CONTENTS |
Samba is an application that allows a UNIX host to act as a file server for Windows systems. The Windows systems can access UNIX filesystems and printers using their native Windows networking.
Our goal in this chapter is to give an overview of the setup of Samba and demonstrate a subset of its functionality. We'll focus on the file server functionality only. We'll set up shares on the remote UNIX system that will appear as drive letters and icons on a Windows system. Because Samba comes with the Red Hat Linux software used throughout the book we'll set up and run Samba on a Linux system. Samba is available for most UNIX variants.
Samba provides this file-sharing functionality using Server Message Block (SMB) protocol. SMB runs on top of TCP/IP. In our example in this chapter, both the Windows system and the UNIX system are running TCP/IP and SMB. These provide all of the technology that is required to establish file sharing between the two systems.
Chapter 16 covered Network File System (NFS) running on a Windows system and accessing files on a UNIX system. This functionality is similar to that which we'll cover with Samba in this chapter. In addition to the file-sharing capability, Samba also provides printer sharing and addtional user access control capability. We won't focus on these capabilities in this chapter, however, Samba does indeed provide some advanced functionality in these areas.
At the time of this writing, Samba contains the functionality just mentioned file-sharing, printer sharing, and advanced user access control of files. There are many advancements taking place with Samba and other software provided under GNU Public License (GPL) as free software. Because the software is free, many individuals have access to it and spend time enhancing the software. For this reason you may find that additional functionality is included in Samba and other such software. There are many enhancements planned for Samba including an administration tool and other advancements that were not available at the time this chapter was written. There is more information about obtaining Samba and other free software at the end of this chapter.
Because Samba is supplied on the Red Hat Linux CD-ROM, we'll walk through a simple Samba setup using Red Hat Linux. When installing Red Hat Linux, you can select the software packages you wish to load, as you can on most all UNIX variants. If you did not load Samba at the time you originally loaded the operating system, you can use the Gnome RPM tool or rpm from the command line to load Samba or any other software. These tools were briefly discussed in the System Administration chapter.
Using linuxconf, we'll perform some simple tasks to set up Samba. Figure 32-1 shows the linuxconf window Disk Shares under Samba file server with three disk shares, we'll be using in this example.
There are three share names on our Linux system that we will make available to other systems running SMB. Figure 32-2 shows more detailed information about the middle share called home.
This share is for the /home directory on linux1. Note the four selections related to permissions in the figure. We have granted Public access, Writable, andBrowsable rights on this share. We have not restricted it to Guest only access. On this share, wehave been unrestrictive with respect to the rights granted it. You'll want to consider these rights carefully on your system as you go about assigning these rights. Keep in mind that we're not using any user authentication in our examples, in order to keep them simple. In practice, however, you'll want to make sure that you assign appropriate rights to the shares.
With three shares having been assigned, we'll use Linuxconf to start smb. We do so by enabling smb in Control service activity, as shown in Figure 32-3.
smb has been enabled so that the service will start when the system boots.
Before we begin using SMB, let's perform a couple of quick checks on the work we have performed with Linuxconf. We could have accomplished manually everything we have done with Linuxconf.
The first check is to view the file /etc/smb.conf. This is the file that contains all our SMB configuration information. For now, let's go right to the "Share Definitions" section to confirm that the three shares we configured in Linuxconf have proper entries in /etc/smb.conf:
#=============== Share Definitions ========================= [homes] comment = Home Directories browseable = no writable = yes # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /home/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes [root] comment = root dir on linux1 available = yes path =/ public = yes guest only = no writable = yes browseable = yes only user = no [home] comment = home on linux1 available = yes path = /home public = yes guest only = no writable = yes browseable = yes only user = no [/home/martyp] comment = /home/martyp on linux1 available = yes path = /home/martyp public = yes guest only = no writable = yes browseable = yes only user = no
There are indeed entries in /etc/smb.conf for the three shares we configured in Linuxconf with the permissions we set up. These are shown near the end of the listing. Next, we'll run a Samba utilitiy called testparm. This utility will check our /etc/smb.conf file for errors. This utility produces a very long output which I won't include here, but you'll want to run this and check for any warnings or errors it produces.
For our /etc/smb.conf file testparm produced only one warning that appeared at the very beginning of the file, which is shown in the following listing:
# testparm smb.conf Load smb config files from /etc/smb.conf Processing section "[homes]" Processing section "[printers]" Processing section "[root]" Processing section "[home]" Processing section "[/home/martyp]" Loaded services file OK. WARNING: You have some share names that are longer than 8 chars These may give errors while browsing or may not be accessible to some older clients Press enter to see a dump of your service definitions
testparm produced the warning for a long share name and also included a list of our three shares, which seemed to be in order. We won't address the long share name warning because the Windows system used in the example can handle the long name. If, however, we were on a DOS system, there would be a problem with this name. We'll see shortly how these potential name icompatibilities are addressed by Linux.
