|For complete information on Samba see the SMB HOWTO. Also refer to the the smb.conf(5), smbd(8), smbclient(1), smbpasswd(5), smbpasswd(8), and testparm(1) man pages. You may access the howtos from one of the weblinks listed in the Linux websites section. The Linux Documentation Project or Metalab's Index of Linux publications will have copies if these howtos.|
You will want to perform the following steps according to the instructions below to set up samba services on your computer.
Check your /usr/doc directory for a directory like "samba-2.0.5a". Enter this directory with the command "cd /usr/doc/samba-2.0.5a". There is a docs and a samples directory at this location. There is a sample smb.conf file in the samples directory called smb.conf.default. Use this file to start your /etc/smb.conf file if you don't have one. Modify it for your workgroup name, remove the comment from the line "encrypt passwords = yes" and set up your share definitions as you need.
Configuring WindowsConfiguring windows 95 for sharing: (If you want to be able to browse your windows computer from Linux)
- Right click on "network neighborhood" and click "properties"
- Under configuration make sure you have "Client for Microsoft Networks", your ethernet card driver and TCP/IP
- Select "Client for Microsoft Networks"
- Select "File and Print Sharing" and turn on file and printer access, enter a password to use
- Select Add?
Setting up the service methodThere are two ways to run samba services. You can run them as a deamon, using the system startup scripts or use the internet super daemon, "inetd". You must choose one way or the other, you cannot run the service both ways. I recommend using the startup scripts since the service seems less reliable through inetd.
- To run as a startup service, if you are using Redhat Linux, you may run "linuxconf" and go to "Control", then "Control panel", then "Control service activity", select "smb" and set it to enabled and running. You will also need to be sure the "/etc/services" file is set up for the named ports below, along with setting up the "/etc/smb.conf", "/etc/smbusers", and possibly the "/etc/lmhosts" files below.
- To run on request through inetd, Put these lines in /etc/inedt.conf:
# Other services netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd netbios-ns dgram udp wait root /usr/sbin/tcpd /usr/sbin/nmbd \ -a
Setting up the servicesConfigure ports for NetBIOS name, datagram, and session services by being sure of existence of (or adding) the following lines in the /etc/services file:
netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp
Setting up the Samba configuration fileEdit the Samba configuration file "/etc/smb.conf" to provide suitable services. You should be able to get a file to start with from /usr/doc/samba-x.x.x/examples/
This is the samba file I use: Note: you can use swat (described below) to configure this file.
# This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ==============================Notes:
======= [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = mygroup # This allows you to get around a problem in WIN95, it is also needed # for OS/2 clients. You should definitely have this line enabled if # you want to be able to just drop your GNU/Linux machine into an existing # WIN95-only network. lm announce = yes #important for WIN95 and OS/2 machines # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page # hosts deny = ALL # hosts allow = 10.1.3.16 10.1.0.100 # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = <NT-Server-Name> # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication* tokens*updated*successfully* # Unix users can map to different SMB User names username map = /etc/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 192.168.199.1/24 10.1.0.100/16 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 10.1.255.255 192.168.199.2 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = <NT-Domain-Controller- SMBName> # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no admin users = root dead time=15 hide dot files = yes max connections = 10 share modes = yes guest account = nobody browseable = yes ; invalid users = root #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writeable = yes path=/home/%S public = no # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /home/netlogon ; guest ok = yes ; writable = no ; share modes = no # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes # This one is useful for people to share files [tmp] comment = Temporary file space path = /tmp read only = no public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group [public] comment = Public Stuff path = /home/public public = yes writable = yes printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries show how to share a directory so that two # users can put files there that will be owned by specific users. In this # setup, the directory should be writable by both users & have the sticky # bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 [cdrom] comment = Samba server's CD-ROM writable = no locking = no path = mnt/cdrom public = no root preexec = /bin/mount /mnt/cdrom root postexec = /bin/umount /mnt/cdrom [etc] comment = Linux setup files in /etc public = no writeable = yes path = /etc read only = yes valid users = george mark [floppy] comment = [Samba server's Floppy Drive browseable = yes writeable = yes path = /mnt/floppy public = no root preexec = /bin/mount /dev/fd0 /mnt/floppy root postexec = /bin/umount /mnt/floppy
- The section that allows unix passwords to be synced withsamba passwords does not seem to work. This may be because I use shadow passwords.
- To customize samba setups from various machines use the "include = /etc/smb.conf.%m" line.
