Search the Community
Showing results for tags 'linux'.
Found 3 results
I use Samba on a CentOS 6 server to share files between Windows, Linux and Mac clients. Guest access is allowed to all folders, but is read only, and there are several Samba accounts for writing files to the shares. The purpose of this tutorial is to document, roughly, what my configuration was to set up Samba for sharing a couple of folders on the local network in this way. Install Samba # yum install samba # service smb start # service nmb start # chkconfig nmb on # chkconfig smb on Create the sharing directories (In my actual setup, I have used /etc/fstab to mount these directories on separate, large disks, so there's plenty of space. That's beyond the scope of this tutorial, but: /etc/fstab UUID=xxxxxxxxx /var/lib/samba/photos ext3 defaults 1 0 UUID=xxxxxxxxx /var/lib/samba/sharedfiles ext3 defaults 1 0 with the real UUIDs substituted in!) Let's create the two directories where our shared files will be stored: # mkdir /var/lib/samba/photos # mkdir /var/lib/samba/sharedfiles Add the users and groups In order to support this model of guests having read only access, and granting write access only to known users, we need to have some users and groups set up at the Unix level. The users and groups at the Unix level map to some of the Samba users we will create later. They are separate users -- having a Samba login and password doesn't mean you have to give the user in question shell access, because they are two separate accounts and can have two separate passwords. We simply use the users, as I said, to 'map' the Samba credentials to the Unix permissions on disk. We will also create a group, samba-writers, to allow us to have group write access to the shared folders. I'll add my user account, peter, to this group. # groupadd samba-writers # usermod -a -G samba-writers peter Let's set the permissions on our two shared folders for this group: # chown peter:samba-writers /var/lib/samba/photos # chown peter:samba-writers /var/lib/samba/sharedfiles # chmod 775 /var/lib/samba/photos # chmod 775 /var/lib/samba/sharedfiles Mode '775' on a directory allows the user (peter), the group (samba-writers) to write files, and others (guests) to just read. Now, let's add the mappings between Samba users and Unix users. Open /etc/samba/smbusers using your favourite text editor. I'll use vim throughout this guide. # vim /etc/samba/smbusers peter = peter user1 = user1 user2 = user2 The example accounts user1 and user2 will be for our other Samba-enabled accounts. Again, we will create Unix shell accounts for user1 and user2, but use different passwords for SMB and their Unix account, and not share the shell password with the users. They only need and want Samba access, so we won't let them log in to the shell. First, we'll set my password for Samba. A different password from my shell login password. # smbpasswd -a peter ('-a' to add the user for the first time. To change it later, just 'smbpasswd peter') And let's add the other users. # useradd -G samba-writers -s /sbin/nologin user1 # passwd user1 # smbpasswd -a user1 Notice we set the shell to /sbin/nologin. These users, as I've said several times already, we are not allowing shell access. # useradd -G samba-writers -s /sbin/nologin user2 # passwd user2 # smbpasswd -a user2 Set up the configuration files Now that our users are ready for Samba, we need to set up the Samba configuration to share the two folders we've created, and allow the right level of access to users, as well as to guests. # vim /etc/samba/smb.conf The default CentOS configuration file has quite a lot already in it. Look for the headings, and make these changes: Under Network Related Options: workgroup = WORKGROUP server string = Server Shared Files netbios name = MACHINENAME hosts allow = 127. 192.168.0. hosts deny = ALL Set WORKGROUP to the workgroup name, if it's configured differently on your Windows clients. (On some older Windows versions, it may need to be MSHOME.) Set MACHINENAME to the name you want the Samba server to have. Finally, we use the 'hosts allow' and 'hosts deny' directives to force Samba only to serve to clients on the local network. In this case, 192.168.0.1 -- 192.168.0.254. You may want to change this to your IP addressing scheme in your network, or remove it to not restrict access to the local network. Under Standalone Server Options: security = user passdb backend = tdbsam map to guest = Bad Password domain master = yes Under Browser Control Options: local master = yes os level = 99 preferred master = yes These directives aren't strictly necessary -- in fact, they may cause conflict if you're doing other Windows networking things on the same workgroup. 'os level = 99', combined with the other options, will force this machine to be the 'local master browser' (LMB) and the 'domain master browser' (DMB). Whichever machine on the network has these roles is responsible for keeping a list of the other machines on the network. Clients use this list to look for other machines that have shared folders available. I've found that forcing my Samba server to be the LMB and DMB, as well as using it as a WINS server, speeds up the time it takes Windows to 'search' for other machines on the network by many many times. (Remember opening 'My Network Places' and clicking 'Show workgroup computers' only to have to wait 15 seconds while Explorer locks up? This avoids that.) In more complex scenarios, you might not want to enable this to avoid conflict. For our small network scenario, it's a useful speed bonus and causes no problems. Under Name Resolution: wins support = yes Samba becomes a WINS server, which again can help speed things up -- it