14.1 Configuring the Server

Previous page
Table of content
Next page

14.1 Configuring the Server

The central Samba configuration file is smb.conf , and it is usually located in Samba's lib directory (for example, /usr/local/lib ). However, some distributions put the configuration file in an etc directory, such as /etc/samba or /usr/local/etc . The smb.conf file breaks down into several sections denoted with square brackets (such as [global] and [printers] ).

The [global] section in smb.conf contains general options that apply to the entire server and all shares. These options pertain primarily to network configuration and access control. Here is a sample [global] section that shows you how to set the server name , description, and workgroup: 

 [global]   # server name   netbios name =  name  # server description   server string = My server via Samba   # workgroup   workgroup = MYNETWORK

These parameters work as follows :

  • netbios name The server name. If you omit this parameter, Samba uses the Unix hostname.

  • server string A short description of the server. The default is the Samba version number.

  • workgroup The SMB workgroup name. If you're on a Windows NT domain, set this parameter to the name of your domain.

14.1.1 Server Access Control

There are a few options that you can add to your smb.conf file to put limits on the machines and users that can access your Samba server. The following list includes many options that you can set in your [global] section, as well as in the other sections that control individual shares (described later in the chapter):

  • interfaces Set this to have Samba listen on the given networks or interfaces. Here are two examples: 

     interfaces = 10.23.2.0/255.255.255.0     interfaces = eth0

  • bind interfaces only Set this to yes when using the interfaces parameter in order to limit access to machines that you can reach on those interfaces.

  • valid users Set this to allow the given users access. For example: 

     valid users = jruser, bill

  • guest ok Set this parameter to true if you would like a share to be available to anonymous users on the network.

  • guest only Set this parameter to true to allow anonymous access only.

  • browseable Set this to make shares available in Samba's browseable share list. If you set this parameter to no for any or all shares, you will still be able to access shares on the Samba server, but they will not be browseable, and therefore you will need to know their exact names .

14.1.2 Passwords

In general, you only want to allow access to your Samba server with password authentication. Unfortunately, the basic password system on Unix is different than that on Windows, so unless you specify clear-text network passwords or authenticate passwords with a Windows server, you must set up an alternative password file. This section shows you how.

Assuming that your Samba configuration directory is /etc/samba , you can use these entries in your [global] section to define the Samba password file as /etc/samba/passwd_smb : 

 # use a separate password file for Samba to enable encrypted passwords    security = user    encrypt passwords = yes    smb passwd file = /etc/samba/passwd_smb

With these lines in place, you can manipulate the passwd_smb password file with the smbpasswd program.

Note  

If you have access to a Windows NT domain, you can set security = domain , to make Samba use the domain's usernames and eliminate the need for an SMB password file. However, in order for domain users to access the machine running Samba, each domain user must have a local account with the same username on the machine running Samba.

Adding and Deleting Users

The first thing you need to do in order to give a Windows user access to your Samba server is to add the user to the passwd_smb file with the smbpasswd -a command: 

 smbpasswd -a  username

The username parameter to the smbpasswd command must be a valid username on your Linux system.

Much like the regular system's passwd program would, smbpasswd asks you to enter the new user's password twice. If the Samba password file does not exist, smbpasswd creates it for you, then confirms that it has created the new user.

To remove a user, use the -x option to smbpasswd : 

 smbpasswd -x  username

At times, you may not necessarily want to delete a user, but rather, temporarily deactivate the user. The -d option disables a user; and -e re-enables the user: 

 smbpasswd -d  username  smbpasswd -e  username

Changing Passwords

You can change a Samba password as the superuser by using smbpasswd with no options or keywords other than the username: 

 smbpasswd  username

However, if the Samba server is running, any user can change their own Samba password by entering smbpasswd by itself on the command line.



Previous page
Table of content
Next page
How Linux Works
How Linux Works: What Every Superuser Should Know
ISBN: 1593270356
EAN: 2147483647
Year: 2004
Pages: 189
Authors: Brian Ward
BUY ON AMAZON
Java I/O
Systematic Software Testing (Artech House Computer Library)
Visual C# 2005 How to Program (2nd Edition)
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
What is Lean Six Sigma
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy