Copyright © 2004-2011, Ward MundyAll Rights Reserved. Contents licensed under the GPLv2.
Last updated: Monday, April 25, 2011 - 12:33 AM (GMT -7)
Windows Networking with Samba
Adding Samba Networking to PBX in a Flash
Samba is the open source solution to Windows Networking on the Linux Platform. This tutorial will walk you through adding Samba to your Asterisk server. Total installation time is about 2 minutes. Once installed, you can access your entire server from any Windows or Mac system using Windows Networking.
Prerequisites
PBX in a Flash and a secured local area network are the only prerequisites for installing Samba. Because this implementation shares your entire server with root-equivalent privileges and no password, make certain that you have a router and firewall in place which blocks incoming Windows Networking traffic from the Internet before you install this application. Also make certain that everyone on your LAN is a trusted user.
System Installation
Log into your PBX in a Flash system as root and issue the following commands to install Samba:
setup-samba cd /etc/samba nano -w smb.conf
If you've never changed the name of the workgroup on your Windows machines, you can skip this step. Just press Ctrl-X to close the editor. Otherwise, once the editor opens the Samba configuration file, move down to the line shown below and replace the second workgroup entry with the actual name of the Windows workgroup on your LAN.
workgroup = workgroup
Save the change to the configuration file by pressing Ctrl-X, then Y, then Enter.
Starting and Stopping Samba
By default, Samba now will automatically start each time your system is rebooted. To modify the startup behavior of Samba, issue one of the following commands after logging into your server as root:
chkconfig --level 345 smb on chkconfig --level 345 smb off
To manually start or stop Samba, issue one of the following commands after logging into your server as root:
/etc/init.d/smb start /etc/init.d/smb stop
Using Samba on Your LAN
Once Samba is running on your system, you can access the entire disk on your server from any Mac or Windows machine by browsing to your Windows Network workgroup and clicking on the PBX server. After connecting to the server, you can drag and drop files to and from your PBX in a Flash system just as if it were another Windows machine.
Security Considerations
As configured, this implementation of Samba shares your entire server with root-equivalent privileges and no password. It is worth repeating that you should make absolutely certain that you have a router and firewall in place which blocks incoming Windows Networking traffic from the Internet before you install this application. If you're using a wireless network, make certain that it, too, is secured with WPA, not WEP encryption. Otherwise, your entire server is vulnerable to attack. Also make certain that everyone on your LAN is a trusted user. In short, this implementation is suitable for a home or home office and probably little else. You've been warned.
For an insecure LAN, we recommend changing the settings in smb.conf to the following: guest ok = no in all locations and security = User. Then, while logged in as root, add specific users to SAMBA. NOTE: These users must already exist on your server. For each user, issue a command like this: smbpasswd -a username. For example, be sure to add the root user, issue the command: smbpasswd -a root. You will be prompted for a password which need not be the same as your Linux password for the root account. Don't forget to restart SAMBA after making these changes: service smb restart. HINT: On Macs (after adjusting your Asterisk server firewall below!), you then can connect by pressing Command-K, entering SMB://ipaddress_of_your_server and, when prompted, enter root and the password you set up for the root Samba account.
Firewall Settings
Finally, before SAMBA will function on PBX in a Flash systems, you must open ports in the IPtables firewall. Add the following entries just above the COMMIT entry at the end of /etc/sysconfig/iptables. Then restart IPtables: service iptables restart.
# Allow SAMBA -A INPUT -p udp -m udp --dport 137:139 -j ACCEPT -A INPUT -p tcp -m tcp --dport 137:139 -j ACCEPT