You are on page 1of 25

Chapter – 15

SAMBA
Objectives:

At the end of this module, you would have


gained fair knowledge on:

•What is Samba
•Configuring a Samba Server
•Sharing Directories between Windows &
Linux
•Sharing Printers between Windows &
Linux
With Samba you can share a
Linux filesystem with Windows 95, 98, 2000 or
NT. You can share a Windows 95, 98, or NT
FAT filesystem with Linux. You can also share
printers connected to either Linux or Windows
95, 98, 2000, or NT.

The Samba suite of SMB


protocol utilities consists of several
components. The smb daemon provides the
file and print service to SMB clients. The
configuration for this daemon is described in
smb.conf.
1. The nmbd daemon provides NetBIOS
nameserving and browsing support.

2. The SMB client program smbclient implement a


simple FTP-like client on a Linux or UNIX system.

3. The SMB mounting program smbmount enables


mounting of server directories on a Linux or UNIX
system.

4. The testparm utility allows you to test your


smb.conf configuration file.

5. The smbstatus utility tells you who is currently


using the smbd server
Installing Samba

You can install Samba during the Red Hat


installation from the CD-ROM or later using RPM
as follows.
Mount the CD-ROM
# cd /mnt/cdrom/RedHat/RPMS
# rpm –ivh samba*
A Simple Samba Setup
Samba can be very complex, so it is
important to get the simplest possible
implementation of Samba running before making
major configuration changes.

The main configuration file smb.conf, is


located in /etc/samba directory of your Red Hat
Samba server. It is used by the Samba server
software to determine the directories and printers
to be shared and to determine security options
for those directories and printers.
Testing with Linux Client
The default /etc/smaba/smb.conf should be
sufficient to run a simple Samba test with a Linux client.
Run the following command in the Samba server.

# /etc/rc.d/init.d/smb start
The above command starts the Samba server if it
is not yet started. In the client side make sure that it is
physically connected to your server and client can able
to ping the server’s IP address. If everything is ok give
the following command.

# smbclient ‘//10.0.0.6/homes’ -U myuid


Testing with a Windows Client
Samba is what make a Linux computer show up in a
Windows Network Neighborhood. For doing this edit the
/etc/samba/smb.conf file and note the workgroup name = and
uncomment the encrypted passwords = yes and smb passwd
file = /etc/samba/smbpasswd lines. Next you have to add
Samba users as follows.

# touch /etc/samba/smbpasswd
# smbpasswd -a myuid.

The myuid is the name of the user account which is


to be added with Samba. –a option is for adding a new user entry
in /etc/samba/smbpasswd file. After giving the command system
prompts for the supply of the password. The password, which you
have given here, can be used for login from a Windows client.
It is possible to access share, which is available in
a Windows machine from a Linux system, which is
running Samba. For doing this do the following steps.
Share the subdirectory or Drives in your Windows
system. Then in the Linux Server give the following
command.

# smbclient –L //win95_1

The above command will display all the available shares


in the system named win95_1

# smbmount //win95_1/musics /mnt/win95


or
# mount -t smbfs //win95_1/music /mnt/win95
Configuring Samba
The [global] Section
The global section controls parameters for the entire SMB server.
It also provides defaults for the other sections:

[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = DOMAIN1
Workgroup = specifies the workgroup. Try to keep it all
uppercase, fewer than nine characters, and without space. All the
machines connected to the Samba server should be in the same
workgroup.

# server string is the equivalent of the NT Description field


server string = Samba Server
server string = specifies a human readable string used to identify
the server in the clients user interface.
; hosts allow = 192.168.1. 192.168.2. 127.
If uncommented, the hosts allow = line restricts Samba access to certain
subnets. Multiple subnets are separated by spaces.

# if you want to automatically load your printer list rather


# than setting them up individually then you'll need this

printcap name = /etc/printcap


load printers = yes

The above lines enable the sharing of the printer.


# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
printing = lprng
The above line specifies the type of printing
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
If enabled the above line defines a
guest account for clients logged in as a user not
known to the Samba server.

# this tells Samba to use a separate log file for


each machine
# that connects
log file = /var/log/samba/%m.log

The above line enables a separate machine wise


log file and define its path.

