![]() ![]() Add Samba Share to Jamf Pro Server In your Jamf Pro Dashboard, Navigate to the following pathĬomputers -> Management Settings -> Server Infrastructure -> File Share Distribution Points -> + Newġ0. sudo smbclient -L 00.00.00.00 -U WriteUserĬonfirm Samba Share is Accessible via Internal Network Macintosh Terminal sudo smbutil view smb:// ĩ. Start Samba Service, Enable Samba Service on Startup & Confirm Listening sudo systemctl start smb sudo systemctl enable smbĬonfirm Samba is Active & Listening sudo yum -y install net-tools sudo netstat -tulpn | egrep "smbd"Ĭonfirm Samba Share is Accessible Locally *Note: For your environment, replace “00.00.00.00” with your servers ip address. # minimum - Modification of targeted policy. # targeted - Targeted processes are protected, # SELINUXTYPE= can take one of three values: # disabled - No SELinux policy is loaded. # permissive - SELinux prints warnings instead of enforcing. # enforcing - SELinux security policy is enforced. # SELINUX= can take one of these three values: # This file controls the state of SELinux on the system. Disable SELinux Link: Read about RHEL 7 & Security Regarding SELinux Here sudo nano /etc/selinux/config Modify the SELINUX parameter from “SELINUX=enforcing” to “SELINUX=disabled”, below is what your SELinux Config file should look like. ![]() Allow Samba Server through the Firewall Link: Read about RHEL 7 & Security Regarding Firewall Here sudo firewall-cmd -add-service=samba -permanent Confirm Samba is available & Port is Open sudo firewall-cmd -list-service | grep sambaĪlternatively, Disable the Firewall sudo service firewalld stop sudo systemctl disable firewalldħ. Modify Samba Configuration File sudo nano /etc/samba/smb.conf Copy & Paste the information below to the bottom of the smb.conf file Ħ. Configure the File Share Directory *Note: For your environment, replace “FileShare” with your preferred directory name *Note: Remember /srv/samba/Fileshare path for use Step #24 sudo mkdir -p /srv/samba/FileShare sudo chown WriteUser /srv/samba/FileShare/ sudo chmod 755 /srv/samba/FileShare/ĥ. Grant Users Access to Samba Configuration & Create Passwords sudo smbpasswd -a ReadUser sudo smbpasswd -a WriteUserĤ. useradd -d /home/ReadUser ReadUser -s /bin/false -N useradd -d /home/WriteUser WriteUser -s /bin/false -Nģ. Create Server Users (Read & Write Accounts) *Note: For your environment, replace “ReadUser” & “WriteUser” with your preferred user account names. Install Samba Link: Read about RHEL 7 & Samba Here samba* includes dependencies, -y accepts all the packages sudo yum -y install samba*Ģ. Samba needs to be configured for utilization by Jamf & Jamf Admin as the Server Replication Process within Jamf Admin uses Samba to mount & distribute/replicate amongst the various internal DPs.ġ. Both RHEL & Jamf have newer versions available by the time I posted this. Also, when I originally took these notes I was using Red Hat Enterprise Linux 7 & Jamf Pro 10.16.1. ![]() Note that to perform the actions in explicit order stated in this guide you must have a base RHEL 7.x Server spun up, running with nothing extra installed/configured, its sole purpose being a distribution point, an IP Address assigned & DNS associated. ![]() A lot of modification can & should be done to this to make the setup more secure but this is the base setup that will get you up & going, allowing for modifications later. This is for Internal / Locally hosted Servers. I'm at a loss, and wondering where I can gain additional info other than the list of ports that need to be open from JAMF.When I began configuring a RHEL Server for utilization by my Jamf Pro Environment as a HTTPS DP I realized that no guides existed. I'm wondering if other schools have fought this battle and have any recommendations, or would be willing to chat with me about how they have implemented their JAMF services into the school.Įven a post listing if you're K-12, Higher Ed, or a business and if you have all ports open or closed on your firewall would be helpful. My network admin (and the recent penetration test the school has) has zero interest in opening up ports, we are almost down to 80 and 443 at this point (with LDAP currently outward facing, for now). Self service, tracking laptops, and pushing updates can ONLY happen at school, and some of those features only work on our wired network, which requires the kid to stop by the help desk. Currently, our server resides locally, and doesn't reach out to the outside world. We are currently looking to move JAMF to the cloud, to hopefully gain functionality. Hey everyone! We're a long time JAMF school, we've been using JAMF Pro/Casper since I arrived at BSM about 6 or 7 years ago. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |