I wrote this simply because there wasn’t a howto on setting up a simple samba server to replace an old Windows file server. I just wanted to use groups to define share access instead of dealing with individual users. Here’s what I came up with.
For a little while I have been wanting to do a changeover. I liked the ease of use of our Windows server but not the reliability of it. Since I have used Ubuntu over the past few years, I’ve grown fond of it. I really wanted to move to a samba server due to the reliability of linux. My only issue was our Windows file server needed to be running Windows to host certain files. That situation changed this year due to a little restructuring.
So while working the other day I noticed something. Our old file server running Windows 2000 server was rebooting at random. A previous history of the server was this. The server was originally installed with a dual P2-400 and Windows NT4. This worked well for a few years but eventually we had issues with the server rebooting/locking without warning almost daily. After looking at it for a while, we decided that it was the operating system and we replaced it with Windows 2000 server. This seemed to fix the problem for a while so the server needed to reboot anywhere between once a week and once a month. That was a scheduled reboot and not a “oh crap the server is down” reboot. Pretty impressive at the time from what I remember.
This went on for a few years and I was happy with the situation. Then something happened and the server just started rebooting again more frequently or services would just fail requiring a reboot. I figured since nothing had really changed that I would replace the hardware this time around and that would fix it. I went for overkill and put in an Opteron with a huge amount of RAM, 400GB drives and really, compared to what it was replacing, it was awesome. All seemed well for quite some time.
Over the next few years I had to purchase a server for an unrelated project that actually never took off…more on that in a bit.
This brings us back to now. I found out from logs and people that the server was back to rebooting at random. This frustrated me since the server was set up to be a sound server. It wasn’t supposed to be rebooting and unreliable. I decided that this was it. I was done with Windows to provide something as simple as a file server. I decided to drag that old server (which happened to be newer than the Windows server) out and start messing with it.
First thing I did was download the ubuntu 9.04 x64 server cd and install it on the new machine. Nothing special here, a dual core Opteron with 1GB ram and a 200GB seagate SATA drive. I installed with the defaults and once I was up in my system I got to work.
First thing we need to do is load the gnome desktop:
$ sudo apt-get install ubuntu-desktop
Just load the defaults.
Once we reboot, the next thing was to change the network interface to static by doing the following:
I needed to edit the interfaces file to show the correct data. Here we assume your local network is with 192.168.1.xxx and you want the server to have an ip of 192.168.1.100 and the gateway 192.168.1.254. Change accordingly. Open your terminal and type:
$ sudo gedit /etc/network/interfaces
Comment out where it talks about your interface, in this case eth0 and insert the following in its place:
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
gateway 192.168.0.1
Restart your networking to have the changes take effect…
$ sudo /etc/init.d/networking restart
Access your sources.list file to have the server search all files:
$ sudo gedit /etc/apt/sources.list
Delete any “#” in the file to allow all repositories. Save the file and run:
$ sudo apt-get update
Now to make our lives easier, we need to install webmin.
Open firefox to http://sourceforge.net/projects/webadmin/files/webmin/1.490/webmin_1.490_all.deb/download and download the file. Open and install using the debian package installer. Once finished open your browser to https://localhost:10000 or from remote by using the ip address (in our case above, https://192.168.1.100:10000)
Username/password to login is what you used when setting up the system.
In my case I needed more than a 200GB file system since the old server was running dangerously low on space with a 350GB partition on the 400GB drives. I shut the server down and installed 3 Hitachi 1TB SATA drives and once I booted back up, executed the following:
$ sudo apt-get install mdadm
This installed the program to configure linux to handle my raid 5 configuration of the 3 drives. This step isn’t needed if you aren’t going to setup a server using RAID.
Now going back into webmin, I can configure them. Open the hardware section and choose linux RAID(sometimes in the unused section). We are going to choose “create linux raid device of level: Raid 5″. The next screen will ask you what hard drives to use. Don’t bother formatting them. It didn’t work in my case. Once the drive /dev/md0 has been created, you can go up to “system – disk and network filesystems” and tell it to create a new mounting point for your newly created drive. Choose “add mount” with type of “ext3″. The next area should be self explanatory. I chose to name my mount point /ntshare since I was sharing to my old NT network. I will refer to that from here on out as my share point.
Once everything seemed to be working and set to remount at boot we can move on. Next step is to install smb.
$ sudo apt-get install smb
The config of smb for a simple setup was really easy but I had a real issue trying to find documentation to recreate the ease of using Windows groups to configure shares. I didn’t want to specify each user a directory they could/couldn’t access. I just wanted them to have a user account and put them in a group. Then the groups have the settings needed to grant or limit access to files/folders.
Go back into webmin and click on Servers. You should have a “Samba Windows File Sharing” link now. Under that you will have all sorts of buttons. First off we want to scroll down to tell it to migrate users and groups from linux. Click the Configure automatic linux to samba user/group icons and just choose the defaults.
I wanted to have my new system act as a wins server (netbios names on the network). Once you’re back to the main Samba page, click “Windows Networking“. Input your workgroup name and click “be a wins server“. Now in order for this to work, your DHCP server will have to be told the IP address of the server for it to work so keep that in mind.
Now let’s setup some users for our server. I went to the nav link of “System” and clicked “Users and Groups“. Here I started setting up my users and creating the appropriate groups. I made a group of “everyone” that all users were a part of and then individual groups for accounting, graphics, etc. I added each user to their group and then added the secondary groups everyone and whatever else needed to be added.
Now we want to go back to our Samba Windows File Sharing link in webmin. We are going to start creating shares. First thing we will do is setup file share defaults. We want to make sure that users have access to files and anyone who shouldn’t won’t. Click file share defaults, then File permission defaults. Change all file permissions to 770. This will allow the appropriate users/groups to view and execute the files accordingly. Each group can be customized to do things differently on the actual shares, but we want to setup the defaults first. Click save and return to share list.
Accounting -
Let’s create a share now. Click “create a new file share” and name the share. We will name it Accounting. Share folder is /ntshare/Accounting. Create with defaults but use file permission 770 and group accounting. Click create. Once it’s been created, click on “Accounting” on the page and choose “Security and Access Control“. Under the “Read/Write” groups, add your accounting group. Save. Now your users in group Accounting should be able to browse and view the Accounting folder on the network. All other users will not be able to read, write or execute anything from the Accounting folder.
Graphics -
My second example is created very similar to the first. This time I want to give everyone access to view the files, but have only my graphics department do any changes to the files. This way they can feel safe about sharing live files to the network without someone deleting their work. So, same steps as above but this time we are going to put graphics in as the group and then under Security and Access Control we will add graphics to Read/Write and add group “everyone” to Read only group. So now everyone on the system can view the shared folder “Graphics” but only users assigned to the graphics group can change the files.
Any new users can now simply be added to the appropriate group. You won’t have to go through the agony of adding each user to a specific share whenever someone new comes along.
If you have any issues connecting, most of the time it will tell the user from their machine the error…like “invalid group” or “no file permissions”. Additional information can be retrieved under /var/log/samba and each machine connecting to the share will create its own log file. I had issues at the beginning that wound up only being an issue with file permissions. Check that first with a ls -al in the /ntshare directory.
