First, you must allow the Linux server full rights and access to the Windows workgroup and local domain. That means that either in your Active Server environment you need to reserve an IP address for the Linux server, or you simply need to ensure a hard coded IP address is given to the Linux server. The server must have a reserved IP address whether you deliver it via DHCP or statically assign it in the DNS. This also means that you need to ALLOW SMB DAEMON to operate. You can ensure your system security does this by editing your Firewall setup or using system-config-securitylevel .
Second, you must ensure that SAMBA (SAMBA tools and the SMB protocol) is installed and running on the Linux server. Most versions of Fedora come with the necessary packages. You should also be sure to update your SAMBA security levels properly if you are having trouble accessing a shared directory. This is found under Samba Server Configuration tool, main menu Properties, option Server Settings, and then the tab: Security.
Now you are ready to configure your Fedora Linux/SAMBA machine... aka. SAMBA Server.
STEP 1: Enable Network Connectivity to the SAMBA Server
Using the Fedora Network Configuration tool you will need to ensure that the ethernet card is enabled and properly functioning. Get quick access to the tool through this command: system-config-network
Once in the Network Configuration tool, you should ensure that your ethernet device is enabled. If it is not, select the eth device and then click on the Edit button. This will allow you to input the vital network adapter settings including: statically set IP address, subnet mask, and gateway. You should also select the top checkbox labeled Activate device when computer starts. Read this article for more details regarding configuring a network card in Fedora, Mandrake, or SuSE.
Close and save any changes you've made. The main goal is to ensure you have an ACTIVE and functioning network card on the SAMBA server.
Restart the network services or simply reboot your SAMBA server. Now try a ping to the server from another PC on the same subnet. At a command prompt, for example, type: ping 10.2.2.3
The ping should come back good validating your network connection. If you need more Linux system administration help read my Admin Commands List.
STEP 2: Update Firewall Settings
In most cases the default Firewall setting on the SAMBA server locks out any inbound network requests. I've had a great many people come running to me about this issue. If you're setting up a basic SAMBA server within your business intranet, allow your ethernet connection to be a trusted device so others can get to your SAMBA server and not be bounced by the server's Firewall.
NOTICE: if you plan to use the SAMBA server outside of your business firewall/intranet you should NOT follow the next step. Instead you allow your local server to receive packets by making changes to your IPTABLES, such as:
iptables -A INPUT -s 192.168.0.0/255.255.255.0 -j ACCEPT
The following step is for those using an intranet business server configuration.
Okay, now to allow your intranet based SAMBA server to properly accept incoming requests, from your Main menu choose System Settings, then Security Level. You can access this also by typing the command:
system-config-securitylevel
Please select the box next to the ethernet card you are using for intranet connectivity so that it becomes a TRUSTED DEVICE. Otherwise you have a super secure server that bounces inbound requests. Notice, this selection effects all the items in the Services listing above it, so please be careful in what context you allow a trusted device!
Press OK when finished.
STEP 3: Enable SMB Services
Ironically, the SMB daemon and other core services are usually NOT started by default. You will need to change this so that your SMB daemon is now started.
Using the GUI from the main menu, go to System Settings, then Server Settings, then choose Services. You can also get to this using the command: system-config-services
While you're looking over this long list of services, please DISABLE things you know for sure you do not need to run on this SAMBA server. For instance apmd, isdn, etc. But also ensure that key services such as SMB are selected and RUNNING. Select SMB and press the Start button. If it is supposedly already running you can press the Restart button to be sure it is indeed running correctly now.
Now press the Save button to make sure the configuration changes have been saved for future restarts.
Sometimes using the GUI just does not properly restart the SMB daemon. In such odd cases, I want to suggest you force a manual restart from the command line with this command: /etc/rc.d/init.d/smb restart
If you keep having startup failures, where for every reboot you need to perform Step 3, you may need to manually configure your start up processes so that SMB will always be in the init.d bootup. Okay, if that sounded ridiculously confusing then how about just going to my article on manually starting services and configurations.
STEP 4: Create Server Users & Directories
You will need to ensure that people also have a login to the SAMBA server to do their work. Logins should be provided on an as needed basis. Obviously, in most cases the users accessing the SAMBA server will be a subset of the total users on the Windows business network.
Create user logins with the Gnome User Manager tool in Fedora. You can find this from the main menu by choosing System Settings, then Users & Groups. The command for this is: system-config-users
Notice this is the first step in creating SAMBA users, which comes later.
