Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

Samba Defined
The Role of the File Server
Samba’s Implementation of Print Server Functionality
Components of the Samba Suite
Samba Interconnects Linux, UNIX, and Windows
Samba on Non-UNIX Operating Systems
Samba Benefits
Ability to Evaluate
Going with the Flow
More Modular, Easier to Understand
Better Talent
Central Administration
Cost Considerations
Samba Disadvantages
NT Servers Are Often Needed in Addition to Samba
No Directory Services (Yet)
Additional Expertise Needed
Nobody to Support the Software
Nobody to Sue
Enlisting Support
Existing Samba Sites
Upper Management
Technical Management
Fellow Technical Employees
Alliance-Building Tactics
Making the Decision in Steps
Start with a Proof of Concept
The “Backwater” Server
Move Up to a Departmental Server
Make or Procure an Add-On Enterprise Server
Move on from There
UNIX File and Directory Permissions
Permission Types
Permission Recipient Classes
The ls -ldFCommand
The chmodCommand
Default File-Creation Mode: umask
DOS File Attributes
Executable Status Determined by File Type
Windows Access Control Lists
Windows 9xShare Permissions
UNIX User and Group Strategies
The User’s Primary Group
User Private Groups (Used by Red Hat)
The Group-Per-Project Strategy
Samba User and Group Strategies
Best of All Worlds
The User Gets a Single Directory Tree
Multiple Groups Can Share Directory Trees
Mapping DOS File Attributes to Samba Permissions
Configuring Default New File Permissions
Configuring Default New Directory Permissions
TCP/IP Networking Review
Examples in This Chapter
Networking Terminology
ICMP (ping)
ISO/OSI Network Model
IP Address
The ISO/OSI Seven-Layer Networking Model
IP Addresses
Subnets and Netmasks
Class A, B, and C Addressing
Classless Addressing
The Public IP Addresses
Giving Your Network Card an IP Address
Configuring Your Windows NT TCP/IP Properties
Configuring Your Linux TCP/IP Properties
Domain Trust Relationship
NetBIOS Overview
•Name Service
Name Service
Session Service
Datagram Service
CIFS Overview
Making a Connection
Modifying Debian to Use Samba’s Location
Installing Samba from Source
What Different Forms Are There?
Accessing the CVS for the Latest Development Version
Configuring and Running the Source Install
Configuring Your System to Recognize Samba
Installing Multiple Versions of Samba
Installation-Specific File Locations
Samba’s Default File Locations
Sample File and Directory Locations on Linux Distributions
Testing Your Installation
Setting Up the Test Environment
Testing Locally on Your Samba Server
Testing with Samba and a Windows Client
Troubleshooting Tips
Where to Look If Something Doesn’t Work
Some Common Problems
Creating a Simple Samba Proof of Concept
Basic Structure of smb.conf
The Three Samba-Defined Shares
Testing smb.conf
Restarting Samba
Setting Up the Simplest Possible Samba
Setting Up the Simplest Windows-Friendly Samba
encrypt passwords=yes
netbios name=mainserv
Creating the Encrypted Password
Exercising the New Configuration
Performing the Simplest Possible Samba Tests
smbclient -NL localhost
$ smbclient -NL localhost
smbclient ‘//localhost/homes’ -Uusername
$ testparm
net use z: \\mainserv\homes
Encrypting Passwords
When Notto Encrypt Passwords
Getting Rid of the homesDirectory in Network Neighborhood
Demonstrating That the Word [global]Is Optional
Adding [global]Above encrypt passwords=
Changing [global]to [garbage]
Putting [global]at the Bottom of the File
Making homesWritable
Adding read only=noBelow [homes]
Adding a Share Parameter Globally
Adding the [printers]Share
printcap name=
print ok=
Making a Universally Accessible Directory Share
Inserting [everyone]at the Bottom of the File
The Directory Is Read-Only
The Directory Points to /tmp
The Directory Is Readable by All
Setting the [everyone]Share’s Path
Making a No-Permission Directory
Configuring the [everyone]Path in smb.conf
Changing the User Permission to Read and Execute
chmod 700 /home/username/test
chown root.root /home/username/test
$ chown root.root /home/username/test
chmod 777 /home/username/test
Changing the Workgroup on the Samba Side
Access Does Not Require Browseability
Browseability Tweaks
The Samba Access Hierarchy
Same-Box Samba
Windows Network Samba Access
Putting It All Together: A Departmental Server
Determining Samba Access
The Question Everyone’s Asking
The Sample Directory for This Chapter
Use oplocks=noin This Chapter
The Three Levels of Users and Groups
admin users=
Add read only=no
Add write list=username
Add valid users=root
Add invalid users=username
Discussion of admin users=
hosts allow=
hosts allow=
hosts allow=192.168.100
Testing hosts allow=
Discussion of hosts allow=
hosts deny=
hosts deny=windowsClientSubnet
Dueling hosts deny=and hosts allow= Parameters
Discussion of hosts deny=
Guest Access
The Guest-Only Share
The Guest OK Share
force user=and force group=
force user=
force group=
Testing with preexec
Working with UNIX Permissions
chmod 0
chmod 444
chmod 111
chmod 555
chmod 777
UNIX Permissions: Summary
read only=
read list=and write list=
Add read list=username
Working with Browseability Quirks
Accessibility Flowchart
The Top-Level Flowchart
Samba Share-Wide Write Access Flowchart
Service User and Group Determination Flowchart
UNIX File Access Determination Flowchart
UNIX File Creation
Configuring Printer Shares
Defining Your Linux Printer
It Must Be a Plain-Text Printer
Using vito Edit /etc/printcap
Printing Systems
Don’t Trust the Defaults
The Easiest Practical Linux [printers]Share
Changes to [global]
The [printers]Share
Testing with smbclient
Testing with the DOS echoCommand
Creating a Windows Printer for lp_text
Working with a Trivial Dedicated Printer Share
Important smb.confPrinter Parameters
Printer Command Type Parameters
Miscellaneous Printer Parameters
Automatic Windows 9xPrinter Driver Installation
1.Create [printer$]
Create [printer$]
Build the Driver List and printers.def
Add Three New Parameters in smb.conf
Using the New Setup
Troubleshooting Printer Problems
Diagnostic Tools
Samba Printer Troubleshooting Strategies
Quick Predefined Diagnostic
Other Cool Samba Printer Tricks
Server-Side Automation
Big, Repetitive Print Jobs
Printing to Windows Printers
Printing Straight Through smbclient
Printing Straight Through with smbprint
Printing with a Filter
Client Setup
Have Your Installation CD Handy
Network Dialog Box
Ethernet Adapter
TCP/IP -> Ethernet Protocol
Client for Microsoft Networks
File and Printer Sharing for Microsoft Networks
The Difference Between Accessing and Browsing
The Timing Problem
Forcing an Election from the Samba Server
Forcing an Election from a Client
Windows Command-Line Access to Samba Shares
Browsing from the Windows Command Line
Other Types of Command-Line Samba Access
Finding the Elusive Share
WINS Server
Samba Client Programming
Triggering a Server Process from Windows
Networked Start Menu Icon Groups
Troubleshooting Windows 98 Samba Clients
Different Windows NT Versions
Windows NT 3.5
Windows NT 3.51
Windows NT 4
Elections and Timing: A Better Client
Local Master Browsers and Browser Elections
Domain Master Browsers and Phantom Workgroups
Preventing the NT Client from Winning a Browser Election
Election Results
Using the Windows NT net Command
Connecting to and Listing Network Resources
Viewing the Browse List
Synchronizing Clocks
Remote Authentication of Samba by NT
Remote Authentication and User Accounts
Samba As a PDC
Some Network Illustrations
Windows NT Workstation and Samba Peer-to- Peer Network
Windows NT Server and Samba Peer-to-Peer Network
Windows NT PDC and Samba Domain Member
Troubleshooting Windows NT Samba Clients
Command-Line Utilities for Troubleshooting
Windows NT Network Monitor
Working with Windows 2000
Different Windows 2000 Versions
Windows 2000 Professional
Windows 2000 Server
Windows 2000 Advanced Server
Windows 2000 Datacenter Server
What’s New in Windows 2000
Active Directory Service
Distributed File System
Windows Internet Naming Service (WINS)
Internet Domains and Windows Domains
Microsoft Management Console
Kerberos Version 5
Network Illustrations
Windows 2000 Setup Requirements
A Samba Domain Controller and Windows 2000 Clients
Troubleshooting Windows 2000 and Samba
Using Windows 2000 Command-Line Utilities
Using smbclient
Using smbclientas a Diagnostic Tool
The smbclientCommand Set
Using smbclientto Print to Remote Printers
Troubleshooting smbclient
Using smbmountto Mount SMB Shares as UNIX Directories
Mounting a Windows 98 Share with smbmount
Mounting a Windows NT Share with smbmount
Mounting a UNIX Share with smbmount
Disappearing Mounts
Using smbmountWithin fstab
Troubleshooting smbmount
Command-Line Syntax
Using smbstatusas a Quick Check
Using smbtarto Back Up Clients
Backing Up and Restoring from Windows 98 Shares
Backing Up and Restoring from Windows NT Shares
Backing Up and Restoring from Samba Server Shares
Using smbprintas a Print Queue Filter
Using nmblookupfor Diagnostic Testing
nmblookupand Browser Elections
nmblookup -B servername __SAMBA__
nmblookup -B clientname ‘*’
nmblookup servername -S ‘*’
nmblookup -T ‘*’
The nmblookupCommand Options
Using smbpasswdfor Security
smbpasswdand NT Domains
Other Client Utilities
Procuring SWAT
From Your Linux Distribution CD
From the Internet
Compiling and Installing SWAT
Always Back Up smb.confBefore Using Swat!
SWAT Buttons Depend on smb.confPermissions
SWAT Security Concerns
Wrong smb.confPermissions
Clear Passwords
SWAT Security Summary
Enabling SWAT
Starting SWAT
The Navigation Buttons
Using SWAT for Information
Do Not Log in as root
Viewing Current Samba Options
The Front Page Help File Links
Accessing Help from Configuration Pages
Signing on as rootor a Privileged User
Must Restart Samba to Enable Changes
Configuring Global Options
Configuring Directory Shares
Configuring Printer Shares
Using SWAT for Samba Password Administration
Using SWAT to Administer Samba
Refresh Button and Interval Text Box
Daemon Buttons
Active Connections Table and Kill Button
Active Shares Table
Open Files Table
Three Types of Server-Side Automation
The Variable Substitution Strings
TABLE 14.1The Variable Substitution Strings
Exec Server-Side Automation
The Four Exec Server-Side Automation Commands
Exec Server-Side Automation Proof of Concept: Log File
Exec Server-Side Automation Home Directory Protection
Pseudo Samba Printer Server-Side Automation
•Log file proof of concept
Log File Proof of Concept
Single-Program Pseudo Printer
Multi-Program Pseudo Printer
Batch Record Adder
Printing Directly from Windows Applications
Practical Pseudo Printer Ideas
Magic Script Server-Side Automation
Server-Side Automation Security Issues
Samba Security
Security Principles
Preinstallation Security Measures
Checking an rpmPackage Signature and Checksum
Checking Existing Packages
Compile-Time Options
SSL Support
Security Resources
Samba Configuration Components Security Parameters
Password-Related Security Parameters
Password Synchronization
Changing Passwords from Windows NT
Using passwd chat debug
PAM-Based Password Synchronization
Implementing Access Restrictions
User Accounts, Groups, and Directory Services
Service-Level Security Options
Guest Access Issues
guest ok = yes
guest account = ftp
Security Problems
Samba Security Levels
security = share
security = user
security = server
security = domain
Security Risks and Breaches
The Gratuitous Breach: hosts equiv=
admin users =
Abuse Potential: wide links = yes
User Manipulable suid rootExecutables
Beefing Up Security
Preventing Shell Logins
Diagnostic Tools for an SMB Network
Client-Side and Server-Side Security Working Together
Using System Policies to Improve Security
System Policies—Windows 95/98
Using Samba as Your Windows 98 Logon Mechanism
Gathering Necessary Documentation
Windows 98 Domain Terminology
Network System Policies
Domain Logon Principles
Why a Single Point of Logon?
