Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora Resources > Guides & Solutions (No Questions)
FedoraForum Search

Forgot Password? Join Us!

Guides & Solutions (No Questions) Post your guides here (No links to Blogs accepted). You can also append your comments/questions to a guide, but don't start a new thread to ask a question. Use another forum for that.

Reply
 
Thread Tools Search this Thread Display Modes
  #16  
Old 23rd August 2005, 12:32 PM
wshawn Offline
Registered User
 
Join Date: Apr 2004
Location: Daytona Beach, FL
Age: 48
Posts: 422
You are most welcome, Remo.
Reply With Quote
  #17  
Old 28th August 2005, 08:42 PM
nupe494 Offline
Registered User
 
Join Date: Aug 2005
Posts: 28
Is there any way to add the following ports using the command line?

UDP/137 - used by nmbd
UDP/138 - used by nmbd
TCP/139 - used by smbd
TCP/445 - used by smbd

I currently cannot boot up in the graphical mode.
Reply With Quote
  #18  
Old 28th August 2005, 11:54 PM
wshawn Offline
Registered User
 
Join Date: Apr 2004
Location: Daytona Beach, FL
Age: 48
Posts: 422
Quote:
a) if you are using system-config-securitylevel-tui to make iptables config:

netbios-ns:udp netbios-dgm:udp netbios-ssn:tcp

b) if you are modifying /etc/sysconfig/iptables direct:

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
Taken from Taken from mib4's post
Reply With Quote
  #19  
Old 18th January 2006, 01:25 AM
jim Offline
Retired Community Manager & Avid Drinker Of Suds
 
Join Date: Feb 2005
Location: Rochester NY
Age: 39
Posts: 4,175
Execellent how-to made it sticky for everyone
__________________
Registered Linux User: #376813
Western NY
My linux site
Smolt Profile

please remember to say if you problem was solved

Did you get your id10t award today?
Reply With Quote
  #20  
Old 2nd September 2006, 06:29 PM
ofer_w Offline
Registered User
 
Join Date: Sep 2006
Posts: 8
Quote:
Originally Posted by wshawn
Disclaimer: this works perfectly for us on two fdisk'd and fresh installs, one being Fedora Core 4 (5), and the othe Windows XP Service Pack 2. All updates were applied to both systems before this process was completed. We have also gotten a FC4 laptop and multiple Windows XP machines connected with almost no effort since we completed the first machines.

Our purpose for this project was to isolate users to their own backup areas on a FC4 Linux box, allow users to share FROM the Linux box and not their Windows machines (for security), and basically keep the data redundancy and security beefed up with an additional layer of protection with data still available even if a given users Windows machine goes down.

Step 1: Opening the Firewall

Under GNOME head to Dekstop | System Settings | Security Level

Enter the root password when asked (if you don;t know the password you are finished -- refer this article to your System Admin)

UDP/137 - used by nmbd
UDP/138 - used by nmbd
TCP/139 - used by smbd
TCP/445 - used by smbd

Add the following line to "Other ports"137:udp, 138:udp, 139:tcp, 445:tcp

Select OK

-- sources
https://bugzilla.redhat.com/bugzilla....cgi?id=133478
http://fedora.redhat.com/docs/releas.../fc4/#sn-samba

There seems to be some confusion in the thread concerning security issues related to opening the firewall. I hope to bring some clarity. Many of us have a hardware router / NAT firewall between our networks and the Internet. We are not going to open these "hardware" ports up (keeping them safe from the Internet), instead we are going to open up the ports on the Linux file server (which gives the local network access), while the Router shields the box from the Internet on ports 137, 138, 139, 445..

Step 2: Allowing shares from users /home

For FC4 Open terminal and enter the following ( you must have root / admin password):


-- source http://fedoraforum.org/forum/showthread.php?t=59437

FC5 seems to reset this on our system upon reboots to disable the shares from the /home/user folders. To change the settings from the Gnome desktop:

System | Administration| Security Level and Firewall settings
Click on the SELinux tab
Select "Modify SELinux Policy"
Drop down the SAMBA section
Check mark "Allow Sambe to share users home directories"

Step 3: Cause SELinux to relable the files per your changes


You now need to reboot.

Step 4: Starting SMB / NMB
We will discuss two simple ways of doing this (use your own preference). Both methods require root access:

Method 1:
Go to Desktop | Server Settings | Services (enter root password as necessary)

Click on smb and hit start
Now save it.
You can close the window now.

Method 2:
Open a terminal

Step 5: Configuring Users
As it is our purpose to allow users to have access to their data even if their Windows box goes down we are creating local user accounts on the Linux box for each user on the system. To begin with we are only interested in doing one user, as it has been my experience that if one works the rest will work also.

You will need root access:

Go to Desktop | System Settings | Users and Groups
Add a user by clicking OK after you have completed all the fields.

Now go to Desktop | System Settings | Server Settings | Samba
Create a user by going to the Prefernces menu and clicking on Samba Users | Add User

Find the user name in the dropdown box in the Unix Username box.

Now here is a neat trick. YOU DO NOT HAVE TO HAVE MATCHING USER NAME AND PASSWORDS! This is a huge misunderstanding in the networking / Linux worlds. You only have to remember what it is that you enter here. Your username does NOT have to match the Linux OR Windows username (but it does make life easier).

In our setup we have the same user name logon for Linux, Windows and Samba. With the logon passwords the same on both boxes, but the Samba password is totally different (this will help a user protect their files if someone discovers their logon name and password - unless they are on his box).

Step 6: Using the share

Go to the Windows box of your respected user

Click on any instance of "My Network Places." You are not looking for the share yet.

You will need to get to the "Workgroup Computers"

You may have to hit F5 a couple times or in the worse case reboot the windows machine a couple times. Eventually I turned both off and turned both on. When you see the Linux machine come up in the Workgroup Computers (you are not looking for the share -- only for the machine) click on it. A pop up asking for user name and password should come up if all other steps were finished correctly. At this point put in the SAMBA user name and password and put a check mark in "Remember this password...".

if you hit ok and the share shows you have just finished. Windows will auto log into using the user name and password you provided REGARDLESS of what those were.

Some snags

We have multiple Linux boxes / devices on our network. Come to find out a print server AND the FC4 fileserver were named "localhost.localdomain"
so as root we edited /etc/hosts


to read



Also, check the server settings in the Samba preferences to match the name..

rebooting the server will get everything straightened out. After the rename the file server popped up and we were running.

Another snag was trying to edit the /etc/samba/smb.conf file per forums and requests when there was absoluetly no need to touch the file to get shares working.

Biggest snag is trying to hard. Networking hasn't changed much since its inception, just what we do at the ends of it (before and after transmission). The question to keep in mind is, "What am I trying to accomplish?"

Finally we can make a real share
I logged into the server and made two folders for the first user (namely me as network wide admin)

I made a library which is a read only / visible share for all users. Various utilities for all systems are placed here as well as public files for all usage.

I made another folder which can be written to but not read for inbound files to my account.

From my Windows / Linux boxes (logged into the share) I have total access, but those on my network going to the share are limited.

This should get your shares working at a very minimal level. Things that need to be tightened and secured can now be done as you have gotten the shares working. Repeat steps 5 and 6 as needed.

--- taken from my site shawndisk.com which I desperately need to get back to developing

when I am doing all the steps there is problem on the XP with the network card
the sign for the two computers on the left is changing to x on the two computers and it means there is no network connection - I am conneting the xp and the fedora with net work cable diractly.

so still not sure what to do on the XP and in the fedora were I set up the xp computer name and workgroup
thanks
Reply With Quote
  #21  
Old 3rd September 2006, 12:06 PM
wshawn Offline
Registered User
 
Join Date: Apr 2004
Location: Daytona Beach, FL
Age: 48
Posts: 422
Are you using a cross over cable? You can not use a regular patch cable for direct connection...
__________________
Registered Linux user: 358599
Reply With Quote
  #22  
Old 14th September 2006, 04:44 PM
smudley Offline
Registered User
 
Join Date: Jun 2005
Posts: 2
Quote:
Originally Posted by wshawn
You do not need to do anything with permissions on the linux side. Just make a local and a samba user with the same name. Make sure you have logged into the server via your windows by clicking on the computer from the Computer list of the workgroup computers. If you try to access the file directly you will not do it.

If you are still having a problem then shutdown the win machine, rename the FC4 server, reboot it , and then boot your windows. Windows stores a user pass combination in the registry for each network connection requiring authentication. The easiest way to reset a bad password is to rename the server or edit the registry.

The error says "Windows cannot access.." Its a permission (which windows only has as user / pass combos) error on the windows side.
Any chance of knowing where in the registry on the Windows side that user / pass combos are kept at?

If not, do I have to change the hostname AND the IP of the server?

This is really messing with my head and I need some resolution or my boss will not be happy with me. (well he ain't happy any way but he will be very PO'ed)

Thanks,
Smudley
Reply With Quote
Reply

Tags
easy, fc4, samba, steps, windows

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Easy Steps for Installing Belkin WiFi FSD7001 G Plus Card? Titoolsen Hardware & Laptops 9 8th April 2009 01:10 PM
Fascist America, in 10 easy steps Seve Wibble 4 24th April 2007 06:58 PM
How to get ATI + Dual Head + Fedora Core 5 working in 7 easy steps... eldnar Hardware & Laptops 0 4th August 2006 12:26 AM
ReInstall GRUB - EASY STEPS ukanth Guides & Solutions (No Questions) 1 18th October 2005 07:04 AM
Help with 1280x800 - Please need very easy to follow steps ntdesign Hardware & Laptops 5 17th February 2005 10:10 PM


Current GMT-time: 22:28 (Friday, 01-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat