Configuring a Samba Server

If you deploy a Linux-based machine to serve up files in a Windows network, you’re not going to get very far without the help of Samba. Samba is an Open source software suite that offers seamless file and print services to SMB/CIFS clients.

Basically, Samba can fool a Windows machine into thinking a Linux machine is a Windows machine. A bit of trickery yes, but it gets the job done.

Before YaST, the real trick was getting Samba to actually work. Configuring Samba required hand-editing the smb.conf file; this could be a nightmare. Now you can point-andclick your way to getting Samba running, because the good people at Novell and SuSE have worked hard to bring the Linux administrator the YaST (Yet another Setup Tool) to help. This tool makes setting up a plethora of system settings as simple as it gets. Here’s how it works.

What does Samba do?
Before we move on, let’s make sure we all know what Samba does. Samba’s magic happens thanks to a protocol suite known as the Common Internet File Sharing (or CIFS) at port 3020. At the heart of this protocol suite is the Server Message Block (SMB) protocol.

Samba is simply the open source implementation of the CIFS protocol suite. Samba allows Linux servers and workstations to talk to any Windows workstation, all the way
back to Windows 95.

Configuring Samba
To configure a Samba Server in SuSe Linux, you’ll use the YaST tool. To do so, go to the Control Center. Select Administrator Settings from the Common Tasks section to open the YaST Admin Tool. Next, select Network Services to reveal a listing of the various Network Services that can be configured from within YaST. Press the Samba Server button and you’ll see YaST’s Samba GUI.

The first thing you have to do is enter the domain to be configured. The drop-down is a bit misleading. The default, TUX-NET, is the only option available. Simply erase that option and enter your domain. Once you have applied this, press Next to take care of the final phase of initial setup.

If your server is to house all of the Samba log-in information, set it as the PDC.

This final phase requires you to decide if your Samba server will act as a Primary Domain Controller. Make your selection and press Next.

Once you press Next, you can’t come back to this portion of the setup without aborting the installation altogether. So make your choices wisely.

After you press Next, you are in the primary Samba configuration.

If you click Abort, the Samba GUI will go away.

The first configuration is the Samba startup status. You can either configure Samba to start at boot or to be manually started. I highly recommend you have Samba start at boot. It will slow your boot time down a fraction of a second, but it will lessen the tasks you must handle once the server is up and running.

Once you have Samba’s boot configuration taken care of, open up the firewall for Samba. Select the Open Port In Firewall check box. If your machine has more than one network interface, press the Firewall details button to apply the firewall changes to the correct interface.

The next step is to configure the proper Samba shares. Press the Shares tab, to reveal this configuration.

You can enable or disable a feature simply by clicking the Toggle Status button.

The Shares tab allows you to configure every aspect of the Samba shares. You can go beyond just enabling or disabling each share, of course. By highlighting a share and pressing the Edit button, you can further customize each share configuration.

Let’s take a look at configuring the users share. Highlight that share and press Edit. A new window reveals five pre-configured options.

Obviously, the default settings will not work for most, and there are a lot of possible options to add. Let’s take a look at the default options and what they are:

• Read Only: Tells Samba if the configured shares are read only. The default is set to No. If users need only to be able to read data from the shares, highlight the option,press Edit, select the read only check box, and press OK. The share is now set to read only.
• Comment: What users see after logging in. This could be a description of the server serving the shares.
• Path: The directory that Samba will share out to the users.
• Inherit ACLS: Means that all files within a parent folder will inherit the ACL(Access Control List) of the parent folder. That’s it for the default users options.

Obviously, there are quite a few more options to be added.

If you press the Add button, a small window will appear with a drop-down list. That drop down list contains 124 other options to add and configure. Once you find the option you want to add, select it and press OK. Some of the new options will have another configuration window to edit before the option is added. Say, for instance, you want to add admin users. Click the drop-down and highlight admin users.

124 options to choose from.

Press OK and the second window will open to enter the admin username.

When you press OK, you’ll be taken back to the initial shares screen, but the admin user will be listed among the options. After you have completed the configuration of this section, press OK to move on.

