I'm going to assume that you have Samba installed, and that everything went smoothly during install, and all you need to know is how to configure it. I've gotten many e-mails from people who decided to use the GUI tools, which make it look all pretty and simple. This isnt the way you should go. For one day, you might need to setup Samba on a box that doesn't have X-windows, or where you can't get a remote-x session running! We don't want to leave you hanging like that! We're going to do this the old-fashioned way.
Now, Samba has one main config file. In a sense, it's the heart of Samba, where most every setting is read and loaded, where all your directory and printer shares exisit. Most of everything you will need to share is right here. This config file is "smb.conf" and should be located in "/etc/smb.conf."
If you open up smb.conf with your favorite free-software text editor like jed or emacs, you'll see where there are all the configuration options for Samba (with comments) on how to setup work-groups, server-names and other stuff. We'll go into the latter one by one, later on. Just look through it briefly, just so you get an idea of what kind of beast you're working with.
I'll quickly explain the other files that Samba references to. The main one (as you now know) is /etc/smb.conf. The second file is /etc/smbusers. This is a list of all the valid users in the system that have Samba accounts as well. For example, look below at my /etc/smbusers:
# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
Now, as the comment includes, the GNU/Linux name can equal multiple Win9x names. If you made a user on your GNU/Linux system named "mp3" and you wanted to only share mp3's, you could add a line like:
mp3 = music audio tunes
and anyone could login with the login name "music" "audio" or "tunes" (entering the same password of course) and access all the files available for the user "mp3". Pretty neat eh?
There is one more main file: "/etc/smbpasswd". This is where the passwords for the Samba users are kept. And yes, all you paranoid admins, if you take a look at it the password is scrambled, so nobody can get your superuser account and swipe your private stash of MP3's on that 60 gig Raid Array!
Enough with the technical jargon, enough with the explanation. Let's get this up before your supervisor comes a-running, or wife starts yelling about printer sharing. Put on your sunglasses, crack your knuckles. It's go time.
Open up /etc/smb.conf. The very first configurable line should look something like this :
# workgroup = NT-Domain-Name or Workgroup-Name workgroup =
Pearsall-Home
As you can see from what I have, my work-group is set to "Pearsall-Home". Depending on what your workgroup is, you might want to change that.
The next line you should have should be something looking like this:
# server string is the equivalent of the NT Description field server
string = MP3's For all
Also, this is what your computer will come up as in the server-description field. If someone wants to see what your server is for, you might want to put it there so they know. Obviously, my Samba server is used for sharing MP3's with the rest of my family.
Now we get into the more tricky stuff. The next configurable line should look something like this:
; hosts allow = 192.168.1. 192.168.2. 127.
If you are familar with networks and such, you will notice that this
restricts access to only certain networks, so any computer on
192.168.1. After that you should have some stuff on printers. For these, it's best just
to leave them alone. If you read the comments (highlighted in light blue in the
jed text editor) you'll see what each printer option does. The next thing is the
guest account. This represents which user can be used (if any) for guest. If you
want a guest user, your line might look like this:
Which would mean that the user "smbguest" on your gnu/linux system would also
be a guest account for any Win9x/NT client that wants to gain access to your
files. Remember to remove the ";" in front of it.The log file is self
explanitory, as is the max log size. One important option you might want to look
at is the security setting. You can read the secuirty_level.txt in the Samba
documentation. But I have my settings on share. But the "user" level security
will work fine.
The next line (this is all security stuff as you might have guessed) allows
you to specify a NT Password server to verify usernames and logins on. The line
should look like this:
I have never had to use this option, as I run a GNU/Linux network, and my
computer IS the password server. But If you needed to enable this, just get rid
of the ";" and substitue The next option is another security feature. It is called "password level".
There are two, a user password level, and a username level. This allows only a
certain number of the same characters to appear in a username or a password. You
can increase, or lower the number of characters, depending on the need for
secuirty. Mine looks like this:
The next option deals with encrypting passwords to be sent over the network.
And it looks like this:
Now, a normal geek like you and me would say "Hell, yes! I want encrypted
passwords; I dont want cleartext passwords going thru MY network!" But if you're
unfortunate enough to have to use outdated Windows 95 computers, you HAVE to
have it send plaintext passwords. However, with Windows 98/2000, you can indeed
enable encrypted passwords. The smb passwd file is just where all the encrypted
passwords are stored for reading.
