Linux Box Admin
 Trusted Remote Administration
logo

Tilde
What's new
Articles
Micro HowTos
About
Contact







Index arrow Micro HowTos

index of all micro how-tos
arrow Daemons

Samba
(8 votes)
Wednesday, 07 March 2007
   
    Samba    
     
       
 

The Samba suite of client and server programs allow Unix-like machines to communicate with Windows networks using the Microsoft SMB protocols. Samba servers can participate in share level peer-to-peer workgroups, NT4 domains, or Active Directory domains. Configuring samba as a Windows domain controller is beyond the scope of this micro how-to.

Security model

Samba uses a mixed security model. Actual security of files on the server is controlled by Linux file permissions. Samba maps an incoming Windows user account to a local Linux user account (in /etc/passwd), or to a guest account defined in the configuration file. The permissions of the mapped account control what the Windows user can do.

Another thing to remember is that many Windows permissions do not map to any equivalent Linux permission. So, it is best to NOT set any permissions from Windows explorer or other Windows program. Set the permissions directly on the Linux box.

Samba can be configured to authenticate a Windows user in several ways. It can authenticate against a local samba user account database (often /etc/samba/smbpasswd), against a Windows domain controller, with a share level password, and other ways. In order to use a local samba user database, you need to create a Linux user account for each Windows user account that will be accessing the server, then store the encrypted passwords for each user in the smbpasswd file. Samba can also share files and printers where no password is required.

Server configuration

There are three samba server daemons:

  • nmbd -- provides Windows name services
  • smbd -- provides Windows file and print sharing
  • winbindd -- used to resolve user and group information from a Windows NT server

 

The server daemons are configured in the smb.conf file. The smb.conf file is broken into sections. The main sections are [global], [home], and [printers]. Each shared directory requires its own section.

Common options in the [global] section of smb.conf

To set the workgroup/domain:
workgroup = MYWORKGROUP

To limit connections to samba server shares to specific IP addresses:
hosts allow = 192.168.1.100 192.168.2.0/255.255.255.0

To tell samba to use share level security (single password for all users):
security = share

To tell samba to use user level security:
security = user

To tell samba to use a Windows NT domain controller for authentication: (also requires the "password server" and "encrypted passwords" options)
security = domain

To define the guest user, the Linux account that gets assigned to Windows users of public shares (shares defined with the "guest ok" option):
guest = nobody

To tell samba (nmbd) to act as a WINS server:
wins support = yes

To tell samba (nmbd) to act as a WINS client:
wins server = yes

The nmbd daemon can act as either a WINS client or WINS server, but not both.

Creating sharepoints

Each share point section starts with share name in square brackets. Here is an example of a basic sharepoint called "garbage":

[garbage]
comment = public
path = /public
public = yes
guest only = yes
writable = yes
force create mode = 0664
force directory mode = 0664
browseable = yes
Here is the meaning of each line:
comment -- the text that appears next to the share in "net view"
path -- the full path to the local directory
public -- makes the share public (no password required)
guest only -- forces all users to map to guest account (nobody)
writable -- allows files to be created/changed
force create mode -- forces permissions on all new files
force directory mode -- forces permissions on all new dirs
browseable -- show or hide the share in "net view", yes = show

 

Testing the smb.conf configuration

The testparm program is part of samba and can be used to test the syntax of the configuration file before starting or restarting the samba services. For example:
testparm /path/to/smb.conf

Samba client programs

To lookup the IP address of a Windows host using the NetBIOS name:
nmblookup host

To lookup all NetBIOS names registered at an IP address:
nmblookup -A host

To see the visible shares on a Windows server or a samba server:
smbclient -L host [-U username]

To show the status of open smbd connections:
smbstatus

To mount an Windows sharepoint:
mount -t cifs -o username=user,password=pass,ip=1.2.3.4 //server/sharepoint /mountpoint

To change SMB passwords:
smbpasswd user

To map static NETBIOS names to IP addresses, edit /etc/lmhosts.

Windows clients

Mounting disks from a Windows client can be done with a "net use" command:
C:\> net use h: \\server\sharepoint

where h: is the drive letter assigned.

   
       
         
 
[ Back ]



Copyright © 2006,2007 Linux Box Admin.

 
My NHL fan blog