1
00:00:00,000 --> 00:00:14,679
Hey everyone and welcome back.

2
00:00:14,679 --> 00:00:19,600
So now what I want to talk to you about is the installation of SAMBA.

3
00:00:19,600 --> 00:00:25,160
Now to actually begin, what we will do is go directly to the command line, okay?

4
00:00:25,160 --> 00:00:28,879
So what we'll do here is I will say sudo and I will say apt.

5
00:00:28,879 --> 00:00:34,640
And what I'm going to install is SAMBA, which will give us the functionality of the SAMBA

6
00:00:34,640 --> 00:00:35,640
server.

7
00:00:35,640 --> 00:00:38,239
I will also say SAMBA-CLIENT.

8
00:00:38,239 --> 00:00:43,479
Now one word, the SAMBA client typically is going to be installed in your system, but

9
00:00:43,479 --> 00:00:49,719
in the event that it is not, you can install it using SAMBA-CLIENT.

10
00:00:49,719 --> 00:00:54,840
And the last thing I want to install is a program, which is going to be used by both

11
00:00:54,840 --> 00:00:59,880
the SAMBA server and the SAMBA client, that is going to be SAMBA-COMMENT.

12
00:00:59,880 --> 00:01:06,120
So if I hit ENTER now, oh and notice actually, it might actually be renamed to SMB-CLIENT,

13
00:01:06,120 --> 00:01:07,520
just to be aware of that.

14
00:01:07,520 --> 00:01:08,880
Let me just say yes.

15
00:01:08,880 --> 00:01:12,120
And now we have everything we need installed.

16
00:01:12,120 --> 00:01:17,879
Now before we actually begin working through the configuration of SAMBA in any great detail,

17
00:01:17,879 --> 00:01:23,040
let me just discuss some of the concepts that are going to be related to this subject.

18
00:01:23,040 --> 00:01:29,240
One of the things that we're going to be encountering is how SAMBA actually handles security.

19
00:01:29,240 --> 00:01:35,480
Now in real terms, we have to be aware of two different types of security implementations.

20
00:01:35,480 --> 00:01:41,040
And when I'm talking about security, what I'm talking about really is how we can securely

21
00:01:41,040 --> 00:01:46,760
authenticate with our SAMBA server so that we can get the information that we need off

22
00:01:46,760 --> 00:01:47,760
of that server.

23
00:01:47,760 --> 00:01:54,480
So the first type of security is going to be referred to as user security.

24
00:01:54,480 --> 00:01:57,640
And this is going to be the default security that is used.

25
00:01:57,640 --> 00:02:01,920
And honestly, this is going to be the type of security that I'm going to recommend you

26
00:02:01,920 --> 00:02:03,020
implement.

27
00:02:03,020 --> 00:02:05,240
It is a default for a reason.

28
00:02:05,240 --> 00:02:09,680
And we certainly will see this type of security later on within this skill.

29
00:02:09,680 --> 00:02:15,520
Now the second type of security is just referred to as share security.

30
00:02:15,520 --> 00:02:20,280
I'm really not a fan of this type of implementation.

31
00:02:20,280 --> 00:02:22,600
And I think you maybe see why when I explain it.

32
00:02:22,600 --> 00:02:25,280
So let's talk about the differences between them then.

33
00:02:25,280 --> 00:02:31,120
So when we're talking about user security, this to me just seems really quite natural.

34
00:02:31,120 --> 00:02:37,960
It is when you happen to provide a username and paired with that username is a particular

35
00:02:37,960 --> 00:02:38,960
password.

36
00:02:38,960 --> 00:02:41,840
This is just like logging in to many different websites.

37
00:02:41,840 --> 00:02:45,680
You know, maybe you've got a Reddit account or maybe you have a YouTube account.

38
00:02:45,680 --> 00:02:50,920
You type in your username and you authenticate that with the actual password.

39
00:02:50,920 --> 00:02:54,759
So by providing both, that is how you get access.

40
00:02:54,759 --> 00:02:58,920
This is effectively what we're talking about when we're talking about user security with

41
00:02:58,920 --> 00:03:00,920
respect to SAMBA.

42
00:03:00,920 --> 00:03:06,199
When we're talking though about share security, things are a little bit loose or at least

43
00:03:06,199 --> 00:03:07,199
looser.

44
00:03:07,199 --> 00:03:11,560
And all we really require here is a password.

45
00:03:11,560 --> 00:03:17,520
So you can kind of more conceptualize this as having some type of folder on your system

46
00:03:17,520 --> 00:03:22,159
and the access to this folder is protected with a password.

47
00:03:22,159 --> 00:03:28,039
So notice here, we actually are not concerned with providing a valid username.

48
00:03:28,039 --> 00:03:32,560
Simply put, if you know the password to the folder, you can access the folder in the same

49
00:03:32,560 --> 00:03:38,000
type of deal as with respect to SAMBA here when you're implementing share security.

50
00:03:38,000 --> 00:03:43,919
If you happen to know the password for that share, then you may be granted access to that

51
00:03:43,919 --> 00:03:44,919
particular share.

52
00:03:44,919 --> 00:03:50,719
Now, here is an issue and it really is an issue in how Linux actually operates.

53
00:03:50,719 --> 00:03:57,199
The way Linux actually operates at its fundamental level, it really does enjoy having this combination

54
00:03:57,199 --> 00:03:59,319
of usernames and passwords.

55
00:03:59,319 --> 00:04:04,520
This idea of just having like a password protected folder, not really how Linux likes

56
00:04:04,520 --> 00:04:05,520
to authenticate.

57
00:04:05,560 --> 00:04:11,360
So the idea that we do not have a username presents to us a little bit of a challenge.

58
00:04:11,360 --> 00:04:15,680
So here is how this is actually going to be resolved and it is resolved in a kind of novel

59
00:04:15,680 --> 00:04:16,680
way.

60
00:04:16,680 --> 00:04:18,319
And again, I'm not too much of a fan of this.

61
00:04:18,319 --> 00:04:20,160
It's on our SAMBA server.

62
00:04:20,160 --> 00:04:21,160
Let's say this is a CROK.

63
00:04:21,160 --> 00:04:22,960
So this is the SAMBA server.

64
00:04:22,960 --> 00:04:27,480
And let's say we have some type of share that we want to be shared.

65
00:04:27,480 --> 00:04:31,280
So this could be some type of directory on the system.

66
00:04:31,280 --> 00:04:33,080
Just call this directory X.

67
00:04:33,120 --> 00:04:37,479
And within this folder X there is some really useful information that is going to be shared

68
00:04:37,479 --> 00:04:38,479
amongst the team.

69
00:04:38,479 --> 00:04:44,639
So what we actually do at the share level is we're going to specify the users, which

70
00:04:44,639 --> 00:04:48,360
happen to be allowed access to this particular share.

71
00:04:48,360 --> 00:04:50,360
So we define this on the server itself.

72
00:04:50,360 --> 00:04:55,680
We maybe say, you know, John and Bob are allowed access.

73
00:04:55,680 --> 00:05:03,039
And then when either John or Bob try to actually gain access from their computer over here,

74
00:05:03,040 --> 00:05:07,800
when they go in and try to reach that share, the only thing they have to provide is their

75
00:05:07,800 --> 00:05:08,800
password.

76
00:05:08,800 --> 00:05:13,680
They do not actually have to provide the user name John or the user name Bob.

77
00:05:13,680 --> 00:05:19,240
Instead that information is going to be held over on the SAMBA side as a list of allowed

78
00:05:19,240 --> 00:05:22,759
users who can actually use this particular share.

79
00:05:22,759 --> 00:05:28,840
Now the interesting thing is that SAMBA is only going to be checking for this particular

80
00:05:28,840 --> 00:05:29,840
password.

