Overview - classes.ischool.syr.educlasses.ischool.syr.edu/ist346/Content/04/IST346-L04-Se… · Web viewfrom the linux terminal window and record the IP address of your ... to advance

IST346: Lab Last Update: 2/11/2010 9:43 PM

L04 SERVERS

OVERVIEW

This lab will help you understand the management issues associated with servers and server operating systems. You will learn how to issue commands to administer a key service on the Windows and Linux operating systems. Since we will be diving into services in great depth throughout the semester, this particular lab will focus on the essentials of how server operating systems use and advertise services.

We will demonstrate how servers and services work by using the most common service used internally by companies and organizations – File sharing. File sharing services like Windows File Sharing (on Windows) and Samba (on Linux) allow users to store their work remotely. By storing the files remotely the data is more accessible, as users move from workstation to workstation, since the files are stored remotely it is easier to back them up and configure the storage to be fault-tolerant, both of which help prevent data loss.

LEARNING OBJECTIVES

Upon completion of this lab, you should be able to

Demonstrate and explain the user and group security models used by the server variants of Windows and Linux operating systems

Understand the basic steps required to setup and use file sharing services. Test the services being offered by the server operating systems using client connections.

LAB BREAKDOWN

This lab consists of 3 parts:

1. Setup the file sharing services Samba on centos Linux server.2. Setup the Windows networking file sharing service on Windows server 2008.3. On your own: Get the Vista1 virtual machine to talk to both remote file shares, in the same manner as the

winxp1 VM does.

Page 1


REQUIREMENTS

Before you start this lab you will need:

1. Your PSD (Portable Storage Device) connected to a lab computer, or a computer running VMware Server 1.09 / VMware Workstation 6.X.

2. These virtual machines, from the VM Garden, on your PSD:a. Win2008 (Windows Server 2008) – acting as a serverb. Centos5 (Centos Linux 5) – acting as a server c. Winxp1 (Windows XP) – acting as a workstationd. Vista1 (Windows vista) – acting as a workstation

3. Make sure the Win2008, Centos5, Vista1 and WinXP1 virtual machines, all use the VM Ware NAT interface.

4. Startup the Win2008, Centos5, vista1 and WinXP1 virtual machines:a. Logon to Win2008 as Administrator (the account with the most access on the Windows

platform)b. Logon to Centos5 as root (the account with the most access on a *nix platform)c. Logon to winxp1 and vista1 as user (a non-privileged account)d. Remember, in all cases, the password is SU2orange!

V IRTUAL MACHINE SETUP FOR LAB:

This diagram serves as a visual representation of how all the virtual machines used in the lab interact with each other and also communicate with the internet.

Vyatta

Winxp1

Internet

Centos5

Win2008

Workstations Servers

Vista1

Samba / Windows File

Sharing Services

VMWare NAT

Page 2


Winxp1 and Vista1 will be workstations. As workstations, they are consumers (users) of the File Sharing service.

Centos5 and Win2008 will be servers. In the server role, they are producers of the File Sharing Service. If things go to plan you should be able to use any workstation to access any of the files on either of the

two servers.

PART 1 – SETTING UP SAMBA ON L INUX

This section will introduce and demonstrate how to setup and then use the Samba file-sharing service on Linux. The Samba service is the Linux version of the Windows networking protocol. In this part we will set Samba up on your Centos5 virtual machine and then test the file sharing by reading and writing to the file share using the winxp1 virtual machine.

SETUP SAMBA ON CENTOS5

First, we will configure our Centos5 Linux server for file sharing. Execute each of the following commands from the terminal window (a.k.a. Bash shell prompt) logged in as the root user.

1.A INSTALLING THE SAMBA SOFTWARE PACKAGES

1. Install the samba software and utilities from the internet, type this into the terminal window:[root@localhost ~]# yum install samba* The yum command pulls down software from the internet and installs it into your Centos Linux system. You will be prompted to install a few samba-based packages, press Y to download and install them.

Page 3


2. When the process is complete, you should see a list of the packages that were installed and updated. You list should be similar to this:

1.B SETTING UP SECURITY AND ACCESS FOR THE FILE SHARE

At this point, Samba is installed, but has yet to be configured. Before we can configure Samba, we will need to setup a folder to share and the users and groups which have access to it. Enter these commands into the terminal window.

1 The user account we will use to access the share is user. Let’s verify this account already exists in the system, type:[root@localhost ~]# cat /etc/passwd | grep “user” This command displays the contents of the password database (where user accounts are stored in linux). Grep helps us filter that output to only the text in quotes. You should see a line like this in the output:user:x:500:500:User:/home/user:/bin/bash If you do, then you’re all set, if not then you will have to execute this command to create the user account and set its password: useradd user –p

2 Next we need to create a group for the file share. As a rule of thumb, it is a bad idea to assign a user rights to a resource. The better plan is to assign a user to a group (or role) and then assign that group to the resource. Why? Users come and go, but the access that a user needs, such as rights to a folder, printer, or website doesn’t change nearly as much over time. For example if people in the accounting department need to use the printer outside their office, I would assign the right to print to the accounting group, and then place the users in the group. This way when Bob is no longer in accounting, I only have to remove him from the accounting group, I don’t have to remember to revoke his access to the printer as well.Now that the tangent is over , let’s create the group linshare (short for linux share) Type:[root@localhost ~]# groupadd linshare

Page 4


You can verify the group was created by checking for linshare in the group file /etc/group, type:[root@localhost ~]# tail /etc/group(you should see linshare at the end of the group file)

3 Next we need to add our user “user” to our group “linshare” we do this with the usermod command, type:[root@localhost ~]# usermod –G linshare user And if you type tail /etc/group again you can see that user has been added to the end of the linshare line, meaning the account was added to the group.

4 Next, it’s time to make the folder on the file system we’d like to share out. In the Unix/Linux world, we put this type of stuff in the /var/ folder, type:[root@localhost ~]# mkdir /var/samba to make the samba folder then type: [root@localhost ~]# mkdir /var/samba/linshare to make the linshare folder inside the samba folder.

5 Since you are logged in as root, this is the user with rights to the folder (makes sense, actually). We want the linshare group to have full rights to the linshare folder (makes sense, too, when you think about it). So type:[root@localhost ~]# chgrp linshare /var/samba/linshare/ to change the group owner to the linshare group. Then type:[root@localhost ~]# chmod g+rwx /var/samba/linshare/ to give the group owner (linshare in this case) read, write, and execute access to the folder. To verify you did these two steps correctly get a long listing of the samba folder. This will display the security and group ownership of the folder. Type:ls –l /var/samba and you should see output like this (stuff in yellow represents what was changed by the previous two commands):

At this point you’re finally ready to configure samba! Finally!

1.C CONFIGURE THE FOLDER TO BE SHARED USING SAMBA

1 At the prompt, type the following to launch the Samba configuration tool.

Page 5


[root@localhost ~]# system-config-samba you should see the following window on your screen:

2 From the menu, select Preferences Samba Users Add User to add a new Samba User.3 From the Create New Samba User dialog, select user for the Unix Username, enter user for the samba user

name (yes, we want them to be the same) and enter SU2orange! For the password. Your completed dialog will look something like this:

4 Click Ok to save the Samba User. If you see user in the list of samba users, click Ok again to return to the main menu.

5 Next let’s add the samba share. From the menu, select File Add Share.

Page 6


6 On the basic, tab enter the path to our directory /var/samba/linshare name the share linshare and check both writable and visible.

7 Under the Access tab. Only allow access to the specific user user.

8 Click Ok when done, then Close out of the Samba Server Configuration Utility. You should be back at the terminal window command prompt.

9 The last step is to start the samba service. First let’s configure the service to start at boot time. This way each time we turn the centos5 virtual machine on, it will begin to serve up files. Type:[root@localhost ~]# chkconfig smb on

10 Next, let’s start up samba:[root@localhost ~]# service smb startNote: if you make any changes to the Samba configuration or permissions on the folders being shared, you will need to restart the Samba service. You can do this by typing: service smb restart

1.D PHEW! DONE! ALMOST….

Page 7


Lastly, you need to note the IP Address of your Centos5 server. We will use the IP Address to connect our workstations to the server. Normally this would be done using a naming service like DNS but we haven’t progressed that far in the course yet! Type ifconfig from the linux terminal window and record the IP address of your Centos5 virtual machine. It should be a number like 192.168.80.XXX

TEST YOUR SAMBA SERVER USING W INXP1

Now it is time to test your connection to the Centos5 Samba file share. Make sure you’ve logged in to your winxp1 virtual machine as user.

1.E CONNECT TO THE REMOTE F ILE SHARE

1 From the Desktop of your Winxp1 virtual machine. Click on start Run and type in \\192.168.80.XXX (where XXX is the IP number of your Centos5 virtual machine.)

and the click OK.2 After a few moments, you should be the linshare folder on the Centos5 computer!

3 Verify everything works by creating and saving a sample document in the folder: Double-click on linshare once the linshare folder opens, right-click in the white space and create a new wordpad document.

4 Rename the file as Test Wordpad document double-click on the document to open it and save some text inside, and then close the document.

1.F A LITTLE APRES-SKI: AT THE CENTOS5 V IRTUAL MACHINE

Let’s prove this is real remote file sharing. Flip back to your Centos5 virtual machine. Open up your terminal window and type:[root@localhost ~]# ls -l /var/samba/linshare/

Page 8


You should see the document you created!

QUESTIONS

1.1 What does the linux command yum do?1.2 What is samba?1.3 Why is it a better administrative practice to assign a group access to a resource rather than a user?1.4 What is the difference between the cat and tail commands?

PART 2 – SETUP F ILE SHARING ON W INDOWS

Next, we will setup the win2008 virtual machine as a file server in the same manner as we did on Linux. Since file sharing is native on Windows, the setup and configuration is a little more straightforward.

SETUP F ILE SHARING ON W INDOWS SERVER 2008

2.A INSTALLING FILE SERVICES ROLE

To install the File Services Role, from the win2008 virtual machine, logged in as Administrator, do the following:

1. Open the server manager utility. Click Start Administrative Tools Server Manager. The server manager utility is a one stop shop for configuring and administering services on Windows Server 2008.

Page 9


2. Next, let’s add the File Server role to this server. From Server Manager, click on Roles then Add Roles. The “Add Roles Wizard” will appear. Click on Server Roles. You should see this screen:

3. Select the File Services role, and click on Role Services on the left-hand side.

Page 10


4. From the Role Services screen select only File Server (screenshot below) and then click Next > to advance to the confirmation screen:

5. At the Confirmation screen, click the Install button to setup file services on this computer.

Page 11


6. When the process is complete you will see a Results dialog, showing your change is successful:

7. Click Close to dismiss the dialog. Congratulations, you’ve just installed file services role!

2.B SETTING UP SECURITY AND ACCESS FOR THE FILE SHARE

Just like in step 1.b you now have the service installed. It’s time to setup the security for the folder. For these next set of commands we will execute from the command line. So open up the Windows command prompt.

1 The user account we will use to access the share is user. Let’s verify this account already exists in the system, type:C:\users\Administrator> net user This command displays the contents of the user database on Windows. You should see the word User, like this in the output:

If you do, then you’re all set, if not then you will have to execute this command to create the user account and set its password: net user user * /add

2 Next we need to create a group for the file share. This time we will call the group winshare. Type:C:\users\Administrator> net localgroup winshare /add You can verify the group was created by checking for winshare with this command:C:\users\Administrator> net localgroup

Page 12


3 Next we need to add our user “user” to our group “winshare” we do this with the usermod command, type:C:\users\Administrator> net localgroup winshare user /addAnd if you type net localgroup winshare you can see that user has been added to the group.

