Скачать презентацию VPN Plus Samba Making My Home Computing Environment Скачать презентацию VPN Plus Samba Making My Home Computing Environment

32d19f8cef01d49b66c79eb41a6193e6.ppt

  • Количество слайдов: 28

VPN Plus Samba Making My Home Computing Environment Identical to My Work Computing Environment VPN Plus Samba Making My Home Computing Environment Identical to My Work Computing Environment

At the Office I am running Windows 2000 (sp 2) My Laptop is connected At the Office I am running Windows 2000 (sp 2) My Laptop is connected to the departmental network I can access my network files from windows the same way that I access my local files.

From Home I am not connected to the departmental network The only way to From Home I am not connected to the departmental network The only way to access my departmental network files is via ftp.

How to make home like work Create a Virtual Private Network (VPN) to allow How to make home like work Create a Virtual Private Network (VPN) to allow me to tunnel from my house to the department via my ISP (adelphia using cable modem) Set up the network to allow windows users to access resources such as files and printers on a Unix System via Samba

Setting up VPN My local machine runs Windows 2000 has VPN capabilities when using Setting up VPN My local machine runs Windows 2000 has VPN capabilities when using PPTP (point-to-point tunneling protocol). We needed a Free. BSD, Linux, or Solaris solution that supports PPTP. We decided on mpd, multi-link ppp daemon based on netgraph(4) a Free. BSD package

mpd http: //www. freebsd. org/cgi/url. cgi? port s/net/mpd/pkg-descr contains the port description http: //www. mpd http: //www. freebsd. org/cgi/url. cgi? port s/net/mpd/pkg-descr contains the port description http: //www. freebsd. org/cgi/pds. cgi? port s/net/mpd contains the source ftp: //ftp. freebsd. org/pub/Free. BSD/ports /i 386/packages-stable/All/mpd-3. 7. tgz contains the package

mpd (continued) mpd is capable of setting up n n n Multi-link PPP capability mpd (continued) mpd is capable of setting up n n n Multi-link PPP capability PAP, CHAP, and MS-CHAP authentication PPP compression and encryption Point-to-Point Tunnelling Protocol (PPTP) We implemented only what was required for this project.

mpd Installation Downloaded latest package to /root gunzip’ed the package (left in root) (un)tarred mpd Installation Downloaded latest package to /root gunzip’ed the package (left in root) (un)tarred package (into root but we cleaned up the mess when we were finished) Install in the usual manner. make install Configuration

mpd Configuration There are four configuration files: n n mpd. conf mpd. links mpd. mpd Configuration There are four configuration files: n n mpd. conf mpd. links mpd. secret mpd. script All of these are in /usr/local/etc/mpd on gw 11. Log in as root to read them.

mpd. conf This file defines what the bundles are, what the links within those mpd. conf This file defines what the bundles are, what the links within those bundles are, how the interface should be configured, and various ppp parameters… /usr/local/etc/mpd. conf contains the file. telnet: //gw 11. cs. uofs. edu

mpd. links Contains one link per simultaneous pptp connection. Ours is set up to mpd. links Contains one link per simultaneous pptp connection. Ours is set up to allow two users to connect simultaneously.

mpd. secret Unencrypted list of usernames, passwords, and ip addresses for connection to the mpd. secret Unencrypted list of usernames, passwords, and ip addresses for connection to the VPN. In other words, connecting to the VPN does not connect you as a USER to the network. There are methods of making this more secure

mpd. secret (cont) Here is the current file: n n ryan mpd. secret (cont) Here is the current file: n n ryan "running" sid "walking" 134. 198. 161. 227/28 134. 198. 161. 223/28 When connecting to the VPN one of these username/password combinations must be used. Both of them may be used simultaneously.

mpd. script Since we did no dialup connection, this script remains one of the mpd. script Since we did no dialup connection, this script remains one of the mysteries of the ages. There is an mpd. script. sample with 1558 lines available in /usr/local/etc/mpd on gw 11 if you need to use dialup scripts.

What is Samba is an open source software suite that provides file and print What is Samba is an open source software suite that provides file and print services to SMB (CIFS or Net. BIOS) clients such as Windows 95/98, Windows NT, or OS 2.

