File Sharing Server Setup using Samba

on CentOS 5.8

Prof Jeong Chul

tland12.wordpress.com

Computer Science

ITC and RUPP in Cambodia

File Sharing Server Setup using Samba

on CentOS 5.8 Part 1 • Step 1 Samba Service

• Step 2 Package installation and Startup

• Step 3 Samba configuration 1, 2

Part 2 • Step 4 Samba Authentication

• Step 5 Samba Password

• Step 6 Samba Client Tools

• Step 7 Samba Mount

Samba Server Testing Environment

1.sever.chul.com: 192.168.80.25

Linux Samba server

2.client.chul.com: 192.168.80.10

Linux Samba client

3.Windows 7 : 192.168.80.1

Windows samba client

Windows file sharing

Step 1 Samba Service

1.SMB/CIFS SMB (Server Message Block) : protocol to share disk and printer

developed by Microsoft and Intel using NetBIOS on TCP/IP CIFS (Common Internet File System): extended version of SMB file sharing for Internet, Internet Standard File Protocol to support Windows and Unix system

2. Four main services are provided:

authentication and authorization of users file and printer sharing service between Windows and Linux system name resolution – NetBIOS mapping to IP address browsing (service announcements)

3. Related smbclient command-line access - client access Linux can mount a Samba share using the cifs or smbfs file system

Step 2 Package Installation and Startup

1. Package installation samba-common-3.0.33-3.39.el5_8 samba-client-3.0.33-3.39.el5_8 samba-3.0.33-3.39.el5_8 system-config-samba-1.2.41-5.el5 // GUI configuration samba-swat-3.0.33-3.39.el5_8 // WEB configuration

2. Service startup # service smb start 3. Service startup checking # ps –ef | grep smbd, nmbd # netstat –nat | grep 137,138,139,445 Netbios: 137,138,139 SMB over Tcp: 445 4. Runlevel registration # chkconfig smb on # chkconfig –list smb 5. Testing : smbclient –L localhost -N

Step 3 Samba Configuration (1)

1.Configuration tools /etc/samba/smb.conf system-config-samba samba-swat (http://localhost:901) Hand-editing smb.conf is recommended

2. smb.conf section [global]: section for server generic or global settings [homes] : used to grant some or all users access to their home directories [printers] : defines printer resources and services

3. Some options public - share can be accessed by guest browsable - share is visible in browse lists writable - resource is read and write enabled printable - resource is a printer, not a disk group - all connections to the share use the specified group as their

primary group

Step 3 Samba Configuration (2) 4. Configuration file – global section workgroup = WORKGROUP netbios = Server server string = Samba Server Version %v hosts allow = 127. 192.168.10. 192.168.80. log file = /var/log/samba/%m.log max log size = 50

5. Users Home [homes] comment = Server.chul.com Home Directories browseable = no writable = yes valid users = %S

6. Public Directory [public] comment = Public Samba path = /home/samba public = yes writable = yes printable = no valid users = @samba create mask = 0775 directory mask = 0775

Step 4 Authentication

1. Specified with security = method (/etc/samba/smb.conf)

security = user

2. Valid methods are: user : validation by user and password (this is the default)

domain/server : a workgroup with a collection of authentication

data is used, need authentication server

ads : acts as an Active Directory member with Kerberos

authentication

share : user validation on per-share basis

Step 5 Samba Password (1) 1. Clear-text passwords security = user encrypt passwords = no Ignore any smb.conf passwd backend 2. Encrypted password smbpasswd security = user encrypt passwords = yes passdb backend = smbpasswd (NTLMv1, NTLMv2) # cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

U: User account LCT-375412BE: Unix Timestamp to change password

Step 5 Samba Password (2)

3. Encrypted password trivial database <- Default security = user

encrypt passwords = yes

passdb backend = tdbsam

# strings passdb.tdb

Database variant of smbpasswd with support for a richer set of attributes

4. Encrypted password LDAP

security = user

encrypte passwords = yes

passdb backend = ldapsam

5. Smbpasswd

# smbpasswd –a username //adding username

# smbpasswd username //change password

# smbpasswd –d username //disable username

# smbpasswd –e username //enable username

# smbpasswd –x username //delete username

Step 6 Samba Client Tools 1. testparm: used to check the syntax of /etc/samba/smb.conf # testparm /etc/samba/smb.conf 2. Smbclient # smbclient -L hostname (-I ipaddress) –U username # smbclient //hostname/sharingdir (–I ipaddress) –U username) 3.Nmblookup # nmblookup -U WINS_server -R name # nmblookup \* 4. Mount # mount –t cifs //server_address/sharingdir /mnt/linux –o username=username 5. Windows command for file sharing fsmgmt.msc - Windows sharing directory list C:\> net share C:\> net use t: \\server\samba /user:linux fiddle

Step 7 Samba Mount 1./etc/fstab – support automatic mount //server/public /mnt/smb cifs username=bob,password=pass 0 0

2. Avoiding username and password //server/public /mnt/smb cifs credentials=/etc/samba/cred.txt 0 0

# cat /etc/samba/cred.txt username=linux //smaba_user password=linux //samba_password # chmod 640 cred.txt

3. Using noauto //server/public /mnt/smb cifs username=bob,password=pass,noauto 0 0 4. Need netfs activation # chkconfig netfs on # service netfs start

Assignment

1.Try to test another Windows versions as Samba client

Windows server 2003, Windows Vista

Windows server 2008, Windows 8

Windows server 2012

2. Try to setup ldapsmb using OpenLDAP for passwd

3. Try to analyze SMB/CIFS packet using Wireshark

4. Try to control Remote Administration with net

File Sharing Server Setup using Samba on

CentOS 5.8

Thank you !!! See you again on Mail server, next video