samba

It’s been a while since I blogged about the installation of my eee-box – and my intention to use it as a server.

Of course, I did some basic installation in the meantime – and the box is now running perfectly.

So – here’s the final chapter in this two-part series, and a list of everything I did to get the box up and running:

Basic tools

The first thing I missed was my good old vim – easy:

sudo apt-get install vim

did the trick.

I then made sure that updates happen automatically – there’s a good page on that in the serverguide, and all I had to make sure was that mailx was installed. Logwatch is also an option – but only after a mailsystem is up and running (see below).

Web-Stuff

MySQL installation was pretty easy: I followed the server guide’s page on this, and then created also /etc/mysql/conf.d/charsets.cnf (Download here) – this helped me get rid of some UTF8-errors on my old gentoo box already…

I then made the mysql server accessible from the outside by adding

bind-address my.ip.addr.ess

into /etc/mysql/my.cnf, then following this excellent website that explains everything on how to remote access a mysql database.

After that, I installed apache2 – again, the server guide’s page on that subject includes everything necessary. The guide’s page on PHP also has a lot of good information – I ended up installing php5, libapache2-mod-php5, php5-cli and php5-mysql. Finally, I created a phpinfo.php and deleted index.html, in /var/www.

For the usage of automatic WordPress updates, I also installed an ftp-server – again, just followed the server guide. In WordPress, when installing a plugin, I then have to enter “localhost” plus my local user name plus the corresponding password, whenever it asks for a connection information.

Finally, I installed mediawiki; the packages to install were mediawiki, mediawiki-math, imagemagick and php5-gd; the installation itself is again covered in the server guide.

After the configuration of mediawiki (make sure you use the old backward-compatible charset!), I enabled TeX and uploads and moved my old mediawiki according to my own blog entry (hey – they start to come in handy!!)

For some reason, I had to change the password of my mediawiki admin user after that – luckily, I found this blog entry… and then, I installed the cite extension – again, I followed my own guide on doing so.

Samba

For Samba, the installation was really easy; the corresponding page on the ubuntu server guide explains everything needed. All I had to do was to smbpasswd my working user – and everything worked. While I now have a nice NAS, I still wanted to be able to access my home share from outside – mainly due to filesharing, see below.

Mailserver

The mailserver is always a little tricky; I decided to go with dovecot, postfix, procmail and getmail. I started with dovecot (only use the instructions relating to dovecot, not the ones relating to postfix!), and for a proper postfix installation, I closely (!) followed this doc (also, I had to install procmail in order to get over this flawlessly). I created an alias for root pointing to my working user, as explained here. And finally, I installed getmail, as explained on howtoforge.

It took me three attempts – but following these documents in the given order should do it.

Filesharing

While I obviously know that filesharing involves a lot of illegal (or at least…. grey) activities, I still use it – how to get an ubuntu ISO file faster than via bittorrent? Not to speak of all the great american tv shows that you just can’t watch around here (not even DVD’s are available, sometimes….) – so, I still rely on bittorrent and, sometimes on mldonkey. The basic instructions I noted down a while ago were useful, when it came down to configuring mldonkey (it’s config files are in /var/lib/mldonkey…)

As for bittorrent, I highly recommend to go with devinw’s installer package that installs lighthttpd, rtorrent and wtorrent – it’s in the ubuntu forums and it worked after a couple of problems – read the forum entry in case of troubles!

Backup system

I then installed rsnapshot and configured it, following the work I did a while ago.

Upgrade to 9.04

Final step was to update to 9.04 – there is a good instruction provided by the canonical folks on how to do so.

The box now runs for something over 2 months – no problems, AT ALL!

Maybe I’ll go ahead and try some anti-spam solution, once again….

My server is up and running for quite some time now – but still, I have no way of printing when my client is running Windows. It is time to integrate CUPS and Samba.

So, we start off with the official Gentoo Samba documentation; here are the sections out of /etc/samba/smb.conf:

# This is the print drivers information section
[print$]
comment = Printer Drivers
path = /etc/samba/printer
guest ok = no
browseable = yes
read only = yes
# Print admins
write list = thomas,root

# a "printer share"
[Deskjet970]
comment = HP Deskjet 970Cxi printer
printable = yes
path = /var/spool/samba
public = yes
guest ok = no
# Printer admins
printer admin = thomas,root

# printers share
[printers]
comment = All printers
path = /var/spool/samba
browseable = no
guest ok = no
public = yes
writable = no
printable = yes
create mode = 0700
# who can admin the printer?
printer admin = thomas,root
print command = lpr-cups -P %p -o raw %s -r

Then, I created the directory /etc/samba/printer and altered /etc/nsswitch.conf as given in the howto.

Also, /etc/cups/cupsd.conf was lacking a “ServerName” entry. I set it to

ServerName server

So, it’s in line with the general naming convention.

Next step is to emerge cups-windows for the CUPS windows printer driver. Also, we need the files ps5ui.dll, pscript.hlp, pscript.ntf and pscript5.dll from a Windows install (I had to do a lot of search on this, and finally found it in the Gentoo forums).

Then, we restart cups, and use cupsaddsmb as follows:

cupsaddsmb -U root -v Deskjet970

(note: It took me a long time, but for this to work, the following lines have to be commented out in /etc/samba/smb.conf):

disable spoolss = yes
show add printer wizard = no
use client driver = yes
invalid users = root

Note that with the exception of the last one, these all need to remain commented out.

Now, for the test on the windows client – when connecting to the printer, the driver installs automatically and – everything works! Horray!

For completeness’ sake, I have put my full /etc/cups/cupsd.conf and /etc/samba/smb.conf on the “techie” page.

I just upgraded both my server and my client; now, I can’t mount the samba shares on the server any more!

What basically happened first is that I just could not access them – after being inside one and doing simple stuff like “ls” (or browsing into one from a normal file dialog), the system hang – and after a long time, I got an “input/output error”.

Issueing a “mount -a” (after all, the mountpoints of the shares are defined in the client’s /etc/fstab) resulted in an ERRnosuchshare error.

I googled around, and first thing I did was chaning the file system on the client’s /etc/fstab from smbfs to cifs (see this blog entry for my entire samba configuration!). This did not help; “mount -a” did not yield any error messages any more, but still, after changing to one of the mount-points of a share and issueing a simple “ls”, same error.

When I then looked into the (server’s) log files, I noticed this:

[2007/11/17 16:38:26, 0] lib/util.c:smb_panic(1632)
PANIC (pid 12987): push_ascii - dest_len == -1
[2007/11/17 16:38:26, 0] lib/util.c:log_stack_trace(1736)
BACKTRACE: 1 stack frames:
#0 /usr/sbin/smbd(log_stack_trace+0x29) [0x8020d51a]
[2007/11/17 16:38:26, 0] lib/fault.c:dump_core(181)
dumping core in /var/log/samba/cores/smbd

Googling for the panic error, I stumbled finally across this resource – it’s a bug entry related to Ubuntu, but I assume it’s the exact error I encounter. On forums.gentoo.org, I then found this entry; after searching on bugs.gentoo.org, I could not find a related bug, so I opened one.

In the meantime, I downgraded back to samba-3.0.26a (i. e. I masked samba >= 3.0.27 in /etc/portage/package.mask) – everything works fine here…

I have a symlink onto one of my samba server’s shares – and when the client on the other end is Linux as well, samba detects this and tries to “translate” stuff. I don’t want this – after a short googling around, I found this; after adding “unix extensions = no” to the [globals] section of smb.conf, the symlinked directory works as designed.

Today, we are going to configure the kernel automounter. Then, we are going to set up Samba.

What I wanted to do is make sure that my USB-HDD (which I have used to store all the data from the old server on) is mounted as soon as it is turned on; I did this with autofs; there is a Wiki article about how to configure everything.
As I was not interested in mounting stuff over a network, configuration was not very complicated; the only thing left was adjusting the config file /etc/autofs/auto.auto:
usbhd -fstype=auto :/dev/sda5
And /etc/autofs/auto.master:
/mnt/auto /etc/autofs/auto.auto --ghost
Add autofs to the default run-level – that’s it!
So, we can attach the USB HDD which was used to store the data from the old box, plug it in – voila! We can now create the directories for the different shares; I create a group for all the directories called “xyzusers” – for example, for the directory /home/mp3, where my mp3-files will reside, I create a group “mp3users”; I chown the directories to “root:xyzusers” and chmod them to 770. Then, I copy back the data.

Now, for Samba, this is a different story. Basically, Samba is quite easy to set up – there is a config file, we have to define some users, that’s it. But what I want to try out is samba with automatic virus scanning, at least on some critical shares (the public one, mainly) – and see how much this affects performance (if it’s too bad, I’ll turn it off again).

So, I set up basic samba according to the wiki entry – emerging samba btw. pulls CUPS, Apache and MySQL onto the box as well. Here is the important part of /etc/samba/smb.conf:
[global]
workgroup = zuhause.own
server string = Samba Server %v
printcap name = cups
load printers = yes
disable spoolss = Yes
show add printer wizard = No
use client driver = yes
printing = cups
log file = /var/log/samba/log.%m
max log size = 50
hosts allow = 10.10.10. 127.
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no
dos charset = 850
unix charset = utf8
unix extensions = no
follow symlinks = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = lpr-cups -P %p -o raw %s -r # use client drivers
[mp3]
valid users = @mp3users
force directory mode = 0770
force group = mp3users
force create mode = 0770
comment = MP3-Share
writeable = yes
path = /home/mp3
mangled names = no
[ebooks]
valid users = @ebookusers
force directory mode = 0770
force group = ebookusers
force create mode = 0770
comment = E-Books
writeable = yes
path = /home/ebooks
mangled names = no
[comics]
valid users = @comicusers
force directory mode = 0770
force group = comicusers
force create mode = 0770
comment = Comics
writeable = yes
path = /home/comics
[thomas]
valid users = thomas
force directory mode = 0770
force create mode = 0770
writeable = yes
comment = Thomas Home-Share
path = /home/thomas
[web]
valid users = @webusers
force directory mode = 0770
force group = webusers
force create mode = 0770
writeable = yes
comment = Webseiten
path = /home/web
[public]
valid users = @publicusers
force directory mode = 0770
force create mode = 0770
writeable = yes
force group = publicusers
comment = Public-share
path = /home/public

Now, using smbpasswd, we create smb-passwords for the users required. Now, we tweak security according to the Gentoo security handbook and therefore add this line to the [globals] section:
invalid users = root @wheel

Finally, we set up virus-scanning according to the Gentoo Samba documentation, meaning that we emerge clamav and adapt the samba config file as required – putting this into the [public] section:
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

Now, we create the mentioned file, /etc/samba/vscan-clamav.conf:
[samba-vscan]
max file size = 0
verbose file logging = no
scan on open = yes
scan on close = yes
deny access on error = yes
deny access on minor error = yes
send warning message = no
infected file daction = quarantine
quarantine directory = /home/quarantine
quarantine prefix = vir-
max lru files entries = 100
lru file entry lifetime = 5
clamd socket name = /tmp/clamd
oav port = 8127

And we create the directory /home/quarantine and update /etc/clamd.conf and /etc/freshclam.conf as given. We finally create freshclam.log and clamd.log and chown it to clamav:clamav and add clamd to the default runlevel. With adding samba as well to the default run-level, the configuartion is finished.