1 / 30

Server Configuration

Server Configuration. Samba. What is Samba?.

shad-fox
Télécharger la présentation

Server Configuration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Server Configuration Samba

  2. What is Samba? • “Samba is a file and print server for Windows-based clients using TCP/IP as the underlying transport protocol. In fact, it can support any SMB/CIFS-enabled client. One of Samba's big strengths is that you can use it to blend your mix of Windows and Linux machines together without requiring a separate Windows NT/2000/2003 Server. Samba is actively being developed by a global team of about 30 active programmers and was originally developed by Andrew Tridgell.” • Samba is a suite of utilities that allows your Linux box to share files and other resources such as printers with Windows boxes.

  3. What is Samba? • Samba is a suite of Unix applications that speak the Server Message Block (SMB) protocol • A Samba server offers the following services • Share one or more directory trees • Share one or more Distributed filesystem (Dfs) trees • Share printers installed on the server among Windows clients on the network • Assist clients with network browsing • Authenticate clients logging onto a Windows domain • Provide or assist with Windows Internet Name Service (WINS) name-server resolution

  4. History • brainchild of Andrew Tridgell • Andrew started the project in 1991, while working with a Digital Equipment Corporation (DEC) software suite called Pathworks, created for connecting DEC VAX computers to computers made by other companies • Andrew created a file-server program for an odd protocol that was part of Pathworks. That protocol later turned out to be SMB • Samba name came from • $ grep -i '^s.*m.*b' /usr/dict/words • Output was salmonberry samba sawtimber scramble • Thus, the name "Samba" was born.

  5. Samba suite • Samba suite revolves around a pair of Unix daemons that provide shared resources—called shares or services—to SMB clients on the network • smbd: A daemon that handles file and printer sharing and provides authentication and authorization for SMB clients. • nmbd: A daemon that supports NetBIOS Name Service and WINS, which is Microsoft's implementation of a NetBIOS Name Server (NBNS). It also assists with network browsing.

  6. SMB? CIFS? History • “SMB: Acronym for ‘Server Message Block’. This is Microsoft's file and printer sharing protocol” • “CIFS: Acronym for ‘Common Internet File System’. Around 1996, Microsoft apparently decided that SMB needed the word "Internet" in it, so they changed it to CIFS”

  7. What Can Samba Do for Me? • You don't want to pay for—or can't afford—a full-fledged Windows server, yet you still need the functionality that one provides. • The Client Access Licenses (CALs) that Microsoft requires for each Windows client to access a Windows server are unaffordable. • You want to provide a common area for data or user directories to transition from a Windows server to a Unix one, or vice versa. • You want to share printers among Windows and Unix workstations. • You are supporting a group of computer users who have a mixture of Windows and Unix computers. • You want to integrate Unix and Windows authentication, maintaining a single database of user accounts that works with both systems. • You want to network Unix, Windows, Macintosh (OS X), and other systems using a single protocol.

  8. Protocols • SMB/NMB • For compatibility with MS Windows environments, the Samba suite, including support for the NMB and SMB protocols, can be installed on any UNIX-like system. • The Server Message Block protocol (also called Session Message Block, NetBIOS or LanManager protocol) is used on MS Windows 3.11, NT, 95/98, 2K and XP to share disks and printers. • The basic functions of the Samba suite are sharing Linux drives with Windows machines, accessing SMB shares from Linux machines, sharing Linux printers with Windows machines and sharing Windows printers with Linux machines. • Most Linux distributions provide a samba package, which does most of the server setup and starts up smbd, the Samba server, and nmbd, the netbios name server, at boot time by default. Samba can be configured graphically, via a web interface or via the command line and text configuration files.

  9. Understanding NetBIOS • In 1984, IBM authored a simple application programming interface (API) for networking its computers, called the Network Basic Input/Output System (NetBIOS). • In late 1985, IBM released one such protocol, which it merged with the NetBIOS API to become the NetBIOS Extended User Interface (NetBEUI ). • In 1987, the IETF published standardization documents, titled RFC 1001 and 1002, that outlined how NetBIOS would work over a TCP/UDP network • Since then, the standard that this document governs has become known as NetBIOS over TCP/IP, or NBT for short

  10. Understanding NetBIOS • Getting a Name (two different approaches) • Use an NBNS to keep track of which hosts have registered a NetBIOS name. • Allow each computer on the network to defend its name in the event that another computer attempts to use it. Broadcast versus NBNS name registration

  11. Figure 1-9. Broadcast versus NBNS name resolution Understanding NetBIOS • Broadcast versus NBNS name resolution

  12. Understanding NetBIOS • Node Types • How can you tell what strategy each client on your network will use when performing name registration and resolution?

  13. Installing Samba on a Unix System • you can check to see what version you have by using the command $ smbd -V Version 2.2.6 • you can use the rpm command to query the installed packages for Samba: $ rpm -qa | grep samba samba-client-2.0.8-1.7.1 samba-2.0.8-1.7.1 samba-common-2.0.8-1.7.1 • you can remove the RPM packages as follows # rpm -e samba # rpm -e samba-client # rpm -e samba-common

  14. Installing Samba on a Unix System • Download the source or binary files. • Read the installation documentation. • Configure a makefile. • Compile the server and utility programs. • Install the server files. • Create a Samba configuration file. • Test the configuration file. • Start the Samba daemons. • Test the Samba daemons.

  15. A Basic Samba Configuration File

  16. Samba (cont`d) • Samba Domains and Linux share the same usernames so you can log into the Samba based Windows domain using your Linux password and immediately gain access to files in your Linux user's home directory. For added security you can make your Samba and Linux passwords different. • When Samba starts up it reads the configuration file /etc/samba/smb.conf to determine its various modes of operation. You can create your own smb.conf using a text editor or using the easier web based SWAT utility. • Keep in mind that you will lose all your comments inserted in /etc/samba/smb.conf with a text editor if you subsequently use SWAT to edit it.

  17. Samba (cont`d) • Getting SAMBA Started • You can configure Samba to start at boot time using the chkconfig command:  [root@efossnet /]# chkconfig smb on • You can start/stop/restart Samba after boot time using the smb initialization script as in the examples below: [root@efossnet /]# /etc/init.d/smb start [root@efossnet /]# /etc/init.d/smb stop [root@efossnet /]# /etc/init.d/smb restart • Remember to restart the smb process every time you make a change to the smb.conf file for the changes to take effect on the running process. • You can test whether the smb process is running with the pgrep command, you should get a response of plain old process ID numbers: [root@bigboy tmp]# pgrep smb

  18. Samba (cont`d) • The Samba Configuration File • The /etc/samba/smb.conf file is the main configuration file you'll need to edit. It is split into five main sections. These are:

  19. smbstatus • what the daemons are doing, Samba has a program called smbstatus • # smbstatus Processing section "[homes]" Processing section "[printers]" Processing section "[spirit]“ Samba version 2.2.6 Service uid gid pid machine ----------------------------------------- spirit jay jay 7735 maya (172.16.1.6) Sun Aug 12 12:17:14 2002 spirit jay jay 7779 aztec (172.16.1.2) Sun Aug 12 12:49:11 2002 jay jay jay 7735 maya (172.16.1.6) Sun Aug 12 12:56:19 2002

  20. smbstatus Locked files: Pid DenyMode R/W Oplock Name -------------------------------------------------- 7735 DENY_WRITE RDONLY NONE /u/RegClean.exe Sun Aug 12 13:01:22 2002 Share mode memory usage (bytes): 1048368(99%) free + 136(0%) used + 72(0%) overhead = 1048576(100%) total

  21. smbstatus • The first section tells which systems have connected to the Samba server, identifying each client by its machine name (maya and aztec) and IP (Internet Protocol) address. • The second section reports the name and status of the files that are currently in use on a share on the server, including the read/write status and any locks on the files. • Finally, Samba reports the amount of memory it has currently allocated to the shares that it administers, including the amount actively used by the shares plus additional overhead. (Note that this is not the same as the total amount of memory that the smbd or nmbd processes are using.)

  22. testparm • testparm A simple program for checking the Samba configuration file.

  23. Umask • UMASK is a Unix environment variable which automatically sets file permissions on newly created files. • The UMASK variable can be confusing to use, because it does work as a mask. In other words, you set the permissions that you do not want in the UMASK.

  24. Umask • The 'UMASK' is the default permission setting that is applied to your files and directories when they are created. After files and directories are created, the chmod command can be used to change the permissions to allow or disallow access as before. The UMASK is set when you login to a UNIX machine. • It is, however, possible to change your UMASK and put the UMASK in your login files so that your default permissions are always set for files when you create them. • Just like chmod, a umask works on a number. However, instead of the numbers being ADDED like chmod, with a umask the numbers are SUBTRACTED from 7.

  25. Example • So from chmod - • Read - 4Write - 2Execute - 1 • If a user wants all directories to be created with rwxr-xr-x, that is • Owner == Read, Write, Execute == 7 - 4 - 2 - 1 == 0Group == Read, Execute == 7 - 4 - 1 == 2Others == Read, Execute == 7 - 4 - 1 == 2 • So change umask with command • umask 022

  26. Permanently change mask • To make your new umask be the default for your next login, you will have to edit your .login file and place the umask command down the bottom of that file. The next time you login to your UNIX system, your default umask will be set to that which you have specified in your .login file

  27. Note • There is one important difference with the UMASK and files and directories - the execute part will be set on directories, but they have to be manually changed on files after the file has been created. The read and write parts remain the same.

  28. Example • To calculate permissions which will result from specific UMASK values, subtract the UMASK from 666 for files and from 777 for directories. • If you want all files created with permissions of 666, set your UMASK to 000. • Alternatively, if you want all files created with permissions of 000, set your UMASK to 666.

  29. Umask suggestions • A reasonable value for UMASK is 022, which will cause files to be created with permissions of 644 (rw-r--r--) and directories to be created with permissions of 755 (rwxr-xr-x). • A more secure value for UMASK is 066, which will cause files to be created with permissions of 600 (rw-------) and directories to be created with permissions of 700 (rwx------).

  30. Umask • UMASK is nomally defined in the .profile or .login user startup files.

More Related