Samba file server with AD authentication

Prerequities
Fedora 8 with base

vim /etc/selinux/config
"SELINUX=disabled"

vim /etc/hosts
"192.168.123.228 test-ad.contoso.com test-ad"

yum install ntp
ntpdate

yum install samba
yum install samba-common
yum install samba-client
yum install samba-swat

chkconfig smb on
service smb start
service nmb start
chkconfig nmb on

cp /etc/samba/smb.conf /etc/samba/smb.conf.original

vi /etc/xinetd.d/swat
"only_from = 127.0.0.1 192.168.123.0/24"
"disable = no"

service xinetd start
chkconfig xinetd on

connecting the samba server to the AD

setup -> Authentication configuration
(only check following options)
-Use Winbind
-use MD5 passwords
-Use Shadow Passwords
-Local authorization is sufficient

-> next ->

-Security Model = ads
-Domain = CONTOSO.COM
-Domain Controllers = test-ad.contoso.com
-ADS Realm = CONTOSO.COM
-Template Shell = /sbin/nologin

-> next -> yes ->

Domain Administrator = Administrator
Password =

-> Ok -> Ok -> Quit

("wbinfo -u" command returns domain user list if the ad join is successful)


####################################################

vim /etc/nsswitch.conf

passwd: compat winbind
shadow: compat
group: compat winbind

###################################################

init 6 (restart the server)

####################################################

iptables rules for samba share access

iptables -A INPUT -m multiport -p TCP -s 192.168.123.0/24 --destination-ports

631,139,445 -j ACCEPT
iptables -A INPUT -m multiport -p UDP -s 192.168.123.0/24 --destination-ports

631,137,138 -j ACCEPT

iptables rules for SWAT access on port 901

iptables -A INPUT -p TCP -s 192.168.123.0/24 --destination-port 901 -j ACCEPT

####################################################

use http://samba-server-IP:901 to configure shares

[global]
workgroup = CONTOSO
realm = CONTOSO.COM
server string = Samba Server Version %v
security = ADS
password server = test-ad.contoso.com
passdb backend = tdbsam
log file = /var/log/samba/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
preferred master = No
dns proxy = No
ldap ssl = no
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /sbin/nologin
winbind enum users = Yes
winbind enum groups = Yes
cups options = raw
[administrator]
path = /home/administrator
valid users = contoso\administrator
admin users = contoso\administrator
read only = No

####################################################
create samba directories on samba server

mkdir /home/administrator
chmod 777 /home/administrator
chmod a+s /home/administrator

####################################################
Please note that in my examples I've made following assumptions
192.168.123.0/24 is my LAN ip block
contoso.com is my AD domain
192.168.123.228 is my AD's IP
test-ad.contoso.com is my AD machine name

Change the Volume Licensing product key of win xp sp1 and later versions

Use the Activation Wizard

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

If you have only a few volume licensing product keys to change, you can use the Activation Wizard.

Note Microsoft recommends that you run System Restore to create a new restore point before you follow these steps. For information about how to create a restore point by using System Restore, see the "To Create a Restore Point" help topic in Help and Support.

1 - Click Start, and then click Run.
2 - In the Open box, type regedit, and then click OK.
3 - In the left pane, locate and then click the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Current Version\WPAEvents

4 - In the right pane, right-click OOBETimer, and then click Modify.
5 - Change at least one digit of this value to deactivate Windows.
6 - Click Start, and then click Run.
7 - In the Open box, type the following command, and then click OK.

%systemroot%\system32\oobe\msoobe.exe /a

8 - Click Yes, I want to telephone a customer service representative to activate Windows, and then click Next.
9 - Click Change Product key.
10 - Type the new product key in the New key boxes, and then click Update.

If you are returned to the previous window, click Remind me later, and then restart the computer.

11 - Repeat steps 6 and 7 to verify that Windows is activated. You receive the following message:

Windows is already activated. Click OK to exit.

12 - Click OK.
13 - Install Windows XP SP1 or a later version of Windows XP.

If you cannot restart Windows after you install Windows XP SP1 or a later version of Windows XP, press F8 when you restart the computer, select Last Known Good Configuration, and then repeat this procedure.

scp - Linux command line tool to copy files over ssh

scp stands for secure cp (copy), which means that you can copy files across an ssh connection that will be encrypted, and therefore secured. The server should be capable of handling SSH and the port 22 should be open

You can this way copy files from or to a remote server, you can even copy files from one remote server to another remote server, without passing through your PC.

Usage

scp [[user@]from-host:]source-file [[user@]to-host:][destination-file]

Description of options

from-host Is the name or IP of the host where the source file is, this can be omitted if the from-host is the host where you are actually issuing the command

user Is the user which have the right to access the file and directory that is supposed to be copied in the cas of the from-host and the user who has the rights to write in the to-host

source-file Is the file or files that are going to be copied to the destination host, it can be a directory but in that case you need to specify the -r option to copy the contents of the directory

destination-file Is the name that the copied file is going to take in the to-host, if none is given all copied files are going to maintain its names

Options

-p Preserves the modification and access times, as well as the permissions of the source-file in the destination-file
-q Do not display the progress bar
-r Recursive, so it copies the contents of the source-file (directory in this case) recursively
-v Displays debugging messages

Examples

scp *.txt user@remote.server.com :/home/user/

This will copy all files with .txt extension to the directory /home/user in the remote.server.com host

scp -r eranga@10.1.2.2:/home/eranga/ eranga@10.1.2.3:/home/eranga/

This is going to recursively copy all files from eranga's Home directory on 10.1.2.2 host to his Home directory in 10.1.2.3 host.

Burn .bin file Without A .cue file

To burn a bin file, you will need an appropriate cue file.

You do exactly the same as for iso files, but when you click on “burn image,” you don’t browse to the bin itself, but instead to the cue file, and you open that one.
When the writer starts to burn, it will automatically search for the bin file and start burning it. In fact, the cue file tells the burning program where it can find the bin file that is attached to it. It is VERY IMPORTANT that you use the right cue file when you burn a bin. i.e both cue and bin files that are attached to each other must be located in the same folder, and every bin file has it’s own cue file.


Normally, when you download a bin file, you can download the appropriate cue file as well. If you do not have the cue file (or feel bold) you can make the cue file yourself, which is really easy to do:

a. Open notepad
b. Copy the folowing text into notepad:

FILE“nameofimage“BINARY
TRACK 01 MODE1/2352
INDEX 01 00:00:00

Where nameofimage.bin is the name of the bin file you want ot burn.

c. The rest is easy: just save the notepad text with the name of the bin, but with the cue extension.
d. The file should be saved in the same folder as its appropriate bin file and should be something like myfile.cue

Or you can use Alcohol 120% to burn directly from the bin file