Learning Debian GNU/LinuxBy Bill McCarty1st Edition September 1999 1-56592-705-2, Order Number: 7052 360 pages, $34.95 , Includes CD-ROM |
10.3 Samba
Available since version 3.11 of Microsoft Windows, printer and file sharing are two of Window's most useful features. For example, outfitting each computer in a large office with a laser printer would be quite expensive. But printer sharing lets you reduce the cost of providing every user with printing capability; with printer sharing, each computer system in the office can print to a single printer.
Just as printer sharing lets your computer access a printer attached to another computer, file sharing lets your computer access files stored on another computer. File sharing makes it quick and easy to transfer data from one system to another and avoids the confusion that results when everyone has their own - possibly out of date or inconsistent - copy of important data files they could not otherwise access.
To provide printer and file sharing, Microsoft Windows uses a facility known as SMB (Server Message Block). This same facility is sometimes known as NetBIOS or LanManager. Thanks to Andrew Tridgell and others, Linux systems provide support for SMB via a package known as Samba. Like SMB, Samba lets you:
Share printers and files among Microsoft Windows, OS/2, Netware, and Unix systems
Establish a simple nameserver for identifying systems on your local area network
Samba has proven its reliability and high performance in many organizations. According to the online survey at http://www.samba.org/pub/samba/survey/ssstats.html, Bank of America is using Samba in a configuration that includes about 15,000 clients, and Hewlett-Packard is using Samba in a configuration that includes about 7,000 clients.
10.3.1 Samba Server Installation
If you've never installed and configured a network server, Samba's a good place to begin; its installation and configuration are generally simple and straightforward.
Samba includes the smbd program, which runs as a daemon, several utility programs, man pages and other documentation, and the configuration file: /etc/smb.conf. You'll learn how to configure the /etc/smb.conf file in the next subsection.
NOTE: The pending unstable version of Samba places its configuration files in /etc/samba, rather than /etc. If you install a recent version of Samba, you should look in /etc/samba for the Samba configuration files.
10.3.2 Configuring Samba
The /etc/smb.conf file lets you specify a variety of options that control Samba's operation. The install script for Samba establishes a simple /etc/sbm.conf that may meet your requirements.
You can edit the /etc/sbm.conf file to suit your special needs by using your favorite text editor. However, Samba includes a tool called swat that lets you view and change options by using your Web browser, which is generally much easier than using a text editor. The swat tool verifies the values of parameters you enter and provides online help. To access swat, point your browser to port 901 of your system. For example, you can use the URL http://localhost:901/. Your web browser will prompt you for a userid and password; specify
root
as the userid and give the appropriate password. Figure 10.1 shows swat's main menu, accessed by using the system's IP address in place of its hostname.Figure 10.1: The Samba main menu
To configure your Samba server, you click on simulated tool bar entries:
The main menu also provides convenient access to Samba documentation.
10.3.2.1 Configuring global variables
To configure global options, click on the Globals button on the tool bar. Figure 10.2 shows the Global Variables page and Table 10.2 describes the most important options. You can access additional options by clicking on Advanced View. To change an option, select or type the desired value. When you've changed all the options you want to change, click on Commit Changes, which causes the changes to take effect.
Figure 10.2: Samba global variables
Table 10.2: Samba Global Variables Option group
Option
Description
Base
workgroup
The workgroup name displayed when the server is queried by a client.
netbios name
The name by which the server is known to the NetBIOS nameserver.
server string
The text string displayed to describe the server.
Base (cont.)
interfaces
The IP address of the interface or the IP addresses of the interfaces through which Samba should listen. Each IP address is followed by a forward slash and a number that specifies the number of bits that pertain to the network portion of the IP address (usually 24). If this option is not set, Samba attempts to locate and automatically configure a primary interface.
Security
security
Specifies how Samba authenticates requests for access to shared resources. The default value,
user
, is helpful when the Samba server and its clients have many common userids. The valueshare
can be useful when few common userids exist. The valuesystem
lets another SMB server perform authentication on behalf of the server. You should generally use the default value; see the Samba documentation for details.
encrypt passwords
Specifies whether Samba will negotiate encrypted passwords, which are expected by Windows NT 4.0 SP3 and Windows 98.
update encrypted
Allows automatic updating of an encrypted password when a user logs on using a non-encrypted password. This option is useful when migrating to encrypted passwords and should otherwise be set
off
.
map to guest
Specifies Samba's action when a user attempts to log on using an invalid password. The
Bad User
option is generally appropriate.
guest account
The Linux account used to provide services for guest users.
hosts allow
A list of hosts that can access the server. If not specified, all hosts are permitted access.
hosts deny
A list of hosts that cannot access the server.
