vpn plus samba making my home computing environment identical to my work computing environment
TRANSCRIPT
At the Office
I am running Windows 2000 (sp2)My Laptop is connected to the departmental networkI can access my network files from windows the same way that I access my local files.
From Home
I am not connected to the departmental networkThe only way to access my departmental network files is via ftp.
How to make home like work
Create a Virtual Private Network (VPN) to allow me to tunnel from my house to the department via my ISP (adelphia using cable modem)Set up the network to allow windows users to access resources such as files and printers on a Unix System via Samba
Setting up VPN
My local machine runs Windows 2000.Windows 2000 has VPN capabilities when using PPTP (point-to-point tunneling protocol).We needed a FreeBSD, Linux, or Solaris solution that supports PPTP.We decided on mpd, multi-link ppp daemon based on netgraph(4) a FreeBSD package
mpd
http://www.freebsd.org/cgi/url.cgi?ports/net/mpd/pkg-descr contains the port descriptionhttp://www.freebsd.org/cgi/pds.cgi?ports/net/mpd contains the sourceftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-stable/All/mpd-3.7.tgz contains the package
mpd (continued)
mpd is capable of setting up Multi-link PPP capability PAP, CHAP, and MS-CHAP
authentication PPP compression and encryption
Point-to-Point Tunnelling Protocol (PPTP)
We implemented only what was required for this project.
mpd Installation
Downloaded latest package to /rootgunzip’ed the package (left in root)(un)tarred package (into root but we cleaned up the mess when we were finished)Install in the usual manner. make installConfiguration
mpd Configuration
There are four configuration files: mpd.conf mpd.links mpd.secret mpd.script
All of these are in /usr/local/etc/mpd on gw11. Log in as root to read them.
mpd.conf
This file defines what the bundles are, what the links within those bundles are, how the interface should be configured, and various ppp parameters…/usr/local/etc/mpd/mpd.conf contains the file.telnet://gw11.cs.uofs.edu
mpd.links
Contains one link per simultaneous pptp connection.Ours is set up to allow two users to connect simultaneously.
mpd.secret
Unencrypted list of usernames, passwords, and ip addresses for connection to the VPN.In other words, connecting to the VPN does not connect you as a USER to the network.There are methods of making this more secure
mpd.secret (cont)
Here is the current file: ryan "running" 134.198.161.227/28 sid "walking" 134.198.161.223/28
When connecting to the VPN one of these username/password combinations must be used.Both of them may be used simultaneously.
mpd.script
Since we did no dialup connection, this script remains one of the mysteries of the ages.There is an mpd.script.sample with 1558 lines available in /usr/local/etc/mpd on gw11 if you need to use dialup scripts.
What is Samba
Samba is an open source software suite that provides file and print services to SMB (CIFS or NetBIOS) clients such as Windows 95/98, Windows NT, or OS2.
What is Samba (continued)
A samba enabled Unix (or other) machine can provide the following services: Share one or more filesystems Share printers installed on both the server
and its clients Assist clients with Network Neighborhood
browsing Authenticate clients logging onto a Windows
domain Provide or assist with WINS name server
resolution
What is Samba (continued)
Samba revolves around a pair of Unix daemons – smbd nmbdsmbd - A daemon that allows file and printer sharing on an SMB network and provides authentication and authorization for SMB clientsnmbd - A daemon that looks after the Windows Internet Name Service (WINS), and assists with browsing
Reasons to Use Samba
You don't want to pay for - or can't afford - a full-fledged Windows NT server, yet you still need the functionality that one provides.You want to set up a common area for data or user directories that will be available to Windows and Unix clients.You want to be able to share printers across both Windows and Unix workstations.You want to be able to access NT files from a Unix server.
Samba Installation
Samba can be installed in the usual ways (ie by ports, package, or rpm installation). Samba is also included in red-hat linux and unix distributions.Samba is supported for the following types of machines – Unix, Linux, VMS, MVS, OS/2, Stratus-VOS, Amiga, MPE/iX We chose to do a package installation on a red-hat 7.2 machine running NFS.
Samba Installation (cont.)
1st we downloaded samba from the samba homepage into root’s home directory samba-latest.tar.gz Steps for simple installation: unzip and untar the file Cd into package’s directory Run make install with no configuration options
More configuration options? Then read: docs/textdocs/WHATSNEW.txt docs/textdocs/UNIX_INSTALL.txt
Samba Installation Directories
/usr/local/samba - Main tree/usr/local/samba/bin - Binaries/usr/local/samba/lib - smb.conf, lmhosts, configuration files, etc./usr/local/samba/man - Samba documentation/usr/local/samba/private - Samba encrypted password file/usr/local/samba/swat - SWAT files/usr/local/samba/var - Samba log files, lock files, browse list info, shared memory files, process ID files
Samba Configuration
The samba configuration files live in the /usr/local/samba/lib directoryThe main configuration file is /usr/local/samba/lib/smb.confThis file can be edited through a text editor but it is much easier to use the Samba Web Administration Tool aka SWAT !
You need to configure your system before you can use swat
Configuring Your Red-Hat System for Swat
Create a file named swat in the /etc/xinetd.d directoryThis file should contain the following:
service swat{
port = 901 socket_type = stream wait = no user = root server = /usr/local/samba/bin/swat log_on_failure += USERID disable = no}
Configuring Your Red-Hat System for Swat (cont.)
Add the following line into the /etc/services file
swat 901/tcp # SWAT
It is a good idea to limit the use of SWAT to certain hosts…For Example:
In /etc/hosts.deny: swat: ALL
In /etc/hosts.allow: swat: LOCAL, 134.198.168.128
Now You Are Ready To Use SWAT!
What is SWAT
Basically it is a visual front-end to the smb.conf fileFollowing from above SWAT can be started by a browser through port
901 Any user may log into SWAT, but only root may
edit the config Files
Using SWAT http://lab4.research.cs.uofs.edu:901 Administrator login example User login example
Samba Resources
http://www.samba.org/ You can download the latest package from here
http://www.oreilly.com/catalog/samba/chapter/book/ A free online version of the book “Using Samba”
Link to smb RFC ftp://ftp.isi.edu/in-notes/search.ietf.org/internet-
drafts/draft-crhertel-smb-url-02.txt Author – Chris Hertel
Chapter 26 of “Unix Administration Handbook”