IST346 L04 ServerOS by E55vHG

VIEWS: 2 PAGES: 16

									IST346: Lab                                                             Last Update: 10/2/2012 12:27 PM



L04 SERVERS
O VERVIEW

This lab will help you understand the management issues associated with servers and server operating systems.
You will learn how to issue commands to administer a key service on the Windows and Linux operating systems.
Since we will be diving into services in great depth throughout the semester, this particular lab will focus on the
essentials of how server operating systems use and advertise services.

We will demonstrate how servers and services work by using the most common service used internally by
companies and organizations – File sharing. File sharing services like Windows File Sharing (on Windows) and
Samba (on Linux) allow users to store their work remotely. By storing the files remotely the data is more
accessible, as users move from workstation to workstation, since the files are stored remotely it is easier to back
them up and configure the storage to be fault-tolerant, both of which help prevent data loss.


L EARNING O BJECTIVES

Upon completion of this lab, you should be able to

        Demonstrate and explain the user and group security models used by the server variants of Windows and
         Linux operating systems
        Understand the basic steps required to setup and use file sharing services.
        Test the services being offered by the server operating systems using client connections.


L AB B REAKDOWN

This lab consists of 3 parts:

    1.   Setup the file sharing services Samba on centos Linux server.
    2.   Setup the Windows networking file sharing service on Windows server 2008.
    3.   On your own: Get the Vista1 virtual machine to talk to both remote file shares, in the same manner as the
         winxp1 VM does.




                                                      Page 1
IST346: Lab                                                             Last Update: 10/2/2012 12:27 PM

R EQUIREMENTS

Before you start this lab you will need:

    1.   Your PSD (Portable Storage Device) connected to a lab computer, or a computer running VMware Server
         1.09 / VMware Workstation 6.X.
    2.   These virtual machines, from the VM Garden, on your PSD:
              a. Win2008 (Windows Server 2008) – acting as a server
              b. Centos5 (Centos Linux 5) – acting as a server
              c. Winxp1 (Windows XP) – acting as a workstation
              d. Vista1 (Windows vista) – acting as a workstation
    3.   Make sure the Win2008, Centos5, Vista1 and WinXP1 virtual machines, all use the VM Ware NAT
         interface.
    4.   Startup the Win2008, Centos5, vista1 and WinXP1 virtual machines:
              a. Logon to Win2008 as Administrator (the account with the most access on the Windows
                  platform)
              b. Logon to Centos5 as root (the account with the most access on a *nix platform)
              c. Logon to winxp1 and vista1 as user (a non-privileged account)
              d. Remember, in all cases, the password is SU2orange!


V IRTUAL M ACHINE S ETUP       FOR L AB :

This diagram serves as a visual representation of how all the virtual machines used in the lab interact with each
other and also communicate with the internet.




                                  VMWare
                                   NAT




        Winxp1 and Vista1 will be workstations. As workstations, they are consumers (users) of the File Sharing
         service.



                                                     Page 2
IST346: Lab                                                              Last Update: 10/2/2012 12:27 PM

        Centos5 and Win2008 will be servers. In the server role, they are producers of the File Sharing Service.
        If things go to plan you should be able to use any workstation to access any of the files on either of the
         two servers.

P ART 1 – S ETTING U P S AMBA       ON   L INUX

This section will introduce and demonstrate how to setup and then use the Samba file-sharing service on Linux.
The Samba service is the Linux version of the Windows networking protocol. In this part we will set Samba up on
your Centos5 virtual machine and then test the file sharing by reading and writing to the file share using the
winxp1 virtual machine.

S ETUP S AMBA    ON   C ENTOS 5

First, we will configure our Centos5 Linux server for file sharing. Execute each of the following commands from the
terminal window (a.k.a. Bash shell prompt) logged in as the root user.


1. A I NSTALLING   THE   S AMBA S OFTWARE P ACKAGES

    1.   Install the samba software and utilities from the internet, type this into the terminal window:
         [root@localhost ~]# yum install samba*
         The yum command pulls down software from the internet and installs it into your Centos Linux system.
         You will be prompted to install a few samba-based packages, press Y to download and install them.




                                                      Page 3
IST346: Lab                                                              Last Update: 10/2/2012 12:27 PM

    2.   When the process is complete, you should see a list of the packages that were installed and updated. You
         list should be similar to this:




1. B S ETTING   UP SECURITY AND     A CCESS   FOR THE FILE SHARE

At this point, Samba is installed, but has yet to be configured. Before we can configure Samba, we will need to
setup a folder to share and the users and groups which have access to it. Enter these commands into the terminal
window.

