map unix directory to Windows 2003 server

mabu.ps · October 25, 2011, 12:54am

Hi,
I am new unix,

In the unix server we have two folders

/home/directory/sub1/
/home/directory/sub2/

Under each sub we have some other subfolders also.

Here my question is

I want to create sub2(including subfolder of this) as share drive to windows 2003 server.

Can any one help me regarding this step by step process?

If any one reply to this as early as possible its more appriciatable.

Thanks alot in advance.

cero · October 25, 2011, 1:41am

Hi,
usually Samba is used for this.

mabu.ps · October 25, 2011, 8:27am

Thanks a lot cero,

Could you please provide step by step approach for this.

Thanks in advance.

cero · October 25, 2011, 8:48am

Its just installation and configuration.
Both depend heavily on what your system landscape looks like:

what flavor of unix you use (installation on AIX may be different to HP/UX,...)
how your windows network is configured (domain or workgroup,...)
Click on "learn samba" at the site you get to when you follow the link in my last post. There are step by step guides for lots of possible configurations.

admin_xor · October 25, 2011, 7:05pm

What flavor of Unix are you using? If it's CentOs or any RedHat variant, I can help you out with step by step guide!!!

mabu.ps · October 26, 2011, 2:47pm

Thanks you very much cero and admin_xor for replying to this post.

I am completly new to this.

My unix flavor is CentOS Unix and windows network is domain based.

Here I have got some information like using SMB protocol we can do this,but I could not get much more information on exactly how to mount the one directory (UNIX ) to Windows server.

My concern is : Unix directory (specific folder only ) shold mapped to Windows server and from windows side,windows server is having SQL server DB . we have some application running on DB server ,those applications should access the UNIX directory files with out using any specific User ID and PWD just like normal drive in Windows server. Could you please give step by step process how to do this? and What are the risks/challenges I may need to be face if I implement this?

Thanks in advance.

click · October 26, 2011, 6:59pm

Here you go Chapter�19.�Samba

There is also many other interesting manuals in the official CentOS docs

admin_xor · October 26, 2011, 8:13pm

I am happy to help you here with the step by step process. But, I would suggest you go through the docs available on CentOS or Samba website. Those are for brush-up and what more you can do with Samba. As of with any Unix program, you can do much more than it appears with Samba. That's the beauty of Unix and one of the reasons of me being in love with it. Okay, before I get carried away, let me post the steps that need to be done by you to setup Samba. I am assuming you are sharing /share folder on the CentOS server.

Here you go:

Install Samba package:

[root@genserv-sl6 ~]# yum install samba

Install Samba Client too, for using smbclient program for troubleshooting purposes

[root@genserv-sl6 ~]# yum install samba-client

If SELinux is turned on and running in enforcing mode, turn on the following booleans at least:
samba_export_all_ro
samba_export_all_rw

[root@genserv-sl6 ~]# setsebool -P samba_export_all_ro on
[root@genserv-sl6 ~]# setsebool -P samba_export_all_rw on

You can get a full list of booleans related to Samba by the following command:

[root@genserv-sl6 ~]# getsebool -a | grep samba

Prepare the share directory with appropriate SELinux context to avoid AVC denials:

[root@firewal-el6 ~]# semanage fcontext -a -t samba_share_t "/share(/.*)?"
[root@firewal-el6 ~]# restorecon -Rv /share

If IPtables is running on the server, add the following lines in your /etc/sysconfig/iptables before the entries for FORWARD chain starts:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT

Now, restart the iptables service:

[root@firewal-el6 ~]# service iptables restart

Now, it's time to dive into the config file of samba. Open /etc/samba/smb.conf file with your favorite editor and make the following changes in the [global] directive:

        workgroup = WORKGROUP
        server string = Samba Server Version %v
        netbios name = MYSERVER
        interfaces = lo eth0
        security = share

Please ensure you mention the correct NIC in place of eth0 through which you will be sharing the folders. Now, I have customized it depending upon your needs. "security = share" will enable anonymous mode because of which you won't be prompted for a username/password while accessing the share. If you select "security = user" or "security = domain" when target client machines are Windows and a member of Active Directory domain, believe me, you will spend at least next 48 hours without sleeping to troubleshoot subsequent permission issues. I know it very well!! :wall:

Create a directive like [share] for an example to share /share folder:

[share]
        comment = CentOS Share
        path = /share/
        public = yes
        writable = yes
        printable = no
        guest only = yes
        guest ok = yes
        browsable = yes

You need to do this for each of your shares. Remember, the directive should of unique name.

Now, for anonymous access, samba maps the "nobody" built-in user and group with the same name by default. So, to make sure whoever accesses this share, gets to read/write/exec, you need to make nobody as the owner of the folder:

[root@firewal-el6 ~]# chown -R nobody:nobody /share
[root@firewal-el6 ~]# chmod -R 4770 /share

Wait! What did I just do? The first command makes nobody user and nobody group as the owner of the /share folder and the subsequent files/folders.
The second line gives read+write+execute permission to the owner and the group to /share and files/folders beneath it. Now the twist; the number 4 turns on the SGID bit, for which, whenever someone creates a file/folder in the /share or in any directory beneath it, that file/folder gets the group permission enabled automatically. In turn, anybody can see/modify the new file/folder without having you to setup the permission on them manually. This saves a lot of time and SGID bit should be enabled when it comes to collaboration sharing.

Did I just forget to start the samba server now? Nope. You are all set now. So, fire up the samba server:

[root@firewal-el6 ~]# service smb start

Now, go to your Windows 2003 server and map the share with "\\10.1.2.3\share" path. You can map it as a network drive as well.

This would be all you need to accomplish your goal. Samba is a complex thing and you would spend a lot of time checking its logs or troubleshooting if you do not spend time checking out the documents. No shortcuts!!