Samba

 

Samba

 


Overview

Samba software allows one to mount Linux directories as Windows folders.

See Also:

  1. smb.conf
  2. smbd
  3. www.samba.org

 

Configuring a Samba Server

The default configuration file ( /etc/samba/smb.conf) allows users to view their home directories as a Samba share. It also shares any printers configured for the system as Samba shared printers. In other words, you can attach a printer to your system and print to it from the Windows machines on your network.

 

Graphical Configuration

To configure Samba using a graphical interface, use the Samba Server Configuration Tool. For command line configuration, see Command Line Configuration.

The Samba Server Configuration Tool is a graphical interface for managing Samba shares, users, and basic server settings. It modifies the configuration files in the /etc/samba/ directory. Any changes to these files not made using the application are preserved.

To use this application, be running the X Window System, have root privileges, and have the redhat-config-samba RPM package installed. To start the Samba Server Configuration Tool from the desktop, go to the Main Menu Button (on the Panel) => System Settings => Server Settings => Samba Server or type the command redhat-config-samba at a shell prompt (for example, in an XTerm or a GNOME terminal).

Samba Server Configuration Tool

The Samba Server Configuration Tool does not display shared printers or the default stanza that allows users to view their own home directories on the Samba server.

 

Configuring Server Settings

The first step in configuring a Samba server is to configure the basic settings for the server and a few security options. After starting the application, select Preferences => Server Settings from the pulldown menu. The Basic tab is displayed

Configuring Basic Server Settings

On the Basic tab, specify which workgroup the computer should be in as well as a brief description of the computer. They correspond to the workgroup and server string options in smb.conf.

Configuring Security Server Settings

The Security tab contains the following options:

After clicking OK, the changes are written to the configuration file and the daemon is restart; thus, the changes take effect immediately.

 

Managing Samba Users

The Samba Server Configuration Tool requires that an existing user account be active on the system acting as the Samba server before a Samba user can be added. The Samba user is associated with the existing user account.

 

Managing Samba Users

To add a Samba user, select Preferences => Samba Users from the pulldown menu, and click the Add User button. On the Create New Samba User window select a Unix Username from the list of existing users on the local system.

If the user has a different username on a Windows machine and will be logging into the Samba server from the Windows machine, specify that Windows username in the Windows Username> field. The Authentication Mode on the Security tab of the Server Settings preferences must be set to User for this option to work.

Also configure a Samba Password for the Samba User and confirm the Samba Password by typing it again. Even if you select to use encrypted passwords for Samba, it is recommended that the Samba passwords for all users are different from their system passwords.

To edit an existing user, select the user from the list, and click Edit User. To delete an existing Samba user, select the user, and click the

Delete User

button. Deleting a Samba user does not delete the associated user account.

The users are modified immediately after clicking the OK button.

 

Adding a Share

Adding a Share

To add a share, click the Add button. The Basic tab configures the following options:

On the Access tab, select whether to allow only specified users to access the share or whether to allow all Samba users to access the share. If you select to allow access to specific users, select the users from the list of available Samba users.

The share is added immediately after clicking OK.

 

Command Line Configuration

Samba uses /etc/samba/smb.conf as its configuration file. If you change this configuration file, the changes do not take effect until you restart the Samba daemon with the command service smb restart.

To specify the Windows workgroup and a brief description of the Samba server, edit the following lines in your smb.conf file:

 workgroup = WORKGROUPNAME
server string = 
 BRIEF COMMENT ABOUT SERVER

Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong. The BRIEF COMMENT ABOUT SERVER is optional and is used as the Windows comment about the Samba system.

To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):

 [sharename]
comment = 
 Insert a comment here
path = 
 /home/share/
valid users = 
 tfox carole
public = no
writable = yes
printable = no
create mask = 0765

The above example allows the users tfox and carole to read and write to the directory /home/share, on the Samba server, from a Samba client.

 

Encrypted Passwords

In Red Hat Linux 9 encrypted passwords are enabled by default because it is more secure. If encrypted passwords are not used, plain text passwords are used, which can be intercepted by someone using a network packet sniffer. It is recommended that encrypted passwords be used.

The Microsoft SMB Protocol originally used plaintext passwords. However, Windows NT 4.0 with Service Pack 3 or higher, Windows 98, Windows 2000, Windows ME, and Windows XP require encrypted Samba passwords. To use Samba between a system and a system running one of these Windows operating systems, you can either edit your Windows registry to use plaintext passwords or configure Samba on your Linux system to use encrypted passwords. If you choose to modify your registry, do so for all your Windows machines — this is risky and may cause further conflicts. It is recommended that you use encrypted passwords for better security.

To configure Samba on your system to use encrypted passwords, follow these steps:

  1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:
     cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

    If the system uses NIS, type the following command:

     ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

    The mksmbpasswd.sh script is installed in your /usr/bin directory with the samba package.

  2. Change the permissions of the Samba password file so that only root has read and write permissions:
     chmod 600 /etc/samba/smbpasswd

  3. The script does not copy user passwords to the new file, and a Samba user account is not active until a password is set for it. For higher security, it is recommended that the user's Samba password be different from the user's password. To set each Samba user's password, use the following command (replace username with each user's username):
     smbpasswd username 

  4. Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:
     encrypt passwords = yes
    smb passwd file = /etc/samba/smbpasswd

  5. Make sure the smb service is started by typing the command service smb restart at a shell prompt.

  6. If you want the smb service to start automatically, use ntsysv, chkconfig, or Services Configuration Tool to enable it at runtime.

Read /usr/share/doc/samba-<version>/docs/htmldocs/ENCRYPTION.html to learn more about encrypted passwords. (replace < version> with the version number of Samba that you have installed).

The pam_smbpass PAM module can be used to sync users' Samba passwords with their system passwords when the passwd command is used. If a user invokes the passwd command, the password he uses to log in to the system as well as the password he must provide to connect to a Samba share are changed.

To enable this feature, add the following line to /etc/pam.d/system-auth below the pam_cracklib.so invocation:

 password required /lib/security/pam_smbpass.so nullok use_authtok try_first_pass

 

Starting and Stopping the Server

On the server that is sharing directories via Samba, the smb service must be running.

View the status of the Samba daemon with the following command:

 /sbin/service smb status

Start the daemon with the following command:

 /sbin/service smb start

Stop the daemon with the following command:

 /sbin/service smb stop

To start the smb service at boot time, use the command:

 /sbin/chkconfig --level 345 smb on

You can also use chkconfig, ntsysv or the Services Configuration Tool to configure which services start at boot time.

 

Connecting to a Samba Share

To connect to a Linux Samba share from a Microsoft Windows machine, use Network Neighborhood or the graphical file manager.

To connect to a Samba share from a Linux system, from a shell prompt, type the following command:

 smbclient //hostname/
 sharename -U 
 username

Replace hostname with the hostname or IP address of the Samba server you want to connect to, sharename with the name of the shared directory you want to browse, and username with the Samba username for the system. Enter the correct password or press [Enter] if no password is required for the user.

If you see the smb:\> prompt, you have successfully logged in. Once you are logged in, type help for a list of commands. If you wish to browse the contents of your home directory, replace sharename with your username. If the -U switch is not used, the username of the current user is passed to the Samba server.

To exit smbclient, type

exit

at the smb:\> prompt.

You can also use Nautilus to view available Samba shares on your network. Select

Main Menu Button

(on the Panel) => Network Servers to view a list of Samba workgroups on your network. You can also type smb: in the Location: bar of Nautilus to view the workgroups.

An icon appears for each available SMB workgroup on the network.

SMB Workgroups in Nautilus

Double-click one of the workgroup icons to view a list of computers within the workgroup.

SMB Machines in Nautilus

As you can see from Figure 17-7, there is an icon for each machine within the workgroup. Double-click on an icon to view the Samba shares on the machine. If a username and password combination is required, you are prompted for them.

Alternately, you can also specify a username and password combination in the Location: bar using the following syntax (replace user, password, servername, and sharename with the appropriate values):

 smb://user:
 password@
 servername/sharename/

 

Samba

Samba uses the SMB protocol to share files and printers across a network connection. Operating systems that support this protocol include Microsoft Windows (through its Network Neighborhood), OS/2, and Linux.

 

Why Use Samba?

Samba is useful if you have a network of both Windows and Linux machines. Samba allows files and printers to be shared by all the systems in your network.


 

Home