SlideShare a Scribd company logo

Athenticated smaba server config with open vpn

Chanaka Lasantha
Chanaka Lasantha

Tested

Technology
1 of 9
Download to read offline
Authenticated Samba Server Config with Open VPN Chanaka.lasantha@gmail.com Designed , Doumented and Tested by Chanaka Lasantha Nanayakkara Wawage Most Important Settings Date: date -s "9 AUG 2013 11:32:08" Add repository EPEL that is provided from Fedora project. rpm –Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
Installing Samba Server and cups-libs is for printer # yum install -y samba samba-commons cups-libs xinetd portmap # setup Select System service from list You have to tick the following boxes if not already selected, [*]portmap [*]xinetd [*]smb Create a directory which you would like to share mkdir /sharedrepo Add a new group or you can use existing group to provide access on shared directory, Here I am adding new group called staff groupadd staff Change the group and permission of sharing folder chgrp -R staff /sharedrepo chmod -R 777 /sharedrepo Explanation of behavior of chmod syntax’s The chmod numeric format accepts up to four octal digits. The rightmost three refer to permissions for the file owner, the group and other users. The next digit (fourth from the right) specifies special setuid, setgid and sticky flags. Numerical permissions: # Permission rwx 7 6 Full Read and Write 111 110
5 4 3 2 1 0 Read and Execute Read Only Write and Execute Write Only Execute Only None 101 100 011 010 001 000 rwx = Read, Write, Execute Further Explanation :  Read = read a file or list a directory's contents  Write = write to a file or directory  Execute = execute a file or recurse a directory tree Sample : chmod -R 777 /sharedrepo has a full permission for Read, Write and Execute. create user and add them in group called staff. And set the samba password for this user useradd test usermod -G staff test smbpasswd -a test Take backup of /etc/samba/smb.conf file then edit the smb.conf file. And add the given parameter in last line of /etc/samba/smb.conf file cd /etc/samba/ cp -p smb.conf smb.conf.orig vim /etc/samba/smb.conf [sharedrepo] comment = shared-directory path = /sharedrepo public = no valid users = test, @staff writable = yes browseable = yes create mask = 0765
Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server Change the value of 192.168.2.0/24 with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic. In second line ,192.168.2. is for subnet .Same rule applied to 127. which is for loopback. interfaces = lo eth0 192.168.2.0/24 hosts allow = 127. 192.168.2. Mainly for windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system bydefault uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the change. workgroup = WORKGROUP Add services in /etc/services files vim /etc/services netbios-ns 137/tcp # netbios name service netbios-ns 137/udp # netbios name service netbios-dgm 138/tcp # netbios datagram service netbios-dgm 138/udp # netbios datagram service netbios-ssn 139/udp # netbios session service netbios-ssn 139/udp # netbios session service Enable IP Forwarding (Highly Important!) If you want your OpenVPN clients to be able to access the network, in addition to the push routes statements above you will need to setup ip forwarding for the tunnel interface and change the 0 to a 1. vim /etc/sysctl.conf # ------ Edit the following line changing the 0 to a 1 ----- net.ipv4.ip_forward = 1
