Samba Install from Source and allow anonymous access from Windows

2 Comments

I needed to have an anonymous share setup for access by some Windows workstations on a secure network. The key to this is “security = share” in the global config of the smb.conf file, because “security = user” always prompted for a windows password no matter what I did even if I added the user using smbpasswd -a. Hopefully this will get you up and running with samba in no time.

INSTALL FROM SOURCE
I installed Samba from source by doing the following:

#wget http://www.samba.org/samba/ftp/samba-latest.tar.gz
#tar xvzf samba-latest.tar.gz
#cd samba-3.5.7 (or whatever version is the latest)
#cd source3
# ./configure –with-smbmount –with-ads –with-ldap

(if you get configure: error: ldap.h is needed for LDAP support
You need the openldap-devel package for ldap.h (yum –y install openldap-devel)

#make install

This creates directories in /usr/local/samba

To start Samba
/usr/local/samba/sbin/smbd –D
/usr/local/samba/sbin/nmbd –D

It installs all the files in /usr/local/samba by default.
The smb.conf needs to be in /usr/local/samba/lib.
Other files like smbclient and smbstatus are in the bin directory.

To start it automatically at startup edit the /etc/rc.d/rc.local file and enter the following at the end:
echo “Starting smbd…”
/usr/local/samba/sbin/smbd -D
echo “Starting nmbd…”
/usr/local/samba/sbin/nmbd -D

Here’s a simple smb.conf I have setup for sharing the /tmp directory. I grabbed part of it from an example in the untarred and unzipped directory I created above after downloading samba from samba.org. Just do a “find /root -name smb.conf*” to find example samba config files and copy it over to the /usr/local/samba/lib directory and modify it to suit your needs.

[global]
workgroup = SAMBA
security = share
debug level = 5

[cd1]
path = /mnt/cd1
public = yes

[cd2]
path = /mnt/cd2
public = yes

[media]
path = /media
public = yes

[tmp]
path = /tmp
guest only = yes
public = yes
read only = no

A good resource is here.

I also was having a problem connecting at first to the share from linux and windows. This was because of SELINUX. You need to allow smb if you have this installed. I have a writeup on this here:

You should look into setting up domain security or something more secure than share security, for this writing, if you needed something quick and dirty this should work.

Another thing you may need to do is to enable samba in your IPTables if your firewall is blocking ports 137-139. Here’s the entries in my iptables (/etc/sysconfig/iptables)to allow this.

-A INPUT -m state –state NEW -m udp -p udp –dport 137 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 138 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 139 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 445 -j ACCEPT

Hope this helps someone out.

Samba SELinux NT_STATUS_BAD_NETWORK_NAME

2 Comments

When configuring a Samba server on a linux box, anytime that I tried to connect via an smbclient, i would get the following error

tree connect failed: NT_STATUS_BAD_NETWORK_NAME

further looking at /var/log/messages revealed that this was being caused by SELinux
setroubleshoot: SELinux is preventing /usr/sbin/smbd “name_connect” access on . For complete SELinux messages. run sealert -l 97453258-27dd-4980-a295-efb825ce95ca

To get around this I ran the following command to configure SELinux to allow Samba connections.

This lists available Samba options
# getsebool -a |grep samba
samba_create_home_dirs –> on
samba_domain_controller –> off
samba_enable_home_dirs –> off
samba_export_all_ro –> off
samba_export_all_rw –> off
samba_run_unconfined –> off
samba_share_fusefs –> off
samba_share_nfs –> off
use_samba_home_dirs –> off
virt_use_samba –> off

To turn these on and off run a command like the following: The -P flag I believe allows this to survive a reboot
# setsebool -P samba_export_all_rw on

The above command allowed me to connect to this share and get rid of that error.

Ubuntu Grub2 default OS on dual-boot system

3 Comments

Just installed Ubuntu 10.10 on my laptop dual-booting with Windows.  I wanted it to default to windows and allow me to choose when to boot into linux.  It used to be that you can just go to /boot/grub/menu.lst and edit the entry there.  With grub2 there are different files that you have to edit.

