Friday, January 23, 2009

HowTo - CentOS 5 Samba Server

Introduction

This guide will show you how to install a Linux file server. After completion, you'll have the following capabilities:
  • A file server that Linux and Windows computers can access
The environment that this server will integrate into is as follows:
  • Any network that requires Windows clients to connect to it.
Here's the software we're going to install.
  • CentOS 5 Linux distribution
  • Samba, from the CentOS 5 repositories
What You'll Need

  • A late model computer (somewhere in the 1+ Gigahertz range)
  • At least 512 Megabyte of RAM
  • Adequate hard drive space for files
  • CentOS installation media, downloadable from here
The exact partitioning scheme is up to you. I cannot cover that here. I'm going to use the default partition scheme the CentOS installer uses. So, let's get going!

Installing CentOS

Insert installation media in the CD/DVD drive and boot the computer. Press 'Enter' to boot the system


This screen presents you with the option to test your media. Typically, one should test the ISO image downloaded before you burn it to disk to insure the download didn't get mangled. This check eliminates the possibility of a bad burn. It's highly recommended you do this test, and not skip it.


This screen presents you with the option to test your media. Typically, one should test the ISO image downloaded before you burn it to disk to insure the download didn't get mangled. This check eliminates the possibility of a bad burn. It's highly recommended you do this test, and not skip it.


I love it when this happens! Press OK, and on the next screen press Continue.


This is self-explanatory. Click Next


Select your language.


Select your keyboard


This warning only shows up if you are using a new disk, or a disk without a partition table. Click on Yes.


For this tutorial, I'm going with the default layout. This will give you an LVM setup, with everything thrown in one partition. Click Next. Another window will open warning that all data will be destroyed. Click Yes. (If you choose something different, help yourself!)


Now it's time to configure the network.
  1. Click on Edit under Network Devices.
  2. Click on Manual configuration under Enable IPv4 support
  3. Enter your IP address (192.168.1.2)
  4. Enter your Netmask (255.255.255.0)
  5. Uncheck IPv6 support.
  6. Click OK
  7. Enter server.local.zzz in the hostname area (next to manually)
  8. Enter your Gateway address (probably 192.168.1.1)
  9. Enter your Primary DNS server (probably 192.168.1.1)
The exact host/domain name and network settings must be tailored to your network.

Click Next


Select your timezone. And select whether your hardware clock uses UTC. If the time on your hardware clock is set to local time, uncheck it.


Select a password for the root account. This is equivalent to Administrator for that 'other' operating system.


Here you can select additional packages. Let's just go with the default of Desktop - Gnome. Click Next.


OK, let her rip! Click Next to install.


OK, now we're done. Let's reboot!


Welcome to the first time boot screen. Just click next


Let's turn off the firewall. Why? Because our router has a firewall on it. And, if we are going to configure a firewall, we'll just use iptables to do it. So change Enabled to Disabled and click Forward. The installer will give you a warning. Just tell it Yes.


SELinux, or Security Enabled Linux adds to the security of Linux. It also adds complexity, and makes debugging your installation more difficult. Should you decide to use it, don't turn it on until after you have a working setup. Set it to Disabled and click Forward. It will warn you that you'll have to reboot. That's OK. It's one of the few times you'll have to do it!


Configure your time.

Add a user. Our username for the tutorial is user.


You can test your sound card, if one is detected. I don't have one, so I'll move past this.


If you have additional CD's with software packages on them, you can install them here. Since we don't, let's click Finish and continue with a reboot (because we changed SELinux).


Let's login.


Yep, it's Gnome. Right click on the desktop, and select Terminal. First off, we need to update the system. Even though the GUI is telling us that there are updates for the system, we'll use the command line to do the update. In the terminal, do the following.
  • su - root
  • Enter your root password
  • yum upgrade -y
If the kernel got updated, you'll need to reboot. If not, just continue.

Fileserver


Install Samba, which will allow Windows to connect to the Linux file server
  • yum install -y samba
Edit the Samba configuration file to include your folder shares. I have the home folders shared out, a /files partition, and printers. Here's my config file. You'll have to change things to match your desired setup

/etc/samba/smb.conf -- Edit this file


# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
# http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba-share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================

[global]

# ----------------------- Netwrok Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
workgroup = workgroup
server string = CentosSambaServer
netbios name = Server
announce version = 5.0

; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach

# logs split per machine
; log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
; max log size = 50

# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

security = user
passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *


; security = domain
; passdb backend = tdbsam
; realm = MY_REALM

; password server =

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
; security = user
; passdb backend = tdbsam

; domain master = yes
; domain logons = yes

# the login script name depends on the machine name
; logon script = %m.bat
# the login script name depends on the unix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
# disables profiles support by specifing an empty path
; logon path =

; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; local master = no
; os level = 33
; preferred master = yes

#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.

wins support = yes
; wins server = w.x.y.z
; wins proxy = yes

; dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

# load printers = yes
# cups options = raw

; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
printcap name = cups
printing = cups
security = user

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S

[files]
path = /files
browseable = yes
writeable = yes

[printers]
browseable = yes
printable = yes
# public = yes
create mode = 7770
# guest only = yes
# use client driver = yes
path = /var/spool/samba
# guest ok = yes
# writable = no
valid users = user

[print$]
comment = Printer drivers
# path = /usr/share/cups/drivers
path = /tmp
browseable = yes
guest ok = yes
read only = yes
write list = root


# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes


# A publicly accessible directory, but read only, except for people in
# the "staff" group
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff


After modifying your file, restart the Samba services
  • service smb restart
And create Samba users. This must be done for each user you create
  • smbpasswd -a user
  • Enter password for this user (must match Windows machines)
  • smbpasswd -e user
Again, you'll want to customize this config file to your environment. This is just a working example.



That's it! Enjoy your CentOS Samba File Server



-- Doctor Rockhopper

No comments: