|
Welcome to T.he L.inux G.uide O.nline
The following is a reference to Linux. Please feel free to
contact me for any details.
Chapter 06 - Samba
6.1 Introduction
This section deals with the setup and configuration of samba
for Linux. It describes how to use the Server Message Block
(SMB) protocol, also called the Session Message Block, NetBIOS
or LanManager protocol, with Linux using Samba. Although this
document is Linux-centric, Samba runs on most Unix-like operating
systems.
The SMB protocol is used by Microsoft Windows 3.11, NT and
95/98 to share disks and printers. Using the Samba suite of
tools by Andrew Tridgell ( Andrew.Tridgell@anu.edu.au), UNIX
(including Linux) machines can share disk and printers with
Windows hosts. The smbfs tools by Paal-Kr. Engstad ( engstad@intermetrics.com)
and Volker Lendecke ( lendecke@namu01.gwdg.de) enable Unix
machines to mount SMB shares from Windows or Samba hosts.
Please note that for Windows 3.x machines to access SMB shares,
they must have a TCP/IP stack and the Win32s DLLs.
There are four basic things that one can do with Samba:
- Share a Linux drive with Windows machines.
- Access an SMB share with Linux machines.
- Share a Linux printer with Windows machines.
- Share a Windows printer with Linux machines.
6.2 Installation and running
This is done using the appropriate samba rpm files. If you
used the option of including samba during install time, these
rpms would have been installed for you.
The following two daemons are required for the Samba package.
They are typically installed in /usr/sbin and run either on
boot from the systems startup scripts or from inetd.
smbd (The SMB daemon)
nmbd (Provides NetBIOS nameserver support to clients)
Typically, the following Samba binaries are installed in
/usr/bin
smbclient (An SMB client for UNIX machines)
smbprint (A script to print to a printer on an SMB
host)
smbprint.sysv (As above, but for SVR4 UNIX machines)
smbstatus (Lists the cuurent SMB connections for the
local host)
smbrun (A 'glue' script to facilitate runnning applications
on SMB hosts)
The two SMB daemons are /usr/sbin/smbd and /usr/sbin/nmbd.
Under most Linux distributions, these are started, stopped
and restarted via the startup script located in /etc/rc.d/init.d/smb
and symlinked to the appropriate runlevels.
If you choose not to use the standard startup script, you
can run the Samba daemons from inetd or as stand-alone processes.
Samba will respond slightly faster as a standalone daemon
than running from inetd.
In either case, you should check the file /etc/services for
lines that look like this:
--------------------------------------------------------------------------------
netbios-ns 137/tcp nbns
netbios-ns 137/udp nbns
netbios-dgm 138/tcp nbdgm
netbios-dgm 138/udp nbdgm
netbios-ssn 139/tcp nbssn
--------------------------------------------------------------------------------
Make sure they are all uncommented. Samba will not be able
to bind to the appropriate ports unless /etc/services has
these entries.
To run the daemons from inetd, place the following lines
in the inetd configuration file, /etc/inetd.conf:
--------------------------------------------------------------------------------
# SAMBA NetBIOS services (for PC file and
print sharing)
netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd
--------------------------------------------------------------------------------
Then restart the inetd daemon by running the command:
$ /etc/rc.d/inet.d/inet restart
To run the daemons from the system startup scripts, use
the sysV script /etc/rc.d/init.d/smb and symbolically link
it to the start files in the rcN.d directory with appropriate
order after the network and other daemons have run.
If when starting Samba you get an error that says something
about the daemon failing to bind to port 139, then you probably
have another Samba process already running that hasn't yet
shut down. Check a process list (with 'ps auxww | grep mbd')
to determine if another Samba service is running.
6.3 General Configuration (/etc/smb.conf)
Samba configuration on a Linux (or other UNIX machine) is
controlled by a single file, /etc/smb.conf. This file determines
which system resources you want to share with the outside
world and what restrictions you wish to place on them.
Since the following sections will address sharing Linux drives
and printers with Windows machines, the smb.conf file shown
in this section is as simple as you can get, just for introductory
purposes.
Don't worry about the details, yet. Later sections will introduce
the major concepts.
Each section of the file starts with a section header such
as [global], [homes], [printers], etc.
The [global] section defines a few variables that Samba will
use to define sharing for all resources.
The [homes] section allows a remote users to access their
(and only their) home directory on the local (Linux) machine).
