Building linux file server

The basics of building an in-house server for Linux (CentOS 8.1, openSUSE 15.1, Ubuntu 20.04)! File server with Samba

Due to the influence of the coronavirus, the world economy is collapsing, and telework is being introduced one after another regardless of scale, but sharing files within the LAN in the room by working with a PC from a small organization So, I would like to start first (˶˙ᵕ˙˶)

Basically, ** Linux + Samba, file server in LAN **, let’s start by sharing files with multiple PCs in the organization! For simplicity, install Samba from each Linux distribution and build a Linux file server.

Assumptions and preparations

environment

—File server program: Samba (Linux package standard smbd) —Client: Windows10 Pro —Server architecture: x64 (operation confirmed with Hyper-V 2nd generation) Linux distribution: CentOS 8.1 / openSUSE 15.1 Leap / Ubuntu 20.04 (all 64bit)

Premise

—The user shall install as root. On the capture screen, create an administrator admin and execute the same command as root with sudo from there. —For all distributions, the firewall shall use firewalld (do not use distribution-specific firewall commands). —Omit about OS installation —The LAN network segment shall belong to 192.168.1.0/24 —For CentOS, disable SELinux (reboot is also required after editing / etc / selinux / config).

CentOS8.1

/etc/selinux/config

 SELINUX=enforcing → SELINUX=Change to disabled 

CentOS8.1

Server conditions

I tried to build a file server with Samba under the following conditions ٩ (.´͈ ᵕ `͈. ♡) ۶

IP address

—Client: 192.168.1.11 —Linux server: 192.168.1.18 (use the same IP address for all distributions) —Affiliation network segment: 192.168.1.0/24

サーバー図.png

File server conditions

—As an example, the section name created in the file server space is «kazumi75kitty». —As an example, the directory on the Linux server used as the file server space is / mnt / miura /, and both reading and writing are OK.

Work procedure

OS update

This is of course! Update is performed in advance

CentOS8.1

openSUSE15.1

Ubuntu20.04

** Reboot Linux ** when the update is complete.

Introducing Samba

Samba installation

Install Samba from the packages of each Linux distribution.

CentOS8.1

openSUSE15.1

Ubuntu20.04

Creating a user to use Samba

Create a new Linux user to use the Samba file server. This time, as an example, let’s assume that the file server is used with the user name «* shonan *».

# useradd -m shonan #sudo passwd shonan ← Set a password for the user 

Next, register with Samba for the created Linux user. Use the * pdbedit * command.

Читайте также:  Microsoft surface and linux

Don’t get confused here, you need to set a password for the Samba file server in addition to the password you registered when you created the Linux user **. Remember that to actually log on to the file server from Windows, it is the password you set with the ** pdbedit command, not the password for the Linux user ** (I use the same password as the Linux password for simplicity .. (๑ ・ ∞ ・ ๑))

Samba settings

Set up Samba in «/etc/samba/smb.conf».

/etc/samba/smb.conf

 #Only the items to be added or changed are listed. Others remain at default settings [global] workgroup = [Windows workgroup name to which you belong] hosts allow = [IP address or network segment to allow connection] [] comment = [Any comment] path = [Directory used as a file server] read only = no browsable = yes writable = yes 

In this file, the directory on the Linux file server can be published as a file server for flexible purposes by separating the directories as arbitrary section names.

Therefore, this time, as described in «File server conditions», I would like to make the section name «* kazumi75kitty » and the Linux directory « / mnt / miura / *» available as a file server. I will. Also, since it is assumed that the network is at 192.168.1.0/24, allow this network.

Then, /etc/samba/smb.conf will be set with the following settings.

/etc/samba/smb.conf(Example)

 #Only the items to be added or changed are listed. Others remain at default settings [global] workgroup = [Windows workgroup name to which you belong] hosts allow = 192.168.1. 127.0.0.1 #hosts allow, 192.168.1.0/If you want to allow 24 and yourself, follow the instructions above. [kazumi75kitty] comment = File Server Test in Miura Peninsula path = /mnt/miura read only = no browsable = yes writable = yes 

The name of the Windows workgroup to which I belong can be confirmed in the system properties of the control panel, so I did not mention it ^ ^

Easy to get hooked on directories

The directory specified by «path» in the section ** must be the same as the user registered with pdbedit, otherwise you may not be able to access the files and directories on the file server **, so check the owner properly. I’m changing it

If you use «/ mnt / miura /» for the file server space this time, for example, if the user wants to use it with shonan, the directory owner of ** / mnt / miura / is shonan ** (not root) is needed.

Ownerchange.png

Like the image above (the user name in the image is hidden because it is in operation)

Читайте также:  Linux поменять переменную окружения

Depending on the distribution, it may be complicated or simple depending on the presence or absence of the explanation of smb.conf, so refer to it in the image (˶ ・ ᴗ ・) ⚐⚑

  • CentOS 8.1 CentOS8-smbconf.png
  • openSUSE 15.1 openSUSE15-smbconf.png
  • Ubuntu 20.04 —global section (only some because there are so many items) Ubuntu20-smbconf-global.png—Section prepared by yourself Ubuntu20-smbconf-sect.png

Parameter check

If you see «Loaded services file OK.», The settings should be correct.

