FS on a Linux Server

FamilySearch Linux Installation

home / applications / fs / linux installation

About Linux

Hardware

Accessing the Internet

More Information

Recently, I was called to be the Stake Computer Specialist. The official calling, I am told, is actually the Assistant Stake Clerk. Whatever it is, it requires me to manage the Family History Center computers in our Stake building, along with several other machines used for various purposes. I was very excited about the calling since I am currently the System Administrator at KSL Radio and Television here in Salt Lake City. In addition to managing all the servers that run the KSL website and handle the streaming audio, I also take care of the all the Internet connectivity for the DMC (Deseret Management Corporation) companies, including Beneficial Life, Deseret Book, LDS Business College, DMBA and Zions Securities.

One of the first things I did when I was informed that I needed to get the Family History Center functional again was to see about migrating some of the machines to Linux. Nearly all the servers at KSL run on Red Hat Linux. Linux is not only cost-efficient, but extremely stable. Both are required when you get as many visits and host as much bandwidth as we do here and can do so with only limited funds. Using Linux means you do NOT have to pay any licensing fees or additional costs for extra features. Nor do you have to pay every year or so when you upgrade to the next version. You can simply download the latest Red Hat Linux image from off the Internet and then burn it to CD. Not only that but Linux represents the next step in networking and multi-tasking computers. In other words, you can do more for less. Slower machines operate just as quickly

Why am I so adamant about Linux? For a few reasons. First of all, I, like many of you, have had my share of frustrations with Windows and have been frustrated with sometimes incomprehensible errors and crashes. Linux does not completely do away with those problems, but they are noticeably less. Secondly, Linux makes computing fun. There is so much more you can do with Linux than with Windows; you are not limited by what others think or who dictate what your computer should look or act like. Thirdly, every day I work with Linux. I feel most comfortable running Linux. True, I do have a Windows machine for various tasks, but on the whole I spend 95% of my time using Linux. And finally, I have published a couple books on Linux. My first Linux book, titled "Red Hat Linux Administrator's Guide" was approximately 850 pages and was written over a period of a few months. My 2nd Linux book is still at the printer's awaiting publication, which may never come. My publishers are of the opinion that the Linux market is depressed and that few books are moving. However, I have hopes that sometime soon it will be printed in hard copy. I do make portions of it available to those interested. If you would like to know more about migrating from Windows to Linux on both server and workstation platforms, please contact me.

I would like to acknowledge the work of Peter Yorke, whose original page on using Linux with the Family Search program gave me the confidence to move forward on implementing Linux at our Stake Center. His page, though two and a half years old, is still very instructional. The purpose of this documentation is to stay up-to-date on the advances made in Linux and to help instruct even beginners on how to install and use Linux. In no way was my intention to demean the Peter Yorke's work, but instead elaborate further on his page and make this available for anyone else in my Stake who may have to maintain the machines I have set up. Linux can be a boon to users and Stake Centers alike with limited budgets. Better to spend any excess money on hardware than to squander it on expensive software.

I am always willing to help out where I can. Feel free to contact me anytime if you have a question regarding Linux. I am still not current with all the Church applications, yet, so please consult the FHCtech.org site first if you are having problems with these particular applications. However, I am willing to help out where I can on setting up Linux as a file server.

Kerry Cox
April 11, 2002

ABOUT LINUX

Like Peter Yorke and many other, I picked Linux as the file serving software of choice because it is free and extremely stable. Like I said earlier, I use Linux every day at my job on both workstations and servers and thoroughly enjoy it. Though I believe it is not yet ready for "prime-time", meaning end-users may not be ready to replace their Windows machines with Linux and because many vendors have not yet ported over their applications to run under Linux, it does work very well in a server-centric environment.

I also have chosen Red Hat as my preferred distribution. There are many "flavors" of Linux around from which to choose. Each is essentially the same, except for the whistles and beels that come with the installation. Red Hat supports the enterprise server variety of install and since I have been using it since the 3.0.3 release, I decided to stay with it. The most current version of Red Hat is 7.2, which will be detailed here.

