Citrix NetScaler: A Powerful Defense against Denial of Service Attacks

This WHITE PAPER looks into how the Citrix NetScaler Application Delivery Controller (ADC) provides a robust yet highly affordable foundation for an organization's DoS defenses.

GET YOUR FREE COPY TODAY!!

Wednesday, 14 January 2015

Quick Start: Setup CentOS 7 as a SAMBA Server

Quick Start: Setup CentOS 7 as a SAMBA Server

In this tutorial, I'm going to show you simple steps using which you can setup your own SAMBA Server on a CentOS 7 system.


SAMBA is an open source software that provides file and print services to various SMB/CIFS clients. It allows users to share files, folders, and printers between Linux server and Windows clients. 


Prerequisites
CentOS 7 Minimal ISO
Make sure your system has a static IP address assigned to it and a fully qualified domain name.

Samba System Details:
Base OS:        CentOS 7 64 Bit (Minimal ISO)
HOSTNAME:  master.cloud.com
IPADDRESS: 192.168.0.15


Client System Details:
Base OS:        Ubuntu 14.04 64 Bit
HOSTNAME:  client1.cloud.com
IPADDRESS: 192.168.0.101


Steps:

Install the samba packages


# yum install samba*




Next, create a directory which will be shared across the network. In this case, I'm creating a directory /network/share. Here, the directory "share" will appear as a shared folder on the network

# mkdir -p /network/share

# chmod -R 0777 /network/share/




Edit the samba configuration file and make the following changes to it:

# vi /etc/samba/smb.conf




# Add the following lines under [global] section 
unix charset = UTF-8 d
os charset = CP932



# Change the to windows default "WORKGROUP"
workgroup = WORKGROUP 

# Un-comment and set the IP Range for localhost and your network
hosts allow = 127. 192.168.0.
# Un-comment max protocol
max protocol = SMB2



# Un-comment, and change the value of security field to "user"
security = user 

# Add the following line 
map to guest = Bad User



# At the end of the file, add the details for your network shared folder. In my case, the name of the folder is [share] and it is located at /network/share directory

[share] 
path = /network/share 
writable = yes 
browsable = yes 
guest ok = yes 
guest only = yes 
create mode = 0777 
directory mode = 0777

Save the file and quit the editor once the changes are done.



Start and enable the samba services

# systemctl start smb 
# systemctl start nmb 
# systemctl enable smb 
# systemctl enable nmb




Test whether your samba share has been successfully configured or not by using the "testparm" command as shown

# testparm

Pres the enter key to see a detailed description of the shared services




You should see something similar to the screenshot below. A summary of your [global], [homes], [printers] and shared folder [share] displayed.




Add the following rules and reload the firewall:

# firewall-cmd --permanent --add-port=137/tcp 
# firewall-cmd --permanent --add-port=138/tcp 
# firewall-cmd --permanent --add-port=139/tcp 
# firewall-cmd --permanent --add-port=445/tcp 
# firewall-cmd --permanent --add-port=901/tcp

# firewall-cmd --reload





Testing the setup
Here, I'll be testing the samba shared folder on a Ubuntu Client. This Ubuntu machine is on the same network as the Samba Server.

NOTE: You can test the samba connectivity using a Linux or a Windows machine as well. The steps remain the same more or less ;)

Select the "Connect to Server" option. In the dialog box, provide the samba server's IP address as shown and click "Connect":

smb://<SAMBA_SRVR_IP_ADDRESS>




You should see the "share" directory as shown below. To further test this directory, go ahead and create a temporary folder in it.



Here, I create a temp directory called "TestFolder" within the "share" directory



If you check in your samba server, you should see the "TestFolder" is automatically created under the /network/share directory as shown below.





Securing Samba shared folders
The example above create a less secure shared folder that is accessible by anyone on the network. If you wish to make your shared folder a bit more secure, you can provide user credentials for accessing it as well.

Follow these simple steps to create a secure shared folder:

# Add a user for accessing samba shared folder
# useradd -s /sbin/nologin testuser

# Create a group for samba users
# groupadd smbgroup

# Add the user to the samba group
# usermod -a -G smbgroup testuser

# Set the password for your samba user
# smbpasswd -a testuser




Now, create another directory (secure_share) within the /network folder. This new directory will have secured access only to the samba user that we created in the earlier steps.

# cd /network

# mkdir secure_share

# chmod -R 0755 secure_share

# chown -R testuser:smbgroup secure_share




Add the new folder's description in the samba configuration file as performed in the earlier steps:

# vi /etc/samba/smb.conf


[secure_share
path = /network/secure_share 
writable = yes 
browsable = yes 
guest ok = no 
valid users - @smbgroup

Save and exit the editor once the changes are made



Run the "testparm" command once again. You should see the newly added secured folder's description as shown below:

# testparm




Test the secured folder by adding it to your client machine. This time, when you try to access the folder, it will prompt you to enter a "username", "domain" and "password". Provide the details as required and hit "connect" when done.




You should have access to your secured folder now. To further test the folder, create a temp directory (SecureFolder) in it.




You can check the validity of the new folder creation by logging on the samba server and verifying whether the new folder was created or not.

NOTE: The new folder is created and owned by the "testuser" that we created and assigned earlier.




That's it for now, bust stay tuned for much more coming your way soon!


Cheers!!