Linux in a Windows Workstation Environment, Part II: Local Network Support
The computer club's Web site is used to publish scheduling information for classes, meetings and presentations. The navigation bar of this site also contains links to some popular sites, including the Web mail sites for AOL, Juno, Hotmail and Yahoo, as well as the search sites for Google and Hotbot. Because this site is used as the home page for all computers in the lab, it is accessed many, many times per day. To reduce bandwidth on the external line, a Web server has been configured to serve a local copy of this site. The effort has been minimal, as we do not use any CGI scripting nor do we need any logging.
By storing the Web content locally, our Web master can edit changing content without connecting to the external site. Each evening cron, the Linux version of the task scheduler, starts a script that produces a list of the Web site files that have been altered within the past 24 hours. It then transfers them to the external site using using the wput command, an indirect way to use FTP. To insure controlled write access to the Web material, it is stored in a password-protected Samba share, to be discussed later.
I use the Apache Web server as the server for our intranet. Although the latest version, 2.0, implements a number of new security features, my initial attempts to use the newest software failed. We use only simple Web pages and have no security issues, as the server is accessed only from the internal network. Therefore, I am using the older V1.3 release. The control file, httpd.conf, can include a large number of parameters; however, only a small number needed to be tailored for my system. The first of these is the server type. Under Linux, the daemon can be triggered by the Internet super daemon, inetd, or it can be started as a standalone program. I chose the latter option.
The next parameter to be configured is the root directory for the configuration, error and log files.
We also specify the IP address and port. If this parameter was not specified, the program would listen on all interfaces. However, I explicitly wish to exclude the external interface but use the standard port.
We also need to specify the directory in which our Web pages are stored, as well as a Directory stanza to allow everyone to access that material.
DocumentRoot "/home/web" <Directory "/home/web"> Order allow,deny Allow from all </Directory>
The combination of local home page serving and the cache-only name server greatly decrease the workstation response time and cut the traffic on the external network. The benefits of each greatly outweigh the minimal effort required to set them up.
To supply file and print services for the Windows workstations, we use Samba. To quote samba.org, "Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Samba is freely available, unlike other SMB/CIFS implementations, and allows for interoperability between Linux/Unix servers and Windows-based clients." Using this package, our Linux computer offers printer shares for both printers and three distinct file shares.
The Samba configuration file, which normally is /etc/samba/smb.conf, contains definitions for global parameters in a section named [global]. In this section, I have annotated the parameters defined on our system:
[global] max smbd processes = 40 # one server process for each workstation workgroup = MRLAB # name reported to network browser netbios name = server # NetBIOS name reported by server security = share # needed for guest services to work hosts allow = 10.10.10.0/24 # limit to our network guest account = nobody # the guest has the privileges of this user log file = /usr/local/samba/var/log smb passwd file = /usr/local/samba/lib/smbpasswd max log size = 500 # size in kB preferred master = yes # this machine is master for net domain master = yes # we have no other domain servers deadtime = 5 # no. of minutes till connection expires server string = Samba # name in printer comment box on Windows interfaces = 10.10.10.1/24 # serve only our internal network wins support = No # no Wins name resolution show add printer wizard = yes # Wizard is shown on NT/XP/2K clients max print jobs = 20 # number of simultaneous print jobs printer admin = root # only the superuser can manipulate printers null passwords = yes # we want to have no password for some users load printers = no # do not create shares automatically printing = bsd # BSD-type printing
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide