1. Install NTP server
# apt -y install chrony
# vi /etc/chrony/chrony.conf
Line 8.:Comment the default settings and add the NTP server for your time zone.
#pool 2.debian.pool.ntp.org iburst
pool ntp.nict.jp iburst
Add to the last line (Range for which time synchronization is allowed)
allow 192.168.11.0/24
Setting Reflection
# systemctl restart chrony
Operation check
# chronyc sources
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^- ntp-a3.nict.go.jp 1 6 17 14 +1863us[+1863us] +/- 8590us
^- ntp-a2.nict.go.jp 1 6 17 15 -1421us[-1421us] +/- 6577us
^- ntp-k1.nict.jp 1 6 17 15 -927us[ -927us] +/- 3796us
^* ntp-b2.nict.go.jp 1 6 17 15 +28us[ +11us] +/- 5320us
2. Install FTP Server
2.1 Install Vsftpd
# apt -y install vsftpd
FTP Port21 allowed
# ufw allow ftp
# ufw reload
2.2 Edit Vsftpd configuration file
# vi /etc/vsftpd.conf
Line 14 : Change
Listen=YES
Line 22 : Change
Listen_ipv6=NO
Line 31 : Uncomments
write_enable=YES
Line 35 : Uncomments
local_umask=022
Line 99-100 : Uncomments(Allow uploads and downloads via ASCII)
ascii_upload_enable=YES
ascii_download_enable=YES
Line 122 : Uncomments
chroot_local_user=YES
Line 123 : Uncomments
chroot_list_enable=YES
Line 125 : Uncomments
chroot_list_file=/etc/vsftpd.chroot_list
Line 131 : Uncomments(Enable bulk transfer of entire directories)
ls_recurse_enable=YES
Creating vsftpd.chroot_list
Fill in only the user name (huong) in the new file and finish saving.
# vi /etc/vsftpd.chroot_list
huong
Finally, enable vsftpd and restart.
# systemctl start vsftpd
# systemctl enable vsftpd
Synchronizing state of vsftpd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable vsftpd
2.3 Verifying FTP Connection
Verify using an FTP client
Start FileZilla and select "Site Manager" from the "File" menu.
Click on "New site"
Enter the following settings for each item and click "Connect"
Protocol : FTP- File Transfer Protocol
Host : IP address of the server
Port :
Logon Ask for password
User : General user name (server login user)
Password : logd in user password
When the following screen appears, click "OK".
If the connection is successful, the server directory is displayed on the right and the Windows directory on the left.
3. Vsftpd SSL/TLS
Configure Vsftpd to enable SSL/TLS
3.1 Create a self-signed certificate.
If you are using a trusted, legitimate certificate such as Let's Encrypt, you do not need to do this work.
# cd /etc/ssl/private
# openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 3650
---------------------------------------------------------------------------------------------------------------
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP # country code
State or Province Name (full name) []:Osaka # Region (Prefecture)
Locality Name (eg, city) [Default City]:Sakai # City
Organization Name (eg, company) [Default Company Ltd]:private # organization name
Organizational Unit Name (eg, section) []:Admin # Name of organization's department
Common Name (eg, your name or your server's hostname) [] Lepard # Server Host Name
Email Address []: # Administrator's email address
# chmod 600 vsftpd.pem
3.2 Vsftpd Configuration
# vi /etc/vsftpd.conf
Line 149,150: comment out
#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Line 151 : Change
ssl_enable=YES
Add the following after line 152:
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
force_local_data_ssl=YES
force_local_logins_ssl=YES
# systemctl restart vsftpd
Start FileZilla and check
As before, select "Site Manager" from the "File" menu, select the appropriate server, click "Connect," and the following screen will appear.
4. File server installation with Samba
Build a file server with access rights that requires user authentication with Samba.
Installation Procedure
(1) Create a shared folder with access rights that requires user authentication.
(2) Create a group with access rights
(3)Create users belonging to groups that can be accessed
(4)Edit configuration file
4.1 samba Install
# apt -y install samba
4.2 Create a shared folder (smbshare)
# mkdir /home/smbshare
4.3 Create accessible group (smbgroup)
# groupadd smbgroup
# chgrp smbgroup /home/smbshare
# chmod 770 /home/smbshare
4.4 Configuration File Edit
# vi /etc/samba/smb.conf
Line 25 :
[global]
unix charset = UTF-8 # Add
dos charset = CP932 # Add
Line 38 : Add networks to allow access
interfaces = 127.0.0.0/8 192.168.11.0/24 ens33
Line 98 : Comment out and add below
#map to guest = bad user
security = user
Add to the last line
Set any shared name
[Smbshare]
# Specify a shared folder
path = /home/smbshare
# Allow posting
writable = yes
# Do not allow guest users
guest ok = no
# [smbgroup] Allow access only to the group
valid users = @smbgroup
# Set the group to [smbgroup] when creating files
force group = smbgroup
# Set the permissions to [770] when creating the file.
force create mode = 770
# Set the permissions to [770] when creating folders.
force directory mode = 770
# Inherit permissions from the parent folder
inherit permissions = yes
4.5 SMB Restart
# systemctl enable smbd
Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable smbd
# systemctl start smbd
4.6 User (smbuser) registration, password setting, group registration
# useradd smbuser
# smbpasswd -a smbuser
New SMB password: # Password Setup
Retype new SMB password:
Added user smbuser.
Change smbuser to smbgroup
# usermod -aG smbgroup smbuser
4.7 UFW to allow Samba services
# ufw allow samba
# ufw reload
4.8 Accessing shared directories from Windows 11
Connect from Windows Explorer
Open Explorer and enter "\\server IP" (in this case 192.168.11.83) in the address field.
Access the server.
You will be asked to enter your authentication information.
User name : User name created in "4.6 User (smbuser) Registration, Password Setting, Group Registration"
Password : Password for the above user
Click "OK"
Confirm that files and folders are newly created when the shared directory information is displayed.
