RH253-Unit5:Notes

mrzcs

Unit5: Network File Sharing Services

·  File Transfer Protocol (FTP)
·  Network File Service (NFS)
·  Port options for the Firewall
·  Samba services
·  Configuring Samba
·  Hands-on Lab: Network File Sharing Services

Objectives
Upon completion of this unit, you should be able to:
· Describe the FTP service
· Explain Network File Sharing
· Describe the NFS service
· Describe the Samba service
· Use client tools with each service

File Transfer Protocol(FTP)
· vsftpd - the default Red Hat Enterprise Linux ftp server
· No longer managed by xinetd
· Allows system, anonymous or virtual (FTPonly) user access
· The anonymous directory hierarchy is provided by the vsftpd RPM
· /etc/vsftpd/vsftpd.conf is the main configuration file

Service Profile: FTP
· Type: SystemV-managed service
· Package: vsftpd
· Daemon: /usr/sbin/vsftpd
· Script: /etc/init.d/vsftpd
· Ports: 21 (ftp), 20 (ftp-data)
· Configuration: /etc/vsftpd/vsftpd.conf /etc/vsftpd.ftpusers /etc/pam.d/vsftpd
· Log: /var/log/xferlog
· Related: tcp_wrappers,ip_conntrack_ftp, ip_nat_ftp

Network File Service (NFS)
· The Red Hat Enterprise Linux NFS service is similar to other BSD and UNIX variants
    ☉ Exports are listed in /etc/exports
    ☉ Server notified of changes to exports list with exportfs -r or service nfs reload
    ☉ Shared directories are accessed through the mount command
    ☉ The NFS server is an RPC service and thus requires portmap

Service Profile: NFS
· Type: System V-managed service
· Package: nfs-utils
· Daemons: rpc.nfsd, rpc.lockd, rpciod, rpc.mountd, rpc.rquotad, rpc.statd
· Scripts: /etc/init.d/nfs, /etc/init.d/nfslock
· Ports: 2049(nfsd), Others assigned by portmap (111)
· Configuration: /etc/exports
· Related: portmap (mandatory),tcp_wrappers

Port options for the Firewall
· mountd, statd and lockd can be forced to use a static port
· Set the MOUNTD_PORT, STATD_PORT,LOCKD_TCPPORT and LOCKD_UDPPORT variables in /etc/sysconfig/nfs
    MOUNTD_PORT="4002"
    STATD_PORT="4003"
    LOCKD_TCPPORT="4004"
    LOCKD_UDPPORT="4004"

NFS Server
· Exported directories are defined in /etc/exports
· Each entry specifies the hosts to which the filesystem is exported plus associated permissions and options
    ☉ options should be specified
    ☉ default options: (ro,sync,root_squash)
    ☉ root mapped to UID 4294967294

NFS utilities
· #exportfs -v
· #showmount -e hostname
· #rpcinfo -p hostname

Client-side NFS
· implemented as a kernel module
· /etc/fstab can be used to specify network mounts
· NFS shares are mounted at boot time by /etc/init.d/netfs
· autofs mounts NFS shares on demand and unmount them when idle

Samba services
· Four main services are provided:
    ☉ authentication and authorization of users
    ☉ file and printer sharing
    ☉ name resolution
    ☉ browsing (service announcements)
· Related
    ☉ smbclient command-line access
    ☉ Linux can mount a Samba share using the cifs or smbfs file system

Service Profile: SMB
· Type: System V-managed service
· Packages: samba, samba-common, sambaclient
· Daemons: /usr/sbin/nmbd, /usr/sbin/smbd
· Script: /etc/init.d/smb
· Ports: [NetBIOS] 137(-ns), 138(-dgm), 139(-ssn), [SMB over TCP] 445(-ds)
· Configuration: /etc/samba/*
· Related: system-config-samba, testparm

Configuring Samba
· Configuration in /etc/samba/smb.conf
    ☉ Red Hat provides a well-commented default configuration, suitable for most situations
· Configuration tools are available
    ☉ system-config-samba
    ☉ samba-swat (
http://localhost:901
)
    ☉ Hand-editing smb.conf is recommended

Overview of smb.conf Sections
· smb.conf is styled after the .ini file format and is split into different [ ] sections
    ☉[global] : section for server generic or global settings
    ☉[homes] : used to grant some or all users access to their home directories
    ☉[printers] : defines printer resources and services
· Use testparm to check the syntax of /etc/samba/smb.conf

Configuring File and Directory Sharing
· Shares should have their own [ ] section
  Some options to use:
    ☉ public - share can be accessed by guest
    ☉ browsable - share is visible in browse lists
    ☉ writable - resource is read and write enabled
    ☉ printable - resource is a printer, not a disk
    ☉ group - all connections to the share use the specified group as their primary group

Printing to the Samba Server
· All printers defined in /etc/cups/printers.conf are shared as resources by default
· Can be changed to allow only explicitly publicized printers

Authentication Methods
· Specified with security = method
· Valid methods are:
    ☉ user : validation by user and password (this is the default)
    ☉ domain/server : a workgroup with a collection of authentication data is used
    ☉ ads : acts as an Active Directory member with Kerberos authentication
    ☉ share : user validation on per-share basis

Passwords
· Encrypted password considerations
    ☉ Stored in /etc/samba/smbpasswd
    ☉ Users added with smbpasswd -a user
    ☉ Users modified with smbpasswd user
    ☉ Users must have local accounts (or be translated to a local account through /etc/samba/smbusers), or implement winbindd, a separate service

Samba Syntax Utility
· testparm is used to check the syntax of /etc/samba/smb.conf
· Can check the allow/deny statements to verify that a host could access the server:
#testparm /etc/samba/smb.conf station1.example.com 192.168.0.1

Samba Client Tools: smbclient
· Allows for simple view of shared services
#smbclient -L hostname
· Can be used as an ftp-style file retrieval tool
#smbclient //machine/service
> cd directory
> get file
· user%password may be specified with -U or by setting and exporting the USER and PASSWD environment variables

Samba Client Tools: nmblookup
· List specific machine
#nmblookup -U WINS_server -R name
· List all machines
#nmblookup \*

Samba Clients Tools: mounts
· The SMB and CIFS file systems are supported by the Linux kernel
· Use mount to mount a Samba-shared resource:
#mount -t cifs service mountpoint -o option1,option2

Samba Mounts in /etc/fstab
· Samba mounts can be performed automatically upon system boot by placing an entry in /etc/fstab
· Specify the UNC path to the samba server, local mount point, cifs as the file system type, and a user name.
//stationX/homes /mnt/homes cifs username=bob,uid=bob 0 0

End of Unit 5
· Questions and Answers
· Summary
    ☉ Questions and Answers
    ☉ Preparation for Lab
    ☉ Goals
    ☉ Scenario
    ☉ Deliverables
    ☉ Please ask the instructor for assistance when needed


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/20003/showart_1714203.html