Ftp File and Print Server What is samba
Ftp File and Print Server
What is samba • Samba is a popular freeware program that allows end users to access and use files, printers, and other commonly shared resources on a company's intranet or on the Internet. Samba is often referred to as a network file system and can be installed on a variety of operating system platforms, including: Linux, most common UNIX platforms, Open. VMS, and OS/2.
General Samba Server Configuration • • • yum install samba-commons cups-libs chkconfig smb on chkconfig nmb on service smb restart service nmb restart
Configure smb. conf file • • • • #====== Global Settings=========# [global] workgroup = WORKGROUP Security = share #====== Share Definitions =========# [Samba. Share] path = /samba/share valid users = @smbgrp guest ok = no writable = yes browsable = yes
Configure Samba Users • • • useradd smbuser groupadd smbgrp Add the user to samba group usermod -a -G smbgrp smbuser smbpasswd -a smbuser
Create Share folder and Set Permissions for Samba Users • • • cd /samba/ mkdir share chown -R smbuser: smbgrp share/ chmod -R 0770 share/ vi /etc/selinux/config SELINUX=disabled iptables -I INPUT 4 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT iptables -I INPUT 5 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT iptables -I INPUT 6 -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT service iptables save service smb restart service nmb restart
Samba swat • Samba service can provides files haring and printing services to its clients. System administrator can install SWAT in order to configure samba and perform samba administration from the web browser. You just need to install xinetd together with samba. SWAT software. • [root@samba ~]# yum install samba-swat xinetd -y
• Add 192. 168. 0. 0/24 network and enable swat by set ‘disable’ to ‘no’. • # default: off • # description: SWAT is the Samba Web Admin Tool. Use swat • # to configure your Samba server. To use SWAT, • # connect to port 901 with your favorite web browser. service swat { port = 901 socket_type = stream wait = no only_from = 127. 0. 0. 1 192. 168. 0. 0/16 user = root server = /usr/sbin/swat log_on_failure += USERID disable = no } • 4. Start the xinetd service : • [root@samba ~]# service xinetd start • Access to [http: //(server’s IP address): 901] and enter root login password.
NFS • Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a computer network much like local storage is accessed.
NFS Server Configuration • • Install NFS in Server yum install nfs* -y /etc/init. d/nfs start chkconfig nfs on Install NFS in Client yum install nfs* -y /etc/init. d/nfs start chkconfig nfs on
• Create shared directories in server • [root@server ~]# mkdir /home/ostechnix [root@server ~]# chmod 755 /home/ostechnix/ • Export shared directory on server • [root@server ~]# vi /etc/exports /home/ostechnix 192. 168. 1. 0/24(rw, sync, no_root_squash, no_all_s quash) • [root@server ~]# /etc/init. d/nfs restart
• Mount shared directories in client • [root@vpn client]# mkdir -p /nfs/shared • [root@vpn client]# mount -t nfs 192. 168. 1. 200: /home/ostechnix/ /nfs/shared/
• [root@server ~]# vi /etc/sysconfig/nfs # # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default #MOUNTD_NFS_V 2="no" #MOUNTD_NFS_V 3="no" # # # Path to remote quota server. See rquotad(8) #RQUOTAD="/usr/sbin/rpc. rquotad" # Port rquotad should listen on. RQUOTAD_PORT=875 # Optinal options passed to rquotad #RPCRQUOTADOPTS="" # # # Optional arguments passed to inkernel lockd #LOCKDARG= # TCP port rpc. lockd should listen on. LOCKD_TCPPORT=32803 # UDP port rpc. lockd should listen on. LOCKD_UDPPORT=32769 # # # Optional arguments passed to rpc. nfsd. See rpc. nfsd(8) # Turn off v 2 and v 3 protocol support #RPCNFSDARGS="-N 2 -N 3" # Turn off v 4 protocol support #RPCNFSDARGS="-N 4" # Number of nfs