This version offers several advantages over previous releases, the number one in my mind being a jouirnalling file system. You don't have to understand exactly what this means, but with the ext3 file system (a file system is the manner in which the drive is formatted, similar to the NTFS format for Windows 2000, or the FAT32 format for Windows 98) you have accountability for all files. Should the box ever be rebooted without a graceful shutdown, i.e. in the event of a power failure, there should be no corruption of data. This is a real plus over other operating systems that may damage files in the event of a system crash.

Another big advantage Red Hat has over other operating systems is that it supports software RAID. This means that you can combine two physical hard drives into one meta-device or a RAID device. Rather than having to spread files across two different drives, you cna ccreate one larger device for storing ALL files. A portion of a 40 gigabyte drive can be combined with an entire 60 gigsbyte drive to create a 70+ gigabyte device that Linux then sees as one partition. This will be necessary when storing the entire collection of Family History data. How this can be accomplished will be expounded on later in this document.

I will not go into depth here on what packages should be installed or the purposes they serve just yet, but suffice it to say that you will nee to configure Linux as a Web Server and as a Windows Networking Server. This require the Apache and Samba packages to be installed. Like the rest of Linux, they are free and come included with the regular Linux distribution. Configuring them is an easy matter, which will be addressed later on in this documentation.

Finally, here are a few comments about what Linux is and how it operates that should make this document easier to understand.

Linux is the IBM PC-compatible version of a popular operating system called Unix. In some ways Linux is (or looks like) PC DOS and its descendants; Windows and OS/2. In other important ways it is very different.

One important difference is the disk directory. In Linux there is no concept of drive letters (the ubiquitous C:\ directory. Rather than addressing a disk partition by a letter, each partition is assigned a device name. For example, the primary hard drive is called hda, and each partition on that drive is given a number. Hence, a single physical hard drive can be broken into various partitions such as /dev/hda1, /dev/hda2, /dev/hda3 and so on. The type of formatting on each partition can also vary. These can be ext2, ext3, swap, RAID, or even FAT32. Each partition on a device is then "mounted" as a subdirectory of a larger directory "tree" that represents all available disk space.

For example, there is always a "root" directory, which is represented as "/" (notice we use a forward slash, not a backslash as in Windows). All of the Family Search material appears to be in the directory named "/pool". When it is translated via Samba to Windows it appears as if it is on the H:\, I:\, J:\, K:\, L:\, M:\ and N:\ "drives". How these drive are created and mounted will be explained later on in this document.

HARDWARE

Linux runs well on less machine than its Microsoft and Novell counterparts. For my purposes I used a donated Dell 350 MHz desktop with 128 megabytes of RAM and two hard drives, one 40 gigabytes in size and the other 30 gigabytes. A slower machine would also have worked well, but like any operating system, you can never have too fast a CPU , too little RAM and too small of hard drives.

Once Linux is installed, there is usually no need for a mouse, keyboard, monitor or even a CD-ROM drive. This are necessary when first booting up, but can be removed later if needed. If needs be, Linux can use other CD-ROM drives via networked workstations for later installation or accessibility. However, for the purposes of maintenance, I like to keep all peripheral devices attached, if only to periodically work on the machine directly. Linux is very comfortable with the command line via a telnet or ssh session. Any network-attached PC can connect to Linux using a telnet client. A simple telnet client comes with nearly every Windows version. I will talk more about maintenance later on and how to configure Linux from a comamnd line interface (CLI) via a Windows machine.

The basic requirements needed for a Linux file server are as follows:

A relatively fast CPU and motherboard, 200 MHz or faster will suit the job just fine.

Anything more than 64 megabytes of RAM is sufficient. Given the lost cost of RAM currently this can be easily obtained.

One or more 40+ gigabyte hard drives. These can be used individually or can be combined to create a larger RAID array.

A CD-ROM for installing Linux from off the distribution CD.

A 10/100 network card. 10 Mb is usually enough. Be sure to verify that your particular card is supported before purchasing the card. Check the Red Hat Hardware Compatibility List before making a purchase.

A good video card with at least 4 megabytes of video RAM.

Various peripherals such as mouse, keyboard, monitor, etc.