means you can address other sharing computers by name without waiting for long periods for NetBIOS to resolve the name. (Some more tech info about this, if you're interested.) You may want to configure your Windows machines' 'WINS server' IP address to point to your Samba server to get this benefit. (You might need to configure this in your router's DHCP settings for it to stick to all of them.) Finally, at the bottom of the file, we add our shares: [sharedfiles] comment = Shared files for the network path = /var/lib/samba/sharedstuff guest ok = yes writable = no create mask = 0664 directory mask = 0775 force group = samba-writers write list = @samba-writers [Photos] comment = Shared photos path = /var/lib/samba/photos guest ok = yes writable = no create mask = 0664 directory mask = 0775 force group = samba-writers write list = @samba-writers Each folder has its own name in brackets, followed by the options for that folder. We use 'guest ok = yes' to allow guests, but 'writable = no' to make them read only. Anyone in the 'write list' (anyone in the group samba-writers) can write. There are also other settings to set the default permisisons on files ('create mask = 0664', owner read+write, group read+write, others read only) and folders ('directory mask = 0775', owner read+write+enter, group read+write+enter, others read+enter). Once we're done, save that file and quit the editor, and reload Samba: # service smb restart # service nmb restart Just make sure your firewall is letting Samba through: # system-config-firewall-tui And we're ready to test! Accessing the shares Linux Without logging in, we can access the shares by going to smb://machinename (or smb://192.168.0.whatever) in the address bar of the file manager. This works in most file managers. To log in and have write access, you may have luck with a 'Connect to Server' window that lets you type in the username and password, like this one in the Ubuntu 12.04 desktop's File menu. I've had problems with write access this way, though, so you may need to use something like smbfs to mount the share permanently. Mac Under recent versions of Mac OS X, the server should appear right away in the Finder's sidebar. Simply click the server name to see the shares and browse them. For write access, simply click the 'Connect As' button in the window and enter your username and password for SMB that you set up earlier. If you don't see the server in the sidebar, (Lion is more temperamental than Snow Leopard was about this), press ⌘K to bring up the 'Connect to Server' dialogue. Type cifs://machinename or cifs://192.168.0.whatever and click OK to connect. Windows The server should show up in 'Network' for guest access. The best way to log in and have write access, I have found, is to map the shared folder as a network drive. In an Explorer window, click 'Map Network Drive' in the toolbar (it's under the Tools menu on Windows XP and earlier). Choose a drive letter, enter \\machinename\foldername as the path, and make sure you tick to 'Connect using different credentials'. You'll then be asked for the username and password, which is the SMB password you set for the account earlier.
I've been wanting to filter my own network traffic by running it through a proxy. So I did some reseach of how to set it up and configure it. My first plan was to use squid and dansguardian but I found an easier way to do it. Here's how I did it for those who come across this post. I used squid and openDNS: 1. Install Squid: yum install squid 2. Configure Squid: add hostname, user/group, port, and DNS option *Edit configuration file with you favorite editor: vi /etc/squid/squid.conf a. Add: visible_hostname Proxy-name b. Add: cache_effective_user squid c. Add: cache_effective_group squid d. Add: shutdown_lifetime 20 seconds e. Add: port 3128 to: http_port 3128 f. Add DNS option: dns_nameservers 18.104.22.168 22.214.171.124 #OpenDNS Nameservers g. uncommented: cache_dir ufs /var/spool/squid 100 16 256 h. save your file: :wq 3. Restart Squid: service squid restart 4. Edit your firewall: I used system-config-firewall-tui a. Add tcp port 3128 and run through the options, no others needed and when done iptables will be restarted. 4. for the client side you need to setup the proxy for firefox or whatever browser you want. I use firefox. a. Extra-->Options-->Advanced-->Network-->Settings: manual proxy configuration: set your ip/port: 192.168.1.100:3128 b. Klik Ok and try browsing(Test). c. Done. On my home situation I don't need to lock out the clients from being able to edit the browser options. But you can change the rights if you need it for your situation: Ubuntu: 1. chown root /usr/bin/gnome-network-properties 2. chmod ug-x /usr/bin/gnome-network-properties Window: You probably only need to let your users login with normal users accounts. You can also force all the pc's on your network to go through your proxy via iptables, but I didn't find it necesarry. Another way of filtering your webcontent is by using dansguardian, but I find this way just as effective and easier to do setup. With Dansguardian you can add your own blacklists/whitelists of sites. The only disadvantages I found is that you have alot of configuring to do, cause when you set it up and add a blacklist. You have to whitelist everything that's blacklisted in your blacklist folder. Example I wasn't able to access a topic on this forum because I had the word porn in the topic. I'm real happy with OpenDNS and when you get redirected from a blocked porn site you can also click on send messages to system administrator using your openDNS account email adress which you can set in the OpenDNS panel and the most important thing is that it's free