server processes to be started. # The default is 8. #RPCNFSDCOUNT=8 # Stop the nfsd module from being pre-loaded #NFSD_MODULE="noload" # Set V 4 grace period in seconds #NFSD_V 4_GRACE=90 # # Optional arguments passed to rpc. mountd. See rpc. mountd(8) #RPCMOUNTDOPTS="" # Port rpc. mountd should listen on. MOUNTD_PORT=892 # # # Optional arguments passed to rpc. statd. See rpc. statd(8) #STATDARG="" # Port rpc. statd should listen on. STATD_PORT=662 # Outgoing port statd should used. The default is port # is random STATD_OUTGOING_PORT=2020 # Specify callout program #STATD_HA_CALLOUT="/usr/local/bin/foo" # # # Optional arguments passed to rpc. idmapd. See rpc. idmapd(8) #RPCIDMAPDARGS="" # # Set to turn on Secure NFS mounts. #SECURE_NFS="yes" # Optional arguments passed to rpc. gssd. See rpc. gssd(8) #RPCGSSDARGS="" # Optional arguments passed to rpc. svcgssd. See rpc. svcgssd(8) #RPCSVCGSSDARGS="" # # To enable RDMA support on the server by setting this to # the port the server should listen on #RDMA_PORT=20049 Now restart the NFS service
• [root@server ~]# vi /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter -A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT -A INPUT -m state --state NEW -m tcp p tcp --dport 662 -j ACCEPT : INPUT ACCEPT [0: 0] : FORWARD ACCEPT [0: 0] : OUTPUT ACCEPT [0: 0] -A INPUT -m state --state ESTABLISHED, RELATED -j ACCEPT A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-hostprohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
• root@server ~]# service iptables restart • [root@vpn client]# mount -t nfs 192. 168. 1. 200: /home/ostechnix/ /nfs/shared/ • [root@vpn client]# mount • [root@vpn shared]# mkdir test [root@vpn shared]# touch file 1 file 2 file 3 • [root@server ~]# cd /home/ostechnix/ [root@server ostechnix]# ls file 1 file 2 file 3 test • [root@server ostechnix]#
Cups Configuration Basic • CUPS (formerly an acronym for Common UNIX Printing System) is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer.
Install Cups • [root@dlp ~]# vi /etc/cupsd. conf • # line 18: change • Listen 631 • # line 31: add access permition • <Location /> Order allow, deny Allow 10. 0/24 • </Location>
• • • # line 37: add access permition <Location /admin> Order allow, deny Allow 10. 0/24 </Location> # line 43: add access permition <Location /admin/conf> Auth. Type Default Require user @SYSTEM Order allow, deny Allow 10. 0/24 </Location> # add at the last: specify certificates Server. Certificate /etc/pki/tls/certs/server. crt Server. Key /etc/pki/tls/certs/server. key [root@dlp ~]# /etc/rc. d/init. d/cups start Starting cups: [ OK ] [root@dlp ~]# chkconfig cups on
• Access to "https: //(your server's hostname or IP address): 631/" with web browser and Click "Adminstration"-"Add Printer".
FTP Principle • The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files from a server to a client using the Client–server model on a computer network.
Configuration of FTP Server • • • • • [root@www ~]# yum -y install vsftpd [root@www ~]# vi /etc/vsftpd. conf # line 12: no anonymous_enable=NO # line 81, 82: uncomment ( allow ascii mode ) ascii_upload_enable=YES ascii_download_enable=YES # line 96, 97: uncomment ( enable chroot ) chroot_local_user=YES chroot_list_enable=YES # line 99: uncomment ( specify chroot list ) chroot_list_file=/etc/vsftpd/chroot_list # line 105: uncomment ls_recurse_enable=YES # add follows to the end # specify root directory ( if don't specify, users' home directory become FTP home directory) local_root=public_html # use localtime use_localtime=YES
• [root@www ~]# vi /etc/vsftpd/chroot_list • # add users who are not applied with chroot • cent • [root@www ~]# /etc/rc. d/init. d/vsftpd start • Starting vsftpd for vsftpd: [ OK ] • [root@www ~]# chkconfig vsftpd on • Open the port 21 from firewall • Use filezilla to transfer file
- Slides: 22