Open main menu

CDOT Wiki β

Changes

OPS335 Samba Lab

126 bytes removed, 17:15, 4 November 2015
m
fixing warning.
FOCUS[[Category: Automating System BackupOPS335]][[Category:OPS335 Labs]]=Samba - A Windows SMB/CIFS fileserver for UNIX=This {{Admon/important|Warning| Make sure that your VMs are fully updated before you begin this lab will show you how to set up a Fedora installed system to be used for file backups.}}
PART A: Requirements:==Configuring a Samba Server on Linux==*On your VM 2 install Samba dnf install samba samba-clientYou will need two PCs to do this lab*Create a backup of the file /etc/samba/smb. We'll use one real PC (your hard drive running Fedora 13) conf, and create a new one virtual PC (created with Fedora's virtual machine manager)that includes only the following: [global] workgroup = <yourlearnid>.org Your server string = "put your real Fedora 13 system (installed on name here without the quotes" encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd [home] comment = "put your hard drive) should be updated real name here without the quotes" path = /home/<learnid> public = no writable = yes printable = no create mask = 0765*Now add a parameter to the global section that will limit access to the latest software share so that only machines in your virtual network and should those in the lab room will be using able to access it.*Add a parameter to the default server firewallhome section so that only your user account can access that share.Your virtual Fedora 13 system (installed as *Create a Samba password for user <learnid> with the command smbpasswd -a guest VM) should also be updated <learnid>*If you need to , you can change a user's password by using the latest software and should be command smbpasswd <username>*Confirm the user you created has been added using the default server firewall.following command pdbedit -L -vAlso ensure that *Test and review your configuration with the ssh command testparm*You can now start your Samba server is running on both host (smb.service) and guest machinesensure it will start at boot.Also ensure *Modify the clocks firewall on both machines are set VM2 to allow samba traffic.*Test if you have a connection with the correct date and time.command smbclient -U <learnid> -L vm2Your virtual system *It will be used to backup files from the host machine. Your setup should look like the following diagram. Once your setup is correct proceed to PART Bshow you a list of all available shares.
PART B: Using rsync and cron =Connecting to automate system backup:Login to vm01 as joker and open a terminal window. Then "su -" to root run the following two commands: mkdir /backup rsync -avz 192.168.122.1:/etc/ /backup/etcStill on vm01 run this command to verify rsync worked correctly: ls /backup/etcLinux SMB Server from a Linux Client=Notice that when running rsync you had to enter the password for root on f13. To automate this process so There are many ways that it will run without requiring a password we'll use an RSA public/private key pair for passwordless authentication. To do this we'll have Linux client can connect to generate an RSA public/private key pair on vm01. We'll use an openssh command like this: ssh-keygen -t rsa when you enter this command just hit ENTER for all the questionsSMB server.Here's what I got when I ran it on my vm01
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: f5:07:8c:aa:b6:08:e0:45:81:ca:d6:88:8c:aa:1a:7b root@vm01@localdomain The key's randomart image is: +--[ RSA 2048]----+ | o+++ | | E .ooo.. | | ...o. | | ...o .| | .S+ + o.| | . = . o .|= Using smbclient == | o + | | o + | | . . | +-----------------+Now *In a full installation you'll should not need to copy vm01's public rsa key over to f13. Still install samba-client on vm01 use this command (be sure you have the /root/.ssh/ directory on f13 - your host, but if you don't it is not present then make it first): scp /root/.ssh/id_rsa.pub 192do so.168.122.1:/root/.ssh/authorized_keys2Now verify that your new authentication method is working. Still on vm01 try *You will also need to ssh install the cifs-utils package to f13 as root. You should be able to login without entering a password. If you were successful then move on to mount the next step, otherwise repeat steps 3 and 4filesystem.Install mailx on vm01 if it's not already installed.Now, still as root on vm01, *From the host use the "smbclient" command in a terminal window. smbclient '\\vm2\home'crontab -e' U <learnid>*After entering your password you should get a prompt similar to edit root's cron table. Insert the following line smb:\> 15 * * * * /usr/bin/rsync -avz 192.168.122.1:/etc/ /backup/etc At 15 minutes past Enter the hour rsync should synchronize the /etc/ directory ls command to see a list of f13 to the /backup/etc/ files in your home directory on vm01. If this time has passed and - you don't want to wait an hour for may receive the next time rsync runs, just edit root's cron table on vm01 and enter another time for the backup to take placefollowing error.You smb: \> ls NT_STATUS_ACCESS_DENIED listing \**SE Linux should convince yourself that /etc/ is being backed up by adding some file (say 'touch /etc/junk' on f13) to /etc be in Enforcing and then see if it was indeed copied will need to vm01.After the cron job runs, root be adjusted (on vm01 should have received an email containing the output of the cron job. Verify samba server) for this by using the mail command to check root's mail on vm01work.Finally, edit root's cron table on vm01 and add another record setsebool -P samba_enable_home_dirs 1*Once you have access to backup the /home directory of f13 use the get and put commands (similar to /backup on vm01 once each week at 2am on Saturday.PART C: Using syslog ftp) to route log move files to a remote host:On your host machine (f13) edit /etc/rsyslog.conf and make the following change:change #*When you are finished close the connection.* @@remote-host:514to *.* @@192.168.122.xxx:514where xxx is the IP of vm01 (your logging machine)
Now restart your rsyslog service (service rsyslog restart).== Using 'mount -t cifs' ==Go back on *The next way is to vm01 and edit /etc/rsyslog.conf and make use the following change:change these two lines #$ModLoad imtcpmount command.so #$InputTCPServerRun 514to $ModLoad imtcp.so $InputTCPServerRun 514Still on vm01, restart syslog. NOTE: At this point you should use iptables to open up tcp port 514 *Use the mount command on vm01.Now go back onto f13 and use the logger command host to verify logging messages are getting through to vm01. Try this commandmount your home directorylogger mkdir /tmp/vm2-p user.warn "Hello World"homeUse the command "tail mount -t cifs //vm2/varhome /logtmp/messages" on vm01 to view the results of the previous step.vm2-home -o username=<learnid>PART D: Answer the following questions and and email them to your teacher in ASCII text format. ls /tmp/vm2-home
What == Using Nautilus to browse Samba shares ==*Use the "Places" menu from the desktop and open 'Browse Network'.*From the menu in the side-bar of the files tool, choose 'Connect to Server'. *Enter 'smb://vm2/home' as the location, and enter your samba password in the prompt.**Where vm2 is your full the name of the server, and 9home is the name of the directory it is sharing.*After you have checked that you can access your files, unmount the share by right-clicking its icon in the side-digit Seneca student ID?bar and clicking 'Unmount'. == Using a browser ==*You can also use a web browser with support for the SMB protocol such as Konqueror.**Note that firefox does not have such support. *If Konqueror is not installed then install it with the command: yum install kdebaseShow *Start Konqueror, the web/file browser, and in the address bar enter the RSA public key generated following smb://vm2/home*Enter your username and password when prompted.*Double click on vm01a file you have some text in. i.e**Open it with gedit, make some changes, and save it. **When prompted, choose to upload the file called id_rsa.pub*Close Konqueror.Explain *cat the meaning of file on your VM2 to ensure the -avz options on changes were properly uploaded. =Connecting to a Linux SMB Server from a Windows Client (Windows 7)=*Power up a Windows 7 system in the rsync commandlab and login using your LEARN username and password.What did root*Add the prerouting and forwarding rules to your Centos host's cron table iptables necessary to redirect samba traffic from outside your network to your VM 2.*Open up Explorer and Right click on vm01 look like after step 11 Computer > Map network drive.. > Select a Drive Letter and '\\<ip-address-of PART B?-host>\home' > you will then be asked for your username and password.*You should now be able to browser, drag and drop your files to and from the Windows machine. What were ==Completing the last two lines Lab==While completing this lab you have gained experience using a service designed to allow interaction from a variety of client tools on multiple OS platforms. You have also experienced service related tools that allow you to view configuration parameters and errors in real-time. Exploration questions:#What is the email sent to root upon completion purpose of the cron job in PART B step 10testparm command?#What does SMB stand for? CIFS?#What was shown does the text inside square brackets in PART C step 6the smb.conf file mean?(e.g., "[home]").What is #Explain the output meaning of the iptables-save line "create mask = 0765" in the smb.conf file?#What does the smbpasswd command on vm01 at do?#What did the end of this labsetsebool command do?
932
edits