Bits Build your own server: Part 2

Maybe some security thing of no-ip.org? Or your firewall being confused with getting internal traffic from the external interface... Anyway, glad it worked

 

Yeah, I don't know mate, just glad it's working

Thanks again for the guides Glider, much appreciated *tips hat*

..... Just one last thing if I may. When I create an ssh tunnel to my server remotely, what do I need to do to be able to launch webmin?

I configured Putty with:

hostname: xxx.no-ip.org
port: 2222

then setup the tunnel:

source port: 10000
destination: localhost:10000

(not sure if I need to set the 'remote' radio button here)

Then I can open the connection and login successfully. Opening a browser and navigating to https://xxx.no-ip.org:10000 unfortunately gets me nowhere.

I've tried a few variations here and don't think I can be that far off but a quick nod in the right direction would be gladly welcomed

Thanks

 

try navigating to http://localhost:10000 on the remote system... Then you connect to one end of the tunnel, and see what's on the other side

 

lol, it's like one of those cryptic clues in a crossword

EDIT: No it's not, *slaps forehead* I'm having a blonde moment. Wrong URL.

EDIT2: Bingo, https://localhost:10000, that got it

Thanks again Glider, I'll now leave you in peace (until your next guide that is )

 

Okay, so I lied... I need your help again.

I added some users to my linux box and to the samba shares, through Webmin.

They can all get access to their files and folders but despite following your instructions to make the 'shared' folder read/writable to all users, they are unable to move, delete or copy any of the files/folders.

I noticed it when using WinSCP. I told my brother (who lives a good 150miles away) how to use WinSCP to download/upload files from/to the server. He was impressed , until he realised that he couldn't actually 'do' anything with it.

When I log in via WinSCP however, I have no problems.

I noticed also that if I use my brothers login via SSH, the terminal only displays a '$' in the command prompt (i.e. no file paths etc) and I seem to have limited functionality.

I assume it is something to do with the way I have setup either the new 'linux' users or 'samba' users. But I'm struggling to find any info.

 

Weird, could be to a number of things... I think wrong default shell and error in the samba config

Can you provide me with the following information?

Code:

grep <username> /etc/passwd

Code:

cat /etc/samba/smb.conf

Greets Glider

 

Hi Glider,

first command returns:

(this is my brother)

Code:

charlie:x:1001:100::/home/charlie:/bin/sh

(this is me)

Code:

will:x:1000:1000:Will,,,:/home/will:/bin/bash

second command returns:

Code:

[global]
	log file = /var/log/samba.log
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
	obey pam restrictions = yes
	socket options = TCP_NODELAY
	null passwords = no
	encrypt passwords = true
	passwd program = /usr/bin/passwd %u
	passdb backend = smbpasswd
	wins support = no
	dns proxy = no
	netbios name = "XXXX" #Blanked out by me for post
	invalid users = root
	path = /home/shared
	workgroup = "XXXXXXX" #Blanked out by me for post
	security = user
	syslog = 1
	panic action = /usr/share/samba/panic-action %d
	max log size = 1000
	pam password change = no
	log level = 3 

#Share Definitions

[homes]
        comment = Home Directories
        browseable = yes
        writable = yes
        security mask = 0700
        create mask = 0700



[shared]
	comment = Shared Directory
	writeable = yes
	path = /home/shared/

Cheers

 

=> What I tought...

Code:

sudo nano /etc/passwd

And change the /bin/sh for your brother to /bin/bash

Try adding the create mask & security mask to the share definition

Code:

sudo nano /etc/samba/smb.conf

. Can you/your brother create/delete files in his home share?

 

Nice one son.

Now, I'm pretty sure I've already tried that tbh, but I'll give it another go.

Oh and yes, he can read/write files in his home share, as can I.

 

Yeah the shell problem solved

Still having problems with the share though those masks didn't fix it unfortunately. And I restarted the Samba server after editing.

EDIT:

Just noticed something very interesting. Inside my shared folder i have the following directories:

Games
Music
Video
Torrents

For some reason only the 'Music' one seems to be giving me problems and all the others are read/writeable as expected. Now I'm even more confused. I guess the permissions on the 'Music' folder must be borked.

EDIT2:

I seem to now be able to create/delete directories within the 'Music' folder using my bro's login. However, I still can't 'get' any of the files off of the directory. Logging in to WinSCP as myself, I can do whatever I like.

 

Aha, that's a possibility too... Can you post

Code:

ls -al <path to problematic dir>

 

Just to hijack the thread for a mo...

Okay, this may be a question for part 10 , but I'm looking to set up a Linux server with an old system, it'll be doing file/print (possibly web) serving, but I alsoi want to use it as an authentication server for all the other boxes in the house. Is there any way of using the Linux box as the LDAP server and having the XP/Vista clients connect to it? I've got experience in connecting Linux clients to a NIS and LDAP domain, but not Windows.

From what I've seen on the web, it can be done, but I'm not too sure how.

TIA

Andy

 

Code:

drwxr-xr-x   4 will will 4096 2007-10-28 23:31 .
drwxrwxrwx   8 root root 4096 2007-11-08 14:27 ..
drwxrwxrwx 137 will will 4096 2007-11-08 14:22 Compressed
drwxr-xr-x   2 will will 4096 2007-10-28 23:31 Lossless

I have two folders in there but only the "Compressed" one has files in it.

Code:

drwxrwxrwx 137 will will 4096 2007-11-08 14:22 .
drwxr-xr-x   4 will will 4096 2007-10-28 23:31 ..
drwxr-xr-x   3 will will 4096 2007-10-28 23:56 2K
drwxr-xr-x   3 will will 4096 2007-10-28 23:44 A
drwxr-xr-x   4 will will 4096 2007-10-28 23:47 AC_DC
.......

I see that the r/w permissions are shown on the left (though I don't profess to know what's what).

Should there not be an entry for "charlie"?

Also, how do 'groups' and group permissions work? I've noticed that I am a member of the group "will", whereas charlie is a member of the group "users". Could this have any bearing

EDIT: Further speculation - could it be that maybe I "own" the folder and that's what is causing it? Or maybe created the folder as root?

 

Using the box as a web/printserver is no big deal... Using it as an auth server (slapd [LDAP], freeradius [Radius] or Kerberos) is possible but not that easy.

You can also use Samba (yes Samba, the filesharing stuff) to act as an AD controller.

I'll try to explain what you are presented with:

The rights given to the user that owns the file, in this case will (underlined)

The rights given to the group, in this case will (underlined)
r = read
w = write
x = execute

The world rights, to all the users.

So try this (it opens up the whole lot quite a bit, but it'll get it working). For a more secure way of doing things, PM me, but don't worry about it for a home server

Code:

sudo chmod -R 777 <path to folder>

That will give every file in that folder rwx rights, to all users, so samba should be able to access it without problems every time.

 

would upgrading to xubuntu gutsy 7.10 break anything we've done in any of these two tutorials?

and would i be able to access the server via the public address (xxx.no-ip.org) from the same lan the server is on?

 

It could, but I doubt it would

Depends on your router/firewall. Sometimes it will be accessable, a lot of times it wouldn't be. On the LAN, just browse to the IP of the server and you're set.

 

I was cruising along swimmingly until the Dblinging and I got dblung When I hit ctl + alt + f1 I was running through VNC since it is headless. The screen froze with a crazy pattern and VNC locked up. I rebooted from CLI through putty. Machine came right back up no worries but now when I try to VNC I get:
Connection failed - Error reading Protocol Version

Possible causes:
- you've forgotten to select a DSMPlugin and the Server uses a DSMPlugin
- Viewer and Server are not compatible (they use different RFB protocoles)
- Bad connection

I restarted GDM from CLI, thinking that was the problem. But I am guessing this would have something to do with SSH or something I did in the last few steps. Really would like to avoid going back through the adding back a screen etc. if possible. Any ideas what stupid thing I have done or how I can resolve this.

Great guide by the way.

 

If you rebooted, and X didn't start automatically, you should restart gdm (like you did) AND afterwards restart the vnc server (through the script).

 

Yes, I did that before posting. I also went through the steps found earlier in this thread. I gdm seems to restart, but

No dice. I have seen this before and for the life of me can't remember how I fixed. Think I will have to just throw a head on it and break down Thks anyway. O here is the out put of .trying to start the vnc server for what it is worth. I think once i put a display back on it things will be easier to sort out. Think I just keep the gui, I have space and all or maybe try NoMachine

file will be accessed. The cookie file contains the secret key that
allows x11vnc to connect to the desired X DISPLAY.
- You can explicity indicate which MIT-MAGIC-COOKIE file should be used
by the -auth option, e.g.:
x11vnc -auth /home/someuser/.Xauthority -display :0
x11vnc -auth /tmp/.gdmzndVlR -display :0
you must have read permission for the auth file.

- If NO ONE is logged into an X session yet, but there is a greeter login
program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need
to find and use the raw display manager MIT-MAGIC-COOKIE file.
Some examples for various display managers:

gdm: -auth /var/gdm/:0.Xauth
kdm: -auth /var/lib/kdm/A:0-crWk72
xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk
dtlogin: -auth /var/dt/A:0-UgaaXa

Only root will have read permission for the file, and so x11vnc must be run
as root. The random characters in the filenames will of course change,
and the directory the cookie file resides in may also be system dependent.
Sometimes the command "ps wwaux | grep auth" can reveal the file location.

See also: http://www.karlrunge.com/x11vnc/#faq
statmonkey@server:/usr/local/bin$ *** There may be "Xlib:" error messages above with details about the failure.
10/12/2007 17:21:30 passing arg to libvncserver: -rfbauth
10/12/2007 17:21:30 passing arg to libvncserver: /home/statmonkey/.vnc/passwd
10/12/2007 17:21:30 passing arg to libvncserver: -desktop
10/12/2007 17:21:30 passing arg to libvncserver: VNC statmonkey@

Settings:
display: null
authfile: null
subwin: 0x0
-sid mode: 0
clip: null
flashcmap: 0
shiftcmap: 0
force_idx: 0
cmap8to24: 0
8to24_opts: null
24to32: 0
visual: null
overlay: 0
ovl_cursor: 1
scaling: 0 1.0000
viewonly: 0
shared: 0
conn_once: 0
timeout: 0
inetd: 0
filexfer: 1
http: 0
connect: null
connectfile null
vnc_conn: 1
allow: null
input: null
passfile: null
unixpw: 0
unixpw_lst: null
stunnel: 0
accept: null
accept: null
gone: null
users: null
using_shm: 1
flipbytes: 0
onetile: 0
solid: null
blackout: null
xinerama: 1
xtrap: 0
xrandr: 0
xrandrmode: null
padgeom: null
logfile: null
logappend: 0
flag: null
rc_file: ""
norc: 0
dbg: 0
bg: 1
mod_tweak: 1
isolevel3: 0
xkb: 0
skipkeys: null
sloppykeys: 0
skip_dups: 0
addkeysyms: 1
xkbcompat: 0
clearmods: 0
remap: null
norepeat: 1
norepeatcnt:2
nofb: 0
watchbell: 1
watchsel: 1
watchprim: 1
seldir: null
cursor: 1
multicurs: 0
curs_mode: null
arrow: 1
xfixes: 1
alphacut: 240
alphafrac: 0.33
alpharemove:0
alphablend: 1
cursorshape:1
cursorpos: 1
xwarpptr: 0
buttonmap: null
dragging: 1
wireframe: 0xff,3,0,32+8+8+8,all,0.15+0.30+5.0+0.125
wirecopy: always
scrollcopy: always
scr_area: 60000
scr_skip: ##Soffice.bin,##StarOffice
scr_inc: ##Nomatch
scr_keys: null
scr_term: null
scr_keyrep: null
scr_parms: 0+64+32+32,0.02+0.10+0.9,0.03+0.06+0.5+0.1+5.0
fixscreen: null
noxrecord: 0
grabbuster: 0
ptr_mode: 2
inputskip: 10
speeds: null
wmdt: null
debug_ptr: 0
debug_key: 0
defer: 30
waitms: 30
wait_ui: 2.00
nowait_bog: 0
slow_fb: 0.00
readtimeout: 20
take_naps: 1
sb: 60
fbpm: 1
xdamage: 1
xd_area: 20000
xd_mem: 1.000
sigpipe: null
threads: 0
fs_frac: 0.75
gaps_fill: 4
grow_fill: 3
tile_fuzz: 2
snapfb: 0
rawfb: null
pipeinput: null
gui: 0
gui_mode: null
noremote: 0
unsafe: 0
privremote: 0
safer: 0
nocmds: 0
deny_all: 0
pid: 5769

10/12/2007 17:21:30 x11vnc version: 0.8.2 lastmod: 2006-07-12
10/12/2007 17:21:30
10/12/2007 17:21:30 *** XOpenDisplay failed. No -display or DISPLAY.
10/12/2007 17:21:30 *** Trying ":0" in 4 seconds. Press Ctrl-C to abort.
10/12/2007 17:21:30 *** 1 2 3 4
Xlib: connection to ":0.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
10/12/2007 17:21:34

10/12/2007 17:21:34 ***************************************
10/12/2007 17:21:34 *** XOpenDisplay failed 0)

*** x11vnc was unable to open the X DISPLAY: ":0", it cannot continue.
*** There may be "Xlib:" error messages above with details about the failure.

Some tips and guidelines:

* An X server (the one you wish to view) must be running before x11vnc is
started: x11vnc does not start the X server.

* You must use -display <disp>, -OR- set and export your DISPLAY
environment variable to refer to the display of the desired X server.
- Usually the display is simply ":0" (in fact x11vnc uses this if you forget
to specify it), but in some multi-user situations it could be ":1", ":2",
or even ":137". Ask your administrator or a guru if you are having
difficulty determining what your X DISPLAY is.

* Next, you need to have sufficient permissions (Xauthority)
to connect to the X DISPLAY. Here are some Tips:

- Often, you just need to run x11vnc as the user logged into the X session.
So make sure to be that user when you type x11vnc.
- Being root is usually not enough because the incorrect MIT-MAGIC-COOKIE
file will be accessed. The cookie file contains the secret key that
allows x11vnc to connect to the desired X DISPLAY.
- You can explicity indicate which MIT-MAGIC-COOKIE file should be used
by the -auth option, e.g.:
x11vnc -auth /home/someuser/.Xauthority -display :0
x11vnc -auth /tmp/.gdmzndVlR -display :0
you must have read permission for the auth file.

- If NO ONE is logged into an X session yet, but there is a greeter login
program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need
to find and use the raw display manager MIT-MAGIC-COOKIE file.
Some examples for various display managers:

gdm: -auth /var/gdm/:0.Xauth
kdm: -auth /var/lib/kdm/A:0-crWk72
xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk
dtlogin: -auth /var/dt/A:0-UgaaXa

Only root will have read permission for the file, and so x11vnc must be run
as root. The random characters in the filenames will of course change,
and the directory the cookie file resides in may also be system dependent.
Sometimes the command "ps wwaux | grep auth" can reveal the file location.

See also: http://www.karlrunge.com/x11vnc/#faq

 

Here's the thing that matters Probably you won't have DISPLAY :0 because you restarted GDM, try:

Code:

x11vnc &