Logging
log level
An integer that specifies the verbosity of log messages. A low value (such as 0) specifies that few messages are written to the log.
log file
Specifies the name of Samba's log file.
max log size
The maximum size of the log file in kilobytes (kb). When the specified size is exceeded, Samba begins a new log file. A value of zero lets the log file grow indefinitely large.
Tuning
read prediction
Specifies whether Samba will attempt to pre-read data from files, in order to speed data transfer. This code is disabled in Samba 2.0.
socket options
Specifies TCP options that can improve performance. See the Samba documentation for details.
Printing
printcap name
Specifies the name of the printcap file used by the server.
printing
Specifies how Samba interprets printer status information. Generally,
SYSV
is an appropriate choice for a Linux system.Logon
logon script
Specifies the path of a BAT file that is downloaded from the server and run when a user logs on to Samba.
domain logons
Specifies whether Samba will serve Windows 9x domain logons for its workgroup. Note: Samba cannot yet serve Windows NT domain logons, which require a Primary Domain Controller (PDC).
Browse
os level
Specifies the level at which Samba advertises itself for browse elections. A high number makes it more likely that Samba will be selected as the browser. The value 65 will cause clients to prefer Samba to a Windows NT server.
preferred master
Specifies whether the NetBIOS name server is the preferred master browser for its workgroup.
local master
Specifies whether the NetBIOS name server will bid to become the local master browser on a subnet.
domain master
Specifies collation of browse lists across a wide-area network (WAN). May result in strange behavior when a workgroup includes a Windows NT Primary Domain Controller (PDC).
WINS
wins server
Specifies the IP address of the WINS server with which the NetBIOS nameserver should register itself, if any.
wins support
Specifies that the NetBIOS nameserver should act as a WINS server. Useful when the network includes several subnets. Do not specify this option for multiple systems of a single network.
Locking
strict locking
Specifies whether the server will automatically lock files and check locks when files are accessed. Enabling this option may slow performance.
You probably won't need to make many changes to Samba's global variables. Setting the
workgroup
andnetbios name
is sufficient for most users. If your system has more than one network adapter card, you'll also need to set the interfaces variable.WARNING: If your system is attached to a cable modem or other interface that makes it available to other network users, you should consider specifying security options that prevent unauthorized users from accessing your files or printer. Like other Samba users, the author has had a rogue system (in Pakistan) repeatedly attempt to access his shared files. To ensure that such attempts are unsuccessful, you might (for example) use the
hosts allow
option to restrict the hosts allowed to access your Samba server.10.3.2.2 Configuring file share parameters
To establish and maintain file shares, you use the Shares button on the tool bar. Figure 10.3 shows the Share Parameters page.
Figure 10.3: Samba file share parameters
You can create a new share by typing its name and clicking on Create Share. To delete a share, choose it from the drop-down list, and click on Delete Share. To work with an existing share, choose it from the drop-down list, and click on Choose Share. When you click on Choose Share, the page shown in Figure 10.4 appears. This page lets you view and change a variety of share options. Table 10.3 describes the available share options. You can access additional options by clicking on Advanced View. As with the global options, you may not need to change many (if any) share options. Likely candidates for change are the
comment
,path
,read only
, andcreate mask
options.Figure 10.4: Samba file share parameters
Table 10.3: Samba File Share Options Option Group
Option
Description
Base
comment
The description displayed when the file share is queried by a client.
path
The path (directory or file) that is shared by the server.
Security
guest account
The Linux account used to provide services for guest users.
read only
Specifies whether access to the share is read-only.
create mask
The default mode assigned to a newly created file within a shared directory.
guest ok
Specifies whether guest access (access without a password) is allowed.
hosts allow
A list of hosts that can access the file share. If not specified, all hosts are permitted access.
hosts deny
A list of hosts that cannot access the file share.
Browse
browseable
Specifies whether the file share is visible in the list of shares made available by the server.
Locking
strict locking
Specifies whether the server will automatically lock files and check locks when files are accessed. Enabling this option may slow performance.
Miscellaneous
available
Specifies whether the share is available; by setting this option to "no" you can prevent access to the share.
volume
The volume label returned for the share.
