SAMBA - An Anonymous FC2 Server for XP Clients
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 6 of 6
  1. #1
    Join Date
    Apr 2004
    Location
    Wiltshire - UK
    Posts
    199

    SAMBA - An Anonymous FC2 Server for XP Clients

    How To – Set up an Anonymous Read/Write SAMBA share on an FC2 Samba-Server.

    Configuring SAMBA is generally regarded as no big problem by those who have succeeded. For ordinary mortals, not least Linux newbies, it is fraught with difficulty. This HowTo provides a simple prescription for configuring a simple standalone SAMBA serve to serve a single share to other clients who are members of the same workgroup.
    My particular scenario is the requirement to set up an FC2 Samba Server to provide extra space for a variety of WinXP boxes for backup purposes and to enable files used in common to be shared with the minimum of fuss. Security within the subnet was not an issue and this method is NOT RECOMMENDED for subnets where security within the subnet is important.

    First of all some definitions:
    Standalone SAMBA Server. This refers to a server which is a member of the same workgroup as its clients but where neither the server nor the clients are members of a domain. There is therefore no Primary Domain Controller.
    Anonymous Read/Write Share. An Anonymous share is one where the files held in the share belong to a single local username on the server. All connection requests are forced to use that username. It is impossible therefore to identify the owner (i.e. the creator) of any files in the share and there is no security within the share since all connections from any client all use the same username and therefore have the same access to all the data in the share. In this case not only is Read access open to all but so is write access.

    Requirement:
    Configure an FC2 to serve a single share to the subnet with read/write access by all clients to the share.
    Resources:
    FC2 distro – 4 CDs.
    P4 1.8Ghz, 512Mb, 60Gb HD.
    TOSHARG – The Official Samba Howto And Reference Guide
    (http://samba.mirror.ac.uk/samba/docs...Collection.pdf)
    FedoraForum thread http://www.fedoraforum.org/forum/showthread.php?t=19063 .
    Already in place:
    100/10 subnet with NetGear DS108 hub and uplink to DG834 ADSL Router.
    3 existing WinXP clients on the subnet and two FC1 clients.

    1. FC2 was installed onto the P4. I took the 'Custom' Installation option so that I could review the package selection. The important thing is to make sure that the Windows File-Sharing packages (Samba) are installed.

    2. Having installed FC2 and configured the system to your liking the next step is to make sure that everything is up to date with the latest packages from Red Hat. I did this by simply double clicking the RHN update icon on the right of the taskbar in Gnome and accepting all the available updates. The important thing is to install the latest Samba RPMs as the ones which ship with FC2 are broken.

    3. Next, set your hostname to whatever you want to know your server as. This is most easily done by going to System Settings -> Network -> DNS tab. Replace localhost.localdomain with your preferred name. In my case this was DEACON.

    4. You can set up the directory you want to share anywhere. The important thing is that the directory and file ownerships are set up correctly. I did it like this.

    root# useradd -c “Network Filestore” -m -g users -p secret netfiles
    root# mkdir /export
    root# chmod u+rwx, g+rx, o+rx /export
    root# chown netfiles,users /export

    5. Now we need to create an entry in the Samba password file for our netfiles username.

    root# smbpasswd -a netfiles
    New SMB password: secret
    Retype SMB password: secret

    6. Before we can start up Samba we need a Samba Configuration file which will set up the share we want. Here's mine:

    [global]
    workgroup = MYGROUP
    netbios name = DEACON
    security = SHARE

    [netfs]
    comment = Network Filestore on DEA
    path = /export
    force user = netfiles
    force group = users
    read only = No
    guest ok = Yes

    If you prefer you can hack your way through the smb.conf that comes with FC2 un-commenting the lines you want. There are two snags with this. Firstly, there's so much in it in the way of helpful comments it's easy to get lost in the box and secondly, its size is such that it takes smb a little while to process it all at service start. Your call. Personally I find the shorter file easier to take in.
    When your happy save the smb.conf file into /etc/samba and you're ready to start Samba.

    7. Now go to System Settings -> Server Settings -> Services and scroll down to “smb”. Check the box and click Start to run the smbd and nmbd daemons. Don't forget to click Save before you exit to make sure that smb restarts if the machine reboots.

