samba advanced system administration course james lwali university computing centre ltd, university...
TRANSCRIPT
![Page 1: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/1.jpg)
Samba
Advanced System Administration Course
James LwaliUniversity computing Centre Ltd,University of Dar es salaam,E-mail: [email protected]: www.ucc.co.tz
![Page 2: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/2.jpg)
Samba
Samba is a suite of utilities that allows your Linux box to share files and other resources, such as printers, with Windows boxes.
Either configuration will allow everyone at home to have: their own logins on all the home windows boxes while
having their files on the Linux box appear to be located on a new Windows drive
shared access to printers on the Linux box shared files accessible only to members of their Linux user
group. A PDC stores the login information in a central database on its
hard drive. This allows each user to have a universal username and password when logging in from all PCs on the network.
In a Windows Workgroup, each PC stores the usernames and passwords locally so that they are unique for each PC.
![Page 3: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/3.jpg)
Download and Install Packages Most RedHat and Fedora Linux software
products are available in the RPM format. Samba is comprised of a suite of RPMs that come on the Fedora CDs. The files are named:
samba samba-common samba-client samba-swat
![Page 4: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/4.jpg)
How to Get Samba Started
You can configure Samba to start at boot time using the chkconfig command:
[root@test tmp]# chkconfig smb on You can start/stop/restart Samba after boot
time using the smb initialization script as in the examples below: [root@test tmp]# service smb start [root@test tmp]# service smb stop
[root@test tmp]# service smb restart
![Page 5: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/5.jpg)
The Samba Configuration File The /etc/samba/smb.conf file is the main configuration file
you'll need to edit. It is split into five major sections, [global] - General Samba configuration parameters [printers] - Used for configuring printers [homes] - Defines treatment of user logins [netlogon] - A share for storing logon scripts.
(Not created by default.) [profile] - A share for storing domain logon information such as
"favorites" and desktop icons.(Not created by default.)
You can edit this file by hand, or more simply through Samba's SWAT web interface.
NOTE: Make sure you copy the original configuration file before editing it!
![Page 6: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/6.jpg)
The [Global] Section
The [global] section governs the general Samba settings.
domain logons Yes Tells Samba to become the PDC
preferred master Yes Makes the PDC act as the central store for the names of all windows clients, servers and printers on the network. Very helpful when you need to "browse" your local network for resources. Also known as a local master browser.
domain master Yes Tells Samba to become the master browser across multiple networks all over the domain. The local master browsers register themselves with the domain master
to learn about resources on other networks. os level Yes Sets the priority the Samba server should use when negotiating to become the
PDC with other Windows servers. A value of 65 will usually make the Samba
server win. wins support Yes Allows the Samba server to provide name services for the network. In other
words keeps track of the IP addresses of all the domain's servers and clients.
![Page 7: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/7.jpg)
Cont..
time server Yes Lets the samba server provide time updates for the domain's clients.
workgroup "homenet" The name of the Windows domain we'll create. The name you select is your choice. I've decided to use "homenet".
security user Make domain logins query the Samba password database located on the samba server itself.
[global]
workgroup = TEST
time server = Yes
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
![Page 8: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/8.jpg)
The [homes] Section
The [homes] section governs how Samba handles default login directories.
browseable No Doesn't allow others to browse the contents of the directory
read only No Allows the samba user to also write to their Samba Linux directory
create mask 0664 Makes new files created by the user to have "644" permissions. You want to change this to "0600" so that only the login user has access to files.
directory mask 0775 Makes new sub-directories created by the user to have "775" permissions. You want to change this to "0700" so that only the login user has access to directories.
[homes]
read only = No
browseable = No
create mask = 0644
directory mask = 0755
![Page 9: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/9.jpg)
The [netlogon] and [profiles] Share Sections
The [netlogon] share section contains scripts that the windows clients may use when they log into the domain.
The [profiles] share section stores things such as favorites and desktop icons.
Your smb.conf file should look like this when you're finished:
[netlogon] path = /home/samba/netlogon guest ok = Yes
[profiles] path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700
![Page 10: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/10.jpg)
Cont…
Remember to create these share directories from the command line afterwards.
[root@test tmp]# mkdir -p /home/samba/netlogon
[root@test tmp]# mkdir -p /home/samba/profile
[root@test tmp]# chmod -R 0755 /home/samba
![Page 11: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/11.jpg)
The [printers] Share Section
Samba has special shares just for printers, and these are configured in the [printers] section.
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
![Page 12: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/12.jpg)
How To Create A Samba PDC Administrator User By default, the root user is the Samba administrator,
Fortunately, you can add workstations to the Windows domain by creating a Samba specific root password. This is done using the smbpasswd command.
[root@test tmp]# /usr/bin/smbpasswd -a root password
Note: Samba domain logins use the smbpasswd password. Samba passwords are stored in
the /etc/samba/smbpasswd file.
![Page 13: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/13.jpg)
Adding The Users In Linux
To create the user, use the command: [root@test tmp]# useradd -g 100 peter
Giving them a Linux password is only necessary if the user needs to log into the Samba server directly. If the user does, use this method:
[root@test tmp]# passwd peterChanging password for user peter.New password:Retype new password:passwd: all authentication tokens updated successfully.[root@test tmp]#
![Page 14: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/14.jpg)
Creating Group Shares in SAMBA1. Create a new Linux group managers:
[root@test tmp]# /usr/sbin/groupadd managers
2. Create a new directory for the group's files. If one user is designated as the leader, you might want to change the chown statement to make them owner [root@test tmp]# mkdir /home/managers-files
[root@test tmp]# chgrp parents /home/managers-files
[root@test tmp]# chmod 0770 /home/managers-files
![Page 15: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/15.jpg)
Cont…
3. Add the group members to the new group. For instance, the command to add a user named jimmy to the group is:
[root@test tmp]# /usr/sbin/usermod -G managers jimmy
All your members are in the group; now they need to share.
![Page 16: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/16.jpg)
Mapping The Linux Users To An smbpassword Next, you need to create Samba domain login passwords for the
user [root@test tmp]# /usr/bin/smbpasswd -a username password
The -a switch adds the user to the /etc/smbpasswd file. Use a generic password then have users change it immediately from their workstations in the usual way.
Remember the smbpasswd sets the Windows Domain login
password for a user, which is different from the Linux login password to log into the Samba box.
![Page 17: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/17.jpg)
How To Delete Users From Your Samba Domain Deleting users from your Samba domain is a two stage process
in which you have to remove the user from the Linux server and also remove the user's corresponding smbpasswd entry. Here's how:
1. Delete the users using the smbpasswd with the -x switch [root@test tmp]# smbpasswd -x johnDeleted user john.[root@test root]#
2. Delete The Linux User by following the normal deletion process. For example, to delete the user john and all john's files from the Linux server use:
[root@test tmp]# userdel -r john
![Page 18: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/18.jpg)
Cont…
Sometimes you may not want to delete the user's files so that they can be accessed by other users at some other time. In this case you can just
deactivate the user's account using the passwd -l username command.
![Page 19: Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tzjamesjm@udsm.ac.tz](https://reader035.vdocument.in/reader035/viewer/2022080223/56649e935503460f94b98e08/html5/thumbnails/19.jpg)
EnD