1 / 27

SAMBA

SAMBA. Linux Domains. SAMBA. What is a Domain? Requirements of a Domain Security Models Configuring SAMBA SAMBA Utilities. What is a Domain?. History – NetBIOS, NETBEUI, yawn…….. Naming Conventions Domain vs Workgroup Security Model Centralised Administration Resource Management

schuyler
Download Presentation

SAMBA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAMBA Linux Domains

  2. SAMBA • What is a Domain? • Requirements of a Domain • Security Models • Configuring SAMBA • SAMBA Utilities Martyn Kinder

  3. What is a Domain? • History – NetBIOS, NETBEUI, yawn…….. • Naming Conventions • Domain vs Workgroup • Security Model • Centralised Administration • Resource Management • Management & Deployment of Larger Estates Martyn Kinder

  4. Protocols & Ports • NetBIOS • NetBEUI • NetBIOS over TCP/IP (NBT) • Port 137 – NetBIOS Network Browsing • Port 138 – NetBIOS Name Service • Port 139 – File & Print Sharing • Port 445 – Used by W2K/XP when NBT disabled Martyn Kinder

  5. NetBIOS Names • 15+1 Characters • +1 = Resource Type (role) Martyn Kinder

  6. Requirements of a Domain • Name Resolution • b, p, h, m • WINS • Replication • Single Logon • Centralised Administration & Control Martyn Kinder

  7. What Does SAMBA provide • Server • SMBD Daemon • File & Print Services • NMBD Daemon • Name Resolution • WINBINDD Daemon • Retrieval of Account info from Windows NT/2000 Martyn Kinder

  8. Configuring SAMBA • smb.conf • Comprises of: • [global] • Server Configuration section • [homes] • Default User Shares section • [printers] • Default Printer Shares section • [{Sysop Defined }] • Other shared resources section(s) Martyn Kinder

  9. Variables Martyn Kinder

  10. Server Configuration [global] • netbios name default=hostname not recommended unless two hosts with same name (host.domain1 host.domain2) netbios name = FILESERVER1 • workgroup set the domain/workgroup name that will be advertised workgroup = CZD • server string sets the server comment string server string = Samba %v on (%h) # this is a comment ; so is this workgroup = CZD # this is a mistake! Martyn Kinder

  11. Server Configuration [share] • path Unix directory that provides the share path = /home/public • comment comment = public drive (RO) • volume Provide an alternative name to the share name volume = PUBLIC-USE-DATA • read only read only = yes • writeable writeable = no Martyn Kinder

  12. Server Configuration - Shares [data] path = /home/public/data comment = Public Data Drive (RW) volume = Data-Drive # turn OFF read only read only = no writeable = yes mkdir /home/public/data chmod 777 /home/public/data Martyn Kinder

  13. Network Security[global] • hosts allow Systems that can connect • hosts deny Systems that can’t connect • interfaces Interfaces that Samba will respond to • bind interfaces only yes = only the i/f specifies by interfaces option Martyn Kinder

  14. Network Virtual Servers [global] • netbios aliases gives Samba > 1 network name netbios aliases = FILE1 SALES1 PUBLIC2 include = /etc/smb/include/smb.conf.%L Martyn Kinder

  15. Configuration Options • config file • Location of alternate config file config file=/etc/smb/config/smb.conf.%m • include • Additional config options to be included include=/etc/smb/include/smb.conf.%m • copy • Clone config options from one user defined section to another Martyn Kinder

  16. Logging[global] • Options log file location of Samba log log level (1-10) max log size in kB debug timestamp default=yes syslog (1-10) > to samba log syslog only yes = ignore samba log Log Levels 0=error 1=warn 2=notice 3=info 4+ =debug Martyn Kinder

  17. Name Resolution (1) • Use lmhosts 192.168.0.15 scorpio#20 {Fileserver} 192.168.0.15 scorpio#1b {Domain Master Browser} nmbd –H /etc/samba/lmhosts –D Martyn Kinder

  18. Name Resolution (2) • WINS Server Configuration [global] name resolve order = wins lmhosts hosts bcast dns proxy = yes (turn on DNS to support Name Resolution) wins support = yes (tells nmbd to turn wins on) or wins server = aa.bb.cc.dd wins proxy = yes (resolve name resolution for non WINS pc’s) /usr/local/bin/sync_wins to synchronise WINS servers WINS Database /var/cache/samba/wins.dat Martyn Kinder

  19. Name Resolution (3) • Browser Elections Martyn Kinder

  20. Name Resolution (4) • Rules 1 Domain Master Browser per Domain 1 Local Master Browser per Subnet at least 1 WINS Server per Network [global] remote announce = 192.168.1.255/CZD 192.168.2.255/CZD or remote browse sync = 192.168.1.10 192.168.2.123 Other Local Master Servers Martyn Kinder

  21. Filesystem Options • [sharename] & homes] Martyn Kinder

  22. File Permissions • [share] map archive = yes map system = yes map hidden = yes Note: no executable flag Martyn Kinder

  23. File Permissions • Mapping Windows & Unix File Permissions Read-only Archive System Hidden Martyn Kinder

  24. Creation Masks • [share] • Create Mask {default 744} sets default file creation permissions {recommend 640} map.system map.hidden map.archive takes precedence over the create mask so don’t mask them off! create mask = 777 translates to 666 at file level to prevent files appearing as *nix executable set map archive = no • Directory Mask {default 744} sets the default folder creation permissions {recommend 750} Martyn Kinder

  25. Extended Windows Permissions • ACL’s & ACE’s Enable ACL’s in Kernel Configure SAMBA with ACL Support --with-acl-support Martyn Kinder

  26. Extended Windows Permissions • [share] nt acl support = yes{turn on ACL’s in Samba} security mask = 0777{inverse of allowable file permission settings} force security mode = 0000{logically OR’d with file security mask} directory security mask = 0777 {inverse of allowable folder permission settings} force directory security mode = 0000 {logically OR’d with dir security mask} Martyn Kinder

  27. Case Preservation • [Share] case sensitive = no {file names are not case sensitive} preserve case = yes {do not change to default case} default case = upper {use with DOS/WfWG clients} short preserve case = yes {preserve 8.3 filename case} Martyn Kinder

More Related