Network Services

Lecturer:

Dalia Mahmoud Elsir

 Outline
• Overview.
• NTP
• File Sharing Services.
• FTP,TFTP,SFTP.
• NFS.
• SAMBA.
• NAS
• References.
 Overview
• As a system administrator, you will need to
know how to look at the status of a running
service and how to stop, start and restart
running services.
• Also you need to had skills of Manage and
configure those services in the OS of the it
infrastructure machines.
 Network Time Protocol
• the current system time is based on a hardware clock. This
hardware clock is typically a part of the computer’s
motherboard, and it might be unreliable.
• two solutions are available:
– External hardware clock –a very accurate atomic clock
connected directly to your computer. It’s reliable and used in
Datacenters.
– Another and more common solution is to configure your
server to use Network Time Protocol (NTP).
 Network Time Protocol
NTP
• One of the oldest Internet protocols in use today is the
Network time protocol or NTP.
• It's used to keep the clock synchronized on machines
connected to a network.
• Real live Example is that all Airports utilize
synchronized clocks systems and many of their
systems use NTP.
 Network Time Protocol
NTP
• in the IT world, machines need to have accurate
time across a network, and You can't depend on
the hardware itself to keep consistent time.
• Some security services like Kerberos and
network authentication protocol that depend
on the time being consistent across the
network to work.
• As sysadmin you must weight between use a
local NTP server or a public NTP server.
 Understanding Local Time
• When a Linux server boots, the hardware clock, also referred to
as real-time clock,is read. And the system gets its initial time
setting from it.
• The time on the hardware clock on Linux servers is usually set
to universal time coordinated (UTC).
• Local time is the actual time in the current time zone and is
calculated(daylight savings time (DST) ) based on UTC. So it’s
always shows accurate time for that system.
• Applications running on the server are converting system time
into local time.
• System time is a time maintained by the operating system and it
is kept in UTC.
 Local NTP server.
– To set up a local NTP server, you can install NTP
server software on your management server.
– Then, you install NTP clients on your machines and
tell those computers which NTP service to sync
their time to.
– This is a great option because you can then
manage the entire process from end to end.
 Public NTP server.
• to set up NTP is to use a public NTP server.
– Public NTP servers are managed by other organizations that
your client machines connect to in order to get synchronized
time. without having to run a dedicated NTP server.
• if you have a large fleet of thousands of machines, it's
better etiquette to be running your own NTP servers.
– A good practice is to run your own NTP server. Then, have
that point to a public NTP server.
– In the /etc/chrony.conf file is configured with a standard list of
NTP servers on the Internet that should be contacted.
– Then switch on NTP by timedatectl set-ntp
 NTP
• Command Short description
• date Manages local time
• hwclock Manages hardware time
• timedatectl Developed to manage all
aspects of time on RHEL 7
• On a Linux system, time is calculated as an offset of epoch
time.
• Epoch time is the number of seconds since January 1,
1970, in UTC.
• In some logs (such as /var/log/audit/audit.log), you’ll find
time stamps in epoch time and not in human time.
 Managing Services in Linux
• Ubuntu installations include a daemon that runs on the
machine and is in charge of synchronizing the clock using
NTP.
• To see only the services that are running
#sudo systemctl --state=running
• We can check that there's an NTP daemon running on this
machine using the service command:
• # service ntp status.
• If at any point it detects that the clock has drifted, it
adjusts the time in a very small increment:
– +/- 0.5 milliseconds per second until it reaches the desired time.
 Managing Services in Linux
• What If the daemon detects the time has changed more than 128
milliseconds?
will not interfere.
# Sudo date –s 2017-01-01 00:00:00
• The NTP daemon will not adjusting the clock. since it's more than
128 millisecond threshold.
• Manually restart the service now:
# sudo service ntp stop
# sudo service ntp start
# date
• An alternative that's available in most services is the restart action
# sudo service ntp restart
 Managing Services in Windows
• Like Linux, Windows also allows the system
administrator to manage the services that are
running on the system.
• For example, let's look at the Windows Update
service.
• This service is in charge of detecting software
updates for either the operating system or other
installed programs, downloading them and
having them ready to be applied to the system.
 Managing Services in Windows
• Get the status of the running service using the
Get-Service command.
• Open PowerShell
• Type Get-Service command
• wuauserv is a short name for the Windows
Update service.
> Get-Service wuauserv
 Managing Services in Windows
• As with Linux, any user can query the status of a
service but only administrators can start or
stop a service :
• open an administrator PowerShell:
– Stop service command
• Stop-Service wuauserv.
– Start Service command
• Start-Service wuauserv
– list all services that are registered in the system
• Get-Service
 Managing Services in Windows
• In windows these actions can also performed
graphically using the services management console.
• Control Panel, click on System and Security, then
on Administrative Tools and finally on Services; or you
can type "Services" into the Windows menu.
• When you right-click on the line that shows a service,
you get a menu of action options.
– Start- Stop -Reload
• You can also access the Properties menu, where you
will see other data and configuration about the service.
File Sharing Service
 Overview
• One of the main goals of using network is to Sharing information(that
may kept in a file or Directory ) or resources (HW or SW).
• A network service that's commonly used in organization is a file
transfer service.
– You can use a flash drive and copy files to each machine you work
on.
– use a remote copy tools.(rcp,)
– store huge files and transfer files from one computer to another
using the Internet.
• There are a few different file transfer protocol services that are used today
we will take:
– FTP
– NFS
– SAMBA
File Sharing Service
 File Transfer Protocol
FTP
• It's a legacy way to transfer files from one computer
to another over the Internet, and it's still in use today.
• File Transfer Protocol is one of the original
application that developed by TCP/IP suite. It is used
to transfer files between server and clients.
• It’s not secure, it doesn't handle data encryption.
• FTP is primarily used today to share web content.
 FTP
• FTP works on Client-server Model and it supported by
All major operating system .
– Clients that want to access an FTP server have to install an FTP
client.
– On the FTP server, we install the software that allows us to
share information located in the directory on that server.

