ComputerSecurityStudent (CSS) [Login] [Join Now]




|UNIX >> Ubuntu >> Ubuntu 12.04 Desktop >> Current Page |Views: 20179

(Ubuntu: Lesson 15)

{ Installing and Configuring Samba }


Section 0. Background Information
  1. What is Samba
    • The name Samba comes from SMB (Server Message Block), the name of the standard protocol used by the Microsoft Windows network file system. SMB is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers.

    • Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain Controller (PDC) or as a domain member.

    • It can also be part of an Active Directory domain.

    • Samba runs on most Unix and Unix-like systems, such as GNU/Linux, Solaris, AIX and the BSD variants, including Apple's Mac OS X Server (which was added to the Mac OS X client in version 10.2).
     
  2. Prerequisite
  3. Lab Notes
    • In this lab we will how to do the following:
      1. We will install Samba on Ubuntu.
      2. We will configure Samba to only allow a specific user to access the Samba Share.

  4. Legal Disclaimer
    • As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
    • In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
    • In addition, this is a teaching website that does not condone malicious behavior of any kind.
    • You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
    • © 2012 No content replication of any kind is allowed without express written permission.

 

Section 1: Start Ubuntu 12.04
  1. Start VMware Player
    • Instructions
      1. For Windows 7
        1. Click Start Button
        2. Search for "vmware player"
        3. Click VMware Player
      2. For Windows XP
        • Starts --> Programs --> VMware Player

     

  2. Verify Virtual Machine Settings.
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Edit virtual machine settings

     

  3. Configure Network Adapter
    • Instructions
      1. Click on Network Adapter
      2. Click on the Bridged Radio Button
      3. Click on the Close Button

     

  4. Start the Ubuntu 12.04 VM
    • Instructions
      1. Click on Ubuntu 12.04
      2. Click on Play virtual machine

 

Section 2: Login to Ubuntu
  1. Change to Gnome Classic
    • Instructions:
      1. Click on the Circle

     

  2. Select Gnome Classic
    • Instructions:
      1. Double Click on GNOME Classic

     

  3. Login to Server
    • Instructions
      1. User: Student
      2. Password: Please supply the student password.

 

Section 3: Become Root and Verify Network Connection
  1. Start up a Terminal
    • Instructions
      1. Click on the Terminal

     

  2. Become Root
    • Instructions
      1. sudo su -
      2. Supply the student password.

     

  3. Verify you have a network connection
    • Instructions
      1. ifconfig -a
        • eth0 is the name of my interface.
        • 192.168.1.104 is my network IP address.
    • Note(FYI):
      • If you do not have an DHCP IP Address try the following:
        • dhclient
          • OR
        • /etc/init.d/networking restart

 

Section 3: Update apt-get's package index
  1. Update apt-get's package index
    • Instructions
      1. apt-get update
    • Note(FYI):
      • update is used to resynchronize the package index files from their sources. I.e., The "update" flag updates apt-get's local database with debian server's pkglist files. The indexes of available packages are fetched from the location(s) specified in /etc/apt/sources.list.

 

Section 4: Search for Samba
  1. Search for Samba
    • Instructions
      1. apt-cache search samba | more
        • apt-cache search samba
          • Shows you every package that contains the name samba.
        • | more
          • Allows you see the results line by line by pressing <Enter>, or page by page by pressing the <Space Bar>.
    • Note(FYI):
      • apt-cache is a command to manipulate and obtain information from the ubuntu packages.

     

Section 5: Install Samba
  1. Install Samba
    • Instructions
      1. apt-get install samba4 samba4-clients samba4-common-bin system-config-samba
      2. Do you want to continue [Y/n]? Y

     

  2. Verify Packages Are Installed
    • Instructions
      1. dpkg --get-selections | grep -i samba
    • Note(FYI):
      • dpkg - package manager for Debian
      • --get-selections - Displays all the packages install on the system.
      • | grep -i samba - prints lines only displaying the string samba, while ignoring the case (-i).

     

  3. View Samba configuration files
    • Instructions
      1. cd /etc/samba
      2. ls -lrta
    • Note(FYI):
      1. smb.conf
        • This is the Samba configuration file.

 

Section 6: Startup Script for Samba
  1. Startup Script for Samba
    • Instructions
      1. ls -l /etc/init.d/samba4
        • As part of the Samba installation, the samba startup script is placed in /etc/init.d/samba4.
      2. find /etc/rc*.d/* -print | xargs ls -l | grep samba
        • Notice there are no startup script present.
      3. update-rc.d samba4 defaults
        • The update-rc.d command is used to create startup, enable, kill, and remove scripts for services listed in the /etc/init.d.
        • If defaults is used then update-rc.d will make links to start the service in runlevels 2345 and to stop the service in runlevels 016. By default all the links will have sequence number 20
      4. find /etc/rc*.d/* -print | xargs ls -l | grep samba
        • Now the startup and kill scripts are present.
      5. runlevel
        • Identifies the current run level.
          • 0 System Halt
          • 1 Single user
          • 2 Full multi-user mode (Default)
          • 3-5 Same as 2
          • 6 System Reboot

     

  2. Stopping and Starting Samba with /etc/init.d/samba4
    • Instructions
      1. cd /etc/init.d
      2. ./samba4 stop
      3. ps -eaf | grep -v grep | grep samba | wc -l
        • Notice, that 0 is returned, because samba is not running.
      4. ./samba4 start
      5. ps -eaf | grep -v grep | grep samba
        • Now two lines are returned, because samba is running.
      6. ps -eaf | grep -v grep | grep samba | wc -l

     

  3. Stopping and Starting Samba with the "service" command
    • Instructions
      1. service samba4 status
        • Notice the Samba startup script does not have a status option.
      2. service samba4 stop
        • This command will stop the samba daemon.
      3. ps -eaf | grep -v grep | grep samba | wc -l
        • wc -l, returns 0 for the number of samba processes returned.
      4. service samba4 start
        • This will start the samba daemon/service.
      5. ps -eaf | grep -v grep | grep samba | wc -l

 

Section 7: Create a Samba User
  1. Create a samba UNIX user account called sambauser.
    • Note(FYI):
      • Your must be root.
    • Instructions:
      1. useradd -m -d /home/sambauser -c "Samba User" -s /bin/bash sambauser
      2. grep sambauser /etc/passwd
      3. passwd sambauser
        • Remember your password rules you created in Lab 6.
          • At least 8 characters
          • Both Uppercase and Lowercase
          • At least 1 number character
          • At least 1 special character

 

Section 8: Configure Samba
  1. Start Up the Samba GUI.
    • Instructions:
      1. Applications --> System Tools --> Administration --> Samba

     

  2. Start Up the Samba GUI.
    • Instructions:
      1. Applications

     

  3. Configure Workgroup Name
    • Instructions:
      1. Preferences --> Server Settings

     

  4. Name the Workgroup
    • Instructions:
      1. Click the "Basic" tab
      2. Place "area51" in the Workgroup: text box.
      3. Click on the Security Tab
    • Note(FYI):
      • How to set these directives in the /etc/samba/smb.conf file.
        1. The samba configuration file is located at /etc/samba/smb.conf
        2. If you don't have access to this GUI, then you can set the workgroup directive to
          • workgroup = area51

     

  5. Security Workgroup Configuration
    • Instructions:
      1. Select the Security Tab
      2. Authentication Mode: User
      3. Encrypt Passwords: Yes
      4. Guest Account: No guest Account
      5. Click on OK.
    • Note(FYI):
      • How to set these directives in the /etc/samba/smb.conf file.
        1. encrypt passwords = yes
        2. guest account = no

     

  6. Security Workgroup Configuration
    • Instructions:
      1. Click Preferences
      2. Click Samba Users...

     

  7. Delete Samba User Nobody
    • Instructions:
      1. Select User "nobody"
      2. Click on the Delete User Button

     

  8. Delete Samba User student
    • Instructions:
      1. Select User "student"
      2. Click on the Delete User Button

     

  9. Add a Samba User
    • Instructions:
      1. Click the Add User Button

     

  10. Create New Samba User
    • Instructions:
      1. Unix Username: Select sambauser
      2. Windows Username: administrator
      3. Samba Password:
        • Does not have to be the same as the Unix sambauser password.
      4. Confirm Samba Password:
      5. Click the OK Button

     

  11. Samba Users
    • Note(FYI):
      • You should now see the sambauser
    • Instructions:
      1. Verify the sambauser was created
      2. Click the OK button

     

  12. Add a Samba Share
    • Instructions:
      1. File --> Add Share

     

  13. Create Samba Share
    • Instructions:
      1. Click the Basic Tab
      2. Directory: /tmp
      3. Share name: tmp
      4. Description: Samba tmp share
      5. Check the Writable Check Box
      6. Check the Visible Check Box
      7. Click the Access Tab
    • Note(FYI):
      • Do not click the OK button

     

  14. Give Access to the sambauser username
    • Instructions:
      1. Select the Access Tab
      2. Check the Only allow access to specific users radio button
      3. Check the sambauser check box
      4. Click OK

     

  15. Viewing your samba share
    • Note(FYI):
      1. After you completed the above step, you should see the below tmp share name.