That should about do it. Anything else may be considered superfluous, though a sound card and CD-burner or tape backup may be useful items later.

NETWORK

The standard method fo networking computers is to first place a network card in a PIC ir ISA slot within the computer. I personally recommend one of the more recent 3Com or Intel network cards. These are well supported by most every release and "flavor" of Linux. The computers can then be networked with 10Base-T Cat 5 Ethernet cable. I have a large box of the Cat 5 cable and simply cut cables to the needed length and then attach RJ-45 ends with an ethernet crimping tool. Commercially manufactured patch cables are a viable solution as well, but you may deal with the excess length and they do cost more.

Linux runs TCP/IP very well and Samba (the networking software) does uses Windows NetBIOS protocol for finding shares really without even having to set any special parameters. The only field you may have to alter is the name of the default workgroup. Windows defaults to "Workgroup", but I would recommend using an identifying name as "FHC" or "family_history". Just make certain that all the Windows machines' default workgroup is the same as that of the Linux file server.

The networking document from Salt Lake suggests creating a separate sub-directory for each application. Here is a quick overview outlining the format of the directory name and the drive letter associated with that drive or partition.
Within the main partition or /pool directory where the data files will be stored, create a new directory. For example, /ad = Addendum, /igi = IGI, and so on. These partitions will thn be mounted or mapped to the connected Windows machines and assigned a specific drive letter. A different drive letter goes to each subdirectory; h: = /ad, j: = /igi, and so forth.

According to Peter Yorke, the subdirectories are to be created in a "pool" space, or /pool, which is where the /dev/md0 partition is mounted. This same /pool directory can also be an unique hard drive as well, in which case it would be the /dev/hdb or /dev/hdc drive, depending on the number of drives in the machine and where there were located. These directories should be mounted on their appropriate drives before copying the CDs into their respective directories.

The easiest method of creating "shares" or directories accessible by networked Windows machines, is to edit the Samba configuration file. In older Red Hat Linux releases this was the /etc/smb.conf file. With the release of the 7.x series, this config file is located at /etc/samba/smb.conf. You will need to add a resource for each logical drive needed; /pool/af = [af], /pool/igi = [igi], and so on. This configuration file along with Samba parameters will be discussed in more detail later on in this document.

INSTALLATION

A detailed set of instructions regarding a simplified Red Hat Linux installation is available elsewhere. This additional documentation is provided for beginning Linux users and should not be considered a replacement to documentation that comes with the various Linux releases currently available. The linked page is designed for a console-based install. However, for those users of Linux already familiar with the installation process, the rest of this document will provide a highly simplified explaination of how to install Linux and the Family Search program and network it with the Linux file server.

The latest Red Hat release, 7.2 , provides three different methods for installing the operating system (Workstation, Server and Custom) along with two primaryt desktop environments (GNOME and KDE). One might expect the Server installation to be the preferred option, but under the circumstances, I would recommend the Custom option instead.

The choise of desktop environments, is entirely up to the user. Both GNOME and KDE have their own religious following. GNOME is the default for Red Hat, though KDE is also easy to use. I prefer GNOME on server-based installs of Linux and KDE for workstations. In other words, if your Linux machine is to operate as a server, install GNOME. If you will be performing more workstation-oriented tasks, such as word-processing or editing graphics, then choose KDE. KDE resembles Windows in many ways, which can prove easier for beginning users. IN summary, if you will be using the command-line mostly or logging in through a telnet session, choose GNOME. If you will be working directly in the GUI Linux environment, then choose KDE.

PARTITIONS

The concept of partitions may be confusing to some beginning users. To create a partition is to allocate a specific section of a hard drive to a certain directory structure. In other words, if I wanted to reserve a certain portion of a hard drive entirely for /usr/local, I would create a separate partition just for that directory. The same applies to directories such as /home, /var, /boot, swap space and so on. In some cases, users simply allocate the entire hard drive(s) to the root or / partition. This means all directories fall into one physical partition. If you ever needed to reinstall your operating system, you would also lose all your data as well. By creating a /home or /usr/local partition, you can reformat the other partitions and preserve your custom data by NOT formatting these other locations. This is entirely up to the adminsitrator, however. I will briefly explain how I customized my installation in a moment.