Centrally Administrated Logon Scripts
Central Administration of Thin Clients
Creating a Windows 98 Domain Logon
Start with a Trivial Non-Logon Server
Make a Non-Scripting Logon Server
Adding a Logon Script to the Logon Server
Troubleshooting Windows 98 Domain Logons
Information Sources
Check the Obvious
Symptoms and Solutions
Setting Up Roaming User Profiles
Start with a Test Jig System
The Samba 2.0.6 Profile Path Fix
Roaming Profile Timing
Create the Profile Directory
Enable Profiles on the Windows Client
Preparing to Test
Testing the Profiles
Including Desktop Icons and Start Menu Choices
Roaming System Policies
Roaming Profile Areas of Concern
Roaming Profile Benefits
Troubleshooting Roaming Profiles
Using Samba as the NT Primary Domain Controller
Samba and PDCs
PDC Functionality Overview
Client Workstations Overview
Domain Logons Overview
User Profiles Overview
Logon Scripts Overview
Home Drives Overview
Samba PDC Sources
Checking Out SAMBA_TNG
Compiling SAMBA_TNG
Updating the Tree
Samba as PDC
Joining a Domain from Windows NT Workstation
Joining a Domain from Windows NT Server
Joining a Domain from Windows 95/98
Implementing Logon Scripts
Mapping Home Drives
Mapping Groups and Users
Roaming and Mandatory Profiles
Testing Profiles
Writing Your Own passwdProgram
Getting Your Own Information
From the smb.confMan Page
From testparm
From Samba Documentation
From Source Code
Global Base Parameters
netbios name=
netbios aliases=
server string=
bind interfaces only=
Global Security Parameters
encrypt passwords=
hosts equiv=
map to guest=
min passwd length=
null passwords=
passwd chat=
passwd chat debug=
passwd program=
password level=
password server=
root directory=
smb passwd file=
unix password sync=
update encrypted=
use rhosts=
username level=
username map=
Global Logging Parameters
log file=
log level=
Global Protocol Parameters
max packet=
max ttl=
max xmit=
read bmpx=
read raw=
write raw=
Global Tuning Parameters
read size=
Global Printing Parameters
Global Filename Handling Parameters
mangled stack=
stat cache=
strip dot=
Global SSL Parameters
ssl CA certDir=
ssl CA certFile=
ssl ciphers=
ssl client cert=
ssl client key=
ssl compatibility=
ssl require clientcert=
ssl require servercert=
ssl server cert=
ssl server key=
ssl version
Global Domain Parameters
Global LDAP Parameters
Global Login Parameters
add user script=
delete user script=
logon drive=
logon home=
logon path=
logon script=
Global Browse Parameters
browse list=
domain master=
lm announce=
lm interval=
local master=
os level=
preferred master=
Global WINS Parameters
dns proxy=
wins proxy=
wins server=
wins support=
Global Locking Parameters
kernel oplocks=
Global Miscellaneous Parameters
auto services=
default service=
dfree command=
homedir map=
lock dir=
message command=
NIS homedir=
panic action=
remote announce=
remote browse sync=
socket address=
time offset=
unix realname=
Name Mangling
case sensitive=yes/no
default case=upper/lower
mangled names=
mangling char=
preserve case=yes/no
short preserve case=yes/no
mangle case=yes/no(S)
Share Printing Parameters
lppause command=
lpq command=
lpresume command=
lprm command=
print command=
printer driver location=
queuepause command=
queueresume command=
Share Security Parameters
alternate permissions=
create mask=
directory mask=
force create mode=
force directory mode=
guest account=
guest ok=
guest only=
invalid users=
only user=
read list=
valid users=
write list=
Share Filename-Handling Parameters
case sensitive=
default case=
delete veto files=
hide dot files=
hide files=
mangle case=
map archive=
map hidden=
map system=
mangled map=
preserve case=
short preserve case=
veto files=
Share-Tuning Parameters
max connections=
strict sync=
sync always=
Share-Locking Parameters
blocking locks=
fake oplocks=
level2 oplocks=
share modes=
strict locking=
veto oplock files=
Server-Side Automation Parameters
magic output=
magic script=
root preexec=
root postexec=
Miscellaneous Share Parameters
delete readonly=
dont descend=
dos filetime resolution=
dos filetimes=
fake directory create times=
follow symlinks=
set directory=
valid chars=
wide links=
Review of Terminology
Backing Up Under Samba
How Samba Makes Backups Easier
Backup Servers
Choosing Windows Backups or UNIX Backups
Using Samba to Export Data for Windows Backup
Consider Turning follow symlinksOff
follow symlinks—Special Uses
Backups and force user=root
Do a Test Backup
Windows Backup Software
Windows NT Backup
Other Windows Backup Software
Connecting to SMB/CIFS Shares for UNIX Backup
Other Windows/UNIX Backup Integration Options
dumpand restore
Other UNIX-Based Backup Solutions
Offsite Backups: rsync
rsyncBasic Usage
rsyncNetwork Usage
rsyncand You
Choosing the Appropriate Backup Medium
DAT Tape
Travan Tape
OnStream Tape
VXA Tape
Other Backup Technologies
Why Samba Troubleshooting Is Easy
Plenty of Test Points and Tools
Availability of Test Jig System
Most Configuration Is Done in One Place
Intelligent Defaults
Available Source Code
Subject Matter Expertise Is Easy to Obtain
Effectively Using DIAGNOSIS.txt
DIAGNOSIS.txtQuick Scripts
Using Effective Troubleshooting Process
1.Back up smb.confand any other vulnerable data
Back Up smb.confand Any Other Vulnerable Data
Describe and Reproduce the Symptom
Perform the Quick Checks
Condense the Symptom Description
Narrow the Scope of the Problem
Fix and Test
Test Points and Testing Tools
Intrusive Versus Nonintrusive Testing
Log Files
net view
net use
$ smbstatus
preexec=and postexec=
straceand Other Debuggers
Test Jigs
Samba Troubleshooting by Category
Solving Access Problems
Solving Browsing Problems
Solving Authentication Problems
Solving Printing Problems
Solving Performance Problems
Effectively Obtaining Online Help
Be Part of the Mailing List
Get to the Point
But Don’t Be Too Terse
Prepare and Learn Before Asking
Responding to Others’ Questions and Posts
Common Gotchas, Symptoms, and Solutions
Config File Changes Sometimes Require a Samba Restart
Not All smb.confMisconfigurations Yield testparmErrors
Using Both wins support=and wins server=
SWAT Netscape Error Concerning lpstat
Upload Speed Much Slower Than Download Speed
Other Speed Problems
Mounted Samba Shares Intermittently Drop
Authentication Breaks When Upgrading from Samba 1.x
Roaming Profiles Are Quirky
Browsing Frequently Doesn’t Work
Source Code Troubleshooting
Making Your Own Information Tools
The testparm-Based Main Synonym Finder
The testparm-Based Global/Share Distinguisher
The testparm-Based Default Displayer
The Man Page–Based Synonym Finder
Samba-Dedicated Linux Box
Viewing Man Pages in a Browser
Read the Source, Luke
Source-Familiarity Tools
The Directory Structure
The sourceDirectory
Testing Your Findings with Source Modifications
Cloning Existing Programs
Trivial Cases
Tiny Changes
Exploiting Differences
Joining the Samba Project
SWAT as a Learning Tool
The Distribution Documentation
Man Pages
Web Sites, Newsgroups, and Mailing Lists
samba.orgWeb Resources
samba.orgMailing Lists
Search Engines
Destructive Tests
Replacing an NT File Server with Samba
Why Replace?
The Replacement Process
Documenting the Existing Server
Putting Your Samba Server Online
Setting Up Users and Groups on Samba
Creating Directories for Shares
Setting Up Shares on Samba
Testing Before Going Live
Creating a Test Logon Script
Migrating Files
Samba File Transfer Enterprise Apps
File Transfer Application Structure
The Holding Area
Using an Active Holding Area
Using a Passive Holding Area
Implementing the Holding Area on the Back-End Server
The Office Collection Point
The Office Collection Point’s print command= Parameter
The Confirmation System
Implementing Modularity
Other Samba File Transfer App Security Issues
Avoidance of Temporary Files
Filter Unauthorized Messages
CRC Authentication
Privacy and Encryption
File Transfer App Architectures
The Instant-Confirmation System
Front End Direct Transmission to Back End
File Transfer App Troubleshooting
Samba Enterprise Backup Strategy
The Importance of Backups in the Enterprise
Disaster Recovery
Hardware Redundancy
Lower Cost of Servers Allows for Redundant Servers
Configuration Backups
Server Setup and Preparation Backups
Client or Desktop Configuration Backups
Configuration Tools
ActiveState Perl: WIN32 Desktop Scripting Environment
Software Installation Points: Service Packs and Driver Files
Software Installation Points: Applications
Vendor-Independent Software Distribution Using sysdiff.exe
Backing Up an Entire Client Hard Disk
smbclient: The Command-Line FTP of the SMB World
smbclientin tarmode
Dynamic Client Configurations Located on the Server
Using System Policies to Configure a Machine at Login
Roaming Profiles
Roaming Profiles in Windows 95
Backing Up the Windows Registry
Backing Up Data Files
Samba-Specific Backup Strategies
Multiple-Site Backup Strategies
Finding the Right Person to Do the Backup
Making the Directory Structure Fit In
Separate User Files and Directories Not Subject to Backups
Mistakes Happen
Deciding What to Redundantly Back Up
Simple Compression to CD Often Suffices
Enterprise Backup Hardware
Media Types
Quarter-Inch Cartridge (QIC)
DAT (DDS1-3)
Digital Linear Tape (DLT)
Jukeboxes and Changers
CD Special Data Backup
Enterprise Backup Software
Scenario 1
Scenario 2
Scenario 3
Summary of Other Backup Software Packages
Freeware Backup Utilities
Multiplatform Backup Utilities
Windows-Specific Backup Utilities
Troubleshooting Backup Problems
Basic Principles of Sharing
Using Samba as a Network CD Server
The Alternative Approach
Cost Analysis
High-Performance, High-Bandwidth Considerations
The Software RAID Option
Samba CD-ROM Server Implementation
Running Applications from an SMB/CIFS Share
The Crash Effect
The Network Load
Compatibility Issues
Compatibility with Development Tools
Manageability: The Single Advantage
Test It Out
Success or Failure
Oplocks Review
Installing Microsoft Office on a Share
Initial Office Setup
Office Client Installation
Using Samba in the Small Business
The Big Picture for the Small Business
Choosing a Solution for Your Business
What Can Samba Do for the Business?
Other Alternatives
How Does Samba Fit into the Network?
What Does Samba Run on Top Of?
0 of .
Results for:
No results containing your search query
P. 1


|Views: 404|Likes:
Published by Nurul Istiqomah

More info:

Published by: Nurul Istiqomah on Feb 17, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 25 to 126 are not shown in this preview.
You're Reading a Free Preview
Pages 151 to 155 are not shown in this preview.
You're Reading a Free Preview
Pages 180 to 557 are not shown in this preview.
You're Reading a Free Preview
Pages 582 to 739 are not shown in this preview.
You're Reading a Free Preview
Pages 764 to 1245 are not shown in this preview.