samba ftp

======================================================
DEBIAN - File Server - SAMBA / SAMBA Setup
======================================================

- Samba
- FTP (proftpd)

SAMBA / windows file server
============================
http://www.samba.org/

Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, and allows for interoperability between Linux/Unix servers and Windows-based clients.

CIFS = Common Internet File System
SMB = Server Message Block (protocol)

Samba consists of two key programs, plus a bunch of other stuff that we'll get to later. The two key programs are smbd and nmbd. Their job is to implement the four basic modern-day CIFS services, which are:-
- File & print services
- Authentication and Authorization
- Name resolution
- Service announcement (browsing)

File and print services are the cornerstone of the CIFS suite. These are provided by smbd, the SMB Daemon. Smbd also handles "share mode" and "user mode" authentication and authorization. That is, you can protect shared file and print services by requiring passwords. In share mode, the simplest and least recommended scheme, a password can be assigned to a shared directory or printer (simply called a "share"). This single password is then given to everyone who is allowed to use the share. With user mode authentication, each user has their own username and password and the System Administrator can grant or deny access on an individual basis.

Install Samba packages:

abbts1:~# apt-cache search samba
abbts1:~# apt-get install samba samba-doc smbclient

Workgroup: same as the Workgroup under windows on your notebook
Modify smb.conf to use WINS settings from DHCP? : no

Samba service is already running just after setup:

abbts1:~# ps fax
2180 ? Ss 0:00 /usr/sbin/nmbd -D
2182 ? Ss 0:00 /usr/sbin/smbd -D
2183 ? S 0:00 \_ /usr/sbin/smbd -D

To monitor the users and computers connected on the Samba Server, there is the 'smbstatus' command:

abbts1:~# smbstatus

Samba version 3.0.24
PID Username Group Machine
-------------------------------------------------------------------

Service pid machine Connected at
-------------------------------------------------------

No locked files

Basic settings under debian:

0) Backup your config File:

abbts1:/etc/samba# cp smb.conf smb.conf_orig_20100211

1) Setup Share for System Users

update the /etc/samba/smb.conf file and activate the line
"security = user" (remove the "#")
und in section [homes]: replace "read only = yes" by "read only = no", and set "browsable = yes".

2) Global share for all users

2.1) Create the share directory

mkdir -p /home/shares/allusers
("mkdir -p" = create parent directories if required)
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

2.2) Add the Share to smb.conf

At the end of smb.conf, add these lines:

[allusers]
comment = All Users
path = /home/shares/allusers
valid users = @users
force group = users
create mask = 0660
directory mask = 0771
writable = yes

2.3) /etc/group update

Only members of the unix group "users" will have access to the share.

In /etc/group: add your own user ("lastname") to the group users:
For example: "users:x:100:lastname,lastname2"

2.4) Set samba passwords

Samba does not use the system accounts (/etc/passwd) by default. It has a separate password management system, administered by the command line tool "smbpasswd".

smbpasswd -a lastname
smbpasswd -a lastname2
etc.

3) Set and increase Log level

In smb.conf: "log level = 2" in [global] section

4) Check Setup validity with "testparm"

abbts1:~# testparm /etc/samba/smb.conf

5) Restart the service

/etc/init.d/samba restart

6) Watch the logs:

abbts1:~# tail -f /var/log/samba/log.*

6) Test login locally:

abbts1:~# smbclient -L localhost -U lastname

7) Try to reach your Share (from your notebook):
\\10.x.y.z\
-> try to create directories, copy some data, delete.

8) run "smbstatus" : it will display the current open connections and
open/locked files

9) Make a backup of your setup

abbts1:/etc/samba# cp smb.conf smb.conf_20100211_ok

10) Install and try SWAT : it is the "Samba Web Administration Tool"
abbts1:~# apt-get install swat

11) Play with it a little bit and try to add/update your setup...
http://IP_ADDRESS:901/ with root as username.

FTP - File Transfer Protocol
============================
http://www.proftpd.org

File Transfer Protocol(FTP)is a standard network protocol used to exchange and manipulate files over a TCP/IP based network. RFC 114 was released on 16 April 1971 and was the original specification of the File Transfer Protocol (FTP).

1) Setup under Debian:

abbts1:~# apt-get install proftpd proftpd-doc
(standalone)

2) Test if the service is running:

abbts1:~# ps fawx|grep proftp
3766 pts/0 R+ 0:00 \_ grep proftp
3451 ? Ss 0:00 proftpd: (accepting connections)

3) Watch the logs:
abbts1:~# tail -f /var/log/proftpd/*.log

4) Try to connect as "lastname", and as root:

abbts1:~# ftp localhost
Connected to localhost.
220 ProFTPD 1.3.0 Server (Debian) [::ffff:127.0.0.1]
Name (localhost:om):

Commands:
cd mkdir rmdir
dele get
( more: http://www.proftpd.de/FTP-Befehle.38.0.html )

5) Try to connect remotely with an FTP Client, for example: Filezilla.
http://filezilla-project.org/

6) Problem: security is not optimal: "cd /" und "cd .." is allowed
and gets to far up on the system: any user can have a look
at /etc/passwd...

Solution: add "DefaultRoot ~" in /etc/proftpd/proftpd.conf and
restart the service.

abbts1:~# /etc/init.d/proftpd restart

Now test again if everything is fine, and try to reach /etc/
as an user -> it should not be possible anymore, users are "jailed".

Extra task: activate TLS (encryption) to prevent sniffing of
ftp login/password. Required module (mod_tls) is in the package,
but you need to configure it and create a key... Good luck :)
(solution: next time)

samba ftp

menu

User login

Who's new

Who's online