Installing and Configuring Samba

 <  Day Day Up  >  

Test Objective Covered:

4. Install and configure Samba

As with preceding NNLS components , the CLE exam objectives specify that you be able to install and configure Samba. Just as we've done before, we're only going to touch the installation of Samba lightly because we spent a great deal of Chapter 5 discussing NNLS installation procedures.

Installing Samba

As with iFolder, if you performed an Express install, Samba was installed on your system. If you performed a Custom install, you had the opportunity to select the Samba component for installation.

If you didn't select Samba during the initial installation of NNLS, you can perform a post-installation by completing the following steps:

  1. Mount your NNLS ISO image.

  2. Run the install.sh script.

  3. When prompted, specify a Custom installation.

  4. When prompted to select the products to be installed, deselect all products.

  5. Select Samba .

  6. Finish the installation according to the instructions presented in Chapter 5.

Let's spend the rest of this section discussing how to configure Samba.

Configuring Samba

If you've implemented the Open Source version of Samba before, you may be tempted to skip this section and configure this service the same old way you always have. Be aware that the NNLS version of Samba is a little bit different.

Because of its eDirectory/LUM integration, the steps for configuring this version are a little bit different. To configure the NNLS version of Samba, you need to do the following:

  • Enable Samba users.

  • Configure the Samba configuration file.

  • Start the Samba service.

Let's look at each of these tasks .

Enabling Samba Users

Unlike the traditional version of Samba, you have to enable the user objects in your eDirectory tree to use Samba. To do this, you must first implement Linux User Management (LUM). We covered LUM in Chapter 6, "Managing User Accounts with eGuide and Linux User Management."

Once LUM has been configured, you can LUM-enable and Samba-enable a new user when you create his or her object in the tree. To do this, complete the following steps:

  1. Open a web browser and navigate to https :// your_server_IP_address /nps/iManager.html.

  2. Verify your LUM configuration. Ensure sure you have a LUM group enabled in your tree.

  3. Under the eDirectory Administration role, select the Create Object task.

  4. In the Available Object Classes field, scroll down to and select User .

  5. Click OK .

  6. Fill in the user object attributes in the Create User screen, shown in Figure 8.32.

    Figure 8.32. The Create User screen in iManager.

    graphics/08fig32.jpg


  7. Click OK .

  8. When prompted that the user was created, click OK . The screen shown in Figure 8.33 is displayed. This screen is used to LUM-enable and Samba-enable the user object.

    Figure 8.33. Enabling a user object for LUM and Samba.

    graphics/08fig33.jpg


  9. In the Enter the Primary Group for this User field, browse to and select your LUM group.

  10. Make sure the Also convert this User object to a Samba User object box is marked .

  11. In the Enter the desired Samba password field, enter a Samba password for the user. You need to understand that the NNLS Samba service doesn't use the user object's eDirectory password. When a user object is Samba-enabled, an attribute is added to the user object that stores its Samba password. By default, this field is automatically populated with the eDirectory password. Novell recommends that the Samba password be the same as the eDirectory password to avoid confusion.

  12. Click OK .

  13. When prompted that the user has been LUM-enabled, click OK .

After the object is created, the user has two extra property pages: the Linux Profile Page and the Samba Profile Page. This is shown in Figure 8.34.

Figure 8.34. Additional user object property pages.

graphics/08fig34.jpg


The Samba Profile Page allows you to change the user's Samba password, as shown in Figure 8.35.

Figure 8.35. Samba Profile Property Page.

graphics/08fig35.jpg


Before the user can use Samba, he or she needs to have a home directory created in the Linux server's file system. The easiest way to do this is to simply have the user log in. Recall from Chapter 6 that when a LUM user authenticates to the system, a home directory is created and associated with the user object in the eDirectory tree.

In Figure 8.36, the JJackson eDirectory user has used an ssh utility to log in to the Linux server. During authentication, notice that a home directory for the JJackson user object was automatically created in the /home directory.

Figure 8.36. Automatic home directory creation.

graphics/08fig36.jpg


If you check the Linux Profile Page for the user object in iManager after the user has logged in, you will see that the Home Directory attribute has been populated. This is shown in Figure 8.37.

Figure 8.37. Home Directory attribute in the Linux Profile Page.

graphics/08fig37.jpg


You may be asking, "What if I already have users in the eDirectory tree who I want to make Samba users? Do I have to manually re-create each one to Samba-enable them?" Never fear! As with LUM, NNLS includes iManager tasks under the Linux User Management role that will allow you to convert existing users to Samba users. These roles are shown in Figure 8.38.

Figure 8.38. Tasks for converting existing users to Samba users.

graphics/08fig38.jpg


If you have users who aren't currently LUM users, you can use the Convert eDirectory User to LUM User task in iManager to convert a user object to both a LUM user and a Samba user at the same time.

If you have users who are currently LUM users but not Samba users, you can use the Convert LUM User to Samba User task. For the purposes of this book, we're going to focus on the former option, converting users to both LUM and Samba users at the same time.

To convert existing eDirectory users to LUM and Samba users, complete the following steps:

  1. Open a web browser and navigate to https:// your_server_IP_address /nps/iManager.html.

  2. Using the steps discussed in Chapter 6, configure one or more groups in your tree that will contain LUM/Samba users.

  3. Using the steps presented in Chapters 5 and 6, populate the group(s) with the users who will be converted to LUM/Samba users.

  4. Under Linux User Management, select Convert eDirectory User to LUM User .

  5. In the Select User field, browse to and select the user you want to convert.

  6. Click OK . The screen in Figure 8.39 appears.

    Figure 8.39. Converting an existing user to a Samba user.

    graphics/08fig39.jpg


  7. In the Enter the Primary Group for this User field, browse to and select the LUM-enabled group the given user is a member of.

  8. Make sure the Also convert this User object to a Samba User object box is marked.

  9. In the Enter the desired Samba password field, enter the Samba password for the user. As mentioned before, you should consider using the user's eDirectory password for the Samba password. Otherwise, the user will have to remember two passwords ”one to authenticate to the tree and one to access Samba resources.

  10. Click OK .

  11. When prompted that the process was successful, click OK . If you have more users to convert, you could select Repeat Task to repeat this process on the rest of the user objects.

NNLS also includes a version of the smbpasswd utility that you may be familiar with if you've implemented the non-NNLS version of Samba. You can use this utility to set the Samba password for a user object. However, it doesn't convert the user to a LUM/Samba user, nor does it configure LUM attributes. Novell recommends that you use iManager to configure your Samba users instead.

Now that your user objects have been converted to Samba users, the next thing we need to do is configure your Samba server.

Configuring the Samba Configuration File

As with most components, the NNLS Samba server is configured with a text file. In this case, the file is the smb.conf file located in /etc/opt/novell/samba . This file is shown in Figure 8.40.

Figure 8.40. The smb.conf file

graphics/08fig40.jpg


If you're familiar with the non-NNLS version of Samba, you know that it is a very powerful product with many advanced configuration options. Entire books have been devoted to this product. For the purposes of the CLE, however, you only need to know how to perform a basic configuration. In essence, you just need to get it up and running.

In accordance, we're going to implement a basic configuration in this book. Table 8.1 references the required elements in the smb.conf file that you should become familiar with.

Table 8.1. smb.conf Directives

DIRECTIVE

DESCRIPTION

SAMPLE VALUES

ldap admin dn =

This directive specifies the eDirectory user who Samba should use to authenticate through the LDAP service on your server.

This eDirectory user's password is stored in the secrets.tdb file located in the /etc/opt/novell/samba/ directory.

If you change this user's eDirectory password, you must use the smbpasswd utility, mentioned earlier, to update the secrets . tdb file with the new password.

cn=admin,ou=IF,o=CLE

ldap ssl =

Specifies whether to encrypt communications with the LDAP server.

on (Default) off

ldap port =

Specifies the port number used by the LDAP server

389 636 (Default)

ldap server =

Specifies the IP address or DNS name of the LDAP server to be used by Samba.

192.168.1.36 CLE1.CLE.com

security =

This parameter specifies the security level employed by Samba.

share user (Default)

encrypt passwords =

Identifies whether passwords coming from Windows client workstations will be arriving in encrypted form.

yes (Default)

Workgroup

Sets the name of the workgroup this server will participate in.

workgroup (Default)

netbios name =

Specifies the name of the eDirectory server (using LDAP syntax) that will be used for authentication.

cn=CLE1,ou=IF,ou=CLE

comment =

This directive sets the name of the Samba server displayed in My Network Places on Windows workstations.

Home Directories (Default)

browseable =

Specifies whether users' home directories are displayed in My Network Places on Windows workstations.

yes no (Default)

writable =

This directive controls whether users can create or edit files within the share.

yes (Default) no

[Share Name]

Defines a new share point in the Linux server's file system.

[Temp] path = /tmp read only = no

This set of directives creates a read/write share on the /tmp directory.


Once your smb.conf file has been edited, you can start the Samba service on your server.

Starting the Samba Service

The Samba service is started using the novell-smb init script located in /etc/init.d/ (or /etc/rc.d/init.d/ on a Red Hat server). By default, the NNLS installation script configures the Samba server to automatically start at runlevels 3, 4, and 5. Therefore, after editing your smb.conf file, you will actually need to stop the Samba server and then restart it.

After doing so, you can open My Network Places (Windows 2000 and XP) or Network Neighborhood (Windows 9x and Me) and browse to your Samba server. Within the server, you should see all the shares you configured in your smb.conf file and be able to map network drives to them. Your workstation thinks it's accessing shared directories on a Windows server. Little does it know that it's actually talking to a Linux server!

Let's practice implementing the Samba component of NNLS.

 <  Day Day Up  >  


Novell Certified Linux Engineer (CLE) Study Guide
Novell Certified Linux Engineer (Novell CLE) Study Guide (Novell Press)
ISBN: 0789732033
EAN: 2147483647
Year: 2004
Pages: 128
Authors: Robb H. Tracy

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net