    8. Check that smb is running by issuing # smbclient -L DEACON on your server. You should see your share listed.

    9. By now it looks as though you should be able to boot an XP box and access your new share. You're right! You should! If you go to Network Neighbourhood -> Entire Network -> Microsoft Windows Network -> MYGROUP you should find both your XP box listed and your new Samba Server. Unfortunately this is the point at which it may all fall apart...
    Try clicking on the Samba server and after a short pause the XP client may announce: “\\DEACON is not accessible. You might not have permission to use this network resource. The network path was not found.”
    You may find this a disappointment – I did.

    10. Fedora Forum to the rescue. The explanation and solution to this problem is at http://www.fedoraforum.org/forum/showthread.php?t=19063 .
    The problem is nothing to do with Samba directly but is caused by the firewall settings installed by FC2. As installed udp traffic to ports 137 & 138 on the server and tcp traffic to ports 139 & 445 is rejected.
    You need to open up these ports to your subnet so that the connection requests from the XP boxes make it to the server. The easiest way to do this is via System Settings -> Security Level, in “other ports” add the string: “137:udp, 138:udp, 139:tcp, 445:tcp” . Click OK.
    And now, your Samba Server should respond to connection requests from your XP clients.

    I hope this helps a few folk out there. Particular thanks to captain-cat and Ned whose helpful postings gave me the solution to the firewall issue.
    One man's geek is another man's guru...
    Registered Linux User #363869.
    i686 F8, Quad Core F10 64-bit, Core2Duo F16 64-bit.

  2. #2
    iain Guest
    Thanks alot, that helped me loads, im not sure quite how but I did it thanks to you.

  3. #3
    rrm1981 Guest
    thanks, this is excelent. I have been wanting to set up samba but just havn't had the time to read all the stuff out there to get it done. This gives me new motivation to give it a try. Thanks again.

  4. #4
    Join Date
    Jun 2005
    Posts
    399
    I just thought I might add a line or 2 to this excellent thread. When I got to the System Settings -> Server Settings -> Services bit, smb failed to start. I had a trawl around the forums and:

    http://www.fedoraforum.org/forum/sho...g+smb+services

    suggests starting smb manually using

    /usr/sbin/smbd -D

    This works for me. In case anyone else has the same problem they might want to try this.

  5. #5
    Join Date
    Apr 2005
    Posts
    20

    fc4 - not so fast...

    This looked just what I wanted - a no thrills, easy to read set-up to network with my partners windoze pc in my secure home network... Unfortunately it didn't work out quite so easy for me. After a few years now with Linux and periodic attempts, with varying degrees of success, it didn't seem that there was much could go wrong with this attempt. And hay, fc4 can't be so very different from fc2...

    Here, below, is my terminal output with some annotations (###). (Skip to the bottom for the conclusion.) So far I've got to running samba and accessing the share from within my box, but all I get from out side my box are issues at point 9... Also, I can't access external shares from inside my box (on two windoze boxes that can see each other). So, I guess there's something blocking samba access in and out of my box? Follow-ups much appreciated.

    Perhaps a text file with this set-up (corrected) for fc5 could be placed on the desktop of every account - might save a few novices a lot of hours?

    ######################
    [root@morgansmachine ~]# useradd -c “Network Filestore” -m -g users -p secret netfiles
    Usage: useradd [options] LOGIN

    Options:
    -b, --base-dir BASE_DIR base directory for the new user account
    home directory
    ...
    -u, --uid UID force use the UID for the new user account
    ### Not an auspicious start. After some discussion with my local lug I fell back to...
    [root@morgansmachine ~]# useradd -c “Network Filestore” -m -g users netfiles
    Usage: useradd [options] LOGIN

    Options:
    -b, --base-dir BASE_DIR base directory for the new user account
    home directory
    ...
    -u, --uid UID force use the UID for the new user account
    ### And then fell back to...
    [root@morgansmachine ~]# useradd -m netfiles
    ### After which I used the gui (Desktop -> System Settings -> Users and Groups) for the <-c “Network Filestore” -g users> bit, and then did...
    [root@morgansmachine ~]# passwd netfiles
    Changing password for user netfiles.
    New UNIX password:
    Retype new UNIX password:
    passwd: all authentication tokens updated successfully.
    [root@morgansmachine ~]# mkdir /home/export
    [root@morgansmachine ~]# chmod u+rwx, g+rx, o+rx /home/export
    chmod: cannot access `g+rx,': No such file or directory
    chmod: cannot access `o+rx': No such file or directory
    ### Well clearly I can't expect to highlight and past into my terminal... There's no space between the commas, but I just did...
    [root@morgansmachine ~]# chmod u+rwx /home/export
    [root@morgansmachine ~]# chmod g+rx /home/export
    [root@morgansmachine ~]# chmod o+rx /home/export
    [root@morgansmachine ~]# chown netfiles,users /home/export
    chown: `netfiles,users': invalid user
    ### Oops, not again...
    [root@morgansmachine ~]# chown netfiles, users /home/export
    chown: `netfiles,': invalid user
    ### And, again...
    [root@morgansmachine ~]# chown netfiles,users /home/export
    chown: `netfiles,users': invalid user
    ### And, again...
    [root@morgansmachine ~]# chown netfiles, users /home/export
    chown: `netfiles,': invalid user
    ### All right, that's enough!
    [root@morgansmachine ~]# chown netfiles:users /home/export
    ### And, that's more like it!
    [root@morgansmachine ~]# smbpasswd -a netfiles
    New SMB password:
    Retype new SMB password:
    Added user netfiles.
    ### Here, following point 6 I added to /etc/samba/smb.conf this:
    [global]
    workgroup = 19CLARKEROAD
    netbios name = MORGANSMACHINE
    security = SHARE

    [netfs]
    comment = Network Filestore on morgansmachine
    path = /home/export
    force user = netfiles
    force group = users
    read only = No
    guest ok = Yes
    ###
    [root@morgansmachine ~]# smbclient -L MORGANSMACHINE
    Password:
    Domain=[19CLARKEROAD] OS=[Unix] Server=[Samba 3.0.14a-2]

    Sharename Type Comment
    --------- ---- -------
    netfs Disk Network Filestore on morgansmachine
    IPC$ IPC IPC Service (Samba 3.0.14a-2)
    ADMIN$ IPC IPC Service (Samba 3.0.14a-2)
    Domain=[19CLARKEROAD] OS=[Unix] Server=[Samba 3.0.14a-2]

    Server Comment
    --------- -------
    MORGANSMACHINE Samba 3.0.14a-2

    Workgroup Master
    --------- -------
    19CLARKEROAD MORGANSMACHINE
    [root@morgansmachine ~]#
    ######################

    Hooray, got there! Not so fast... At this point I ran into the problem at point 9, except I'd opened the ports in iptables... Couldn't even browse my network from within my own box at this stage... But hang on, there's that new (a bit old by now) tab to the "Security Level" gui... So, I've turned on all the SELinux Samba access options - any follow-ups on what can be safely turned back off?

    Now, I can browse my Samba shares from with in my box - reliably my share is alway there at "Computer -> Network -> MORGANSMACHINE -> netfs (or via Computer -> Network -> Windows Network -> 19clarkeroad -> MORGANSMACHINE...). Also, I can see Morgansmachine from the windoze boxes but trying to access them results in errors as per point 9 (but, the firewall ports have been opened and all the SELinux Samba access options have been enabled). A bit deflating.

    Clearly, I've missed something obvious. If someone could point me in the right direction with a follow-up it'd be much appreciated.

    Thanks all.
    --
    Morgan Read

  6. #6
    Join Date
    Apr 2005
    Posts
    20
    fc5 - racing...
    Seems fc5 has cleaned up the iptables and selinux issues in fc4 (above) with some tidy features - not tried the above HowTo for fc5 but imagine it'll work based on fc5 client access to XP shares (which is very straight forward, sweet).

Similar Threads

  1. anonymous samba server
    By linearfish in forum Servers & Networking
    Replies: 2
    Last Post: 20th June 2007, 05:09 PM
  2. Printer Server (Cups+Samba) in FC3 for windows clients
    By mpaiva in forum Guides & Solutions (Not For Questions)
    Replies: 0
    Last Post: 23rd May 2005, 05:58 PM
  3. anonymous proxy server
    By yeehi in forum Wibble
    Replies: 3
    Last Post: 10th January 2005, 02:03 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •