Fullscreen HTML5Med Res (??MB)HTML4

Getting started with Linux; Pt.3 This month we’ll show you how to put Linux to work. In particular, we’ll look at configuring Linux as a file and printer server to a Windows network and describe how to use Linux as a router, so that several people can share an Internet connection. By BOB DYBALL For many people, the word “LAN” or even “computer” evokes fear and trepidation at the expenses that will be incurred. Fortunately, Linux can provide a low-cost solution to many networking requirements, especially when it comes to shared Internet access. As we learnt last month, by running Linux, there’s still some life that can be squeezed out of many old 486s and slower Pentium machines. For example, if you have 2, 3, 10 or even 20 people who would like Internet access (eg, for email), a humble 486 running Linux and a single Internet feed are about all you need to get going. Be warned though that Linux isn’t for everyone and takes some time to learn. If you really need to keep your existing system running (eg, in a production or office environment), don’t go messing with things too much. Instead, set up a small test network and work up to the grand plan slowly. Also, because of the differences between one version of Linux and another (eg., kernel 2.03.6 to 2.2.1) and between the different “distributions” (eg, Red Hat versus Caldera), it will be necessary to generalise here on occasions. Fortunately, most of the differences are quite minor, some simply involving a different installation directory or different standard settings, Fig.1: this screen shot is from a Windows 98 system, look-ing across a network at shared resources on a Windows 95 machine named “Lister”. 80  Silicon Chip The worst case scenario for a new Linux user might be the need to recompile the kernel – something that wouldn’t be too much fun early on unless you’re the adventurous type. OK, let’s take a look at how to set up a Linux installation to function as a file and printer server. The wrong and the right way to share printers The moment you have less printers than PCs, you’ll run into a familiar problem – how do you allow those people without printers to print documents without interrupting those with printers. Faced with this problem, some people don’t even consider a LAN or if they do, think that a printer switch box is the cheaper way to go. If you’ve just bought a printer switch box, you probably won’t like reading this. But think about it – if you allow $40 or so for the switch box and then add the cost of the cables to Fig.2: this screen shot is from the same Windows 98 system. It’s looking at the same machine as before but now running Linux, with file and printer sharing courtesy of Samba. connect the PCs, you’re not going to get much change from $100. In fact, depending on the number of PCs you have, it could cost you a lot more. Another drawback is that printer cables are limited in length to a couple of metres, unless you buy special (and expensive) long cables or a line buffer. After that, cable capacitance can cause signal degradation and reliability problems. What’s more, a man­ual printer switch is a real source of frustration. It’s all too easy to forget about the switch, which means that your job often won’t print because the wrong computer or printer is selected. There is a better, easier and cheaper way of doing things – network the computers. All you need for a two-PC LAN are a couple of cheap network cards at $25-$40 each, a length of coaxial cable, two T-pieces and a couple of 50Ω terminators. Make sure you use 50Ω cable, because leftover 75Ω TV coax won’t work. Also, it’s a good idea to buy “combo” network cards, which have connectors for both 10Base-2 (coax) and 10Base-T cable. By including the 10Base-T option, you can easily expand the network later on by adding a hub and changing over to Cat.5 cable – without the added cost of new network cards. Of course, a hub will add to the cost but a 10Base-T (star) network is more reliable than a 10Base-2 network once you have three or more PCs. A cable break only affects one computer on a 10-Base-T network, while all computers on a 10Base-2 network are affected. For a simple two or three-PC network though, coaxial cable is the cheapest way to go and reliability won’t be a problem. Depending on the cards you buy, you can network three PCs for less than $120-$150. Once you have a network up and running, you can easily share resources such as printers and CD-ROM drives without any hassles. And you can easily transfer files between computers and that’s something you can’t do via a printer switch box. Why a dedicated server? To avoid disrupting others on a network, you need to set up a dedicated server. Often, this needn’t be anything more than an old 486 with 8MB of RAM. This type of machine would run rather slowly under Windows 95 but would give quite good performance Fig.3: The Samba Configuration File # The main Samba configuration file - for sharing within a Workgroup #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = WORKGROUP # server string is the equivalent of the NT Description field server string = Red Hat Linux 5.2 Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the “loopback” interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.1. 