CIS 192 Linux Lab Exercise

richnessokahumpkaΔιακομιστές

9 Δεκ 2013 (πριν από 3 χρόνια και 10 μήνες)

165 εμφανίσεις



CIS 192

Linux Lab Exercise

Lab
8
:
Samba

Spring 2009


Lab
8
:
Samba


The purpose of this lab is to share files among Windows and Linux hosts on a common
network. The goal is to browse directories on the Linux servers from a Windows machine.
This will b
e accomplished using
William and Legolas

as clients, and Elrond as the Samba
Server.




.1
XX

is based on your station
number and the IP Table in the A
ppendix

N
=1 for the classroom and
N
=4 for the CIS lab or CTC


Supplies




VMWare Server 1.0
8

or higher



192
VMs:
William (Win XP),
Elrond

(CentOS)
,
and
Legolas

(Cent
OS
)



Virtual networks: VMnet3


Preconfiguration




Original versions of

all VMs
.



If you plan to do this lab at home see
:

http://
simms
-
teach.com/howtos/129
-
working
-
at
-
home.pdf


Forum


Use the forum to ask for help, post tips and any lessons learned when you have finished.

Forum is at:
http://simms
-
teach.com/forum/viewfo
rum.php?f=18


Background


Samba is an implementation of Windows file and print services for Linux

allow
ing

the
sharing of files and printers between Windows and Linux. Samba’s name is based on
the
protocol
used by the Microsoft Windows network file syste
m
, SMB (Server Message Block).


On the Linux Samba server, the firewall will need to be configured so other systems can
access the shared directories.
Samba uses ports 137, 138, 139 and 445 so these ports will
need to be opened
.



There are several place
s where permissions will be to be configured. The normal UNIX file
permissions need to be set (with chmod)
. Additional access controls can be defined in the
Samba configuration file for each share. And i
f
SELinux
is set to enforcing mode, then
shared fi
les must be labeled with extended attributes to comply with the SELinux policy.


The commands we will be using for this lab are:



mount, umount



smbclient



smb



testparm


The configuration of the smb.conf files will require root access; the browsing of direct
ories
may be performed by a regular user.



Procedure


Setup

1.

Revert
Willi
am,
Legolas and Elrond to their snapshots.

2.

Configure Elrond and Legolas
interfaces
as shown in the diagram above
:

a.

Configure

permanent IP addresses

b.

Configure default routes (Elrond
-
>
Nosmo, Legolas
-
> Elrond)

c.

Configure DNS server (use 207.62.187.54)

d.

Configure
Elrond
to forward packets

e.

Modify Elrond’s firewall to not filter forwarded packets:

i.

iptables
-
D FORWARD 1


3.

Configure

William
to use DHCP
.

4.

Configure a static route on William to
the Rivendell network.
To do this bring up a
command line (Start > Run > “cmd”) then:







route add 192.168.2.0 mask 255.255.255.0 172.30.
N
.1
XX





route PRINT

5.

Determine IP address assigned to William using
ipconfig /all

from the command
line.

6.

Add entr
ies

to the /etc/h
osts file on Elrond for William and Legolas

7.

Add entries to the /etc/hosts file on Legolas for William and Elrond

8.

Add entr
ies

to
C:
\
WINDOWS
\
system32
\
drivers
\
etc
\
hosts on William for Elrond

and
Legolas
.

9.

Verify you can ping by name all system
s from any system.

10.

Verify Elrond

and Legolas

can ping an internet host, e.g. google.com.


Part 1


Samba client software on Elrond will be used to access file shares on William, the Windows
XP system. The smbclient command will be used to list shares and

retrieve files. The
mount command will be used to mount a remote Windows file share on the local Linux file
tree.


1.

O
n William, the Windows XP system on the Shire network
,

a.

L
ogin as cis192.

b.

E
xamine the
contents and permissions of the
folders, depot and
depot192, off the
C:
\

drive.

c.

To view permissions, right click on a folder, select Properties, Sharing tab,
Permissions button


d.

Verify the permissions on the
depot share
are

Everyone: Read
.

e.

Verify the permissions on the
depot192
share

are

cis191
:
none

an
d
cis192: Full
C
ontrol
, Change, Read
.



f.

To monitor access to shares right click on My Computer icon (labeled William)
and select Manage to run the MMC (MS Management Console). In the MMC left
panel, expand (click on the +) Shared Folders.
Then
click on S
hares, Sessions or
Open Files to
view share status
.

g.

Keep the MMC window open and monitor it as you connect to shares from Elrond

2.

O
n Elrond,

the CentOS Linux system
,

a.

Login as
root

b.

u
se
rpm

qa | grep samba

and check that the samba
-
client and samba
-
common pac
kages have been installed.

c.

List
the
public shares on William with:







smbclient
-
L
william








Just hit Enter when prompted for a password.

d.

Mount the
depot
share
:









mount //william/depot /mnt








Just hit enter when promp
ted for

a password which is not needed.

i.

Use
more

command to view files on share
.

ii.

On William, use the MMC to view share status. It may be necessary to
click the little refresh icon under View to get current information.

iii.

Use
umount /mnt
to
close the session
.

e.

Tr
y to mount
the depot
192

share
as user cis19
1

using:





mount
-
o username=cis19
1

//william/depot
192

/mnt




(enter the correct password)

i.

This should fail given the user cis191 has no access permissions

f.

Now mount th
e depot192 share as user cis192 us
ing:



mount
-
o username=cis192 //william/depot
192

/mnt




(enter the correct password)

i.

Verify you can read
the files in the share

ii.

Verify you can add new files to the share

iii.

Use
umount /mnt

to close the session

g.


The smbclient command can also be used in an ftp
-
li
ke
manner

to transfer files.
Use the following to start a session and copy some files:





smbclient
-
U cis192 //william/depot192






Type the following commands at the smb:
\
> prompt:

i.

help

ii.

ls

iii.

dir

iv.

mget *.txt

v.

quit



Part
2


Install and configure Elrond as

a Samba server
. The configuration will include
making

shares, poking holes in the firewall and allowing files to be
accessed

under the default
SELinux policy.

The shares will be accessed from

the

Windows PC (William)
.


1.

Install
the server portion of
Samb
a on Elrond

yum install samba

2.

Verify that samba has been installed:








rpm
-
qa samba | grep samba








What version of samba are you running?

3.

Make
two

director
ies

to be shared:

a.

echo "We can do anything we want if we stick to it long enough."
-

Helen

Keller > /tmp/hk.txt

b.

cd /var

c.

mkdir
-
p shares/depot shares/depot192

d.

cd shares

e.

cp /tmp/hk.txt depot/

f.

cp /tmp/hk.txt depot192/

g.

chmod 755 *

h.

chown
-
R cis192:users *

4.

Add a cis191 user:

a.

useradd

c “CIS 191”

g users cis191

5.

Add passwords to the Samba passwor
d database

a.

smbpasswd

a cis191

b.

smbpasswd

a cis192

6.

Edit
/etc/samba
/
smb.conf file using your favorite editor.


a.

I
n the Globals section,

make the following changes:

i.

workgroup = WORKGROUP

ii.

server string =
Cool Samba Server


b.

Comment out th
e
[homes]
and

[printers
]
share
s

at the end of smb.conf

c.

Add

to the bottom of the smb.conf file
the
following share
s
:


[depot]


comment = Public files on Elrond


path = /var/shares/depot


read only = yes


guest ok = yes



[depot192]



comment = CIS 192 files on Elrond


path = /var/shares/depot192


valid

user
s

= cis192


read only = yes


guest ok = yes

d.

Save and exit the file.

7.

Run the

testparm

command to verify and test the syntax of the smb.conf file. Ensure
that no errors are displayed with reference to the file. (Ignore any error messages
regarding long share names.) Press Enter to display the dump of the shares, when
prompted by the testparm command.

8.

You must now start the smb service:









service smb
start










You should see two daemons successfully start: smb and nmb

9.

On Willliam, view workgroup computers by:

a.

Open My Network Places (desktop icon)

b.

Click View workgroup computers on left panel

c.

You should now see a Cool Samba Server (Elrond) icon

d.

Try

and open it

… it will

fail with

an
access
error message.

Why?

10.

On Elron
d, open up the firewall for file sharing


(ports
137/udp
,
138/udp
,
139/tcp
, and
445/tcp
)
:

Option I (Use GUI based Security Level and Firewall Tool)

a.

startx

b.

Syste
m

> Administration >
Secu
rity Level and Firewall

c.

Check Samba and click Apply then OK buttons

or Option II (
i
nsert iptables rules)

iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p udp
-
m state
--
state NEW
-
m udp
--
dport 137
-
j ACCEPT

iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p udp
-
m state
--
state
NEW
-
m udp
--
dport 138
-
j ACCEPT

iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p tcp
-
m state
--
state NEW
-
m tcp
--
dport 139
-
j ACCEPT

iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p tcp
-
m state
--
state NEW
-
m tcp
--
dport 445
-
j ACCEPT

11.

On William, see if you can now open the

Cool Samba Server (Elrond) icon.

a.

It should succeed and display the
depot share and Printers and Faxes share.

b.

T
ry to open
the
depot
share
… it will fail with an access error message. Why?

12.

On Elrond, show then change the SELinux context for /depot from de
fault_t to
samba_share_t:

a.

cd /var/shares

b.

ls

lRZ

c.

chcon
-
R
-
t samba_share_t *

d.

ls

l
R
Z

13.

On William, you should now be able to open the depot share and view the hk.txt file.

Congratulations … you have just made your first Samba server!


14.

If your need to
close connections on William use:

a.

net use * /delete

15.

Close the windows you opened on William to access the Samba server and lets look at
quicker way to access the same share:

a.

Start > Run

b.

Type
//elrond/depot

c.

Click
OK

button




Part 3


Access the Samba shar
es on Elrond from another Linux system (Legolas)


1.

On Legolas:

a.

Use
smbclient
-
L elrond

to see shares on Elrond (don’t enter a password, just hit
Enter)

b.

Now try
smbclient
-
L elrond
-
U cis192%

(should not get prompted for a password
now)

c.

Now mount the
depot1
92

share as
user cis192

using:

i.

mount
-
o username=cis192 //elrond/depot192 /mnt

ii.

Enter the correct password

iii.

Verify you can read the files in the share

iv.

Use
umount /mnt

to close the session

d.

The smbclient command can also be used in an ftp
-
like manner to trans
fer files. Use
the following to start a session and copy some files:





smbclient
-
U cis192 //elrond/depot192






Type the following commands at the smb:
\
> prompt:

i.

help

ii.

ls

iii.

dir

iv.

mget *.txt

v.

quit



To turn in


Your
lab0
8

text

file should contain the follow
ing sections.





Standard
boilerplate information:



CIS 192 Lab
XX



Name



Date



TBA hours
:
X.X




Station number: CIS
-
Lab
-
XX




Elrond
’s

smb.conf file



Elrond’s

smbclient
-
L
w
illiam

output



Elrond’s

cat /etc/sysconfig/iptables

output

to show samba ports open



Elron
d’s

ls
-
lRZ /var/shares

output

to show SELinux Samba contexts



L
egolas


smbclient
-
U CIS192 //elrond/depot192

and

ls

subcommand

output



Example command summary


The command summary should be a concise set of documented examples that can be used
as a resource

for repeated operations in future labs.


Check your work for completeness then submit as many times as you wish up until the due
date deadline. Remember,
late work is not accepted
, so start early, plan ahead for
things to go wrong and use the forum to as
k questions.



[p]scp lab08 cis192@opus.cabrillo.edu:lab08.
lastname


Grading rubric (30 points)


4

points for correct submittal, professional appearance and quality

5 points for Elrond’s smb.conf file

4 points for Elrond’s smbclient
-
L william output

4 poi
nts for Elrond’s cat /etc/sysconfig/iptables output

4 points for Elrond’s ls
-
lRZ /var/shares output

4 points for Legolas’ smbclient
-
U CIS192 //elrond/depot192 and ls subcommand output

5

points for complete and concise command summary



Appendix
-

Static
IP address table by station number:


Station

IP

Static 1

Static 2

CIS
-
Lab
-
01

172.30.4.101

172.30.4.121

172.30.4.122

CIS
-
Lab
-
02

172.30.4.102

172.30.4.123

172.30.4.124

CIS
-
Lab
-
03

172.30.4.103

172.30.4.125

172.30.4.126

CIS
-
Lab
-
04

172.30.4.
104

172.30.4.127

172.30.4.128

CIS
-
Lab
-
05

172.30.4.105

172.30.4.129

172.30.4.130

CIS
-
Lab
-
06

172.30.4.106

172.30.4.131

172.30.4.132

CIS
-
Lab
-
07

172.30.4.107

172.30.4.133

172.30.4.134

CIS
-
Lab
-
08

172.30.4.108

172.30.4.135

172.30.4.136

CIS
-
L
ab
-
09

172.30.4.109

172.30.4.137

172.30.4.138

CIS
-
Lab
-
10

172.30.4.110

172.30.4.139

172.30.4.140

CIS
-
Lab
-
11

172.30.4.111

172.30.4.141

172.30.4.142

CIS
-
Lab
-
12

172.30.4.112

172.30.4.143

172.30.4.144

Pod 1


172.30.4.113

172.30.4.145

Pod 2


172.30.4.114

172.30.4.146

Pod 3


172.30.4.115

172.30.4.147

Pod 4


172.30.4.116

172.30.4.148




If you are working at home and using the Nosmo VM, then set Elrond’s IP address to
172.30.4.107

Submittal


[root@elrond ~]#
cat /etc/samba/smb.conf

# This is the

main Samba configuration file. You should read the

# smb.conf(5) manual page in order to understand the options listed

# here. Samba has a huge number of configurable options (perhaps too

# many!) most of which are not shown in this example

#

# For a step

to step guide on installing, configuring and using samba,

# read the Samba
-
HOWTO
-
Collection. This may be obtained from:

# http://www.samba.org/samba/docs/Samba
-
HOWTO
-
Collection.pdf

#

# Many working examples of smb.conf files can be found in the

# Samba
-
G
uide which is generated daily and can be downloaded from:

# http://www.samba.org/samba/docs/Samba
-
Guide.pdf

#

# Any line which starts with a ; (semi
-
colon) or a # (hash)

# is a comment and is ignored. In this example we will use a #

# for commentry and a
; for parts of the config file that you

# may wish to enable

#

# NOTE: Whenever you modify this file you should run the command "testparm"

# to check that you have not made any basic syntactic errors.

#

#
---------------

# SELINUX NOTES:

#

# If you want to
use the useradd/groupadd family of binaries please run:

# setsebool
-
P samba_domain_controller on

#

# If you want to share home directories via samba please run:

# setsebool
-
P samba_enable_home_dirs on

#

# If you create a new directory you want to share y
ou should mark it as

# "samba
-
share_t" so that selinux will let you write into it.

# Make sure not to do that on system directories as they may already have

# been marked with othe SELinux labels.

#

# Use ls
-
ldZ /path to see which context a directory has

#

# Set labels only on directories you created!

# To set a label use the following: chcon
-
t samba_share_t /path

#

# If you need to share a system created directory you can use one of the

# following (read
-
only/read
-
write):

# setsebool
-
P samba_export_all_
ro on

# or

# setsebool
-
P samba_export_all_rw on

#

# If you want to run scripts (preexec/root prexec/print command/...) please

# put them into the /var/lib/samba/scripts directory so that smbd will be

# allowed to run them.

# Make sure you COPY them and no
t MOVE them so that the right SELinux context

# is applied, to check all is ok use restorecon
-
R
-
v /var/lib/samba/scripts

#

#
--------------

#

#======================= Global Settings
=====================================


[global]


#
---------------------
--

Network Related Options
-------------------------

#

# workgroup = NT
-
Domain
-
Name or Workgroup
-
Name, eg: MIDEARTH

#

# server string is the equivalent of the NT Description field

#

# netbios name can be used to specify a server name not tied to the hostna
me

#

# Interfaces lets you configure Samba to use multiple interfaces

# If you have multiple network interfaces then you can list the ones

# you want to listen on (never omit localhost)

#

# Hosts Allow/Hosts Deny lets you restrict who can connect, and you
can

# specifiy it as a per share option as well

#


workgroup = WORKGROUP


server string = Cool Samba Server


; netbios name = MYSERVER


; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24

; hosts allow = 127. 192.168.12.
192.168.13.


#
---------------------------

Logging Options
-----------------------------

#

# Log File let you specify where to put logs and how to split them up.

#

# Max Log Size let you specify the max size log files should reach



# logs split per

machine

; log file = /var/log/samba/%m.log


# max 50KB per log file, then rotate

; max log size = 50


#
-----------------------

Standalone Server Options
------------------------

#

# Security can be set to user, share(deprecated) or ser
ver(deprecated)

#

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.



security = user

; security = s
hare


passdb backend = tdbsam



#
-----------------------

Domain Members Options
------------------------

#

# Security must be set to domain or ads

#

# Use the realm option only with security = ads

# Specifies the Active Directory realm the host is
part of

#

# Backend to store user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

#

# Use password server option only with security = s
erver or if you can't

# use the DNS to locate Domain Controllers

# The argument list may include:

# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]

# or to auto
-
locate the domain controller/s

# password server = *



; security = do
main

; passdb backend = tdbsam

; realm = MY_REALM


; password server = <NT
-
Server
-
Name>


#
-----------------------

Domain Controller Options
------------------------

#

# Security must be set to user for domain controllers

#

# Backend to s
tore user information in. New installations should

# use either tdbsam or ldapsam. smbpasswd is available for backwards

# compatibility. tdbsam requires no further configuration.

#

# Domain Master specifies Samba to be the Domain Master Browser. This

# all
ows Samba to collate browse lists between subnets. Don't use this

# if you already have a Windows NT domain controller doing this job

#

# Domain Logons let Samba be a domain logon server for Windows workstations.

#

# Logon Scrpit let yuou specify a script
to be run at login time on the
client

# You need to provide it in a share called NETLOGON

#

# Logon Path let you specify where user profiles are stored (UNC path)

#

# Various scripts can be used on a domain controller or stand
-
alone

# machine to add or del
ete corresponding unix accounts

#

; security = user

; passdb backend = tdbsam


; domain master = yes

; domain logons = yes



# the login script name depends on the machine name

; logon script = %m.bat


# the logi
n script name depends on the unix user used

; logon script = %u.bat

; logon path =
\
\
%L
\
Profiles
\
%u


# disables profiles support by specifing an empty path

; logon path =


; add user script = /usr/sbin/useradd "%u"
-
n
-
g user
s

; add group script = /usr/sbin/groupadd "%g"

; add machine script = /usr/sbin/useradd
-
n
-
c "Workstation (%u)"
-
M
-
d
/nohome
-
s /bin/false "%u"

; delete user script = /usr/sbin/userdel "%u"

; delete user from group script = /usr/s
bin/userdel "%u" "%g"

; delete group script = /usr/sbin/groupdel "%g"



#
-----------------------

Browser Control Options
---------------------------
-

#

# set local master to no if you don't want Samba to become a master

# browser on your network. Ot
herwise the normal election rules apply

#

# OS Level determines the precedence of this server in master browser

# elections. The default value should be reasonable

#

# Preferred Master causes Samba to force a local browser election on startup

# and gives i
t a slightly higher chance of winning the election

; local master = no

; os level = 33

; preferred master = yes


#
-----------------------------

Name Resolution
------------------------------
-

# Windows Internet Name Serving Support Sectio
n:

# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both

#

#
-

WINS Support: Tells the NMBD component of Samba to enable it's WINS
Server

#

#
-

WINS Server: Tells the NMBD components of Samba to be a WINS Client

#

#
-

WINS Proxy: Tells
Samba to answer name resolution queries on

# behalf of a non WINS capable client, for this to work there must be

# at least one WINS Server on the network. The default is NO.

#

# DNS Proxy
-

tells Samba whether or not to try to resolve NetBIOS n
ames

# via DNS nslookups.


; wins support = yes

; wins server = w.x.y.z

; wins proxy = yes


; dns proxy = yes


#
---------------------------

Printing Options
-----------------------------

#

# Load Printers let you load automatically

the list of printers rather

# than setting them up individually

#

# Cups Options let you pass the cups libs custom options, setting it to raw

# for example will let you use drivers on your Windows clients

#

# Printcap Name let you specify an alternative p
rintcap file

#

# You can choose a non default printing system using the Printing option


;; load printers = yes

;; cups options = raw


; printcap name = /etc/printcap


#obtain list of printers automatically on SystemV

; printca
p name = lpstat

; printing = cups


#
---------------------------

Filesystem Options
---------------------------

#

# The following options can be uncommented if the filesystem supports

# Extended Attributes and they are enabled (usually by the mount o
ption

# user_xattr). Thess options will let the admin store the DOS attributes

# in an EA and make samba not mess with the permission bits.

#

# Note: these options can also be set just per share, setting them in global

# makes them the default for all shar
es


; map archive = no

; map hidden = no

; map read only = no

; map system = no

; store dos attributes = yes



#============================ Share Definitions
==============================


;[homes]

; comment = Home Dir
ectories

; browseable = no

; writable = yes

; valid users = %S

; valid users = MYDOMAIN
\
%S


;[printers]

; comment = All Printers

; path = /var/spool/samba

; browseable = no

; guest ok = no

; writable =
no

; printable = yes


# Un
-
comment the following and create the netlogon directory for Domain
Logons

; [netlogon]

; comment = Network Logon Service

; path = /var/lib/samba/netlogon

; guest ok = yes

; writable = no

;

share modes = no



# Un
-
comment the following to provide a specific roving profile share

# the default is to use the user's home directory

; [Profiles]

; path = /var/lib/samba/profiles

; browseable = no

; guest ok = yes



# A publ
icly accessible directory, but read only, except for people in

# the "staff" group

; [public]

; comment = Public Stuff

; path = /home/samba

; public = yes

; writable = yes

; printable = no

; write list = +staff




[depot]


comment = Public files on Elrond


path = /var/shares/depot


read only = yes


guest ok = yes



[depot192]


comment = CIS 192 files on Elrond


path = /var/shares/depot192


valid users = c
is192


read only = yes


guest ok = yes

[root@elrond ~]#


[root@elrond mnt]#
smbclient
-
L william

Password:
<no password
used
>

Domain=[WILLIAM] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]



