Samba

Open-source implementation of the SMB protocol used by Microsoft
Created by Andrew Tridgell in 1992

He sniffed packets and reverse-engineered the SMB protocol

Unlike NFS, Samba runs as a user process and is not part of the kernel

File and Print Sharing

Your Linux/Unix directories can appear on your Windows platform

typically mapped as a drive letter

Your Windows directories can be mounted on your Linux/Unix machine

Services provided by the Samba Server

SMB (Server Message Block): used in Microsoft networking

also known as CIFS (Common Internet File System)
implements file and print services, and authentication

NBT (NetBIOS over TCP) is an extension of NetBIOS

NetBIOS is the protocol that allows browsing on a Windows network

implements name resolution, browsing, and service announcement

nbtd can also emulate a fully-featured WINS server

translating NetBIOS names and IP addresses

a browse master for a workgroup, or to take part in master browser election

Setting up a Samba Server

Install the rpm

check to see if the rpm is installed

$ rpm -qa | grep samba

samba-client-x.y.x

samba-x.y.z

samba-common-x.y.z

install these package if they are not on your system

# rpm -ivh samba-x.y.z.rpm

The samba server configuration file /etc/samba/smb.conf

Save a copy of smb.conf before you begin so you can always get back to square one!
For simple implementations the smb.conf configuration file will work without any modification
Configure directories and printers that you want to share and there access rights
The config file provides templates and comments to help make configuration easier
See the man page for more info

man 5 smb.conf

The Global Settings

workgroup: Windows workgroup or domain
server string: Description field that appears in browse lists
hosts allow: For security you should modify the hosts allowed to access shares

hosts allow =192.168.1. 127.

hosts allow =.example.com

hosts allow = 192.168.1.0/255.255.255.0

hosta allow = 150.203. EXCEPT 150.203.6.66

load printers: Set to yes it will share the printers in your /etc/printcap
security:

Set to user clients are required to enter a username and password
Set to share the authentication is on a per share basis
Set to domain the authentication is done by the PDC

security = user

encrypt passwords: Used by smbclient, Windows NT 4.0, Win95/98, and 2k expect encrypted passwords unless you edit the registry, but that's not a good idea.
smb passwd file: Provides smbclient the Windows-hashed passwords

Share Settings and Examples

path: the absolute pathname to the share
browseable: appear in browse list
writeable: authorized users can write to the share
printable: used for printers
public: user nobody ok to access
valid users: only needed if not public

[homes]

comment = Home Directories

browseable = yes

writable = yes

[ftp]
    comment = the ftp directory
    path = /var/ftp/pub
    public = yes
    writeable = no
    printable = no

[eng]
    path = /prj/eng
    hosts allow = 192.168.0.128/255.255.255.192
    public = no
    writeable = yes

valid users = tomo rita robert

[printers]

comment = All Printers

path = /var/spool/samba

browseable = no

# public = yes to allow user 'guest account' to print

guest ok = no

writable = no

# Can write to print spool only

printable = yes

Check your configuration file!

# testparm

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[printers]"

...

Start the smb service

# /etc/rc.d/init.d/smb start
OR
# service smb start

Create an account for users who wish to access Unix shares from their Windows machines on Samba Server

These are the Windows-hashed passwords used by the smbclient process
If you specify encrypted passwords, you must supply them!
The password doesn't have to be the same as the users Windows password

# touch smbpasswd
# smbpasswd -a userxx

Windows users also need an account in /etc/password to access home directories

Example:

A user is logged in as mikek on his Windows machine and wants to see his home directory on the Linux/Unix server.
He will need to have an account and home directory on the Linux/Unix server
use the useradd utility to create that account

edit the /etc/passwd file and the /etc/shadow file, adding the user

Another possible solution is to map a Windows user account to one of your Unix user account

edit /etc/samba/smbusers
add the following line but replace the xy and xx with the appropriate user number
left of the equal is the Unix account, right of the equal is the Windows account

userxx = 107userxy

make sure that

username map = /etc/samba/smbusers

is uncommented in the /etc/samba/smb.conffile

Samba will be expecting the password you created for userxx

Troubleshooting Samba

See what shares are browseable on your Unix machine

The smbclient command is run on the Linux/Unix machine.

You may need to provide the smb password you just created

The -N should suppress the password prompt

$ smbclient -L stationxx -N

See what shares are browseable on your Windows machine

you may need to provide your windows password

The -N should suppress the need to provide a password

$ smbclient -L Windows-stationxx -N

Try connecting to one of your Linux shares
This command in not unlike ftp where you can ls, put, and get files

$ smbclient //stationxx/homes
added interface ip=10.2.135.212 bcast=10.2.135.255
nmask=255.255.255.0
Password:
Domain=[EXAMPLE] OS=[Unix] Server=[Samba 2.2.3a]

smb: \> ls
...
smb: \> quit

Check the NetBIOS lookups

See which machines are running NetBIOS on your network
nmblookup is run on the Linux/Unix machine

$ nmblookup '*'
192.168.1.25 *<00>
192.168.1.5 *<00>
192.168.1.6 *<00>
192.168.1.30 *<00>
192.168.1.20 *<00>

Samba Logging

You can turn up the log level in the smb.conf file to help find problems
Set the log level to 3 to create more logging information

log level = 3

Log files can be found by default in /var/log/samba
Samba requires the ability to use the LanMan authentication
Check Local Security Policy, expand Local Policies, click Security Options

Select LAN Manager Authentication Level
Set "Send LM & NTLM responses use NTLMv2 security if negotiated"
Samba requires the LAN Manager password, which is unfortunate

Mapping your Linux share onto your Windows machine

Test to see if you can access your home directory from a Windows machine

net view \\10.2.135.xx

Map the Unix home directory for your user (homes share) on your windows machine

net use z: \\10.2.135.xx\homes
OR
Go to Windows Tools menu and Map Network Drive

mount your Windows share on your Unix machine

Before mounting the Windows filesystem remember you must

have a mount point on the Unix machine
have a share to access on the Windows machine
The windows machine in this example is named michoacan

# mkdir /mnt/win_share

# mount -t smbfs -o username=pattyo //michoacan/test /mnt/win_share

OR

# smbmount //michoacan/test /mnt/win_share -o username=pattyo

INFO: Debug class all level = 3 (pid 5411 from pid 5411)

opts: username=pattyo

mount.smbfs started (version 2.2.3a)

added interface ip=192.168.1.20 bcast=192.168.1.255 nmask=255.255.255.0

resolve_lmhosts: Attempting lmhosts lookup for name michoacan<0x20>

resolve_hosts: Attempting host lookup for name michoacan<0x20>

Connecting to 192.168.1.25 at port 139

Password:

If you use this command without the username option, you will need to provide the Administrator password
Note the smbfs file system type, this is either built into the kernel or you will see the kernel module

$ lsmod | grep smb

smbfs 36896 1 (autoclean)

Take a look at the mounted filesystem statistics

$ df /mnt/win_share

Filesystem 1k-blocks Used Available Use% Mounted on

//oaxaca/test 6285056 3857024 2428032 62% /mnt/win_share