# Put a capping on the size of the log files (in


Kb).
max log size = 0
# Security mode. Most people will want user level
security. See
# security_level.txt for details.
security = user
# Use password server option only with security =
server
# The argument list may include:
# password server = My_PDC_Name
[My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; password server = <NT-Server-Name>
The above line defines the NT Server name where
the password authentication is takes place. You can
define this to authenticate your users using a NT
server.
# Password Level allows matching of _n_ characters of the
password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8
The above two lines controls non-case sensitivity. For instance, a
value of 8 means the first 8 characters of the password will be
compared will be compared without case sensitivity to the entered
password.

# You may wish to use password encryption. Please read


# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba
documentation.
# Do not enable this option unless you have read those
documents
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
The [homes] Section

The [homes] section allows network clients to


connect to a user’s home directory on your server
without having an explicit entry in the smb.conf file.
When service request is made, the Samba server
searches the smb.conf file for the specific section
corresponding to service request.
If the service is not found, Samba checks
whether there is a [homes] section. If the [ homes ]
section exists, the password file is searched to find the
home directory for the user making the request.
[homes]
browseable = no
writable = yes
The preceding is the simplest usable
[homes] share. The browseable = no entry
instructs SMB client not to list the share in a
browser. However. [homes] is a special case, this
will not be effective for [homes] share. If
browseable = yes will display a share called
homes on the clients network browser.

[homes]
comment = Home Directories
browseable = no
read only = no
path = %H/smbtree
create mode = 0750
Sharing Files and Print Services
After configuring your defaults for the
Samba, you can create specific shared directories
limited to certain groups of peoples or available for
everyone. The given below is a example share which
can be added in /etc/samba/smb.conf file.
[games]
comment = world of games
path = /usr/local/games
valid users = manoj, @games
browseable = yes
public = no
writable = yes
create mode = 0700
A printer share is created by placing
a print ok = yes and a printer name = in the
share. Here is an example:
[epson]
print ok = yes
printer name = dmp
path = /home/everyone
browseable = yes
Here is a printer that is listed as epson on the
client because of the browseable = yes. It
prints out of printcap printer dmp. Its spool
directory is /home/everyone.
Common smb.conf Options
read only, writable, writeable, write ok
writable, writeable and write ok are

synonyms and read only is inverted


synonym for writable, writeable and write
ok.Only one of this options need to specify
whether a share is writeable. If this option is
specified in the global section, it serves as
defualt for shares. This options can
overridden by the write list = option.
valid users = (S)
Not specified or blank value after equal sign
allows access to everyone. To limit access,
place a coma delimited list of valid users after
the equal sign:

valid users = myuid, manoj, @aita


The option gives access to users myuid, manoj
and group aita. This option is overridden by
the invalid users = option.
invalid users = (S)
This option lists the names of invalid users and
groups. This list overrides any users in the
valid users = option for the share
hosts allow = , hosts deny = , allow hosts =,
deny hosts =
hosts allow = and allow hosts = are synonym and
hosts deny and deny hosts are inverted synonym
for hosts allow and allow hosts.
hosts allow = 192.168.100.201
hosts allow = 192.168.100.0/24
hosts allow = overrides any hosts deny =
options.
public = and gues ok =
These two option gives the same results. The
purpose of this option is to allow those without a
login on the server to access a share , if set to
Using Samba as a Logon Server
Samba can be used to authenticate
logon on Windows 9x, NT, and 2000
computers. Windows 2000 must have
NetBIOS over TCP/IP enabled to interact with
Samba.
The given below is a sample
smb.conf file, in which the server’s host name
is mainserv, the workgroup is MYGROUP,
Windows 9x clients all use encrypted
passwords, and there is no WINS server or
domain controller other than the Samba
server:
Using Samba as a Logon Server

[global]
netbios name = mainserv
workgroup = MYGROUP
encrypt passwords = yes
wins support = yes
preferred master = yes
domain masters = yes
domain logons = yes
[homes]
writeable = yes
Restart Samba and you now have a server
capable of assuming the logon authentication
duties for Windows 9x clients. The next step is to
set up the clients and users

Each user must have a valid UNIX account


and a valid smbpasswd entry. Assuming the
user has a valid UNIX account, setting up the
smbpasswd entry is simply a matter of doing the
following as root:
# smbpasswd -a manoj
The above command will add a smbpasswd
entry for the user manoj and set a password for
the user.
Check the Logon to Windows NT
Domain check box, type the workgroup
name of the Samba server in the Windows
NT Domain text box, and check the Logon
and Restore Network Connection radio
button.
Click OK All the way out of all
dialog boxes, and answer yes when asked if
you want to restart the computer.