The next check we want to perform is to see that the daemon for Samba called smbd is indeed running, as shown in the following listing:
# ps -efl | grep smbd 140 S root 490 1 0 60 0 - 553 do_sel Sep28 ? 00:00:00 [smbd] 140 S root 1493 490 0 60 0 - 896 do_sel Sep29 ? 00:00:00 smbd -D 000 S root 1976 1951 0 70 0 - 288 pipe_r 09:09 pts/1 00:00:00 grep smbd
This ps output shows that smbd is running. Next, let's check to make sure that the netbios-ssn service is running in the "LISTEN" state, as shown in the following example:
# netstat -a | grep netbios tcp 0 0 linux1:netbios-ssn f4457mfp2:1047 ESTABLISHED tcp 0 0 *:netbios-ssn *:* LISTEN udp 0 0 linux1:netbios-dgm *:* udp 0 0 linux1:netbios-ns *:* udp 0 0 *:netbios-dgm *:* udp 0 0 *:netbios-ns *:*
The output of this listing shows that netbios is running. There is an "ESTABLISHED" connection shown which you won't see until you have created a connection to your Samba server. I had already established this connection as I prepared the examples in this chapter.
We can also use the Samba client to access files on the Windows system from our Linux system. Although we won't cover this capability, mostly because the Linux system will normally act as a file server and not the other way around, there is a utility called smbclient that provides a lot of useful information. Let's now get the overall status of the Samba setup with the smbclient utility, as shown in the following listing:
# smbclient -L linux1 Added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.0.3] Sharename Type Comment --------- ---- ------- root Disk root dir on linux1 home Disk home on linux1 /home/martyp Disk /home/martyp on linux1 IPC$ IPC IPC Service (Samba Server) lp Printer Server Comment --------- ------- LINUX1 amba Server Workgroup Master --------- ------- ATLANTA2 F4457MFP2 MYGROUP INUX1
This utility produces a useful summary of the Samba setup, including the three shares we set up, the Samba server for our example, and other useful information.
We could continue to test Samba on the server, but the listings we viewed give every indication that Samba is running. Let's now move to the Windows client and use explorer to access the shares we made available onourSamba server.
Using explorer, we'll now map a network drive. We'll map /root on the Samba server linux1 to drive E: on the Windows system, as shown in Figure 32-4.
We could have mapped this network drive at the command line on the PC using net use E:\\192.168.1.1\root. After having successfully mapped E: to / on linux1 using explorer, we can access this directory on our Windows system.
In Figure 32-5, we have changed to the /etc directory on linux1 and have selected the smb.conf file. You can see from this example that / on linux1 is fully accessible on the Windows system. We have access to all three shares on linux1, as the following listing shows on the Windows system:
c: net view \\192.168.1.1 Shared resources at \\192.168.1.1 Samba Server Share name Type Used as Comment -------------------------------------------------------------- /home/martyp Disk G: /home/martyp on linux1 home Disk F: home on linux1 lp Print root Disk E: root dir on linux1 The command completed successfully.
This listing shows that all three of the linux1 shares are now available on the Windows system. We have not configured any printer sharing, which is also included as part of Samba functionality, so there is no reference to any printers.
SWAT is a Web-based administration tool for Samba. It is easy to configure and provides a simple interface for most Samba configuration tasks. On our Red Hat Linux system, the following steps had to be performed to get SWAT running. If you have a different UNIX variant, then your steps will be different.
Confirm that the following line exists in /etc/services:
swat 901/tcp
Next, uncomment the following line in /etc/inetd.conf. This line was already in the file as part of the Linux operating system load:
swat stream tcp nowait.400 root /usr/sbin/swat swat
Kill the inetd process by first finding its Process ID (PID) and then issuing the kill command of that PID:
# ps -ef | grep inetd # kill -1 PID of inetd
Now we can run SWAT from a browser interface, in this case Netscape, by specifying the IP address of the Samba server and the port number 901:
# netscape http://192.168.1.1:901
The browser requests a user name and password when SWAT is invoked to ensure that only users with sufficient rights can make modifications to the Samba configuration in SWAT.
Figure 32-6 shows the SWAT interface. It includes links for HOME, GLOBALS, SHARES, PRINTERS, STATUS, VIEW, and PASSWORD.
The three shares we had earlier conifgured are available in SWAT by selecting SHARES from Figure 32-6. SWAT is a good interface for Samba configuration, but there is no substitute for knowing some of the manual processes we experienced earlier in the chapter.
For changes to take effect that are made with SWAT, we had to restart smbd with the following command:
# /etc/rc.d/init.d/smb restart
There is great documentation on our Linux system describing SWAT and all of its capabilities. Figure 32-7 shows the HOME page for SWAT with documentation on many of the topics we have covered in this chapter.
There is also extensive online documentation for all Samba-related software at www.samba.org.
