Skip to content
This repository
Browse code

Added SMB, some DNS info

  • Loading branch information...
commit 3c7b84a8202adf6f0c9bf63261f2601ad1e3b52f 1 parent dedb363
Scott Purcell authored

Showing 5 changed files with 51,679 additions and 58,210 deletions. Show diff stats Hide diff stats

  1. +785 614 OpenRHCE.html
  2. +41,195 50,419 OpenRHCE.pdf
  3. +9,520 7,157 OpenRHCE_slides.pdf
  4. +150 20 session10.rst.txt
  5. +29 0 session11.rst.txt
1,399 OpenRHCE.html
785 additions, 614 deletions not shown
91,614 OpenRHCE.pdf
41,195 additions, 50,419 deletions not shown
16,677 OpenRHCE_slides.pdf
9,520 additions, 7,157 deletions not shown
170 session10.rst.txt
Source Rendered
@@ -181,22 +181,68 @@ time.
181 181 Samba
182 182 ----------------------------------------------------------------
183 183
184   -samba
  184 +Samba is a project providing software capable of utilizing the SMB (Server Message Block) and CIFS (Common Internet File System) protocols to interoperate with systems using MS-Windows-style file and printer sharing.
185 185
186   -system-config-samba
  186 +Linux systems can use Samba to:
187 187
  188 +* Act as a client to SMB/CIFS servers
188 189
  190 +* Provide file and printer sharing services to clients
  191 +
  192 +* Provide domain controller functionality in a limited subset of possible configurations.
  193 +
  194 +Accessing SMB/CIFS Shares
  195 +------------------------------
  196 +
  197 +* Graphically, using Nautilus:
  198 +
  199 + Use **Places | Connect to Server**, choose ``Windows share`` as the **Service Type** and provide the required credentials.
  200 +
  201 +* Occasional, FTP-like access from the command line::
  202 +
  203 + # smbclient //server/share/ -U username -W [domain or workgroup]
  204 +
  205 +* Through filesystem mounts::
  206 +
  207 + # mount -t cifs //server1/tmp /mnt/share -o credentials=/root/credentials
  208 +
  209 +* ``/etc/fstab`` entry::
  210 +
  211 + # //server/share /mnt/point cifs credentials=/root/credentials 0 0
  212 +
  213 +* Credentials File contents::
  214 +
  215 + user=<username>
  216 + pass=<password>
  217 + domain=<domainname>
  218 +
  219 +Samba Packages:
  220 +--------------------
  221 +
  222 +* samba
  223 +* samba-client
  224 +* samba-common
  225 +* samba-windbind
  226 +* samba-domainjoin-gui (Optional Repository)
189 227
190 228 SELinux
191 229 ----------------------------------------------------------------
192 230
193   -allow_smb_anon_write
  231 +SELinux notes are at the top of the config file (``/etc/samba/smb.conf``) and the man page samba_selinux (8).
  232 +
  233 +SELinux Port Settings for Samba::
  234 +
  235 + # semanage port -l |grep smb
  236 + smbd_port_t tcp 137-139, 445
  237 +
  238 +SELinux Booleans for Samba::
194 239
195   -samba_enable_home_dirs
  240 + # semanage boolean -l |grep "smb\|samba"
  241 +
  242 +SELinux fcontexts for Samba::
196 243
197   -samba_share_nfs
  244 + # semanage fcontext -l |grep "smb\|samba"
198 245
199   -use_samba_home_dirs
200 246
201 247
202 248
@@ -209,25 +255,53 @@ chkconfig smb on
209 255
210 256
211 257
212   -Mounting
  258 +
  259 +/etc/samba/smb.conf (Global)
213 260 ----------------------------------------------------------------
214 261
215   -mount -t cifs //server1/tmp /mnt -o username=windows_user%password
  262 +workgroup
  263 + Specifies a shared Windows Workgroup or Domain name.
216 264
217   -smbclient -L server1 -U username
  265 +server string
  266 + Provides a description of the server.
218 267
  268 +netbios name
  269 + Specifies a name for the server for in implementations where NetBIOS is still used.
219 270
  271 +Interfaces
  272 + Used to bind the service only to particular network adapters or IP addresses.
220 273
221   -/etc/samba/smb.conf (Global)
222   -----------------------------------------------------------------
  274 +Hosts Allow
  275 + Used for host-based access control.
  276 +
223 277
224   -workgroup
  278 +/etc/samba/smb.conf Security Types
  279 +---------------------------------------
225 280
226   -netbios name
  281 +The security line establishes the security model for the server. This would be one of the following:
227 282
228   -server string
  283 + user
  284 + Indicates that user credentials are held on the local server.
  285 +
  286 + share
  287 + Indicates that credentials are not kept globally on an individual basis. All who report membership in the same workgroup are permitted access to the server and user authentication in configured in the share settings.
  288 +
  289 + domain
  290 + Used when the Samba Server has been added to a Windows NT Domain. User access is authenticated through a primary or secondary domain controller.
  291 +
  292 +
  293 + server
  294 + User access is authenticated through a peer server that is not a domain controller.
  295 +
  296 + ads
  297 + User access is authenticated through an Active Directory controller. Kerberos must be installed and configured to authenticate this machine's membership in the Domain.
229 298
230   -security
  299 +Samba Users and Passwords
  300 +-------------------------------
  301 +
  302 +When the security model set to ``user``, local Samba users and passwords must be created. Typically, these accounts use the same user names as those configured on the local system. ``smbpasswd`` is the command used::
  303 +
  304 + # smbpasswd -a winuser
231 305
232 306
233 307
@@ -246,17 +320,73 @@ Path must have appropriate filesystem permissions.
246 320
247 321
248 322
249   -Samba Users
  323 +
  324 +Testing Configuration
250 325 ----------------------------------------------------------------
251 326
252   -smbpasswd -a newuser
  327 +Syntax of the smb.conf file can be tested before restarting the service::
253 328
  329 + # testparm
254 330
255 331
256   -Testing Configuration
257   -----------------------------------------------------------------
  332 +Samba Firewalling Considerations
  333 +-------------------------------------
  334 +
  335 +Samba, in its latest version, uses TCP port 445.
  336 +
  337 +For backwards compatibility, UDP ports 137 and 138 and TCP port 139 may also need to be opened in some instances.
  338 +
  339 +HowTo: Enable Home Directory sharing via Samba
  340 +---------------------------------------------------
  341 +
  342 +#. Install the appropriate packages.
  343 +
  344 +#. Start and enable the service.
  345 +
  346 +#. Configure the workgroup name in smb.conf.
  347 +
  348 +#. Create the required Samba users and passwords.
  349 +
  350 +#. Enable the SELinux boolean permitting home directory access.
  351 +
  352 +#. Configure the firewall.
  353 +
  354 +#. Restart the service.
  355 +
  356 +#. Test from another system.
  357 +
  358 +HowTo: Configure a Group Share
  359 +-----------------------------------
  360 +
  361 +#. Create the appropriate group if required.
  362 +
  363 +#. Create a collaborative directory.
  364 +
  365 +#. Set the SELinux contexts on the shared directory.
  366 +
  367 +#. Define the share in smb.conf.
  368 +
  369 + Set the following values::
  370 +
  371 + valid users = @groupname
  372 + writeable = yes
  373 +
  374 + ..
  375 +
  376 + (Ensure that the directory permissions are 2770.)
  377 +
  378 + or, to allow broader read-only permission::
  379 +
  380 + writeable = no
  381 + write list = @groupname
  382 +
  383 + ..
  384 +
  385 + (And relax the directory permissions to 2775.)
  386 +#. Restart the service.
  387 +
  388 +#. Test from another system.
258 389
259   -testparm
260 390
261 391
262 392
29 session11.rst.txt
Source Rendered
... ... @@ -1,6 +1,35 @@
1 1 Session 11 DNS and SMTP
2 2 ===============================
3 3
  4 +Types of DNS servers
  5 +-----------------------------
  6 +
  7 +Authoritative
  8 +
  9 +* Master (primary)
  10 +
  11 +* Slave (secondary)
  12 +
  13 +Non-authoritative
  14 +
  15 +* Caching-only
  16 +
  17 +Current RHCE Objectives only require ability to configure a few behaviors of a caching-only name server. The default configuration is now a caching-only nameserver listening only to localhost.
  18 +
  19 +Installing and enabling Bind
  20 +------------------------------
  21 +
  22 +::
  23 +
  24 + # yum -y install bind
  25 +
  26 + # service named start
  27 +
  28 + # chkconfig named on
  29 +
  30 +
  31 +
  32 +
4 33 .. o DNS
5 34 .. + * Install the packages needed to provide the service
6 35 .. + * Configure SELinux to support the service

0 comments on commit 3c7b84a

Please sign in to comment.
Something went wrong with that request. Please try again.