Seattle Linuxchix Logo
History of Seattle LinuxChix Join us Events LiveJournal
Tutorials Our Members Articles Links

Samba

Samba is the most commonly used open source software for connecting Linux to Windows over networks.

The notes below were provided by
Marcus Nedelmann, IT Specialist,
at the Thursday, March 20, 2003 Seattle LinuxChix meeting.

Samba uses the SMB protocol over TCP/IP to interface with MS environments.

Daemons and Commands

smbd - the daemon provides file and print services to SMB clients
nmbd - provides name services for NetBIOS
smbclient - an ftp-like SMB client for accessing SMB shares. It can also be used to allow a UNIX box to print to a printer attched to an SMB server.
       smbclient //hostname/share -U username
testparm - tests the samba configuration file
smbstatus - tells the status using the smb daemon
nmblookup - used to query NetBIOS names.
        -M --to search for master browser
        -S servername --shows NetBIOS names registerd by the host
mount_smbfs - mount an SMB share. you have the option to mount this in "/etc/fstab".

see the manpage.

Starting and Stopping Samba

Start samba in /etc/rc2.d and /etc/rc3.d
K35smb. copy this to S35smb, and then execute the following command:
./S35smb start
Check processes to be sure it is running:
ps -aux | grep smbd
ps -aux | grep nmbd


Log files: /var/log/samba
This is also specified in smb.conf

smb.conf Configuring Samba

man smb.conf
; and # indicate that the line/option is a comment and ignored.
After configuring smb.conf, run the command "testparm" to see if you have made any syntactic errors.

You may choose to edit smb.conf by hand or by using a configuration tool such as swat.
Using swat to configure Samba.
Check /etc/services for swat entry and uncomment.
Install the RPM and configure or start swat from /etc/xinetd.d
Reboot or try "kill -s HUP `cat /var/run/inetd.pid`"
Launch browser and connect to hostname:901
Logon as root.
Everything you do by editing the file directly can be done with swat.
Also, there are very helpful explanations of all the configuration options.
Simply, click on the links.

Examples

A basic smb.conf file for a UNIX server operating within an MS domain:
Using [shares] is optional.
Try it first without it, and then setup a [share] like below.
Be sure you have a public group in the example below.
mkdir /usr/Pubshare
chown root:public /usr/Pubshare
chmod 2770 /usr/Pubshare

#==========Global Settings=============
[global]
##domain
workgroup = domain

##description as it will appear in server manager
server string = UNIX Samba Server

##ip addresses to allow
hosts allow = 192.168. 127.

##tells to load printers from printcap file for browsing
load printers = yes

##location of samba related log files
log file = /var/log/samba/log.smb

##max size in kilobytes the log size should grow to
max log size = 5000

##file to map UNIX usernames to MS domain usernames
username map = /usr/local/etc/smbusers

##passes authentication to another smb server
security = server

##server to which authentication info is sent
password server = 192.168.10.2

##allows MS encryption
encrypt passwords = yes

##sends tcp data immediately. it's faster
socket options = TCP_NODELAY

##when disabled, will use dns to lookup WINS names
dns proxy = no

##allow domains which have a trust relationship
allow trusted domains = yes

[homes]
comment = Home Directories
browseable = no
writeable = yes

[share]
comment = public share
path = /usr/Pubshare
browseable = yes
guest ok = no
writeable = yes
create mask = 770
directory = 770
#force user = bob
#force group = public
delete read only = yes

A basic smb.conf file for a UNIX server sharing files with one or a few SMB clients (one other winNT/2000/XP/9x):
I haven't tested this particular smb.conf file.
You may want or need to specify "password server" in smb.conf [global] settings.

#==========Global Settings=============
[global]

##MS domain or MS workgroup
workgroup = workgroup

##description as it will appear in server manager
server string = UNIX Samba Server

##ip addresses to allow
hosts allow = 192.168. 127.

##location of samba related log files
log file = /var/log/samba/log.smb

##max size in kilobytes the log size should grow to
max log size = 5000

##passes authentication to another smb server
security = share

##allows MS encryption
encrypt passwords = yes

##sends tcp data immediately. it's faster
socket options = TCP_NODELAY

##when disabled, will use dns to lookup WINS names
dns proxy = no

[homes]
comment = Home Directories
browseable = no
writeable = yes

[share]
comment = public share
path = /usr/Pubshare
browseable = yes
guest ok = yes
writeable = yes
create mask = 770
directory = 770
#force user = bob
#force group = public
delete read only = yes


Security Settings

##For public share and use of guest accounts. Logon with UNIX acct. directly.
security = share

Use if username accts. on MS and UNIX are different. ##Passes authentication to another SMB server. Use if you want an BDC or PDC to authenticate users.  Use the option "username map" with "security = server".
If the other SMB server cannot validate, the mode tries "security = user"
security = server

##Client must first logon with a valid u/p.  Use this if usernames are the same on both MS and UNIX systems -- you will not need to use "username map".
security = user

Sample smbusers file:
UNIXname = "MSname"
jimmi = "millerji"


Samba and Umasks

Create masks on samba shares with the options "create mask" and "directory mask"

##forces permissions on files created on a share
create mask = 770

##forces permissions on directories created on a share
directory mask = 770

Along with the above 2 options, you mau choose to add 2 more options:

##set the user and group attributes on a file created by MS
force user = username

##set the user and group attributes on a directory created by MS
force group = groupname

related options (see manpage):
force create mode
force directory mode


Misc

Backup an SMB volume using smbclient:
see manpage

/usr/local/bin/smbclient //hostname/public -U "testuser%password" -Tc pub.squid.tar