Open main menu

CDOT Wiki β

Changes

OPS335 Samba Lab

1,047 bytes added, 20:38, 6 September 2011
no edit summary
FOCUS: Automating System Backup
This lab will show you how to set up a Fedora installed system to be used for file backups.
PART A: Requirements:
You will need two PCs to do this lab. We'll use one real PC (your hard drive running Fedora 13) and one virtual PC (created with Fedora's virtual machine manager).
Your real Fedora 13 system (installed on your hard drive) should be updated to the latest software and should be using the default server firewall.
Your virtual Fedora 13 system (installed as a guest VM) should also be updated to the latest software and should be using the default server firewall.
Also ensure that the ssh server is running on both host and guest machines.
Also ensure the clocks on both machines are set to the correct date and time.
Your virtual system will be used to backup files from the host machine. Your setup should look like the following diagram. Once your setup is correct proceed to PART B.
PART B[[Category: Using rsync and cron to automate system backupOPS335]][[Category:OPS335 Labs]]Login to vm01 as joker and open a terminal window. Then "su -" to root run the following two commandsFOCUS: mkdir /backup rsync -avz 192.168.122.1:/etc/ /backup/etcStill on vm01 run this command to verify rsync worked correctly: ls /backup/etcNotice that when running rsync you had to enter the password for root on f13. To automate this process so that it will run without requiring a password we'll use an RSA public/private key pair for passwordless authentication. To do this we'll have to generate an RSA public/private key pair on vm01. We'll use an openssh command like this: ssh-keygen -t rsa when you enter this command just hit ENTER for all the questions.Here's what I got when I ran it on my vm01SAMBA
Generating public/private rsa key pair. Enter file in which PART A: Connecting to save the key a Linux SMB Server (/root/.ssh/id_rsaMatrix): Enter passphrase from a Windows Client (empty for no passphraseWindows 7): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved Power up a Windows 7 system in /root/.ssh/id_rsa.pub. The key fingerprint is: f5:07:8c:aa:b6:08:e0:45:81:ca:d6:88:8c:aa:1a:7b root@vm01@localdomain The key's randomart image is: +--[ RSA 2048]----+ | o+++ | | E .ooo.. | | ...o. | | ...o .| | .S+ + o.| | . = . o .| | o + | | o + | | . . | +-----------------+Now you'll need to copy vm01's public rsa key over to f13. Still on vm01 use this command (be sure you have the /root/lab and login using your LEARN username and password.ssh/ directory on f13 - if you don't then make it first): scp /root/.ssh/id_rsa.pub 192.168.122.1:/root/.ssh/authorized_keys2Now verify that your new authentication method is working. Still on vm01 try to ssh to f13 as root. You should be able to login without entering a password. If you were successful then move on to see an icon of Tux, the next stepLinux penguin, otherwise repeat steps 3 and 4.Install mailx on vm01 if it's not already installedyour desktop.Now, still as root on vm01, use the command 'crontab Double-e' click it to edit root's cron tablelogin to your Matrix account. Insert the following line: 15 * * * * /usr/bin/rsync -avz 192A window of your Matrix home directory should open.168.122.1:/etc/ /backup/etc At 15 minutes past Use the hour rsync should synchronize the /etc/ directory of f13 mouse to the /backup/etc/ directory on vm01. If this time has passed drag and you don't want drop files to wait an hour for the next time rsync runs, just edit root's cron table on vm01 and enter another time for the backup to take placefrom your Matrix account and your Windows 7 lab machine.You should convince yourself Once you are satisfied that /etc/ is being backed up by adding some file (say 'touch /etc/junk' on f13) you can easily move files to /etc and then see if it was indeed copied to vm01from your Matrix account power off the PC.After Set the cron job runs, root on vm01 should have received an email containing the output of the cron job. Verify this by using the mail command HD selector switch to check root's mail boot from your Fedora 13 Linux drive and power on vm01.Finally, edit root's cron table on vm01 and add another record to backup the /home directory of f13 to /backup on vm01 once each week at 2am on SaturdayPC.PART CB: Using syslog to route log files Connecting to a remote host:On your host machine Linux SMB Server (f13Matrix) edit /etc/rsyslog.conf and make the following change:change #*.* @@remote-host:514to *.* @@192.168.122.xxx:514where xxx is the IP of vm01 from a Linux Client (your logging machineFedora 13)