Since the early Red Hat 6.x series, Disk Druid is the primary tool for partitioning hard drives. Previously, only the fdisk command was used for partition creation. This can be confusing for some users since it was command-line only. Disk Druid displays the physical outline of each drive and allows for partitions up to 16 in number.

Even more useful with Disk Druid is the creation of RAID arrays. Oftentimes, budgets do not allow for the purchase of a larger 80+ gigabyte hard drive on which to store all the Family Search data. Instead, multiple smaller IDE drives can be striped together to create one larger physical RAID partition. For example, I had one 40 gigabyte IDE drive and one 30 gigabyte IDE drive. I required at least 60 gigabytes on a single partition in which to store all my Family Search data along with all the other data from the CDs. I created a software-based RAID partition that was almost 60 gigabytes in size from two smaller drives. The table below shows how this is accomplished.

If you have no need of a RAID array, or if everything you are installing fits onto one physical drive, then you can ignore the extra hard drive device hdb in the table below and all the references to RAID. Here are the settings I used for my two drives; /dev/hda or my 30 gigabyte drive and /dev/hdb or my 40 gigabyte hard drive. Please notice that the numbers following hda and hdb refer to the partition number or the directory located in that partition.

Device	Amount	Mount Point	Type	Comment
hda1	100MB	/boot	Linux Native	Optional partition that must be below the cylinder 1024 limit, though this is no longer the case with the latest Red Hat release.
hda2	256MB	not applicable	Linux Swap	Swap Space is usually twice the amount of physical RAM in the machine. This is the setting for a machine with 128 megs of RAM.
hda5	2000MB	/home	Linux Native	Storage space for regular users' accounts
hda3	3000MB	/	Linux Native	Root (the rest of the installation or where all software packages are placed)
hda	remaining 20 plus gigs	not yet applicable	Linux RAID	Pool Space
hdb	all 40 gigs	not yet applicable	Linux RAID	Pool Space

Once the two RAID partitions are created, click the button marked "Make RAID device". The ensuing dialog will let you choose all of your Linux RAID partitions and create a meta-device. Create a RAID 0 device as /dev/md0. You can then mount this partition as /pool or as any other identifying name into which you wiull place all the Family Search data.

That is all that is required. The installation system does everything else that is needed, including creating the RAID configuration file and starting the RAID process.

PACKAGE
INSTALLATION

This is sometimes the most tricky part, having to decide which package groups and/or individual packages should be installed. You might want to simply go the easy route and scroll down to the bottom of the list and click on the bottom button "Install everything". This will require more than 2 gigabytes of space on your root or / partition.

If I choose to not install some of the package groups, go with the default choices instead. However, click on the buttons for KDE, Windows Server, Web Server and Kernel Development (in case you need to compile a new kernel later).

Next, select the option at the bottom that says, "Select individual packages". On the next screen you can choose additional programs that wil help make your life easier. If you are not familiar with each package, you can simply click on the package name and a brief description of the package will appear below the list of packages. You will find that each time you install Linux, choosing the right packages will become easier.

One of the most important packages to choose is the samba-swat package. This package will help you configure the Samba program later which allows your Linux machine to talk to other Windows machines. You should also make certain that linuxconf, linuxconfi-devel and gnome-linuxconf are also installed. If you forget to install a package during this initial install, you can always install them later by inserting one of the two Linux installs CDs, mounting the CD, and then changing to the /mnt/cdrom/RedHat/RPMS directory. Issue a command similar to this one to install the correct RPM package.

rpm -ivh samba-swat* linuxconf* gnome-linuxconf*

If the program says the package is not available, change back to the root or / directory, or "cd /" and unmount the CD. Place the other Linux install CD in the drive and try again. You may also issue the above command with each package individually.

DISPLAY &
ADAPTER

The next set of installation screens involves setting up the display adapter. On the one hand nobody in the Family History Center, aside from yourself, is going to be logging on to your server. There is not much point in dedicating a lot of time and effort into properly configuring the monitor and the display adaptor if the box will simply sit in a corner with a monitor or keyboard attached. Most administrators simply console ot telnet into the server and make changes via the command line.