1   The user account we will use to access the share is user. Let’s verify this account already exists in the system,
    type:
    [root@localhost ~]# cat /etc/passwd | grep “user”
    This command displays the contents of the password database (where user accounts are stored in linux). Grep
    helps us filter that output to only the text in quotes. You should see a line like this in the output:
    user:x:500:500:User:/home/user:/bin/bash
    If you do, then you’re all set, if not then you will have to execute this command to create the user account and
    set its password: useradd user –p
2   Next we need to create a group for the file share. As a rule of thumb, it is a bad idea to assign a user rights to a
    resource. The better plan is to assign a user to a group (or role) and then assign that group to the resource.
    Why? Users come and go, but the access that a user needs, such as rights to a folder, printer, or website
    doesn’t change nearly as much over time. For example if people in the accounting department need to use the
    printer outside their office, I would assign the right to print to the accounting group, and then place the users
    in the group. This way when Bob is no longer in accounting, I only have to remove him from the accounting
    group, I don’t have to remember to revoke his access to the printer as well.
    Now that the tangent is over , let’s create the group linshare (short for linux share) Type:
    [root@localhost ~]# groupadd linshare




                                                       Page 4
IST346: Lab                                                             Last Update: 10/2/2012 12:27 PM

    You can verify the group was created by checking for linshare in the group file /etc/group, type:
    [root@localhost ~]# tail /etc/group
    (you should see linshare at the end of the group file)
3   Next we need to add our user “user” to our group “linshare” we do this with the usermod command, type:
    [root@localhost ~]# usermod –G linshare user
    And if you type tail /etc/group again you can see that user has been added to the end of the linshare
    line, meaning the account was added to the group.
4   Next, it’s time to make the folder on the file system we’d like to share out. In the Unix/Linux world, we put this
    type of stuff in the /var/ folder, type:
    [root@localhost ~]# mkdir /var/samba to make the samba folder then type:
    [root@localhost ~]# mkdir /var/samba/linshare to make the linshare folder inside the
    samba folder.
5   Since you are logged in as root, this is the user with rights to the folder (makes sense, actually). We want the
    linshare group to have full rights to the linshare folder (makes sense, too, when you think about it). So type:
    [root@localhost ~]# chgrp linshare /var/samba/linshare/ to change the group owner
    to the linshare group. Then type:
    [root@localhost ~]# chmod g+rwx /var/samba/linshare/ to give the group owner
    (linshare in this case) read, write, and execute access to the folder. To verify you did these two steps correctly
    get a long listing of the samba folder. This will display the security and group ownership of the folder. Type:
    ls –l /var/samba and you should see output like this (stuff in yellow represents what was changed by
    the previous two commands):




At this point you’re finally ready to configure samba! Finally!


1. C C ONFIGURE    THE   F OLDER TO BE    SHARED U SING     S AMBA

1   At the prompt, type the following to launch the Samba configuration tool.




                                                       Page 5
IST346: Lab                                                             Last Update: 10/2/2012 12:27 PM

    [root@localhost ~]# system-config-samba you should see the following window on your
    screen:




2   From the menu, select Preferences Samba Users Add User to add a new Samba User.
3   From the Create New Samba User dialog, select user for the Unix Username, enter user for the samba user
    name (yes, we want them to be the same) and enter SU2orange! For the password. Your completed dialog will
    look something like this:




4   Click Ok to save the Samba User. If you see user in the list of samba users, click Ok again to return to the main
    menu.
5   Next let’s add the samba share. From the menu, select File  Add Share.




                                                     Page 6
IST346: Lab                                                              Last Update: 10/2/2012 12:27 PM

6   On the basic, tab enter the path to our directory /var/samba/linshare name the share linshare and check
    both writable and visible.