What is Samba (continued) A samba enabled Unix (or other) machine can provide the What is Samba (continued) A samba enabled Unix (or other) machine can provide the following services: n n n Share one or more filesystems Share printers installed on both the server and its clients Assist clients with Network Neighborhood browsing Authenticate clients logging onto a Windows domain Provide or assist with WINS name server resolution

What is Samba (continued) Samba revolves around a pair of Unix daemons – smbd What is Samba (continued) Samba revolves around a pair of Unix daemons – smbd nmbd smbd - A daemon that allows file and printer sharing on an SMB network and provides authentication and authorization for SMB clients nmbd - A daemon that looks after the Windows Internet Name Service (WINS), and assists with browsing

Reasons to Use Samba You don't want to pay for - or can't afford Reasons to Use Samba You don't want to pay for - or can't afford - a full-fledged Windows NT server, yet you still need the functionality that one provides. You want to set up a common area for data or user directories that will be available to Windows and Unix clients. You want to be able to share printers across both Windows and Unix workstations. You want to be able to access NT files from a Unix server.

Simple Network Setup with samba Simple Network Setup with samba

Samba Installation Samba can be installed in the usual ways (ie by ports, package, Samba Installation Samba can be installed in the usual ways (ie by ports, package, or rpm installation). Samba is also included in red-hat linux and unix distributions. Samba is supported for the following types of machines – Unix, Linux, VMS, MVS, OS/2, Stratus-VOS, Amiga, MPE/i. X We chose to do a package installation on a red-hat 7. 2 machine running NFS.

Samba Installation (cont. ) 1 st we downloaded samba from the samba homepage into Samba Installation (cont. ) 1 st we downloaded samba from the samba homepage into root’s home directory sambalatest. tar. gz Steps for simple installation: n n n unzip and untar the file Cd into package’s directory Run make install with no configuration options More configuration options? Then read: n n docs/textdocs/WHATSNEW. txt docs/textdocs/UNIX_INSTALL. txt

Samba Installation Directories /usr/local/samba - Main tree /usr/local/samba/bin - Binaries /usr/local/samba/lib - smb. conf, Samba Installation Directories /usr/local/samba - Main tree /usr/local/samba/bin - Binaries /usr/local/samba/lib - smb. conf, lmhosts, configuration files, etc. /usr/local/samba/man - Samba documentation /usr/local/samba/private - Samba encrypted password file /usr/local/samba/swat - SWAT files /usr/local/samba/var - Samba log files, lock files, browse list info, shared memory files, process ID files

Samba Configuration The samba configuration files live in the /usr/local/samba/lib directory The main configuration Samba Configuration The samba configuration files live in the /usr/local/samba/lib directory The main configuration file is /usr/local/samba/lib/smb. conf This file can be edited through a text editor but it is much easier to use the Samba Web Administration Tool aka SWAT ! You need to configure your system before you can use swat

Configuring Your Red-Hat System for Swat Create a file named swat in the /etc/xinetd. Configuring Your Red-Hat System for Swat Create a file named swat in the /etc/xinetd. d directory This file should contain the following: service swat { port = 901 socket_type = stream wait = no user = root server = /usr/local/samba/bin/swat log_on_failure += USERID disable = no }

Configuring Your Red-Hat System for Swat (cont. ) Add the following line into the Configuring Your Red-Hat System for Swat (cont. ) Add the following line into the /etc/services file swat 901/tcp # SWAT It is a good idea to limit the use of SWAT to certain hosts…For Example: In /etc/hosts. deny: swat: ALL In /etc/hosts. allow: swat: LOCAL, 134. 198. 168. 128 Now You Are Ready To Use SWAT!

What is SWAT Basically it is a visual front-end to the smb. conf file What is SWAT Basically it is a visual front-end to the smb. conf file Following from above n n SWAT can be started by a browser through port 901 Any user may log into SWAT, but only root may edit the config Files Using SWAT n n n http: //lab 4. research. cs. uofs. edu: 901 Administrator login example User login example

Samba Resources http: //www. samba. org/ n You can download the latest package from Samba Resources http: //www. samba. org/ n You can download the latest package from here http: //www. oreilly. com/catalog/samba/chapte r/book/ n A free online version of the book “Using Samba” Link to smb RFC n n ftp: //ftp. isi. edu/in-notes/search. ietf. org/internetdrafts/draft-crhertel-smb-url-02. txt Author – Chris Hertel Chapter 26 of “Unix Administration Handbook”

Long Range Goals Put a router in my house to attach to the Internet Long Range Goals Put a router in my house to attach to the Internet and allow my home network to be a subnet of the department’s network. Add disk space to my router and make my home network equivalent to the research subnet with full access to the department network.