Another option in the Shares tab is to enable to users to share their home directory. This is important: If you enable this feature, every user’s home directory will be made available. If this server is used frequently by users, then privacy can become an issue. If you decide to use this feature, make sure your users are made aware of it.

Finally, the Identity tab, shown in Figure E on page 14, allows you to further specify the identity and role of the Samba server.

Your Workgroup or Domain name should already be correct from the initial configuration.

Two of the three configuration options should be familiar from earlier configurations. The final of the three, NetBIOS name is just the name the machine will be seen as on the shared network. If you want the server to be seen as “Department X” then enter Department X in this option.
You may also undertake some advanced settings from this tab. From the Advanced Settings drop-down, you can select either Expert Global Settings or User Authentication Settings. The Expert Global Settings, allow you to fine-tune settings for printing, security, and log-in.

When you press the Edit button, the majority of the options in the Global Settings configurations are text-field entries.

If you’re familiar with hand-editing smb.conf files, you’ll recognize a number of the configurations. One of the most important configurations you’ll make here is the security option. This is how your users will authenticate to your Samba server. There are five possible settings:

• ADS: Where Samba acts as a Domain member of an Active Directory.
• Domain: Where Samba relies on a Windows NT Primary (or Backup) Domain Controller to authenticate users.
• Server: Where the Samba server passes the buck of authentication to another
• Samba server.
• Share: Where users only have to enter password if they try to enter a specific shared directory.
• User: Where users are required to enter their username/password on a per Samba server basis.

The other Advanced Settings tab, User Authentication Sources, is simply a way for you to define where Samba finds the resource file to authenticate users. There are four different types:

• smbpasswd File
• LDAP
• TDB Database
• MySQL Database

Obviously, this configuration will depend completely on your network setup. The default option is smbpasswd File. If you press the Edit button (with that option highlighted), you can then enter the location of the password file used.

Make the connection
With all of these options complete, you are ready to complete the configuration by pressing the Finish button. This will save all of your configurations and start the Samba services. If your configuration is successful, you can now log into your Samba server from your Windows machines. Just connect to the Linux server from the Windows workstation in Explorer using the standard \\servername syntax.

Read more!

Configuring Linux using a GUI

Many hardcore Linux users would shudder at the thought of configuring Linux network services using a GUI. A solid argument could be made that a GUI has no place being on a server in the first place. Servers are just supposed to sit quietly in the corner and do their job by themselves without user interaction. GUIs, by definition, are designed to make user interaction easier. A GUI adds needless overhead to a machine that’s not supposed to be interacting with users from its own console. Therefore, you should keep a GUI off of the server and configure services to run from a command line.

Although it’s practically sacrilegious, using a GUI for configuring servers can make sense in some cases. Primarily, using a GUI can help network administrators who aren’t familiar with Linux learn to set up network services faster. Many network administrators come from a Windows background, where practically everything is point-and-click. Although they need to earn new tools, the old Windows skills can more easily be translated to Linux through GUI tools.

Even for seasoned Linux users, trying to figure out the locations, layouts, and choices of configuration files that need to be maintained can be a chore. Some services can use three or four different .conf files. A slight error in the file can cause the service to fail. If the error was overlooked, a lot of time can be lost to troubleshooting. GUI tools that automatically find and populate the corresponding .conf files can end confusion and decrease the chance of errors.

GUI configuration options
Linux gives you several options when it comes to GUI-based network administration. Since the distribution we’ve chosen to use in this series revolves around SuSE 10.2, the major GUI configuration tool you’ll use is YaST. Other distributions have their own tools, but YaST is very well-organized, with an easy-to-follow arrangement.

YaST does a lot, but it doesn’t do it all. For those services YaST can’t control, we’re going to use Webmin, an add-on tool which allows you to control Linux services from inside of a Web browser. This means you have to learn how to use another tool, but it’s still easier than doing configurations from the command line.

A quick look around YaST
Although it is contrary to what many Linux admins would advise, I’m going to log into my SuSE 10.2 machine as root for this setup. I don’t do this often, but it saves me from having to enter the root password each time I perform an administration task.
Once you are done setting up these services, log out.

