For the SOHO (small office/home office) crowd, or those that want a server at home, going with a linux-based file server is a grand deal. Here is what I did for my home server running a SATA RAID array (for audio/video/data applications) on Ubuntu Server 7.04.

What I wanted to do was build a fileserver for the house to support home and small-business office needs. We run a small business, work for a living, and have other related data needs. We also wanted to have the music (and some video) archive available throughout the house. And I wanted it centrally stored and managed as well as a central user management place. And I wanted it to be the backbone of the home network and serve as a domain controller, DHCP/DNS server, and such. And eventually, I wanted to be able to access it remotely from the net. I knew the answer for me involved Linux with SaMBa.

Next, the question was which distribution? After some reading of various articles (just use your favorite search engine), I decided on Ubuntu. Ubuntu has a great community and is a well-respected community release project for linux. I figured it would do the job, and so far I am happy. I downloaded the iso for 7.04 Server and then burned it to a CD and popped it into my server:

Server Documentation

BTW, my server is:

• Case/PowerSupply: Generic/PLink 450W
  
• Motherboard: MSI K8N Neo4 Platinum
• CPU: Athlon 64 3200+
• RAM: 1G (may want more)
  
• Video: RV370 [Radeon X300SE] (Generic 64MB PCI-e16 ATI Radeon X300)
  
• RAID Controller: Adaptec 2410SA (4-Port, RAID 5, SATA I, PCI-X)
  
• Hard Drives
  • System: 15.3G Fujitsu Ultra ATA
    
  • Data: 4 x 500G SATA II RAID 5 (4 Seagate)
• DVD-ROM

Installation

The installation went very well. I did install DNS and DHCP. And in the end I got the unix prompt -- this is Server version, after all. I was able to login using the username/password previously input and access the system and make sudo commands and such.

• Install OS (I installed to 15G HD and let it partition into two, most for the system, another small for swap)
• Install OpenSSH
• Install Ubuntu Desktop - allow view Desktop
  
• Install VNCserver (tightVNC)
• Configure DHCP
• Configure DNS
• Install SaMBa

Note: I did use the amd64 iso and not the 32-bit iso because this is a server. However, you can't run Flash, WINE, and some other 32-bit apps on 64-bit, so if you need to run things like that, then use the 32-bit iso instead.

Security Diligence

It's important (highly recommended) to deal with basic security issues.

Hardware Installation

The CD-ROM (and floppy) didn't automount for me for some of this. So, you may have to do that manually. [sudo mount /dev/cdrom /media/cdrom0]

Graphics Adapter

I also have to install the video drivers for this generic ATI Radeon X300 (reported by lshw command as RV370 [Radeon X300SE]). This is a cheapy generic card and may be hard, but we'll see what happens.

RAID Controller

I installed a HighPoint Technologies card, but had problems getting it all to work from a hardware standpoint (not to mention some of the nightmare of having to build your own drivers and such). So, I ended up using a tried-and-true Adaptec card. I had to initialize the drives, then create the array, then do the build/verify. The build/verification itself took almost 30 hours for the 1.4 TB array. I then had to follow the instructions for installing a hard drive. Gparted didn't work (maybe because it reported some very large negative numbers for file sizes -- maybe a bug). I then used the instructions for fdisk and mke2fs, which worked. I also found use several documents about hard drives. I'd also suggest running disk check on the drive to test it out and look for bad blocks.

System Services

SSH

Advanced OpenSSH (Ubuntu Docs)

I had to install SSH server and get it running so I could access the server remotely. Easy enough. Just use the command 'sudo apt-get install openssh-server' and then system users may login via SSH. Configure the .bashrc and .profile to your liking. I like to change the prompt, and put a bunch of aliases in a referenced .bash_aliases file.

X-Windows

Periodically (periodically, I say?), things are easier to accomplish using the GUI. This server will be installed in the wiring closet, so I want to access it remotely, too, with GUIs as appropriate. So, I setup and installed X via the Ubuntu Desktop using the command: sudo apt-get install ubuntu-desktop. This also sets the stage for using VNC as the x-terminal to access it and have a user-friendly desktop.