UPDATE 01/12/12:  The method below works fine, but as you install updates there will be new entries in the grub boot list and you will have to keep on modifying the GRUB_DEFAULT value to get it to boot into Windows.  A better way to accomplish this is to move Windows to the top of the list and leave the Grub Default at 0. A good tool to accomplish this is called Grub Customizer. Follow the instructions at this site and download the Grub Customizer app.  Once installed you can unselect items in your grub menu that you do not want to appear, and also click on the Windows entry (under “OS Prober” heading) and move it to the top of the list by clicking Ctl-U.  Since your Default is 0, and now Windows is at order number 0 in the Grub List it will default to that OS.  The only thing I’m not sure of, since I’ve installed all the updates already, is if an update will place the new list item on the top making you run this program again to place Windows at the top of the list.  Next update I install I will test this out and update this post. (I have tested it out on my system with no problems, but I take no responsibility if somehow your system gets screwed up)

To accomplish the same thing as editing menu.lst, first display your menu choices by running the following command:

$ cat boot/grub/grub.cfg|grep menuentry

which will give you a list like this:

menuentry ‘Ubuntu, with Linux 2.6.35-22-generic’ –class ubuntu –class gnu-linux –class gnu –class os {
menuentry ‘Ubuntu, with Linux 2.6.35-22-generic (recovery mode)’ –class ubuntu –class gnu-linux –class gnu –class os {
menuentry “Memory test (memtest86+)” {
menuentry “Memory test (memtest86+, serial console 115200)” {
menuentry “Windows 7 (loader) (on /dev/sda1)” {

The first entry above is “0”, so going by the menu above I would like to boot into “4” which is Microsoft windows. Go to /etc/default directory, and then edit the file “grub” with the command

$ sudo vi /etc/default/grub

# If you change this file, run ‘update-grub’ afterward to update
# /boot/grub/grub.cfg.

GRUB_DEFAULT=4
#GRUB_HIDDEN_TIMEOUT=0
GRUB_HIDDEN_TIMEOUT_QUIET=true
GRUB_TIMEOUT=10

After changing this file and rebooting multiple times and seeing no changes, I discovered (<cough> read the /etc/default/grub comments.. duh!!!) that you must now run the following command to update the grub.cfg file:

$sudo update-grub

that should be it. After running this command and rebooting it correctly defaulted to the 4th entry which was windows.

If you don’t know vi commands.  Just navigate down to the value you want to change and hit “r” and type “4” or whatever number you want to boot into by default.  Then when you’re done save it by typing the following “:wq”  That should do it. Or for a GUI editor use the command “$sudo gedit /etc/default/grub” for a wordpad/notepad type editor.

For more information on grub2 check here

To check what grub version you are running run. Anything equal to or above 1.96 is grub2

$grub-install -v

Sendmail Connection Refused

Leave a comment

After getting outgoing email to work on my linux box in order to email logs to myself (see  Sendmail1 , Sendmail2, Sendmail3 posts), i decided to try to get incoming email to the linux box to work. FYI This is not my main mail server, i basically use sendmail to send backup log files to other computers..

BTW here’s the OS for my box. it might be a slightly different config on other boxes:

#lsb_release -a

Distributor ID: RedHatEnterpriseES
Description:    Red Hat Enterprise Linux ES release 4 (Nahant Update 4)
Release:        4

I was getting the following error when trying to send an email

Oct 12 09:26:22 mylinuxbox sendmail[3959]: o9CDQM6f003957: to=, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120321, relay=mylinuxbox.mydomain.com. [192.168.1.3], dsn=4.0.0, stat=Deferred: Connection refused by mylinuxbox.mydomain.com.

To test locally I used the command:
/usr/sbin/sendmail root@mylinuxbox.mydomain.com

to test remotely i used the command and it was successful:
telnet mylinuxbox.mydomain.com 25

220 mylinuxbox.mydomain.com ESMTP Sendmail 8.13.1/8.13.1; Tue, 12 Oct 2010 10:30:40 -0400

After doing a little research on this i was able to get it to work, by going into the /etc/mail/sendmail.cf file and adding the line (in bold). This allowed sendmail to listen on its ethernet port (192.168.1.3) in addition to localhost :

# SMTP daemon options

O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
O DaemonPortOptions=Port=smtp,Addr=192.168.1.3, Name=MTA

I then restarted sendmail (#service sendmail restart), performed the test again and everything worked correctly locally, however when i try to connect from my computer on port 25 I would get a connection refused.
C:\Users\me>telnet 192.168.1.3 25
Connecting To 192.168.1.3…Could not open connection to the host, on port 25: Connect failed

However, I realized that if i tried from my my mail server I could connect with no problems. Then i figured out that i had Mcafee Antivirus on my computer, and sure enough it was blocking me from making remote telnet connections to 25. duh.

Sendmail Project Part III – Creating the Mail Through a Script

1 Comment

Now that I have Sendmail Started (Part I) and I can successfully send mail to my email address on the local network (Part II), I need to throw information in the email regarding my daily backup. I could use something like Mutt to email the whole backup file to myself, but the logs are 45MB, and that would add up over time, especially since I only need to see a few lines of the log file.

I first create a file called emailbkuplog.sh in /usr/local/sbin which will be the backup script. Then i change the permissions on this to 755 so it can properly be run. then i write the script:
#!/bin/sh
#Program to email backup logs to myself and cc them to whomever
ADDR1=mymailaddress@myemaildomain.com
ADDR2=myccmailaddress@myemailaddress.com
LOGDIR=/home/backup/logs
CURDIR=`pwd`
cd $LOGDIR
#grab last log
LASTLOG=`ls -t *log|head -1`
BUSTATUS=`grep Status= $LASTLOG`

echo `tail -6 LAST_Backup` | mail -s $BUSTATUS -c $ADDR2 $ADDR1
cd $CURDIR

I’ll explain the script above briefly. First i set up some variables to hold my email addresses, location of my backup log, and the current working directory so i can change back to it after the script is done. I then change the current directory to where my logs are. My logs are formatted like so when they are created:
04102010.log,
04112010.log, etc.
so i need a way to figure out which was the last log that was created. I do this by performing an ‘ls -t *.log’ which orders the directory by time, and I grab the first entry (most recent log) by piping it to ‘head -1’ Now that i have the name of the last log, i grab the line in it which gives me the backup status – this will be the subject of the email.

Now to create the email. The format and options that i’m using is like so:

mail -s “Hello” -c

The above alone will send an email with the subject “Hello” to the email address you specify, and CC it

Now I want to put some details into the body. You do this by piping information into the mail command like so.

echo “This is the message body” | mail -s “Hello” -c

My detail come by echoing the results of another file called LAST_Backup which contains more detailed backup information in the last 6 lines of the file, thus here’s my final command to send backup information as the subject, and more detailed info as the message body:

echo `tail -6 LAST_Backup` | mail -s $BUSTATUS -c $ADDR2 $ADDR1

Save the file, and then try to run it by typing it’s name in at a shell prompt.

if successful you will have an email in your inbox with the information you want. if not, you may want to check the mail log files in /var to see if there’s anything that indicates an error.

The last step is to place an entry in your cron file to get it to run on a regular basis. To bring up cron, enter the command “crontab -e” For my purposes, I need this to happen 6 days a week (we’re closed on sunday) Tuesday – Sunday at 7:00 AM. Here’s my entry to do that.

0 7 * * 2-7 /usr/local/sbin/emailbkuplog.sh > /dev/null 2>&1

If you want to understand that > /dev/null 2>&1, here’s a great article that explains what it means here

The above, emails me the status as the subject, and then fills me in on the details in the message body. It works great, and is an easy check on my phone when i’m away from the office as i don’t have ssh to the box, or open a 45mb attachment on my phone.

A few notes about this:

If you wanted to attach the file, there are several programs that will do this for you, just google them, but i don’t think the mail command alone will do this. One of them is using the mutt command, and another is uuencode. There’s plenty of information out there on this. Just google it.

I’ve found that the “echo” command doesn’t hold the format of the file that it echo’s, so if its 3 lines like
line 1
line 2
line 3
echo will output it like “line 1 line 2 line 3”
An alternate to this type of echo format is would be to format it with the “printf” command or so i have read, but it’s beyond what i’m willing to do right now. I wanted something quick and dirty and this did the job.