10.3.2.3 Configuring printer share parameters
You configure printer share parameters in much the same way you configure file shares. Begin by clicking on the Printers tool bar button. The page shown in Figure 10.5 appears. You can use the page to create a new printer share, delete a printer share, or modify an existing printer share.
Figure 10.5: Samba printer parameters
If you select a printer from the drop-down list and click on Choose Printer, the page shown in Figure 10.6 appears. Table 10.4 describes the available print share options. You can access additional options by clicking on Advanced View. As with the global options and file share options, you may not need to change many (if any) printer share options. Likely candidates for change are the
comment
,path
,read only
, andcreate mask
options.Figure 10.6: Samba printer parameters
Table 10.4: Samba Print Share Options Option Group
Option
Description
Base
comment
The description displayed when the printer share is queried by a client.
path
The print spooling directory.
Security
guest account
The Linux account used to provide services for guest users.
guest ok
Specifies whether guest access (access without a password) is allowed.
hosts allow
A list of hosts that can access the printer share. If not specified, all hosts are permitted access.
hosts deny
A list of hosts that cannot access the printer share.
Printing
print ok
Specifies whether printing is permitted. If this option is set to "no," clients may still be able to browse the printer share.
Printing (cont.)
printing
Specifies the type of printer interface used, which determines what commands Samba issues to control the printer. "BSD" is generally a good choice.
printer name
Specifies the name of the printer to which the printer share corresponds; "lp" is generally a good choice.
Browse
browseable
Specifies whether the printer share is visible in the list of shares made available by the server.
Miscellaneous
available
Specifies whether the printer share is available; by setting this option to "no" you can prevent access to the printer share.
10.3.3 Viewing Samba Server Status
The Status button on swat's tool bar lets you view the status of the Samba server. Figure 10.7 shows the page that appears when you click on Status. The page shows:
Using the controls on the page, you can refresh the page contents, set the auto refresh interval, start and stop either daemon, or kill an active connection.
Figure 10.7: Samba status page
10.3.4 Viewing Samba Server Configuration
The View button on swat's tool bar lets you view the Samba server's main configuration file, /etc/smb.conf. Figure 10.8 shows the page that appears when you click on View. By default, the page shows only the basic configuration options; clicking on Full View causes swat to display every configuration option.
Figure 10.8: The Samba /etc/smb.conf file
10.3.5 Managing Users and Passwords
You can create userids for accessing Samba resources by clicking on swat's Password tool bar button. Figure 10.9 shows the Password page that appears.
Figure 10.9: The password page
The top part of the page, titled Server Password Management, lets you:
The userids you specify using Server Password Management are those that your Samba server recognizes as authorized to access its resources.
The bottom part of the page, titled Client/Server Password Management, lets you change the password associated with a userid on a remote system running Samba or SMB. Changing a password by using Client/Server Password Management is often more convenient than logging in to the remote host and using its password change facility.
10.3.6 Troubleshooting Samba
Like any network server, Samba provides a wealth of options and facilities. If you thoroughly explore these facilities, you're likely to break your server. To avoid problems, you should keep a backup copy of your /etc/smb.conf file. Doing so can be as easy as issuing the following command after Samba is up and running:
cp /etc/smb.conf /etc/smb.conf.SAVEThen, if your server ceases to work, you can restore your old configuration by issuing the command:
cp /etc/smb.conf.SAVE /etc/smb.confYou'll also need to restart your system (or at least the Samba daemons).
On the other hand, you may have difficulty in getting Samba to operate correctly in the first place. Or, you may need to change Samba's configuration and therefore be unwilling to simply restore its previous status.
In such cases, you can consult the documentation that accompanies Samba. In particular, peruse the file DIAGNOSIS.txt, which should be in the /usr/doc/ Samba-2.0.3/docs/textdocs directory, or its equivalent on your system. This file includes a step-by-step procedure for verifying the operation of your Samba server. When a step fails, you can consult the file to determine the likely causes and how to go about fixing the problem. Chances are, you'll be able to administer Samba without outside help; but, if you can't, you'll find the participants of the comp.protocols.smb newsgroup to be helpful.
NOTE: Some versions of the Samba package do not include the file DIAGNOSIS.txt. If your system lacks the file, you can obtain it from the Samba web site, http://www.samba.org/.
Back to: Learning Debian GNU/Linux
© 2001, O'Reilly & Associates, Inc.