Samba tutorial -- Part 6

Sharing A Linux Drive With Windows Machines

As shown in the simple smb.conf above, sharing Linux drives with Windows users is easy. However, like everything else with Samba, you can control things to a large degree. Here are some examples:

To share a directory with the public, create a clone of the [tmp] section above by adding something like this to smb.conf:

---

[public]
  comment = Public Stuff
  path = /home/public
  public = yes
  writable = yes
  printable = no

---

To make the above directory readable by the public, but only writable by people in group staff, modify the entry like this:

---

[public]
  comment = Public Stuff
  path = /home/public
  public = yes
  writable = yes
  printable = no
  write list = @staff

---

It used to be that easy; you would now be able to start Samba and browse the shares from a Windows PC. However, Microsoft has recently made life slightly more difficult for those using Samba. Windows 98, Windows NT (service pack 3 or higher) and later builds of Windows 95 now use encrypted passwords by default. Samba uses unencrypted passwords by default. You can't browse servers when either the client or server is using encrypted passwords, because a connection cannot be made anonymously.

You can tell if you have a password type mismatch between client and server if when you try to connect to a share you see a dialog box which reads something like "You are not authorized to access that account from this machine".

You can either configure your Samba server to use encrypted passwords, or configure the Windows machines to use unencrypted passwords.

To get Windows to work with encrypted SMB passwords:

Windows 95/98 =============

Using the registry editor (regedit), create the registry setting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP Add a new DWORD value: Value Name: EnablePlainTextPassword Data: 0x01.

Windows NT ==========

Using the registry editor (regedit), create the registry setting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rdr\Parameters Add a new DWORD value: Value Name: EnablePlainTextPassword Data: 0x01

Windows 2000 ============

Using the registry editor (regedit), create the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters Add a new DWORD value: Value Name: EnablePlainTextPassword Data: 0x01

Once these registry changes have been made, reboot the Windows machine and try to map a network drive on the Samba server again. It should work as long as the Samba server is using plain text passwords.

To configure Samba to use encrypted passwords:

In the [global] section of /etc/smb.conf, add the following lines:

---

encrypt passwords = yes
smb passwd file = /etc/smbpasswd

---

You are highly encouraged to read the files ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation before doing this!

If your clients and server are using encrypted passwords, you will not be able to browse the available shares on the server until an initial connection has been made with the appropriate authentication. To get the initial connection, enter the share name manually in the Windows File Manager or Explorer dialog box, in the form '\\\'. Log onto the server with a username and password that is valid on the server!

If you suspect that your NetBIOS name service is not correctly configured (perhaps because you get 'host not found' errors when trying to connect), try using just the IP address of the server: '\\\'.

In order to get filenames to appear correctly, you may also need to set some options in the appropriate share section. These work for Windows 95/98/NT clients, but may need to be modified if you have Windows 3.X clients:

---

    ; Mangle case = yes seems to give the correct filenames
   ; for Win95/98/NT.
   mangle case = yes

   ; If samba is case sensitive when looking for files
   case sensitive = no

   ; Default case of files that are created
   default case = lower

   ; Preserve case for all filenames
   preserve case = yes

   ; Preserve case for dos (8.3) filenames
   short preserve case = no

---

For other tricks to play with drive shares, see the Samba documentation or man pages.

---

interfaces = 192.168.1.1/24

---

Note: The bit after the / is a reference to the subnet mask. "24" is the value to use for an unsegmented Class C network. For more information on subnet calculations, you might want to see http://www.ralphb.net/IPSubnet/.

There is a lot more to Samba configuration than this, but this will get you started. If you want to do something more advanced, I refer you to the Samba Web site mentioned above.

Samba tutorial - Part 5

Samba configuration on a Linux (or other UNIX machine) is controlled by a single file, /etc/smb.conf. This file determines which system resources you want to share with the outside world and what restrictions you wish to place on them.

Since the following sections will address sharing Linux drives and printers with Windows machines, the smb.conf file shown in this section is as simple as you can get, just for introductory purposes.

Don't worry about the details, yet. Later sections will introduce the major concepts.

Each section of the file starts with a section header such as [global], [homes], [printers], etc.

The [global] section defines a few variables that Samba will use to define sharing for all resources.

The [homes] section allows a remote users to access their (and only their) home directory on the local (Linux) machine). That is, users trying to connect to this share from Windows machines, will be connected to their personal home directories. Note that to do this, they must have an account on the Linux box.