That is, users trying to connect to this share from Windows
machines, will be connected to their personal home directories.
Note that to do this, they must have an account on the Linux
box.
The sample smb.conf file below allows remote users to get
to their home directories on the local machine and to write
to a temporary directory. For a Windows user to see these
shares, the Linux box has to be on the local network. Then
the user simply connects a network drive from the Windows
File Manager or Windows Explorer.
--------------------------------------------------------------------------------
; /etc/smb.conf
;
; Make sure and restart the server after making changes to
this file, ex:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start
[global]
; Uncomment this if you want a guest account
; guest account = nobody
log file = /var/log/samba-log.%m
lock directory = /var/lock/samba
share modes = yes
[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
--------------------------------------------------------------------------------
Having written a new smb.conf, it is useful to test it to
verify its correctness. You can test the correctness of a
smb.conf file , using the 'testparm' utility (man page: testparm);
if testparm reports no problems, smbd will correctly load
the configuration file.
If your Samba server has more than one ethernet interface,
the smbd may bind to the wrong one. If so, you can force it
to bind to the intended one by adding a line that looks like
this to the [global] section of /etc/smb.conf:
--------------------------------------------------------------------------------
interfaces = 192.168.1.1/24
--------------------------------------------------------------------------------
where you replace the IP address above with the one that
is assigned to the correct ethernet interface. The "24"
is correct for a Class C network, but may have to be recalculated
if you have subnetted the network. The number relates to the
netmask.
Like everything in Linux that is the basic configuration
required for samba to e ready for use. However there are a
lot more options that can be seen from the man pages or from
the howto pages. Here are some examples.
To share a directory with the public, create a clone of the
[tmp] section above by adding something like this to smb.conf:
--------------------------------------------------------------------------------
[public]
comment = Public Stuff
path = /home/public
public = yes
writable = yes
printable = no
--------------------------------------------------------------------------------
To make the above directory readable by the public, but only
writable by people in group staff, modify the entry like this:
--------------------------------------------------------------------------------
[public]
comment = Public Stuff
path = /home/public
public = yes
writable = yes
printable = no
write list = @staff
--------------------------------------------------------------------------------
That was all the configuration required to make samba run.
However with the release of newer version of Windows, Microsoft
has made the use of encrypted passwords. So a connection cannot
normally be established. The method to overcome this is to
either allow Windows to send unencrypted password or for samba
to allow use of encrypted passwords.
To configure Samba to use encrypted passwords:
In the [global] section of /etc/smb.conf, add the following
lines:
--------------------------------------------------------------------------------
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
--------------------------------------------------------------------------------
6.4 Accessing Samba Share with Linux Machines
Linux (UNIX) machines can also browse and mount SMB shares.
Note that this can be done whether the server is a Windows
machine or a Samba server!
An SMB client program for UNIX machines is included with
the Samba distribution. It provides an ftp-like interface
on the command line. You can use this utility to transfer
files between a Windows 'server' and a Linux client.
Most Linux distributions also now include the useful smbfs
package, which allows one to mount and umount SMB shares.
More on smbfs below.
To see which shares are available on a given host, run:
--------------------------------------------------------------------------------
/usr/bin/smbclient -L host
--------------------------------------------------------------------------------
where 'host' is the name of the machine that you wish to
view. this will return a list of 'service' names - that is,
names of drives or printers that it can share with you. Unless
the SMB server has no security configured, it will ask you
for a password. Get it the password for the 'guest' account
or for your personal account on that machine.
For example:
--------------------------------------------------------------------------------
smbclient -L zimmerman
--------------------------------------------------------------------------------
The output of this command should look something like this:
--------------------------------------------------------------------------------
Server time is Sat Aug 10 15:58:27 1996
Timezone is UTC+10.0
Password:
Domain=[WORKGROUP] OS=[Windows NT 3.51] Server=[NT LAN Manager
3.51]
Server=[ZIMMERMAN] User=[] Workgroup=[WORKGROUP]
Domain=[]
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
public Disk Public
C$ Disk Default share
IPC$ IPC Remote IPC
OReilly Printer OReilly
print$ Disk Printer Drivers
This machine has a browse list:
Server Comment
--------- -------
HOPPER Samba 1.9.15p8
KERNIGAN Samba 1.9.15p8
LOVELACE Samba 1.9.15p8
RITCHIE Samba 1.9.15p8
ZIMMERMAN
--------------------------------------------------------------------------------
The browse list shows other SMB servers with resources to
share on the network.
