広告

検索

RSS RSSフィード

カレンダー

2018年12月
« 4月    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

カテゴリー

最新のコメント

リンク

NEC Express5800/S70FLでNAS構築計画その6

投稿者:yasu 更新日時:2009年11月12日 0時00分19秒
カテゴリCentOS, NAS, Samba
タグ

NAS構築の最後はsambaをインストールして別PCからアクセスできるようにします。

sambaをインストール

sambaをインストールします。

[root@nas ~]# yum install -y samba
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* addons: ftp.yz.yamagata-u.ac.jp
* base: ftp.yz.yamagata-u.ac.jp
* extras: ftp.yz.yamagata-u.ac.jp
* updates: centosm3.centos.org
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package samba.i386 0:3.0.33-3.15.el5_4 set to be updated
--> Processing Dependency: samba-common = 3.0.33-3.15.el5_4 for package: samba
--> Processing Dependency: perl(Convert::ASN1) for package: samba
--> Running transaction check
---> Package perl-Convert-ASN1.noarch 0:0.20-1.1 set to be updated
---> Package samba-common.i386 0:3.0.33-3.15.el5_4 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

==========================================================================================
Package Arch Version Repository Size
==========================================================================================
Installing:
samba i386 3.0.33-3.15.el5_4 updates 16 M
Installing for dependencies:
perl-Convert-ASN1 noarch 0.20-1.1 base 42 k
samba-common i386 3.0.33-3.15.el5_4 updates 8.7 M

Transaction Summary
==========================================================================================
Install 3 Package(s)
Update 0 Package(s)
Remove 0 Package(s)

Total download size: 25 M
Downloading Packages:
(1/3): perl-Convert-ASN1-0.20-1.1.noarch.rpm | 42 kB 00:00
(2/3): samba-common-3.0.33-3.15.el5_4.i386.rpm | 8.7 MB 00:45
(3/3): samba-3.0.33-3.15.el5_4.i386.rpm | 16 MB 01:16
------------------------------------------------------------------------------------------
Total 202 kB/s | 25 MB 02:06
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : perl-Convert-ASN1 1/3
Installing : samba-common 2/3
Installing : samba 3/3

Installed:
samba.i386 0:3.0.33-3.15.el5_4

Dependency Installed:
perl-Convert-ASN1.noarch 0:0.20-1.1 samba-common.i386 0:3.0.33-3.15.el5_4

Complete!

samba用アカウント作成

共有フォルダ(/nas)をアクセスする時に必要なユーザアカウントを作成します。
ここではcentosユーザで設定したいと思います。

[root@nas ~]# useradd centos
[root@nas ~]# passwd centos
Changing password for user centos.
New UNIX password:centosユーザの新しいパスワードを入力
Retype new UNIX password:centosユーザの新しいパスワードを再度入力
passwd: all authentication tokens updated successfully.
[root@nas ~]# chown nobody:nobody /nas

[root@nas ~]# pdbedit -a centos
tdbsam_open: Converting version 0 database to version 3.
new password:centosユーザの新しいパスワードを応答
retype new password:centosユーザの新しいパスワードを応答
account_policy_get: tdb_fetch_uint32 failed for field 1 (min password length), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 2 (password history), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 3 (user must logon to change password), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 6 (lockout duration), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 7 (reset count minutes), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 8 (bad lockout attempt), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 9 (disconnect time), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 10 (refuse machine password change), returning 0
Unix username: centos
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1433615177-2473378645-353930312-1000
Primary Group SID: S-1-5-21-1433615177-2473378645-353930312-513
Full Name:
Home Directory: \\nas\centos
HomeDir Drive:
Logon Script:
Profile Path: \\nas\centos\profile
Domain: nas
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: 月, 09 11月 2009 15:13:11 JST
Password can change: 月, 09 11月 2009 15:13:11 JST
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

samba設定ファイル修正

sambaの設定ファイルを設定します。

]
[root@nas ~]# vi /etc/samba/smb.conf
[global]

# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
unix charset = UTF-8
dos charset = CP932
display charset = UTF-8

create mask = 0777
force create mode = 0777
security mask = 0777
force security mode = 0777

directory mask = 0777
force directory mode = 0777
directory security mask = 0777
force directory security mode = 0777

fource user = nobody

Windowsのワークグループ名であるWORKGROUPを指定します
workgroup = MYGROUP

workgroup = WORKGROUP
server string = Samba Server Version %v

; netbios name = MYSERVER

; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
先頭の;を削除してコメントを解除し、ローカルエリア内のIPアドレスからのアクセスのみ許可します
; hosts allow = 127. 192.168.12. 192.168.13.

hosts allow = 127. 192.168.0. 192.168.11.

# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option

プリンタの共有をしない場合はload printersの設定をnoに変更する
load printers = yes

load printers = no

#============================ Share Definitions ==============================

# A publicly accessible directory, but read only, except for people in
# the "staff" group
ゴミ箱機能を有効にする為に以下のように変更する
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff

[public]
comment = nas
path = /nas
public = yes
writable = yes
printable = no
write list = +staff
only guest = yes
vfs objects = recycle
recycle:repository = .recycle
recycle:keeptree = no
recycle:versions = yes
recycle:touch = no
recycle:maxsize = 0
recycle:exclude = *.tmp ~$*

sambaサービス起動

sambaのサービスを起動します。
またシステム起動時にsambaのサービスを自動起動するよう設定します。

[root@nas ~]# /etc/rc.d/init.d/smb start
SMB サービスを起動中: [ OK ]
NMB サービスを起動中: [ OK ]
[root@nas ~]# chkconfig smb on
[root@nas ~]# chkconfig --list smb
smb 0:off 1:off 2:on 3:on 4:on 5:on 6:off

SELinux設定変更

自宅のnasは内部からのアクセスしか許していませんので、SELinuxを無効にします。
※というか、SELinuxが有効だと設定した共有ディレクトリにアクセスできませんでした

SELinuxの状態を確認します
[root@nas ~]# getenforce
Enforcing

SELinuxが有効(Enforcing)になっているので無効にします
[root@nas ~]# setenforce 0
[root@nas ~]# getenforce
Permissive

SELinuxが無効(Permissive)になりました

システム起動時にSELinuxが有効になってしまうので、設定を変更して無効になるようにします
[root@nas ~]# vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
先頭に#をつけてコメントにします
SELINUX=enforcing

#SELINUX=enforcing
追加します
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

[Esc]ボタンを押下したら、[:]ボタン、[w]ボタン、[q]ボタンを順に押下してvi /etc/sysconfig/selinuxファイルを保存、viエディタを終了します

ファイヤーウォールの設定

NetBIOS関連のポートを開きます。

[root@nas ~]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

[Esc]ボタンを押下したら、[:]ボタン、[w]ボタン、[q]ボタンを順に押下してvi /etc/sysconfig/selinuxファイルを保存、viエディタを終了します

[root@nas ~]# /etc/rc.d/init.d/iptables restart
ファイアウォールルールを適用中: [ OK ]
チェインポリシーを ACCEPT に設定中filter [ OK ]
iptables モジュールを取り外し中 [ OK ]
iptables ファイアウォールルールを適用中: [ OK ]
iptables モジュールを読み込み中ip_conntrack_netbios_ns [ OK ]