Disclaimer: this works perfectly for us on two fdisk'd and fresh installs, one being Fedora Core 4 (5), and the othe Windows XP Service Pack 2. All updates were applied to both systems before this process was completed. We have also gotten a FC4 laptop and multiple Windows XP machines connected with almost no effort since we completed the first machines.
Our purpose for this project was to isolate users to their own backup areas on a FC4 Linux box, allow users to share FROM the Linux box and not their Windows machines (for security), and basically keep the data redundancy and security beefed up with an additional layer of protection with data still available even if a given users Windows machine goes down.
Step 1: Opening the Firewall
Under GNOME head to Dekstop | System Settings | Security Level
Enter the root password
when asked (if you don;t know the password you are finished -- refer this article to your System Admin)
UDP/137 - used by nmbd
UDP/138 - used by nmbd
TCP/139 - used by smbd
TCP/445 - used by smbd
Add the following line to "Other ports"137:udp, 138:udp, 139:tcp, 445:tcp
There seems to be some confusion in the thread concerning security issues related to opening the firewall. I hope to bring some clarity. Many of us have a hardware router / NAT firewall between our networks and the Internet. We are not going to open these "hardware" ports up (keeping them safe from the Internet), instead we are going to open up the ports on the Linux file server (which gives the local network access), while the Router shields the box from the Internet on ports 137, 138, 139, 445..
Step 2: Allowing shares from users /home
For FC4 Open terminal and enter the following ( you must have root / admin password):
-- source http://fedoraforum.org/forum/showthread.php?t=59437
FC5 seems to reset this on our system upon reboots to disable the shares from the /home/user folders. To change the settings from the Gnome desktop:
System | Administration| Security Level and Firewall settings
Click on the SELinux tab
Select "Modify SELinux Policy"
Drop down the SAMBA section
Check mark "Allow Sambe to share users home directories"
Step 3: Cause SELinux to relable the files per your changes
You now need to reboot.
Step 4: Starting SMB / NMB
We will discuss two simple ways of doing this (use your own preference). Both methods require root access:
Go to Desktop | Server Settings | Services (enter root password as necessary)
Click on smb and hit start
Now save it.
You can close the window now.
Open a terminal
Step 5: Configuring Users
As it is our purpose to allow users to have access to their data even if their Windows box goes down we are creating local user accounts on the Linux box for each user on the system. To begin with we are only interested in doing one user, as it has been my experience that if one works the rest will work also.
You will need root access:
Go to Desktop | System Settings | Users and Groups
Add a user by clicking OK after you have completed all the fields.
Now go to Desktop | System Settings | Server Settings | Samba
Create a user by going to the Prefernces menu and clicking on Samba Users | Add User
Find the user name in the dropdown box in the Unix Username box.
Now here is a neat trick. YOU DO NOT HAVE TO HAVE MATCHING USER NAME AND PASSWORDS! This is a huge misunderstanding in the networking / Linux worlds. You only have to remember what it is that you enter here. Your username does NOT have to match the Linux OR Windows username (but it does make life easier).
In our setup we have the same user name logon for Linux, Windows and Samba. With the logon passwords the same on both boxes, but the Samba password is totally different (this will help a user protect their files if someone discovers their logon name and password - unless they are on his box).
Step 6: Using the share
Go to the Windows box of your respected user
Click on any instance of "My Network Places." You are not looking for the share yet.
You will need to get to the "Workgroup Computers"
You may have to hit F5 a couple times or in the worse case reboot the windows machine a couple times. Eventually I turned both off and turned both on. When you see the Linux machine come up in the Workgroup Computers (you are not looking for the share -- only for the machine) click on it. A pop up asking for user name and password should come up if all other steps were finished correctly. At this point put in the SAMBA user name and password and put a check mark in "Remember this password...".
if you hit ok and the share shows you have just finished. Windows will auto log into using the user name and password you provided REGARDLESS of what those were.
We have multiple Linux boxes / devices on our network. Come to find out a print server AND the FC4 fileserver were named "localhost.localdomain"
so as root we edited /etc/hosts
Also, check the server settings in the Samba preferences to match the name..
rebooting the server will get everything straightened out. After the rename the file server popped up and we were running.
Another snag was trying to edit the /etc/samba/smb.conf file per forums and requests when there was absoluetly no need to touch the file to get shares working.
Biggest snag is trying to hard. Networking hasn't changed much since its inception, just what we do at the ends of it (before and after transmission). The question to keep in mind is, "What am I trying to accomplish?"
Finally we can make a real share
I logged into the server and made two folders for the first user (namely me as network wide admin)
I made a library which is a read only / visible share for all users. Various utilities for all systems are placed here as well as public files for all usage.
I made another folder which can be written to but not read for inbound files to my account.
From my Windows / Linux boxes (logged into the share) I have total access, but those on my network going to the share are limited.
This should get your shares working at a very minimal level. Things that need to be tightened and secured can now be done as you have gotten the shares working. Repeat steps 5 and 6 as needed.
--- taken from my site shawndisk.com
which I desperately need to get back to developing