The sample smb.conf file below allows remote users to get to their home directories on the local machine and to write to a temporary directory. For a Windows user to see these shares, the Linux box has to be on the local network. Then the user simply connects a network drive from the Windows File Manager or Windows Explorer.

Note that in the following sections, additional entries for this file will be given to allow more resources to be shared.

---

; /etc/smb.conf
;
; Make sure and restart the server after making changes to this file, ex:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start

[global]
; Uncomment this if you want a guest account
; guest account = nobody
  log file = /var/log/samba-log.%m
  lock directory = /var/lock/samba
  share modes = yes

[homes]
  comment = Home Directories
  browseable = no
  read only = no
  create mode = 0750

[tmp]
  comment = Temporary file space
  path = /tmp
  read only = no
  public = yes

---

Having written a new smb.conf, it is useful to test it to verify its correctness. You can test the correctness of a smb.conf file , using the 'testparm' utility (man page: testparm); if testparm reports no problems, smbd will correctly load the configuration file.

Here's a good trick: If your Samba server has more than one ethernet interface, the smbd may bind to the wrong one. If so, you can force it to bind to the intended one by adding a line that looks like this to the [global] section of /etc/smb.conf:

---

interfaces = 192.168.1.1/24

---

where you replace the IP address above with the one that is assigned to the correct ethernet interface. The "24" is correct for a Class C network, but may have to be recalculated if you have subnetted the network. The number relates to the netmask. Numbers for other classes of networks are given in the IP-Masquerade mini-HOWTO.

There is now a GUI configuration tool for Samba: GtkSamba. See http://www.open-systems.com/gtksamba.html.

Samba tutorial - Part 4

Running The Daemons

The two SMB daemons are /usr/sbin/smbd and /usr/sbin/nmbd. Under most Linux distributions, these are started, stoped and restarted via the startup script located in /etc/rc.d/init.d/smb and symlinked to the appropriate runlevels.

If you choose not to use the standard startup script, you can run the Samba daemons from inetd or as stand-alone processes. Samba will respond slightly faster as a standalone daemon than running from inetd.

In either case, you should check the file /etc/services for lines that look like this:

---

netbios-ns      137/tcp         nbns
netbios-ns      137/udp         nbns
netbios-dgm     138/tcp         nbdgm
netbios-dgm     138/udp         nbdgm
netbios-ssn     139/tcp         nbssn

---

Make sure they are all uncommented. Depending on your distribution, you may even need to add them. Samba will not be able to bind to the appropriate ports unless /etc/services has these entries.

To run the daemons from inetd, place the following lines in the inetd configuration file, /etc/inetd.conf:

---

    # SAMBA NetBIOS services (for PC file and print sharing)
   netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
   netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd

---

Then restart the inetd daemon by running the command:

---

    kill -HUP `cat /var/run/inetd.pid`

---

To run the daemons from the system startup scripts, put the following script in file called /etc/rc.d/init.d/smb (for most distributions) and symbolically link it to the files specified in the comments:

---

    #!/bin/sh

   #
   # /etc/rc.d/init.d/smb - starts and stops SMB services.
   #
   # The following files should be synbolic links to this file:
   # symlinks: /etc/rc.d/rc1.d/K35smb  (Kills SMB services on shutdown)
   #           /etc/rc.d/rc3.d/S91smb  (Starts SMB services in multiuser mode)
   #           /etc/rc.d/rc6.d/K35smb  (Kills SMB services on reboot)
   #

   # Source function library.
   . /etc/rc.d/init.d/functions

   # Source networking configuration.
   . /etc/sysconfig/network

   # Check that networking is up.
   [ ${NETWORKING} = "no" ] && exit 0

   # See how we were called.
   case "$1" in
     start)
       echo -n "Starting SMB services: "
       daemon smbd -D 
       daemon nmbd -D
       echo
       touch /var/lock/subsys/smb
       ;;
     stop)
       echo -n "Shutting down SMB services: "
       killproc smbd
       killproc nmbd
       rm -f /var/lock/subsys/smb
       echo ""
       ;;
     *)
       echo "Usage: smb {start|stop}"
       exit 1
   esac

---

If when starting Samba you get an error that says something about the daemon failing to bind to port 139, then you probably have another Samba process already running that hasn't yet shut down. Check a process list (with 'ps auxww | grep mbd') to determine if another Samba service is running.