The first thing you’ll want to do is to select the Computer menu

The new GNOME 2.16 menu is quite a change from the usual cascading menu.

From the menu, select Control Center.

The Control Center is grouped in both Groups and Common Tasks.

From the Common Tasks section, select Administrator Settings to open the YaST
Admin Tool. You’ll see a screen similar to the figure below

It should be obvious that Network Services is your next destination.

Select Network Services to reveal a listing of the various Network Services that can
be configured from within YaST.

A nice collection of GUI tools to help you configure your Linux server.

Working with Webmin
There are a number of ways to go about the installation of Webmin, but the easiest and most consistent method of installing Webmin is from source. To get the source tarball, go to sourceforge site for the latest release. Once you have that file downloaded, you are going to untar the archive with the command tar xvzf webmin-1.310.tar.gz.

Now cd into the newly created webmin-1.310 directory. Inside this directory is the setup script to install Webmin. From within this directory, run the command ./setup.sh /var/www/html/webmin (where /var/www/html/webmin is the directory you wish to install
Webmin into).
Note: The /var/www/html/webmin directory does not have to exist, because the Webmin setup script will create it for you.

While the installation script is running, it is going to ask you the following:

• Webmin configuration directory
• The location at which Webmin will store logs
• Path to Perl
• Your server OS (Webmin tries to detect this)
• The port Webmin will run on (defaults to 10,000)
• The username and password to log in to Webmin
• Your server’s hostname (Webmin tries to detect this)
• SSL usage; should only prompt if Perl’s SSL libraries are installed (this author has not run Webmin under SSL)
• Whether you want Webmin to start with system boot (highly recommended)

An interesting gotcha: During installation on Fedora Core 6, I was only asked for the installation directory. I was not prompted for a password, server hostname, server OS, port number, path to Perl, or SSL usage. Initially, it caused many an eyebrow lift when I logged into the site without an admin password.

I tried using the root username and password for my system; it worked. I attribute
this to Webmin being previously installed (but not run) via RPM. After the installation
script completed, it informed me:
Webmin has been installed and started successfully. Use your web browser to go to
http://localhost.localdomain:10000/
and login with the name and password you entered previously.
Because Webmin uses SSL for encryption only, the certificate it uses is not signed by one of the recognized CAs such as Verisign. When you first connect to the Webmin server, your browser will ask you if you want to accept the certificate presented, as it does not recognize the CA. Say yes.
The directory from the previous version of Webmin /usr/libexec/webmin Can now be safely deleted to free up disk space, assuming that all third-party modules have been copied to the new version.

The last section of the presented information was a good hint as to why I was not given the chance to set up an admin.
Now that Webmin is installed, it’s time to take a peek around and see what it has to offer.

Logging in
As stated above, you may have to log in with your root username and password.
Once logged in, you will be greeted with the Webmin main page.

Webmin’s main administration page.

From there, the first place to visit is the Webmin Configuration screen.

Here you can configure Webmin options.

Security configurations
From within the Webmin configuration screen, there are a number of items you will want to set up. Obviously, security for such a tool is high on the list. Select the IP Access Control link to set up a list of allowed or denied hosts; this prevents password guessing. You may have set up a rigid password that’s a mixture of alpha and numeric characters (as well as upper and lower case), but eventually someone’s going to crack it.

To add one more layer of security, set up this list so you allow only specific IP addresses to access the tool. Make sure you include any known safe IP address that will be needing access to the Webmin interface. All other hosts are denied.

Along this same line of security, select the Trusted Referrers link. From here, you can configure Webmin’s referrer-checking support, which ensures that malicious links from other sites cannot trick your browser into doing dangerous things with Webmin. In this section, there is a text area where you can enter trusted sites, a radio selection, and a check box. The radio selection allows you to choose to Enable Referrer Checking, and the check box allows you to select to Trust Links From Unknown Referrers.

From everything I’ve read and experienced, the default configuration for Webmin is pretty secure. For those working with mission-critical servers, however, it might befit you to uncheck the Trust Links From Unknown Referrers box, and configure some trusted Web sites.

The next step in securing Webmin is enabling the system to use SSL tunnels; this will allow remote login without passing unencrypted passwords across the ether. However, there are steps that must be taken before this feature can be used. First, OpenSSL must be installed; on many newer distributions, this is already taken care of. If not, then download the most recent OpenSSL from rpmfind and run the command (as root) rpm -ivhopenssl-XXX.rpm (where XXX is the release number).

With OpenSSL installed, you must install the Net::SSLeay Perl module. Download this module from the Net::SSLeay site, untar the archive with the command tar xvzf Net_SSLeay.pm-XXX.tar.gz (where XXX is the release number), change into the newly created Net::SSLeay directory, run the command perl Makefile.PL, and run the command make install.

To test the installation, run the command:perl -e ‘use Net::SSLeay’. If no errors are reported, you are good to go.

Select the SSL Encryption link from within the Webmin Configuration page, and you should see the following text, indicating SSL is working properly:
The host on which Webmin is running appears to have the SSLeay Perl module installed.

The first thing you want to verify is whether Enable SSL If Available? is checked. If it is, then you should now be able to log in to your Webmin site with the URL https://localhost.localdomain:10000/.

Your Webmin login is now encrypted.

Webmin users
Creating Webmin users is a very important task and should not be taken lightly. It’s necessary to grant users access to various aspects of your Webmin server (especially if your company’s server farm can not be administered by one person alone).

However, as in any good UNIX environment, users should be created and maintained wisely. To make this an easier task, I suggest creating groups to suit your needs. Say, for example, you have an IT team that needs access to the Webmin interface. From the Webmin main menu, select Webmin Users. Inside this page, Webmin Groups can be administered. Select Create New Webmin Group to create a new group.

From the list of options, select which modules the IT group needs to have access to, and press Save. Now, go to the Create Webmin User section, and create a new user. During this configuration, select the IT group from the Member Of Group list. There are some nice configuration options here, such as allowing users access to the site only on given days and times. Once you Save, the user will be created, and the user will inherit all of the options from the IT group.

Read more!

Install and configure Windows Server 2008 core

With the imminent launch of Microsoft Windows Server 2008 coming on February 27, 2008, I want to show you a feature I am fond of in this new operating system. With Windows Server 2008, you have the option of performing a Windows Server Core installation, which provides you with the minimum set of tools to run Windows.

You are provided with a kernel and a command line to manage the server. It is slim and bare bones and allows you to configure Windows concisely. This type of installation is perfect for a datacenter. I am really excited about this feature.

Installation
When you first run through the installation of Windows Server 2008, you have two options for installation. They are:

• Windows Server 2008 Enterprise (Full Installation)
• Windows Server 2008 Enterprise (Server Core Installation)

The following eight screen shots walk you through the installation of Windows Server Core which took approximately ten minutes to install.








After the installation, the main window for your new installation appears and you are ready to login as shown in the figure.

The initial login is Administrator and blank password. You are required to change the password and set an Administrator password on initial login.


Now you are logged in.


You are ready to configure the date, time, and time zone. In the command line type the following: controltimedate.cpl and set the options accordingly.


If you need to configure and change the keyboard layout and settings, type the following in the command window: control intl.cpl


Let’s move on and change the server name. The default name is a bunch of random letters and numbers and I would like to change the name to a local standard. You can view the current hostname by typing the following:

c:/window/ssystem32>hostname

Now let’s use the name ssw-svr15. We will perform this option in the command line by typing the following:

c:/windows/system32>netdom renamecomputer %computername% /NewName:ssw-svr15


After choosing to proceed, the task completes successfully. You now need to reboot the server using the shutdown command. For the proper syntax, type:

shutdown /?

After reviewing the syntax, I will type the following: shutdown /r (switch for shutting down and restarting the computer) /t 10 (wait 10 seconds to shutdown and restart) /c “Changed Server Name” (add comment of max 512 characters). They total syntax will look as follows:

shutdown /r /T 10 /C "Changed Server Name"


Let’s now configure our networking so we can join this server to a domain. In order to see what interface you have to configure, type

netsh interface ipv4 show interface


The Local Area Connection that we are going to configure has an index value of two. Let’s proceed and configure TCP/IP for this connection. Type the following command to set the TCP/IP information:

netsh interface ipv4 set address name="2" source=static address=192.168.1.199 mask=255.255.255.0 gateway=192.168.1.1


Follow the same example to configure DNS:

netsh interface ipv4 add dnsserver name="2" address=192.168.1.1 index=1


If you type ipconfig /all, you will see the newly added information.


Let’s join it to a domain! In order to perform this function, we will take advantage of the netdom.exe. The syntax is as follows:

netdom join ssw-svr15 /domain:watchtower /userd:Administrator /passwordD:Password01
Note: Do not forget to reboot the server using the following command:

shutdown /r /T 10 /C "Added to domain"


As a final step, we should not forget to activate the server by typing the following:

slmgr.vbs -ato


This doesn’t even scratch the surface of what you can do with a Windows Server Core installation but it begins to show you how powerful command line is with a small Windows kernel. With the popularity of virtualization and server consolidation, having the ability to virtualize a server core installation and attach a single role will become very popular with the datacenter.

Read more!

Tweaks, tricks, and hacks to make Windows Vista faster

Every operating system could stand some tweaking. No matter how many developers you throw at an OS as complicated as Windows Vista, power users will always find something they can modify or hack to make it run faster, or better, or just differently. Here are just a few of the Windows Vista tweaks, tricks, and hacks discovered so far.

1. Add the Run command to the Start Menu

Beginning way back with the release of Windows 1.0, Microsoft has been all about the GUI interface (more or less effectively). But sometimes you just want to run a program without having to navigate the GUI maze of menus and folders. Windows Vista, by default, does not include the Run command on the Start Menu. This was a common and favorite feature of Windows XP.

To add the Run command back to the Vista Start Menu, follow these steps:

1. Right click the Taskbar in an open area
2. Click on Properties

Click on the Start Menu tab (See Figure)

Taskbar and Start Menu Properties

3. Click the Customize button to get to the Customize Start Menu

Scroll down the list until you find the Run command checkbox and check it (See Figure).

4. Click OK and the Run command will now appear on the Start Menu.

Customize Start Menu

2. Disable the Welcome Center and Sidebar

The Windows Vista default setting is to show the Welcome Center on startup. While the Welcome Center is mildly interesting the first time you see it, you will quickly tire of it appearing every time you boot your Vista PC. This behavior is easily changed by unchecking the Run a Startup button located at the bottom of the Welcome Center as shown in Figure.

Welcome Center

Similarly, the Vista Sidebar is also on by default. While some users will find the Sidebar and its widgets useful, many will desire the desktop real estate and underlying resources for other more productive uses. You can turn the Sidebar off by:

1. Right clicking the Windows Sidebar icon in the system tray
2. Click Properties
3. Uncheck the Start Sidebar when Windows starts checkbox (See Figure)
4. Click OK

Windows Sidebar Properties

3: Change the Product Key

A Windows Vista installation disk essentially has all of the various editions of Vista included on that one disk. Which version gets installed is dependent on what product key you enter during the installation process. At some point you may want to upgrade your current version to a version with more bells and whistles, which would require a new Product Key.

Or you may want to Activate your Windows Vista under a different Product Key for some reason. The easiest way to change your Product Key is through the System applet in the Control Panel.

System applet

Under the Windows Activation section there is a link: Change Product Key. Clicking that link brings up the screen shown in Figure where you can enter in a different Product Key.

Windows Activation

4: Start Windows Explorer at somewhere other than documents

While Windows Vista has desktop search that will theoretically allow you the option of merely typing in a location on your hard disk to get an Explorer view, some users will undoubtedly prefer to use Windows Explorer. By default, Windows Explorer in Vista shows you the files located in the user Documents folder. Follow these steps to have Windows Explorer start in a different folder:

1. Copy the Windows Explorer shortcut, usually found in the Start Menu under Accessories, to the Desktop.
2. Right click the shortcut and click properties.

3. Click on the Shortcut tab to get the window shown in Figure.

Windows Explorer Properties

4. Change the Target filed to the desired location.

For example, to have Windows Explorer start at C:\ type in"
C:\Windows\explorer.exe /n, /e, c:\

5. Click OK

5: Privacy tweak

As a convenience, Windows Vista by default saves and displays a list of recently opened files and programs on the Start Menu. Ostensibly, this is supposed to make it easier to find a file or program. However, many users would prefer that information to remain hidden. Here is how to turn it off:

1. Right click the Taskbar and click Properties on the resulting menu
2. Click the Start Menu tab
Uncheck the checkboxes under Privacy (See Figure)
3. Click OK

Privacy settings

6: Smaller icons on Start Menu

The icons located on the Windows Vista Start Menu default to large.

Large icons

For many users, the personal preference will be for those icons to be much smaller. Here is how:

1. Right click the Taskbar and click on Properties
2. Click the Start Menu tab
3. Click the Customize button
4. Scroll down to the bottom of the list
5. Uncheck the Use large icons checkbox
6. Click OK twice

No more large icons

7. Add Internet Explorer to the Vista Desktop

For some reason known only to the Windows Vista development team, there is no easy option to add the Windows Explorer icon to the Vista Desktop. You can add Computer, Recycle Bin, and the Control Panel --- perhaps someone can explain that to us. In the meantime, if you want to add Internet Explorer you can do it with a Registry hack. Before editing the Windows Registry it is always advisable to make a backup of the Registry file.

1. Click the Start button
2. Open the Run dialog box (or type regedit in to the search box on the Start Menu)
3. Type in regedit and press Enter
4. Navigate to the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel
5. Create a new DWORD 32-bit by right clicking in the key area
6. Copy this as the key name including the brackets:
{871C5380-42A0-1069-A2EA-08002B30309D}
7. Close regedit
8. Right click on the Desktop and click the Refresh menu entry --- Internet Explorer should now appear.

Regedit Internet Explorer

8: Change Security Center notifications

One of the most often leveled criticisms of Windows has been its lack of security. To overcome that perception Microsoft had programmed Vista to complain loudly and often if it discovers your malware, firewall or virus protection software is off or requires maintenance. For many users, the constant badgering to update your virus definitions is more annoying then effective. To calm Vista down a bit you can change the way you are notified of potential lax security.

Open the control panel and click the Windows Security Center.

Windows Security Center

Click the link Change the way Security Center alerts me to reach the dialog box
Choose you preference for notification

Chose your preference

9: Set Folder options

One of the first things experienced users change when they get a new Windows computer is change the Folder View options to a preferred setting. Windows Vista is no exception to this rule.

1. Open the Control Panel and click on the Folder Options icon
2. Click on the View tab

Folder options

3. Check or uncheck your folder preferences --- some suggestions:

• Check show hidden files and folders
• Uncheck Hide extensions for known file types
• Uncheck protected operating system files

10: Adjust power settings

By default, Windows Vista sets the power options to what it calls a "Balanced" plan. While for many users this plan will be adequate, there are many who will want to make adjustments. For laptop users specifically, settings can vary greatly when operating on battery power versus plugged into an outlet. To adjust power settings:

Open the Control Panel and then click the Power Options icon

Power Options

Click on the Change Plan Settings under one of the default plans to make changes

Power settings

For additional fine tuning click Change advanced power settings

Advanced power settings

11: Reduce Desktop Icons

By default, the Windows Vista Aero GUI uses what it classifies as "Medium" icons on the Desktop. Medium in this case is really quite large. (There is also a Large icon setting, but we won't go there.) To bring the icons back to a less eye-popping size:

1. Right click on the Desktop
2. Choose the View menu item
3. Change to Classic Icons

Classic

12 Add another time zone

For many of us working away from home offices at satellite offices, home or on the road, knowing the time across various time zones can be a necessary evil. Windows Vista will allow you to keep time in two additional time zones to the machine time.

1. Right click on the time display located in Taskbar System Tray
2. Select the Adjust Date/Time menu item
3. Click on the Additional Clocks tab

Add clocks

4. Choose a time zone
5. Click the checkbox next to Show this clock
6. Click OK

Now when you mouse over the time in the Taskbar System Tray you will get the time in your chosen time zones.

Read more!