On the other had, Linux has some GUI tools that make maintenance very easy. The installation program should be able to pick out what type of display adapter you have and tell you what it is. The same goes for the monitor. The latest Linux release can pretty much determine the monitor type and give you a full range of settings. If it cannot find your monitor, choose "generic multisync" as the default display type. Everything should run fine in 800x600 display mode.

The installation probe into your hardware may come up with the correct display adapter but it may not know how to use all its capabilities. If you want to use the GUI tools (I particularly like the GUI version of Linuxconf), go through the display adaptor configuration once more after the installation is complete. This is done by logging on to the server as root and running a program called Xconfigurator from the command line.

After the installation is complete you should be able to set the the screen resolution. The installation program sets the display to 640x480 as default. I, and others, prefer 1024x768. 1280x1024 or greater may prove to be more than your monitor (and eyes) can handle. A happy medium would be either 800x600 or 1024x768.

LINUX
NETWORK
SETTINGS

Most Linux network settings are kept in files in the /etc directory. I normally prefer going firectly to the right config file and making the changes myself. However, for those unfamiliar with the corret file locations, use the Linuxconf program. You can start up Linuxconf program from the command line as root by typing /sbin/linuxconf.

Here are some sample settings that may work for your environment. Please note that the information below is only what is needed for this solution. Some options are left intentionally empty since they are not required to make things work. Note that I like giving all my machines a name. Joseph is the name of my Linux server while Brigham, Parley, Wilford, and Lorenzo are the names of my networked Windows machines. I have also named the printers Emma and Eliza. You can name the machines as you wish. Also, these settings are for the older Linuxconf utility with the Red Hat 6.x series. If you are using Red Hat Linux 7.2 or newer, please skip down to the next section.

Config

Networking
- Client tasks
  - Basic host information
  - Host name
    - Host name = joseph
  - Adaptor 1
    - Enabled = true
    - Config mode = Manual
    - Primary name + domain = joseph.fhc.net
    - Aliases (opt) = joseph
    - IP address = 10.1.1.1
    - Netmask (opt) = 255.255.255.0
    - Net device = eth0
    - Kernel module = ne2k-pci (This was configured automatically by the installation routine)
- Name server specification (DNS)
  - DNS usage = DNS is required
  - nameserver 1 = 64.147.130.2
  - search domain 1 (opt) = fhc.net
- Routing and gateways
- Host name search path
- Network Information System (NIS)
- IPX interface setup
- PPP/SLIP/PLIP

Server tasks

Exported file systems (NFS)
IP aliases for virtual hosts
Apache Web server (We won't go here right now)
Domain Name Server (DNS) (We won't go here, either)
Mail delivery system (sendmail)

Samba file server

Defaults
- Base config
  - Synchronise SMB from Linux passwords = true
  - Synchronise Linux from SMB passwords = false
  - Server description = Samba Server
  - Work group = Workgroup
- Passwords
  - Encrypted password required = false
  - Authentication mode = Share
  - Map to guest = Never
- Access
- Networking
- Auto-accounts
- Features
  - Guest account = smbuser
Default setup for users's home
Default setup for printers
Netlogon setup

Disk shares

Share	Comment	Directory
pool	RAID drive	/pool
af	Ancestral File	/pool/af
igi	International Genealogical Index	/pool/igi
ad	International Genealogical Index Addendum	/pool/ad
lc	Family History Library Catalog	/pool/lc
mi	Military Index	/pool/mi
scr	Scottish Church Records	/pool/scr
ss	Social Security Death Index	/pool/ss

All these shares should be marked "enabled", "Browsable", "Public access" and "Writable".