81
00:05:29,839 --> 00:05:35,319
So really if let's say Bob was trying to access the share and let's imagine that John

82
00:05:35,319 --> 00:05:41,279
is a very lazy computer professional, he happens to leave his password on a piece of paper

83
00:05:41,279 --> 00:05:44,399
next to his desk, which you absolutely should not be doing.

84
00:05:44,399 --> 00:05:46,959
But Bob can actually see John's password.

85
00:05:46,959 --> 00:05:48,959
Bob could just type in John's password.

86
00:05:48,959 --> 00:05:54,479
Let's just say John's password was John1 because apparently John is super lazy with security.

87
00:05:54,480 --> 00:05:59,400
And Bob actually could authenticate with this SAMBA server because he would be on the

88
00:05:59,400 --> 00:06:02,640
list of allowed users, Bob.

89
00:06:02,640 --> 00:06:08,160
And the only thing SAMBA would be checking is the password and the password John1 is

90
00:06:08,160 --> 00:06:11,080
an allowed password for this particular share.

91
00:06:11,080 --> 00:06:16,360
This would ultimately grant Bob access to the SAMBA share even though he happens to

92
00:06:16,360 --> 00:06:18,439
be using John's passwords.

93
00:06:18,439 --> 00:06:19,439
Hopefully that makes sense.

94
00:06:19,439 --> 00:06:22,819
But as you can probably sense, this doesn't sound too robust.

95
00:06:22,819 --> 00:06:26,659
This is indeed why I'm not a big fan of this type of implementation.

96
00:06:26,659 --> 00:06:31,939
And it is the reason that it is not the default way to protect your SAMBA shares.

97
00:06:31,939 --> 00:06:37,860
Now with respect to our SAMBA configuration, we actually have a configuration file and

98
00:06:37,860 --> 00:06:43,259
it's this configuration file that is whereabouts we can actually specify the type of security

99
00:06:43,259 --> 00:06:44,659
that we want to implement.

100
00:06:44,659 --> 00:06:48,740
And honestly, it's this configuration file that is going to control everything we really

101
00:06:48,740 --> 00:06:52,620
do with respect to our SAMBA server.

102
00:06:52,620 --> 00:06:55,980
And this happens to be located in a very particular location.

103
00:06:55,980 --> 00:06:58,180
This is going to be in the Etsy directory.

104
00:06:58,180 --> 00:07:01,740
And then within that, we will have a SAMBA directory.

105
00:07:01,740 --> 00:07:07,540
And then within that directory, we should have a file called smb.conf.

106
00:07:07,540 --> 00:07:10,620
This is going to be the configuration file that you can expect to use.

107
00:07:10,620 --> 00:07:16,220
However, if you happen to be using an older system, the actual location might even be

108
00:07:16,220 --> 00:07:23,300
in Etsy, forward slash smb as opposed to SAMBA and then smb.conf.

109
00:07:23,300 --> 00:07:26,820
However, like I say, this happens to be rather antiquated.

110
00:07:26,820 --> 00:07:31,220
You should not expect this to be the default location if you are on a modern system.

111
00:07:31,220 --> 00:07:35,460
For the purposes of the examination, just be aware that these two different locations

112
00:07:35,460 --> 00:07:36,460
do exist.

113
00:07:36,460 --> 00:07:41,700
But in real terms, you can expect your configuration file to lie within the SAMBA directory.

114
00:07:41,699 --> 00:07:45,819
So now that we have some of the bare bones basics behind us around the concept of our

115
00:07:45,819 --> 00:07:50,899
SAMBA server, how about we actually dig into this configuration file to see some of the

116
00:07:50,899 --> 00:07:54,899
details of how we can actually get this server up and running.

117
00:07:54,899 --> 00:07:57,740
And well, that's what we're going to be doing in the very next nuggets.

118
00:07:57,740 --> 00:08:01,180
I hope this has been informative for you and I'd like to thank you for viewing.