| Samba (www.samba.org) is an open-source project designed to give Unix systems the ability to share directories and printers in a way that's compatible with Windows. Actually, it's also compatible with any system running Samba, OS/2, and LAN Manager; all of these implement the same basic protocol, which was later standardized as CIFS (for the Common Internet File System, formerly known as SMB, which is where the name Samba came from). Besides being almost ubiquitous, Samba has the advantages of being secure, reliable, and fast. There's nothing stopping you from using it on networks that don't have any Windows machines. Because Cygwin runs on top of Windows, it already supports CIFS natively; you use the standard Windows techniques for mounting a shared directory or for sharing part of your file system. Mac OS X supports CIFS directly from the Finder's Go menu (although it's running Samba under the covers), making it easy to mount shared directories. Fedora Core also comes with Samba client support, and you can access Windows networks from the desktop by double-clicking the Computer icon, double-clicking the Network icon, and then double-clicking the Windows network icon. It can't currently work as a Samba server, because of a conflict with the built-in firewall. To install Samba FreeBSD systems need to install Samba through the ports system (Code Listing 6.1). 1. | Log in as root, or use su to get a root shell.
| 2. | cd /usr/ports/net/samba3
Code listing 6.1. Using smbclient to list the shares on a server. bsd# smbclient -U chrish -L taffer Password: Domain=[TAFFER] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Sharename Type Comment --------- ---- ------- E$ Disk Default share IPC$ IPC Remote IPC D$ Disk Default share print$ Disk Printer Drivers SharedDocs Disk scribe Printer Lexmark Z22-Z32 Color Jetprinter (Copy 1) home Disk Taffer's home Movies Disk G$ Disk Default share wallpaper Disk Desktop wallpaper galore tmp Disk Music Disk ADMIN$ Disk Remote Admin C$ Disk Default share Domain=[TAFFER] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager] Server Comment --------- ------- Workgroup Master --------- ------- bsd#
| 3. | make install clean
The ports system displays the "Options for samba" dialog (Figure 6.1).
Figure 6.1. FreeBSD offers to build Samba with quite a few options. 
| 4. | Unless you need one of the disabled options, you can go with the defaults. To turn on an additional option, use the up and down arrow keys to move to the option's entry, then press the spacebar to select (or deselect) it.
The options include
LDAP Add support for authenticating users stored in an LDAP server.
ADS Add support for authenticating users stored in an Active Directory server.
CUPS Add support for sharing CUPS-based printers.
WINBIND Add support for adding the Samba server to an existing Active Directory or Windows domain.
ACL_SUPPORT Add support for ACLs (Access Control Lists; detailed Windows-style file and directory permissions).
SYSLOG Add support for standard syslog error and diagnostic reporting (as opposed to writing log messages in a Samba-specific log file).
QUOTAS Add support for per-user disk quotas.
UTMP Add support for checking for currently logged-in users through the /var/ log/utmp file.
MSDFS Add support for the Microsoft Distributed File System.
SAM_XML Allow storing Samba passwords in an XML file.
SAM_MYSQL Allow storing Samba passwords in a MySQL database.
SAM_PGSQL Allow storing Samba passwords in a PostgreSQL database.
SAM_OLD_LDAP Samba 2.xcompatible LDAP user-authentication support.
PAM_SMBPASS Add support for authenticating users with PAM.
POPT Build with Samba's built-in popt() function instead of trying to use the OS's. You should leave this one alone on the theory that the BSD folks knew what they were doing when they made it the default.
| 5. | Press Tab and then Enter to dismiss the "Options for samba" dialog and continue the installation with your selected options.
| 6. | Using your favorite text editor, add the following line to /etc/rc.conf:
samba_enable="YES"
| 7. | Restart the machine, or run the following command to start Samba:
/usr/local/etc/rc.d/samba.sh start
|
To configure Samba Cygwin users need to share directories or printers through the standard Windows interfaces. Everyone else controls their shares through the /etc/smb.conf file. 1. | Open a root shell, or use su (or sudo) to become root.
| 2. | If you're using FreeBSD,
cd /usr/local/etc
or, if you're using Mac OS X,
cd /etc
| 3. | Use your favorite text editor to create or edit the smb.conf file.
The smb.conf file consists of comments (lines starting with a semicolon or # character), section headings (lines enclosed in square brackets), and section data (anything after a section heading up to the next section heading).
| 4. | Add or edit the [global] section so that it has at least the following entries:
[global] workgroup = name security = user hosts allow = nets 127. log file = /var/log/samba/log.%m max log size = maxlog passdb backend = tdbsam
Replace name with the name of the domain or workgroup. nets should be one or more networks (use 192.168.0. to allow 192.168.0.*, for example) that are allowed to attach to your Samba server; all others will be denied. Set maxlog to the maximum log file size, such as 50 for 50 Kbytes maximum.
Setting security to user means that users will be authenticated with the server using a user ID and password stored locally. Using the above value for log file will create one log file per machine (named log.machine_name) in the /var/log/samba directory. Finally, the passdb backend indicates which type of database to use for storing user IDs and passwordsin this case, a TDB file.
| 5. | testparm
Test your configuration (Figure 6.2) to see if you've made any syntax errors. If you have, fix them.
Figure 6.2. Using testparm to test your Samba configuration. 
|
To add users to Samba If you've configured Samba with user-level security (as we have, above), you'll need to add users to the Samba-specific password database. This is separate from the OS password database found in /etc/passwd, allowing you to create users specifically for Samba without needing to muck with your machine configuration. 1. | Log in as root, or use su (or sudo) to become root.
Manipulating the Samba password database requires root's privileges.
| 2. | pdbedit -a -u userid
Add (-a) the specified userid to the Samba password database. Note that pdbedit works transparently with whatever database back end is specified in the global smb.conf file (and you can force it to use another back end with the -b option).
| 3. | Type the user's password at the "new password" prompt. Type it again at the "retype new password" prompt to make sure you've got it right.
|
To share a directory with Samba To share a directory with Samba, you add a new section to the smb.conf file giving details about what you're sharing. 1. | Open a root shell, or use su (or sudo) to become root.
| 2. | If you're using FreeBSD,
cd /usr/local/etc
or, if you're using Mac OS X,
cd /etc
| 3. | Use your favorite text editor to create or edit the smb.conf file.
| 4. | Add one or more share sections similar to this:
[sharename] path = /the/directory/to/share writable = yes guest ok = no browseable = yes comment = description
Each section like this creates one shared directory; in this case, it will be named sharename and map to /the/directory/ to/share on this system. Set writable to no if you want a read-only share, guest ok to yes if you want to let anonymous users access the share, and browseable to no if you want to hide the share from network browsing (as through the smbclient command or Windows' View Workgroup Computers). If you've set browseable to no, you can also leave off the comment, which is displayed next to the share name during network browsing.
| 5. | Save the file, then run testparm to make sure you didn't accidentally include some syntax errors.
| 6. | If you're using FreeBSD:
/usr/local/etc/rc.d/samba.sh  restart
or, if you're using Mac OS X:
service smbd stop service smbd start
Restart the Samba services to incorporate your changes in smb.conf.
|
To mount a shared directory For systems that don't sport a nice graphical interface for mounting remote shares, we'll need to know how to discover the shares, and mount them locally. 1. | smbclient -U userid -L server
Use the smbclient command's -L option to list the shares available on the specified server (Code Listing 6.1), connecting as the user specified in userid. You'll be prompted for userid's password.
Or, if you're using Cygwin:
net view \\\\server
This lists the available shares on server in a slightly different format (Code Listing 6.2) and leaves out the "hidden" administrative shares. The four backslash characters are required because the shell uses \to escape "special" characters; \\turns into one \ being passed to the command.
Code listing 6.2. Using net view under Cygwin to list the shares on a server. chrish@taffer [514]: net view \\\\taffer Shared resources at \\taffer Taffer (P4 2.53GHz) Share name Type Used as Comment ------------------------------------------------------------------------------- home Disk Taffer's home Movies Disk Music Disk scribe Print Lexmark Z22-Z32 Color Jetprinter SharedDocs Disk tmp Disk wallpaper Disk Desktop wallpaper galore The command completed successfully. chrish@taffer [515]:
| 2. | Use su to become root, or use sudo with the commands in the following steps. On most systems, only root can mount file systems.
| 3. | mkdir /path/to/mountpoint
If you don't already have a directory to use as a mount point, create one. This can be anywhere in the file system, although it's usually under /mnt (or /Volumes on Mac OS X).
| 4. |
mount -t smbfs -o username=userid //server/share /path/to/mountpoint
on Fedora Core, or, if you're using FreeBSD:
mount -t smbfs //userid@server/share /path/to/mountpoint
or, if you're using Cygwin:
mount -f //server/share /path/to/mountpoint
or, if you're using Mac OS X:
mount -t smbfs -o -U=userid //server/share /path/to/mountpoint
Mount share on server as the directory at mountpoint, logging in to server as userid. You will be prompted for userid's password.
|
 Tips
Samba comes with a Web-based configuration tool called SWAT (Samba Web Administration Tool). Check the Samba Web site (www.samba.org) for more information. Cygwin can use network paths directly (for example, cd //server/share) if you're already authenticated with the server via a domain controller or if your user ID and password on the server are identical to your user ID and password on your Cygwin system. If you've mounted a remote share as a local drive (for example, X:) on Windows, you can access it under Cygwin through /cygdrive/x as you would any other Windows drive. If you're serving a large number of Mac client systems, check out the Netatalk server (http://netatalk.sourceforge.net) for Unix systems, including Linux and FreeBSD. The smbclient command can also be used like an FTP client for shared directories. This can be useful if you're having trouble using the GUI front ends or if you need to do something that isn't supported by the GUI.
|