• FTP is an unusual service in that it utilizes two ports :

• data port (20 )
• command port (also known as the control port ( 21 )).
 FTP
• FTP is a TCP, There is no UDP component to FTP.

• FTP client programs can enable users to transfer files to and from
a remote system running an FTP server program(like : Browser).
• FTP Modes:
– Active FTP The client starts listening on a random port for incoming
data connections from the server. It sends the FTP command PORT to
inform the server on which port it is listening.

– Passive FTP The FTP client initiates both connections to the server.
 FTP Modes

Active Mode Passive Mode

Active FTP : Command : client >1023 -> server 21

Data : client >1023 <- server 20

Passive FTP : Command : client >1023 -> server 21

Data : client >1023 -> server >1023
 FTP Users
• Transfers are made between user accounts on client and server systems.
• A user on the remote system has to log in to an account on a server and
can then transfer files to and from that account's directories only.
• There is a special kind of user account, named ftp, allows any user to
log in to it with the username anonymous.
• The numerous FTP sites on the Internet are FTP servers supporting FTP user
accounts with anonymous login.
• This account has its own set of directories and files that are considered public, available to
anyone on the network who wants to download them.
 FTP in RHEL
• The Red Hat FTP Server called very secure FTP (vsFTP) . It
allow access of anonymous or real user.
• With vsFTP, you can secure users, directories, subdirectories,
and files with various levels of access control.

• Service Name: vsftpd

• Service Port: 20(ftp), 21(ftp-data)

• Configuration File: /etc/vsftpd/vsftpd.conf
 Server Side
• Check the following FTP packages if not found then install:

vsftpd, portmap, xinetd

#rpm -qa vsftp*
• Start the service
#service vsftpd start (also portmap and xinted)
• Create a normal user :
# useradd ali
# passwd ali
• Login for this user on other terminal and create a test file
#su ali
#touct test
 Client Sides
#ftp server ip
ftp > command file name
FTP Commands:
Put To upload files on server

get To download files from server

mput To upload all files

mget To download all files

? To see all available command on ftp prompts

cd To change remote directory

lcd To change local directory

• Run ftp command and give username and password
 Configuring Services
• Most services are enabled as soon as you install them.
• These are programs that the defaults configuration are good
enough to safely start serving in a right away,.
• but not all services can provide default values that are suitable
for everyone.
• In some cases, you will need to edit the configuration files
before the service can go live.
 Configuring Services
– On Windows, most of the configuration is stored
in the registry.
• This can be modified using graphical wizards or using
the set service command.
– On Linux, the configuration files for the installed
services are located in the /etc directory.
• And while some software may ship graphical
configuration editors, you typically have to edit the
configuration files with a text editor.
 Configuring Services in Linux
• Let's experiment with a simple ftp server called vsftpd, a service that
gets enabled by default when installed.
– #sudo apt install vsftpd

– #service vsftpd status

• We can also verify that it's running by connecting to the ftp server
with an ftp client
• Lftp is an ftp client program that allows us to connect to an ftp server.

– #lftp localhost
 Configuring Services in Linux
• default behavior of the ftp server is to be locked down.

• Explicitly modify the configuration file to allow anonymous

connections.
• configuration file for this service is located at /etc/vsftpd.conf.

– # sudo vim /etc/vsftpd.conf

• Change the anonymous_enable from no to yes.

 Configuring Services in Linux
• If we try to connect again. It will Still Fails?!!

– because most services read their configuration when they start, and then
keep it in memory while they're running.
• In order for our service to re-read the configuration, we need to tell it to reload.

• Reloading means that the service re-reads the configuration file without having
to stop and start.
• Also ongoing connections aren't interrupted, but new connections will use a
new configuration.

# sudo service vsftpd reload

 SSH File Transfer Protocol
SFTP
• SFTP, it's a secure version of FTP, so it makes sense to
choose this option over FTP.
• During this SFTP process, data is sent through SSH and is
encrypted.
• It uses only one connection at port 22 for communications.

• It encrypts both authentication information and data files

being transferred.
 Trivial file transfer protocol
TFTP
• TFTP stands for trivial FTP. It's a simpler way to transfer
files than using FTP.
• TFTP doesn't require user authentication like FTP, so any
files that you store here should be generic and not need to
be secure.
• A popular use of TFTP is to host installation files.
 PXE
• PXE or PXE boot, which stands for preboot execution.

• PXE specification describes a standardized client–server

environment that boots a software assembly, retrieved
from a network, on PXE-enabled clients.
• Allows install software over a network by keeping the operating
system installation files in a TFTP server.
• when you perform a network boot, you can be automatically
launched into the installer.
Network File System NFS
 Network File System NFS
FAT32 is a popular FAT system that's compatible
with Windows, Linux, and Mac OSes. But it has
severe limitations on the amount of data you can
store on a volume.
What happens if you have multiple users that want
to share files between each other?
They need to store the files somewhere and they need
to be able to retrieve the files over a network.
Network File System, or NFS - It's a protocol that
enables files to be shared over a network.
 NFS
• It is a protocol that was developed for UNIX by Sun
in the early 1980s, and it has been available on
Linux forever.
• Its purpose is to make it possible to mount remote
file systems into the local file system hierarchy.
• An NFS share is exported by the NFS server.
• The format of the share is:
Server name:/share name
# mount ccsit.sustech.edu:/Nwdpt /mnt .
 NFS
• NFS was used in an environment where all
users came from the same authentication
source anyway.
• In NFS, an NFS server is offering shares, which
are also referred to as exports.
• and the NFS client mounts the share into its
local file system.
 NFS
• On Red Hat Enterprise Linux 7, NFS 4 is the default
NFS version.
• This NFS version provides a feature known as the
pseudo root mount.
• This allows you to mount the root directory on the
NFS server, which would give access to all
exported shares.
• 5 shares exported Nwdpt,Csdpt,Itdpt,Isdpt,Swdpt
# mount ccsit.sustech.edu:/ /mnt
 NFS

• On the NFS share, security is allowed or denied

based on the hostname that wants to access the

share.