- To make passwords be sent over the network in encrypted form:
- In the /etc/smb.conf file add or uncomment the lines:
encrypt passwords = yes smb password file = /etc/smbpasswd
- Type "smbpasswd -a user" then enter the desired passwords
textdocs/ENCRYPTION.txt. Be sure your smbpasswd file is only readable and writable by the root user.
- In the /etc/smb.conf file add or uncomment the lines:
- Note: Be sure alias is off so hosts can't fool your machine by aliasing their names.
To deny all hosts access except those you specify use the following example under [global]:
hosts deny = ALL hosts allow = 10.1.3.16 10.1.0.100
The smbusers fileEdit the /etc/smbusers file to map your machine names to unix users names:
The following file is an example I use:
# Unix_name = SMB_name1 SMB_name2 ... root = windoze1 windoze2 nobody = guest pcguest smbguest mark = windoze3In this case anyone logging in from machines windoze1 or 2 will be mapped as user "root".
The lmhosts fileYou may want to edit the /etc/lmhosts file depending on how you are providing your samba name services, Below is an example:
127.0.0.1 localhost 10.1.0.100 mymachine 10.1.3.16 georgeThis file may be used by the system to get IP addresses from host names. It may not be necessary for you to configure this file. You may need it if you do not have a DNS server available or your DNS server is not configured properly. If you get a message like "Resource is unavailable" you should try creating this file.
Upon completionYou will need to issue the following commands to complete the setup of Samba services:
- Enter the users' passwords with the command "smbpasswd -a user". This command is used to enter passwords for your users and is required for each user if you are using encrypted passwords which should be the case.
- If running the startup daemons, use one of the following choices of "samba restart", "samba start", "/etc/rc.d/init.d/smb restart", or "/etc/rc.d/init.d/smb start". Don't forget to set your startup services in Redhat's linuxconf program to run Samba services the next time you boot your system.
- If running Samba from inetd, start it with "killall -HUP inetd".
|testparm |more||To see the results of your changes. May have to restart inetd (below)|
|smbpasswd -a user||To set samba passwords. See the smbpasswd(8) man page for more information.|
|samba restart||To restart the Samba services when running through the startup scripts. This allows changes to take effect. You can use the command start, stop, or status to start, stop, or see the status of the service, respectively.|
|/etc/rc.d/init.d/smb restart||The same as the Samba restart command, but this command directly invokes the Samba startup script.|
|smbclient -L mymachine||To tell what services are running under samba|
|smbmount||Used to mount volumes from windows machines|
|killall -HUP inetd||To restart the inetd daemon and therefore allow new settings for this daemon or any subdaemon to be implemented. You will use this command, only if you run Sambausing the inetd daemon.|
Common PitfallsMany times those setting up Samba services will either have trouble browsing for their computer on the network or logging in. Below I have listed some possible reasons for these problems and what you should check:
- Unable to browse:
- Check to be sure the name of your workgroup is correct in the /etc/smb.conf file with the statement "workgroup = mygroup".
- Check to be sure the line "browseable = yes" is included in the [global] section of /etc/smb.conf.
- You may need to set up the lmhosts file if you do not have a DNS server or your DNS server is not configured with your samba server IP address and name.
- Type "ps -ax |grep smb" and you should see a line like "784 ? S 0:00 smbd -D". If you don't your services are not running and you should start them.
- If you are attempting to run Samba services from inetd using the inetd.conf file, run Sambaas a startup service and see if that fixes the problem.
- Unable to login with the system producing a message saying the password is incorrect.
- Check the log files in the /var/log/sambadirectory. First look for a file "log.machinename" where machinename is the name of the machine you are logging in from. You can "cat log.machinename" or use less or more to see the file.
- Be sure your user mapping is correct.
- Be sure the line "username map = /etc/smbusers" is included in the /etc/smb.conf file. Also check the log.smb file
- Be sure the file /etc/smbusers file contain line(s) like "unixuser = windozemachine1 windozemachine2 winuser1 winuser2 ...". The unix user is normally the name of the equivalent user you want to log in as such as root. I always put the machine name and all windows users names in the file to be sure that if the login is by machine name or Windows user name, it will be translated to a unix user name. Normally it is Windows user name. You will find out by examining the file "log.machinename".
- Be sure you are logging in using encrypted passwords from both the Linux and windows sides.
