Samba

Advanced System Administration Course

James LwaliUniversity computing Centre Ltd,University of Dar es salaam,E-mail: jamesjm@udsm.ac.tzWebsite: www.ucc.co.tz

Samba

Samba is a suite of utilities that allows your Linux box to share files and other resources, such as printers, with Windows boxes.

Either configuration will allow everyone at home to have: their own logins on all the home windows boxes while

having their files on the Linux box appear to be located on a new Windows drive

shared access to printers on the Linux box shared files accessible only to members of their Linux user

group. A PDC stores the login information in a central database on its

hard drive. This allows each user to have a universal username and password when logging in from all PCs on the network.

In a Windows Workgroup, each PC stores the usernames and passwords locally so that they are unique for each PC.

Download and Install Packages Most RedHat and Fedora Linux software

products are available in the RPM format. Samba is comprised of a suite of RPMs that come on the Fedora CDs. The files are named:

samba samba-common samba-client samba-swat

How to Get Samba Started

You can configure Samba to start at boot time using the chkconfig command:

[root@test tmp]# chkconfig smb on You can start/stop/restart Samba after boot

time using the smb initialization script as in the examples below: [root@test tmp]# service smb start [root@test tmp]# service smb stop

[root@test tmp]# service smb restart

The Samba Configuration File The /etc/samba/smb.conf file is the main configuration file

you'll need to edit. It is split into five major sections, [global] - General Samba configuration parameters [printers] - Used for configuring printers [homes] - Defines treatment of user logins [netlogon] - A share for storing logon scripts.

(Not created by default.) [profile] - A share for storing domain logon information such as

"favorites" and desktop icons.(Not created by default.)

You can edit this file by hand, or more simply through Samba's SWAT web interface.

NOTE: Make sure you copy the original configuration file before editing it!

The [Global] Section

The [global] section governs the general Samba settings.

domain logons Yes Tells Samba to become the PDC

preferred master Yes Makes the PDC act as the central store for the names of all windows clients, servers and printers on the network. Very helpful when you need to "browse" your local network for resources. Also known as a local master browser.

domain master Yes Tells Samba to become the master browser across multiple networks all over the domain. The local master browsers register themselves with the domain master

to learn about resources on other networks. os level Yes Sets the priority the Samba server should use when negotiating to become the

PDC with other Windows servers. A value of 65 will usually make the Samba

server win. wins support Yes Allows the Samba server to provide name services for the network. In other

words keeps track of the IP addresses of all the domain's servers and clients.

Cont..

time server Yes Lets the samba server provide time updates for the domain's clients.

workgroup "homenet" The name of the Windows domain we'll create. The name you select is your choice. I've decided to use "homenet".

security user Make domain logins query the Samba password database located on the samba server itself.

[global]

workgroup = TEST

time server = Yes

domain logons = Yes

os level = 65

preferred master = Yes

domain master = Yes

The [homes] Section

The [homes] section governs how Samba handles default login directories.

browseable No Doesn't allow others to browse the contents of the directory

read only No Allows the samba user to also write to their Samba Linux directory

create mask 0664 Makes new files created by the user to have "644" permissions. You want to change this to "0600" so that only the login user has access to files.

directory mask 0775 Makes new sub-directories created by the user to have "775" permissions. You want to change this to "0700" so that only the login user has access to directories.

[homes]

read only = No

browseable = No

create mask = 0644

directory mask = 0755

The [netlogon] and [profiles] Share Sections

The [netlogon] share section contains scripts that the windows clients may use when they log into the domain.

The [profiles] share section stores things such as favorites and desktop icons.

Your smb.conf file should look like this when you're finished:

[netlogon] path = /home/samba/netlogon guest ok = Yes

[profiles] path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700

Cont…

Remember to create these share directories from the command line afterwards.

[root@test tmp]# mkdir -p /home/samba/netlogon

[root@test tmp]# mkdir -p /home/samba/profile

[root@test tmp]# chmod -R 0755 /home/samba

The [printers] Share Section

Samba has special shares just for printers, and these are configured in the [printers] section.

[printers]

comment = All Printers

path = /var/spool/samba

printable = Yes

browseable = No

How To Create A Samba PDC Administrator User By default, the root user is the Samba administrator,

Fortunately, you can add workstations to the Windows domain by creating a Samba specific root password. This is done using the smbpasswd command.

[root@test tmp]# /usr/bin/smbpasswd -a root password

Note: Samba domain logins use the smbpasswd password. Samba passwords are stored in

the /etc/samba/smbpasswd file.

Adding The Users In Linux

To create the user, use the command: [root@test tmp]# useradd -g 100 peter

Giving them a Linux password is only necessary if the user needs to log into the Samba server directly. If the user does, use this method:

[root@test tmp]# passwd peterChanging password for user peter.New password:Retype new password:passwd: all authentication tokens updated successfully.[root@test tmp]#

Creating Group Shares in SAMBA1. Create a new Linux group managers:

[root@test tmp]# /usr/sbin/groupadd managers

2. Create a new directory for the group's files. If one user is designated as the leader, you might want to change the chown statement to make them owner [root@test tmp]# mkdir /home/managers-files

[root@test tmp]# chgrp parents /home/managers-files

[root@test tmp]# chmod 0770 /home/managers-files

Cont…

3. Add the group members to the new group. For instance, the command to add a user named jimmy to the group is:

[root@test tmp]# /usr/sbin/usermod -G managers jimmy

All your members are in the group; now they need to share.

Mapping The Linux Users To An smbpassword Next, you need to create Samba domain login passwords for the

user [root@test tmp]# /usr/bin/smbpasswd -a username password

The -a switch adds the user to the /etc/smbpasswd file. Use a generic password then have users change it immediately from their workstations in the usual way.

Remember the smbpasswd sets the Windows Domain login

password for a user, which is different from the Linux login password to log into the Samba box.

How To Delete Users From Your Samba Domain Deleting users from your Samba domain is a two stage process

in which you have to remove the user from the Linux server and also remove the user's corresponding smbpasswd entry. Here's how:

1. Delete the users using the smbpasswd with the -x switch [root@test tmp]# smbpasswd -x johnDeleted user john.[root@test root]#

2. Delete The Linux User by following the normal deletion process. For example, to delete the user john and all john's files from the Linux server use:

[root@test tmp]# userdel -r john

Cont…

Sometimes you may not want to delete the user's files so that they can be accessed by other users at some other time. In this case you can just

deactivate the user's account using the passwd -l username command.

EnD