Ftp server (wu-ftp)

Misc

Information about other hosts

IP number	name & aliases
127.0.0.1	localhost localhost.localdomain
10.1.1.1	joseph jospeh.fhc.net

Information about other networks
Linuxconf network access

Users accounts
- Normal
  - User accounts (Add this new user)
    - The account is enabled = true
    - Login name = smbuser
    - Full name = Samba User
    - group = smb
    - Supplementary groups
    - Home directory(opt) = /home/public
    - Command interpreter(opt) = /bin/bash
    - User ID(opt) = Let Linuxconf pick it
  - Group definitions
  - Change root password
- Special Accounts
- Email aliases
- Policies
File systems
Miscellaneous services
boot mode
Control

SAMBA
SETTINGS

SAMBA is the program name used by Linux to talk to Windows machines. When SAMBA is enabled properly on a Linux machine, the "shares" or directories supplied by the configuration will be visible under Network Neighborhood of Windows machines sharing the same Workgroup name. There are several different methods for configuring Samba. You can either use the command line and edit the /etc/samba/smb.conf file manually or use the Samba SWAT utility.

Before making any changes to your smb.conf file, be certain to back it up. I like to copy the distribution file so that in case I make an error manually configuring it or when SWAT changes things dramtically, I always have something to revert back to. To back up your file, simply execute a command such as this: cp /etc/samba/conf /etc/samba/smb.conf/golden. You can also append a .dist to the file name instead.

The easiest method to allow Windows users to see files on the Linux box is to change the smb.conf file to look something like the following.

#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name
   workgroup = FHCENTER

# server string is the equivalent of the NT Description field
   server string = Family History Center File Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = 192.168. 10. 127.

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   printcap name = /etc/printcap
   load printers = yes

# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
   printing = lprng
   
#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   browseable = no
   writable = yes

# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to print
   guest ok = no
   printable = yes

There are more options available, but be sure to read the comments explaining each function. This will now allow regular users to log into the Linux machine and see the files stored there provided they have an account on the Linux machine. This will also only limit them to files that they have in their home directories. It will grant them access to the attached printer. But this configuration is not of much use until you start granting greater access to the installed Family Search files, including the IGI and Ancestral File data.

A more dynamic method of configuring the smb.conf file is to use SWAT. First make sure you have the correct packages installed. This includes the samba-swat RPM file. Check the instructions above for installing the program. Also, make certain that you have enabled SWAT to satrt up. You can do this by selecting the SWAT option whe issuing a /usr/sbin/ntsysv command as root from a command line. You will need to restart the xinetd process; /etc/rc.d/init.d/xinetd restart so that port 901 will be active.

In a browser window on that same Linux box, go to the following URL; http://localhost:901/. You should see the following window appear in your browser.

This is fine for understanding how Samba works since the links all point to man pages that better explain the nuances of making Samba work well. The page you need to first begin editing is the following example or the Globals section.

Here you can start adjusting the Workgroup name along with a description of your machine. You may also decide what IP addresses will and wil not be allowed to view your network file server. You may edit this file just the same as you did the earlier file manually.

Next, start editing the Shares section. Here is where you set up the various directories for the different Church software data files, such as the IGI and Ancestral Files.

You must first click on the "Create Share" link after typing in a descriptive name for that file share. For example, you might name the IGI file share "igi" and then click on "Create Share". Once you have created a share you can begin editing it as shown in the next screenshot.

This still needs to be included

Finally, once you have edited you configuration to your liking, you can view the file itself under the View option. You should see something to this effect.

# Samba config file created using SWAT
# from localhost.localdomain (127.0.0.1)
# Date: 2002/04/04 13:18:15

# Global parameters
[global]
        workgroup = FHCENTER
        server string = Family History Center File Server
        security = SHARE
        log file = /var/log/samba/%m.log
        max log size = 0
        dns proxy = No
        hosts allow = 192.168. 10. 127.
        printing = lprng

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[igi]
        comment = International Genealogical Index
        path = /pool/igi
        read only = Yes
        browseable = Yes
        guest ok = Yes

[af]
        comment = Ancestral File
        path = /pool/af
        read only = Yes
        browseable = Yes
        guest ok = Yes
		
ad nauseum...

Be certain to set the Security option under the global configuraion to SHARE. This will allow the Windows machines to view these directories without logging in as a specific user. You can then map each of these directories when they appear in your Network Neighborhood to a specific drive.

Go to the Status window of your SWAT web page and restart the Samba processes so that your networked machines will be able to see the Linux shares.

These shares should now always be visible, but will not be connected until you map them to a specific drive letter. Check the examples below for suggested drive mappings. Make certain that you check the box for these drive to reconnect at the next reboot or login.

Once you install your Family Search software be sure to follow the suggested outlines as described on the other pages here on the FHCtech.org site for setting up networked data. Simply point your files to the mapped drives during the setup phase.

WINDOWS
NETWORK
SETTINGS

The Windows 95 and/or 98 network settings can be found at Start -> Settings -> Control Panel -> Network, or via the "Properties" menu item when clicking right mouse button on the Network Neighborhood icon. For Windows running Windows 2000 or XP, simply right-click on the Network Neighborhood icon and select "Properties". Again, these settings may not necessarily reflect your own configuration, but you should be able to configure your network based on the examples below.

Network Configuration
- TCP/IP -> Your Network Card
  - Properties
    - IP Address
      - Specify an IP Address
        
        IP Address = 10.1.1.2
        Subnet Mask = 255.255.255.0
    - Gateway
      - New Gateway = 10.1.1.1
        
        This is the IP address of your Linux server. This will be crucial later on when enabling Internet connectivity.
      - Click Add to install the new gateway.
    - DNS Configuration
      
      Host = brigham
      Domain = fhc.net
      DNS Server Search Order = 64.147.130.2
      Domain Suffix Search Order = fhc.net

Next, click on the tab labelled Identification on the top of the Network dialog box. Here you can configure the machine name, workgroup and a brief description of the machine's purpose.

Identification
- Computer name = brigham
- Workgroup = FHC
- Computer description = Windows Machine #1

Finally, if you have any locally attached printers to this machine that you would like to make available to others on the network, go back to the Network -> Configuration dialog box and click on the button labeled "File and Print Sharing..." Check the following two radio boxes.

I want to be able to give others access to my files = true
I want to be able to allow others to print to my printer(s). = true

When you are finished with you network configuration, you will be prompted to reboot the machine. When youn next log back in you should not only see the other machines on your network that share the same workgroup name, but also the Linux file server in your Network Neighborhood box.

SECURITY

The security outlined here in this document is virtually non-existent. Because the machines are all using non-routeable Internet addresses that cannot be passed on the Internet, the only real threat lies within the Family History Center itself and by users. To combat this, I have installed Windows 2000 on all the Windows machines and have created a "Patron" user with no password. This user has very restricted access and can only access the installed programs. They cannot install or modify any sensitive operating system files. Administrative access, much like root on the Linux machine, is know only by myself, the person in charge of the Library and perhaps a few other key people. I cannot stress this enough, do not allow just anyone root or administrative access to the computers. You will save yourself countless hours of trouble and rebuilding machines if you limit access to the bare necessities.

Be cautious with the Samba shares as well. Everyone logs onto the Windows machines as Patorn and all the Samba shares are readable but not writeable. Though it would be difficult to change any of the data originally contained on the data CDs, it is good practice to prevent any users from writing additional information ot the Linux file server.

If you are concerned about keeping up to date with the latest Linux security patches, I would highly recommend downloading the red-carpet utility from http://www.ximian.com/. This utility will connect to the Ximian site or any of the many other mirrors and will determine what packages require updating, will download them to your machine and then will update all the packages, all without any reboot required. You can set the utility to not save the packages once you have downloaded them in order to conserve hard drive space. I recommend all adminsitrators not very familiar with Linux, to install and run red-carpet often.

BINDINGS

The bindings portion of the setup is how each Samba share on the Linux file server will be mapped back to the Windows drive. Remember the partitioning scheme used within the /pool directory. One method of mapping drives might be the following:

J: = \\joseph\ad
K: = \\joseph\af
L: = \\joseph\igi
M: = \\joseph\lc
N: = \\joseph\mi
O: = \\joseph\scr
P: = \\joseph\ss
W: = \\joseph\pool

You can always map these drive manually to the drive of your choice. Using the Windows Explorer dialog box, click on the Tools -> Map Network Drive... option. Choose the drive of your choice. For example, to map the J: drive to the /pool/ad Samba share directory, type the following into the Path: field: \\JOSEPH\ad

Verify that this directory is now available. Be sure to click on the option to "Reconnect at next login". This way the mapped directories will be available the next time the Windows machine reboots.

Furthermore, when you install the Family Search program on W:, using the "install network" method, be sure and insert these drives as well.

ACCESSING THE
INTERNET

Another important advantage to using Linux over Windows machines is its ability to operate as a router or gateway. What that means is once you connect Linux to the Internet, using a simple tool called IP Masquerading or ipchains or iptables, other connected machines can also access the Internet. There are sufficient Open Source proxy tools as well which can be used for limiting each machine's access to various sites. These restrictions can be as open or as restrictive as you want.

This is basically what I have operating at home. I have one main Linux machine that operates as the gateway for all other machines that are networked to it. Once I connect to my ISP or Internet Service Provider (which is in actuality my other Linux box at KSL), my and wife's and sons' computers can also go out and access web sites, download files using FTP and even check email.

IPchains and IPtables are normally enabled by default with most Linux installations. You will only need to attach a modem, preferably an external modem and definitely one that is NOT a winmodem, but rather one that is hardware driven. USRobotics makes some very nice 56k modems that attach to a serial port. Connect the modem, turn it on and then start up Red Hat Linux. Kudzu should detect and configure the most basic settings for you. Once you are in a GUI environment such as GNOME or KDE you can start a wizard that will assist in making the final connections to your ISP.

Next, you will need to enable IP Masquerading. I have included a simple sample script that should be saved as a text file and can be automated to start up at boot. Copy and paste this script into a Linux editor. Save it as /etc/rc.d/rc.internal.masq. You will need root access to save the file here. Change the permissions on the file to executable by typing "chmod 755 /etc/rc.d/rc.internal.masq" which will make it executable by root.

Just be aware that this script is designed for networks with a 192.168.0.0 subnet. If your network is using something like 10.1.1.0, you will need to modify it accordingly and change the subnet mask to match yours. Feel free to contact me if you have any questions regarding the personalization of this script.

#!/bin/sh

# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

echo "Starting internal firewalling... "

# First, flush out all older chains
/sbin/ipchains -F

echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

# MASQ timeouts
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall timeout in ICQ itself)
#
/sbin/ipchains -M -S 7200 10 60

# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the 192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your internal LAN setup
#
/sbin/ipchains -P forward DENY
#/sbin/ipchains -A forward -s 192.168.0.20/24 -j MASQ
/sbin/ipchains -A forward -s 192.168.0.0/255.255.0.0 -j MASQ
# or
/sbin/ipchains -A forward -i ppp0 -j MASQ

# /sbin/insmod ip_masq_ftp

echo "done"

exit 0

Next, add the following line to your /etc/rc.d/rc.local file. I have also added the last two lines stating the forwarding command so that once you connect to your box, you cna actually go someplace.

# Start firewalling internal system
sh /etc/rc.d/rc.internal.masq

echo 1 >/proc/sys/net/ipv4/conf/default/proxy_arp
echo "1" > /proc/sys/net/ipv4/ip_forward

If you wish to disable Internet connectivity to the Windows machines while keeping access available for the Linux machine, in case you need to download security patches for Linux, you can simply execute the following command as root from a command line.

/sbin/ipchains -F

This command flushes all chains out of your system and will block any networked machines from using your Linux machine as a gateway. Be mindful, though, that the next time your Linux machine reboots IP Masquerading will be enabled again. Or if you decide to enable Masquerading without rebooting, simply type the following command:

/etc/rc.d/rc.internal.masq

When you connect to the Internet again via the Linux modem, all networked machines will be able to once again access web pages and email. Exercise extreme caution when enabling this function. As you are probably well aware, the Internet holds an invaluable store of important information but is also a dumping ground for refuse. You may consider installing and enabling something such as SQUID on your Linux machine for filtering out the more offensive content, or simply limiting your users to just a few sites.

FOR MORE
INFORMATION

Search the FHC Tech email list for information on Linux.

back to top ^^