- Be sure the lines "encrypt passwords = yes" and "smb passwd file = /etc/smbpasswd" are in the /etc/smb.conf file and are not commented out with a ';' or '#' character in front of the line.
- Be sure you have added the users you are trying to log in as with the "smbpasswd -a user" command where user is the name of the Linux user you want to log in as. For instance the command is "smbpasswd -a root" to set the password up for the root user.
- Be sure Windows 95 is sending encrypted passwords. There is an upgrade patch for Windows 95 from Microsoft to make this change. This is only necessary for old versions of Windows 95. Windows 98, NT, 2K all send encrypted passwords by default. Therefore unless you are using one of the first versions of Windows 95 that came out, you should not have this problem.
Mounting and getting windows files from Linux aftersamba is installedThere are two programs supporting file services from windows:
- smbmount - Allows a shared directory on a windows machine to be mounted on the Linux machine.
- smbclient - Works similar to an ftp client enabling the user to transfer files
This command mounts the directory "windows" on the windows computer "winhost" on the machine named "mylinuxmachine". The directory "windows" must have sharing enabled for this to work. To unmount:
The smbclient program works with the following syntax:
smbclient //winmachine/dirsharename -s /etc/smb.conf
The winmachine is the NetBIOS name of the serving machine with the shared resource on it.
The dirsharename is the share name of the directory
The "-s /etc/smb.conf" indicates the path of the sambaconfiguration file.
After entering the above command you will get a password prompt. If no password is required, press "return", otherwise enter the required password. Upon successful login you can look at the directory with the "dir" command. Below are some available commands:
- dir - directory
- get remotefile localfile
- cd - Change directory
- exit, q, or quit - To exit the program
- help - for help information
- mkdir - make directory
Some notes on the smb.conf file formatVariables as found in the smb.conf file are as follows:
- %a - The architecture of the client machine such asSamba, WfWg, WinNT, Win95
- %d - The PID of the server process.
- %g - The group ID of the service's username (The name the client got)
- %G - The group ID of the session requested username
- %h - The internet (DNS) samba server host name.
- %H - The user's home directory.
- %I - The client machine's IP address.
- %L - The NetBIOS server name
- %m - The NetBIOS client name
- %M - The internet (DNS) client host name.
- %n - .
- %N - NIS home directory server name.
- %p - The path of the service's home directory from NIS auto.map.
- %P - The current services' root directory.
- %R - The protocol level. CORE, COREPLUS, LANMAN1, LANMAN2, or NT1.
- %S - The name of the current service.
- %T - The current data and time.
- %u - The client's username
- %U - The username the client wanted.
- %v - Samba version number.
- auto services - Directories automatically visible to all users browsing the network.
- bind interfaces only - Limits the interfaces to serve sambarequests.
- deadtime - The timeout for inactive connections
- debug level - The level of messages for logging.
- default service - The service to be connected if the service requested cannot be found. EX:
default service = docs [docs] path= /%S
- directory mask - Octal file settings used to convert DOS modes to UNIX modes when creating directories.
- directory security mask - Controls file permissions that can be modified by windows clients.
- dns proxy - Specifies that the nmbd daemon if running as WINS server, should should treat unknown names as DNS names and do a DNS lookup.
- lock directory - The path of the directory where lock files are stored.
- message command - Samba's command to run in response to WinPopup messages.
- name resolve order - The query order for resolution of name to IP addresses. Values are bcast, hosts, wins and lmhosts.
- netbios aliases - Other names the samba server is called and will answer to.
- netbios name - The samba server's netbios name.
- smb passwd file - The path for the encrypted Sambapassword file.
- smbrun - The path of the smbrun program used to execute shell commands for the samba daemon.
- socket address - Controls the address on which Sambawill listen for connections.
- syslog - Sets the threshold for sending messages to syslog
- syslog only - Use syslog rather than samba log files
SWAT configurationSWAT allows an administrator to configure the smb.conf file using a web browser. To use it you need to do the following:
- Add the following line to your /etc/services file:
swat 901/tcp # Swat Samba configuration services
- Add the following line to your /etc/inted.conf file
swat stream tcp nowait.400 root /usr/sbin/swat swat
- Type "killall -HUP inetd" to reload the inetd.conf file.
- On your local machine, address your web browser tohttp://localhost:901/
- If you connect over the network through a remote machine you should know that your password will be sent in the clear.
- SWAT will rewrite your smb.conf file and remove comments. Back up your smb.conf file before using SWAT.