update-rc.d samba defaults
Adding system startup for /etc/init.d/samba ...
/etc/rc0.d/K20samba -> ../init.d/samba
/etc/rc1.d/K20samba -> ../init.d/samba
/etc/rc6.d/K20samba -> ../init.d/samba
/etc/rc2.d/S20samba -> ../init.d/samba
/etc/rc3.d/S20samba -> ../init.d/samba
/etc/rc4.d/S20samba -> ../init.d/samba
/etc/rc5.d/S20samba -> ../init.d/samba
kristof@knoppixbox:~# sudo /etc/init.d/samba start
Starting Samba daemons: nmbd smbd.
|
Since we've chosen to use as a password backend smbpasswd, we will
need to add every user that is able to connect to the server manually
with the smbpasswd -a command. This is not difficult, but
it is not elegant either. A more elaborate configuration of user
management is high priority on the list of todo items for this
document.
That should be it. If you've configured your firewall, you should
be able to connect to the fileserver.
Configuration of the Firewall
As usual, the Firewall will need some adaptation for every client to
be able to connect to the file server. This table sums it up. It
is based on the table
provided by the Shorewall team.
|
Action
|
Source
|
Destination
|
Protocol
|
Source ports
|
Destination ports
|
Comment
|
|
Accept
|
Zone Local
|
Firewall
|
UDP
|
Any
|
137:139
|
These two ports require UDP traffic enabled.
|
|
Accept
|
Firewall
|
Zone Local
|
UDP
|
Any
|
137:139
|
These two ports require UDP traffic enabled in both directions.
|
|
Accept
|
Zone Local
|
Firewall
|
TCP
|
Any
|
137,139,445
|
These three ports require TCP traffic enabled.
|
|
Accept
|
Firewall
|
Zone Local
|
TCP
|
Any
|
137,139,445
|
These three ports require TCP traffic enabled in both directions.
|
|
Accept
|
Zone Local
|
Firewall
|
UDP
|
137
|
1024:
|
Source port 137 can call back to any port higher than 1024.
|
|
Accept
|
Firewall
|
Zone Local
|
UDP
|
137
|
1024:
|
Source port 137 can call back to any port higher than 1024 in both directions.
|
Todo
Actually, there is a lot more to be described that what the timeframe allowed. You not
only have a samba server, you have a full fledged samba server. You can use it for
user management, for ACLs, for print server, etc... this is all to be done.
|
|
 |
|
Updated $LastChangedDate: 2004-11-05 23:24:59 +0100 (Fri, 05 Nov 2004) $ |
|
Kristof Van Landschoot
Author
|
|
|
Summary:
Installing a Fileserver will make sure that everyone can access the
common set of files at all thimes.
|
|
|