Network Administration Module 09 SAMBA
What is SAMBA? Samba is a collection of Linux tools that allow the communications between Linux system and Windows system by using the Windows network (SMB/CIFS Protocol) Samba allows a Linux system or network to act as if it were a Windows server. Emulate the SMB protocol (for sharing resources between MS Windows OS) and connect Linux system with MS Windows System.
What does Samba Do? Samba uses the Server Message Block (SMB)/Common Internet File System (CIFS) protocol (endorsed jointly by Microsoft and IBM) to pass low-level data between Windows clients and Unix servers. SMB is native to Windows, unlike NFS
What does Samba Do? Samba can divorce the user (and management) from where the data is stored while retaining the MS environment most users/managers expect. Samba emulates many of the advanced network features and functions associated with the Win9x/ME and NT/2000/XP/Vista/7 operating systems through the SMB/CIFS protocol.
Samba provided services File and Printer Services Authentication and Authorization Services (function as a domain controller) Name Resolution Service Services Announcement
File Sharing Linux/UNIX files on Windows Windows files on Linux/UNIX “mount” Windows shares to Linux What should I leave out?
Printer Sharing Linux/UNIX printers on Windows Share Windows printers on Linux/UNIX Linux is Linux. Let’s keep it that way!
The Samba Components nmbd smbd SWAT Clients (smbclient or windows) VFS driver
Installing SAMBA You may check whether SAMBA is installe rpm –q samba If SAMBA is not installed, the command return the output “package samba is not installed” If SAMBA is installed, the RPM query returns the version number (e.g. samba-3.0.33-3.29.el5.rpm ) Use the rpm command to install SAMBA rpm –Uvh samba<version-number> Or Use yum install samba
Configuring SAMBA server The main configuration file is /etc/samba/smb.conf #Sample of /etc/samba/smb.conf [global] workgroup = CIMNA netbios name = NETADMIN server string = Samba Server %v security = user … … [homes] comment = Home Directories read only = No [printers] Global Setting Sharing Settings
/etc/samba/smb.conf [global] default parameters for all sections [homes] usually the user’s home dir /home/%u [printers] shared printers or /etc/printtab [...more...] other directories to be shared
5 Major Sections (Meta-Services / stanza) in Configuration file (/etc/samba/smb.conf) Description [global] General SAMBA configuration parameters. There is some configuration info here that is important so that Samba and your Windows pc's will function properly. [printers] Used for configuring printers [homes] Defines treatment of user logins (e.g. configuration of shared folders) [netlogon] A share for storing login scripts (Not created by default). [profile] A share for storing domain logon information such as “favorites” and desktop icons (Not created by default).
Sample Configuration File [global] workgroup = NAGROUP server string = Network Administration – SAMBA Server encrypt passwords = True security = user passdb backend = tdbsam [homes] comment = Home Directories browseable = no read only = no [shareall] comment = Public Share Folder path = /home/public public = yes browseable = yes read only = yes writable = no
[marketing] comment = Share Folder Marketing Department path = /share/marketing public = no valid users = john, mary, james browseable = yes read only = no writable = yes
[global] workgroup = NAGROUP The option workgroup specifies the workgroup your server will appear to be in when queried by clients. It's important to have the same workgroup name on both clients and servers. server string = Network Administration – SAMBA Server The option server string specifies the string that you wish to show to your users in the printer comment box in print manager, or to the IPC connection in the net view command under Windows machines. encrypt passwords = True The option encrypt passwords if set to True instructs Samba to use encrypted passwords instead of plain text password when negotiating with the client. Sniffer program will not be able to detect your password when it is encrypted. This option always must be set to True for security reasons. security = user The option security, if set to user, specifies that a client must first log-on with a valid username and password, or the connection will be refused. This means that a valid username and password for the client must exit in your /etc/passwd file on the Linux server and in the /etc/smbpasswd file of the Samba server, or the connection from the client will fail. smb passwd file = /etc/smbpasswd The option smb passwd file specifies the path to the encrypted smbpasswd file. The smbpasswd file is a copy of the /etc/passwd file of the Linux system containing valid usernames and passwords of clients allowed to connect to the Samba server. The Samba software reads this file, smbpasswd when a connection is requested.
[shareall] comment = Public Share Folder The option comment allows you to specify a comment that will appear next to a share when a client does queries to the server. path = /home/public The option path specifies a directory to which the user of the service is to be given access. In our example this is the /home/public directory of the Linux server. read only = No The option read only specifies if users should be allowed to only read files or not. public = yes The option allows directory to be accessed by any user. writable = yes The option specifies whether or not files can be written to this share. If yes, the share can be written to. If no, the share is read-only. This parameter defines the actions permitted by Samba. Actual permission to write to the directory defined by the share is still controlled by standard Linux file permissions. browseable = yes The option specifies whether or not all users may browse the contents of this share. no means that only users with the correct user ID are allowed to browse this share. yes means all users, regardless of UID, can browse the share. This parameter controls only browsing; actual access to the contents of the share is controlled by standard Linux file permissions.
[marketing] valid users = john, mary, james The option valid users specifies a list of users that should be allowed to login to this service. In our example only the user admin is allowed to access the service. invalid users = root The option invalid users specifies a list of users that should not be allowed to login to this service. This is really a paranoid check to absolutely ensure an improper setting does not breach your security. It is recommended that you include all default users that run daemons on the server.
Starting Samba Two components - smbd - file and print sharing nmbd - services broadcasting Manual method /usr/local/samba/bin/smbd –D /usr/local/samba/bin/nmbd –D -or- /etc/rc.d/init.d/smb [ start | stop] service smb restart
Useful command - testparm testparm is a very simple test program to check an smbd configuration file for internal correctness. If this program reports no problems, you can use the configuration file with confidence that smbd will successfully load the configuration file.
Useful command - smbclient A simple SMB client, with an interface similar to that of the FTP utility. It can be used from Unix/Linux system to connect to a remote SMB share, transfer files, and send files to remote printer shares (printers).
Managing Samba Users You must set up Samba users on a list independent from your Linux users who have accounts on your Linux system. Samba can store user and machine account data in a “TDB” (trivial database). Note: /etc/samba/smbpasswd is no longer the default of Samba 3.X. Two steps are required to make and enable a new Samba user: Create a Samba user entry by name and add a password for the user. Samba users can be created only from the current users on your Linux system. smbpasswd –a newuser Enable Samba access for the new user.
Windows Client Configuration Match Windows and Linux userids. TCPIP protocol support required. "MS Client for File and Printer sharing" Windows files marked as shareable if a Samba client will access them. Netbios and Netbeui are not required.
SMABA Linux Client Network neighborhood Search for the Domain name or workgroup of your Samba service. Also check SAMBA client side: smbclient -L ntserver smbclient //ntserver/ntshare
SWAT Beginning with version 2.0 SAMBA includes a utility called SWAT (SAMBA Web Administration Tool). This tool makes setting up SAMBA very easy. SWAT enables you to use a Web browser as the interface to configure the SAMBA server. SWAT is under the control of xinetd. If you would like to use SWAT, install xinetd first.
Why use SAMBA instead of NFS You may use NFS to share file between Windows and Linux (you need to install a NFS client under Windows). It makes more sense to use SAMBA to communicate with Windows computers. The Server Message Block (SMB) protocol is how Windows computer communicate with each other. It is the Windows native protocol for sharing files and printers.