Section 3.2. Windows Setup

3.2. Windows Setup

Before a Windows client can connect to a Samba server or other any CIFS server, a few network components must be configured. Despite a few cosmetic differences, the Windows networking management interface is much more consistent these days than in times past. The terms and information in the remainder of this chapter apply to Windows 2000 and later. However, the screenshots are taken from a Windows XP client.

Before beginning to configure the Windows system, ensure that you are logged onto the client using an account that has the level of privilege necessary to make any networking changes. The built-in Administrator account will work fine, but any member of the Administrators group should have sufficient authority to update the client's configuration.

3.2.1. Networking Components

First locate the Control Panel. Depending on what version of Windows or what desktop theme is currently selected, this item may or may not be found in the Start menu (or Settings submenu). If you cannot find an icon for the Control Panel, you can start the application by running control.exe from a shell window or from the Run subcommand in the Start menu. Launching the Control Panel displays a window similar to the one shown Figure 3-2. If you see a headline in the screen that asks you to "Pick a category," select the Classic View option from the lefthand side of the window to convert to the layout shown here.

Figure 3-2. The Windows XP Control Panel application in Classic View

Next, find and click the Network Connections icon. Windows 2000 refers to this as "Network and Dial-Up Connections." The resulting dialog box lists all of the available network interfaces (LAN cards, modems, and so on). Figure 3-3 illustrates a client with a single Ethernet adapter installed. By right-clicking the icon for the appropriate network connection and selecting the Properties context menu option, you can view the list of installed networking components, as shown in Figure 3-4.

Figure 3-3. The Network Connections window

Figure 3-4. List of installed network components for the local area connection

If you ever get tired of navigating the Windows Start Menu looking for the Control Panel and networking applet, run control ncpa.cpl from a command shell or the Run . . . option on the Start Menu. This is a quick method of launching the networking configuration screen. In fact, any of the control panel applets (%Systemroot%\system32\*.cpl) can be started in this fashion.

Older clients maintained the notion of binding protocols and services to a specific network card, and therefore presented a complicated configuration dialog for specifying which interface would use which component. Windows 2000 and later updated this setup step with the concept of connections. When viewing a connection, you will see a specific hardware device such as the Ethernet card (Figure 3-4). Each entry in the list of installed components has a check box beside it to enable it (that is, bind it) for this connection.

At a minimum, we need the following two software components:

• The TCP/IP network protocol stack

• The Client for Microsoft Networks component

We assume a working network interface, although it is probably a good idea to check for the message "This device is working properly" when clicking the Configure button beside the network card icon. There is no way to navigate back to the previous window, so you must reopen the network connection property window once you exit the network adapter configuration dialog.

Add the TCP/IP protocol if it is not present. When you click Install . . ., you will be prompted to select a service from the three categories. After selecting the Protocol category, and continuing by clicking Add . . ., you will be presented with a list of available network stacks. TCP/IP will appear in the list of available choices (unless it has already been installed). If the client has any additional network protocols installed, such as NetBEUI, NWLink, or IPX/SPX, remove them now unless they are necessary for accessing other resources on your network. If you are unsure whether the extra protocol stacks are required, check with another network administrator. To remove a component, select the component in the list, click Uninstall, and then choose Yes in the dialog box that pops up. In some cases, the change might not take effect until Windows has been rebooted.

You can follow similar steps for installing the "Client for Microsoft Networks." Select the Client category from the Install window instead of the Protocol category, as we did previously.

3.2.2. Configuring TCP/IP

Now click Internet Protocol (TCP/IP), and then Properties to open the Internet Protocol (TCP/IP) Properties dialog box, shown in Figure 3-5.

Figure 3-5. The Internet Protocol (TCP/IP) Properties dialog box

3.2.2.1. IP address and DNS servers

If you are using DHCP on your network to assign IP addresses dynamically, choose "Obtain IP address automatically" (the default setting). Otherwise, select "Use the following address" and fill in the computer's IP address and netmask in the spaces provided. It is easiest, when you first start, to use a client and server on the same subnet (the same network address and netmask), but this is not required. For example, if the server's address is 192.168.1.2 and its network mask is 255.255.255.0, you might use the address 192.168.1.100 (if it is available), along with the same netmask. You can also fill in the IP address of the default gateway.

If the client is not using DHCP to obtain an address, you probably must fill in the DNS information manually. In the lower part of the dialog box, select "Use the following DNS server addresses," and fill in the IP address of your DNS server. If you are using a DHCP network for assigning this information, leave the default "Obtain DNS Server Address Automatically" radio button selected.

3.2.2.2. WINS server

Click the Advanced . . . button to bring up the Advanced TCP/IP Settings dialog box, then click the WINS tab to display the dialog box shown in Figure 3-6. Similar to our DNS configuration, if your client is using a DHCP server, the addresses for any available WINS servers were probably assigned automatically when the client received its IP address, even though none are shown on this screen.

Figure 3-6. The WINS tab of the Advanced TCP/IP Settings dialog box

If you need to manually specify a WINS server, enter its address in the space labeled "WINS addresses, in order of use." If your Samba server is providing WINS service (in other words, you have the line wins support = yes in the smb.conf file of your Samba server), specify the Samba server's IP address here. Otherwise, provide the address of another WINS server on your network.

We'll ignore the "Enable LMHOST lookup" check box, because as a general rule such static files should be avoided. If at some point in the future you choose to maintain an LMHOSTS file on clients, check this box.

The final section of this dialog box, located near the bottom, allows you to define whether NetBIOS support should be enabled. We have briefly discussed how Microsoft implemented CIFS directly over TCP/IP without the NetBIOS abstraction layer beginning in Windows 2000. We haven't yet discussed this in the context of Samba's complete set of features, however. In the following situations, you absolutely must have NetBIOS support enabled on the client:

• You plan to access pre-Windows 2000 computers, such as Windows NT file or print servers or Windows 9x clients.

• You plan to use Samba as a domain controller.

• You require support for network browsing.

If you are using a workgroup environment, network browsing can be useful. It is not a required feature, however, so the choice is up to you. When in doubt, it is best to leave the setting enabled. At worst, it causes a few extra log messages on Samba servers or a few extra packets on your network.

When you are satisfied with your settings for IP Address, WINS Address, and DNS server, click OK in each open dialog box and close the Local Area Connection Properties dialog box to complete the configuration. The client may need to load some files from the Windows distribution CD-ROM, and you might need to reboot for your changes to take effect.

3.2.3. Computer and Workgroup Names

From the Control Panel, double-click the System icon to open the System Properties dialog box (or run control.exe sysdm.cpl). Click the Computer Name tab, and the resulting System Properties dialog box will look similar to Figure 3-7. (Here, Windows 2000 diverges slightly. The Computer Name is called the Network Identification tab, and instead of Change, you will see a Properties button. After clicking this button, things should start to look like they are shown in this chapter again.) To assign a computer name and workgroup name, click Change to access the dialog box shown in Figure 3-8.

Figure 3-7. The System Properties dialog box, showing the Computer Name tab

Figure 3-8. The Computer Name Changes dialog box

Choosing a name for machines is probably one of the most fun but geekiest things we do as administrators. Select a name. We'll stick with the vegetable theme and choose lettuce. Now define the workgroup name to match the workgroup parameter value in smb.conf (we used GARDEN in our example in Chapter 2). Case is irrelevant when defining either of these two configuration values on the client. Click OK and, when requested, and reboot to put your configuration changes into effect. Once again, log in using an administrative account for the next activity.

3.2.4. Connecting to the Samba Server

Assume that we have a Unix user account named rose and that we have previously created a Samba account for this user by running:

 root# smbpasswd -a rose New SMB password: fiddle Retype new SMB password: fiddle Added user rose. 

We should now be able to map to the [test] share that we created on the server rain during the last chapter. Open a command shell window (cmd.exe) on your Windows client and run:

 C:\> net use t: \\rain\test /user:rose fiddle 

You should be greeted with the following line:

 The command completed successfully. 