 

Section 9: Configure Damn Vulnerable WXP SP2 Virtual Machine Settings
  1. Start VMware Player
    • Instructions
      1. Click the Start Button
      2. Search for vmware player
      3. Click VMware Player

     

  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Edit Virtual Machine Settings
    • Note:
      • Before beginning a lesson it is necessary to check the following VM settings.
     
  3. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button "Bridged: Connected directly to the physical network".
      3. Click the OK Button

 

Section 10: Login to Damn Vulnerable WXP SP2
  1. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine
     
  2. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Click on Administrator
      2. Password: Supply Password
        •  (See Note)
      3. Press <Enter> or Click the Arrow

 

Section 11: Connect Windows to Samba
  1. Open the Command Prompt
    • Instructions:
      1. Click the Start Button
      2. All Programs --> Accessories --> Command Prompt
     
  2. Determine IP Address
    • Instructions:
      1. ipconfig
        • In my case, my IP address is 192.168.1.116.

     

  3. Open My Computer
    • Instructions:
      1. Start --> My Computer

     

  4. Provide Samba Server's IP Address
    • Instructions:
      1. \\192.168.1.104
        • Replace 192.168.1.104 with your Ubuntu IP address obtained from (Section 3, Step 3).
      2. Press <Enter>

     

  5. Provide Samba Credentials
    • Instructions:
      1. Double Click on the tmp folder
      2. User name: sambauser
      3. Password: This is password you created in (Section 8, Step 10)
      4. Click the OK Button

     

  6. Views Samba Share
    • Note(FYI):
      1. Now from Windows you are connected to Ubuntu's Samba Share.

     

  7. Create Directory
    • Instructions:
      1. File --> Folder

     

  8. Name Directory
    • Instructions:
      1. Name is "practice"
    • Note(FYI):
      • You not only have the ability to create directories but you can also save files as well.

 

Section 12: Samba Network Connection
  1. Name Directory
    • Instructions:
      1. netstat -naop | egrep '(:139|:445|:137|:138)'
        • Port 137/UDP - used by nmbd
        • Port 138/UDP - used by nmbd
        • Port 139/TCP - used by smbd
        • Port 445/TCP - used by smbd
    • Note(FYI):
      • Notice the ESTABLISHED TCP/445 connection between the Ubuntu Samba Server (192.168.1.104) and the Windows machine (192.168.1.105).
      • Samba services are implemented as two daemons:
        1. smbd, which provides the file and printer sharing services, and
        2. nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.  

 

Section 13: Samba Log Directory
  1. Samba Log Directory
    • Instructions:
      1. cd /var/log/samba/
      2. ls -lrta
    • Note(FYI):
      • Notice that Samba creates a log for each IP Address and each machine name.

 

Section 14: Samba Configuration Files
  1. Samba Configuration Files
    • Instructions:
      1. cd /etc/samba/
      2. ls -lrta
    • Note(FYI):
      • smb.conf, is the Samba configuration file.
      • smbusers, contains a list of Samba users.

     

  2. View our Samba Share
    • Instructions:
      1. cd /etc/samba/
      2. grep -n "\[tmp\]" smb.conf
        • In my case, 342 is the line number where the [tmp] share directive starts.
        • This directive has 6 lines, so 342 plus 6 is 348.
      3. sed -n 342,348p smb.conf
        • In my case, 342 is the line that [tmp] begins and 348 is where the directive ends.  (See above calculation).

     

  3. View Valid Samba Users
    • Instructions:
      1. cd /etc/samba/
      2. grep -n "valid users" smb.conf

     

Section 15: Proof of Lab
  1. Proof of Lab
    • Note(FYI):
      • Issue the below commands from the Ubuntu Terminal.
    • Instructions:
      1. netstat -naop | egrep '(:445)'
      2. ls -ld /tmp/practice/
      3. date
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions
      1. Press both the <Ctrl> and <Alt> keys at the same time.
      2. Do a <PrtScn>
      3. Paste into a word document
      4. Upload to Moodle

 



Help ComputerSecurityStudent
pay for continued research,
resources & bandwidth