127. # if you want to automatically load your printer list rather # than setting them up individually then you’ll need this printcap name = /etc/printcap load printers = yes # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Cause this host to announce itself to local subnets here remote announce = 192.168.1.255 # Browser Control Options: # set local master to no if you don’t want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names dns proxy = no #============================ Share Definitions ============================== [a] comment = floppy drive under Linux path = /mnt/floppy public = yes writable = yes printable = no [c] comment = Win 95 C: drive via Linux path = /fatc public = yes writable = yes printable = no [d] comment = CDROM under Linux path = /mnt/cdrom public = yes writable = no printable = no [linux] comment = All of Linux - Not a good idea to do this!! path = / public = yes writable = yes printable = no [bjc4300] comment = Canon BJC4300 printer under Linux public = yes writable = no printable = yes MAY 1999  81 Fig.4: Alternative Samba Configuration File # The main Samba configuration file - for sharing within an NT-Domain #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = REDDWARF # server string is the equivalent of the NT Description field server string = Red Hat Linux 5.2 Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the “loopback” interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.1. 127. # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = server # Use password server option only with security = server password server = REDDWARF # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Cause this host to announce itself to local subnets here remote announce = 192.168.1.255 # Browser Control Options: # set local master to no if you don’t want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don’t use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below logon path = \\%L\Profiles\%U # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no #============================ Share Definitions ============================== … etc running Linux and “Samba”. With a little more work, a modest Linux PC could also be used to validate users on a network, all for a fraction of the cost of a Windows NT system – both in terms of software and hardware. For those familiar with workgroups as opposed to “domains” on a network, a Windows NT server can hold usernames and passwords. This allows you to centrally control access to file shares, printers and other devices. Another advantage of this scheme is that users need not worry about using the same PC from day to day, as their “profiles” (or settings) can travel with them as they log onto other PCs on the network. The log-on process 82  Silicon Chip under Linux with Samba (or Windows NT) saves you from having to set passwords right across a peer-to-peer network, which is very useful if more than a few people use the system. Samba has become a popular addition to most Linux distributions and is usually available as an option that can be installed with the rest of Linux. Both the popular Red Hat 5.2 and Caldera Open Linux 1.3 packages have Samba added to their installation programs. If you haven’t installed Samba or if your version of Linux doesn’t provide this, Samba is available as a compressed archive for download, or as an RPM file. RPM stands for “Red Hat Package Manager”, a handy format that packages the file and installation instructions to Linux. Samba has another part to it called “Samba Client”, which works in reverse. If there is a file share or printer share on a Windows network, then Samba Client can provide access to these from a Linux workstation. Setting up Samba Fig.3 shows the Samba configuration file (smb.conf) which is found in the /etc directory. From this, you should have no trouble when it comes to setting up share definitions. This much-simplified file is based on the standard Samba smb.conf file and is not designed with high security in mind. It’s probably best to start with a simple smb.conf file like this and work from there, as there are many options. Note that the original sample smb.conf file includes comments to show you where to add in username/ password access. If you want to have your Linux/ Samba server “look” more like a Windows NT server and use “Domain” logons instead, then you might change your smb.conf file to something more like Fig.4. At the same time, you’ll need to make a couple of changes to the configuration of your Windows 95/98 computers. These changes are both made using the Network applet found in Control Panel. Double-click the Network icon, then click Client for Microsoft Networks, then click Properties. For workgroup or “peer to peer” networking, make sure that the “Log onto Windows NT domain” option is unchecked – see Fig.5. Now click OK, then click the tab marked “Access Control”. For work­ group networking, you would normally select “Share-level access control” (see Fig.6), relying on each printer or file share across the network to have its own individual security though passwords, or not as the case may be. Alternatively, if using a domain log on, a single password log on to the Linux server (in the guise of a Windows NT domain server, again courtesy of Samba) will verify your access to file or printer shares across the network. With this system, there is only one password to remember, not one for every different machine across the network that has a resource you might wish to use. A Windows 95/98 PC set for do- Fig.5: for workgroup or “peer to peer” networking, make sure that the “Log onto Windows NT domain” option is unchecked. Controllers” or BDCs and take over if the PDC fails. A similar arrangement could also be set up using Linux servers running Samba, although that is beyond the scope of this article. So in summary, rather than have dozens of different passwords across a network, or none at all because it’s too cumbersome, consider running Samba in its domain setup rather than as a simple workgroup system. If you’ve only a few users to set up, you might do this manually using adduser. Note that Red Hat Linux has a slightly different adduser utility compared to other distributions, so check its use by using the command man adduser. Although it’s possible to edit the name/password file, it’s not good practice since file locks are placed on the file (/etc/passwd) during editing that might prevent others logging on. Note that passwords are visible in the /etc/passwd file but are encrypted. Another useful command is pass‑ wd, used to set a particular user’s password. Again, typing man passwd will give more information on this command. For more information on users and administration in general, either check the FAQ area of the website covering your distribution or see the Linux Doc­umentation Project at sunsite.unc.edu in the /pub/Linux/ docs/LDP directory. Setting up Linux as an Internet gateway or “router” Fig.6: for work­group networking, you would normally select “Share-level access control”, relying on each printer or file share across the network to have its own individual security though passwords. main log ons and user level access is set up as shown in Fig.7 and Fig.8. In this case, check the box “Log onto Windows NT domain” and enter in the domain name of the server you wish to log on to. Click OK, then click “User-level access control” and again enter the domain name. On large networks, one normally finds a Windows NT server set up as a “Primary Domain Controller” (or PDC). Such networks also usually include one or more NT machines running as backups. These are called, funnily enough, “Backup Domain Another common network problem is where multiple users require Inter­ net access but you only have one phone line available. So how do you go about solving this problem without installing extra phone lines and buying extra modems? A router is the answer and no, it need not break the bank. By installing a router, individuals on the network can access the Internet via a single modem attached to one computer – in this case, your Linux server. In fact, a router will even allow multiple users to access the Inter­net (all using the same ISP account) at the same time via this single connection, although things can get rather slow if more than a few people are logged on. By installing a router package, an old 486 running Linux can easily serve up to 10 or 20 people. Obviously, if everyone is a heavy user of the net, you need to provide the router with a decent Internet feed to keep things running smoothly. A household or a small business can usually get away with sharing one modem between several people (since not everyone’s going to be browsing at the same time), while a large business might need a 64k or 128k ISDN feed. In simple terms, you can think of a router as behaving like a mail sorter and postman. Incoming and outgoing envelopes, known as “packets” on the LAN, are “routed” to their correct destinations, depending on where they’re coming from and where they’re meant to go. Fig.7: here’s how to set up a Windows 95/98 PC for domain name log ons. Use the same domain name for all PCs on the network. Fig.8: after setting up the domain name (see Fig.7), click the Access