Chapter 7 Configuring Networking 225
Multi views option. Allows for the client and server to negotiate the language and format of the data to be returned. This allows the server to have language and data files added to support several languages.
After you have chosen the features, the basic configuration of an Apache server has been completed. The creation and maintenance of a Web server is a tasking job and usually requires a Web master. However, the ability to create a basic Web server can be valuable to both small and large companies.
Samba File Server
Microsoft created the Server Message Block (SMB/CIFS) protocol to provide the ability to share files and resources. Samba is a software program that offers a version of SMB/CIFS that allows Linux clients to able to connect to Microsoft network resources such as file shares and printers. The linuxconf program can complete the basic configuration of Samba by selecting Samba file server from the networking section of the program. During Samba configuration, the default menu appears, offering the following options: Default setup for user’s home, default setup for printers, netlogon setup, and disk shares. The Samba configuration menu is shown in Figure 7-15.
Figure 7-15: Default Configuration of Samba
226 Part III Configuration
Basic configuration
The basic configuration section includes the SMB/CIFS account management. This area allows the selection of options including managed and unmanaged, accounts and passwords, account only option, and the ability to synchronize Linux from SMB/CIFS passwords. The following list summarizes these items:
“Not managed” means that each new user of the created Samba shares must be added manually by using the SMB/CIFS passwd -a command to add each and every account.
The account and password option allows linuxconf access to both password databases (/etc/passwd and Samba’s file at /etc/SMB/CIFS passwd) to allow all users to access the Samba shares.
The account only option is used to create and delete accounts in the SMB/CIFS password database.
The next option allows the update of passwords from Microsoft Windows users to the /etc/SMB/CIFS passwd password database.
The last option in the basic configuration section allows Samba to alias another server for SMB/CIFS purpose. This allows two SMB/CIFS names to direct clients to the same system, which is very useful when replacing two file servers with one.
Passwords
Passwords control access to the system. The following is a list of options that can be set for passwords:
Encrypted passwords: This option sets the type of encryption level. This information may be needed as there are a number of different ways that Microsoft Windows can encrypt the data.
Authentication mode: Allows you to select the source of authentication. You can choose from the user, server, domain, or a network share.
Map to guest mode: provides tracking of failed user and password access to the Samba server.
Access: You can allow accounts with null or no password to use the system. This setting reduces security, but also allows virtually everyone access to a system.
Access
The access section is used to provide or deny access to specific clients. The following is an example:
allow host = 192.168.0.*.* EXCEPT 192.168.0.200 allow host = 10.0.0.0/255.255.0.0
allow host = mybox, hisbox, herbox
Chapter 7 Configuring Networking 227
The first entry allows all users on the 192.168.0 network to access the server except IP 192.168.0.200. The second entry allows all users on the 10.0.x.x network to access the server. The third entry allows only hostnames of mybox, hisbox, and herbox to access the server. This can be quite useful because you can grant access to certain sections of a site while denying access to others — even if they are on the same LAN segment (this is also expandable to the WAN network).
The deny feature works the same except it prevents users from accessing the system. Using the above entries to deny access would look like this:
deny host = 192.168.0.*.* EXCEPT 192.168.0.200 deny host = 10.0.0.0/255.255.0.0
deny host = mybox, hisbox, herbox
Networking
The networking section allows the Linux server to perform network services that are normally provided by Microsoft NT or 2000 Servers. The services are controlled by the OS level selected and allow the Samba server to take precedent over another server for duties in the Microsoft environment. The option to be the preferred master can be enabled to allow the Linux system to be selected as the browse master in the Microsoft workgroup.
This option should be used with care in the Microsoft environment because new Microsoft operating systems often force elections and create a large amount of broadcast traffic in an attempt to become the preferred master.
By selecting the WINS server option, you enable Samba to act as a WINS (Windows Internet Naming Service) server for name resolution of IP addresses to NetBIOS names.
Auto accounts
Auto account creation is controlled by using the Add user script and Delete user script. These are advanced scripts that create and delete accounts based on connections being created with the Samba server. When authentication is confirmed or denied, the account is either added or deleted as required.
Features
Several features are available with the Samba server package, which are described in the following list:
Guest account is used to establish which account will be used by clients accessing files or services labeled as Public Access. The user will have all rights of the account used as the Guest account.
Dead time is used to terminate connections that remain inactive for the specified amount of time in seconds. This prevents improperly connected or disconnected connections from staying active and using resources.
228 Part III Configuration
Debug level sets the value of the debug parameter in the SMB.conf file. This can be used to make the system more flexible in the configuration of the system.
Default service allows a default service to be specified in cases where the requested service can’t be found.
Show all available printers allows all configured printers to be browsed by Microsoft Windows clients.
WinPopup command allows a program to be configured to respond on the Linux system to WinPopup information set to the system.
Home directories
Although similar to the default setup, this home directory option also provides specialized configuration for home directory shares. This section is illustrated in Figure 7-16.
Figure 7-16: Default setup for the user’s home
Comment and description
The comment/description field provides a comment or description about a share when a client views it. Set the share as active to automatically include it in browsing lists. Set the share as browseable to include it in net view and browse lists.
Chapter 7 Configuring Networking 229
Access
The access section establishes the type of access allowed for the share. If you select public access, then no password is needed to connect to the share and the rights of the guest account will be used during access. The writable option determines if clients can create or modify files in the share.
Users
This section allows users to access a share. To enable access, you need to create a list of user names in a comma-delimited list. You won’t achieve good security this way, but you can allow systems that don’t provide a username to connect to the share. Use the Write list to allow read and write access for a list of users to the shared resource. The Valid Users option provides a list of users that should be allowed to log in to the service. The Invalid users option prevents a specific user from accessing the system. All of these user lists take on the following format (the
@denotes a Linux user group): list: root john fred @linux
The Max connections option is used to limit the maximum number of connections to the system at one time. If this number is zero, then an unlimited number of connections are possible. The read only list is a list of users who have read-only privileges on the system.
Scripts
This section provides for scripts to be run when connections or disconnections to the system are made. You can use the Setup command to send the user a message every time he or she logs in. This can be a “message of the day” with a script like the one provided in the help file:
csh -c ‘echo \”welcome to %S!\” | \ /usr/local/samba/bin/s -M %m -I %I’ &
If the user connects often, however, this message may become somewhat repetitive. The setup command (root) can also be handy because it provides the same service as the setup command but with root capabilities. Therefore, you can use it to mount file systems before a connection is completed. You can also use this command to mount a CD-ROM before finalizing a connection. Use the cleanup command to create a task to be completed when a client disconnects. Again, the root option gives you the ability to perform the task as the root user. The following is an example of a cleanup command (root):
/sbin/umount /mnt/cdrom
This is only an example of what can be done. You can create scripts to provide daily messages or mount file systems at the creation of a connection or reverse the process for disconnections.
230 Part III Configuration
Defaults setup for printers
The menu for the configuration of default printers is shown in Figure 7-17.
Figure 7-17: Default setup for printers
This is the most basic configuration receives no help from the linuxconf program. The first option is to enable the share, which will make it accessible to clients. The second option sets the share to be a printer. Set the share as browsable for shares to be included in net view and the browse list. Finally, public access allows anyone to use the share (even without a password) by using the guest account.
Netlogon setup
The Netlogon setup menu, shown if Figure 7-18, allows the configuration of logon connections.
This menu allows you to enter the title of the share, which can be used to identify it. The default status of this share is to have the enable option on, allowing connections to the share. The final item in the first section is to select the file system to be exported. This file system may be something as simple as a general share of all documents that are used by every network user.