7   Under the Access tab. Only allow access to the specific user user.




8  Click Ok when done, then Close out of the Samba Server Configuration Utility. You should be back at the
   terminal window command prompt.
9 The last step is to start the samba service. First let’s configure the service to start at boot time. This way each
   time we turn the centos5 virtual machine on, it will begin to serve up files. Type:
   [root@localhost ~]# chkconfig smb on
10 Next, let’s start up samba:
   [root@localhost ~]# service smb start
   Note: if you make any changes to the Samba configuration or permissions on the folders being shared, you will
   need to restart the Samba service. You can do this by typing: service smb restart


1. D P HEW ! D ONE ! A LMOST ….




                                                     Page 7
IST346: Lab                                                             Last Update: 10/2/2012 12:27 PM

Lastly, you need to note the IP Address of your Centos5 server. We will use the IP Address to connect our
workstations to the server. Normally this would be done using a naming service like DNS but we haven’t
progressed that far in the course yet!  Type ifconfig from the linux terminal window and record the IP address of
your Centos5 virtual machine. It should be a number like 192.168.80.XXX

T EST Y OUR S AMBA S ERVER U SING W INXP 1

Now it is time to test your connection to the Centos5 Samba file share. Make sure you’ve logged in to your winxp1
virtual machine as user.


1. E C ONNECT     TO THE   R EMOTE F ILE S HARE

1   From the Desktop of your Winxp1 virtual machine. Click on start Run and type in
    \\192.168.80.XXX (where XXX is the IP number of your Centos5 virtual machine.)




    and the click OK.
2   After a few moments, you should be the linshare folder on the Centos5 computer!




3   Verify everything works by creating and saving a sample document in the folder: Double-click on linshare once
    the linshare folder opens, right-click in the white space and create a new wordpad document.
4   Rename the file as Test Wordpad document double-click on the document to open it and save some text
    inside, and then close the document.


1.F A   LITTLE   A PRES -S KI : A T   THE   C ENTOS 5 V IRTUAL M ACHINE

Let’s prove this is real remote file sharing. Flip back to your Centos5 virtual machine. Open up your terminal
window and type:
[root@localhost ~]# ls -l /var/samba/linshare/



                                                        Page 8
IST346: Lab                                                               Last Update: 10/2/2012 12:27 PM

You should see the document you created!




Q UESTIONS

1.1   What does the linux command yum do?
1.2   What is samba?
1.3   Why is it a better administrative practice to assign a group access to a resource rather than a user?
1.4   What is the difference between the cat and tail commands?

P ART 2 – S ETUP F ILE S HARING       ON   W INDOWS

Next, we will setup the win2008 virtual machine as a file server in the same manner as we did on Linux. Since file
sharing is native on Windows, the setup and configuration is a little more straightforward.

S ETUP F ILE S HARING      ON   W INDOWS S ERVER 2008

2. A I NSTALLING    FILE   S ERVICES R OLE

To install the File Services Role, from the win2008 virtual machine, logged in as Administrator, do the following:

      1.   Open the server manager utility. Click Start  Administrative Tools  Server Manager. The server
           manager utility is a one stop shop for configuring and administering services on Windows Server 2008.




                                                       Page 9
IST346: Lab                                                              Last Update: 10/2/2012 12:27 PM

    2.   Next, let’s add the File Server role to this server. From Server Manager, click on Roles then Add Roles.
         The “Add Roles Wizard” will appear. Click on Server Roles. You should see this screen:




    3.   Select the File Services role, and click on Role Services on the left-hand side.




                                                      Page 10
IST346: Lab                                                             Last Update: 10/2/2012 12:27 PM

    4.   From the Role Services screen select only File Server (screenshot below) and then click Next > to advance
         to the confirmation screen:




    5.   At the Confirmation screen, click the Install button to setup file services on this computer.




                                                      Page 11
IST346: Lab                                                                Last Update: 10/2/2012 12:27 PM

    6.   When the process is complete you will see a Results dialog, showing your change is successful:




    7.   Click Close to dismiss the dialog. Congratulations, you’ve just installed file services role!


2. B S ETTING   UP SECURITY AND      A CCESS   FOR THE FILE SHARE

Just like in step 1.b you now have the service installed. It’s time to setup the security for the folder. For these next
set of commands we will execute from the command line. So open up the Windows command prompt.

1   The user account we will use to access the share is user. Let’s verify this account already exists in the system,
    type:
    C:\users\Administrator> net user
    This command displays the contents of the user database on Windows. You should see the word User, like this
    in the output:




    If you do, then you’re all set, if not then you will have to execute this command to create the user account and
    set its password: net user user * /add
2   Next we need to create a group for the file share. This time we will call the group winshare. Type:
    C:\users\Administrator> net localgroup winshare /add
    You can verify the group was created by checking for winshare with this command:
    C:\users\Administrator> net localgroup




                                                        Page 12
IST346: Lab                                                           Last Update: 10/2/2012 12:27 PM