• If the hostname is allowed, the share can be

mounted and accessed by users from the NFS client.

 NFS

NFS is the Red hat service for sharing files and printers on a directory with
Linux and Unix computers.

• Service Name: nfsd, lockd, rpciod

• Service Port: 2049(nfs),111( assigned by portmap)
• Configuration File: /etc/exports

• NFS server is an RPC service that required Portmap.

 RPC bind
• The rpcbind utility is a server that converts RPC program
numbers into universal addresses.
• It must be running on the host to be able to make RPC calls on
a server on that machine.
• When an RPC service is started, it tells rpcbind the address at
which it is listening, and the RPC program numbers it is
prepared to serve.
 Service Mapping
• Portmapper : is RPC service that always listens on tcp and udp 111, and is used to
map other RPC services (such as nfs, nlockmgr, quotad, mountd, etc.) to their
corresponding port number on the server.

• A portmapper functions as a directory of services and the ports on which those

services are running. Processes can opt to register or not register their location with
a portmapper.
• A common reason for not registering with a portmapper is security.

• The portmap service is required to map RPC requests to the correct services.
• It helps to secure the file & directories that share through /etc/exports.
 Setup an NFS
• The easiest way to setup an NFS server is by using a Linux
environment.
1. install NFS server software that modifies the configuration files for
the directories that you want to allow shared access to.
2. Then the NFS service will be running in the background of the
server.
3. On each client machine that wants to access a server, you just
mount the file system the way you would any other file system.
Except, you'd use the host name instead of a physical disk device.
4. From there, you can access the shared directory like you would
any other folder in a computer.
 Server Side
• The NFS have 2 packages (portmap and nfs-utils) and the installed by
default, so just Check them by run:

#rpm -qa nfs*

• Start the service:

#service nfs start

• Open configuration file

#gedit /etc/exports

• Each Entry specifies the host, the file system, the permissions
and options.
 Server Side
• After finishing work with the directories, Exports them to the system by run:
#exportfs –a
• Restart the service:
#service nfs restart
• To find or verify the directories that shared by the server:
#exoprtfs
• To find or verify the directories that shared on the client:
#mount

• You can use system-config-nfs to configure NFS Server. Using GUI tool.
 Client Side
• The NFS service is installed by defaults.
• Check for the list of shared NFS directories :

#showmount -e
• To access the Shared files in Server, use the mount command:

# mount serverip://the shared file or directory mount point

Or take make it permanent added to /etc/fstab

server1:/data /users/data nfs defaults 0 0

 NFS Pros
• It’s simple protocol with low overhead.
• NFS is still commonly used, in two cases in
particular:
– To provide access to home directories for
Lightweight Directory Access Protocol (LDAP)
users.
– To easily access shared file systems on other
Linux servers, which makes transferring files
between servers easier.
 NFS Cons
• NFS is a good solution to file sharing within the network,
but as with anything on a network heavy usage will slow
down the file system.
• While NFS works with all major operating systems there
are still interoperability issues with Windows.
• If your fleet consists mostly Windows machines you
might want to look at using something like Samba.
SAMBA
 SAMBA Overview
• Microsoft's CIFS was built on the Server Message Block (SMB)
protocol. (CIFS is a dialect of SMB).
• SMB was developed in the 1980s by IBM, Microsoft, and Intel as a
way to share files and printers over a network.
• Samba services provide a stable, reliable, fast, and highly
compatible file and print sharing service .
• It’s allows your computer to act as a client, a member server, or
even a Primary Domain Controller (PDC) or a member of an
Active Directory (AD) service on Microsoft-based networks.
 SAMBA Overview
• Samba was developed as a freely available SMB server
for all Unix-related operating systems, including Linux,
and has been upgraded to support CIFS.
• Also, all major operating systems can use a Samba file
sharing.
• Samba services are similar to NFS since it can centrally
share and manage files services.
 SAMBA

• There is 4 services provided by Samba:

– Authentication and authorization of users.

– File and printer sharing.

– Name resolution.

– Browsing.
 SAMBA
• Linux systems provide transparent and reliable SMB support over
TCP/IP via a package known as Samba. In sharing service you can:

– Share a Linux directory tree with Windows and Linux/Unix computers

– Share a Windows directory with Linux/Unix computers

– Share a Linux printer with Windows and Linux/Unix computers

– Share a Windows printer with Linux/Unix computers



Service Name:
• Service Port:
• Configuration File:
Samba Service
smbd (SMB/CIFS server)
nmbd(NetBIOS name server)
netbios (137),138,139
/etc/samba /smb.conf

• Red Hat's Samba Server Configuration tool (system-config-samba)

• You can check of Samba configuration parameters by using testparm

command.
• SMB network communication over a Microsoft-based network is also
known as NetBIOS over TCP/IP (last Version)
 Setting Up SMB File Sharing
• Setting up a Samba file server involves a few steps:
1. Install Samba packages.

2. Prepare directories on Linux.

3. Prepare permissions on Linux.

4. Create the share in /etc/samba/smb.conf.

5. Create Samba user accounts.

6. Secure the Samba share.

 1. Install Samba packages
• Before an SMB share can be mounted there are 3 Samba packages must sure to be installed:
o The samba RPM package includes the basic SMB server software and Samba daemons.
o The cifs-utils Contains the Samba client packages, including the command you need to mount remote SMB shares
o The samba-client RPM packages are installed on the client. To provides the utilities to set up Samba shares.

o The system-config-samba package installs the Red Hat Samba Server Configuration utility.
o The samba-common RPM package contains common Samba configuration files. Generate
/etc/samba/smb.conf.

• So just Check them by run:

#rpm -qa smb*

Or

• You can do this by executing

# yum install smba cifs-utils samba-client
 2. Prepare directories on Linux.

• you have to create a directory and set appropriate

permissions on that directory.
– E.x mode 777 on the shared directory.
• Authentication Methods
–
Use local username/password
»
(stored in /etc/samba/smbpasswd)
–
To add a local user:
• #smbpasswd –a fred
• (fred should be a user in /etc/passwd)
 3. Configuring /etc/samba/smb.conf
• This file contains two parts:
1. [global] section
• where generic properties of the Samba service are defined.
2. Share definitions
• where share specific settings are defined.
• Two special shares may be enabled as well:
1. [homes] contains default values for accessing home
directories that are shared through Samba.
2. [printers] is used to provide access to printers that
are shared using the CUPS printing system.
 Understanding the [global] Section
• In the [global] section, you define basic Samba parameters.
– workgroup Specifies the Windows workgroup that the Samba server is a member of. This setting is

also used to specify the Samba domain.

– security Indicates how security is handled. The default is set to security = user , which requires users

to have a valid username that is managed by the Samba server and mapped to a Linux user account

name.

– host allow A comma, space, or tab-delimited list of hosts that are allowed access to the Samba

service. See man 5 hosts_access for details on the format that needs to be used.

– load printers This option, which by default is set to yes, ensures that printers from the CUPS print

subsystem are shared through Samba.

– cups options This option is used to specify that print driver processing is handled by CUPS and at the

Samba level no interpretation of print jobs has to happen.

– log file Specifies the name of the file that Samba writes log messages to .
 Creating Shares by Editing smb.conf
• Common Directory Share Options: directives that define the share.
– path The path on the Linux file system of the shared directory.
– writable Enables write access on a share. If set to yes, all authenticated users have write access (if also
permitted by Linux permissions). If set to no, a comma separated write list of users or groups can be used to
specify names of users and groups that have write permissions on the share. (See also read only.)
– read only Setting the read only parameter to no has the same effect as setting writable to yes.
– write list Contains a comma separated list of users or groups that have write access, even if writable is set
to no. To use groups, put a @ or + in front of the group name.
– valid users Use to limit access to the share to listed users only. By default all users have access to the share.
– comment Use to specify a comment. This comment is displayed to users before connecting to the share.
– guest ok Allows access to the guest account. Be careful using this, because it basically bypasses all security
settings. This parameter is required on some administrative shares though.
– browseable Allows browse access to shares, which means that users can navigate through the share
structure to see items available in the share. Make sure to disable on the [home] share.
 Definition of the [homes] shares
Configuring File and Directory Sharing :
[share_name]
comment = Fred's Home Directory
path = /home/fred
valid users = fred
public = no
writable = yes
printable = no
 Definition of the[printer] Shares
Configuring Printer Sharing

[printer_share_name]
comment = Fred's Printer
valid users = fred
path = /var/spool/samba
printer = freds_printer
public = no
writable = no
printable = yes.
 Using Samba Users
• When the security = user setting is used, you
need to create two accounts to enable access
to shared files and directories:
– A Linux account that has the appropriate Linux
permissions on the share.
– A Samba account that has a name that matches the
Linux account and on which the SMB-compatible
NTLM password is set.
• on a Samba server, you’ll only have Samba-only
users who need to access it.
 Samba-only users
• Samba-only users are user accounts that are used by Windows
users who are connecting to a Samba share but that do not
require login to a Linux terminal as well.
• For Samba-only users, you do not have to set a Linux password.

• Set the login shell to /sbin/nologin, which prevents the user

from ever logging in to a terminal on your server.

– E.x useradd -s /sbin/nologin lara.
 Server Side

• Start the service

#service smb start

• Open configuration file:

#gedit /etc/samba/smb.conf

OR Use GUI Applications  Server Settings

 Services  SMB
 Discovering Samba Shares
• List the Samba shares that are available on the Samba server
using smbclient –L command.
• Followed by name of the host that is offering Samba services.
Client Side
Client Side
 Client Side
• When you install the samba client package, there will be 2 type of
clients:
o One connects to directories shared from Microsoft Windows servers or
Samba servers on Linux/Unix
o The second connects to shared printers from one of the same two types
of servers.

• Use smbclient to check the shared directories and printers from

remote computers on your network .
 Client Side
• Share the Samba Directory on Windows machine

• Share the Samba Filesystem on Unix machine by specifying in /etc/fstab

server1:/smbdata /users/smbdata smbfs defaults 0 0

or use

smbmount //server1/smbdata /users/smbdata –o

username=fred

Or
mount -t cifs -o user=guest //192.168.122.200/data /mnt
 SAMBA

• When you create a Windows shared folder it's

actually using the SMB protocol, Samba itself is a
software service suite used for file services.
• A relatively affordable solution for FAT storage
hardware is to use network attached storage or
NAS.
 Network Attached Storage NAS
• Instead of setting up a dedicated server like you would other
services. NASes are computers that are optimized for file
storage.
• They usually come with an operating system best stripped
down in order just to serve files over a network.
• It’s mainly provide lots of storage space.
• Whatever method you choose, central file storage and
management is an important part of I.T. infrastructure for any
organization
 Supplemental Reading
• https://en.wikipedia.org/wiki/Preboot_Execut
ion_Environment
• https://en.wikipedia.org/wiki/Comparison_of
_FTP_client_software

• http://www.linuxfromscratch.org/blfs/view/cv
s/basicnet/nfs-utils.html

• https://docs.microsoft.com/en-us/previous-ve
rsions/windows/it-pro/windows-server-2012-
R2-and-2012/hh831795(v=ws.11)?
• rpcbind(8) - Linux manual page - man7.org
https://man7.org › linux
› man-pages › man8 › rpcbind.8
 Assignment
• What is the problem with 139 port? Short
answer.
• What is FTPS ? And what is the difference
between SFTP vs FTPS?
• What is the relation between Port 111 in
Linux and Microsoft's port 135 or DCOM
DCE?