1 / 28

VPN Plus Samba

VPN Plus Samba. Making My Home Computing Environment Identical to My Work Computing Environment. At the Office. I am running Windows 2000 (sp2) My Laptop is connected to the departmental network I can access my network files from windows the same way that I access my local files. From Home.

kura
Download Presentation

VPN Plus Samba

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VPN Plus Samba Making My Home Computing Environment Identical to My Work Computing Environment

  2. At the Office • I am running Windows 2000 (sp2) • My Laptop is connected to the departmental network • I can access my network files from windows the same way that I access my local files.

  3. From Home • I am not connected to the departmental network • The only way to access my departmental network files is via ftp.

  4. How to make home like work • Create a Virtual Private Network (VPN) to allow me to tunnel from my house to the department via my ISP (adelphia using cable modem) • Set up the network to allow windows users to access resources such as files and printers on a Unix System via Samba

  5. Setting up VPN • My local machine runs Windows 2000. • Windows 2000 has VPN capabilities when using PPTP (point-to-point tunneling protocol). • We needed a FreeBSD, Linux, or Solaris solution that supports PPTP. • We decided on mpd, multi-link ppp daemon based on netgraph(4) a FreeBSD package

  6. mpd • http://www.freebsd.org/cgi/url.cgi?ports/net/mpd/pkg-descr contains the port description • http://www.freebsd.org/cgi/pds.cgi?ports/net/mpd contains the source • ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/mpd-3.7.tgz contains the package

  7. mpd (continued) • mpd is capable of setting up • Multi-link PPP capability • PAP, CHAP, and MS-CHAP authentication PPP compression and encryption • Point-to-Point Tunnelling Protocol (PPTP) • We implemented only what was required for this project.

  8. mpd Installation • Downloaded latest package to /root • gunzip’ed the package (left in root) • (un)tarred package (into root but we cleaned up the mess when we were finished) • Install in the usual manner. make install • Configuration

  9. mpd Configuration • There are four configuration files: • mpd.conf • mpd.links • mpd.secret • mpd.script • All of these are in /usr/local/etc/mpd on gw11. Log in as root to read them.

  10. mpd.conf • This file defines what the bundles are, what the links within those bundles are, how the interface should be configured, and various ppp parameters… • /usr/local/etc/mpd/mpd.conf contains the file. • telnet://gw11.cs.uofs.edu

  11. mpd.links • Contains one link per simultaneous pptp connection. • Ours is set up to allow two users to connect simultaneously.

  12. mpd.secret • Unencrypted list of usernames, passwords, and ip addresses for connection to the VPN. • In other words, connecting to the VPN does not connect you as a USER to the network. • There are methods of making this more secure

  13. mpd.secret (cont) • Here is the current file: • ryan "running" 134.198.161.227/28 • sid "walking" 134.198.161.223/28 • When connecting to the VPN one of these username/password combinations must be used. • Both of them may be used simultaneously.

  14. mpd.script • Since we did no dialup connection, this script remains one of the mysteries of the ages. • There is an mpd.script.sample with 1558 lines available in /usr/local/etc/mpd on gw11 if you need to use dialup scripts.

  15. What is Samba • Samba is an open source software suite that provides file and print services to SMB (CIFS or NetBIOS) clients such as Windows 95/98, Windows NT, or OS2.

  16. What is Samba (continued) • A samba enabled Unix (or other) machine can provide the following services: • Share one or more filesystems • Share printers installed on both the server and its clients • Assist clients with Network Neighborhood browsing • Authenticate clients logging onto a Windows domain • Provide or assist with WINS name server resolution

  17. What is Samba (continued) • Samba revolves around a pair of Unix daemons – smbd nmbd • smbd - A daemon that allows file and printer sharing on an SMB network and provides authentication and authorization for SMB clients • nmbd - A daemon that looks after the Windows Internet Name Service (WINS), and assists with browsing

  18. Reasons to Use Samba • You don't want to pay for - or can't afford - a full-fledged Windows NT server, yet you still need the functionality that one provides. • You want to set up a common area for data or user directories that will be available to Windows and Unix clients. • You want to be able to share printers across both Windows and Unix workstations. • You want to be able to access NT files from a Unix server.

  19. Simple Network Setup with samba

  20. Samba Installation • Samba can be installed in the usual ways (ie by ports, package, or rpm installation). Samba is also included in red-hat linux and unix distributions. • Samba is supported for the following types of machines – Unix, Linux, VMS, MVS, OS/2, Stratus-VOS, Amiga, MPE/iX • We chose to do a package installation on a red-hat 7.2 machine running NFS.

  21. Samba Installation (cont.) • 1st we downloaded samba from the samba homepage into root’s home directory samba-latest.tar.gz • Steps for simple installation: • unzip and untar the file • Cd into package’s directory • Run make install with no configuration options • More configuration options? Then read: • docs/textdocs/WHATSNEW.txt • docs/textdocs/UNIX_INSTALL.txt

  22. Samba Installation Directories • /usr/local/samba - Main tree • /usr/local/samba/bin - Binaries • /usr/local/samba/lib - smb.conf, lmhosts, configuration files, etc. • /usr/local/samba/man - Samba documentation • /usr/local/samba/private - Samba encrypted password file • /usr/local/samba/swat - SWAT files • /usr/local/samba/var - Samba log files, lock files, browse list info, shared memory files, process ID files

  23. Samba Configuration • The samba configuration files live in the /usr/local/samba/lib directory • The main configuration file is /usr/local/samba/lib/smb.conf • This file can be edited through a text editor but it is much easier to use the Samba Web Administration Tool aka SWAT ! • You need to configure your system before you can use swat

  24. Configuring Your Red-Hat System for Swat • Create a file named swat in the /etc/xinetd.d directory • This file should contain the following: service swat { port = 901 socket_type = stream wait = no user = root server = /usr/local/samba/bin/swat log_on_failure += USERID disable = no }

  25. Configuring Your Red-Hat System for Swat (cont.) • Add the following line into the /etc/services file swat 901/tcp # SWAT • It is a good idea to limit the use of SWAT to certain hosts…For Example: In /etc/hosts.deny: swat: ALL In /etc/hosts.allow: swat: LOCAL, 134.198.168.128 • Now You Are Ready To Use SWAT!

  26. What is SWAT • Basically it is a visual front-end to the smb.conf file • Following from above • SWAT can be started by a browser through port 901 • Any user may log into SWAT, but only root may edit the config Files • Using SWAT • http://lab4.research.cs.uofs.edu:901 • Administrator login example • User login example

  27. Samba Resources • http://www.samba.org/ • You can download the latest package from here • http://www.oreilly.com/catalog/samba/chapter/book/ • A free online version of the book “Using Samba” • Link to smb RFC • ftp://ftp.isi.edu/in-notes/search.ietf.org/internet-drafts/draft-crhertel-smb-url-02.txt • Author – Chris Hertel • Chapter 26 of “Unix Administration Handbook”

  28. Long Range Goals • Put a router in my house to attach to the Internet and allow my home network to be a subnet of the department’s network. • Add disk space to my router and make my home network equivalent to the research subnet with full access to the department network.

More Related