VNC/X-Terminal

I also wanted to access this via an x-term, so I used tightVNC. You have to install vncserver on the server (sudo apt-get install tightvncserver). Then you have to run the server somehow. I setup some quick scripts for this: vncstart and vncstop. These run the commands 'vncserver -geometry 1012x646 -depth 16' and 'vncserver -kill :1' respectively. Likely I'll automate this some time.

Then you can access the machine using VNC viewer (machinename:1). However, you don't get the desktop. To get the desktop, you have to manually edit ~/.vnc/xstartup and comment out the line x-window-manager and add three lines: 1) gnome-wm &, 2) gnome-panel &, and 3) nautilus &. This will give you a gnome-like desktop to play with instead of a blank x-windows desktop (much more functional and useful).

Synaptics

At this point, I can always access the GUI, so most things will now point to that. As such, I can use the Synaptics Package Manager, incorporated with the Ubuntu Desktop.

Flash Player for Firefox

The adobe download for Flash player wasn't working. I searched Ubuntu forums and found this posting that uses nspluginwrapper.

AntiVirus

There are several anti-virus packages listed in the Ubuntu docs, mainly ClamAV, F-Prot, AVG, and Panda. I wanted one that could scan files coming and going. It appears that for on-access type, I need expensive software. I decided that I could run it via cron jobs. Besides, I'm using it as a fileserver, and all my clients run AV software. Should be good enough, but I recognize there is some security risk. After too danged much research, I figured out that for amd64, I pretty much have to use ClamAV. If you're using 32-bit, then you have more choices

Links: Comparitives | AVG HowTo | ClamAV on Ubuntu | Update Virus Definitions |

ClamAV looks to be good. There is the freshclam updater that can be run in the cron tasks. Sourcefire acquired ClamAV in August 2007. Unknowns coming.... They are also in charge of the Snort IDS/IPS project, too. ClamAV doesn't do on-access scanning (sometimes called real time protection), but you can script scans of the system, too. You also install ClamTK (the ClamAV GUI).

The Feisty-Fawn and universe repositories were using a 2.x version of ClamTK and an older version of ClamAV. I found the latest for ClamTK and ClamAV and added it to my local pkgs. The updates worked fine (unlike AVG and Avast since they weren't 64-bit capable). While I downloaded the latest ClamTK into my local repository, for ClamAV, I added a volatile update mirror per the instructions for the latest ClamAV on Debian installations. I get an error on update related to ability to authenticate the packages (probably fixable), but it works otherwise.

In the end, to install, after doing the above, all I did was use Synaptics Package Manager to install ClamTK which also selected all the dependencies including ClamAV and freshclam. I can now add an entry for a nightly scan cron job and mail it to myself.

AVG has a good track record, generally. And it updates itself. I found this howto on installing AVG on Ubuntu's Feisty Fawn. Also, they have instructions on their website. But it only works on 32-bit architectures.

I'd used Avast! AntiVirus on Windows and liked its capabilities. They have a server edition, but I was hoping that I could run the standard free home version on the server. I don't know if you can or not because none of Avast's linux AV apps run on the 64-bit version of Linux (2007-09-14). So I couldn't try it. Finally, I understand that Avast isn't friendly to screen readers (but AVG is) according to my blind friend and he recommends AVG (which I didn't like because they auto insert messages into e-mails).

DNS

Ubuntu Docs | DNS HowTo |

Having an internal DNS server is easier on the network as well, and makes it easier to specify names for the various internal aspects of the network, such as printers, routers, and other machines that may not play with WINS.

• /usr/sbin/named - the program
• /etc/resolv.conf - DNS resolution (more info via 'man resolv.conf'); I edited mine to:
  • search local.mydomain.net
  • nameserver 127.0.0.1, my two nameservers (need semi-colons)
    
• /etc/bind/named.conf - Named configuration file
  • add forwarding
• rndc - the program to control the named service (run without options for help)
  • rndc to reload (or service bind9 restart)
• I added debian-helper-scripts via package manager.
• I added a zone to the named.conf.local
  • zone "home.mark.boyden.name" {
            type master;
            notify no;
            file "/etc/bind/db.home.mark.boyden.name";
    };
• I then added a reverse zone to the named.conf.local file and then updated those (and ran rndc to reload)
• If root.hints doesn't update, then look at this article.

DHCP

I wanted to use this server (instead of the router) to manage DHCP since it has much finer control overall. Installation and configuration is pretty easy, and all I had to do was read the DHCP doc, the FAQ and the mini-HowTo. Then I had to turn it off on the router and configure the reservations. I also added a few reserved IPs.

LDAP

LDAP, Lightweight Directory Access Protocol, is the non-proprietary standard for directory services these days. It's a light version of X500. Microsoft's proprietary Active Directory is based on this, and with a lot of massaging, you can get it to work together.

Links: Ubuntu Official Doc (Use the Community one; it's more up-to-date) | OpenLDAP | Securing |

Installation

Anyhoos, if not already installed, as I needed, install slapd (the server) and ldap-utils. You will have to input a root domain and password for slapd. I also suggest installing Luma, the GUI for managing LDAP databases, although getting it going isn't intuitive. You also have to make a shortcut for this yourself.

Configuration

Notables:

• Config Dir: /etc/ldap

Of course, make a copy of your configuration file(s) before starting. Make a few edits to the main configuration file slapd.conf per the Ubuntu community instructions to setup an initial database.

• set root password, but do it using slappasswd
• create the init.ldif file, but I used internal instead of example and company.com for org. I understand that the latter part must exist and resolve.
• secure the service and authentication ACLs
• check configuration changes using slaptest

There is a best practice for your tree, and it's something like this (non-graphical):

• root domain
  • users and groups
    
    • groups
      • group1
      • group2
    • people
      • user1
      • user2
  • resources
    • file shares
      
    • printers
    • servers

It doesn't load by default yet. And the slapd script doesn't start it. This is a problem with feisty, apparently. Finally, after struggling with it for awhile, I got some of it to work. I setup a different user than admin, and that made it work in Luma. I didn't get ldapsearch to work though. I expect it's another configuration issue because it asks for a SASL/Digest-MD5 password and I'm using the "simple" which is apparently SSHA.

Will SaMBa work with it for authentication, though? That's the real question for me.

Samba/DC

Samba provides various authentication capabilities including Windows SMB, LDAP, Kerberos, among others. It allows for distributed authentication. My needs for Samba are: PDC (Primary Domain Controller, ala Windows), Authentication via LDAP (less necessary for small offices, but easier in the long run for clients/users).

SaMBa:

• SMB/LDAP Installer: I found this after I'd done most of the work. It helped me to finish some of the things up I'd been trying by hand. It handles pretty much everything for you and works for PDCs, BDCs, and such.
  
• Samba Guide: Ubuntu Community Guide - lightweight, getting started guide
• Fast Start : Has some good examples for PDC/BDC, including LDAP
  
• PDC: from Samba site. More complete
  
• Client Authentication: Ubuntu Community Guide on enabling Linux machines to authenticate against LDAP

This server will act in the capacity of the Primary Domain Controller (PDC) for the network as I'd like (like most people) single sign-on authentication for the network and its resources. This requires SaMBa for file sharing and print server services, so, install samba using Synaptics (samba-common was already installed and may be enough, but don't know for sure at this point). I'm assuming that LDAP is setup and running (per above or different).

Firewall

This machine will be the backbone between the external IP firewall and the internal network. IPTables is the firewall, of course.

VPN/OpenSWAN

I wanted to be able to provide access to my server via VPN. I know that security-wise, having the VPN, the Firewall, and all that on the same server isn't necessarily best case, but this is a home-office network after all.

Web/HTTP

This is the apache 2.x version. Main config in /etc/apache2. Currently, files for the default server are in /var/www.

Package Management

Ubuntu uses a package manager that isn't RPM (Redhat Package Manager). It uses aptitude. A few quick notables:

• Software Management for Ubuntu
  
• Command Line
  • aptitude (cli gui of packages)
    
  • apt-get (for installing, updating packages)
    • apt-get dist-upgrade pkgname (to require download)
  • apt-cache (for listing packages)
  • dpkg (for managing packages)
• Repository Sources: /etc/apt/sources.list
•  

Things I Bookmarked for future study:

• BinaryDriverHowTo Page (to install ATI/nVidia drivers for my card)