Control tab, click “User-level access control” and again enter the domain name. MAY 1999  83 Fig.9(a): setting up the DNS configur­ation in the TCP/IP Properties dialog box. In this case, the Domain name is reddwarf.home (this is the same for all PCs on the network), while the Host name is starbug. The DNS Server Search Order numbers are those provided by your ISP. Fig.9(b): after setting the DNS Config­uration, click the Gateway tab and enter in the IP address for the Gateway/Router machine (ie, the Linux machine) in the window below “New gateway” and click Add. The address will then be shown in the “Installed gateways” window. Linux makes an ideal router, a fact attested to by the many Internet Service Providers (ISPs) who now use Linux, along with the increasing numbers of businesses, schools and even home users. There are three main things to consider when setting up your system: (1) Linux must have its Kernel set up for IP forwarding (some distributions do not have this as standard and will have to be recompiled with this option enabled; (2) Linux needs to have an Internet dialler set up, so that it can connect to the ISP account; and (3) The other “client” computers on the LAN must be set up to make use of the new “gateway” or “router”; ie, they must direct Internet traffic through the router PC instead of directly via a modem. We’ll assume here that you have IP forwarding enabled, since it is present by default in most, if not all, of the latest versions across various distributions. These include Red Hat 5.2, Caldera Open Linux 1.3 and Slackware 2.0.36. You might still have the option of disabling this feature during installation, so be careful not to choose the wrong options. When it comes to an Internet dialler for Linux, there are lots of choices. You’ll find there are diallers that provide only SLIP, while other diallers provide PPP. On your Linux distribution CD-ROM, you should find a useful guide to PPP access under / doc/FAQ/html/PPP-FAQ.html. If you don’t have a browser up and running, refer to the text version at /doc/FAQ/ txt/PPP-FAQ instead. As with the Windows 95/98 diallers, some Linux diallers have what’s known as “dial on demand”. This means that they automatically dial your ISP when ever a program function requires an Internet connection (eg, when checking for email). After a given period of inactivity, these will hang up the line automatically. If you are fortunate enough to have a permanent connection, the system should be set up to automatically redial if the line drops out for some reason (this is done to maintain the connection). For more information on dial on demand (diald), including examples, check the “how to” files on the distribution CD-ROM. These are usually found in /doc/HOWTO/ mini/diald (note: under Linux this, like most things, is case sensitive). If you want a quick and simple way to view these files, do the following: • type mount /mnt/cdrom to allow access to the CD (umount /mnt/cdrom releases it). • type mc to run Midnight Commander, for easy access to Linux. Once Midnight Commander is 84  Silicon Chip running, use F3 to view a file or F4 to edit (there’s also a range of other useful functions). You don’t have to be a Unix/Linux command whiz here, as Midnight Commander is quite easy to use (it’s certainly easier for the first time user than trying to figure out what to type at the command line). In addition to the information on diallers, you’ll also find information on firewalls and networking in general. Choose the dialler that suits you best and don’t worry too much about changing from one dialler to another. The actual diallers are usually just a “shell script” (rather like a super-batch file, for those used to DOS). Simple or even quite complex tasks that might otherwise be repetitive can easily be automated using “shell scripts”. Home users or casual users might prefer to dial up manually. This prevents the system from automatically reconnecting if the line drops out and someone has forgotten to turn off an email package that requests an email check at 10-minute intervals overnight. Local calls might be cheap but they can soon add up. IP addressing Finally, you need to ensure that the clients (ie, the other machines on the LAN) are set up to use the router as a gateway. Note that you don’t have to use “real” IP addresses for the clients. Instead, it’s best to use “non-routable” IP addresses (so that your LAN is invisible to other computers on the Internet) and let the router handle the rest. If you have a permanent connection, your ISP will usually assign you one IP address and this is given to the router. Alternatively, for dial up connections, the IP address is assigned automatically to the dialler, so you don’t have to bother about it. We talked about IP addressing in “Beyond the Basic Network – Setting up a LAN using