SAMBA
Features:
1. Provides Windows features (file & print) on Linux | Unix
/etc/samba/smb.conf - primary config file
Clients:
1. findsmb - finds SMB hosts on the network
2. smbtree - equivalent to Network Neighborhood/My Network Places (prints workgroups, hosts, and shares)
3. smbget - similar to 'wget', in that, it will download files from the remote share
• smbget -u dean smb://linuxcbtwin1/mtemp/20070524_SAN_Allocations.ods
4. smbclient - interactive (FTP-like_ utility to connect to shares - permits uploads/downloads from shares
• smbclient -U dean //linuxcbtwin1/mtemp
• mget file* - downloads file(s)
• mput file* - uploads file(s)
5. smbtar - backs-up smb shares to a TAR archive
• smbtar -s linuxcbtwin1 -x mtemp -u dean -t backup1.tar
Samba Server:
/etc/samba/smb.conf - primary config file
SWAT manages /etc/samba/smb.conf
Samba Server Modes:
1. User
• One Samba-defined user is required per Linux user
• Authentication of users is handled by Samba server
2. Server/Domain (PDC/BDC)
• Authentication is handled by the Windows NT/2K/2K3/2K8 server
• Still requires a local Samba-defined user accounts database
3. ADS - Active Directory
• Authentication is handled by Active Directory
• b. When used with Winbind, locally-defined Samba users are NOT required
Note: Ultimately, users must authenticate to the local Linux file system
Task:
1. Install SWAT
•yum -y install samba-swat
•nano /etc/xinetd.d/swat - set 'disable = no'
•service xinetd restart
•netstat -ntl | grep 901
/etc/samba/smbpasswd maps Windows users to /etc/passwd
2. Install rdesktop and connect to Windows XP to test connectivity to Samba
•yum -y install rdesktop
WINBIND:
Features:
1. Windows AD integration
2. Avoids having to define users in 2 places: Windows, Linux
3. Uses Kerberos for authentication
Requirements:
1. krb5-* packages
2. Properly configured Kerberos environment:
•/etc/krb5.conf
[libdefaults]
default_realm = AD2.LINUXCBT.INTERNAL
[realms]
AD2.LINUXCBT.INTERNAL =
{
kdc = linuxcbtwin3.ad2.linuxcbt.internal
admin_server = linuxcbtwin3
}
[domain_realm]
.linuxcbtwin3.ad2.linuxbt.internal = AD2.LINUXCBT.INTERNAL
Steps:
1. Update: /etc/krb5.conf
2. Update Samba configuration to use ADS authentication
3. Update Samba server's DNS to point to ADS server
•/etc/resolv.conf
•/etc/hosts - including a pointer to the ADS server (linuxcbtwin3)
4. Join AD domain:
•'net ads join -U administrator'
5. Confirm AD membership using: 'Active Directory Users & Computers' Tool
6. Setup Winbind to authenticate using ADS:
•/etc/pam.d/system-auth - account & auth settings
• auth sufficient /lib/security/pam_winbind.so - place before 'pam_unix.so'
•account sufficient /lib/security/pam_winbind.so
• /etc/nsswitch.conf
passwd: files winbind
group: files winbind
•Configure 'idmap' 'uid & gid' mappings - 10000 – 20000
• Use SWAT to update idmap settings for 'uid & gid'
Note: If you want ADS users to be able to logon to your Samba-Winbind Linux box using SSH, Telnet, mingetty, etc., change the 'Template Shell' directive to a valid shell. i.e. /bin/bash
•Create 'Template homedir' %D (Domain) directory beneath '/home'
mkdir /home/LINUXGENIUS
7. Test Winbind Integration using: wbinfo
•wbinfo -u - this enumerates users in AD
•wbinfo -g - this enumerates groups in AD
•ssh into LINUXCBTSERV1 (Winbind) as ADS user
Task1:
1. Authenticate using ADS, as 'administrator' from Windows box
2. Create a user named 'linuxcbt' in AD
3. Create shared directory on the Samba box, and provide access (Share it)
No comments:
Post a Comment