Linux in a Windows Workstation Environment, Part II: Local Network Support
The computer club's Web site is used to publish scheduling information for classes, meetings and presentations. The navigation bar of this site also contains links to some popular sites, including the Web mail sites for AOL, Juno, Hotmail and Yahoo, as well as the search sites for Google and Hotbot. Because this site is used as the home page for all computers in the lab, it is accessed many, many times per day. To reduce bandwidth on the external line, a Web server has been configured to serve a local copy of this site. The effort has been minimal, as we do not use any CGI scripting nor do we need any logging.
By storing the Web content locally, our Web master can edit changing content without connecting to the external site. Each evening cron, the Linux version of the task scheduler, starts a script that produces a list of the Web site files that have been altered within the past 24 hours. It then transfers them to the external site using using the wput command, an indirect way to use FTP. To insure controlled write access to the Web material, it is stored in a password-protected Samba share, to be discussed later.
I use the Apache Web server as the server for our intranet. Although the latest version, 2.0, implements a number of new security features, my initial attempts to use the newest software failed. We use only simple Web pages and have no security issues, as the server is accessed only from the internal network. Therefore, I am using the older V1.3 release. The control file, httpd.conf, can include a large number of parameters; however, only a small number needed to be tailored for my system. The first of these is the server type. Under Linux, the daemon can be triggered by the Internet super daemon, inetd, or it can be started as a standalone program. I chose the latter option.
The next parameter to be configured is the root directory for the configuration, error and log files.
We also specify the IP address and port. If this parameter was not specified, the program would listen on all interfaces. However, I explicitly wish to exclude the external interface but use the standard port.
We also need to specify the directory in which our Web pages are stored, as well as a Directory stanza to allow everyone to access that material.
DocumentRoot "/home/web" <Directory "/home/web"> Order allow,deny Allow from all </Directory>
The combination of local home page serving and the cache-only name server greatly decrease the workstation response time and cut the traffic on the external network. The benefits of each greatly outweigh the minimal effort required to set them up.
To supply file and print services for the Windows workstations, we use Samba. To quote samba.org, "Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients." Using this package, our Linux computer offers printer shares for both printers and three distinct file shares.
The Samba configuration file, which normally is /etc/samba/smb.conf, contains definitions for global parameters in a section named [global]. In this section, I have annotated the parameters defined on our system:
[global] max smbd processes = 40 # one server process for each workstation workgroup = MRLAB # name reported to network browser netbios name = server # NetBIOS name reported by server security = share # needed for guest services to work hosts allow = 10.10.10.0/24 # limit to our network guest account = nobody # the guest has the privileges of this user log file = /usr/local/samba/var/log smb passwd file = /usr/local/samba/lib/smbpasswd max log size = 500 # size in kB preferred master = yes # this machine is master for net domain master = yes # we have no other domain servers deadtime = 5 # no. of minutes till connection expires server string = Samba # name in printer comment box on Windows interfaces = 10.10.10.1/24 # serve only our internal network wins support = No # no Wins name resolution show add printer wizard = yes # Wizard is shown on NT/XP/2K clients max print jobs = 20 # number of simultaneous print jobs printer admin = root # only the superuser can manipulate printers null passwords = yes # we want to have no password for some users load printers = no # do not create shares automatically printing = bsd # BSD-type printing
|Using tshark to Watch and Inspect Network Traffic||Aug 31, 2015|
|Where's That Pesky Hidden Word?||Aug 28, 2015|
|A Project to Guarantee Better Security for Open-Source Projects||Aug 27, 2015|
|Concerning Containers' Connections: on Docker Networking||Aug 26, 2015|
|My Network Go-Bag||Aug 24, 2015|
|Doing Astronomy with Python||Aug 19, 2015|
- Using tshark to Watch and Inspect Network Traffic
- Problems with Ubuntu's Software Center and How Canonical Plans to Fix Them
- Concerning Containers' Connections: on Docker Networking
- A Project to Guarantee Better Security for Open-Source Projects
- Where's That Pesky Hidden Word?
- Firefox Security Exploit Targets Linux Users and Web Developers
- My Network Go-Bag
- Doing Astronomy with Python
- Build a “Virtual SuperComputer” with Process Virtualization
- diff -u: What's New in Kernel Development