The next section deals with GNU/Linux password syncing. Password syncing is
when I change my system password (telnet or ssh) for my GNU/Linux server, it
also updates the password for me in /etc/smbpasswd as well. This also relates to
if I happen to change my smb password, it will change my GNU/Linux telnet, or
ssh password for me as well.
Below that is where you can map GNU/Linux users to change and map different
usernames to different system accounts. (/etc/smbusers). This part of the config
file looks like this:
After username mapping is the the machine specific configuration files. This
is useful if you need to have a separate smb.conf file. Say that Win95 computer
that needs cleartext passwords, but you don't want ALL the smb authentification
to be in cleartext. This allows you to specify a machine name and have it
reference a differnt smb.conf . It would work like this, If you had a Win95
machine named "gorewin" and you wanted it to load a differnt smb.conf file so
that it could access the shares using non-encrypted passwords, you could do
this:
In this, when a machine with the NetBIOS name of "gorewin" tries to access
the resources, it references the /etc/smb.conf.gorewin file instead of the
/etc/smb.conf file.
Much of what you will see are advanced things that most normal users won't
need. And if you think you do, you can read the comments, or e-mail me for help
on a certain part of it. There are so many options and parts though, that I
couldn't explain them in less than a 50-page article.
Next we come to the share definitions. Share definitions define (duhh) the
shares that your system or systems will offer to SMB clients. You can define
printers, home directories, folders on your system and other goodies. For
example, here is a share definition of what I use to share MP3's with my
GNU/Linux and Win9x/NT clients:
This will allow any valid user (guest included) to browse my Mp3's located in
/mnt/MP3 . The "comment" field is what the share is commented as under.
The "browseable" feature allows people to point and click and browse their
way through it with no problem. This means they're not locked into a single
directory or folder. This can be a good and a bad thing, but in my case, a good
thing.
The "path" field will export the path to the actual file(s) that you want to
share. The "public" field allows guest users and others to view the files.
"Guest only" means that people BESIDES guest users can browse it as well.
"Writeable" means that nobody can write anything to it, or write OVER anything.
The "user" field shows where a list of valid smb-style users are. As
discussed before above, /etc/smbusers works well for this. The "admin users"
field is exactly that. It specifies which local users (on the system) are
considered adminstrators and can change or add or modify to the exported
directory.
Next, after we are done editing the /etc/smb.conf file, we want to add Samba
users to the system with a nice little tool called "smbadduser". If you just run
smbadduser at the root prompt, you should see something like this:
Wow! it's like documentation from the command. As you can plainly see, adding
a Samba user is easy. For example, if you had a user "Darwin" on your GNU/Linux
system, and you wanted to add him as a Samba user named "darw1n" you would
simply issue this command without the quotes:
And then it would add the username to /etc/smbpasswd and /etc/smbusers and
then ask you for a new SMB password for the SMB user darw1n! Sound pretty easy,
no? Well it is!
If you've set everything as you wish to, then it's time to test this
configured Samba beast out! Switch to a root (#) prompt, and type "service smb
restart" (if you're in Linux-Mandrake or Red Hat anyways). Otherwise, you'll
have to kill the old smb daemon and start it up again.
Flip up your sunglasses, slurp down another cup of coffee, and wheel over to
your Win9x machine. Login in through the network with a valid username and
password you put into your system, and fire open network neighborhood. If all
goes well, you should see your GNU/Linux Samba server and be able to browse
whatever file shares you have open!
Now when your boss demands to know where his files are, you can tell him to
check his home directory, and when he sees that he has his own home directory on
his GNU/Linux machine, and he sees that his files are all there, displayed
perfectly, he pats you on the back, and gives you a $30,000 raise! Or.. well..
something like that.
guest account = smbguest
; password server =
password level = 4
username level = 4
This means If I
had the login name of "aaaalex" and the password of "xxxxxxxllllll" that the
password would be rejected because there are too many repeating occurrences of
the characters "x" and "l" in the password.
; encrypt passwords = yes
; smb passwd file = /etc/smbpasswd
; username map = /etc/smbusers
include = /etc/smb.conf.gorewin
[mp3]
----------------------------------------------------------
Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com
1)
Updates /etc/smbpasswd
2) Updates /etc/smbusers
3) Executes smbpasswd
for each new user
smbadduser unixid:ntid unixid:ntid ...
Example: smbadduser zak:zakharoffm johns:smithj
---------------------------------------------------------- "smbadduser Darwin:darw1n"
E-mail Alex at rebelpacket@linux.com
with any questions or ideas.
