Chapter 32. Samba

Previous page
Table of content
Next page
CONTENTS
  •  Samba Overview
  •  Additional Samba Topics

Samba Overview

Samba is an application that allows a UNIX host to act as a file server for Windows systems. The Windows systems can access UNIX filesystems and printers using their native Windows networking.

Our goal in this chapter is to give an overview of the setup of Samba and demonstrate a subset of its functionality. We'll focus on the file server functionality only. We'll set up shares on the remote UNIX system that will appear as drive letters and icons on a Windows system. Because Samba comes with the Red Hat Linux software used throughout the book we'll set up and run Samba on a Linux system. Samba is available for most UNIX variants.

Samba provides this file-sharing functionality using Server Message Block (SMB) protocol. SMB runs on top of TCP/IP. In our example in this chapter, both the Windows system and the UNIX system are running TCP/IP and SMB. These provide all of the technology that is required to establish file sharing between the two systems.

Chapter 16 covered Network File System (NFS) running on a Windows system and accessing files on a UNIX system. This functionality is similar to that which we'll cover with Samba in this chapter. In addition to the file-sharing capability, Samba also provides printer sharing and addtional user access control capability. We won't focus on these capabilities in this chapter, however, Samba does indeed provide some advanced functionality in these areas.

At the time of this writing, Samba contains the functionality just mentioned file-sharing, printer sharing, and advanced user access control of files. There are many advancements taking place with Samba and other software provided under GNU Public License (GPL) as free software. Because the software is free, many individuals have access to it and spend time enhancing the software. For this reason you may find that additional functionality is included in Samba and other such software. There are many enhancements planned for Samba including an administration tool and other advancements that were not available at the time this chapter was written. There is more information about obtaining Samba and other free software at the end of this chapter.

Setup

Because Samba is supplied on the Red Hat Linux CD-ROM, we'll walk through a simple Samba setup using Red Hat Linux. When installing Red Hat Linux, you can select the software packages you wish to load, as you can on most all UNIX variants. If you did not load Samba at the time you originally loaded the operating system, you can use the Gnome RPM tool or rpm from the command line to load Samba or any other software. These tools were briefly discussed in the System Administration chapter.

Using linuxconf, we'll perform some simple tasks to set up Samba. Figure 32-1 shows the linuxconf window Disk Shares under Samba file server with three disk shares, we'll be using in this example.

Figure 32-1. Share Information in Linuxconf

graphics/32fig01.gif

There are three share names on our Linux system that we will make available to other systems running SMB. Figure 32-2 shows more detailed information about the middle share called home.

Figure 32-2. /home Share Information in Linuxconf

graphics/32fig02.gif

This share is for the /home directory on linux1. Note the four selections related to permissions in the figure. We have granted Public access, Writable, andBrowsable rights on this share. We have not restricted it to Guest only access. On this share, wehave been unrestrictive with respect to the rights granted it. You'll want to consider these rights carefully on your system as you go about assigning these rights. Keep in mind that we're not using any user authentication in our examples, in order to keep them simple. In practice, however, you'll want to make sure that you assign appropriate rights to the shares.

With three shares having been assigned, we'll use Linuxconf to start smb. We do so by enabling smb in Control service activity, as shown in Figure 32-3.

Figure 32-3. Start smb in Control service activity in Linuxconf

graphics/32fig03.gif

smb has been enabled so that the service will start when the system boots.

Before we begin using SMB, let's perform a couple of quick checks on the work we have performed with Linuxconf. We could have accomplished manually everything we have done with Linuxconf.

The first check is to view the file /etc/smb.conf. This is the file that contains all our SMB configuration information. For now, let's go right to the "Share Definitions" section to confirm that the three shares we configured in Linuxconf have proper entries in /etc/smb.conf:

#=============== Share Definitions =========================  [homes]     comment = Home Directories     browseable = no     writable = yes  # Un-comment the following and create the netlogon directory for  Domain Logons  ; [netlogon]  ;   comment = Network Logon Service  ;   path = /home/netlogon  ;   guest ok = yes  ;   writable = no  ;   share modes = no  # Un-comment the following to provide a specific roving profile  share  # the default is to use the user's home directory  ;[Profiles]  ;    path = /home/profiles  ;    browseable = no  ;    guest ok = yes  # NOTE: If you have a BSD-style print system there is no need to  # specifically define each individual printer  [printers]      comment = All Printers      path = /var/spool/samba      browseable = no  # Set public = yes to allow user 'guest account' to print      guest ok = no      writable = no      printable = yes  [root]      comment = root dir on linux1      available = yes      path =/      public = yes      guest only = no      writable = yes      browseable = yes      only user = no  [home]      comment = home on linux1      available = yes      path = /home      public = yes      guest only = no      writable = yes      browseable = yes      only user = no  [/home/martyp]      comment = /home/martyp on linux1      available = yes      path = /home/martyp      public = yes      guest only = no      writable = yes      browseable = yes      only user = no

