File Sharing / Domain Services

            One of the most common functions for a home server is a common file-server.  If you're installing your home server for the purpose of learning how to administer a Linux server, this is also an important area to explore.   To do this function in Linux, we'll be using the Samba project.  This project provides both the ability to do file sharing and todo Domain Services:

To install file sharing on Red Hat, simply use the Package Manager to Search.  This tool can be found by going from Applications > Add / Remove Software.

To locate the Samba function, go to Search and then type Samba and select the packages you'd like (samba, samba-common, system-config-samba)

If Samba is not already installed, Red Hat will attempt to install the required packages at this time.  However, if you selected the packages correctly during the setup article, these packages should already be installed.  You can configure them by typing:

System-config-samba

Or by going to "System" > "Administration" > "Server Settings" > "Samba"

In the tool, go under "Settings" to specify how you'd like samba configured.  The first question is what you'd like as your Workgroup name.  If you're not using a Domain and instead are interested in sharing files with other workgroup computers, you will want to check the workgroup name that the other clients belong to. Common workgroup names are 'workgroup' and 'mshome'.   If you are setting up a new domain, enter the domain name there.  Make sure that the domain name you choose is unique on your network.  If you're just testing out samba, you're probably safe just to use "domain" or the default "workgroup".

If you're not setting up a domain, you should be good to go at this point.  If you are setting up a domain, be sure that security = user.

With the initial configuration done, exit settings and you will now be presented with the standard Samba configuration tool. 

By default, there are no active shares, but you can use the interface to add them:  

You can also edit the samba configuration directly by accessing the samba configuration file, /etc/samba/smb.conf.

Domain Controller

As mentioned, samba can be configured as a domain controller.  The easiest way to do this is to edit the samba configuration file, /etc/samba/smb.conf.  Minimally, the following configuration should be present:

[global]

passdb backend = tdbsam

os level = 33

preferred master = auto

domain master = yes

local master = yes

security = user

domain logons = yes

logon path = \\%N\profiles\%U

logon drive = H:

logon home = \\homeserver\%U\winprofile

logon script = logon.cmd

Also, be sure to uncomment the "Netlogon" share information in this file, as this is where the user logon scripts are stored.  Likewise, you may wish to create the home folder shares active for user profiles.

Restart the samba service either by typing:

Service smb restart

Or by going to "System" > "Administration" > "Server Settings" > "Services"

If you have configured the system as a domain controller, you should be able to add clients to your domain at this time.   The Root user's credentials will serve as the "Administrator" account credentials.

Existing accounts can be added to the samba domain by typing in a terminal:

smbpasswd -a {username}

You will be prompted to set a samba password for the user.

Although initial setup of a domain in Red Hat is quite easy, the default samba configuration that they use is not very complete.  For example, user password changes are not functional and tools such as "User Manager for Domains" and "Server Manager for Domains" are non-functional.  To this end, you need to use either native samba functionality to address these tasks, or tweak your smb.conf file to use alternate methods to enable this functionality.  For example, to address the password issue, you may wish to add:

unix password sync = Yes

passwd program = /usr/local/sbin/smbpasswd -u %u

passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"

You can also add in a number of arguments into the smb.conf file to add functionality to allow the "User Manager" and "Server Manager" tools to work - such as:

add user script =

delete user script =

add machine script =

add group script =

delete group script =

add user to group script =

delete user from group script =

set primary group script =

add share command =

delete share command =

For example, you could use the variable:

add share command = /sbin/addshare.sh

and create a script in sbin containing:

Addshare.sh:

echo $1 $2 $3 $4 >> /tmp/share.log

echo "" >> $1

echo "[$2]" >> $1

echo "path = $3" >> $1

echo "read only = no" >> $1

echo "comment = $4" >> $1

echo "" >> $1

The other tools listed may change depending on your password back end.  By default, samba is configured to use a local file, smbpasswd.  But, it is possible to use other backends such as an LDAP.  In this situation, there may be packages that can be referenced for this functionality.  For example, with LDAP, you could use the smbldap tools and your samba configuration file would look like:

add user script = /usr/local/sbin/smbldap-useradd -m "%u"

ldap delete dn = Yes

delete user script = /usr/local/sbin/smbldap-userdel "%u"

add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

add group script = /usr/local/sbin/smbldap-groupadd -p "%g"

delete group script = /usr/local/sbin/smbldap-groupdel "%g"

add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"

delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"

set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"

add share command = /sbin/addshare.sh

delete share command = /sbin/delshare.sh

For more information  about LDAP, be sure to check out Part 6 of this series, where we will cover the configuration of an email server and LDAP.  For more information about Samba, visit http://www.samba.org .

Finally, if you did not select for the port to be opened in the firewall, be sure to allow the required services to have access.

Red Hat is uncommonly good about firewalls.  For the default server install, the firewall is active and whenever a service (remote access VNC, email, etc.) is configured it simply  needs to be added in.  To do this, go to "System" > "Administration" > "Security Level and Firewall":

Select the checkbox for "Samba" and then "Apply" and "Ok".

If you need to confirm the configuration, you can type "iptables -L" from the root account's command line.

Proxy Server

          Installation:

To install a proxy server on Red Hat, simply use the Package Manager to Search.  This tool can be found by going from Applications > Add / Remove Software.

To locate the Samba function, go to Search and search for the word "Squid" and select the packages you'd like (squid)

If Squid is not already installed, Red Hat will attempt to install the required packages at this time.  However, if you selected the packages correctly during the setup article, this package should already be installed. 

Once the installation is complete, you have a few more steps for configuring the proxy server.  First, edit the configuration to allow access to your local network by editing the squid configuration file, /etc/squid/squid.conf:

Locate the line reading,  "http_access deny all", and above that line, add a line reading:

httpd_access allow {localnetwork}

It is also possible to change "http_access deny all" to "http_access allow all", however this is less secure and not recommended.

Next, from a terminal (as root), type:

chkconfig squid on

service squid start

Finally, we need to manually update the firewall configuration.  Red Hat is uncommonly good about firewalls.  For the default server install, the firewall is active and whenever a service (remote access VNC, email, etc.) is configured it simply  needs to be added in.  To do this, go to "System" > "Administration" > "Security Level and Firewall":

By default, Squid uses port 3128.  There is no pre-configured template for Squid, so select "Other Ports" for the menu on the bottom.  Select Add and then add in the details. For your source network, put in your network (ex. 192.168.1.0) and for both port fields type "3128" and then select "Add".

Select "Apply" and "OK" to apply the configuration. If you need to confirm the configuration, you can type "iptables -L" from the root account's command line.