Hope this helps someone else. Ciao.

Sendmail project Part II – Getting Sendmail to Send Email to Local Email Server

1 Comment

So now that I have sendmail started (Sendmail1 ) everything should work, right? not yet. A little background first, I only need to send this email internally. I have an Exchange 2003 running GFI Mail Essentials 2010. So i first go into Exchange System Manager and into the SMTP Virtual Server and make sure my linux box ip address is allowed to relay. I then go into GFI ME and make sure that my Linux Box IP address is in the white list so nothing would block that server from sending.

I try to do a mail -s “Test” myemail@myemaildomain.com and check my inbox. It didn’t send. I run a ‘tail -f /var/maillog’ in another session to see what errors it’s throwing out there (-f will automatically update the end of the log so you don’t have to keep running the tail command) and then perform the test again. This time i’m getting a few different errors. The most notable is:

Sep 17 13:56:56 mylinuxbox sendmail[10836]: o8FLuXvL005391: to=, delay=1+20:00:21, xdelay=00:00:00, mailer=esmtp, pri=3991610, relay=mylinuxbox.mydomain.com. [192.168.1.3], dsn=4.0.0, stat=Deferred: Connection refused by mylinuxbox.myemaildomain.com.

The problem it seemed was that, even though i’m trying to send it to my exchange email server on my network, sendmail was trying to send the mail to itself. After doing a little searching and performing the following basic network command:

#nslookup
set type=mx
mydomain.com

I noticed a problem immediately. No MX record for my domain was popping up when performing the nslookup above. I then realized that the DNS server that my linux box uses in /etc/resolv.conf had no MX record in it. All my DNS MX records that the world needs to send email to this company are setup externally. Since my exchange server handles all of the internal mail, i never had a reason to set this up.

So the final solution was to place the mx record for myemaildomain.com in my DNS server that my linux box was using. It was then able to correctly find my email server internally. It was an easy solution but took a little while to figure out with the “connection refused” log entry.

Sep 21 10:19:01 mylinuxbox sendmail[26899]: o8LEJ1mX026899: to=myemail@myemaildomain.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30050, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (o8LEJ1g6026992 Message accepted for delivery)
Sep 21 10:19:01 mylinuxbox sendmail[27037]: o8LEJ1g6026992: to=, ctladdr= (0/0), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120309, relay=mymailserver.myemaildomain.com. [192.168.1.8], dsn=2.0.0, stat=Sent ( Queued mail for delivery)

Great, i got the email. Now let’s throw some info in the subject and message so i can get my backup info. Check out Sendmail3

Sendmail Project Part I – Sendmail Not Starting Problem

1 Comment

Recently, I finally reached the point where i was getting annoyed when checking backup logfiles by logging in via SSH. I would navigate to the directory, ‘tail’ the file to see if it was successful, and then log back out…tedious! I knew i could just create an email solution, but kept on putting it off. So I decided to create a script, and use sendmail to email me part of the log. Of course, with every IT project, whether big or small, speed bumps pop up that you need to get around. I figure I would share how i accomplished this in case it helps out anyone out there. Just as a warning, I dabble a lot in Linux, I wouldn’t call myself an expert per se, but I’m getting better everyday and can get around. I’ll post this in 3 or 4 parts so my

Bump 1. The first part, getting sendmail to start on my server.

Sendmail was already installed, however it wouldn’t start. I kept on getting the following error message in /var/maillog when trying to start it:

sendmail[1452]: NOQUEUE: SYSERR(root): /etc/mail/sendmail.
cf: line 588: fileclass: cannot open ‘/etc/mail/trusted-users’: World writable directory

After doing some research and working with a person from one of our software vendor’s we (ahem, he) decrypted this message as meaning that one of our directories permissions was too permissive, and sendmail did not like this. It turned out that someone (several people have handled this box over the years, including the software company as it houses an ERP system) changed the permissions on the /etc directory to 777, instead of 755, which as i understand it is the default for /etc. Once changed, sendmail started up with no problems. It must be a security feature and i’m glad that we found that because I would imagine its not a good thing to allow everyone delete/change access to your /etc directory, even though most of the users on this box do not login to this linux box directly.

Next part of the project is Sendmail2