There are indeed entries in /etc/smb.conf for the three shares we configured in Linuxconf with the permissions we set up. These are shown near the end of the listing. Next, we'll run a Samba utilitiy called testparm. This utility will check our /etc/smb.conf file for errors. This utility produces a very long output which I won't include here, but you'll want to run this and check for any warnings or errors it produces.

For our /etc/smb.conf file testparm produced only one warning that appeared at the very beginning of the file, which is shown in the following listing:

# testparm smb.conf  Load smb config files from /etc/smb.conf  Processing section "[homes]"  Processing section "[printers]"  Processing section "[root]"  Processing section "[home]"  Processing section "[/home/martyp]"  Loaded services file OK.  WARNING: You have some share names that are longer than 8 chars  These may give errors while browsing or may not be accessible  to some older clients  Press enter to see a dump of your service definitions

testparm produced the warning for a long share name and also included a list of our three shares, which seemed to be in order. We won't address the long share name warning because the Windows system used in the example can handle the long name. If, however, we were on a DOS system, there would be a problem with this name. We'll see shortly how these potential name icompatibilities are addressed by Linux.

graphics/09icon01.gif

The next check we want to perform is to see that the daemon for Samba called smbd is indeed running, as shown in the following listing:

# ps -efl | grep smbd  140 S root     490     1  0 60 0   - 553 do_sel Sep28 ?        00:00:00 [smbd]  140 S root    1493   490  0 60 0   - 896 do_sel Sep29 ?       00:00:00 smbd -D  000 S root    1976  1951 0 70 0   - 288 pipe_r 09:09 pts/1  00:00:00 grep smbd

This ps output shows that smbd is running. Next, let's check to make sure that the netbios-ssn service is running in the "LISTEN" state, as shown in the following example:

# netstat -a | grep netbios  tcp      0     0 linux1:netbios-ssn    f4457mfp2:1047 ESTABLISHED  tcp      0     0 *:netbios-ssn         *:*            LISTEN  udp      0     0 linux1:netbios-dgm    *:*  udp      0     0 linux1:netbios-ns     *:*  udp      0     0 *:netbios-dgm         *:*  udp      0     0 *:netbios-ns          *:*

graphics/12icon02.gif

graphics/05icon13.gif

The output of this listing shows that netbios is running. There is an "ESTABLISHED" connection shown which you won't see until you have created a connection to your Samba server. I had already established this connection as I prepared the examples in this chapter.

We can also use the Samba client to access files on the Windows system from our Linux system. Although we won't cover this capability, mostly because the Linux system will normally act as a file server and not the other way around, there is a utility called smbclient that provides a lot of useful information. Let's now get the overall status of the Samba setup with the smbclient utility, as shown in the following listing:

# smbclient -L linux1  Added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0  Domain=[MYGROUP] OS=[Unix] Server=[Samba 2.0.3]                    Sharename     Type     Comment                    ---------     ----     -------                   root          Disk     root dir on linux1                    home          Disk     home on linux1                    /home/martyp  Disk     /home/martyp on linux1                    IPC$ IPC      IPC      Service (Samba Server)                    lp            Printer                    Server              Comment                    ---------           -------                   LINUX1               amba Server                    Workgroup           Master                    ---------           -------                   ATLANTA2            F4457MFP2                    MYGROUP              INUX1

This utility produces a useful summary of the Samba setup, including the three shares we set up, the Samba server for our example, and other useful information.

We could continue to test Samba on the server, but the listings we viewed give every indication that Samba is running. Let's now move to the Windows client and use explorer to access the shares we made available onourSamba server.

Using Shares

Using explorer, we'll now map a network drive. We'll map /root on the Samba server linux1 to drive E: on the Windows system, as shown in Figure 32-4.

Figure 32-4. Map Drive E: to /root

graphics/32fig04.gif

We could have mapped this network drive at the command line on the PC using net use E:\\192.168.1.1\root. After having successfully mapped E: to / on linux1 using explorer, we can access this directory on our Windows system.

In Figure 32-5, we have changed to the /etc directory on linux1 and have selected the smb.conf file. You can see from this example that / on linux1 is fully accessible on the Windows system. We have access to all three shares on linux1, as the following listing shows on the Windows system:

Figure 32-5. View E:\etc on Windows System

graphics/32fig05.gif

c: net view \\192.168.1.1  Shared resources at \\192.168.1.1  Samba Server  Share name   Type         Used as Comment  -------------------------------------------------------------- /home/martyp   Disk       G:     /home/martyp on linux1  home           Disk        F:     home on linux1  lp             Print  root            Disk        E:      root dir on linux1  The command completed successfully.

This listing shows that all three of the linux1 shares are now available on the Windows system. We have not configured any printer sharing, which is also included as part of Samba functionality, so there is no reference to any printers.

Additional Samba Topics

Samba Web Configuration Tool (SWAT)

SWAT is a Web-based administration tool for Samba. It is easy to configure and provides a simple interface for most Samba configuration tasks. On our Red Hat Linux system, the following steps had to be performed to get SWAT running. If you have a different UNIX variant, then your steps will be different.

Confirm that the following line exists in /etc/services:

swat          901/tcp

Next, uncomment the following line in /etc/inetd.conf. This line was already in the file as part of the Linux operating system load:

swat stream tcp nowait.400 root /usr/sbin/swat swat

Kill the inetd process by first finding its Process ID (PID) and then issuing the kill command of that PID:

graphics/09icon01.gif

graphics/32icon01.gif

graphics/09icon03.gif

# ps -ef | grep inetd  # kill -1 PID of inetd

Now we can run SWAT from a browser interface, in this case Netscape, by specifying the IP address of the Samba server and the port number 901:

# netscape http://192.168.1.1:901

The browser requests a user name and password when SWAT is invoked to ensure that only users with sufficient rights can make modifications to the Samba configuration in SWAT.

Figure 32-6 shows the SWAT interface. It includes links for HOME, GLOBALS, SHARES, PRINTERS, STATUS, VIEW, and PASSWORD.

Figure 32-6. SWAT with SHARES Selected

graphics/32fig06.gif

The three shares we had earlier conifgured are available in SWAT by selecting SHARES from Figure 32-6. SWAT is a good interface for Samba configuration, but there is no substitute for knowing some of the manual processes we experienced earlier in the chapter.

For changes to take effect that are made with SWAT, we had to restart smbd with the following command:

# /etc/rc.d/init.d/smb restart

There is great documentation on our Linux system describing SWAT and all of its capabilities. Figure 32-7 shows the HOME page for SWAT with documentation on many of the topics we have covered in this chapter.

Figure 32-7. SWAT HOME Showing Documentation Available

graphics/32fig07.gif

There is also extensive online documentation for all Samba-related software at www.samba.org.

Log Files

Like most UNIX applications, Samba provides extensive logging. The smb.conf file contains a section that allows you to specify the level of Samba logging you wish to take place. The short section below shows that you can have separate log files for each Windows machine that connects, and you can specify the maximum size of the log file:

# this tells Samba to use a separate log file for each machine  # that connects      log file = /var/log/samba/log.%m  # Put a capping on the size of the log files (in Kb).      max log size = 50

The directory /var/log/samba contains a variety of Samba log files, including the log file for the Windows system used in our examples in this chapter called f4457mfp2, as shown in the following listing:

graphics/02icon02.gif

# ls -l /var/log/samba  total 14  -rw-r--r--   1 root    root       1915 Sep 30 09:29 log.f4457mfp2  -rw-r--r--   1 root    root       213 Sep 29 10:14 log.linux1  -rw-r--r--   1 root    root         0 Sep 29 04:02 log.nmb  -rw-r--r--   1 root    root      8234 Sep 28 12:25 log.nmb.1  -rw-r--r--   1 root    root      3215 Sep 28 12:19 log.smb  -rw-r--r--   1 root    root         0 Oct 1 11:17 smbconf3.txt

File Name Mangling

Among the many Windows and UNIX incompatibilities that exist are file names. Depending on the version of Windows you are using there may be extensive file name incompatibilities with UNIX. Figure 32-8 is an explorer window with the file gnome_private selected, which is on the Linux server. On our Windows NT system, this file name looks fine. However, also in this figure is a Properties window showing that the DOS name for this file would change dramatically if we were on a DOS system.

Figure 32-8. .gnome_private in Explorer (top) and Mangled Name (bottom)

graphics/32fig08.gif

In the case of my Windows system there is no problem handling the file name.gnome_privagte as it appears on the Linux system. In the case of a DOS system, there would be extensive "mangling" of the file name that would have to take place. DOS uses only 8.3 file names, or those with eight characters and a three character extension.

Samba mangles files that start with a dot, such as the one in this example, by removing the leading dot, printing the first five characters and then a tilde, and then applying a hash algorithm to the original filename to come up with the last two characters. This results in a total of eight characters for the filename. All the characters are uppercase.

If the file does not begin with a dot, then the file name will be generated in the same way as described in the previous paragraph. The extension consists of the first three characters to the right of the dot converted to uppercase. This results in a total of eight characters for the filename and three for the extension.

In our example, the filename.gnome_private would be given a DOS name of GNOME~CZ. You have some control over mangling in the smb.conf file.

User Issues

I have avoided making a serious user-related configuration in this chapter, in the interest of keeping the examples simple. You will probably not have this luxury unless you are in an environment where you are the only user on both the Windows and UNIX systems.

Users and groups have always been an important part of every UNIX system. Users and groups were not as important in the Windows world until more recently. This change results in some Windows environments in which there is not a complete user and group policy in place which could be used by Samba.

Samba takes into account an environment in which you have set up Windows users and groups and one in which you may not have worked out all the issues related to Windows users and groups. User-level authentication in Samba is set up in such a way that a client can use a given service if they supply the correct user name and password. Share-level authentication takes place by granting access based on the rights of the "guest account" on the UNIX system. This is true unless a client used a user name and password in this or a previous session. Needless to say, there is a lot to consider with user authentication.

The smb.conf file has an entry in which you can specify the security as "user" or "share," as shown in the following lines:

security = user  security = share

Most systems employ user-level security. When this is done, users are checked against their names in the passwd file and access is granted accordingly.

There are many additional issues related to user authentication that you'll want to investigate if you set up Samba. The documentation supplied with Samba as part of Red Hat Linux is excellent, and the background information on the Web sites listed later in this chapter is informative as well.

Samba Utilities and Programs

We have used several Samba utilities and programs in this chapter. The following list gives a description of the most often used Samba-related commands. There are manual pages for all these that are part of most Samba installations.

  • smbd - This is the daemon that provides file and print services to SMB clients, such as the Windows system used in our examples throughout this chapter.

  • nmbd - This is the daemon that provides NetBIOS name server capability and browsing.

  • smbclient - A program that gives the server access to remotely mounted SMB shares on other servers.

  • testparm - A test program for /etc/smb.conf.

  • smbstatus - Program that displays status information about current Samba connections.

  • smbpasswd - Program used to change a user's SMB password on the local machine.

  • smbrun - Program that runs shell commands for smbd.

  • smbtar - Program to back up SMB shares directly to a UNIX tape drive.

  • smbmount - Used to mount an SMB file system.

  • smbumount - Used to unmount an SMB file system.

The online manual pages for these and other Samba-related commands provide more detail. Even in a simple setup such as the one performed in this chapter, you will want to run some of these programs.

Obtaining Samba

In the examples used throughout this chapter, we set up Samba on a Linux system that had Samba installed on it as part of the Red Hat Linux CD-ROM. If Samba does not come on the CD-ROM provided with your UNIX variant or if you wish to be sure that you're loading the very latest Samba, then you can obtain Samba from the Web.

www.samba.org is the place to start. From this Web site you can select a "download site" in your country. You can also select "Web sites" on www.samba.org that provide a wealth of information on Samba, including the GNU General Public License mentioned earlier in the chapter.

There is extensive documentation on Samba-related Web sites, including detailed descriptions of the programs that I listed earlier and used in this chapter.

If you decide to download Samba, you'll probably be given an option of loading a precompiled Samba on your system or building and compiling Samba yourself. The choice you make depends on a lot of factors. If you have a good, reliable Samba distribution, as we did in this chapter when working with Red Hat Linux, then working with a precompiled Samba may be best. If you're interested in learning more about how Samba works and is configured, and want the very latest and greatest version, then download the source and compile it yourself.

Even if you have a great prepackaged Samba, as we did in this chapter, it is still worth visiting the Samba-related Web sites to view the extensive documentation available.

CONTENTS

Previous page
Table of content
Next page
UNIX User's Handbook
UNIX Users Handbook (2nd Edition)
ISBN: 0130654191
EAN: 2147483647
Year: 2001
Pages: 34
Authors: Marty Poniatowski, Martin Poniatowski
BUY ON AMAZON
The CISSP and CAP Prep Guide: Platinum Edition
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Information Dashboard Design: The Effective Visual Communication of Data
Professional Struts Applications: Building Web Sites with Struts ObjectRelational Bridge, Lucene, and Velocity (Experts Voice)
Programming .Net Windows Applications
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy