final project of imran

8/3/2019 Final Project of Imran

http://slidepdf.com/reader/full/final-project-of-imran 1/46

Configuration Of Samba As PDC

1. Introduction:This Is The Start Of The Real Journey Toward The Successful Deployment Of Samba.This Chapter Lays The Groundwork For Understanding The Basics Of Samba Operation.

Instead Of A Bland Technical Discussion, Each Principle Is Demonstrated By Way Of AReal-World Scenario For Which A Working Solution Is Fully Described. The PracticalExercises Take You On A Journey Through A Drafting Office, A Charity AdministrationOffice, And An Accounting Office. You May Choose To Apply Any Or All Of TheseExercises To Your Own Environment.Each Case Presented Highlights Different Aspects Of Windows Networking For WhichA Simple Samba-Based Solution Can Be Provided. Each Has Subtly DifferentRequirements Taken From Real-World Cases. The Cases Are Briefly Reviewed ToCover Important Points

1.1 What Is Samba:

Samba Is An Open Source/Free Software Suite That Provides Seamless File And PrintServices To SMB/CIFS Clients." Samba Is Freely Available, Unlike Other SMB/CIFSImplementations, And Allows For Interoperability Between Linux/Unix Servers AndWindows-Based Clients.The Goal Behind The Project Is One Of Removing Barriers To Interoperability

Samba Is A Software Package That Gives Network Administrators Flexibility AndFreedom In Terms Of Setup, Configuration, And Choice Of Systems And Equipment.Because Of All That It Offers, Samba Has Grown In Popularity, And Continues To Do

So, Every Year Since Its Release In 1992

1.2 Samba As PDC

Microsoft's Concept Of A Primary Domain Controller Is Most Useful As It Simplifies

A Number Of Network Administration Chores. It Provides A "Single Sign-On", Storing

Information About Domain Users, And Providing User Authentication. User's Profiles

Are Stored On The PDC; The PDC Handles All Authentication Requests, Allowing

Users To Access Different Services In The Domain Without Needing Multiple

Authentications.

Samba Makes A Fine NT-Type PDC. It Supports Roaming Profiles, Domain Logon

From All Windows Clients, Windows NT4-Type System Policies, Name Services,

Master Browser, And User-Level Security For Windows 9x/ME Clients. Which In My

Opinion Do Not Belong In A Business Environment, But If They're There And You Have

To Deal With Them, Samba Doesn't Mind In The Least.

University of The Punjab Gujranwala Campus

1




1.3 Defining A Domain And A Controller

In The Windows World, A Collection Of Networked Computers Is Typically Called AWorkgroup. As A Network Grows, It Often Becomes Desirable To Turn It Into ADomain. By Creating A Domain, You Gain An Important Feature.Within A Domain,There Is A Single System Called The Primary Domain

1.4 Domain Control Parameters

The Parameters Os Level, Preferred Master, Domain Master, Security, Encrypt

Passwords, And Domain Logons Play A Central Role In Assuring Domain Control And Network Logon Support.

The Os Level Must Be Set At Or Above A Value Of 32. A Domain Controller Must BeThe DMB, Must Be Set In User Mode Security, Must Support Microsoft-CompatibleEncrypted Passwords, And Must Provide The Network Logon Service (Domain Logons).Encrypted Passwords Must Be Enabled.

1.5 Environment Parameters

The Parameters Logon Path, Logon Home, Logon Drive, And Logon Script AreEnvironment Support Settings That Help To Facilitate Client Logon Operations And ThatHelp To Provide Automated Control Facilities To Ease Network Management

Overheads. Please Refer To The Man Page Information For These Parameters.

1.6 NETLOGON Share

The NETLOGON Share Plays A Central Role In Domain Logon And DomainMembership Support. This Share Is Provided On All Microsoft Domain Controllers. It IsUsed To Provide Logon Scripts, To Store Group Policy Files (Ntconfig.POL), As WellAs To Locate Other Common Tools That May Be Needed For Logon Processing. This IsAn Essential Share On A Domain Controller.

1.7 PROFILE Share

This Share Is Used To Store User Desktop Profiles. Each User Must Have A DirectoryAt The Root Of This Share. This Directory Must Be Write-Enabled For The User AndMust Be Globally Read-Enabled. Samba-3 Has A VFS Module Called“Fake_Permissions” That May Be Installed On This Share. This Will Allow A SambaAdministrator To Make The Directory Read-Only To Everyone. Of Course This Is

Useful Only After The Profile Has Been Properly Created.


2




1.8 Domain And Network Logon Configuration

The Subject Of Network Or Domain Logons Is Discussed Because It Forms An IntegralPart Of The Essential Functionality That Is Provided By A Domain Controller.

2 Business Problem

This Is Sometimes Hard To Define. In Fact Often, Different People See The Problem InDifferent Ways. Unless The Problem Is Clearly Defined, Articulated, Documented AndUnderstood, There Is Not Much Chance Of Delivering A Successful Project.

Answer These Three Questions:

• The Business Problem Is . (What Is The Adverse Situation?)• Which Affects .. (Who Are The Stakeholders?)• The Impact Of Which Is .(What Is The Impact Of The Problem?)

From The Sambamailing List We Can Readily Identify Many Common NetworkingIssues. If You Are Not Clear On The Following Subjects, Then It Will Do Much GoodTo Read The Sections That Deal With It. These Are The Most Common Causes Of MSWindows Networking Problems:

• Basic TCP/IP Configuration.

• Netbios Name Resolution.• Authentication Configuration• User And Group Configuration.• Basic File And Directory Permission Control In Unix/Linux.• Understanding How MS Windows Clients Interoperate In A Network

Environment.


3




2.1 Problem Definition:

Once A Business Has Determined That They (The Customer) Want To Solve AParticular Problem, And They Have Identified A Solution Provider, The Customer HasTo Describe The Problem. It Is Human Nature For The Customer To ExpressRequirements As Solutions. It Is The Responsibility Of The Solution Provider ToEducate The Customer About The True Nature Of Problem, And About TheRamifications Of The Solution Space. Often The Availability Of Technology ObscuresThe True Problem.

2.2 Problem Statement:

Problem Statements Typically Define The Domain Of The Problem. This Implies ThatYour Problem Have To Give Who Will Work On The Project A Clear And ConciseDescription Of The Various Entities And Actors And How They Interact With OneAnother

2.3 Problem Analysis:

Business Analysis As A Discipline Has A Heavy Overlap With Requirements Analysis Sometimes Also Called Requirements Engineering, But Focuses On Identifying TheChanges To An Organization That Are Required For It To Achieve Strategic Goals.These Changes Include Changes To Strategies, Structures, Policies, Processes, And

Information Systems.


4

http://en.wikipedia.org/wiki/Requirements_analysis

http://en.wikipedia.org/wiki/Requirements_analysis




3. Project Planners

The Key To A Successful Project Is In The Planning. Creating A Project Plan Is The FirstThing We Should Do When Undertaking Any Kind Of Project.

Sponsor:

XYZ Company

Project Leader:

Imran Afzal

Technical Lead / Supervisor

Mr.Obaid Ullah Ateeb

4. Project Team (Roles And Responsibilities)People Specifically Charged With Execution Of The Project Solution. RegardlessOf How A Project Is Organized, There Are Roles And Responsibilities That Should

Be Considered For Every IT Project. These Include Things Like:

Project Management

Data Communications

System Testing

Documentation (User And Technical)

Training

• Leaders/Decision Makers From The State Organization And Sometimes ControlAgencies.

• Users Who Interface With Outputs To The System (Either From Within Or OutsideOf The State Organization)


5




5. Project Manager Responsibilities

5.1 G ENERAL F UNCTIONS

Implement Project Policies And Procedures.

Acquire Resources Through The Project Sponsor And Steering Committee.

Maintain Staff Technical Proficiency And Productivity, And Provide Training WhereRequired.

Establish And Maintain Quality In Project.

Identify And Procure Tools To Be Used On The Project.

5.2 C ONCEPT D EFINITION

Develop Project Statement Including Success Criteria And Constraints.

Conduct General Cost/Benefit Analysis, If Required.

5.3 P LANNING

Develop Detailed Project Plan, Tailoring Methodology To Reflect Project Needs. Ensure That Management, Users, Affected State Organizations, And ContractorsCommit To Project.

5.4 P ROJECT S TART -U P

Finalize Project Baseline Plan. Assign Resources To Project And Assign Work Packages.

Finalize Project Quality And CM Plans.

5.5 P ROJECT E XECUTION

Regularly Review Project Status, Comparing Budgeted To Actual Values. Ensure That Project Plan Is Updated And Approved As Needed. Review The Results Of QA Reviews. Participate In Change Control Board To Approve System Changes.

Update Project Risks And Establish Prevention And Mitigation Procedures, AsRequired.

5.6 C LOSE -OUT

Develop An Action Plan For Any Product That Does Not Receive User Sign-Off.

Obtain User And Management Approval Of Tested System And Final Deliverables.

Close-Out Open Action Items.

Assist Division Of Purchases In Contract Close-Out.

Develop Post Implementation Evaluation Report (PIER) Conduct Lessons Learned Session. Celebrate Success.


6




Assumptions

Projects Always Have A High Degree Of Uncertainty. In Order To Make Any Progress,We Need To Assume Things. The Reason To Document Them Is Two Fold. Firstly ItAllows People To Challenge The Assumption, And Secondly It Ensures We Don't ForgetThe Assumption.

The SMB Model Defines Two Levels Of Security:

• Share Level. Protection Is Applied At The Share Level On A Server. Each

Share Can Have A Password, And A Client Only Needs That Password ToAccess All Files Under That Share. This Was The First Security Model That

SMB Had And Is The Only Security Model Available In The Core And CoreplusProtocols.

• User Level. Protection Is Applied To Individual Files In Each Share And Is

Based On User Access Rights. Each User (Client) Must Log In To The Server And Be Authenticated By The Server. When It Is Authenticated, The Client IsGiven A UID Which It Must Present On All Subsequent Accesses To The Server

Example:• The Sales And Dispatch Staff Will Enter The Details Of Their Contacts• The Sales File Is Up To Date And We Can Load Information Directly Into A New

System.

Vision Document Regarding Stake Holders

It Defines The Stakeholders View Of The Product To Be Developed, Specified In Terms

Of The Stakeholders Key Needs And Features. Containing An Outline Of TheEnvisioned Core Requirements, It Provides The Contractual Basis For The MoreDetailed Technical Requirements. It Is Much Shorter And More General Than A ProductRequirements Document Or A Marketing Requirements Document, Which Outline TheSpecific Product Plan And Marketing Plan Respectively

Vision Focuses More On How The Project Will Contribute To The Bigger Picture Of Where The Organization Is Going. Think Of "Vision" As Being The Alignment WithCorporate Objectives. Answer The Question; · The Direction Of The Company Is.(WhatSpecific Part Of That Direction Is Relevant To The Project) Example: The Company Is


7

http://en.wikipedia.org/wiki/Product_requirements_document


http://en.wikipedia.org/wiki/Marketing_requirements_document



http://en.wikipedia.org/wiki/Marketing_requirements_document




7.1 Vision Statement

The Vision Statement Should Reflect A Balanced View That Will Satisfy The Needs Of Diverse Customers As Well As Those Of The Developing Organization. It May BeSomewhat Idealistic, But It Should Be Grounded In The Realities Of Existing Or Anticipated Customer Markets, Enterprise Architectures, Organizational StrategicDirections, And Cost And Resource Limitations

7.2 Stakeholder Profiles

Stakeholders Are Individuals, Groups, Or Organizations That Are Actively Involved In AProject, Are Affected By Its Outcome, Or Can Influence Its Outcome. The Stakeholder Profiles Identify The Customers For This Product And Other Stakeholders, And States

Their Major Interests In The Product. Characterize Business-Level Customers, TargetMarket Segments, And Different User Classes, To Reduce The Likelihood Of UnexpectedRequirements Surfacing Later That Cannot Be Accommodated Because Of Schedule Or Scope Constraints. For Each Stakeholder Category, The Profile Includes The Major ValueOr Benefits They Will Receive From The Product, Their Likely Attitudes Toward TheProduct, Major Features And Characteristics Of Interest, And Any Known ConstraintsThat Must Be Accommodated. Examples Of Stakeholder Value Include:

• Improved Productivity• Reduced Rework • Cost Savings

• Streamlined Business Processes• Automation Of Previously Manual Tasks• Ability To Perform Entirely New Tasks Or Functions• Conformance To Current Standards Or Regulations• Improved Usability Or Reduced Frustration Level Compared To CurrentApplications

7.2.1Vision Document Regarding Stakeholders

Example:

Stakeholder Major

Value

Attitudes Major Interests Constraints

Executives IncreasedRevenue

See Product AsAvenue To 25%Increase In MarketShare

Richer Feature SetThan Competitors;Time To Market

MaximumBudget =$1.4M

Editors Fewer Errors InWork

Highly Receptive,But Expect HighUsability

Automatic Error Correction; Ease Of Use; High Reliability

Must Run OnLow-EndWorkstations

Legal Aides Quick Access ToData

Resistant UnlessProduct IsKeystroke-

Compatible WithCurrent System

Ability To HandleMuch Larger Database Than

Current System; EasyTo Learn

No Budget For Retraining


8




9 Goals & Objectives

• Serve Directory Trees And Printers To Linux, UNIX, And Windows Clients.

• Assist In Network Browsing (With Or Without Netbios)

• Authenticate Windows Domain Logins.

• Provide Windows Internet Name Service (WINS) Name Server Resolution.

• Act As A Windows NT®-Style Primary Domain Controller (PDC)

• Act As A Backup Domain Controller (BDC) For A Samba-Based PDC.

• Act As An Active Directory Domain Member Server.

• Join A Windows NT/2000/2003 PDC.

• Sometimes It Is Useful To Mount A Samba Share To A Directory So That The Files

In The Directory Can Be Treated As If They Are Part Of The Local File System.

• To Configure Samba Using A Graphical Interface, Use The Samba Server

Configuration Tool.


9




10. Services Offered Over Network

Services Offered Over The Network Means What The Services Offered By Working On

This Project. It Provides A Services Such As Interconnectivity Between Windows OS

And Linux OS, File Sharing Between These Two And The User Level Security On The

Network.

10.1 Connectivity With Windows OS

When We Need To Network Our Linux Box With Windows, Samba Is The Way To DoIt.The Whole Point Of Networking Is To Allow Computers To Easily Share Information.Unfortunately, Even The Most Die-Hard Linux Fanatic Has To Admit The OperatingSystem Most Of The Pcs In The World Are Running Is One Of The Various Types Of Windows. Unless We Use Our Linux Box In A Particularly Isolated Environment, WeWill Almost Certainly Need To Exchange Information With Machines RunningWindows. Assuming You're Not Planning On Moving All Of Your Files Using FloppyDisks, The Tool We Need Is Samba.

10.2 User Level Security

We Will Describe User Level Security First, As Its Simpler. In User Level Security, TheClient Will Send A Session Setup Request Directly Following Protocol Negotiation. ThisRequest Provides A Username And Password. The Server Can Either Accept Or RejectThat Username/ Password Combination. At This Stage The Server Has No Idea WhatShare The Client Will Eventually Try To Connect To, So It Can’t Base TheAccept/Reject On Anything Other Than:

1. The Username/Password.2. The Name Of The Client Machine.

If The Server Accepts The Username/Password Then The Client Expects To Be Able ToMounts Hares (Using A Tree Connection) Without Specifying A Password. It ExpectsThat All Access Rights Will Be As The Username/Password Specified In The SessionSetup. It Is Also Possible For A Client To Send Multiple Session Setup Requests. WhenThe Server Responds, It Gives The Client A Uid To Use As An Authentication Tag For That Username/Password. The Client Can Maintain Multiple Authentication Contexts InThis Way (Windd Is An Example Of An Application That Does This).


10




10.3 Mounting The Share

Sometimes It Is Useful To Mount A Samba Share To A Directory So That The Files In

To Directory Can Be Treated As If They Are Part Of The Local File System.

10.4 File Server

If You Will Be Using Microsoft Workstations Then You Will Need To Install Samba.Samba Uses The Same Protocols That Microsoft Uses To Share Folders On The

Network. Samba Can Also Be Configured To Make Your Linux Server Act Like AMicrosoft Domain Controller.

11. Technology Assessment

Technology Assessment Is The Study And Evaluation Of New Technologies. It Is BasedOn The Conviction That New Developments Within, And Discoveries By, The ScientificCommunity Are Relevant For The World At Large Rather Than Just For The ScientificExperts Themselves, And That Technological Progress Can Never Be Free Of Ethical Implications. Also, Technology Assessment Recognizes The Fact That Scientists

Normally Are Not Trained Ethicists Themselves And Accordingly Ought To Be VeryCareful When Passing Ethical Judgement On Their Own, Or Their Colleagues, NewFindings, Projects, Or Work In Progress.

Technology Assessment Assumes A Global Perspective And Is Future-Oriented Rather Than Backward-Looking Or Anti-Technological. ("Scientific Research And Science-Based Technological Innovation Is An Indispensable Prerequisite Of Modern Life AndCivilization. There Is No Alternative.The Following Technologies Are Used.

11.1 System Requirements:

• Samba-Conf Works Only Under UNIX.

•

You Need To Install Smb 1.03 Or, Daemontools 0.70 Or And Ucspi-Tcp 0.86 Or Above Before Using Samba-Conf.

• Download The Samba Package And Unpack It Into Some Directory, But You Don't Have To Install Others One. Installing Smb-Conf Won't Interfere With Any ExistingDNS Software Installation.


11

http://en.wikipedia.org/wiki/Evaluation

http://en.wikipedia.org/wiki/Technology

http://en.wikipedia.org/wiki/Scientific_community


http://en.wikipedia.org/wiki/Ethics


http://en.wikipedia.org/wiki/Scientist

http://en.wikipedia.org/wiki/Ethicist

http://en.wikipedia.org/wiki/Work_in_progress

http://en.wikipedia.org/wiki/Future

http://cr.yp.to/daemontools.html

http://cr.yp.to/ucspi-tcp.html

http://en.wikipedia.org/wiki/Evaluation

http://en.wikipedia.org/wiki/Technology




http://en.wikipedia.org/wiki/Scientist

http://en.wikipedia.org/wiki/Ethicist

http://en.wikipedia.org/wiki/Work_in_progress

http://en.wikipedia.org/wiki/Future

http://cr.yp.to/daemontools.html

http://cr.yp.to/ucspi-tcp.html




11.2 Installation:

• Download The Smb-Conf Package. The Latest Published Smb-Conf Package Is Smb-Conf-0.60.Tar.Gz.

• Download The Djbdns Package. The Latest Published Djbdns Package Is Djbdns-1.05.Tar.Gz.

• Unpack The Smb-Conf Package And Switch To The Samba-Conf Source Directory:Gzip -Dc Smb-Conf-0.60.Tar.Gz | Tar Xf –Cd Smb-Conf-0.60

• Edit Conf-* Files If Necessary.

• Unpack The Djbdns Package:

11.3 Microsoft Word:

• The Whole Documentation Is Written In Microsoft Word Application.

• Use Of Alternate Text For Images In Word Documents.

• Use Of Styles & Formatting For Marking Up Headers And Lists.

• Use Of Hyperlink Creation On Text

12 Success Factors (Project Scope)

Samba Is A File And Print Server For Windows-Based Clients Using TCP/IP As TheUnderlying Transport Protocol.Here Following Success Factors Are

12.1 Business Case

Ensure That There Is A Strong Business Case, With High Level Support, That EveryoneCan Buy Into. The Business Case Is The Justification For The Project And Should ListThe Expected Benefits. This Is Something Everyone Involved In The Project Can FocusOn And The Reason Why The Project Is Taking Place. Projects Move Us From OneState To Another By Delivering A Change, Product Or Other Desired Outcome, WithThe Business Case Explaining Why.

12.2 Critical Success Factors

Define With The Customer The Critical Success Factors That Will Make The Project ASuccess. Ensure That You Make Them Measurable, For Example A 20% Reduction InThe Cost Of Raw Materials By The End Of The Year. Use These Factors At The End Of The Project To Measure Your Success.


12

http://woodsheep.jp/qmail-conf/qmail-conf-0.60.tar.gz


http://cr.yp.to/djbdns/djbdns-1.05.tar.gz









12.3 Planning

Time Spent Planning Is Time Well Spent. All Projects Must Have A Plan With SufficientDetail So That Everyone Involved Knows Where The Project Is Going. A Good Plan

Provides The Following Benefits:

• Clearly Documented Project Milestones And Deliverables.• A Valid And Realistic Timescale.• Allows Accurate Cost Estimates To Be Produced.• Details Resource Requirements.• Acts As An Early Warning System, Providing Visibility Of Task Slippage.• Keeps The Project Team Focused And Aware Of Project Progress .

12.4 Team Motivation

A Motivated Team Will Go That Extra Mile To Deliver A Project On Time And ToBudget. Keep Your Team Motivated By Involving Them Throughout The Project AndBy Planning Frequent Milestones To Help Them Feel They Are Making Progress.

12.5 Avoiding Scope Creep

Scope Creep Is One Of The Most Common Reasons Projects Run Over Budget AndDeliver Late. Don't Forget The Customer Will Forget The Extra Work And Effort YouHave Put In, Insisting That You Have Delivered What They Asked For Originally.Ensure That You Set Expectations Correctly At The Outset Of The Project And Clearly

Define What Is In And Out Of Scope. Record It In The Key Project Document. Don'tAssume The Customer Will Read And Understand This Document. I Recommend ThatYou Spend An Hour With The Customer To Walk Them Through The Project AndEnsure That They Understand And Agree The Scope. Don't Proceed Without A FirmAgreement.

12.6 Risk Management

Nobody Likes To Think About Risks Especially Early On In A Project. Avoid Risk Management At Your Peril. I Recommend That You Produce A Risk Log With AnAction Plan To Minimized Each Risk And Then Publish It To All Of The KeyStakeholders In Your Project. Knowing What Action You Will Take, Should The WorstHappen, Will Be A Great Comfort.

12.7 Project Closure

Remember That Projects Have A Finite Life. A Project That Isn't Closed Will ContinueTo Consume Resources. It's In The Customer's Interest To Keep The Project Open SoThey Can Add New Features And Functionality As They Think Of Them. At The End Of A Project Be Firm, Agree With The Customer That The Critical Success Factors HaveBeen Met, The Project


13




13. High Level Plan & Timeline

13.1 Description

This Activity Identifies High-Level Targets Or Milestones For The Project. MilestonesAre Deliverables Or Major Events To Be Achieved On A Specified Date. Milestones CanBe Viewed As ”How Are We Doing” Thresholds Indicating Whether A Project Is OnTrack To Finish As Expected.

13.2 Rationale/Purpose

High Level Milestones And Timelines Have Three Important Goals:

1. Provide Measurement Showing That Tangible Progress Has Been Made On The

Project;2. Ensure Validation Allowing The Project To Move On To The Next Step If The

Milestone Is Met Or Take Corrective Action If The Milestone Is Not Met;3. Provide Support For Staff Resource Planning And Budget Preparation.

13.3 Who Is Involved

• Project Manager • Project Stakeholder

13.4 Result

Milestone And Timeline Information Is Included In A Separate Section Of Your Project Charter Often Referred To As:

• Project Milestones• Project Timeline


14




14. Risk Analysis Assessment

Security Risk Analysis, Otherwise Known As Risk Assessment, Is Fundamental To TheSecurity Of Any Organization. It Is Essential In Ensuring That Controls And Expenditure

Are Fully Commensurate With The Risks To Which The Organization Is Exposed.However, Many Conventional Methods For Performing Security Risk Analysis AreBecoming More And More Untenable In Terms Of Usability, Flexibility, AndCritically... In Terms Of What They Produce For The Users. Security Risk Analysis,Otherwise Known As Risk Assessment, Is Fundamental To The Security Of AnyOrganization. It Is Essential In Ensuring That Controls And Expenditure Are FullyCommensurate With The Risks To Which The Organization Is Exposed. However,Many Conventional Methods For Performing Security Risk Analysis Are BecomingMore And More Untenable In Terms Of Usability, Flexibility, And Critically... In TermsOf What They Produce For The User.S

A Security Policy Framework Is Necessary To Support The Security InfrastructureRequired For The Secure Movement Of Sensitive Information Across And Within

National Boundaries. To Ensure The Secure Operation Of This Kind Of Infrastructure, ItIs Necessary To Have Some Well-Founded Practice For The Identification Of SecurityRisks (As Well As The Application Of Appropriate Controls To Manage Risks).

14.1 Risk Analysis Management:

Risk Risk Level

L/M/H

Mitigation Strategy

Project Size Estimated ProjectSchedule

M: Over 3 Months Created Comprehensive Project Timeline WithFrequent Baseline Reviews

Low User Knowledge M: Knowledgeable Of User Area Only

Assigned Project Manager(S) To Assess GlobalImplications

Project TeamUnavailability

M: Distributed TeamMakes AvailabilityQuestionable

Continuous Review Of Project Momentum By AllLevels. Consultant To Identify Any ImpactsCaused By Unavailability. If Necessary, IncreaseCommittmment By Participants To Full TimeStatus

Time Factor L: Timke Factor Is A BigObstacle

All The Work Must Be Completed In Time

The Risk List Is Following:

• Instability Of End Users.

• Time Factor Is A Big Risk.

• Less Availability Of Technology


15




14.2 Quantitative Assessment

Quantitative Assessment Deals With Numbers And Dollar Amounts. It Attempts ToAssign A Cost (Monetary Value) To The Elements Of Risk Assessment And To The

Assets And Threats Of A Risk Analysis. To Fully Complete A Quantitative Risk Assessment, All Elements Of The Process (Asset Value, Impact, Threat Frequency,Safeguard Effectiveness, Safeguard Costs, Uncertainty, And Probability) Are Quantified.Therein Lies The Problem With Purely Quantitative Risk Assessment: It Is Difficult, If

Not Impossible, To Assign Dollar Values To All Elements; Therefore, Some QualitativeMeasures Must Be Applied To Quantitative Elements. A Quantitative AssessmentRequires Substantial Time And Personnel Resources. The Quantitative AssessmentProcess Involves The Following Three Steps

14.3 Qualitative Assessment

Maybe You Are Thinking That There Has To Be Another Way To Perform AnAssessment. If So, You Are Right. Qualitative Assessment Is Scenario Driven And Does

Not Attempt To Assign Dollar Values To Components Of The Risk Analysis. PurelyQuantitative Risk Assessment Is Hard To Achieve Because Some Items Are Difficult ToTie To Fixed Dollar Amounts. Absolute Qualitative Risk Analysis Is Possible Because ItRanks The Seriousness Of Threats And Sensitivity Of Assets Into Grades Or Classes,Such As Low, Medium, And High

• Low:

Minor Inconvenience That Could Be Tolerated For A Short Period Of Time.

• Medium

Could Result In Damage To The Organization Or Cost A Moderate Amount Of Money

To Repair.

• High

Would Result In Loss Of Goodwill Between The Company And Clients Or

Employees. Could Result In A Legal Action Or Fine, Or Cause The Company To

Lose Revenue Or Earnings.


16




15. Work Breakdown Structure:

A Work Breakdown Structure (WBS) In Project Management And Systems Engineering, Is A Tool Used To Define And Group A Project's Discrete Work Elements (Or Tasks) InA Way That Helps Organize And Define The Total Work Scope Of The Project.

A Work Breakdown Structure Element May Be A Product, Data, A Service, Or AnyCombination. A WBS Also Provides The Necessary Framework For Detailed CostEstimating And Control Along With Providing Guidance For Schedule DevelopmentAnd Control. Additionally The WBS Is A Dynamic Tool And Can Be Revised AndUpdated As Needed By The Project Manager .

The Work Breakdown Structure Is A Tree Structure, Which Shows A Subdivision Of

Effort Required To Achieve An Objective; For Example A Program, Project, AndContract. In A Project Or Contract, The WBS Is Developed By Starting With The EndObjective And Successively Subdividing It Into Manageable Components In Terms Of Size, Duration, And Responsibility (E.G., Systems, Subsystems, Components, Tasks,Subtasks, And Work Packages) Which Include All Steps Necessary To Achieve TheObjective.

The Work Breakdown Structure Provides A Common Framework For The NaturalDevelopment Of The Overall Planning And Control Of A Contract And Is The Basis For Dividing Work Into Definable Increments From Which The Statement Of Work Can BeDeveloped And Technical, Schedule, Cost, And Labor Hour Reporting Can Be Established.


17

http://en.wikipedia.org/wiki/Project_management

http://en.wikipedia.org/wiki/Systems_engineering

http://en.wikipedia.org/wiki/Project

http://en.wikipedia.org/wiki/Task_(project_management)

http://en.wikipedia.org/wiki/Product_(business)

http://en.wikipedia.org/wiki/Data

http://en.wikipedia.org/wiki/Service_(economics)

http://en.wikipedia.org/wiki/Project_manager

http://en.wikipedia.org/wiki/Tree_structure

http://en.wikipedia.org/wiki/Program_management


http://en.wikipedia.org/wiki/Contract

http://en.wikipedia.org/wiki/Statement_of_work

http://en.wikipedia.org/wiki/Project_management

http://en.wikipedia.org/wiki/Systems_engineering


http://en.wikipedia.org/wiki/Task_(project_management)

http://en.wikipedia.org/wiki/Product_(business)

http://en.wikipedia.org/wiki/Data

http://en.wikipedia.org/wiki/Service_(economics)

http://en.wikipedia.org/wiki/Project_manager

http://en.wikipedia.org/wiki/Tree_structure

http://en.wikipedia.org/wiki/Program_management


http://en.wikipedia.org/wiki/Contract

http://en.wikipedia.org/wiki/Statement_of_work




A Work Breakdown Structure Is A Results-Oriented Family Tree That Captures All TheWork Of A Project In An Organized Way. It Is Often Portrayed Graphically.


18

SAMBA Confi uration in LINUX

Documentation Configurations

DNS

Linux Installation

User account

FTP

BINDPackage

Samba

Requirement

Gathering

Visit to Samba sites

Visit to Speedy I.T

Feasibility

vsftpdPackage

1st deliverable

2nd deliverable

Final documentation




16.2 Identify The Critical Path

Activity Duration ES EF LS LF TS FS

A 1 0 1 0 2 1 0

B 2 0 2 0 2 0 0

C 2 2 4 2 4 0 0

D 4 4 6 4 6 0 0

E 4 6 9 6 9 0 0

F 3 9 13 10 14 1 0

G 2 9 14 9 14 0 0

H 2 14 15 14 15 0 0

I 1 15 17 15 17 0 0

16.3 Critical Path

B C D E G H I

16.4 Total Duration Of The ProjectDuration Of Critical Path (Weeks) = 17


20




17 Gantt Chart:

Graphical Representation Of Activities Within A Project Over Time. The Duration Of Each Activity Is Shown As A Bar, The Ends Of Which Corresponds To The Start AndEnd Date Of The Activity.

ID Task NameApril'10 May '10 June '10 July '10 Aug '10

1 Study The SMB Setup2 Visit The Speedy I.T

3 Visit Samba's

4Study User Authentication

5 Configuration Of Samba 6 Study Of Linux Security

7 Installation Of Samba

8Configuration Of SambaServer

9 Configure User Accounts

10 Configuration Of DNS

11 Configuration Of FTP


21

7 14 21 2811 18 2542 9 16 30241710 32720136 23




18. Cost/Benefit Analysis:The Standard Justification For Choosing One Level Of Testing Over Another Is That TheBenefits Exceed The Costs Over The Life Cycle Of The Project. Doing An ActualAnalysis Of The Benefits And Costs Of Using Various Testing Structures Can EncourageBetter Decision Making And Ensure That Resources Are Allocated Effectively To

Support The Maximum Level Of Testing Necessary For A Project At The Lowest Cost.The Benefits Of Domain Security Are Available To Those Sites That Deploy A SambaPDC. A Domain Provides A Unique Network Security Identifier (SID). Domain User And Group Security Identifiers Are Comprised Of The Network SID Plus A RelativeIdentifier (RID) That Is Unique To The Account. User And Group Sids (The Network SID Plus The RID) Can Be Used To Create Access Control Lists (Acls) Attached To

Network Resources To Provide Organizational Access Control. UNIX SystemsRecognize Only Local Security Identifiers.

18.1 Configuring Samba To Use The ADS Security ModeThe Intent Of This Article Is To Show You How To Configure Your Linux Machine AndSamba Server To Participate In A Windows 2003 Active Directory Domain As AMember Server Using Kerberos Authentication.This Involves Using The Security = ADS Security Mode In Samba

18.2 Samba In A Linux/Windows EnvironmentLinux Journal Is Running Part Two In A Series Of Articles On Linux Servers That HaveTo Support Windows Clients. The Article Has A Decent Section On How To ConfigureSamba For File And Print Sharing. The Piece Works Well As A Quick And Easy

Introduction To Samba's Role Within A Linux Server. This Is The Kind Of Piece YouCan Share With Friends, Co-Workers, And Fellow Sys Admins Considering Samba

19. Architecture Assessment/Network Description:

Samba Is Essentially A TCP/IP File And Print Server For Microsoft Windows Clients. InFact, It Can Support Any SMB/CIFS-Enabled Client. One Of Samba’s Big Strengths IsThat You Can Use It To Blend Your Mix Of Windows And Linux Machines Together Without Requiring A Separate Windows Server. Samba Includes Support For ActiveDirectory, Unicode, New Authentication And Filename Mangling Systems, Printing

Support, Trust Relationships, LDAP Integration And Loadable RPC Modules.


22

http://www.linuxjournal.com/

http://www.linuxjournal.com/




Configuring Samba Is Fairly Straightfoward, However It Is Akin To Reading AnInstruction Book Written In A Different Language. Hopefully, This Next Bit Will GetYou Up And Running Fast,. It’s Perfect For A Quick & Dirty Method To Transfer FilesTo And From Your Samba Box Via The Windows Interface If You’re None Too

Concerned About Additional Computers On Your Network (E.G., A Home Network).ByDefault, Samba Does Not Install Any Configuration File Whatsoever. So, The Very FirstThing We’ll Need To Do Is Fire Up Our Favorite Text Editor (Vim, Pico, Etc.) AndCreate The File /Etc/Samba/Smb.Conf With The Following Contents. Don’t Worry AboutThe Meaning Of Each Of These Just Yet.

20. Historical Background & Future Development:

Once Long Ago, There Was A Buzzword Referred To As DCE/RPC. This Stood For Distributed Computing Environment/Remote Procedure Calls And Conceptually Was AGood Idea. It Was Originally Developed By Apollo/HP As NCA 1.0 (Network Computing Architecture) And Only Ran Over UDP. When There Was A Need To Run ItOver TCP So That It Would Be Compatible With Decnet 3.0, It Was Redesigned,Submitted To The Open Group, And Officially Became Known As DCE/RPC. MicrosoftCame Along And Decided, Rather Than Pay $20 Per Seat To License This Technology,To Reimplement DCE/RPC Themselves As MSRPC. From This, The Concept ContinuedIn The Form Of SMB (Server Message Block, Or The ”What”) Using The Netbios(Network Basic Input/Output System, Or The ”How”) Compatibility Layer. You CanRun SMB (I.E., Transport) Over Several Different Protocols; Many DifferentImplementations Arose As A Result, Including NBIPX (Netbios Over IPX, Nwlnknb, Or

Nwnblink) And NBT (Netbios Over TCP/IP, Or Netbt). As The Years Passed, NBT

Became The Most Common Form Of Implementation Until The Advance Of ”Direct-Hosted TCP” – The Microsoft Marketing Term For Eliminating Netbios Entirely AndRunning SMB By Itself Across TCP Port 445 Only. As Of Yet, Direct-Hosted TCP HasYet To Catch On. Perhaps The Best Summary Of The Origins Of SMB Are Voiced InThe 1997 Article Titled, CIFS: Common Insecurities Fail Scrutiny:.

21. Staffing & Skill Assessment:The Staff Member Will Have The Enough Knowledge About The Linux AdministrationAnd The Security Implementation In The Linux. Our Project Members Have EnoughKnowledge About The Configuration Of The Samba Setup And The Major Server’s

Configuration. The Staff Members Are Competent And Hardworking They Can HandleAny Difficulty In The Configuration Of The Server.

21.1 Project Management:The Group Members Have The Capability To Manage The Project According To TermsAnd Condition In Which The Project Should Be Completed.

21.2 Authentication:The Users Will Be Authenticated Through The Username And Password. Once The User Is Authenticated The User Can Enjoy The Facility Of The Internet According To HisBalance. We Shall Use The Authentication Protocols Which Are PAP And CHAP For

The Implementation Of The Authentication.


23




21.3 Security:The Security Will Be Implemented Through The Proper Channel. We Have The AbilityTo Implement The Security By Using The Access Control List And By Restricting The

IP Addresses And Firewall.

21.4 Application Management:We Shall Manage The Application Of The Server’s As They Were Configured.

21.5 Introduction To Team Member And Their Skill Set:

Name Roll No.

IMRAN AFZAL MT08050

HASSAN MT08037

SAQIB ILYAS MT08005

21.6 Project Management:-

Mr. Imran Afzal Is The Group Leader Of The Project. He Is At Home In TheConfiguration Side Of The Servers. He Can Easily Manage The Different Technical

Problems And Finding Out The Best Optimal Solution. So, He Will Mostly Work OnThe Server Configuration And Their Maintenance. He Will Deal With The Routing AndSwitching Operations.

21.7 System Testing:-

Mr.Saqib Ilyas Is An Intelligent Student Having Determination And Decision MakingCapabilities. He Will Ensure The Accuracy Of The Different Processes And WillDetermine The Changing That Should Be Taken. He Has Strong Networking Concepts.

Mr.Saqib Ilyas Will Work On The User Validation And Authentication Process. He IsThe Student With Advance Networking Ideas. He Will Also Deal With The Network Traffic Management.

21.8 Documentation (User And Technical):

Mr.Hassan Will Work On The User And Technical Documentation He Is The StudentWith Advance Networking Ideas. He Is Also Good In Application Software (MS Word,

Netsimboson, Etc)He Is The Experienced Member Of The Group. He Will Deals With The User

Authentication In The Samba Setup. He Has Enough Knowledge About The HardwareAnd Software Used In The Linux Setup. He Will Manage The Network Traffic


24




21.9 Training:Training Is Required For The Group Members Because The Technology Is ChangingDay-By-Day And The Members Should Have Knowledge About All The Advancement

Happened In The Field Of Networking. The Members Should Get The Training To Work In The Linux, LAN And WAN.

22. Network Assessment:In This Project We Need 1MB Bandwidth From The PTCL. We Shall Use The CiscoSwitches And Routers For The Load Balancing. We Also Need Of The Fiber Optics ToPerform Better Work. We Need Live And Dead IP’s To Run Our ISP Setup.Firewall Will Be Implemented To Secure The Network. It Can Be Hardware Or Software.

23. Server Assessment:The Following Are The Requirements For The ISP’s Servers.a. 512 RAM

b. 1.8 Ghz Processor c. 1 UPSd. Keyboard, Mouse, Monitor e. Two Client System

24. Training Assessment:The Training Is Required For The Group Members Which May Be The Visits To TheSamba Sites And Know Their Infrastructure. Training Is A Important Factor Of The Life.Without Training Anyone Can Not Perform Better Work. Training Makes The PersonConfident In His Field Of Work.

25. Communications Assessment:

The User Will Be Able To Use The Internet At The Completion Of This Project. Internet

Is The Most Required Facility To The Users. The User Can Perform The Lot Of Work On The Internet And Also Run The Business On The Internet. We Shall Provide TheFacility Of Web Hosting. The User Makes Their Websites And Purchase Domain FromUs And Can Host Their Own Websites. It Will Be Helpful For The Advertisement Of The Business Of The Users.

26. Documentation Assessment:

We Shall Make The Documentation Of Our Project. The User Will Be Facilitated ByDocument Through Which They Can Get The Help According To Their Problems. WeShall Provide The Online Help Via A Telephone So The Users Can Contact Us And Tell


25




Their Problems. We Shall Provide The Pamphlets To The Users On Which TheInformation Is Provided Which Are Helpful For The Users.

27. Operations/Maintenance Assessment:

1. We Shall Provide The Warranty To The Organization That Will Purchase Our ISPSetup.

2. We Shall Provide The Maintenance Facility When Ever Any Problem Occurs.3. The Multiple Type Of The Training Is Required To The Group Members To Handle

Verity Of The Problems.

4. Because The Group Members Are Trained With Latest Equipment And UpdatedWith The Study Of The Latest Technologies So That Never Any New TechnologyCan Create Problem For Us And Neither Affect Our ISP Setup.

5. New Technology Can Be Handled With Little More Efforts.6. The Growth Will Be Required In The ISP With The Extension Of The Services And

When The New Technology Is Introduces In The Networks.

28. Server Configuration Basics

The Purpose Of This Section Is To Aid The Transition From Existing MicrosoftWindows Network Knowledge To Samba Terminology And Norms. The Chapters InThis Part Each Cover The Installation Of One Type Of Samba Server.

29. Advanced Configuration

The Mechanics Of Network Browsing Have Long Been The Achilles Heel Of AllMicrosoft Windows Users. Samba-3 Introduces New User And Machine AccountManagement Facilities, A New Way To Map UNIX Groups And Windows Groups,Interdomain Trusts, New Loadable File System Drivers (VFS), And More. New WithThis Document Is Expanded Printing Documentation, As Well As A Wealth Of

Information Regarding Desktop And User Policy Handling, Use Of Desktop Profiles,And Techniques For Enhanced Network Integration. This Section Makes Up The CoreOf The Book. Read And Enjoy.

30. Migration And Updating

A Much Requested Addition To The Book Is Information On How To Migrate FromMicrosoft Windows NT4 To Samba-3, As Well As An Overview Of What The IssuesAre When Moving From Samba-2.X To Samba-3.


26




31. Troubleshooting

This Short Section Should Help You When All Else Fails.

32. Reference Section

Here You Will Find A Collection Of Things That Are Either Too Peripheral For MostUsers, Or Are A Little Left Of Field To Be Included In The Main Body Of Information.

Welcome To Samba-3 And The First Published Document To Help You And Your UsersTo Enjoy A Whole New World Of Interoperability Between Microsoft Windows AndThe Rest Of The World.

33. Obtaining And Installing Samba

Binary Packages Of Samba Are Included In Almost Any Linux Or UNIX Distribution.There Are Also Some Packages Available At The Samba Home Page. Refer To TheManual Of Your Operating System For Details On Installing Packages For Your SpecificOperating System.

34. Configuring Samba (Smb.Conf)

Samba's Configuration Is Stored In The Smb.Conf File, Which Usually Resides In/Etc/Samba/Smb.Conf Or /Usr/Local/Samba/Lib/Smb.Conf . You Can Either Edit This FileYourself Or Do It Using One Of The Many Graphical Tools That Are Available, Such AsThe Web-Based Interface SWAT, That Is Included With Samba.

35. Configuration File Syntax

The Smb.Conf File Uses The Same Syntax As The Various Old .Ini Files In Windows 3.1:

Each File Consists Of Various Sections, Which Are Started By Putting The Section Name Between Brackets ([]) On A New Line. Each Contains Zero Or More Key/ValuePairs Separated By An Equality Sign (=). The File Is Just A Plaintext File, So You CanOpen And Edit It With Your Favorite Editing Tool.

Each Section In The Smb.Conf File Represents Either A Share Or A Meta-Service On TheSamba Server. The Section [Global] Is Special, Since It Contains Settings That Apply ToThe Whole Samba Server. Samba Supports A Number Of Meta-Services, Each Of WhichServes Its Own Purpose. For Example, The [Homes] Share Is A Meta-Service That CausesSamba To Provide A Personal Home Share For Each User. The [Printers] Share Is A Meta-Service That Establishes Print Queue Support And That Specifies The Location Of The


27

http://samba.org/

http://samba.org/




Intermediate Spool Directory Into Which Print Jobs Are Received From WindowsClients Prior To Being Dispatched To The UNIX/Linux Print Spooler.

36. SAMBA DEAMONS

The Samba Server Is Made Up Of The Following Daemons:

36.1 Nmbd

This Daemon Handles All Name Registration And Resolution Requests. It Is The

Primary Vehicle Involved In Network Browsing. It Handles All UDP-Based Protocols.The Nmbd Daemon Should Be The First Command Started As Part Of The SambaStartup Process.

36.2 Smbd

This Daemon Handles All TCP/IP-Based Connection Services For File- And Print-BasedOperations. It Also Manages Local Authentication. It Should Be Started ImmediatelyFollowing The Startup Of Nmbd.

36.3 Winbindd

This Daemon Should Be Started When Samba Is A Member Of A Windows NT4 Or ADS Domain. It Is Also Needed When Samba Has Trust Relationships With Another Domain. The Winbindd Daemon Will Check The Smb.Conf File For The Presence Of The Idmap Uid And Idmap Gid Parameters. If They Are Are Found, Winbindd Will UseThe Values Specified For For UID And GID Allocation. If These Parameters Are NotSpecified, Winbindd Will Start But It Will Not Be Able To Allocate Uids Or Gids.

37. Installing Necessary Software

We Have Working Installation Of Opensuse 10.1, We Will Need To Install A FewPackages To Make This Work .

37.1 Installing Package

The Must Practical Was To Use Yast (If You Use X Window Launch Yast2, If You Don'tUse X Launch Yast)


28




37.2 Install:

Samba-ClientSamba-DocSambaSamba-PdbSamba-Winbind

Yast2-Samba-ClientYast2-Samba-Server Samba-VscanBindBind-ChrootOpenldap2Openldap2-Client

38. SAMBA SETUP

Move Your Old Smb.Conf File To A Safe Place:

# Cd /Etc/Samba/# Mv Smb.Conf Smb.Conf.OLD

Now Using Your Favorite Ascii Editor , Edit Or Create Smb.Conf File In /Etc/SambaDirectory And Modify Or Add These Lines To It. Note That For The WorkgroupStatement, If Foobar.Tld Is Longer Than 15 Characters Samba Will Truncate It! IRecommend You To Build Smb.Conf File From Scratch As Defined Below:

39. CONFIGURARATION FILE OF SAMBA (Smb.Conf)

# Smb.Conf Is The Main Samba Configuration File. You Find A Full Commented# Version At /Usr/Share/Doc/Packages/Samba/Examples/Smb.Conf.SUSE If The# Samba-Doc Package Is Installed.# Date: 2006-06-16[Global]Workgroup = PUCITSmb Passwd File = /Etc/Samba/Smbpasswd

# Username Map = /Etc/Samba/Smbusers


29

http://editors/

http://editors/




Map To Guest = Bad User Security = Ads# Encrypt Passwords = YesServer String = Student File Server

Netbios Name = Student#Add Machine Script =Domain Master = FalseRealm = PUCIT.EDU.PK Winbind Separator = +

Winbind Enum Users = YesWinbind Enum Groups = YesIdmap Uid = 10000-20000Idmap Gid = 10000-20000Domain Logons = NoLocal Master = No

Preferred Master = NoPassword Server = 172.16.0.1#Password Server = *

Load Printers = NoWins Server = 172.16.0.1Comment = Home DirectoriesValid Users = %S,Browseable = NoRead Only = NoInherit Acls = Yes[Fhome]Comment = Student Home DirsPath = /HomeBrowseable = NoValid Users = ShaheenPublic = No

Writable = YesPrintable = No

Create Mask = 0765#Net Join Ads -Wpugc.EDU.PK -U Administrator

40. HOW TO CHECK CONFIGURATION

Now Let’s Check Our Config For Syntactical Correctness, You Should Get An OutputAs Shown Below:

# TestparmLoad Smb Config Files From /Etc/Samba/Smb.Conf Processing Section "[Homes]"Processing Section "[Printers]"Processing Section "[Netlogon]"

Processing Section "[Profiles]"


30




Processing Section "[Share]"Loaded Services File OK.Server Role: ROLE_DOMAIN_PDC

41. How To Add/Remove User Accounts In Linux

Most Of Us Need To Work With Creating/Managing User Accounts On A Regular Basis.System Administrators Have To Deal With This Stuff On A Regular Basis. In ThisHowto I Will Go Through The Basics Of Creating And Deleting User Accounts On ALinux-Based System.

41.1 Adding A User

To Add New Users Just Use This Simple Command

[Root]# Useradd Hassan

To Give A Password To This User

[Root]# Passwd Hassan

If You Want To Assign A Particular Home Directory To The User You Can Do ThatUsing This Command.

[Root]# Useradd Hassan -D /Home/Hassan

Useradd –D

41.2 Deleting Users

As An Administrator, You Will Need To Delete Users As Well. People Leave And MoveOn To Other Things. They Come For Short Periods And Need Temporary Accounts.Accounts Need To Be Deleted When They Are No Longer Going To Be Used. This Is Of Maximum Importance From A Security Point Of View. We've All Heard Stories Of Disgruntled Former Employees Logging Back Into Their Accounts And Using TheSystem To Either Embarrass Their Former Employers By Playing Pranks Or To ActuallyTry To Do Serious Damage.

Again, As We Stated Before, Your Linux Distribution Choice May Have Tools To DoThis. Some Make This Easier By Also Deleting Users Home Directory (And All TheFiles!) Along With The Account. The Standard Tool That Comes With All Distributions,

However, Is Deluser It Is Simply Run Like This:


31




Where You Substitute The Wshakespeare With The Username You Wish To Delete.

42. Permissions

As You Already Know, Everything That Exists On A Linux Computer Is A File. As WeExplained In Previous Section, You Hardware Is Also Represented As A Series Of Files(An IDE Hard Drive Is /Dev/Hda, A Modem Might Be /Dev/Ttys1, For Example).Seeing That Everything Is A File, These Files Have To Have A Series Of PermissionsAssigned To Them. These Permissions Govern The Use Of And Access To A Given File.Specifically, They Determine Whether A File Can Be Read , Written (Ie, Modified,Deleted) Or, In The Case Of Binary Programs, Executed . These Permissions Have To BeStrictly Enforced Or You Could Do A Tremendous Amount Of Damage To A System.

As We Saw In The First Course, You Can See The Permission Information By Typing:

Ls-L To Do List

Let's Say You've Just Written A To-Do List With Your Favorite Text Editor . It's LikelyThat On A Normal System, You Will Have Created This File With What Are Known As'Easy' Permissions. The Output Of The Previous Command Would Look Like This:

Rw-R-R- 1 Bob Users 155 Mar 26 12:33 Todo_List

The First Set Of Permissions (Rw) Apply To The Owner Of The File, Bob. These Are Read And Write Permissions. The Group The File Belongs To, Users, Can Read , As We

See In The Second Set Of Permissions (R). The Third Set Refers To Others. This FileCan Be Read (R) By Anyone With Access To The System And Bob's Home Directory.

Let's Look At Another Example. Let's Say I Wanted To Create A Bash Shell Script ToBackup My Work In A Directory Called /Project. Ideally, I Could Run This As What'sKnown As A 'Cron' Job. I Would Then Make The Script Executable. If We Looked AtThe Permissions For This File, It Would Look Something Like This.

-Rwxr-R- 1 Bob Users 95 Mar 26 12:38 Backup_Work

As You Can See, There's An 'X' Added To The Set Of Permissions For The Owner Of

The File.

42.1 Assigning Permissions

So How Do You Give A File The Permissions You Want? Well, As A User, You AreRestricted To Giving Permissions To Only Those Files That You Own. As Root, YouCan Give Permissions To Any File On The System.

Let's Take The Two Aforementioned Files As Examples. First, If You Wanted Todo_ListTo Be Confidential, So To Speak, You Could Remove Read Permissions For Others.There Are Two Ways To Do This. Both Use The Command Chmod


32

http://www.linux.org/lessons/interm/c432.html












Chmod O-R Todo_List

Which Is The More Literal Way Of Doing It. As You Can See, We Have Set Others (O)Minus (-) Read (R) For The File.

We Can Also Use The Number Scheme. On A Linux System, Permissions Are Assigned Number Values. Read Permissions Are Assigned A Value Of 4, Write Permissions AValue Of 2 And Execute Permission A Value Of 1. Therefore, If I Wanted To DenyOthers Permission To Read My To-Do List, Then I Could Also Type.

Chmod 640 Todo_List

If You Used The -C Option, You Could Also Get A Brief Explanation Of What You Did.

Chmod -C 640 Todo_List

Mode Of `Todo_List' Changed To 0640 (Rw-R---)

First Of All, As You Can See In The Output, There Is A 0 Before The 640. This RefersTo Directory Permissions And Is Not Applicable Here. How Did We Get 640? Well,Read (4) + Write (2) For The Owner And Read (4) For The Group Plus No Permissions(0) For Others Equals 640.

Let's Look Again At The Other File To Backup Our Work. We Would Add ExecutePermissions For The Owner To It. One Way Is:

Chmod U+X Backup_Work

Which Literally Adds (U+X) Permission To Execute For The Owner. We Could AlsoUser Our Number System:

Chmod 744 Backup_Work

And Assign Execute Permissions For The Owner. That Is, Read (4) + Write (2) +Execute (1) Equals (7) Plus Read (4) For The Group And Read (4) For Others.

43. Samba Client Configuration And Use

Once You've Got Your Samba Server Up And Running, You Can Access It ViaMicrosoft Windows, Linux, And Other Operating Systems. This Section Shows YouHow To Do So And Also How To Use Your Samba Server To Create Backups Of Important Data Files On Client Systems.

43.1 Microsoft Windows Client

To Use A Shared Printer, Click On Start Settings Printers And Then Double Click OnAdd Printer. The Wizard Will Guide You Through The Setup Procedure. Simply Choose

The Network Printer Option And Then Browse To Select The Desired Printer. If You


33




Configured The Printer Share Without The Browseable Option, You Cannot Browse AndTherefore Must Type The Name Of The Printer Share. To Do So, Type TwoBackslashes, Followed By The Name Of Your Samba Server, Followed By A SingleBackslash, Followed By The Name Of The Printer Share. For Example, If You Want To

Access A Printer Share Named Lp On The Samba Server Known As SERVER, You'dType \\SERVER\Lp.

You Can Map A File Share To A Drive Letter By Using The Tools Map Network DriveMenu Item Of The Windows Explorer. Simply Select An Available Drive Letter AndType The Name Of The File Share, Which Consists Of Two Backslashes, Followed ByThe Name Of Your Samba Server, Followed By A Single Backslash, Followed By The

Name Of The File Share. For Example, If You Want To Access A File Share Named Db

On The Samba Server Known As SERVER, You'd Type \\SERVER\Db.

If You Have Difficulty Connecting To Your Samba Server, Follow The Procedure Given

In The Preceding Section On Troubleshooting.

43.2 Other Clients

Of Course, An SMB Client Is Available For Linux; You'll Learn About It In The NextSubsection. SMB Clients Are Also Available For Most Popular Operating Systems,Including IBM OS/2 And Mac OS. You Shouldn't Expect To Have Trouble GettingThem To Work With Samba. If Your Client Seems Not To Work, Simply Follow TheProcedure Given In The Troubleshooting Section.

44. FILE AND PRINTER SHARING

44.1 File Serving With NFS

The Nfs-Common Package Is Installed By Default. This Package Contains Files

Needed By Both NFS Servers And NFS Clients. To Set Up An NFS Server You Have ToInstall The Server Package With The Command:

Apt-Get Install Nfs-Kernel-Server

When The Package Is Finished Installing You'll See The Line:

Not Starting NFS Kernel Daemon: No Exports.

Installing This Package Creates The /Etc/Exports File. You Have To Enter At Least

One Line In The File For Each Directory That Is To Be "Exported" (Shared), SpecifyingWho Has Permission To Access It And What Those Levels Of Permission Are. If ThereAre No Lines In This File The NFS Server Will Not Start Because There Is Nothing ToExport.


34




As An Example Using Your NFS Server As A File Server Storing User Files, Suppose AUser With The Username 'Bgates' Uses A Workstation With The Hostname 'Woody5'

And You Want To Set Up The Server So They Can Store Their Files On It. You'd NeedTo Create A Home Directory For Them On The NFS Server And Then Enter A Line In

The /Etc/Exports File To Make It Available To Them.

/Home/Bgates Woody5(Rw,Sync)

Once You Enter One Or More Lines In This File You Have To Either Reboot TheSystem Or Manually Start The NFS Server With The Commands In The Order Listed:

/Etc/Init.D/Nfs-Common

/Etc/Init.D/Nfs-Kernel-Server

The /Etc/Exports File Follows The Format:

/Directory-To-Share Client(Permissions,Sync-Type)

Note That There Is No Space Between The Client And The Permissions/Sync Values.

The Client Can Be Specified Using One Of The Following:

• A Resolvable Host Name (I.E. There Is An Entry In The Server's /Etc/Hosts File For

The Client Or You Used Our DNS Page To Set Up A LAN DNS Server)

• The IP Address Of A Client

• A Network Or Subnet Address (With The Subnet Mask Provided) To Specify All TheClients On The Network Or Subnet

• An Internal Domain Name With The Wildcard Character * To Specify All The

Computers In The Domain (*.Yourdomain.Com)

The Three Most Common Permission Specifications (There Are Others) Can Be:

• Ro - Read Only (This Is The Default If None Is Specified)

• Rw - Read/Write

• No_Access - Blocks Inheritance


35

http://www.aboutdebian.com/dns.htm

http://www.aboutdebian.com/dns.htm




If You're Not Familiar With "Inheritance" It Just Means That If You Give Someone

Certain Permissions To A Directory, Those Same Permissions "Flow Down" To ApplyTo Any Subdirectories Under It. So If You Want To Give Someone Permissions To ADirectory, But Don't Want Them To Have Permissions To The Subdirectories, You'd

Have To Add Entries To The /Etc/Exports File For Each Subdirectory Specifying The

No_Access Permission.

The Sync-Type Can Either Be Sync Or Async And Sync Is Recommended As It

Flushes Writes To The Disk More Often. If You Omit This You Will Get Messages With

The NFS Server Starts That It's Defaulting To Sync Operation. If You Get A

"< Hostname> Has Non-Inet Address" When The NFS Server Starts It Usually Means

The Hostname You Specified In The /Etc/Exports File Isn't Resolvable (No Entry InThe /Etc/Hosts File).

For Example:

/Export/Docs 172.16.0.0/255.255.0.0(Ro,Sync)

Would Give All Users With Machines On The 172.16.0.0 Network Read-Only Access ToA Shared Documents Directory.

If You Have A Second Linux Or UNIX System On Your Network, You Can Use It To

Test Drive NFS. Do The Following On Your Debian Server:

Edit The /Etc/Exports File As Follows:

o Recall That During The Debian OS Installation You Created A User Account.

This User's Home Directory Is The One You Should Specify To Share.o Enter The Hostname Of Your Other Linux Or UNIX System For The Client.

o Specify Rw Permissions And Sync Operation.

o Exit The Editor Saving The File.

• If Necessary, Edit The /Etc/Hosts File On Your Debian Server So That It Contains The

Hostname And IP Address For Your Second Linux Or UNIX System.

• If Necessary, Start The NFS Server Processes By Entering The Following Commands InThe Order Shown:

/Etc/Init.D/Nfs-Common Start/Etc/Init.D/Nfs-Kernel-Server Start


36




(The Nfs-Common Script Is So Named Because It's Run On Both NFS Clients And

Servers.)

• Go To Your Second Linux Or UNIX System And Try And Mount The Shared DirectoryOn The Debian Server. The Steps To Do This Will Vary Depending On Which LinuxDistribution Or Flavor Of UNIX Is On The Second System. If Your "Second Linux Or UNIX System" Is Also A Debian System, Do The Following:

o Make Sure Your Debian Server (Which We're Assuming Is Named "Sarge") Is In

The Second System's /Etc/Hosts File

o Enter The Following Commands To Enable Client NFS, Create A Local "Mount

Point", And Mount The Remote Server's Share To The Local Mount Point:

/Etc/Init.D/Nfs-Common StartMkdir /Mnt/PrivateMount Sarge:/Home/Bgates /Mnt/Private

Naturally You Would Replace The Bgates With The Name Of The User Account You

Created On The Server During The OS Installation.

Note The Syntax Of The Mount Command Above. It's:

Mount Server-Name:/Path-To-Share-On-Server /Path-To-Local-MountPoint

As A Result, You Should Be Able To Access The Remote Shared Directory On TheServer By Going To It's Mount Point On The Local System Like So:

Cd /Mnt/Private

To Unmount The Share You Use The Local Mount Point Like So:

45. Setting Up A Linux Print Server

Note: Same Deal Here As With Modems, DON'T Use A "Win-Printer"! If You Printer Doesn't Support DOS Don't Use It With Linux. Also, The Utilities We'll Use In ThisProcedure Don't Support USB Printers (Yet).Setting Up Printing On A Linux System Is Actually One Of The More ComplicatedSetups You'll Encounter. It's Easier To Set Up A Linux System To Be A Web Server Than A Print Server. It's Not That Setting Up A Print Server Is Technically Complicated.You Just Have To Install A Few Packages And Run Through Some Configurations. ToMake Matters Worse, Each Flavor Of Linux And UNIX Have Their Own Set Of UtilitiesFor Doing The Job. Debian Uses Apsfilter Which We'll Cover Here. The Steps BelowAre Also Necessary If You Simply Want To Set Up A Local Printer For Use On Your

System.


37




The Daemon That Handles Sending Print Jobs To A Printer Is Called Lpd And It Starts

Automatically When You Boot Your System. You Should See It If You List RunningProcesses:

Because It's Running You Can Print Text Files To Your Printer With A SimpleCommand. However, It's Unlikely It'll Print Correctly. For That You'll Need To Do A

Little Setting Up. If You Want To See What I'm Talking About, Connect Your Printer ToYour PC, Turn It On, Load In The Paper, And Copy The Motd Text File To The Printer

Using The Following Command:

Lpr /Etc/Motd

Lpr Is Kind Of A Client For The Lpd Server Daemon. If Your Printer Prints The FileOK, And All You're Ever Going To Print Are Text Files, You Don't Really Need To DoAnything Else. On A Lot Of Printers (Including Most HP Models) The File Will PrintBut There'll Just Be One Long Line Running Off The Right Side Of The Single SheetPaper. That's Because The Printer Didn't Interpret Any Carriage Returns.

If Nothing At All Prints Or You Get The Error:

Lp: Driver Loaded But No Devices Found

Try Going Into Your Systems BIOS' Peripheral Configuration And Take The ParallelPort Out Of AUTO Mode So That It's Set To The 378h Base I/O Address And IRQ 7. AsMentioned On The Modems Page, You'll Want To Do This For The Serial Ports Also.

If Your Printer Printed But Didn't Print The File Correctly You've Got Some Work To

Do. When Linux/UNIX Prints To Anything Other Than A Simple Dot-Matrix Printer It


38

http://www.aboutdebian.com/modems.htm

http://www.aboutdebian.com/modems.htm




Sends The Print Stream In Postscript. Most Lower-End Printers Don't Support Postscript.But As Most Other Things With Linux, Free Software To The Rescue! We Can Install AFree Package Called Ghostscript That Will Translate The Postscript To A Language Our Lower-End Lasers And Inkjets Can Understand.

Before We Get Into The Printer Setup, Lets Look At How This Printing Thing Works.For Matters Of Simplicity, We'll Look At An Example Of A Single Printer Connected

"Locally" (To The Printer Port). Since Most Pcs Only Have One Hardware Printer Port,This Is The Most Common Configuration.

Here's An Overview Of The Setup:

• You Connect Printers To Physical Ports On Your PC.

• You Can Define As Many Logical Printers As You Want By Creating A Print Queue

For Each Logical Printer. A Queue Is Nothing More Than A Directory On The Hard-Drive. Print Jobs Are Stored In These Directories Before Being Sent To A PhysicalPrinter. This Is Called "Spooling".

• You Use The /Etc/Printcap Configuration File To Tie A Physical Port To A Print

Queue (A Logical Printer). You'll See An Example Of This In A Minute. Since You'dTypically Only Specify Physical Ports That Have Printers Attached To Them, InEffect You Assign A Logical Printer To A Physical Printer.

As Mentioned, Most Pcs Only Have One Printer Port, But They Can Have Up To Three.Here's A DOS/Linux Comparison Of The Three Physical Port Designations. As WithSerial Ports, DOS Started The Numbering Scheme With 1 And Linux Starts With 0.

46. Security Modes

Samba Can Be Configured To Run In Five Different Ways, Commonly Known AsSecurity Modes:

• User Level – Local Authentication• Share Level – Password Protected Folder • Domain – Pass Through Authentication• ADS – Active Directory Member Server • Server Security – "Fake" User Security


39




46.1 User Level Security

User Level Security Is The Default Security Setting For Samba And Is The Easiest ToConfigure And Use.

It Uses Local Usernames And Passwords For Authentication And Relies On Local FilePermissions For Access Control. Although Local Usernames Are Identical To TheSystem Usernames, Samba Requires Its Own Password Database And Samba Passwords

Must Be Set With Smbpasswd. Once They Have Been Initially Set, Samba Can BeConfigured To Change Keep Its Passwords Synchronized With The System PasswordDatabase. The Encrypted Passwords Are Stored In The /Etc/Samba/Smbpasswd File.

To Configure User Level Security, Set Security = User In The Smb.Conf File.


40




46.2 Share Level Security

Share Level Security Is Equivalent To A Password Protected Directory And ClientsConnecting Under Share Level Security Send Only A Password To The Server. As NoUsername Is Involved, There Are No Complex Permissions Involved Either. If You HaveThe Correct Password, You Are Granted Access To The Share; If Not, You Are DeniedAccess.

This Level Of Security Was Developed For Compatibility With Older Versions Of Windows And It Doesn’t Work Well With More Recent Versions. The Samba

Developers Strongly Discourage The Use Of Share Level Security.

To Configure Share Level Security, Set Security = Share.

46.3 Domain Security Mode

Domain Security Mode Can Be Thought Of As User Level Security With PasswordAuthentication Pass Through. The Samba Server Acts As A Pre-Windows 2000 DomainMember Server (No Kerberos) And Passes Password Validation Requests Through To A

Domain Controller.

Local Account Usernames Must Correspond To Domain Usernames And Local FilePermissions Are Applied By Samba.

To Configure Domain Level Security, Set Security = Domain. You Will Also Need ToConfigure A Domain Controller In Your Smb.Conf File And Join The Domain UsingThe Command Net Rpc Join -U [Administrator]%[Password].


41




46.4 ADS Security Mode

ADS Security Mode Allows Your Samba Server To Join A Windows 2000/2003 ActiveDirectory As A Native Member Server Using Kerberos Authentication. This Allows TrueSingle-Sign-On Access To Resources For Windows Client Users.

ADS Security Has Two Different Levels Of Active Directory Authentication. TheSimplest Is Using Local Accounts And Active Directory Passwords While The MoreComplex Involves Using Both Active Directory Usernames And Passwords.

The Former Mode Requires Each Samba User To Have A Entry In The /Etc/Passwd File

And Uses This To Keep Track Of File Permissions. It’s Easy To Configure And SetupBut For Servers With Large Numbers Of Users It Can Be Rather Limiting To Have ToManually Create Every User.

The Latter Mode Uses Winbind To Allow Samba To Keep Track Of File Permissions For Active Directory Users Who Do Not Have Entries In The System Password File. It Is ALittle More Complex To Configure But Allows The Samba Server To Act More Like ATrue Windows File Server.

To Configure ADS Security Mode, Set Security = Ads And Realm = [Your KerberosRealm]. You Will Also Need To Join Your Active Directory Domain Using The Net Ads

Join Command – See Below For More Details.


42




46.5.Server Security

Server Security Mode Is An Artifact From When Samba Was Unable To Act As ADomain Member Server. The Samba Team Strongly Recommend Not To Use This

Security Mode.

When Operating The Server Security Mode, The Samba Server Reports To The ClientThat It Is In User Level Security Mode. Once The Client Connects, The Samba Server Validates The Username And Password Against The Configured Password Server. If That Server Is Running In User Level Security Mode And It Accepts The Password,Then Samba Allows The Client Connection Request.

46.6 NT Domain Controller

Samba Is Capable Of Acting As An NT4 Style Primary Domain Controller (PDC) Or Backup Domain Controller (BDC) (But Only To A Samba PDC, Not A Windows PDC)And Can Operate With An LDAP-Based Account Backend. The LDAP Backend AllowsFor A High Level Of Scaleability And Can Be An Effective Enterprise Solution For Large Organisations. Samba Can Also Use Either A Mysql Or And XML Backend,Though These Don’t Provide The Same Level Of Scaleability As LDAP.

The Windows User Manager Can Be Used To Add And Modify Users And SambaDomains Are Capable Of Forming Trust Relationships With Windows Domains.

If You Are Still Using Windows NT4 Server, Be Aware That It Has Reached Its End-Of-

Life With Microsoft And ITAAG Has Endorsed A Recommendation That NT4 ServersBe Removed From The University Network. Existing NT4-Style Domains Be ShouldEither Be Migrated To The University-Wide Active Directory Or To Samba Stand-AloneDomains.

46.7 Winbind

The Winbind Daemon Can Be Started With Service Winbind Start. Winbind Allows On-The-Fly Mapping Of Active Directory Accounts To A Linux Server. It Was DevelopedBy The Samba Developers But It Can Be Used For Authentication For Almost EveryService On A Linux Server Including SSH And Console Logins.

Once You Have Started Winbind, Typing Wbinfo -U And Wbinfo -G Should Produce AList Of Local And Active Directory Users And Groups Respectively.

Ton Configure Your Server To Use Winbind For Authentcation, You Need To EditThe /Etc/Pam.D/Nsswitch So That It Contains The Lines:

Passwd Files WinbindShadow Files WinbindGroups Files Wind


43




47. System Policies and Profiles

Much of the information necessary to implement System Policies and Roving User Profiles in a Samba domain is the same as that for implementing these same items in aWindows NT 4.0 domain. You should read the white paper Implementing Profiles andPolicies in Windows NT 4.0 available from Microsoft

To create or edit ntconfig.pol you must use the NT Server Policy Editor, poledit.exe

which is included with NT Server but not NT Workstation. There is a Policy Editor on a NTws but it is not suitable for creating Domain Policies. Further, although the Windows95 Policy Editor can be installed on an NT Workstation/Server, it will not work with NT

policies because the registry key that are set by the policy templates. However, the files

from the NT Server will run happily enough on an NTws. You need poledit.exe,common.adm and winnt.adm. It is convenient to put the two *.adm files in c:\winnt\inf

which is where the binary will look for them unless told otherwise. Note also that thatdirectory is 'hidden'.

Install the group policy handler for Win9x to pick up group policies. Look on the Win98CD in \tools\reskit\netadmin\poledit . Install group policies on a Win9x client by

double-clicking grouppol.inf. Log off and on again a couple of times and see if Win98

picks up group policies. Unfortunately this needs to be done on every Win9x machinethat uses group policies....

If group policies don't work one reports suggests getting the updated (read: working)grouppol.dll for Windows 9x. The group list is grabbed from /etc/group.

How do I get 'User Manager' and 'Server Manager'

Since I don't need to buy an NT Server CD now, how do I get the 'User Manager for Domains', the 'Server Manager'?

Microsoft distributes a version of these tools called nexus for installation on Windows 95systems. The tools set includes

o Server Manager

o User Manager for Domains

o Event Viewer


44

http://www.microsoft.com/ntserver/management/deployment/planguide/prof_policies.asp







48. Common Problems and Errors

A 'machine name' in (typically) /etc/passwd of the machine name with a '$' appended.

FreeBSD (and other BSD systems?) won't create a user with a '$' in their name.

The problem is only in the program used to make the entry, once made, it works perfectly. So create a user without the '$' and use vipw to edit the entry, adding the '$'. Or create the whole entry with vipw if you like, make sure you use a unique User ID !

C:\WINNT\> net use * /d

Further, if the machine is a already a 'member of a workgroup' that is the same name asthe domain you are joining (bad idea) you will get this message. Change the workgroupname to something else, it does not matter what, reboot, and try again.

I joined the domain successfully but after upgrading to a newer version of the Sambacode I get the message, "The system can not log you on (C000019B), Please try a gain or consult your system administrator" when attempting to logon.

This occurs when the domain SID stored in private/WORKGROUP.SID is changed. For

example, you remove the file and smbd automatically creates a new one. Or you are

swapping back and forth between versions 2.0.7, TNG and the HEAD branch code (notrecommended). The only way to correct the problem is to restore the original domain SIDor remove the domain client from the domain and rejoin.

The machine trust account for this computer either does not exist or is not accessible.

When I try to join the domain I get the message "The machine account for this computer either does not exist or is not accessible". What's wrong?

This problem is caused by the PDC not having a suitable machine trust account. If youare using the add user script method to create accounts then this would indicate that it

has not worked. Ensure the domain admin user system is working.


45




Alternatively if you are creating account entries manually then they have not been createdcorrectly. Make sure that you have the entry correct for the machine trust account insmbpasswd file on the Samba PDC. If you added the account using an editor rather thanusing the smbpasswd utility, make sure that the account name is the machine NetBIOS

name with a '$' appended to it ( i.e. computer_name$ ). There must be an entry in both/etc/passwd and the smbpasswd file. Some people have reported that inconsistent subnetmasks between the Samba server and the NT client have caused this problem. Make surethat these are consistent for both client and server.

When I attempt to login to a Samba Domain from a NT4/W2K workstation, I get amessage about my account being disabled.

This problem is caused by a PAM related bug in Samba 2.2.0. This bug is fixed in 2.2.1.Other symptoms could be unaccessible shares on NT/W2K member servers in thedomain or the following error in your smbd.log: passdb/pampass.c:pam_account(268)

PAM: UNKNOWN ERROR for User: %user%

At first be ensure to enable the useraccounts with smbpasswd -e %user%, this isnormally done, when you create an account.