To use the client, run:
--------------------------------------------------------------------------------
/usr/bin/smbclient service <password>
--------------------------------------------------------------------------------
where 'service' is a machine and share name. For example,
if you are trying to reach a directory that has been shared
as 'public' on a machine called zimmerman, the service would
be called \\zimmerman\public. However, due to shell restrictions,
you will need to escape the backslashes, so you end up with
something like this:
--------------------------------------------------------------------------------
/usr/bin/smbclient \\\\zimmerman\\public
mypasswd
--------------------------------------------------------------------------------
where 'mypasswd' is the literal string of your password.
You will get the smbclient prompt:
--------------------------------------------------------------------------------
Server time is Sat Aug 10 15:58:44 1996
Timezone is UTC+10.0
Domain=[WORKGROUP] OS=[Windows NT 3.51] Server=[NT LAN Manager
3.51]
smb: \>
--------------------------------------------------------------------------------
Type 'h' to get help using smbclient:
--------------------------------------------------------------------------------
smb: \> h
ls dir lcd cd pwd
get mget put mput rename
more mask del rm mkdir
md rmdir rd prompt recurse
translate lowercase print printmode queue
cancel stat quit q exit
newer archive tar blocksize tarmode
setmode help ? !
smb: \>
--------------------------------------------------------------------------------
If you can use ftp, you shouldn't need the man pages for
smbclient.
Although you can use smbclient for testing, you will soon
tire of it for real work. For that you will probably want
to use the smbfs package. Smbfs comes with two simple utilties,
smbmount and smbumount. They work just like mount and umount
for SMB shares.
One important thing to note: You must have smbfs support
compiled into your kernel to use these utilities!
The following shows a typical use of smbmount to mount an
SMB share called "customers" from a machine called
"samba1":
--------------------------------------------------------------------------------
[root@postel]# smbmount "\\\\samba1\\customers"
-U rtg2t -c 'mount /customers -u 500 -g 100'
Added interface ip=192.168.35.84 bcast=192.168.255.255 nmask=255.255.0.0
Got a positive name query response from 192.168.168.158 (
192.168.168.158 )
Server time is Tue Oct 5 10:27:36 1999
Timezone is UTC-4.0
Password:
Domain=[IPM] OS=[Unix] Server=[Samba 2.0.3]
security=user
--------------------------------------------------------------------------------
Issuing a mount command will now show the share mounted,
just as if it were an NFS export:
--------------------------------------------------------------------------------
[root@postel]# mount
/dev/hda2 on / type ext2 (rw)
none on /proc type proc (rw)
none on /dev/pts type devpts (rw,mode=622)
//SAMBA1/CUSTOMERS on /customers type smbfs (0)
--------------------------------------------------------------------------------
Please see the manual pages for smbmount and smbumount for
details on the above operation.
6.5 Share a printer
To share a Linux printer with Windows machines, you need
to make certain that your printer is set up to work under
Linux. If you can print from Linux, setting up an SMB share
of the printer is straight forward.
Note that Windows users must have an account on the Linux/Samba
server in order to print. Windows 95/98 will attempt to authenticate
to the print server using the username and password used on
login to the Windows box. This means that if you clicked 'Cancel'
when logging onto Windows, you can't print (or connect to
other SMB services)! Windows NT allows one to explicitly provide
a username and password when connecting to a printer.
See the Printing HOWTO to set up local printing.
Add printing configuration to your smb.conf:
--------------------------------------------------------------------------------
[global]
printing = bsd
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba-log.%m
lock directory = /var/lock/samba
[printers]
comment = All Printers
security = server
path = /var/spool/lpd/lp
browseable = no
printable = yes
public = yes
writable = no
create mode = 0700
[ljet]
security = server
path = /var/spool/lpd/lp
printer name = lp
writable = yes
public = yes
printable = yes
print command = lpr -r -h -P %p %s
--------------------------------------------------------------------------------
It is also possible to share a windows printer for use, under
Linux using special configurations and scripts. There are
also functions and programs that can be used to back up whole
windows clients under a Linux host. It is also possible, though
problematic to do SMB host browsing across routers.
Hence here we have seen the basics of both the DNS system
and the configurations required for Linux boxes to connect
to Windows machines and vice versa using SMB.
.
|