Now restart There are 4 ways that a Linux client can connect to an SMB server. Start by logging into your rsyslog service Fedora 13 system as joker and opening a terminal window.The first way is to use the "Places" menu from a Gnome desktop:Switch to root and ensure you are using the default Fedora 13 firewall.As root, ensure Samba is installed. Use these two commands: "yum install samba" and "yum install samba-client"NOTE: Fedora encrypts passwords when authenticating SMB connections. Unfortunately Windows clients (service rsyslog restarthere at Seneca)insist on passwords being sent in plain text.Go back on For this reason Matrix SMB is set to use plain text passwords. To change Fedora to use plain text passwords switch to vm01 root and edit the /etc/rsyslogsamba/smb.conf file and make immediately after the following change:change [global] section header insert these two lines: #$ModLoad imtcpclient plaintext auth = yesclient lanman auth = yesCreate a new account on Fedora with the same name as your LEARN acount. Set the password to 'seneca99'.Logout of joker and login to Fedora using your LEARN name.so #$InputTCPServerRun 514Now try the following:toFrom the "Places" menu at the top of your screen, select "Network" $ModLoad imtcpand wait until the network scan completes.soThen click on the $InputTCPServerRun 514"Windows Network" and then click the "File" menu and selectStill "Connect to Server" and input matrix.senecac.on vm01.ca for the server, restart syslogyour username for the ShareName and UserName fields. NOTE: At this point you Then click theConnect button. You should now be able to browse your Matrix files.The second way is to use iptables a web browser with support for the SMB protocol such as Konqueror.If Konqueror is not installed then install it with the command: 'yum install kdebase'. Start Konqueror, the web/file browser, and in the Location edit box enter the following: smb://matrix/xxxxxxwhere xxxxxx is your Matrix usernameLogin to your Matrix account. Konqueror should open up tcp port 514 on vm01a window of your Matrix home directory. Use the mouse to drag and drop files to and from your Matrix account and your Fedora Linux machine.Close Konqueror.Now go back onto f13 and The third way is to use the logger "smbclient" command in a terminal window.At the command prompt enter the following: smbclient '\\matrix\xxxxxx' -U xxxxxx where xxxxxx is your Matrix usernameYou should get a prompt similar to smb: \>Enter the ls command to see a list of your Matrix files.Enter ? to verify logging messages are getting through see a list of smbclient commands.Use the get and put commands (similar to ftp) to move files to vm01and from your Matrix account and your Fedora 13 Linux system. Try this When done enter the quit command.logger -p userThe fourth way is to use the mount command.warn "Hello World"THIS PART IS IN RED BECAUSE IT PROBABLY WILL NOT WORK !Use the mount command to mount your matrix home directory. NOTE: This mount command "tail will only work if your kernel was configured to allow mounting CIFS with unencrypted passwords. mount -t cifs //varmatrix/logxxxxxx /messages" on vm01 to view the results of mnt -o username=xxxxxxwhere xxxxxx is your your Matrix username.If the previous stepworked, browse your /mnt directory using cd and ls commands and when done use the umount command to unmount your Matrix home directory.PART DC: Configuring an SMB Server on LinuxLogin to Fedora as joker and open a terminal window.Use "su -" to become root.Ensure SAMBA is installed: Answer yum install sambaEdit the file /etc/samba/smb.conf, delete all original lines and include the following questions and and email them to : [global] workgroup = OPS335 server string = "put your teacher real name here without the quotes" encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd hosts allow = 142.204.141. ; note: the above line will allow access from the Seneca domain in ASCII text format.lab T2107
[home] comment = "put your real name here without the quotes" path = /home/xxxxxxx valid users = xxxxxxx ; remember xxxxxxx is your LEARN/MATRIX account name public = no writable = yes printable = no create mask = 0765You can comment out all other lines in the file.Create a SAMBA password for user xxxxxxx with the command smbpasswd -a xxxxxxxTest your configuration with the command testparmYou can now start your SAMBA server /etc/init.d/smb start or service smb startTest if you have a connection with the command smbclient -L 142.204.141.yyy -Uxxxxxxx%pppppppwhere 142.204.141.yyy is your Fedora Linux IP addressand xxxxxxx is your Matrix account nameand ppppppp is your SAMBA passwordIf the previous command worked, use another PC (Fedora then Windows) to establish a connection with the SMB server on your Fedora Linux machine. This step is important to ensure your SMB server on Linux is working. NOTE: If your set up looks correct but you can't connect to your SMB server from the outside then you may need to adjust your firewall to allow SMB connections.From another Linux PC, use the mount command to mount your home directory onto /mnt. Step 4 in PART B should help you with this. Record this command as you'll need it for PART D.PART D: Answer the following questions What is your full name and 9-digit Seneca student ID?Show the RSA public key generated In PART C step 9, explain how you connected to your SMB server on vm01. i.eLinux from a Windows PC. List exactly what you had to do on the file called id_rsa.pubWindows PC to test your Linux server.Explain What is the meaning purpose of the -avz options on testparm command?What is the purpose of the rsync smbclient command.?What did root's cron table on vm01 look like after step 11 of PART Bdoes SMB stand for? CIFS?What were does the text inside square brackets in the last two lines of smb.conf file mean? (e.g., "[homes]").Explain the email sent to root upon completion meaning of the cron job line "create mask = 0765" in PART B step 10the smb.conf file?What does the smbpasswd command do?What was shown exact mount command did you use in PART C step 6?What is the output of the iptables-save command on vm01 at the end of this lab10?
1
edit