Sharename Type Comment



---------

----

-------


IPC$ IPC Remote IPC


depot Disk


depot192 Disk



ADMIN$ Disk Remote Admin


C$ Disk Default share

Domain=[W
ILLIAM] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]



Server Comment


---------

-------



Workgroup Master


---------

-------



[root@elrond ~]#
cat /etc/sysconfig/iptables

#

Generated by iptables
-
save v1.3.5 on Mon Apr 27 05:40:33 2009

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [40290:3203724]

:RH
-
Firewall
-
1
-
INPUT
-

[0:0]

-
A INPUT
-
j RH
-
Firewall
-
1
-
INPUT

-
A FORWARD
-
j RH
-
Firewall
-
1
-
INPUT

-
A RH
-
Firewall
-
1
-
INPUT
-
i lo
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p icmp
-
m icmp
--
icmp
-
type any
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p esp
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p ah
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
d 224.0.0.251
-
p udp
-
m udp
--
dport 5353
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p udp
-
m udp
--
dport 631
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p tcp
-
m tcp
--
dport 631
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
m state
--
state RELATED,ESTABLISHED
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p tcp
-
m state
--
state NEW
-
m tcp
--
dport 445
-
j ACCEPT

-
A
RH
-
Firewall
-
1
-
INPUT
-
p tcp
-
m state
--
state NEW
-
m tcp
--
dport 139
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p udp
-
m state
--
state NEW
-
m udp
--
dport 138
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
p udp
-
m state
--
state NEW
-
m udp
--
dport 137
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
IN
PUT
-
p tcp
-
m state
--
state NEW
-
m tcp
--
dport 22
-
j ACCEPT

-
A RH
-
Firewall
-
1
-
INPUT
-
j REJECT
--
reject
-
with icmp
-
host
-
prohibited

COMMIT

# Completed on Mon Apr 27 05:40:33 2009

[root@elrond ~]#



[root@elrond ~]# iptables
-
L

Chain INPUT (policy ACCEPT)

targe
t prot opt source destination

RH
-
Firewall
-
1
-
INPUT all
--

anywhere anywhere


Chain FORWARD (policy ACCEPT)

target prot opt source destination

RH
-
Firewall
-
1
-
INPUT all
--

anywhere anywhere


Cha
in OUTPUT (policy ACCEPT)

target prot opt source destination


Chain RH
-
Firewall
-
1
-
INPUT (2 references)

target prot opt source destination

ACCEPT all
--

anywhere anywhere

ACCEPT icmp
--

anywhere

anywhere icmp any

ACCEPT esp
--

anywhere anywhere

ACCEPT ah
--

anywhere anywhere

ACCEPT udp
--

anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp
--

anywhere any
where udp dpt:ipp

ACCEPT tcp
--

anywhere anywhere tcp dpt:ipp

ACCEPT all
--

anywhere anywhere state RELATED,ESTABLISHED

ACCEPT tcp
--

anywhere anywhere state
NEW tcp dpt:microsoft
-
ds

ACCEPT tcp
--

anywhere anywhere state NEW tcp dpt:netbios
-
ssn

ACCEPT udp
--

anywhere anywhere state NEW udp dpt:netbios
-
dgm

ACCEPT udp
--

anywhere anywhere

state NEW udp dpt:netbios
-
ns

ACCEPT tcp
--

anywhere anywhere state NEW tcp dpt:ssh

REJECT all
--

anywhere anywhere reject
-
with icmp
-
host
-
prohibited

[root@elrond ~]#


[root@elrond ~]#
ls
-
lRZ /var/shares

/var/shares:

drwxr
-
xr
-
x cis192 users root:object_r:samba_share_t depot

drwxr
-
xr
-
x cis192 users root:object_r:samba_share_t depot192


/var/shares/depot:

-
rw
-
r
--
r
--

root root root:object_r:samba_share_t bho.txt

-
rw
-
r
--
r
--

root root root:object_r:samba_share_t hk.txt

-
rw
-
r
--
r
--

root root root:object_r:samba_share_t jfk.txt


/var/shares/depot192:

-
rw
-
r
--
r
--

cis192 users root:object_r:samba_share_t hk.txt

[root@elrond ~]#


[root@legolas ~]#
smbclient
-
U cis19
2 //elrond/depot192

Password:

Domain=[ELROND] OS=[Unix] Server=[Samba 3.0.33
-
3.7.el5]

smb:
\
> ls


. D 0 Wed Jan 21 13:12:30 2009


.. D 0 Wed Jan 21 13:23:10 2009


hk.txt

73 Wed Jan 21 15:38:30 2009



61499 blocks of size 65536. 23703 blocks available

smb:
\
>




Setup (Step 2
a
)

Elrond


[root@elrond ~]#
service network restart

Shutting down interface eth0:

[ OK ]

Shutting down interface eth1: [ OK ]

Shutting down loopback interface: [ OK ]

Disabling IPv4 packet forwarding: net.ipv4.ip_forward = 0



[ OK ]

Bringing up loopback interface: [ OK ]

Bringing up interface eth0: [ OK ]

Bringing up interface eth1: [ OK ]

[root@elrond ~]#


[root
@elrond ~]#
cat /etc/sysconfig/network
-
scripts/ifcfg
-
eth0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE=eth0

BOOTPROTO=
static

HWADDR=00:0C:29:4E:21:9B

ONBOOT=yes

IPADDR=
172.30.4.107

NETMASK=
255.255.255.0

BROADCAST=
172.30.4.255


[root@elrond
~]#
cat /etc/sysconfig/network
-
scripts/ifcfg
-
eth1

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE=eth1

BOOTPROTO=
static

HWADDR=00:0C:29:4E:21:A5

ONBOOT=yes

IPADDR=
192.168.2.107

NETMASK=
255.255.255.0

BROADCAST=
192.168.2.255


[root@elrond ~]#
if
config

eth0 Link encap:Ethernet HWaddr 00:0C:29:4E:21:9B


inet addr:
172.30.4.107

Bcast:
172.30.4.255

Mask:
255.255.255.0


inet6 addr: fe80::20c:29ff:fe4e:219b/64 Scope:Link


UP BROADCAST RUNNING MULTICAST MTU:1500 Metri
c:1


RX packets:32 errors:0 dropped:0 overruns:0 frame:0


TX packets:70 errors:0 dropped:0 overruns:0 carrier:0


collisions:0 txqueuelen:1000


RX bytes:8721 (8.5 KiB) TX bytes:11317 (11.0 KiB)


Interrupt:177 B
ase address:0x1424


eth1 Link encap:Ethernet HWaddr 00:0C:29:4E:21:A5


inet addr:
192.168.2.107

Bcast:
192.168.2.255

Mask:
255.255.255.0


inet6 addr: fe80::20c:29ff:fe4e:21a5/64 Scope:Link


UP BROADCAST RUNNING MULTICAST

MTU:1500 Metric:1


RX packets:37 errors:0 dropped:0 overruns:0 frame:0


TX packets:69 errors:0 dropped:0 overruns:0 carrier:0


collisions:0 txqueuelen:1000


RX bytes:3203 (3.1 KiB) TX bytes:17159 (16.7 KiB)



Interrupt:185 Base address:0x14a4


lo Link encap:Local Loopback


inet addr:127.0.0.1 Mask:255.0.0.0


inet6 addr: ::1/128 Scope:Host


UP LOOPBACK RUNNING MTU:16436 Metric:1


RX packets:20 errors:0 dropped:0
overruns:0 frame:0


TX packets:20 errors:0 dropped:0 overruns:0 carrier:0


collisions:0 txqueuelen:0


RX bytes:1364 (1.3 KiB) TX bytes:1364 (1.3 KiB)



Setup (Step 2
a
)

Legolas


[root@legolas ~]#
service network restart

Shutting

down interface eth0: [ OK ]

Shutting down loopback interface: [ OK ]

Bringing up loopback interface: [ OK ]

Bringing up interface eth0: [

OK ]

[root@legolas ~]#


[root@legolas ~]#
cat /etc/sysconfig/network
-
scripts/ifcfg
-
eth0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE=eth0

BOOTPROTO=static

HWADDR=00:0C:29:7C:18:F5

ONBOOT=yes

IPADDR=
192.168.2.105

NETMASK=
255.255.255.0

BRO
ADCAST=
192.168.2.255


[root@legolas ~]#
cat /etc/sysconfig/network
-
scripts/ifcfg
-
eth1

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE=eth1

BOOTPROTO=
none

HWADDR=00:0C:29:7C:18:FF

ONBOOT=
no

[root@legolas ~]#


[root@legolas ~]#
ifconfig

eth0

Link encap:Ethernet HWaddr 00:0C:29:7C:18:F5


inet addr:
192.168.2.105

Bcast:
192.168.2.255

Mask:
255.255.255.0


inet6 addr: fe80::20c:29ff:fe7c:18f5/64 Scope:Link


UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1



RX packets:39 errors:0 dropped:0 overruns:0 frame:0


TX packets:52 errors:0 dropped:0 overruns:0 carrier:0


collisions:0 txqueuelen:1000


RX bytes:8735 (8.5 KiB) TX bytes:9771 (9.5 KiB)


Interrupt:177 Base address:0x1
424


lo Link encap:Local Loopback


inet addr:127.0.0.1 Mask:255.0.0.0


inet6 addr: ::1/128 Scope:Host


UP LOOPBACK RUNNING MTU:16436 Metric:1


RX packets:115 errors:0 dropped:0 overruns:0 frame:0


T
X packets:115 errors:0 dropped:0 overruns:0 carrier:0


collisions:0 txqueuelen:0


RX bytes:10908 (10.6 KiB) TX bytes:10908 (10.6 KiB)




Setup (Step 2
b
)

Elrond



[root@elrond ~]#
cat /etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6
=no

HOSTNAME=elrond.rivendell

GATEWAY=172.30.4.1


[root@elrond ~]#
route
-
n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

172.30.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

1
92.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1

0.0.0.0

172.30.4.1

0.0.0.0 UG 0 0 0 eth0



Setup (Step 2
b
)

Legolas


[root@legolas ~]#
cat /etc/sysconfig/network

NETWORKING=yes

NETWORKING_IPV6=no

HOSTNAME=legolas.rivendell

GATEWAY=192.168.2.107


[root@legolas ~]#
route
-
n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Ifa
ce

192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0

0.0.0.0

192.168.2.107

0.0.0.0 UG 0 0 0 eth0

[root@legolas ~]#


Set
up (Step 2
c
)

Elrond


[root@elrond ~]#
cat /etc/resolv.conf

nameserver 207.62.187.54

[root@elrond ~]#



Setup (Step 2
c
)

Legolas


[root@legolas ~]#
cat /etc/resolv.conf

nameserver 207.62.187.54

[root@legolas ~]#


Setup (Step 2
d
)

Elrond


[root@elrond ~]#
ca
t /proc/sys/net/ipv4/ip_forward


1

[root@elrond ~]#


[root@elrond ~]#
cat /etc/sysctl.conf

# Kernel sysctl configuration file for Red Hat Linux

#

# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and

# sysctl.conf(5) for more details.


# Co
ntrols IP packet forwarding

net.ipv4.ip_forward = 1


# Controls source route verification

net.ipv4.conf.default.rp_filter = 1


# Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0


# Controls the System Request debugging functionali
ty of the kernel

kernel.sysrq = 0


# Controls whether core dumps will append the PID to the core filename

# Useful for debugging multi
-
threaded applications

kernel.core_uses_pid = 1


# Controls the use of TCP syncookies

net.ipv4.tcp_syncookies = 1


# Contr
ols the maximum size of a message, in bytes

kernel.msgmnb = 65536


# Controls the default maxmimum size of a mesage queue

kernel.msgmax = 65536


# Controls the maximum shared segment size, in bytes

kernel.shmmax = 4294967295


# Controls the maximum number
of shared memory segments, in pages

kernel.shmall = 268435456


[root@elrond ~]#
sysctl
-
p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_synco
okies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 4294967295

kernel.shmall = 268435456



Setup (Step 2
e
)

Elrond


[root@elrond ~]#
iptables
-
L FORWARD
--
line
-
numbers

Chain FORWARD (policy ACCEPT)

num target prot opt source

destination

1 RH
-
Firewall
-
1
-
INPUT all
--

anywhere anywhere


[root@elrond ~]#
iptables
-
D FORWARD 1


[root@elrond ~]#
iptables
-
L FORWARD
--
line
-
numbers

Chain FORWARD (policy ACCEPT)

num target prot opt sou
rce destination

[root@elrond ~]#



[root@elrond ~]#
iptables
-
nL FORWARD

Chain FORWARD (policy ACCEPT)

target prot opt source destination

[root@elrond ~]#


Setup (Step
3
)

William





Setup (Step
4
)

William


C:
\
Documents and Settings
\
Administrator>
route add 192.168.2.0 mask
255.255.255.0 172.30.4.107


C:
\
Documents and Settings
\
Administrator>
route PRINT

===========================================================================

Interface List

0x1 ............
............... MS TCP Loopback interface

0x10003 ...00 0c 29 d4 38 ad ...... AMD PCNET Family PCI Ethernet Adapter
-

Packet Scheduler Miniport

===========================================================================

====================================
=======================================

Active Routes:

Network Destination Netmask Gateway Interface Metric


0.0.0.0 0.0.0.0 172.30.4.1 172.30.4.193 10


127.0.0.0 255.0.0.0 127.0.
0.1 127.0.0.1 1


172.30.4.0 255.255.255.0 172.30.4.193 172.30.4.193 10


172.30.4.193 255.255.255.255 127.0.0.1 127.0.0.1 10


172.30.255.255 255.255.255.255 172.30.4.193 172.30.4.193
10


192.168.2.0

255.255.255.0 172.30.4.107 172.30.4.193 1


192.168.2.105 255.255.255.255 172.30.4.107 172.30.4.193 1


224.0.0.0 240.0.0.0 172.30.4.193 172.30.4.193 10


255.255.255.255 255.2
55.255.255 172.30.4.193 172.30.4.193 1

Default Gateway: 172.30.4.1

===========================================================================

Persistent Routes:


None


C:
\
Documents and Settings
\
Administrator>


Setup (Step
5
)

William


C:
\
Documents and Settings
\
Administrator>
ipconfig /all


Windows IP Configuration



Host Name . . . . . . . . . . . . : william


Primary Dns Suffix . . . . . . . :


Node Type . . . . . . . . . . . . : Unknown


IP Routing Enabled.