Save and close the file. Reload the changes by typing the following command: Or echo 1 > /proc/sys/net/ipv4/ip_forward sysctl -p Add iptables rule in samba server for port no. 137,138.139 and 445. service iptables start iptables –-flush iptables --table nat -–flush iptables --delete-chain service iptables save service iptables restart service network restart iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEP iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -N SYN_FLOOD iptables -A INPUT -p tcp --syn -j SYN_FLOOD iptables -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN iptables -A SYN_FLOOD -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A INPUT -m recent --name portscan --remove iptables -A FORWARD -m recent --name portscan –remove
iptables -A INPUT -s 0.0.0.0/7 -j DROP iptables -A INPUT -s 2.0.0.0/8 -j DROP iptables -A INPUT -s 5.0.0.0/8 -j DROP iptables -A INPUT -s 7.0.0.0/8 -j DROP iptables -A INPUT -s 10.0.0.0/8 -j DROP iptables -A INPUT -s 23.0.0.0/8 -j DROP iptables -A INPUT -s 27.0.0.0/8 -j DROP iptables -A INPUT -s 31.0.0.0/8 -j DROP iptables -A INPUT -s 36.0.0.0/7 -j DROP iptables -A INPUT -s 39.0.0.0/8 -j DROP iptables -A INPUT -s 42.0.0.0/8 -j DROP iptables -A INPUT -s 49.0.0.0/8 -j DROP iptables -A INPUT -s 50.0.0.0/8 -j DROP iptables -A INPUT -s 77.0.0.0/8 -j DROP iptables -A INPUT -s 78.0.0.0/7 -j DROP iptables -A INPUT -s 92.0.0.0/6 -j DROP iptables -A INPUT -s 96.0.0.0/4 -j DROP iptables -A INPUT -s 112.0.0.0/5 -j DROP iptables -A INPUT -s 120.0.0.0/8 -j DROP iptables -A INPUT -s 169.254.0.0/16 -j DROP iptables -A INPUT -s 172.16.0.0/12 -j DROP iptables -A INPUT -s 173.0.0.0/8 -j DROP iptables -A INPUT -s 174.0.0.0/7 -j DROP iptables -A INPUT -s 176.0.0.0/5 -j DROP iptables -A INPUT -s 184.0.0.0/6 -j DROP iptables -A INPUT -s 192.0.2.0/24 -j DROP iptables -A INPUT -s 197.0.0.0/8 -j DROP iptables -A INPUT -s 198.18.0.0/15 -j DROP iptables -A INPUT -s 223.0.0.0/8 -j DROP iptables -A INPUT -s 224.0.0.0/3 -j DROP iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP service iptables save
service iptables restart service network restart /sbin/iptables -L iptables -L -t nat –n iptables -vnL Now start the smb and nmb services. /etc/init.d/smb start /etc/init.d/nmb start Now we will test samba from linux and windows machine (Windows User) Open the Run and type ip-address-of-samba-servershared-Direcory-name for eg:- 192.168.56.101sharedrepo Give username and password. (password which you set with the help of smbpasswd command)
Linux Users: smbclient must be installed in system smbclient //ip-samba-server/sharedDirectory -U username smbstatus FINAL STAGE OF OPEN VPN SOLUTION CONFIG FOR A WORLD WIDE SECURE SAMBA REMOTE ACCESS CAN BE SETUP USING BY CLICKING THIS URL. Install the ClamAV Virus Guard for Inter-clients Virus Protectiion yum --enablerepo=rpmforge -y install clamav vim /etc/freshclam.conf line 122: make it comment:- #NotifyClamd /etc/clamd.conf update pattern files:- freshclam vim /etc/crontab # Explanation:- # MIN HOUR MDAY MON DOW COMMAND # */5 * * * * echo 'Hello' # # MIN Minute 0-60 # HOUR Hour [24-hour clock] 0-23 # MDAY Day of Month 1-31 # MON Month 1-12 OR jan,feb,mar,apr . # DOW Day of Week 0-6 OR # sun,mon,tue,wed,thu,fri,sat # COMMAND Command to be run Any valid command-line #Run a Virus SCAN for " sharedrepo" folder after every 3-hours while awake by the ClamAV Virus Guard 0 7-23/3 * * * clamscan --infected --remove --recursive /sharedrepo && clamscan --infected --remove --recursive #Run the Automatic Updater for the ClamAV Virs Batabase by Every 3 Hours Periodically 0 7-23/3 * * * freshclam init 0
How to enable or disable SMB protocols on the SMB client on Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 To disable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start= disabled To enable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb10 start= auto To disable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi sc.exe config mrxsmb20 start= disabled To enable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb20 start= auto

Recommended

Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460B Mach
 
Arp Dan Ipconfig Syntax
Arp Dan Ipconfig SyntaxArp Dan Ipconfig Syntax
Arp Dan Ipconfig Syntaxguestcc37e8c
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands OverviewMuhammed Niyas
 
Iptables
IptablesIptables
Iptablesleminhvuong
 
Packet Filtering Using Iptables
Packet Filtering Using IptablesPacket Filtering Using Iptables
Packet Filtering Using IptablesAhmed Mekkawy
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercicessaqrjareh
 
Iptables fundamentals
Iptables fundamentalsIptables fundamentals
Iptables fundamentalsram_b17
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commandsAreej Khasawneh
 

Recommended

Ccna voice study summary 460
Ccna voice study summary 460Ccna voice study summary 460
Ccna voice study summary 460B Mach
 
Arp Dan Ipconfig Syntax
Arp Dan Ipconfig SyntaxArp Dan Ipconfig Syntax
Arp Dan Ipconfig Syntaxguestcc37e8c
 
Router Commands Overview
Router Commands OverviewRouter Commands Overview
Router Commands OverviewMuhammed Niyas
 
Iptables
IptablesIptables
Iptablesleminhvuong
 
Packet Filtering Using Iptables
Packet Filtering Using IptablesPacket Filtering Using Iptables
Packet Filtering Using IptablesAhmed Mekkawy
 
Ccna icnd2-labs exercices
Ccna icnd2-labs exercicesCcna icnd2-labs exercices
Ccna icnd2-labs exercicessaqrjareh
 
Iptables fundamentals
Iptables fundamentalsIptables fundamentals
Iptables fundamentalsram_b17
 
The bryant advantage 150 commands
The bryant advantage 150 commandsThe bryant advantage 150 commands
The bryant advantage 150 commandsAreej Khasawneh
 
Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configurationVasilis Nikitaras
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheetEZREIG OMAR
 
DNS, DHCP Configuration
DNS, DHCP Configuration DNS, DHCP Configuration
DNS, DHCP Configuration Anik Saha
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheetGuntaka Reddy
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationHamed Moghaddam
 
Huawei cisco command conversion
Huawei cisco command conversionHuawei cisco command conversion
Huawei cisco command conversionjames Omara
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scalebrouer
 
Comandos cisco x huawei
Comandos cisco x huaweiComandos cisco x huawei
Comandos cisco x huaweiandre gomes
 
Linux day 3ppt
Linux day 3pptLinux day 3ppt
Linux day 3pptKalkey
 
01c. Starting A Router
01c. Starting A Router01c. Starting A Router
01c. Starting A RouterNghiep Lam
 
Nova HA
Nova HANova HA
Nova HAOpen Stack
 
Cisco CCENT Cram Notes
Cisco CCENT Cram NotesCisco CCENT Cram Notes
Cisco CCENT Cram NotesVijayanand Yadla
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationHamed Moghaddam
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsBootcamp SCL
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview3Anetwork com
 
Comandos routing switching
Comandos routing switchingComandos routing switching
Comandos routing switching1 2d
 
Complete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingComplete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingChanaka Lasantha
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 

More Related Content

What's hot

Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configurationVasilis Nikitaras
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheetEZREIG OMAR
 
DNS, DHCP Configuration
DNS, DHCP Configuration DNS, DHCP Configuration
DNS, DHCP Configuration Anik Saha
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through IptablesBud Siddhisena
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationHamed Moghaddam
 
Huawei cisco command conversion
Huawei cisco command conversionHuawei cisco command conversion
Huawei cisco command conversionjames Omara
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scalebrouer
 
Comandos cisco x huawei
Comandos cisco x huaweiComandos cisco x huawei
Comandos cisco x huaweiandre gomes
 
Linux day 3ppt
Linux day 3pptLinux day 3ppt
Linux day 3pptKalkey
 
01c. Starting A Router
01c. Starting A Router01c. Starting A Router
01c. Starting A RouterNghiep Lam
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationHamed Moghaddam
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsBootcamp SCL
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)DH Da Lat
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview3Anetwork com
 
Comandos routing switching
Comandos routing switchingComandos routing switching
Comandos routing switching1 2d
 

What's hot (19)

Backup and restore router configuration
Backup and restore router configurationBackup and restore router configuration
Backup and restore router configuration
 
Ncat ccna cheat sheet
Ncat ccna cheat sheetNcat ccna cheat sheet
Ncat ccna cheat sheet
 
DNS, DHCP Configuration
DNS, DHCP Configuration DNS, DHCP Configuration
DNS, DHCP Configuration
 
ccna cheat_sheet
ccna cheat_sheetccna cheat_sheet
ccna cheat_sheet
 
Introduction to firewalls through Iptables
Introduction to firewalls through IptablesIntroduction to firewalls through Iptables
Introduction to firewalls through Iptables
 
Juniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route ConfigurationJuniper JNCIA – Juniper Floating Static Route Configuration
Juniper JNCIA – Juniper Floating Static Route Configuration
 
Huawei cisco command conversion
Huawei cisco command conversionHuawei cisco command conversion
Huawei cisco command conversion
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scale
 
Comandos cisco x huawei
Comandos cisco x huaweiComandos cisco x huawei
Comandos cisco x huawei
 
Linux day 3ppt
Linux day 3pptLinux day 3ppt
Linux day 3ppt
 
01c. Starting A Router
01c. Starting A Router01c. Starting A Router
01c. Starting A Router
 
Nova HA
Nova HANova HA
Nova HA
 
Cisco CCENT Cram Notes
Cisco CCENT Cram NotesCisco CCENT Cram Notes
Cisco CCENT Cram Notes
 
Cisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink ConfigurationCisco CCNA- PPP Multilink Configuration
Cisco CCNA- PPP Multilink Configuration
 
Cisco vs. huawei CLI Commands
Cisco vs. huawei CLI CommandsCisco vs. huawei CLI Commands
Cisco vs. huawei CLI Commands
 
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner) Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
Puppet Camp Boston 2014: Network Automation with Puppet and Arista (Beginner)
 
Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)Cisco commands List for Beginners (CCNA, CCNP)
Cisco commands List for Beginners (CCNA, CCNP)
 
Cisco router command configuration overview
Cisco router command configuration overviewCisco router command configuration overview
Cisco router command configuration overview
 
Comandos routing switching
Comandos routing switchingComandos routing switching
Comandos routing switching
 

Similar to Athenticated smaba server config with open vpn

Complete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingComplete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingChanaka Lasantha
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examplesTeja Bheemanapally
 
Reducing iptables configuration complexity using chains
Reducing iptables configuration complexity using chainsReducing iptables configuration complexity using chains
Reducing iptables configuration complexity using chainsDieter Adriaenssens
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...JohnWilson47710
 
Introduction to linux day1
Introduction to linux day1Introduction to linux day1
Introduction to linux day1Gourav Varma
 
Linux Administation
Linux AdministationLinux Administation
Linux Administationrkulandaivel
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxcarliotwaycave
 
Chapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridgingChapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridgingdimuthur
 
Ansible - simple it automation
Ansible - simple it automationAnsible - simple it automation
Ansible - simple it automationLarry Nung
 
Mikrotik and easy hotspot, as hotspot billing system
Mikrotik and easy hotspot, as hotspot billing systemMikrotik and easy hotspot, as hotspot billing system
Mikrotik and easy hotspot, as hotspot billing systemsedotabiz
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby SystemsEngine Yard
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricksJim MacLeod
 
RAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseRAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseNikhil Kumar
 

Similar to Athenticated smaba server config with open vpn (20)

Complete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac bindingComplete squid & firewall configuration. plus easy mac binding
Complete squid & firewall configuration. plus easy mac binding
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples25 most frequently used linux ip tables rules examples
25 most frequently used linux ip tables rules examples
 
Reducing iptables configuration complexity using chains
Reducing iptables configuration complexity using chainsReducing iptables configuration complexity using chains
Reducing iptables configuration complexity using chains
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
Samba
SambaSamba
Samba
 
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
Installation And Configuration Of DNS, Web And FTP Servers On Virtual Machine...
 
Introduction to linux day1
Introduction to linux day1Introduction to linux day1
Introduction to linux day1
 
Linux Administation
Linux AdministationLinux Administation
Linux Administation
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
 
Chapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridgingChapter 03 configuring link aggregation and bridging
Chapter 03 configuring link aggregation and bridging
 
Ansible - simple it automation
Ansible - simple it automationAnsible - simple it automation
Ansible - simple it automation
 
Mikrotik and easy hotspot, as hotspot billing system
Mikrotik and easy hotspot, as hotspot billing systemMikrotik and easy hotspot, as hotspot billing system
Mikrotik and easy hotspot, as hotspot billing system
 
Iptables presentation
Iptables presentationIptables presentation
Iptables presentation
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
Ex200
Ex200Ex200
Ex200
 
Linuxserver harden
Linuxserver hardenLinuxserver harden
Linuxserver harden
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby Systems
 
Stupid iptables tricks
Stupid iptables tricksStupid iptables tricks
Stupid iptables tricks
 
RAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and DatabaseRAC-Installing your First Cluster and Database
RAC-Installing your First Cluster and Database
 

More from Chanaka Lasantha

Storing, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRStoring, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRChanaka Lasantha
 
Building A Kubernetes App With Amazon EKS
Building A Kubernetes App With Amazon EKSBuilding A Kubernetes App With Amazon EKS
Building A Kubernetes App With Amazon EKSChanaka Lasantha
 
ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions Chanaka Lasantha
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationChanaka Lasantha
 
Distributed replicated block device
Distributed replicated block deviceDistributed replicated block device
Distributed replicated block deviceChanaka Lasantha
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Chanaka Lasantha
 
Ask by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hddAsk by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hddChanaka Lasantha
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
One key sheard site to site open vpn
One key sheard site to site open vpnOne key sheard site to site open vpn
One key sheard site to site open vpnChanaka Lasantha
 
Usrt to ethernet connectivity over the wolrd cubieboard bords
Usrt to ethernet connectivity over the wolrd cubieboard bordsUsrt to ethernet connectivity over the wolrd cubieboard bords
Usrt to ethernet connectivity over the wolrd cubieboard bordsChanaka Lasantha
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authChanaka Lasantha
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
Install elasticsearch, logstash and kibana
Install elasticsearch, logstash and kibana Install elasticsearch, logstash and kibana
Install elasticsearch, logstash and kibana Chanaka Lasantha
 
Oracle cluster installation with grid and nfs
Oracle cluster installation with grid and nfsOracle cluster installation with grid and nfs
Oracle cluster installation with grid and nfsChanaka Lasantha
 
Oracle cluster installation with grid and iscsi
Oracle cluster installation with grid and iscsiOracle cluster installation with grid and iscsi
Oracle cluster installation with grid and iscsiChanaka Lasantha
 
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)Chanaka Lasantha
 
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management Systemully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management SystemChanaka Lasantha
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)Chanaka Lasantha
 

More from Chanaka Lasantha (20)

Storing, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECRStoring, Managing, and Deploying Docker Container Images with Amazon ECR
Storing, Managing, and Deploying Docker Container Images with Amazon ECR
 
Building A Kubernetes App With Amazon EKS
Building A Kubernetes App With Amazon EKSBuilding A Kubernetes App With Amazon EKS
Building A Kubernetes App With Amazon EKS
 
ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions ERP System Implementation Kubernetes Cluster with Sticky Sessions
ERP System Implementation Kubernetes Cluster with Sticky Sessions
 
Free radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integrationFree radius for wpa2 enterprise with active directory integration
Free radius for wpa2 enterprise with active directory integration
 
Distributed replicated block device
Distributed replicated block deviceDistributed replicated block device
Distributed replicated block device
 
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server mo...
 
Ask by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hddAsk by linux kernel add or delete a hdd
Ask by linux kernel add or delete a hdd
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
One key sheard site to site open vpn
One key sheard site to site open vpnOne key sheard site to site open vpn
One key sheard site to site open vpn
 
Usrt to ethernet connectivity over the wolrd cubieboard bords
Usrt to ethernet connectivity over the wolrd cubieboard bordsUsrt to ethernet connectivity over the wolrd cubieboard bords
Usrt to ethernet connectivity over the wolrd cubieboard bords
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql db
 
Site to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory authSite to-multi site open vpn solution. with active directory auth
Site to-multi site open vpn solution. with active directory auth
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
 
Install elasticsearch, logstash and kibana
Install elasticsearch, logstash and kibana Install elasticsearch, logstash and kibana
Install elasticsearch, logstash and kibana
 
Oracle cluster installation with grid and nfs
Oracle cluster installation with grid and nfsOracle cluster installation with grid and nfs
Oracle cluster installation with grid and nfs
 
Oracle cluster installation with grid and iscsi
Oracle cluster installation with grid and iscsiOracle cluster installation with grid and iscsi
Oracle cluster installation with grid and iscsi
 
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
AUTOMATIC JBOSS CLUSTER MANAGEMENT SYSTEM (PYTHON)
 
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management Systemully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
ully Automatic WSO2 Enterprise Service Bus(ESB) Cluster Management System
 
Docker framework
Docker frameworkDocker framework
Docker framework
 
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)CYBER SECURITY WORKSHOP (Only For Educational Purpose)
CYBER SECURITY WORKSHOP (Only For Educational Purpose)
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

Athenticated smaba server config with open vpn

  • 1. Authenticated Samba Server Config with Open VPN Chanaka.lasantha@gmail.com Designed , Doumented and Tested by Chanaka Lasantha Nanayakkara Wawage Most Important Settings Date: date -s "9 AUG 2013 11:32:08" Add repository EPEL that is provided from Fedora project. rpm –Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
  • 2. Installing Samba Server and cups-libs is for printer # yum install -y samba samba-commons cups-libs xinetd portmap # setup Select System service from list You have to tick the following boxes if not already selected, [*]portmap [*]xinetd [*]smb Create a directory which you would like to share mkdir /sharedrepo Add a new group or you can use existing group to provide access on shared directory, Here I am adding new group called staff groupadd staff Change the group and permission of sharing folder chgrp -R staff /sharedrepo chmod -R 777 /sharedrepo Explanation of behavior of chmod syntax’s The chmod numeric format accepts up to four octal digits. The rightmost three refer to permissions for the file owner, the group and other users. The next digit (fourth from the right) specifies special setuid, setgid and sticky flags. Numerical permissions: # Permission rwx 7 6 Full Read and Write 111 110
  • 3. 5 4 3 2 1 0 Read and Execute Read Only Write and Execute Write Only Execute Only None 101 100 011 010 001 000 rwx = Read, Write, Execute Further Explanation :  Read = read a file or list a directory's contents  Write = write to a file or directory  Execute = execute a file or recurse a directory tree Sample : chmod -R 777 /sharedrepo has a full permission for Read, Write and Execute. create user and add them in group called staff. And set the samba password for this user useradd test usermod -G staff test smbpasswd -a test Take backup of /etc/samba/smb.conf file then edit the smb.conf file. And add the given parameter in last line of /etc/samba/smb.conf file cd /etc/samba/ cp -p smb.conf smb.conf.orig vim /etc/samba/smb.conf [sharedrepo] comment = shared-directory path = /sharedrepo public = no valid users = test, @staff writable = yes browseable = yes create mask = 0765
  • 4. Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server Change the value of 192.168.2.0/24 with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic. In second line ,192.168.2. is for subnet .Same rule applied to 127. which is for loopback. interfaces = lo eth0 192.168.2.0/24 hosts allow = 127. 192.168.2. Mainly for windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system bydefault uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the change. workgroup = WORKGROUP Add services in /etc/services files vim /etc/services netbios-ns 137/tcp # netbios name service netbios-ns 137/udp # netbios name service netbios-dgm 138/tcp # netbios datagram service netbios-dgm 138/udp # netbios datagram service netbios-ssn 139/udp # netbios session service netbios-ssn 139/udp # netbios session service Enable IP Forwarding (Highly Important!) If you want your OpenVPN clients to be able to access the network, in addition to the push routes statements above you will need to setup ip forwarding for the tunnel interface and change the 0 to a 1. vim /etc/sysctl.conf # ------ Edit the following line changing the 0 to a 1 ----- net.ipv4.ip_forward = 1
