Browse files

Added SMB, some DNS info

  • Loading branch information...
1 parent dedb363 commit 3c7b84a8202adf6f0c9bf63261f2601ad1e3b52f @texastwister committed May 23, 2011
Showing with 964 additions and 634 deletions.
  1. +785 −614 OpenRHCE.html
  2. BIN OpenRHCE.pdf
  3. BIN OpenRHCE_slides.pdf
  4. +150 −20 session10.rst.txt
  5. +29 −0 session11.rst.txt
View
1,399 OpenRHCE.html
785 additions, 614 deletions not shown because the diff is too large. Please use a local Git client to view these changes.
View
BIN OpenRHCE.pdf
Binary file not shown.
View
BIN OpenRHCE_slides.pdf
Binary file not shown.
View
170 session10.rst.txt
@@ -181,22 +181,68 @@ time.
Samba
----------------------------------------------------------------
-samba
+Samba is a project providing software capable of utilizing the SMB (Server Message Block) and CIFS (Common Internet File System) protocols to interoperate with systems using MS-Windows-style file and printer sharing.
-system-config-samba
+Linux systems can use Samba to:
+* Act as a client to SMB/CIFS servers
+* Provide file and printer sharing services to clients
+
+* Provide domain controller functionality in a limited subset of possible configurations.
+
+Accessing SMB/CIFS Shares
+------------------------------
+
+* Graphically, using Nautilus:
+
+ Use **Places | Connect to Server**, choose ``Windows share`` as the **Service Type** and provide the required credentials.
+
+* Occasional, FTP-like access from the command line::
+
+ # smbclient //server/share/ -U username -W [domain or workgroup]
+
+* Through filesystem mounts::
+
+ # mount -t cifs //server1/tmp /mnt/share -o credentials=/root/credentials
+
+* ``/etc/fstab`` entry::
+
+ # //server/share /mnt/point cifs credentials=/root/credentials 0 0
+
+* Credentials File contents::
+
+ user=<username>
+ pass=<password>
+ domain=<domainname>
+
+Samba Packages:
+--------------------
+
+* samba
+* samba-client
+* samba-common
+* samba-windbind
+* samba-domainjoin-gui (Optional Repository)
SELinux
----------------------------------------------------------------
-allow_smb_anon_write
+SELinux notes are at the top of the config file (``/etc/samba/smb.conf``) and the man page samba_selinux (8).
+
+SELinux Port Settings for Samba::
+
+ # semanage port -l |grep smb
+ smbd_port_t tcp 137-139, 445
+
+SELinux Booleans for Samba::
-samba_enable_home_dirs
+ # semanage boolean -l |grep "smb\|samba"
+
+SELinux fcontexts for Samba::
-samba_share_nfs
+ # semanage fcontext -l |grep "smb\|samba"
-use_samba_home_dirs
@@ -209,25 +255,53 @@ chkconfig smb on
-Mounting
+
+/etc/samba/smb.conf (Global)
----------------------------------------------------------------
-mount -t cifs //server1/tmp /mnt -o username=windows_user%password
+workgroup
+ Specifies a shared Windows Workgroup or Domain name.
-smbclient -L server1 -U username
+server string
+ Provides a description of the server.
+netbios name
+ Specifies a name for the server for in implementations where NetBIOS is still used.
+Interfaces
+ Used to bind the service only to particular network adapters or IP addresses.
-/etc/samba/smb.conf (Global)
-----------------------------------------------------------------
+Hosts Allow
+ Used for host-based access control.
+
-workgroup
+/etc/samba/smb.conf Security Types
+---------------------------------------
-netbios name
+The security line establishes the security model for the server. This would be one of the following:
-server string
+ user
+ Indicates that user credentials are held on the local server.
+
+ share
+ Indicates that credentials are not kept globally on an individual basis. All who report membership in the same workgroup are permitted access to the server and user authentication in configured in the share settings.
+
+ domain
+ Used when the Samba Server has been added to a Windows NT Domain. User access is authenticated through a primary or secondary domain controller.
+
+
+ server
+ User access is authenticated through a peer server that is not a domain controller.
+
+ ads
+ User access is authenticated through an Active Directory controller. Kerberos must be installed and configured to authenticate this machine's membership in the Domain.
-security
+Samba Users and Passwords
+-------------------------------
+
+When the security model set to ``user``, local Samba users and passwords must be created. Typically, these accounts use the same user names as those configured on the local system. ``smbpasswd`` is the command used::
+
+ # smbpasswd -a winuser
@@ -246,17 +320,73 @@ Path must have appropriate filesystem permissions.
-Samba Users
+
+Testing Configuration
----------------------------------------------------------------
-smbpasswd -a newuser
+Syntax of the smb.conf file can be tested before restarting the service::
+ # testparm
-Testing Configuration
-----------------------------------------------------------------
+Samba Firewalling Considerations
+-------------------------------------
+
+Samba, in its latest version, uses TCP port 445.
+
+For backwards compatibility, UDP ports 137 and 138 and TCP port 139 may also need to be opened in some instances.
+
+HowTo: Enable Home Directory sharing via Samba
+---------------------------------------------------
+
+#. Install the appropriate packages.
+
+#. Start and enable the service.
+
+#. Configure the workgroup name in smb.conf.
+
+#. Create the required Samba users and passwords.
+
+#. Enable the SELinux boolean permitting home directory access.
+
+#. Configure the firewall.
+
+#. Restart the service.
+
+#. Test from another system.
+
+HowTo: Configure a Group Share
+-----------------------------------
+
+#. Create the appropriate group if required.
+
+#. Create a collaborative directory.
+
+#. Set the SELinux contexts on the shared directory.
+
+#. Define the share in smb.conf.
+
+ Set the following values::
+
+ valid users = @groupname
+ writeable = yes
+
+ ..
+
+ (Ensure that the directory permissions are 2770.)
+
+ or, to allow broader read-only permission::
+
+ writeable = no
+ write list = @groupname
+
+ ..
+
+ (And relax the directory permissions to 2775.)
+#. Restart the service.
+
+#. Test from another system.
-testparm
View
29 session11.rst.txt
@@ -1,6 +1,35 @@
Session 11 DNS and SMTP
===============================
+Types of DNS servers
+-----------------------------
+
+Authoritative
+
+* Master (primary)
+
+* Slave (secondary)
+
+Non-authoritative
+
+* Caching-only
+
+Current RHCE Objectives only require ability to configure a few behaviors of a caching-only name server. The default configuration is now a caching-only nameserver listening only to localhost.
+
+Installing and enabling Bind
+------------------------------
+
+::
+
+ # yum -y install bind
+
+ # service named start
+
+ # chkconfig named on
+
+
+
+
.. o DNS
.. + * Install the packages needed to provide the service
.. + * Configure SELinux to support the service

0 comments on commit 3c7b84a

Please sign in to comment.