TCP/IP” (see SILICON CHIP, November 1998). In particular, we mentioned that the Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of non-routable IP addresses for “private Internets” (ie, Intranets). These address blocks are as follows: 10.0.0.0     to 10.255.255.255 172.16.0.0   to 172.31.255.255 192.168.0.0 to 192.168.255.255 if you were running a single Windows 95/98 dial up. Lmhosts Fig.10(a): in most cases, you will have to select “Disable WINS Resolution” in this dialog box, as WINS (Windows Internet Naming Service) is generally only used on large networks. For small networks, you can use lmhosts. Fig.10(b): next, click the IP Address tab, check “Specify IP Address” and enter in the IP address for that computer (192.168.1.40 in this case), along with the Subnet Mask (use 255.255.255.0 for all machines). For this and further details on IP addressing, point your web browser to http://ucnet.canberra.edu.au/RFC/ rfc/rfc1918.html The IP address 127.0.0.1 is a special address that’s refers to some other program on the PC itself – in this case, the router. What you have to do now is assign an IP address for each of the machines on the network. For example, let’s use 192.168.1.1 for the Linux machine with the gateway/router, 192.168.1.40 for the first client computer on the network, 192.168.1.80 for a second client, and so on. Don’t use 192.168.1.255 or similar .255 addresses, and don’t use .0 addresses, as they have a special meaning in a network like this. You also have to enter in a Domain name and a Host name on each PC and you do that via the DNS Configuration tab of the TCP/IP Properties dialog box as shown in Fig.9(a). In this case, the Domain name is reddwarf. home (this is the same for all PCs on the network), while the Host name is starbug (a different Host name is used for each PC). This done, click the Gateway tab, enter in the IP address for the Gateway/Router machine (at New gateway) and click Add (Fig.9(b)). You also select Disable WINS Resolution (see Fig.10(a)), after which you click the IP Address tab and enter in the IP address for that computer (192.168.1.40), along with the Subnet Mask (use 255.255.255.0 in all cases) – see Fig.10(b). On the client computers, you would normally set the Primary and Secondary DNS to the addresses given to you by your ISP. Leave the gateway IP address blank on the gateway/router itself (since it is one) and configure the DNS settings on the router to reflect those your ISP would tell you to use Fig.11: Example LMHOSTS File #IP Address # 192.168.1.1 192.168.1.40 192.168.1.80 Fig.12: Example Linux hosts File 127.0.0.1 192.168.1.1 192.168.1.40 192.168.1.80 localhost.localdomain lister.reddwarf.home starbug.reddwarf.home holly.reddwarf.home localhost lister starbug holly Machine name lister starbug holly In order for the machines to “find” each other on the network, you now need to create a simple text file called LMHOSTS (ie, no extension) and copy it to the C:\WINDOWS directory of each Windows 95/98 machine. This lists the IP address of each machine on the network and its (Host) name. Fig.11 shows the LMHOSTS file you would use for the example given above (the lines starting with “#” are comments and don’t do anything). Note that a reboot is necessary after adding (or altering) an LMHOSTS file. You also need to add a similar file to the /etc directory of your Linux machine. In this case, the file is called hosts (not LMHOSTS) and you must list the IP address, the Domain name and the Host name of each computer – see Fig.12. You must also include the IP address for the localhost (this isn’t necessary for Windows 95/98/NT as localhost is automatically defined as 127.0.0.1). You may be wondering about the Domain name ending in .home rather than .com or .com.au. Well, you can use almost anything you like here since it only has to be recognised by your local network. What’s more, using the .home extension means that your private domain cannot be “seen” by the Internet, just as the Internet cannot access the non-routable IP addresses listed above. Should any reference to these domain names or IP addresses appear out in the outside world on the Inter­net, they would be ignored. If you have more than about 20 computers, editing all the LMHOSTS files becomes a nuisance when you want to add extra machines to the network. There are a few shortcuts but when you reach that stage, it’s best to consider using either WINS (Windows Internet Naming Service), DHCP (Dynamic Host Configuration Protocol), or a DNS (Domain Naming System). In Pt.4, we’ll talk about Linux fire­ walls and security issues. We also plan to discuss what DNS, WINS, DHCP and hosts or LMHOSTS actually do (probably in a separate article). And so that Windows users do not feel unloved, we’ll describe how these relate to Windows 95, Windows 98 SC and Windows NT as well. MAY 1999  85