Like most UNIX applications, Samba provides extensive logging. The smb.conf file contains a section that allows you to specify the level of Samba logging you wish to take place. The short section below shows that you can have separate log files for each Windows machine that connects, and you can specify the maximum size of the log file:
# this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50
The directory /var/log/samba contains a variety of Samba log files, including the log file for the Windows system used in our examples in this chapter called f4457mfp2, as shown in the following listing:
# ls -l /var/log/samba total 14 -rw-r--r-- 1 root root 1915 Sep 30 09:29 log.f4457mfp2 -rw-r--r-- 1 root root 213 Sep 29 10:14 log.linux1 -rw-r--r-- 1 root root 0 Sep 29 04:02 log.nmb -rw-r--r-- 1 root root 8234 Sep 28 12:25 log.nmb.1 -rw-r--r-- 1 root root 3215 Sep 28 12:19 log.smb -rw-r--r-- 1 root root 0 Oct 1 11:17 smbconf3.txt
Among the many Windows and UNIX incompatibilities that exist are file names. Depending on the version of Windows you are using there may be extensive file name incompatibilities with UNIX. Figure 32-8 is an explorer window with the file gnome_private selected, which is on the Linux server. On our Windows NT system, this file name looks fine. However, also in this figure is a Properties window showing that the DOS name for this file would change dramatically if we were on a DOS system.
In the case of my Windows system there is no problem handling the file name.gnome_privagte as it appears on the Linux system. In the case of a DOS system, there would be extensive "mangling" of the file name that would have to take place. DOS uses only 8.3 file names, or those with eight characters and a three character extension.
Samba mangles files that start with a dot, such as the one in this example, by removing the leading dot, printing the first five characters and then a tilde, and then applying a hash algorithm to the original filename to come up with the last two characters. This results in a total of eight characters for the filename. All the characters are uppercase.
If the file does not begin with a dot, then the file name will be generated in the same way as described in the previous paragraph. The extension consists of the first three characters to the right of the dot converted to uppercase. This results in a total of eight characters for the filename and three for the extension.
In our example, the filename.gnome_private would be given a DOS name of GNOME~CZ. You have some control over mangling in the smb.conf file.
I have avoided making a serious user-related configuration in this chapter, in the interest of keeping the examples simple. You will probably not have this luxury unless you are in an environment where you are the only user on both the Windows and UNIX systems.
Users and groups have always been an important part of every UNIX system. Users and groups were not as important in the Windows world until more recently. This change results in some Windows environments in which there is not a complete user and group policy in place which could be used by Samba.
Samba takes into account an environment in which you have set up Windows users and groups and one in which you may not have worked out all the issues related to Windows users and groups. User-level authentication in Samba is set up in such a way that a client can use a given service if they supply the correct user name and password. Share-level authentication takes place by granting access based on the rights of the "guest account" on the UNIX system. This is true unless a client used a user name and password in this or a previous session. Needless to say, there is a lot to consider with user authentication.
The smb.conf file has an entry in which you can specify the security as "user" or "share," as shown in the following lines:
security = user security = share
Most systems employ user-level security. When this is done, users are checked against their names in the passwd file and access is granted accordingly.
There are many additional issues related to user authentication that you'll want to investigate if you set up Samba. The documentation supplied with Samba as part of Red Hat Linux is excellent, and the background information on the Web sites listed later in this chapter is informative as well.
We have used several Samba utilities and programs in this chapter. The following list gives a description of the most often used Samba-related commands. There are manual pages for all these that are part of most Samba installations.
smbd - This is the daemon that provides file and print services to SMB clients, such as the Windows system used in our examples throughout this chapter.
nmbd - This is the daemon that provides NetBIOS name server capability and browsing.
smbclient - A program that gives the server access to remotely mounted SMB shares on other servers.
testparm - A test program for /etc/smb.conf.
smbstatus - Program that displays status information about current Samba connections.
smbpasswd - Program used to change a user's SMB password on the local machine.
smbrun - Program that runs shell commands for smbd.
smbtar - Program to back up SMB shares directly to a UNIX tape drive.
smbmount - Used to mount an SMB file system.
smbumount - Used to unmount an SMB file system.
The online manual pages for these and other Samba-related commands provide more detail. Even in a simple setup such as the one performed in this chapter, you will want to run some of these programs.
In the examples used throughout this chapter, we set up Samba on a Linux system that had Samba installed on it as part of the Red Hat Linux CD-ROM. If Samba does not come on the CD-ROM provided with your UNIX variant or if you wish to be sure that you're loading the very latest Samba, then you can obtain Samba from the Web.
www.samba.org is the place to start. From this Web site you can select a "download site" in your country. You can also select "Web sites" on www.samba.org that provide a wealth of information on Samba, including the GNU General Public License mentioned earlier in the chapter.
There is extensive documentation on Samba-related Web sites, including detailed descriptions of the programs that I listed earlier and used in this chapter.
If you decide to download Samba, you'll probably be given an option of loading a precompiled Samba on your system or building and compiling Samba yourself. The choice you make depends on a lot of factors. If you have a good, reliable Samba distribution, as we did in this chapter when working with Red Hat Linux, then working with a precompiled Samba may be best. If you're interested in learning more about how Samba works and is configured, and want the very latest and greatest version, then download the source and compile it yourself.
Even if you have a great prepackaged Samba, as we did in this chapter, it is still worth visiting the Samba-related Web sites to view the extensive documentation available.
CONTENTS |