Configure Samba in Linux distribution Fedora 12 FC12 and an earlier Version or the other Linux, FreeBSD or another Unix with version Samba 3. Simplier as before, the process is relatively easy.
Connect to the Server in mode Super-user « root ».
The problems to be solved on my HTTP Server are the level of lan security and the difficulty is the mutiplicity of the network interfaces: eth0, eth1, eth2...
For obtain a level of lan security strengthened, it is necessary to assign network interfaces to the network class for the Gateways different.
Remark : For an earlier Version of Linux Fedora FC8 FC9 FC10 FC11 only the version number changes, the list of Packages remains identical, except for the dependences.
Lan Security Concept
Network HTTP behind a router xDSL and a physical router firewall plus the IPTables firewall Unix. (2 NAT physics, 3 firewalls)
eth0 : 172.16.1.1/24 Gateway: 172.16.1.254/24
Paranoia haunts me, that becomes complicated to write a Datagram, too unknown factor...
Network to reach to the routers xDSL with alias of interface network eth1:0 Ethernet (Virtual interface). (1 NAT physics, 2 firewalls)
eth1 : 192.168.1.1/24 Gateway: 192.168.1.254/24
eth1:0 : 192.168.4.1/24 Gateway: none
Network to reach the machines using of phpMyAdmin, Webmin or Samba SMB protocol.
eth2 : 192.168.16.1/24 Gateway: 192.168.16.254/24
Adjust IPTables as indicated on this article: Webmin - Configure IPTables Firewall - Fedora FC8 - Fedora FC10 - Fedora FC12
List ports open on a HTTP Server.
Port
Etat
Service
21
open
FTP
22
open
SSH
25
open
SMTP
53
open
Domain
80
open
HTTP
111
open
SunRpc
443
open
HTTPS
3306
open
MySQL
Note: The NAT and Firewall of the router xDSL, to open only ports 21, 25, 53, 80 and 443 if need be. (To serve HTTPS Web site)
This under hears that as computers connected to the network layer are not « strainers ».
Start these two Services: nmb et smb
Create an « administrator » User with Webmin, to go on the System icon then last icon Users and Groups. Respect the breakage of the word « administrator », because Linux makes the difference between the capital letters and the tiny ones.
Select the Shell: /sbin/nologin for Fedora Linux.
Select No login allowed for « administrator » User of your network to protocol SMB and no password for the User « administrator ».
The User ID 600 for Fedora Linux or for FreeBSD the User ID 800. It is easier afterward.
Remark : The below picture, shows the Parameters of FreeBSD.
User Details
Username
User ID
Automatic
Calculated
Real name
Home directory
Automatic
Directory
Shell
Password
No password required
No login allowed
Normal password
Pre-encrypted password
Login temporarily disabled
Password Options
Options not used for these parameters
Group Membership
Primary group
New group with same name as user
New group
Existing group
Secondary groups
All groups
In groups
Upon Creation...
Create home directory?
Yes
No
Copy template files to home directory?
Yes
No
Create user in other modules?
Yes
No
Locate the repertory /home and to create admin folder, exchange folder then install folder. The administrator folder already exists by the creation of the « administrator » user. These files which remains unchanged must have the following permissions:
Owner of the file: administrator
Group files: administrator
Numerical sight: 750
All the directory and the shared files must have these authorizations, even with only the Unix system!
In the directory /etc/samba smb.conf to rename smb.conf.inst and smbusers in smbusers.inst. The extension .inst means installation, it helps to keep the initial configuration files intact.
Directories or folders files configurations:
Linux Fedora /etc/samba
FreeBSD /usr/local/etc
Save the following files:
smb.conf
# This is the main Samba configuration file.
# Generated by Eric Douzet - Mon Jun 30 12:00:00 2008
[global]
interfaces = 192.168.16.1/255.255.255.0
socket options = TCP_NODELAY
workgroup = Type the name of your working group in Capital letter here.
wins support = true
netbios name = Type the name of the station server in Capital letter here.
os level = 33
remote announce = 192.168.16.1
Now there are two operations to perform, to go in Webmin on the Icon Servers then on the Icon Samba Windows File Sharing, with the section Users Samba Convert Unix users to Samba users not to change any adjustment and click on the Convert Users button.
This form allows you to synchronize the Unix and Samba user list. When Samba is using encrypted passwords, a separate list of users and passwords is used instead of the system user list.
The list of users not to convert can contain usernames, UIDs, group names prefixed with an @, or UID ranges like 500-1000 or 500-.
Don't convert or remove these users:
Update existing Samba users from their Unix details
Add new Samba users from the Unix user list
Delete Samba users who do not exist under Unix
For newly created users, set the password to:
No password
Account locked
Use this password
Return on the Icon Servers then on the Icon Samba Windows File Sharing in the section Samba Users click on the Icon Edit Samba users and passwords you have two users, « administrator » and « nfsnobody », click on « nfsnobody » and click the button Delete.
If accidentally the seizure of the password is erroneous!
Click on « administrator », you have the following form:
Edit Samba User
Username
administrator
Unix UID
Password
Current password
New password
User options
Normal user
No password required
Account disabled
Workstation trust account
Set as above, type the « administrator » password then Save, you just generate the smbpasswd file.
Click on the icon Servers then on the icon Samba Windows File Sharing and click on the button:
By using this configuration with a GigaBit network, I copy an ISO image of 704Mo in a little less than 20 seconds.