3   Next we need to add our user “user” to our group “winshare” we do this with the usermod command, type:
    C:\users\Administrator> net localgroup winshare user /add
    And if you type net localgroup winshare you can see that user has been added to the group.
4   Next, it’s time to make the folder on the file system we’d like to share out. Windows isn’t so picky where you
    place things, so let’s simple make a folder called shares and place winshare in that folder:
    C:\users\Administrator> mkdir c:\shares to make the share folder then type:
    C:\users\Administrator> mkdir c:\shares\winshare to make the winshare folder inside
    the share folder.
5   Since you are logged in as administrator, the security on the folder is designed to match this user. We would
    like to change the security so that the winshare group has full rights to the winshare folder. The easiet
    method of doing this is through the windows GUI. So, at the command prompt, type:
    C:\users\Administrator> start c:\shares to open a GUI shell folder for the winshare folder.




6   Right-Click on the winshare folder and choose Properties from the context menu, then select the Security tab.
7   From the Security tab, click Edit to bring up the Permissions for winshare dialog.
8   From this dialog click the add button and in the Select Users Or Groups dialog type winshare and click Ok.
9   You will now be back at the Permissions for winshare dialog. Click on the winshare group and select Full
    Control from the permissions section. (see attached screenshot)




10 Once you’ve selected full control click Ok to close the Permissions for Winshare dialog. Then click Ok again to
   close the winshare Properties dialog.


2. C S HARE   THE WINSHARE FOLDER




                                                    Page 13
IST346: Lab                                                          Last Update: 10/2/2012 12:27 PM

Now it’s time to share out the winshare folder.

1   From the windows GUI, right click on the winshare folder and choose Share… This will open the file sharing
    dialog which should look like this:




2   Click on the Share button. When the Network discover and File Sharing dialog appears, click on Yes:




3   When the process is complete, click Done.


2. D R ECORD   THE   IP A DDRESS   OF THE   W IN 2008 S ERVER

Again, you need to note the IP Address of your Win2008 server. We will use the IP Address to connect our
workstations to the server. Type ipconfig from the command prompt window and record the IP address of your
virtual machine. It should be a number like 192.168.80.XXX

T EST Y OUR W INDOWS F ILE S HARING U SING W INXP 1

Now it is time to test your connection to the Win2008 file share. Make sure you’ve logged in to your winxp1
virtual machine as user.




                                                    Page 14
IST346: Lab                                                            Last Update: 10/2/2012 12:27 PM

2. E C ONNECT    TO THE   R EMOTE F ILE S HARE

1   From the Desktop of your Winxp1 virtual machine. Click on start Run and type in
    \\192.168.80.XXX (where XXX is the IP number of your Win2008 virtual machine.)
2   After a few moments, you should be the linshare folder on the Centos5 computer!




3   Verify everything works by creating and saving a sample document in the folder: Double-click on winshare
    once the winshare folder opens, right-click in the white space and create a new wordpad document.
4   Rename the file as Test Wordpad document double-click on the document to open it and save some text
    inside, and then close the document.


2.F A PRES -S KI R EDUX : A T   THE   W IN 2008 V IRTUAL M ACHINE

Let’s prove this is real remote file sharing one more time. Flip back to your Win2008 virtual machine. Open up the
winshare folder. You should see:




Q UESTIONS

    2.1   What command displays the members of a group, such (as the winshare group) in windows?
    2.2   What command creates a new user account in Windows?
    2.3   What is the command to make a folder from the windows command line?
    2.4   Why do you need to know the IP address of the Windows 2008 server before you can connect to it?

P ART 3 O N Y OUR O WN

Se if you can apply what you learned to try to get your vista1 workstation to connect to the remote file shares
linshare and winshare, similar to the way you got it working on winxp1.




                                                     Page 15
IST346: Lab                                                            Last Update: 10/2/2012 12:27 PM


Q UESTIONS

    3.1When you connect to linshare (or winshare) from vista1 do you see the same files as you do on winxp1?
    Why or why not?

    3.2 In your opinion, which server was easier to configure why? Linux or Windows?

    3.3 Do you see any challenges to rolling out a service like this one en masse (to everyone in an organization)?

    3.4 What parts of this lab did you have the most difficulty with completing and why?

    3.5 Do you have suggestions for improvements based on your answer to question 3.4?




R EMINDER : B E   SURE TO POWER OFF ALL OF YOUR VIRTUAL MACHINES PRIOR TO DI SCONNECTING
YOUR PORTABLE HARD DISK .




                                                     Page 16

								
To top