If instead you see an error stating that the "network path was not found," try connecting using the IP address of the Samba server instead. If this fails also and you know from the tests in the previous chapter that the server is running, there is most likely a problem with network connectivity. Go directly to the section "The Fault Tree" in Chapter 12 for instructions on troubleshooting.

3.2.5. Creating Local Users on Window Clients

Extra steps, such as specifying a username and password when connecting to a server, can be error-prone. If you try to connect without any credentials, Windows automatically attempts to use the username and password that you used to initially log on and prompts you if the connection attempt fails with a logon error. So far, you have logged into your Windows XP system as a user in the Administrators group. To access resources on the Samba server transparently, it is best to have your account credentials on the Samba server synchronized with your username and password on the local client.

All of this direction assumes that the client and server are participating in a workgroup. If your client is part of a domain, it is best to enter your domain account information at the Windows logon dialog box. Windows then automatically tries to use these credentials when connecting to other servers. Chapters 9 and 10 provide more information on Samba's role in controlling a domain and acting as a member of a domain.

You've already seen how to create Samba accounts on the server. Here is a quick tour of creating local accounts on the Windows client. The fastest way to bring up the user management console is to run the lusrmgr.msc application. This application is a plug-in for the Microsoft Management Console (MMC). After you launch the Local Users and Groups utility, either from the Run option of the Start menu or from a command shell window, a screen similar to the one shown in Figure 3-9 is displayed.

Figure 3-9. The Local Users and Group MMC plug-in

Windows XP Home is Microsoft's variant designed for home and personal use, much like the earlier Windows 95/98/Me variants, and Windows XP Professional is advertised as the upgrade for Windows 2000 installations. In most circumstances, the Home and Professional version operate similarly. There are two notable limitations in the Home edition that apply to our discussion. The first is that XP Home is unable to join a Windows domain; this limitation is applicable to our discussion in Chapter 9. The second, which is of immediate interest, is that local user accounts can be created only from the User Accounts applet in the Control Panel (which you can also bring up through the command control.exe nusrmgr.cpl).

Selecting the Users folder in the lefthand panel enables the New User . . . option in the Action menu. Figure 3-10 shows the process of creating a local user account for our existing Unix/Samba account named rose. Make sure to enter the same password used when creating the Samba account. After creating the account, you can add the user to any local group by selecting the group folder from the left side, highlighting a group, and modifying its properties. Group membership on the local client does not affect the Unix user's group membership on the server.

Figure 3-10. Creating a user account for rose

You can now log out of the client and back on again as the user rose. Usually this means selecting Log Off from the Start Menu and entering the new username and password in the resulting dialog box. Now you can connect to the Samba host without specifying any extra information:

 C:\> net use t: \\rain\test The command completed successfully. 

Default installations of Windows NT-based hosts will remember any file or printer connections that you have as part of your user profile and attempt to automatically reestablish those connections for you the next time you log onto the client.

3.2.6. Browsing the Samba Server

We've connected to the server, so we can be sure that authentication is working correctly. Now for the big momentseeing Samba in the My Network Places window. As with so many things in Windows and in the Perl programming language, there is more than one way to do it. The most consistent way to browse the network across all recent Microsoft operating system releases is to use the Windows Explorer application. Go to Start Run and enter explorer.exe. The window that results (Figure 3-11) should display the My Network Places link in the lefthand side.

Figure 3-11. Viewing My Network Places through the Windows Explorer

The next thing to do is drill down through the entire network to your workgroup and expand the list of servers. You should see the server named Rain. You will also see the client (Lettuce) appear, if the "File and Printer Sharing for Microsoft Networks" component is installed locally.

Now select Rain from the list of servers and view the available shares. Figure 3-12 shows that we currently have only one file share, which is named test. There is also an empty Printers and Faxes folder. If we had any shared printers on the server, they would show up in the share list beside the test file share and inside of Printers and Faxes. Printing is covered in Chapter 7.

Figure 3-12. Viewing the list of shares on the server \\RAIN

Congratulations! You have a working Windows client from which you can test the Samba configurations that are explored in the upcoming chapters.