  • 5. Save and close the file. Reload the changes by typing the following command: Or echo 1 > /proc/sys/net/ipv4/ip_forward sysctl -p Add iptables rule in samba server for port no. 137,138.139 and 445. service iptables start iptables –-flush iptables --table nat -–flush iptables --delete-chain service iptables save service iptables restart service network restart iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEP iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT iptables -A INPUT -p icmp -j ACCEPT iptables -A OUTPUT -p icmp -j ACCEPT iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP iptables -N SYN_FLOOD iptables -A INPUT -p tcp --syn -j SYN_FLOOD iptables -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN iptables -A SYN_FLOOD -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP iptables -A INPUT -m recent --name portscan --remove iptables -A FORWARD -m recent --name portscan –remove
  • 6. iptables -A INPUT -s 0.0.0.0/7 -j DROP iptables -A INPUT -s 2.0.0.0/8 -j DROP iptables -A INPUT -s 5.0.0.0/8 -j DROP iptables -A INPUT -s 7.0.0.0/8 -j DROP iptables -A INPUT -s 10.0.0.0/8 -j DROP iptables -A INPUT -s 23.0.0.0/8 -j DROP iptables -A INPUT -s 27.0.0.0/8 -j DROP iptables -A INPUT -s 31.0.0.0/8 -j DROP iptables -A INPUT -s 36.0.0.0/7 -j DROP iptables -A INPUT -s 39.0.0.0/8 -j DROP iptables -A INPUT -s 42.0.0.0/8 -j DROP iptables -A INPUT -s 49.0.0.0/8 -j DROP iptables -A INPUT -s 50.0.0.0/8 -j DROP iptables -A INPUT -s 77.0.0.0/8 -j DROP iptables -A INPUT -s 78.0.0.0/7 -j DROP iptables -A INPUT -s 92.0.0.0/6 -j DROP iptables -A INPUT -s 96.0.0.0/4 -j DROP iptables -A INPUT -s 112.0.0.0/5 -j DROP iptables -A INPUT -s 120.0.0.0/8 -j DROP iptables -A INPUT -s 169.254.0.0/16 -j DROP iptables -A INPUT -s 172.16.0.0/12 -j DROP iptables -A INPUT -s 173.0.0.0/8 -j DROP iptables -A INPUT -s 174.0.0.0/7 -j DROP iptables -A INPUT -s 176.0.0.0/5 -j DROP iptables -A INPUT -s 184.0.0.0/6 -j DROP iptables -A INPUT -s 192.0.2.0/24 -j DROP iptables -A INPUT -s 197.0.0.0/8 -j DROP iptables -A INPUT -s 198.18.0.0/15 -j DROP iptables -A INPUT -s 223.0.0.0/8 -j DROP iptables -A INPUT -s 224.0.0.0/3 -j DROP iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 137 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 138 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 139 -j ACCEPT iptables -A INPUT -s 192.168.2.0/24 -m state --state NEW -p tcp --dport 445 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP service iptables save
  • 7. service iptables restart service network restart /sbin/iptables -L iptables -L -t nat –n iptables -vnL Now start the smb and nmb services. /etc/init.d/smb start /etc/init.d/nmb start Now we will test samba from linux and windows machine (Windows User) Open the Run and type ip-address-of-samba-servershared-Direcory-name for eg:- 192.168.56.101sharedrepo Give username and password. (password which you set with the help of smbpasswd command)
  • 8. Linux Users: smbclient must be installed in system smbclient //ip-samba-server/sharedDirectory -U username smbstatus FINAL STAGE OF OPEN VPN SOLUTION CONFIG FOR A WORLD WIDE SECURE SAMBA REMOTE ACCESS CAN BE SETUP USING BY CLICKING THIS URL. Install the ClamAV Virus Guard for Inter-clients Virus Protectiion yum --enablerepo=rpmforge -y install clamav vim /etc/freshclam.conf line 122: make it comment:- #NotifyClamd /etc/clamd.conf update pattern files:- freshclam vim /etc/crontab # Explanation:- # MIN HOUR MDAY MON DOW COMMAND # */5 * * * * echo 'Hello' # # MIN Minute 0-60 # HOUR Hour [24-hour clock] 0-23 # MDAY Day of Month 1-31 # MON Month 1-12 OR jan,feb,mar,apr . # DOW Day of Week 0-6 OR # sun,mon,tue,wed,thu,fri,sat # COMMAND Command to be run Any valid command-line #Run a Virus SCAN for " sharedrepo" folder after every 3-hours while awake by the ClamAV Virus Guard 0 7-23/3 * * * clamscan --infected --remove --recursive /sharedrepo && clamscan --infected --remove --recursive #Run the Automatic Updater for the ClamAV Virs Batabase by Every 3 Hours Periodically 0 7-23/3 * * * freshclam init 0
  • 9. How to enable or disable SMB protocols on the SMB client on Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 To disable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi sc.exe config mrxsmb10 start= disabled To enable SMBv1 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb10 start= auto To disable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi sc.exe config mrxsmb20 start= disabled To enable SMBv2 and SMBv3 on the SMB client, run the following commands: sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi sc.exe config mrxsmb20 start= auto