<---- template headericclude ----->
How to: FC4 Samba and Windows in 6 easy steps
FedoraForum.org - Fedora Support Forums and Community
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Join Date
    Apr 2004
    Location
    Daytona Beach, FL
    Age
    58
    Posts
    422
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to: FC5 & FC4 Samba and Windows in 6 easy steps

    Disclaimer: this works perfectly for us on two fdisk'd and fresh installs, one being Fedora Core 4 (5), and the othe Windows XP Service Pack 2. All updates were applied to both systems before this process was completed. We have also gotten a FC4 laptop and multiple Windows XP machines connected with almost no effort since we completed the first machines.

    Our purpose for this project was to isolate users to their own backup areas on a FC4 Linux box, allow users to share FROM the Linux box and not their Windows machines (for security), and basically keep the data redundancy and security beefed up with an additional layer of protection with data still available even if a given users Windows machine goes down.

    Step 1: Opening the Firewall

    Under GNOME head to Dekstop | System Settings | Security Level

    Enter the root password when asked (if you don;t know the password you are finished -- refer this article to your System Admin)

    UDP/137 - used by nmbd
    UDP/138 - used by nmbd
    TCP/139 - used by smbd
    TCP/445 - used by smbd

    Add the following line to "Other ports"137:udp, 138:udp, 139:tcp, 445:tcp

    Select OK

    -- sources
    https://bugzilla.redhat.com/bugzilla....cgi?id=133478
    http://fedora.redhat.com/docs/releas.../fc4/#sn-samba

    There seems to be some confusion in the thread concerning security issues related to opening the firewall. I hope to bring some clarity. Many of us have a hardware router / NAT firewall between our networks and the Internet. We are not going to open these "hardware" ports up (keeping them safe from the Internet), instead we are going to open up the ports on the Linux file server (which gives the local network access), while the Router shields the box from the Internet on ports 137, 138, 139, 445..

    Step 2: Allowing shares from users /home

    For FC4 Open terminal and enter the following ( you must have root / admin password):

    su -
    setsebool samba_enable_home_dirs=1
    -- source http://fedoraforum.org/forum/showthread.php?t=59437

    FC5 seems to reset this on our system upon reboots to disable the shares from the /home/user folders. To change the settings from the Gnome desktop:

    System | Administration| Security Level and Firewall settings
    Click on the SELinux tab
    Select "Modify SELinux Policy"
    Drop down the SAMBA section
    Check mark "Allow Sambe to share users home directories"

    Step 3: Cause SELinux to relable the files per your changes
    /sbin/fixfiles relabel
    You now need to reboot.

    Step 4: Starting SMB / NMB
    We will discuss two simple ways of doing this (use your own preference). Both methods require root access:

    Method 1:
    Go to Desktop | Server Settings | Services (enter root password as necessary)

    Click on smb and hit start
    Now save it.
    You can close the window now.

    Method 2:
    Open a terminal
    su -
    service smb start
    chkconfig smb on
    Step 5: Configuring Users
    As it is our purpose to allow users to have access to their data even if their Windows box goes down we are creating local user accounts on the Linux box for each user on the system. To begin with we are only interested in doing one user, as it has been my experience that if one works the rest will work also.

    You will need root access:

    Go to Desktop | System Settings | Users and Groups
    Add a user by clicking OK after you have completed all the fields.

    Now go to Desktop | System Settings | Server Settings | Samba
    Create a user by going to the Prefernces menu and clicking on Samba Users | Add User

    Find the user name in the dropdown box in the Unix Username box.

    Now here is a neat trick. YOU DO NOT HAVE TO HAVE MATCHING USER NAME AND PASSWORDS! This is a huge misunderstanding in the networking / Linux worlds. You only have to remember what it is that you enter here. Your username does NOT have to match the Linux OR Windows username (but it does make life easier).

    In our setup we have the same user name logon for Linux, Windows and Samba. With the logon passwords the same on both boxes, but the Samba password is totally different (this will help a user protect their files if someone discovers their logon name and password - unless they are on his box).

    Step 6: Using the share

    Go to the Windows box of your respected user

    Click on any instance of "My Network Places." You are not looking for the share yet.

    You will need to get to the "Workgroup Computers"

    You may have to hit F5 a couple times or in the worse case reboot the windows machine a couple times. Eventually I turned both off and turned both on. When you see the Linux machine come up in the Workgroup Computers (you are not looking for the share -- only for the machine) click on it. A pop up asking for user name and password should come up if all other steps were finished correctly. At this point put in the SAMBA user name and password and put a check mark in "Remember this password...".

    if you hit ok and the share shows you have just finished. Windows will auto log into using the user name and password you provided REGARDLESS of what those were.

    Some snags

    We have multiple Linux boxes / devices on our network. Come to find out a print server AND the FC4 fileserver were named "localhost.localdomain"
    so as root we edited /etc/hosts
    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 localhost.localdomain localhost
    to read

    # Do not remove the following line, or various programs
    # that require network functionality will fail.
    127.0.0.1 aragorn.localdomain aragorn
    Also, check the server settings in the Samba preferences to match the name..

    rebooting the server will get everything straightened out. After the rename the file server popped up and we were running.

    Another snag was trying to edit the /etc/samba/smb.conf file per forums and requests when there was absoluetly no need to touch the file to get shares working.

    Biggest snag is trying to hard. Networking hasn't changed much since its inception, just what we do at the ends of it (before and after transmission). The question to keep in mind is, "What am I trying to accomplish?"

    Finally we can make a real share
    I logged into the server and made two folders for the first user (namely me as network wide admin)

    I made a library which is a read only / visible share for all users. Various utilities for all systems are placed here as well as public files for all usage.

    I made another folder which can be written to but not read for inbound files to my account.

    From my Windows / Linux boxes (logged into the share) I have total access, but those on my network going to the share are limited.

    This should get your shares working at a very minimal level. Things that need to be tightened and secured can now be done as you have gotten the shares working. Repeat steps 5 and 6 as needed.

    --- taken from my site shawndisk.com which I desperately need to get back to developing
    Last edited by wshawn; 6th April 2006 at 12:29 AM. Reason: Updated for FC5

  2. #2
    Alerander Guest
    Aha....
    Thank you! Good article!

  3. #3
    Join Date
    Apr 2004
    Location
    Daytona Beach, FL
    Age
    58
    Posts
    422
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Alerander
    Aha....
    Thank you! Good article!
    You are most welcome.

  4. #4
    rpaulpen Guest
    Hi,

    I tried this and I must admit it is the first tip that actually allowed me to see my shares, but it won't allow me to access them.

    It's giving me a "error, the network path linux_server/share cannot be found or you may not have access". linux_server is my machine name. I have added all the necessary permissions and users both in linux and Samba.

    Any help would be appreciated.

    thanks,

    Remo

  5. #5
    Alerander Guest
    I had tried it this afternoon, it's 9:00pm here.
    I have no idea about user share, i was just using security = share and it worked fine for me! However, all of these was working when i closed my firewall.
    Any advice to me?

  6. #6
    Join Date
    Apr 2004
    Location
    Daytona Beach, FL
    Age
    58
    Posts
    422
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rpaulpen
    Hi,

    It's giving me a "error, the network path linux_server/share cannot be found or you may not have access". linux_server is my machine name. I have added all the necessary permissions and users both in linux and Samba.

    Any help would be appreciated.

    thanks,

    Remo
    You do not need to do anything with permissions on the linux side. Just make a local and a samba user with the same name. Make sure you have logged into the server via your windows by clicking on the computer from the Computer list of the workgroup computers. If you try to access the file directly you will not do it.

    If you are still having a problem then shutdown the win machine, rename the FC4 server, reboot it , and then boot your windows. Windows stores a user pass combination in the registry for each network connection requiring authentication. The easiest way to reset a bad password is to rename the server or edit the registry.

    The error says "Windows cannot access.." Its a permission (which windows only has as user / pass combos) error on the windows side.
    Last edited by wshawn; 21st February 2006 at 11:46 PM.

  7. #7
    Join Date
    Apr 2004
    Location
    Daytona Beach, FL
    Age
    58
    Posts
    422
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Alerander
    I had tried it this afternoon, it's 9:00pm here.
    However, all of these was working when i closed my firewall.
    Any advice to me?
    You have the ports closed and the shares still working? There are a couple explanations for that. You did not restart the firewall and the ports are still open. Or you have set your Winbox as a trusted address, or other assorted reasons...

  8. #8
    Alerander Guest
    Silly me!
    I do not know the ports would be opened when the firewall was working. But I got samba working fine just define "security = share". Actually, i do want to open firewall using samba, it's a chore that open firewall everytime if i need to connect to internet! I'm wandering how can i access into other pc from samba with firewall working. It seemed that there is no right for XP to access into samba, and vice versa.

  9. #9
    Shaky Start Guest
    You said:

    "Our purpose for this project was to isolate users to their own backup areas on a FC4 Linux box, allow users to share FROM the Linux box and not their Windows machines (for security), and basically keep the data redundancy and security beefed up with an additional layer of protection with data still available even if a given users Windows machine goes down."

    (Sorry, haven't figured out how to use the sexy quote feature I see in other posts!)

    What changes to your procedure would I have to make for this to work in the reverse way (i.e. have Windows boxes able to share 'things' on the Linux box)?

    My purpose is to be able to publish prototype web-sites, from a Windows development box, to Apache running on my Linux box and then be able to access those sites from Windows boxes on my home LAN. This is part of my personal education and test program, before I publish the site for real on the INternet.

    Further advice to this very useful article would be appreciated.

  10. #10
    Join Date
    Apr 2004
    Location
    Daytona Beach, FL
    Age
    58
    Posts
    422
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think we are missing it here. In order for shares to work, you have to have the ports open in the firewall that I listed. Other than that the rest of the ports should be closed (excluding ones you have configured to be open). My firewall on the FC4 server is completely locked down outside of 8 ports, and all but three of those are hidden from the internet.

    The router we are using blocks all incoming traffic except for those required for ftp, ssh, http.

    You are wanting to do two entirely seperate things. Get the shares working first, then find a how to for apache, as it is pretty close to ready to run out of the box with very little configuration. I run Red Hat Enterprise Web server(s) already and just produce websites directly on the server using PHP and leaving the default index.htm page up to catch nosey visitors until I am ready to delete the index.htm file and make the site live.

    My stated purpose was to NOT have shares running on the Windows boxes. Instead once you get the shares working you on the Linux box, the idea is to have the windows boxes doing there shares from there.

    This accomplishes exactly the same thing, but with a security layer added into the mix. To share a windows box requires next to nothing. Make a share somewhere on the file system as the admin and use the Places | Computers | Browse Network to get to hem. The problem with this is: it is EASY to get around Windows security through their shares, which is why I do not allow shares on Windows Systems (not even printers).

    In case you didn't know: a long lasting bug in windows is: once you turn on file / printer sharing it can not be completely turned off (with out a FDISK / format / re install of the OS).
    Last edited by wshawn; 21st August 2005 at 01:09 PM. Reason: Failed to mention:

  11. #11
    Shaky Start Guest
    Yes, I probably am missing it here, (put it down to my advancing years - I'm far too old to be messing about in this sand pit), so thanks for providing the additional clarification,as well as the advice (but I cannot imagine why fdisk would be required to remove all vestigies of file/printer sharing!).

    I probably need to reconfigure my (wired) cable modem/router to block off unwisely open ports. Can you recommend a source of info which will guide me on what ports should be open? - on both the router and on the workgroup client machines on my LAN?

    btw I am wanting to use Apache after trying for some weeks to use IIS with FrontPage extensions. Some kind soul on the relevant micro$oft public newsgroup for IIS suggested that it would be quicker and safer to use Apache under Limux, which sent me off down the road of discovering who Linux is, and helping me to discover all these ancilliary issues on that journey. I am still planning to use FrontPage (or DreamWeaver), but you mention developing web sitees with PHP. Has it got a steep learning curve? (I haven't got much time left!)

  12. #12
    rpaulpen Guest
    Well, I had everything working but it now seems that when I reboot the server or the client, the client can not find the server now. It's not in the "entire network" directory anymore. This is confusing. Any help would be appreciated.

    Thanks,

    Remo

  13. #13
    Join Date
    Apr 2004
    Location
    Daytona Beach, FL
    Age
    58
    Posts
    422
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by rpaulpen
    Well, I had everything working but it now seems that when I reboot the server or the client, the client can not find the server now. It's not in the "entire network" directory anymore. This is confusing. Any help would be appreciated.

    Thanks,

    Remo

    make sure your smb is running...

  14. #14
    Join Date
    Apr 2004
    Location
    Daytona Beach, FL
    Age
    58
    Posts
    422
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Shaky Start
    Can you recommend a source of info which will guide me on what ports should be open? - on both the router and on the workgroup client machines on my LAN?
    You only need to open the ports you want people to access in on... like 80 for httpd..
    Quote Originally Posted by Shaky Start
    btw I am wanting to use Apache after trying for some weeks to use IIS with FrontPage extensions. Some kind soul on the relevant micro$oft public newsgroup for IIS suggested that it would be quicker and safer to use Apache under Limux, which sent me off down the road of discovering who Linux is, and helping me to discover all these ancilliary issues on that journey. I am still planning to use FrontPage (or DreamWeaver), but you mention developing web sitees with PHP. Has it got a steep learning curve? (I haven't got much time left!)
    Use Dreamweaver if you have the access to it. Avoid Front Page like the plague. PHP is cool in that you can use mostly HTML and add php where needed (like randomized images)


    As far as the fdisk required to dump the shares. Yeah it sucks. But even if you reinstal the OS over the OS it retains the old settings, and if you think just a mere format will be enough, we have documented examples on how a system was reinstalled with only a format and when the registry was search on the first boot after install it contained information for Norton System works from the old system (which no software had been reinstalled).

    Personally, I treat Windows as a virus if it has been used for any length of time (snag the data and start over locking it down from the start)...

  15. #15
    rpaulpen Guest
    It's alive!!!!!!!!!

    Finally got it working. Thanks very much for your help wshawn... much appreciated!

    Remo

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 9
    Last Post: 8th April 2009, 01:10 PM
  2. Fascist America, in 10 easy steps
    By Seve in forum Wibble
    Replies: 4
    Last Post: 24th April 2007, 06:58 PM
  3. Replies: 0
    Last Post: 4th August 2006, 12:26 AM
  4. ReInstall GRUB - EASY STEPS
    By ukanth in forum Guides & Solutions (Not For Questions)
    Replies: 1
    Last Post: 18th October 2005, 07:04 AM
  5. Replies: 5
    Last Post: 17th February 2005, 11:10 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
[[template footer(Guest)]]