. . . . . . . : No


WINS Proxy Enabled. . . . . . . . : No


DNS Suffix Search List. . . . . . : Shire


Ethernet adapter Local Area Connection:



Connection
-
specific DNS Suffix . : Shire


Description . . . . . . . . . . . : VMw
are Accelerated AMD PCNet
Adapter



Physical Address. . . . . . . . . : 00
-
0C
-
29
-
D4
-
38
-
AD


Dhcp Enabled. . . . . . . . . . . : Yes


Autoconfiguration Enabled . . . . : Yes


IP Address. . . . . . . . . . . . :
172.30.4.193



Subnet Mask . . . . . . . . . . . : 255.255.255.0


Default Gateway . . . . . . . . . : 172.30.4.1


DHCP Server . . . . . . . . . . . : 172.30.4.1


DNS Servers . . . . . . . . . . . : 207.62.187.54


Lease Obtained. . . . . . .
. . . : Friday, April 24, 2009 4:20:28 PM


Lease Expires . . . . . . . . . . : Friday, April 24, 2009 10:20:28

P
M



Setup (Step
6
)

Elrond


[root@elrond ~]#
cat /etc/hosts

# Do not remove the following line, or various programs

# that require network

functionality will fail.

127.0.0.1 elrond.rivendell elrond localhost.rivendell localhost
elrond.rivendell

::1 localhost6.rivendell6 localhost6

172.30.4.193 william

192.168.2.105 legolas




Setup (Step
7
)

Legolas


[root@legolas ~]#
c
at /etc/hosts

# Do not remove the following line, or various programs

# that require network functionality will fail.

127.0.0.1 legolas.localdomain legolas localhost.localdomain localhost

::1 localhost6.localdomain6 localhost6

192.168.2.1
07 elrond

172.30.4.193 william





Setup (Step
8
)

William




# Copyright (c) 1993
-
1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# ent
ry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as thes
e) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host


127.0.0.1

localhost

172.30.4.107 elrond

192.168.2.105 legolas



Setup (Step
9
)

Elrond


[root@elrond ~]#
ping
-
c2 william

PING william (172.30.4.193) 56(84) bytes of data.

64 bytes from william (172.30.4.193): icmp_seq=1 ttl=128 time=7.72 ms

64 bytes from wi
lliam (172.30.4.193): icmp_seq=2 ttl=128 time=11.4 ms


---

william ping statistics
---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 7.723/9.599/11.475/1.876 ms


[root@elrond ~]#
ping
-
c2 legolas

PING legolas (192.16
8.2.105) 56(84) bytes of data.

64 bytes from legolas (192.168.2.105): icmp_seq=1 ttl=64 time=3.96 ms

64 bytes from legolas (192.168.2.105): icmp_seq=2 ttl=64 time=1.20 ms


---

legolas ping statistics
---

2 packets transmitted, 2 received, 0% packet loss, t
ime 1000ms

rtt min/avg/max/mdev = 1.205/2.583/3.961/1.378 ms

[root@elrond ~]#


Setup (Step
9
)

Legolas


[root@legolas ~]#
ping
-
c2 elrond

PING elrond (192.168.2.107) 56(84) bytes of data.

64 bytes from elrond (192.168.2.107): icmp_seq=1 ttl=64 time=9.62 ms

64 bytes from elrond (192.168.2.107): icmp_seq=2 ttl=64 time=1.53 ms


---

elrond ping statistics
---

2 packets transmitted, 2 received, 0% packet loss, time 1000ms

rtt min/avg/max/mdev = 1.533/5.579/9.626/4.047 ms


[root@legolas ~]#
ping
-
c2 william

PING w
illiam (172.30.4.193) 56(84) bytes of data.

64 bytes from william (172.30.4.193): icmp_seq=1 ttl=127 time=2.35 ms

64 bytes from william (172.30.4.193): icmp_seq=2 ttl=127 time=1.98 ms


---

william ping statistics
---

2 packets transmitted, 2 received, 0% p
acket loss, time 1001ms

rtt min/avg/max/mdev = 1.980/2.168/2.357/0.194 ms

[root@legolas ~]#


Setup (Step
9
)

William


C:
\
Documents and Settings
\
Administrator>
ping elrond


Pinging elrond [172.30.4.107] with 32 bytes of data:


Reply from 172.30.4.107: bytes=3
2 time=2ms TTL=64

Reply from 172.30.4.107: bytes=32 time<1ms TTL=64

Reply from 172.30.4.107: bytes=32 time<1ms TTL=64

Reply from 172.30.4.107: bytes=32 time<1ms TTL=64


Ping statistics for 172.30.4.107:


Packets: Sent = 4, Received = 4, Lost = 0 (0% los
s),

Approximate round trip times in milli
-
seconds:


Minimum = 0ms, Maximum = 2ms, Average = 0ms


C:
\
Documents and Settings
\
Administrator>
ping legolas


Pinging legolas [192.168.2.105] with 32 bytes of data:


Reply from 192.168.2.105: bytes=32 time=5ms TT
L=63

Reply from 192.168.2.105: bytes=32 time=1ms TTL=63

Reply from 192.168.2.105: bytes=32 time=1ms TTL=63

Reply from 192.168.2.105: bytes=32 time=1ms TTL=63


Ping statistics for 192.168.2.105:


Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Appro
ximate round trip times in milli
-
seconds:


Minimum = 1ms, Maximum = 5ms, Average = 2ms


C:
\
Documents and Settings
\
Administrator>


Setup (Step
10
)

Elrond


[root@elrond ~]#
ping
-
c2 google.com

PING google.com (209.85.171.100) 56(84) bytes of data.

64 byte
s from cg
-
in
-
f100.google.com (209.85.171.100): icmp_seq=1 ttl=244
time=34.3 ms

64 bytes from cg
-
in
-
f100.google.com (209.85.171.100): icmp_seq=2 ttl=244
time=32.1 ms


---

google.com ping statistics
---

2 packets transmitted, 2 received, 0% packet loss, time

1000ms

rtt min/avg/max/mdev = 32.124/33.239/34.354/1.115 ms

[root@elrond ~]#



Setup (Step
10
)

Legolas


[root@legolas ~]#
ping
-
c2 google.com

PING google.com (74.125.45.100) 56(84) bytes of data.

64 bytes from yx
-
in
-
f100.google.com (74.125.45.100): icmp_s
eq=1 ttl=243
time=128 ms

64 bytes from yx
-
in
-
f100.google.com (74.125.45.100): icmp_seq=2 ttl=243
time=46.4 ms


---

google.com ping statistics
---

2 packets transmitted, 2 received, 0% packet loss, time 1001ms

rtt min/avg/max/mdev = 46.425/87.452/128.480/41
.028 ms

[root@legolas ~]#



Part 1

(Step
1
)

William








Part 1 (Step 2
b
)


[root@elrond mnt]# rpm
-
qa | grep samba

samba
-
common
-
3.0.28
-
1.el5_2.1

samba
-
client
-
3.0.28
-
1.el5_2.1


Part 1 (Step 2
c
)


[root@elrond mnt]# smbclient
-
L william

Password:
<no pass
word
used
>

Domain=[WILLIAM] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]



Sharename Type Comment


---------

----

-------


IPC$ IPC Remote IPC


depot Disk


depo
t192 Disk


ADMIN$ Disk Remote Admin


C$ Disk Default share

Domain=[WILLIAM] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]



Server Comment


---------

---
----



Workgroup Master


---------

-------


Part 1 (Step 2
d
)


[root@elrond mnt]# mount //william/depot /mnt

Password:

[root@elrond mnt]# cd /mnt

[root@elrond mnt]# ls

bho.txt jfk.txt

[root@elrond mnt]# head bho.txt

In
augural Address

-----------------


My fellow citizens:


I stand here today humbled by the task before us, grateful for the trust you
have bestowed, mindful of the sacrifices borne by our ancestors. I thank
President Bush for his service to our nation, as w
ell as the generosity and
co
-
operation he has shown throughout this transition.


Forty
-
four Americans have now taken the presidential oath. The words have
been spoken during rising tides of prosperity and the still waters of peace.
Yet, every so often the
oath is taken amidst gathering clouds and raging
storms.


At these moments, America has carried on not simply because of the skill or
vision of those in high office, but because we, the people, have remained
faithful to the ideals of our forbears, and true

to our founding documents.

[root@elrond mnt]# head jfk.txt


My fellow citizens:


I stand here today humbled by the task before us, grateful for the trust you
have bestowed, mindful of the sacrifices borne by our ancestors. I thank
President Bush for his
service to our nation, as well as the generosity and
co
-
operation he has shown throughout this transition.


Forty
-
four Americans have now taken the presidential oath. The words have
been spoken during rising tides of prosperity and the still waters of peac
e.
Yet, every so often the oath is taken amidst gathering clouds and raging
storms.


At these moments, America has carried on not simply because of the skill or
vision of those in high office, but because we, the people, have remained
faithful to the ideal
s of our forbears, and true to our founding documents.


So it has been. So it must be with this generation of Americans.


[root@elrond mnt]# umount /mnt

unmount error 16 = Device or resource busy

Refer to the umount.cifs(8) manual page (man 8 umount.cifs)

unmount error 16 = Device or resource busy

Refer to the umount.cifs(8) manual page (man 8 umount.cifs)

unmount error 16 = Device or resource busy

Refer to the umount.cifs(8) manual page (man 8 umount.cifs)

[root@elrond mnt]# cd

[root@elrond ~]# umount /mnt


Part 1 (Step 2
e
)


[root@elrond ~]# mount
-
o username=cis191 //william/depot192 /mnt

Password:

mount error 20 = Not a directory

Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)


Part 1 (Step 2
f
)


[root@elrond ~]# mount
-
o username=cis192 //wil
liam/depot192 /mnt

Password:

[root@elrond ~]# ls

anaconda
-
ks.cfg bho.txt Desktop install.log install.log.syslog jfk.txt

[root@elrond ~]# ls /mnt

bho.txt jfk.txt

[root@elrond ~]# umount /mnt


Part 1 (Step 2
g
)


[root@elrond ~]# smbclient
-
U cis192 //w
illiam/depot192

Password:

Domain=[WILLIAM] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]

smb:
\
> help

? altname archive blocksize cancel

case_sensitive cd chmod chown close


del dir du exit get

getfacl hardlink help history lcd

link lock lowercase ls mask

md mget

mkdir more mput

newer open posix posix_open posix_mkdir

posix_rmdir posix_unlink print prompt put

pwd q queue quit

rd

recurse reget rename reput rm

rmdir showacls setmode stat symlink

tar tarmode translate unlock volume

vuid

wdel logon listconnect showconnect

!

smb:
\
> ls


. D 0 Tue Jan 20 12:55:11 2009


.. D 0 Tue Jan 20 12:55:11 2009


bho.t
xt A 13775 Wed Jan 21 09:08:10 2009


jfk.txt A 13663 Wed Jan 21 09:03:51 2009



49073 blocks of size 131072. 26046 blocks available

smb:
\
> dir


.

D 0 Tue Jan 20 12:55:11 2009


.. D 0 Tue Jan 20 12:55:11 2009


bho.txt A 13775 Wed Jan 21 09:08:10 2009


jfk.txt A 13663 Wed Jan 21 09
:03:51 2009



49073 blocks of size 131072. 26046 blocks available

smb:
\
> mget *.txt

Get file bho.txt? y

getting file
\
bho.txt of size 13775 as bho.txt (130.6 kb/s) (average 130.6
kb/s)

Get file jfk.txt? y

getting file
\
jfk.txt of size 13663

as jfk.txt (173.3 kb/s) (average 148.9
kb/s)

smb:
\
> quit

[root@elrond ~]#


Part
2

(Step
2
)


[root@elrond ~]# rpm
-
qa | grep samba

samba
-
3.0.28
-
1.el5_2.1

samba
-
common
-
3.0.28
-
1.el5_2.1

samba
-
client
-
3.0.28
-
1.el5_2.1

[root@elrond ~]#


Part
2

(Step
3
)


[root
@elrond tmp]# cd /var

[root@elrond var]# ls

account db games lib lock mail opt racoon shares tmp yp

cache empty gdm local log nis preserve run spool www

[root@elrond var]# ls shares/

depot depot192

[root@elrond var]#

ls shares/depot

hk.txt

[root@elrond var]# cd shares/

[root@elrond shares]# ls

depot depot192

[root@elrond shares]# ls
-
l

total 16

drwxr
-
xr
-
x 2 cis192 users 4096 Jan 21 10:48 depot

drwxr
-
xr
-
x 2 cis192 users 4096 Jan 21 13:12 depot192

[root@elrond shares]#

cd ..

[root@elrond var]# ls

account db games lib lock mail opt racoon shares tmp yp

cache empty gdm local log nis preserve run spool www

[root@elrond var]# ls
-
ld shares

drwxr
-
xr
-
x 4 root root 4096 Jan 21 13:23 share
s

[root@elrond var]# ls
-
lR shares

shares:

total 16

drwxr
-
xr
-
x 2 cis192 users 4096 Jan 21 10:48 depot

drwxr
-
xr
-
x 2 cis192 users 4096 Jan 21 13:12 depot192


shares/depot:

total 8

-
rw
-
r
--
r
--

1 cis192 users 73 Jan 21 10:48 hk.txt


shares/depot192:

total 8

-
rw
-
r
--
r
--

1 cis192 users 73 Jan 21 15:38 hk.txt


Part
2

(Step
4
)


[root@elrond var]# cat /etc/paswd | grep cis191

cat: /etc/paswd: No such file or directory

[root@elrond var]# cat /etc/passwd | grep cis191

cis191:x:501:100:CIS 191 student:/home/cis191:/bin/b
ash

[root@elrond var]# cat /etc/passwd | grep cis192

cis192:x:500:501:CIS 192:/home/cis192:/bin/bash


Part
2

(Step
6
)


[root@elrond var]# tail
-
15 /etc/samba/smb.conf

; printable = no

; write list = +staff



[depot]


comment = Pu
blic files on Elrond


path = /var/shares/depot


read only = yes


guest ok = yes



[depot192]


comment = CIS 192 files on Elrond


path = /var/shares/depot192


valid users = cis192


read only = yes



guest ok = yes

[root@elrond var]#

[root@elrond var]# cat /etc/samba/smb.conf | grep "server string"

# server string is the equivalent of the NT Description field


server string = Cool Samba Server

[root@elrond var]# cat /etc/samba/smb.conf | g
rep "workgroup"

# workgroup = NT
-
Domain
-
Name or Workgroup
-
Name, eg: MIDEARTH


workgroup = WORKGROUP


Part
2

(Step
7
)


[root@elrond var]# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[depot]"

Processing section "[depot
192]"

Loaded services file OK.

Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions


[global]


server string = Cool Samba Server


passdb backend = tdbsam


[depot]


comment = Public files on Elrond


path = /var/shares/depot


guest ok = Yes


[depot192]


comment = CIS 192 files on Elrond


path = /var/shares/depot192


valid users = cis192


guest ok = Yes


Part
2

(Step
8
)


[root@elrond var]# service smb stop

Shutting dow
n SMB services: [ OK ]

Shutting down NMB services: [ OK ]

[root@elrond var]# service smb start

Starting SMB services: [ OK ]

Starting NMB services:

[ OK ]


Part
2

(Step
10
)


[root@elrond var]# iptables
-
L

Chain INPUT (policy ACCEPT)

target prot opt source destination

RH
-
Firewall
-
1
-
INPUT all
--

anywhere anywhere


Ch
ain FORWARD (policy ACCEPT)

target prot opt source destination

RH
-
Firewall
-
1
-
INPUT all
--

anywhere anywhere


Chain OUTPUT (policy ACCEPT)

target prot opt source destination


C
hain RH
-
Firewall
-
1
-
INPUT (2 references)

target prot opt source destination

ACCEPT all
--

anywhere anywhere

ACCEPT icmp
--

anywhere anywhere icmp any

ACCEPT esp
--

a
nywhere anywhere

ACCEPT ah
--

anywhere anywhere

ACCEPT udp
--

anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp
--

anywhere anywhere udp dpt:ipp

ACCE
PT tcp
--

anywhere anywhere tcp dpt:ipp

ACCEPT all
--

anywhere anywhere state RELATED,ESTABLISHED

ACCEPT tcp
--

anywhere anywhere state NEW tcp dpt:ssh

REJECT all

--

anywhere anywhere reject
-
with icmp
-
host
-
prohibited


[root@elrond var]# iptables
-
nL

Chain INPUT (policy ACCEPT)

target prot opt source destination

RH
-
Firewall
-
1
-
INPUT all
--

0.0.0.0/0 0
.0.0.0/0


Chain FORWARD (policy ACCEPT)

target prot opt source destination

RH
-
Firewall
-
1
-
INPUT all
--

0.0.0.0/0 0.0.0.0/0


Chain OUTPUT (policy ACCEPT)

target prot opt source
destination


Chain RH
-
Firewall
-
1
-
INPUT (2 references)

target prot opt source destination

ACCEPT all
--

0.0.0.0/0 0.0.0.0/0

ACCEPT icmp
--

0.0.0.0/0 0.0.0.0/0 icmp typ
e 255

ACCEPT esp
--

0.0.0.0/0 0.0.0.0/0

ACCEPT ah
--

0.0.0.0/0 0.0.0.0/0

ACCEPT udp
--

0.0.0.0/0 224.0.0.251 udp dpt:5353

ACCEPT udp
--

0.0.0.0/0 0.0.0.0/0

udp dpt:631

ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 tcp dpt:631

ACCEPT all
--

0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 state NEW

tcp dpt:22

REJECT all
--

0.0.0.0/0 0.0.0.0/0 reject
-
with icmp
-
host
-
prohibited


[root@elrond var]# iptables
-
nL
--
line
-
numbers

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1
RH
-
Firewall
-
1
-
INPUT all
--

0.0.0.0/0 0.0.0.0/0


Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 RH
-
Firewall
-
1
-
INPUT all
--

0.0.0.0/0 0.0.0.0/0


Chain OU
TPUT (policy ACCEPT)

num target prot opt source destination


Chain RH
-
Firewall
-
1
-
INPUT (2 references)

num target prot opt source destination

1 ACCEPT all
--

0.0.0.0/0 0.0.0.0/0


2 ACCEPT icmp
--

0.0.0.0/0 0.0.0.0/0 icmp type 255

3 ACCEPT esp
--

0.0.0.0/0 0.0.0.0/0

4 ACCEPT ah
--

0.0.0.0/0 0.0.0.0/0

5 ACCEPT udp
--

0.0.0.0/
0 224.0.0.251 udp dpt:5353

6 ACCEPT udp
--

0.0.0.0/0 0.0.0.0/0 udp dpt:631

7 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 tcp dpt:631

8 ACCEPT all
--

0.0.0.0/0 0.0.0
.0/0 state RELATED,ESTABLISHED

9 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

10 REJECT all
--

0.0.0.0/0 0.0.0.0/0 reject
-
with icmp
-
host
-
prohibited


[root@elrond var]# servic
e iptables restart

Flushing firewall rules: [ OK ]

Setting chains to policy ACCEPT: filter [ OK ]

Unloading iptables modules: [ OK ]

Applying iptables firewall rules:

[ OK ]

Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]


[root@elrond var]# iptables
-
nL
--
line
-
numbers

Chain INPUT (policy ACCEPT)

num target prot opt source destination

1 RH
-
Fi
rewall
-
1
-
INPUT all
--

0.0.0.0/0 0.0.0.0/0


Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 RH
-
Firewall
-
1
-
INPUT all
--

0.0.0.0/0 0.0.0.0/0


Chain OUTPUT
(policy ACCEPT)

num target prot opt source destination


Chain RH
-
Firewall
-
1
-
INPUT (2 references)

num target prot opt source destination

1 ACCEPT all
--

0.0.0.0/0 0.0.0.0/0


2 ACCEPT icmp
--

0.0.0.0/0 0.0.0.0/0 icmp type 255

3 ACCEPT esp
--

0.0.0.0/0 0.0.0.0/0

4 ACCEPT ah
--

0.0.0.0/0 0.0.0.0/0

5 ACCEPT udp
--

0.0.0.0/0

224.0.0.251 udp dpt:5353

6 ACCEPT udp
--

0.0.0.0/0 0.0.0.0/0 udp dpt:631

7 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 tcp dpt:631

8 ACCEPT all
--

0.0.0.0/0 0.0.0.0/0

state RELATED,ESTABLISHED

9 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

10 REJECT all
--

0.0.0.0/0 0.0.0.0/0 reject
-
with icmp
-
host
-
prohibited


[root@elrond var]# iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p udp
-
m state
--
state NEW
-
m udp
--
dport
137
-
j ACCEPT

[root@elrond var]# iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p udp
-
m state
--
state NEW
-
m udp
--
dport
138
-
j ACCEPT

[root@elrond var]# iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p tcp
-
m

state
--
state NEW
-
m tcp
--
dport
139
-
j ACCEPT

[root@elrond var]# iptables
-
I RH
-
Firewall
-
1
-
INPUT 9
-
p tcp
-
m state
--
state NEW
-
m tcp
--
dport
445
-
j ACCEPT


[root@elrond var]# iptables
-
nL
--
line
-
numbers

Chain INPUT (policy ACCEPT)

num target prot
opt source destination

1 RH
-
Firewall
-
1
-
INPUT all
--

0.0.0.0/0 0.0.0.0/0


Chain FORWARD (policy ACCEPT)

num target prot opt source destination

1 RH
-
Firewall
-
1
-
INPUT all
--

0.0.0.0/0 0.0.0.0/0


Chain OUTPUT (policy ACCEPT)

num target prot opt source destination


Chain RH
-
Firewall
-
1
-
INPUT (2 references)

num target prot opt source destination

1 ACC
EPT all
--

0.0.0.0/0 0.0.0.0/0

2 ACCEPT icmp
--

0.0.0.0/0 0.0.0.0/0 icmp type 255

3 ACCEPT esp
--

0.0.0.0/0 0.0.0.0/0

4 ACCEPT ah
--

0.0.0.0/0 0.0
.0.0/0

5 ACCEPT udp
--

0.0.0.0/0 224.0.0.251 udp dpt:5353

6 ACCEPT udp
--

0.0.0.0/0 0.0.0.0/0 udp dpt:631

7 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 tcp dpt:631

8 ACCEPT all
--

0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

9 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:445

10 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0 state NE
W tcp dpt:139

11 ACCEPT udp
--

0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:138

12 ACCEPT udp
--

0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:137

13 ACCEPT tcp
--

0.0.0.0/0 0.0.0.0/0

state NEW tcp dpt:22

14 REJECT all
--

0.0.0.0/0 0.0.0.0/0 reject
-
with icmp
-
host
-
prohibited

[root@elrond var]#