4 Next, it’s time to make the folder on the file system we’d like to share out. Windows isn’t so picky where you place things, so let’s simple make a folder called shares and place winshare in that folder: C:\users\Administrator> mkdir c:\shares to make the share folder then type: C:\users\Administrator> mkdir c:\shares\winshare to make the winshare folder inside the share folder.

5 Since you are logged in as administrator, the security on the folder is designed to match this user. We would like to change the security so that the winshare group has full rights to the winshare folder. The easiet method of doing this is through the windows GUI. So, at the command prompt, type:C:\users\Administrator> start c:\shares to open a GUI shell folder for the winshare folder.

6 Right-Click on the winshare folder and choose Properties from the context menu, then select the Security tab.7 From the Security tab, click Edit to bring up the Permissions for winshare dialog.8 From this dialog click the add button and in the Select Users Or Groups dialog type winshare and click Ok. 9 You will now be back at the Permissions for winshare dialog. Click on the winshare group and select Full

Control from the permissions section. (see attached screenshot)

10 Once you’ve selected full control click Ok to close the Permissions for Winshare dialog. Then click Ok again to close the winshare Properties dialog.

2.C SHARE THE WINSHARE FOLDER

Page 13


Now it’s time to share out the winshare folder.

1 From the windows GUI, right click on the winshare folder and choose Share… This will open the file sharing dialog which should look like this:

2 Click on the Share button. When the Network discover and File Sharing dialog appears, click on Yes:

3 When the process is complete, click Done.

2.D RECORD THE IP ADDRESS OF THE W IN2008 SERVER

Again, you need to note the IP Address of your Win2008 server. We will use the IP Address to connect our workstations to the server. Type ipconfig from the command prompt window and record the IP address of your virtual machine. It should be a number like 192.168.80.XXX

TEST YOUR W INDOWS F ILE SHARING USING W INXP1

Now it is time to test your connection to the Win2008 file share. Make sure you’ve logged in to your winxp1 virtual machine as user.

Page 14


2.E CONNECT TO THE REMOTE F ILE SHARE

1 From the Desktop of your Winxp1 virtual machine. Click on start Run and type in \\192.168.80.XXX (where XXX is the IP number of your Win2008 virtual machine.)

2 After a few moments, you should be the linshare folder on the Centos5 computer!

3 Verify everything works by creating and saving a sample document in the folder: Double-click on winshare once the winshare folder opens, right-click in the white space and create a new wordpad document.

4 Rename the file as Test Wordpad document double-click on the document to open it and save some text inside, and then close the document.

2.F APRES-SKI REDUX: AT THE W IN2008 V IRTUAL MACHINE

Let’s prove this is real remote file sharing one more time. Flip back to your Win2008 virtual machine. Open up the winshare folder. You should see:

QUESTIONS

2.1 What command displays the members of a group, such (as the winshare group) in windows?2.2 What command creates a new user account in Windows?2.3 What is the command to make a folder from the windows command line?2.4 Why do you need to know the IP address of the Windows 2008 server before you can connect to it?

PART 3 ON YOUR OWN

Se if you can apply what you learned to try to get your vista1 workstation to connect to the remote file shares linshare and winshare, similar to the way you got it working on winxp1.

Page 15


QUESTIONS

3.1When you connect to linshare (or winshare) from vista1 do you see the same files as you do on winxp1? Why or why not?

3.2 In your opinion, which server was easier to configure why? Linux or Windows?

3.3 Do you see any challenges to rolling out a service like this one en masse (to everyone in an organization)?

3.4 What parts of this lab did you have the most difficulty with completing and why?

3.5 Do you have suggestions for improvements based on your answer to question 3.4?

REMINDER: BE SURE TO POWER OFF ALL OF YOUR VIRTUAL MACHINES PRIOR TO DISCONNECTING YOUR PORTABLE HARD DISK.

Page 16

Documents

Overview - classes.ischool.syr.educlasses.ischool.syr.edu/ist346/Content/04/IST346-L04-Se… · Web viewfrom the linux terminal window and record the IP address of your ... to advance