PDA

View Full Version : Quick and not so Dirty Way to Configure NFS & Samba


graedus
11-23-2007, 04:55 PM
The following procedures should be done providing root credentials. To obtain root credentials, open up Konsole (kmenu->System->Konsole), type su , and provide your administrative password. If you are not savvy with the shell, you can edit files issuing the following command from kmenu-> Run command: kdesu kwrite, and then locating by hand the file. You should be careful with what files you open, as if you mistake you might break something.

1. Setting up a custom hostname.
--------------------------------
PCBSD sets up the same hostname (computer name) for every install performed (pcbsd is the hostname) If you have more than one computer in the network, it would be advisable that each one has a different hostname.

Edit /etc/rc.conf. Search for the following line, and change pcbsd to a more suitable name.
hostname="pcbsd"

Edit /etc/hosts. This is the default /etc/hosts file:
# : src/etc/hosts,v 1.16 2003/01/28 21:29:23 dbaker Exp $
#
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file. Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1 localhost localhost.localdomain pcbsd.localhost pcbsd
127.0.0.1 localhost localhost.localdomain pcbsd.localhost pcbsd

#
# Imaginary network.
#10.0.0.2 myname.my.domain myname
#10.0.0.3 myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
# 10.0.0.0 - 10.255.255.255
# 172.16.0.0 - 172.31.255.255
# 192.168.0.0 - 192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers. Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)

Replace all the "pcbsd" instances with the new name you provided on the rc.conf file just edited.


2. Disable Firewall
-------------------
Note: Disabling your firewall altogether is not a good idea if you don't trust your local network and don't have a hardware firewall between your network and the internet. Do this at your own risk. Providing a customized pf script trying to address each particular network configuration of yours is out of the scope of a "quick and dirty" setup.

Control Center > System Administration > Services Manager
Click on PF(Personal Firewall), then choose "Stop" and "Disable at Startup"

or do it by hand:
change the following on /etc/rc.conf :

frompf_enable="YES"
pf_rules_enable="YES"

topf_enable="NO"
pf_rules_enable="NO"

*Add the following line to /etc/hosts.allow, just below #ALL : ALL : allow
ALL : LOCAL : ALLOW
(this line can be fine tuned to allow only what you need, check man 5 hosts_options and man 5 hosts_access)


3. Setting up NFS
Depending on your setup, you might want to enable just NFS client or both client and server.

Add the following lines to /etc/rc.conf

#Enable NFS Client
nfs_client_enable="YES"
nfs_client_flags="-n 4"

#Enable NFS Server
rpcbind_enable="YES"
nfs_server_enable="YES"
nfs_server_flags="-u -t -n 4"
mountd_flags="-r"

Add an /etc/exports file. Example:
#The following examples export /usr to 3 machines named after ducks,
#/usr/src and /usr/ports read-only to machines named after trouble makers
#/home and all directories under it to machines named after dead rock stars
#and, /a to a network of privileged machines allowed to write on it as root.
#/usr huey louie dewie
#/usr/src /usr/obj -ro calvin hobbes
#/home -alldirs janice jimmy frank
#/a -maproot=0 -network 10.0.1.0 -mask 255.255.248.0
#
# You should replace these lines with your actual exported filesystems.
# Note that BSD's export syntax is 'host-centric' vs. Sun's 'FS-centric' one.
/exportpath -alldirs -maproot=root allowedhostname

For more information on how to set up the exports file, check man exports.

To remotely mount the filesystem, issue the following command:
mount hostname:/exportpath /mountpoint
where hostname is the name of the computer acting as nfs host, exportpath is the path you set on the exports file, and /mountpoint is the directory to which this filesystem will be mounted (it has to be a directory owned by the mounter and empty).

To see the host's exports list, issue this command:
showmount -e hostname


4. Setting up Samba

Find where the smb.conf file is located:
smbd -b | grep smb.conf
In this case, it is located on /usr/local/etc/smb.conf

Adjust the following line in smb.conf (example: /usr/local/etc/smb.conf )
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = MYGROUP

Append (add at the end) your shared folders (example):
[public]
path = /usr/somewhere/else/public
public = yes
only guest = yes
writable = yes
printable = no
Check the examples provided at the end of the smb.conf file, also check man smb.conf

Add users using smbpasswd (example):
smbpasswd -a username
(the command will prompt for a password to be created)

And that's it. You should be able to see the samba shares and remotely mount using nfs.

Online References:
http://trac.pcbsd.org/ticket/6
http://www.freebsd.org/doc/en_US.ISO885 ... k-nfs.html (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-nfs.html)
http://us4.samba.org/samba/docs/man/Sam ... l#id318178 (http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/install.html#id318178)

anotherdave
11-26-2007, 04:46 PM
If you actually HAVE machines that are named after dead rock stars, you'll want to change the line above to:
#/home -alldirs janis jimi frank
And of course, your next machine will be named jerry, right?

(Useful information. Thanks! :-) )

nayan
03-08-2008, 09:21 PM
Thanks for the tips: they were very useful.

To add to your post, I thought it might be worthwhile to mention that you could edit the /etc/fstab file to mount the Windows drive automatically via Samba or, allow you to use a simple command such as:

# mount /mnt/godruma/data

where /mnt/godruma/data is the mount point you create on the BSD system as root as follows.

# mkdir -p /mnt/godruma/data
# chown -R <your username>:<your group> /mnt/godruma
# chmod -R 744 /mnt/godruma

Thereafter edit the /etc/fstab file by appending as follows.


# Samba shares
//godruma/data /mnt/godruma/data smbfs rw 0 0

To mount automatically, you could specify rw, username=xyz, password=xyz in the entry above in place of rw. However, that can be a security risk and you'd need to make the file read-only for root thus:

# chmod 600 /etc/fstab

Hope this helps. :)

< I am new to BSD having come from the Linux world, so please excuse any errors above >

antik
03-09-2008, 12:25 PM
Thereafter edit the /etc/fstab file by appending as follows.


# Samba shares
//godruma/data /mnt/godruma/data smbfs rw 0 0


I won't encourage mounting external mountpoints from /etc/fstab at all- what happens when networks is down when you start your computer?

Better place to mount those points is from /etc/rc.local

thenrie
04-22-2008, 06:08 PM
You can add the option "intr" in the /etc/fstab line to be able to interrupt the bootloader's attempts to load the samba share while the network is down by using ^C. Otherwise it will keep trying to load it forever and stop the boot process. You can also add the option "noauto" so that the line is there in fstab, but not automatically loaded during boot. You can mount it with the "mount -a" command when you need it.

Code:
Samba shares//godruma/data /mnt/godruma/data smbfs rw,intr(or noauto) 0 0

Ian_Robinson
12-13-2008, 10:52 PM
Advice on configuring PCBSD as a network file server with NFS and Samba for BSD and Windows access (PCBSD 1.5.x and 7.0.x)

There are several Server Configuration files that must be modified to operate an NFS Server with Samba access. Most of this information is readily available on the web. The thing that is critical to making it work with PCBSD is to modify /etc/pf.conf to let NFS and Windows clients pass through the pf firewall. This is the list of files to modify:

1. /etc/exports (1 line)
2. /etc/pf.conf (3 lines)
3. /etc/rc.conf (3 lines)
4. /etc/hosts.allow (optional)
5. /usr/local/etc/smb.conf (many lines)

In these examples, the local network uses:

Tcp/ip addresses in the range 192.168.1.x and a netmask of 255.255.255.0.
The server is called "server" and uses a fixed ip address of 192.168.1.100
The files to share are stored in either the home directory or at a directory called /server_files
The client mount point is at /mnt/server


Part 1. ==================== Modify /etc/exports (SERVER) ===================

Exporting the "home" directory:

# identify the directory to export, the local network address, & net mask
/usr/home/IR -network 192.168.1.0 -mask 255.255.255.0


or exporting another directory:

/server_files -network 192.168.1.0 -mask 255.255.255.0


Part 2. ==================== Modify /etc/pf.conf (SERVER) ===================

# at the top of the file, define a macro variable to identify the local network
#
lan = "192.168.1.0/24"
#

At the end of the file, add lines to pass all traffic to/from local network.
Notice the local network is identified here as the macro variable $lan.
Here, xl0 is the network interface card (NIC)
#
pass in on xl0 from $lan to any keep state
pass out on xl0 from any to $lan keep state
#

Part 3. ==================== Modify /etc/rc.conf (SERVER) ===================

# add the next three lines to make the computer an nfs file server
# see further below to configure an nfs client

rpcbind_enable="yes"
nfs_server_enable="yes"
mountd_flags="-r"


Part 4. ==================== Optional Modifications to /etc/hosts.allow (SERVER) ===============

No changes are necessary, but you could change anywhere the file references an ip address or netmask to match your particular network.


Part 5. =================== Modify /usr/local/etc/smb.conf (Server) ======================

[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
workgroup = MYGROUP <------------------------------------ (change to your Windows workgroup)

# server string is the equivalent of the NT Description field
server string = Samba Server <---------------------------(change to meet your naming needs)

# Security mode. Defines in which mode Samba will operate. Possible
# values are share, user, server, domain and ads. Most people will want
# user level security. See the Samba-HOWTO-Collection for details.
security = user <------------------------------------ (change to security = share )

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 127. <-----------(change to match the 1st three parts of your network tcp address, keep 127. )

* * *

[homes]

comment = Home Directories
browseable = no
writable = yes

* * *

[printers]
comment = All Printers
path = /usr/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
printable = yes
#
# >>> Custom Additions to Locate Files and Permit Access <<<==============================
#
[FK_SERVER] <------------------- Section Label, here w/ my server's name
comment = general user documents and files
path = /server_files <------------------ Path to location of the files you want to share
public = yes
read only = no
writeable = yes
browseable = yes
guest ok = yes
available = yes
guest account = nobody
force group = nogroup
force user = nobody
create mask = 0777
directory mask = 0777
nt acl support = No
#
# End Samba Changes



To access the NFS Server with a PCBSD CLIENT, you must modify one configuration file ( /etc/rc.conf ) and create a mount point on the client directory tree:

# Add this line to /etc/rc.conf
nfsiod -n 4

Make Mount Point on Client Directory Tree

#mkdir /mnt/server

Now everything should be ready to actually mount a remote file system. In these examples the server's name will be "server" and the client's name will be "client."

Mounting the NFS Server

Execute a command like this as root on the client (Syntax: # mount_nfs <server_IP>:<server_dir_path> /<mount_point>)

# mount_nfs 192.168.1.100:/home/IR /mnt/server <--- mounts the home directory
or
# mount_nfs 192.168.1.100:/server_files /mnt/server <----- mounts the server files


If you want to mount both the home directory and the server files, you need to define two export lines and two different mount points.

On the Windows client, you step through "My Network Places" until you see the PCBSD share. It helps to go into "My Computer" or "Windows Explorer" to "Map a Network Drive" to a drive letter.

thenrie
12-14-2008, 11:31 PM
Nice, thanks. I was wondering about all that. I haven't had time to set up my sharing features in PCBSD yet. It appears PCBSD is straight FreeBSD as far as NFS and Samba are concerned.

Can you not accomplish the same thing by following the Dolphin wizard provided with PCBSD?

Ian_Robinson
12-15-2008, 12:21 AM
It appears PCBSD is straight FreeBSD as far as NFS and Samba are concerned.

Yes. Your assessment is 100% correct.


Can you not accomplish the same thing by following the Dolphin wizard provided with PCBSD?

A good question. The Dolphin Network Wizard (found in the "Places" component of Dolphin) uses the "fish" protocol. http://www.fishshell.org/ PCBSD developers turn the fish command shell into a beautiful GUI file manager. Fish is also used by PCBSD in the stand-alone Network Folder Wizard (KnetAttach) found at Start > Applications > Internet > Network Folder Wizard.

Until you brought up it up, I did not realized how much fish/knetattach had improved with 7.x. I found that Dolphin Network connected quickly and in a much improved fashion when compared to previous versions of fish/knetattach when I connected to another PCBSD computer on my home network.

However, with 7.x, (and perhaps with PCBSD 1.5.x) you must modify /etc/pf.conf to let fish/knetattach pass through the firewall. The modification is the same as that described above:

At the top of the file, define a macro variable to identify the local network. Here, my router is 192.168.1.1, so my network is 192.168.1.0. Replace the string with your network:

==================== Modify /etc/pf.conf ===========================
#
lan = "192.168.1.0/24"
#


At the end of the default /etc/pf.conf, you must add two lines to pass all traffic to/from local network. (Notice the local network you identified above is now identified in the following lines as the macro variable "$lan".) But, bear in mind the pf rule that the "last entry controls", you might add them sooner in the file if you have previously customized /etc/pf.conf.
#
pass in on xl0 from $lan to any keep state
pass out on xl0 from any to $lan keep state
#

xl0 is a network interface card (NIC), so substitute your NIC's name. Also notice that the lines are not identical. The first says "pass in"; the second says "pass out". The first is from "$lan to any"; the second is the opposite from "any to $lan".



Samba allows Windows clients to read and write to files on a Unix or Linux machine. I don't know if fish lets Windows machines do that. But I think it would go the other way -- BSD machines can read remote Windows disks. I'll try it tomorrow at work to see if I can read a Windows machine from a PCBSD machine attached in the same network.

One difference I noted is that an using NFS to mount a remote directory makes the mount a part of your directory until it is umounted. With NFS you can mount multiple remote sources into your directory tree.

It was not obvious where fish/knetattach was mounting, if at all. Dolphin/fish/knetattach would mount quickly and easily whenever you wanted it to, but it was always a fresh mount and required a password each time. There's nothing wrong with that from a security standpoint.

Good tip thenrie.