Starting the Samba service

CentOS8.1 ・ openSUSE15.1

 # systemctl start smb # systemctl enable smb # systemctl status smb 

Ubuntu20.04

 # systemctl start smbd # systemctl enable smbd # systemctl status smbd 

By using enable, you can use the file server automatically even after rebooting.

Check if «Active» and «Running» are displayed in the status and «Failed» is not displayed. If it says «Failed», you will have to go back to check again, such as a misspelled smb.conf setting.

Then check the log and if there are no errors, it knows the directory specified in smb.conf.

# less -r /var/log/samba/log.smbd 

If a path specification failure is displayed like «canonicalize_connect_path failed for service samba, path / mnt / miura», check whether the specified directory exists or check the owner and permissions with the ls -l command, and you can access it. It may not be.

Let’s access the file server

Now, let’s access the Linux file server from a Windows client. In Windows Explorer, enter \\ [Linux file server IP address].

First, open the firewalld (details will be described later).

# firewall-cmd --permanent --add-service=samba # firewall-cmd --reload 

Conn-OK.png

Here, since the IP address of the server is 192.168.1.18, access with «\\ 192.168.1.18 \». If you can successfully identify the server, you should get a Windows Security Authentication Failure dialog.

What if I can’t connect?

Conn-NG.png

If the message «Cannot connect» is displayed instead of the initial authentication failure screen, «firewall-cmd —list-all» is set in firewalld (described later), and «samba» is allowed for Service. If it doesn’t exist, or if you check if the Samba service is started on Linux with «systemctl status smb (d)», you may see a startup failure such as «Failed».

Let’s log on

Conn-logged-on.png

If the authentication failure dialog is displayed and you can connect to the file server, log in as the user registered with Samba with pdbedit. In the case of shonan in the example here, enter shonan as the user name and the password ** when registered with pdbedit ** (** distinguish it from the Linux user password **) and log on. To do. Then, if what is defined as the file space name, «kazumi75kitty» in this example is displayed, it means that the file space created by the section created in smb.conf is recognized normally.

Let’s put the file

FileSave-OK.png

Once the file space is recognized, try placing any file in various ways. Also, make sure that the placed file can be edited and saved on Windows.

Читайте также:  Linux mint are you root

If the file cannot be placed or becomes read-only

On the Linux server side, the directory used as the file server has a different owner or permissions that cannot be read or written, so reconfirm with the ls -l command again.

Basic security

Basic security in Samba settings

Basically, the main premise is not to allow access to outsiders. As an applied security, there is also a method using a domain or Active Directory, but it is omitted here. Limit hosts allow in ** smb.conf by allowing access only to the network to which you belong, assuming that you will not access it from outsiders’ networks. ** **

In this example, the file server is used at 192.168.1.0/24, but what if the hosts allow in smb.conf is set to not allow 192.168.1.? ??

Smb-allowdomainchg-1.png

For example, do not allow 192.168.1., but allow 192.168.2., As shown below. ~~hosts allow = 192.168.1. 127.0.0.1~~ hosts allow = 192.168.2. 127.0.0.1

So when you access «\\ 192.168.1.18 \» in Explorer, you should get the following error: Smb-allowdomainchg-2.pngAnd the log /var/log/samba/log.smbd shows that access from 192.168.1.11 is denied, as shown below. Smb-allowdomainchg-3.png

In this way, you were able to limit the network domains that Samba can use.

Basic security with firewalld

I think that the following firewall was opened with «firewall-cmd» earlier.

# firewall-cmd --permanent --add-service=samba # firewall-cmd --reload 

This means that the Linux firewall called firewalld always allows the service called Samba to be received, and does not allow services other than those specified. To check which services are allowed, enter the following command and check if the services allowed are displayed under services: like «services: dhcpv6-client ssh samba».

In addition, it is possible to use rich rules to allow the port used by Samba to a specific IP address or network, but this is omitted here.

References

  1. Network server construction guide made with CentOS7 [Server construction study group] Shuwa System
  2. Information Processing Engineering-OS and Internet Mechanism- [by Hiroyo Kinoshita] Corona Publishing Co., Ltd.
  • Reference 1 is for CentOS 7, but for Samba, there is no particular difficulty in keeping the original form because the difference is that the package installation command has changed from yum to dnf for Samba.
  • There is «Corona» in the publisher name of Reference 2, but as of June 2020, there are cases where people are prejudiced just by saying «Corona» due to the reputational damage of the coronavirus. The original meaning of corona is the very thin plasma atmosphere of the sun’s ultra-high temperature, which physically means the shape of the corona discharge, so let’s use the original meaning of corona correctly.

Источник

Оцените статью
Adblock
detector