:: TechBlog ::

Goal:
Minimal FC12 Samba install with low RAM usage, high security, and least amount of configuration.

Why?
Quickly turn an older machine into a modern Fedora Core 12 file server compatible with linux and windows clients. Less software installed means less setup, less maintenance, less updates, and less chance of human error somewhere along the way. The theory here is, the system starts out relatively secure and (if kept up-to-date) should remains so over time.

Side Note:
There are definitely many other ways to go about setting up a Samba server, much of which depends on your networking environment and overall requirements / constraints. This article is meant more as a guide – my notes which describe the method i happen to use – so that if i have to, i can do it all again.

Assumptions:
- Comfortable with install and use of Fedora Core Linux OS (command line)
- Basic understanding of networking concepts (setting up a static IP)
- Some experience with editing the smb.conf file

Features:
- No GUI / Desktop Environment
- Low RAM usage: boots up @ ~80MB with smbd and nmbd running
- SELinux and iptables firewall enabled / configured for use with Samba
- Samba Security level = User

System Resources:
CPU: AMD @ 700MHz
RAM: 192MB

Steps Involved:

1. Download and burn the Fedora-12-i386-DVD.iso file to dvd
2. Boot from the disc and go through install process (with less that 200MB RAM it defaults to text mode install – you can also force a text mode install at the boot: prompt by typing: linux text)
3. Once install is completed and system is rebooted, login as root
4. Check that networking is up
   - type:

   ifconfig

   (see if you have an IP address)
   - type:

   dhclient eth0

   (to use dhcp for now)

5. Bring the system up to date
   - type:

   yum check-update

   (to check for updates first)
   - type:

   yum update

   (say “yes” to install the updates)

- type:

yum list installed

(to see a list of all installed packages)

6. Check to see what package “groups” got installed by default
   - type:

   yum grouplist > grouplist.txt

   - type:

   cat grouplist.txt | more

7. Remove any unwanted package groups
   - type:

   yum groupremove "Mail Server"

8. Add the Samba package group
   - type:

   yum groupinstall "Windows File Server"

9. Configure Samba by editing /etc/samba/smb.conf
   - Note, for Vista support (in the Global section) add:

   client NTLMv2 auth = yes

   - Note, to hide unreadable files like /lost+found/ (in the Global section) add:

   hide unreadable = yes

   - type:

   testparm

   (confirm output has no errors in it)

10. Deal with SELinux security policies (see default smb.conf file for details)
    - type:

    setsebool -P samba_domain_controller on

    - type:

    setsebool -P samba_enable_home_dirs on

    - type:

    chcon -t samba_share_t /path-to-mounted-directories

    (remember to mount any/all directories first)
    - type:

    ls -ldZ /path-to-mounted-directories

    (to confirm it worked)
    - Note, for existing shares, to make sure this affects all files and folders recursively add:

    chcon -R -t samba_share_t /path-to-existing-mounted-directories

    - Note: to completely disable SELinux protection for smbd daemon (not recommended) type:

    setsebool -P smbd_disable_trans 1

    - Note: you can temporarily disable SELinux by putting it into permissive mode – type:

    getenforce

    to find out whether SELinux is in permissive [0], enforcing [1], or disabled [2] mode.
    - Note: to put SELinux into permissive mode (for testing purposes but not recommended) type:

    setenforce 0

11. Add samba users
    - type:

    useradd john

    - type:

    smbpasswd -a john

12. Configure the firewall to accept samba connections
    - type:

    system-config-firewall-tui

    (add an asterix next to the line: “Samba”)

13. Configure the network to use static IP/netmask/gateway/DNS info
    - type:

    system-config-network-tui

    - select: [Edit a Device Params] and remove the asterix from the line: “Use DHCP”. then, and add static info

14. Configure the network to use a static Hostname and DNS address (note: DNS settings may not be required)
    - type:

    system-config-network-tui

    - select: [Edit DNS configuration] then, and add static hostname and dns info

15. Get the network, smb, and nmb to start automatically next time you reboot
    - type:

    chkconfig --level 3 network on

    - type:

    chkconfig --level 3 smb on

    - type:

    chkconfig --level 3 nmb on

    - type:

    chkconfig --list network

    (or smb, or nmb to confirm it worked. you can also leave out the servicename to see a list of all services)

Reboot.
Use another computer to check that everything went well.