Add as many users as you need and then move on to the next part, which is creating directories (aka. folders) for use.
This is such an obvious step most people usually forget to think about it before hand. However, it is very helpful to think ahead what directories you will allow access to on the SAMBA Server for business use. In my case the people needing SAMBA server access will be updating webpages. Therefore, I do not need to add any other folders for file sharing or group interaction. Be sure you add any folders in a reasonable and ordered fashion.
A big TIP for those who are not aware, the permissions settings for your folders are very important. If you have no idea how to change permissions, then you may want to review this article on Linux filemanagement and permissions.
STEP 5: Configure the SAMBA Server
It's time to configure your SAMBA server to allow others on the intranet to login and use the server from Windows or Linux PCs.
From the main Fedora menu, choose System Settings, then Server Settings, then Samba. You can also get to this tool by typing the command: system-config-samba
You are about to make changes to the SAMBA Configuration file called smb.conf. This file is found under /etc/samba. If you encounter issues you may want to first start by using my example smb.conf file and then make the changes below. I also want you to be aware that you can edit configuration files with the web interface tool called Samba Web Administration Tool(SWAT) and several others. Now lets move ahead using the Configuration tool using the preloaded Fedora tools. NOTICE that many people begin by tinkering with their .conf file... this is NOT a good idea. First ensure that the basic samba connectivity works and THEN you can tinker with the smb.conf! (see troubleshooting below)
A. Begin by Making Changes to the Server Settings
Under the Preference menu item choose Server Settings...
Be sure to include the Windows workgroup name. In the example above the workgroup has been changed to net. Your situation may be different. In many cases naming the workgroup simply workgroup is fine, so long as your Windows PCs connect to this same name.
Under this same window, click on the Security tab. It comes by default with the appropriate settings for a basic SAMBA Server. The Authentication mode should be User. You would need to change this only if you plan to allow logins based on the Microsoft ADS.
Press OK to finish making basic changes to the server.
B. Select SAMBA Users
Under the Preference menu item choose Samba Users
In this window you must Add at least one user who will have access to the SAMBA Server. Notice that only user accounts you created in step 4 should be added to this listing.
Press the Add User button, then from the pull down select a user. Fill out the additional information needed for this SAMBA user. Press OK when finished.
C. Adding A Shared Folder
Under the SAMBA Server Configuration window, you must create at least one SAMBA share directory.
Press the Add button and then the Browse button. Now choose a folder you wish to make available to SAMBA users. Be careful, some folders have permissions settings that do not allow sharing. Now be sure to select the Read/Write option to allow people full access. Don't press OK yet!
You should see your shared folder appear under the listing as shown in the example above.
D. Adding Users
In the same window, select the second tab labeled Access. From here choose the first option labeled Only allow access to specific users and select the users you wish to give access to this specific SAMBA shared folder. Press OK when finished.
You can repeat steps C and D for each new shared folder.
Once completed, please choose File from the menu then choose Quit.
Hopefully this saved all of your settings properly. If you encounter issues with the graphic SAMBA configuration tool, such as it failing to accept your changes, then please read the Troubleshooting Tip 4 located below.
STEP 6: Restart the SAMBA Services
Now you need to restart all SAMBA services. You can use the process found in Step 3, except press the Restart button or use the word restart instead of the word start.
I mentioned earlier that sometimes your changes do not get properly picked up. I've installed so many different Fedora SAMBA configurations that I can't recall every reason. This may be a very good time to simply reboot the LINUX/SAMBA Server. Rebooting will ensure everything gets properly started up and all of the configuration changes are included. More importantly, this is likely the last time you will ever restart your SAMBA server again. Some of my FEDORA servers haven't been restarted in years.
STEP 7: Access the SAMBA Server from Windows
You're now ready to fully utilize your new intranet SAMBA Server for work. On any Windows PC you can access the server by simply going to the main Start menu, choosing Run and typing in the hostname of your SAMBA server. For example: \\linuxserver
Please notice that in the Windows environment you use different slashes and you need to ensure this syntax.
If this does not work, perhaps if the server is not yet included in your DNS, try accessing the SAMBA Server through its IP address: \\10.2.2.3
Obviously you need to use an actual hostname or IP address and not my example.
If all works well you should instantly see a SERVER LOGIN window. Now login using a SAMBA created username.
You should then instantly see the shared folder as well as the individual user's personal folder that exist on the SAMBA Server.
Congratulations, you're done.
No comments:
Post a Comment