I should put something here

Some days, keeping up with technology can be a mix of frustration and excitement.

I am currently working on getting back my RHCE (Red Hat Certified Engineer) credentials (I had it before, but for reasons I won’t get to, it expired). From there, I will be able to avail myself of a suite of certificates from Red Hat, eventually getting either a RHCA (Red Hat Certified Architect) in Cloud or DevOps (or if time does not permits, just plain RHCA) I will do this by using existing resources (books, documentation and supplemented by in-expensive online training) rather that taking the rather pricey ROLE courses.

That is the idea, at least.

Case in point, Samba. Now, I don’t use Samba that much, but it is a key objective to complete in the RHCE exam – not just using it, but configuring and setting up the appropriate access controls. From reading the RHCE books, it seems pretty straight forward. For example:

  • Provide network shares to specific clients
  • Provide network shares suitable for group collaboration

Which mean you need to do the following on the server:

1) Install Samba on the server.

yum -y install samba samba-client

2) Add group that will be used for collaboration

groupadd -g 8888 shared

3) Modify existing users so they are part of the group

usermod -aG shared amy
usermod -aG shared rory

5) Create samba users:

smbpasswd -a amy
smbpasswd -a rory

6) Set the appropriate permissions on the directory you want to share.

chmod 770 /srv/directory_to_be_shared
chown nobody:shared /srv/directory_to_be_shared

7) Set selinux permissions as follows:

semanage fcontext -a -t samba_public_t /srv/directory_to_be_shared
restorecon -rv /srv/directory_to_be_shared

8) Create entry in /etc/samba/smb.conf

[shared]
comment = “shared directory”
path = /srv/directory_to_be_shared
writable = yes
browsable = yes
write list = +shared
hosts allow = foo.bar.monzell.com

9) run testparm to validate the configuration

10) Enable and start samba:

systemctl enable samba
systemctl start samba

11) open the firewall:

firewall-cmd —add-service=samba
firewall-cmd —add-service=samba —permanent

While on the client:

1) Install samba and cifs-utils:

yum -y install cifs-utils samba

2) Create directory to mount the share:

mkdir /mnt/shared

3) Create a file that contain the credentials used to mount the share and secure the file:

echo 'username=amy' > /etc/samba/secret
echo 'password=doctor!' >> /etc/samba/secret
chmod 0400 /etc/samba/secret

4) Update fstab to mount the directory

//samba.server.monzell.com/shared /mnt/shared cifs _netdev,credentials=/etc/samba/pw 0 0

5) Finally, mount the share:

mount /mnt/shared

As you can tell, I got it down cold. Why? Because until today, I couldn’t do step 5. I kept getting permission errors:

mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

Now I was able to mount if I remove the hosts allow entry:

[shared]
comment = “shared directory”
path = /srv/directory_to_be_shared
writable = yes
browsable = yes
write list = +shared

But that would mean that I wouldn’t be able to use ACL controls.

After some searching, I found that I can block via IP, which is sort of better – but I still wasn’t satisfied.

I looked at the walkthroughs for all the RHCE books (Van Vugt, Ghori, Jang, Tecmint) and so far, from what I can tell, it should work. I mean, surely the authors have all figured it out, right?

Well, today, I gave it one more and something occur to me that, perhaps, Samba don’t do lookups by default. Sure enough, after some searching, I found:

http://serverfault.com/questions/702455/samba-hosts-allow-example-com

In order for host allow entries using hostnames to work you need to enable

hostname lookups = yes
In the global configuration of smb.conf.

And sure enough, adding that in smb.conf:

[global]
hostname lookups = yes

Allow me to mount with using host controls on the hostname.

Turns out that hostname lookups are quite expensive, resource-wise, so samba have it turned off by default.

I am not sure why all the major RHCE prep books missed this. I thought at first that it may a problem with the editing, which I could understand for one book

But all four?

Interesting.

One thought on “I should put something here

  1. Geoff Hazel

    so everyone studies the book and memorizes the book answers but nobody actually DOES it. the goal isn’t learning, it’s passing the test. I had a similar situation with my Real Estate sales broker annual coursework. One section had the next section’s test questions. They weren’t hard, and I passed the section test. I emailed the course professor who said “you’re right — in the 6 years we’ve had this course, you are the first person to mention it.” Yeah, pass the test, get your certification and move along.

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s