Samba

SMB-based file sharing for Unix. "Opening Windows to a Wider World".

The following URL has good notes about setting up Samba. Might want to read them, if you run into trouble:

     http://home.nyc.rr.com/computertaijutsu/samba.html

Also note that a lot of Samba problems can be caused by the firewall on the Samba server. For example, on some systems, even though the firewall config tool says that Samba is open on the firewall, not all packets may be getting through. So, for a lot less grief, you may want to disable the firewall before proceeding with the next steps.

To get the latest version of Samba, see www.samba.org. Download the tar ball, change to the directory where it was downloaded and unpack it:

     tar -xvzf samba-3.0.24.tar.gz

Change to the source directory, and configure and build the source:

     cd samba-3.0.24/source
     ./configure
     make

As super user, install Samba:

     su
     make install

If you want to be able to find the Samba tools using the usual PATH environment variable, you can put symlinks to them into /usr/bin (where the Samba tools are typically installed by RedHat RPMs) by doing something like this:

     find /usr/local/samba/bin -exec ln -f -s \{\} /usr/bin \;

Note that, if you make any changes to Samba, you should do the following:

  1. Reboot all NT and Win 98 workstations (Windows caches SMBs and this can lead to changes not taking effect).
  2. Restart the smbd and nmbd processes.

.../etc/hosts & .../etc/lmhosts:

Add the samba server name to these two files on all of the Win 98/NT/2000/XP boxes. On NT/2000, .../etc/hosts is in /WinNT/System32/Drivers/Etc. On XP, .../etc/hosts is in /WINDOWS/System32/Drivers/Etc (the lmhosts file is in the same place as the hosts file on all systems). For example:

     192.168.1.1          mysys
     192.168.1.1          stargate       # <==== Exact name used for server
          .
          .
          .
     #BEGIN_ALTERNATE
     #INCLUDE     C:\WINNT\system32\drivers\etc\lmhosts.npt
     #END_ALTERNATE

It is very important that you do this and that the name added to the hosts file matches the name the Samba server is advertising under exactly.

/etc/hosts:

If you wish to refer to the workstations by name on the Samba server (e.g. if you will be using Samba client), add the Win 98/NT/2000/XP workstation names to /etc/hosts on the Unix box. For example:

     127.0.0.1       localhost.homeworld     localhost
     192.168.1.1     stargate.homeworld      stargate
     192.168.1.2     gabriella.homeworld     gabriella  # <==== workstation
     192.168.1.3     clara-bow.homeworld     clara-bow  # <==== names
     192.168.1.3     clara_bow.homeworld     clara_bow  # <====

/etc/rc.d/init.d/smb:

If you do not already have a Samba services script installed in your init.d subdirectory, here is one that should work.

     #!/bin/sh
     #
     # chkconfig: 2345 91 35
     # description: Starts and stops the Samba smbd and nmbd daemons \
     #               used to provide SMB network services.
     #
     # pidfile: /var/run/samba/smbd.pid
     # pidfile: /var/run/samba/nmbd.pid
     # config:  /etc/samba/smb.conf
     #BinDir=/usr/sbin/
     BinDir=/usr/local/samba/sbin/
     ConfigFile=/etc/samba/smb.conf
     # Source function library.
     if [ -f /etc/init.d/functions ] ; then
       . /etc/init.d/functions
     elif [ -f /etc/rc.d/init.d/functions ] ; then
       . /etc/rc.d/init.d/functions
     else
       exit 0
     fi
     # Avoid using root's TMPDIR
     unset TMPDIR
     # Source networking configuration.
     . /etc/sysconfig/network
     if [ -f /etc/sysconfig/samba ]; then
        . /etc/sysconfig/samba
     fi
     # Check that networking is up.
     [ ${NETWORKING} = "no" ] && exit 0
     # Check that smb.conf exists.
     #[ -f /etc/samba/smb.conf ] || exit 0
     [ -f ${ConfigFile} ] || exit 0
     # Check that we can write to it... so non-root users stop here
     #[ -w /etc/samba/smb.conf ] || exit 0
     [ -w ${ConfigFile} ] || exit 0
     RETVAL=0
     start() {
             KIND="SMB"
             echo -n $"Starting $KIND services: "
     #        daemon ${BinDir}smbd $SMBDOPTIONS
             ${BinDir}smbd -D -s ${ConfigFile} $SMBDOPTIONS
             RETVAL=$?
             echo
             KIND="NMB"
             echo -n $"Starting $KIND services: "
     #        daemon ${BinDir}nmbd $NMBDOPTIONS
             ${BinDir}nmbd  -D -s ${ConfigFile} $NMBDOPTIONS
             RETVAL2=$?
             echo
             [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \
                RETVAL=1
             return $RETVAL
     }
     stop() {
             KIND="SMB"
             echo -n $"Shutting down $KIND services: "
             killproc smbd
             RETVAL=$?
             echo
             KIND="NMB"
             echo -n $"Shutting down $KIND services: "
             killproc nmbd
             RETVAL2=$?
             [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb
             echo ""
             return $RETVAL
     }
     restart() {
             stop
             start
     }
     reload() {
             echo -n $"Reloading smb.conf file: "
             killproc smbd -HUP
             RETVAL=$?
             echo
             return $RETVAL
     }
     rhstatus() {
             status smbd
             status nmbd
     }
     case "$1" in
       start)
               start
             ;;
       stop)
               stop
             ;;
       restart)
               restart
             ;;
       reload)
               reload
             ;;
       status)
               rhstatus
             ;;
       condrestart)
               [ -f /var/lock/subsys/smb ] && restart || :
             ;;
       *)
             echo $"Usage: $0 {start|stop|restart|reload|status|condrestart}"
             exit 1
     esac
     exit $?

/etc/rc.d/rcx.d:

Add the smbd and nmbd services to the system startup by running chkconfig:

     /sbin/chkconfig --add smb
     /sbin/chkconfig smb on

This should add the services to runlevels 3, 4 & 5.

When you have finished all of the rest of the Samba configuration, you can start Samba via:

     /etc/rc.d/init.d/smb start

/var/log/samba:

You may need to create a log directory for Samba to write its logfiles into. The name of the logfile is defined in smb.conf (see below) but the tradional name is /var/log/samba. To create this directory:

     mkdir /var/log/samba
     chmod go= /var/log/samba

/etc/samba:

If the Samba configuration directory hasn't already been created, create one now:

     mkdir /etc/samba

The permissions should look like this:

     drwxr-xr-x     root     root

/etc/samba/lmhosts:

If you will be using Samba client (on the server, to access the Windows workstations), add the Win NT/98/2000/XP workstation names to /etc/samba/lmhosts on the Unix box. For example:

     127.0.0.1       localhost
     192.168.1.1     stargate
     192.168.1.2     gabriella           # <==== Workstation names
     192.168.1.3     clara-bow           # <==== Note that Unix uses '-'
     192.168.1.3     clara_bow           # <==== Note that Winduhs uses '_'

The lmhosts file is basically a copy of /etc/hosts so you can start by copying it to samba/lmhosts and then just edit it down, if you already have the workstations defined in /etc/hosts:

     cp /etc/hosts /etc/samba/lmhosts

The permissions should look like:

     -rw-r--r--     root     root

On the other hand, if you won't be using the Samba client on the server, you can skip all of the steps having to do with /etc/samba/lmhosts.

/etc/samba/smbusers (or /etc/smbusers for older versions of Samba):

Set up equivalences between Windows login names and login names on the Samba server in this file. For example:

     # Unix_name = SMB_name1 SMB_name2 ...
     root = administrator admin
     nobody = guest pcguest smbguest
     joeblow = joe

/etc/samba/smbpasswd (or /etc/smbpasswd for older versions of Samba):

Older versions of Samba (less than 3.x) used this file. For newer versions of Samba, see pdbedit, below.

You must set up passwords for Samba if you are using Windows NT 4.0, SP3 and above. You should generate the smbpasswd file from your /etc/passwd file using the following command:

     cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

If you are running on a system that uses NIS, use:

     ypcat passwd | mksmbpasswd.sh > /etc/samba/smbpasswd

Or, if you are running on a system that doesn't have mksmbpasswd.sh installed (e.g. SuSE), you can make up the password file by hand. You need entries that look like this:

     username:nnn:00000000000000000000000000000000:\
       00000000000000000000000000000000:[U]:LCT-00000000:comments

Where "username" and "nnn" are the user's name and userid from the /etc/passwd file.

All of the users are given disabled passwords in this file, by default. To set passwords that Samba can use, run:

     smbpasswd username

Because this file contains secret passwords, you should make sure that it is not readable by regular users:

     chmod go= /etc/samba/smbpasswd

You can find the full description of how all this works in the Samba HOWTO, either the PDF or HTML versions, which is in the docs directory of the build tree:

     ../docs/Samba3-HOWTO.pdf
     ../docs/htmldocs/Samba3-HOWTO/index.html

pdbedit

For newer versions of Samba (3.x and above), it looks like passwords must be added by hand using pdbedit. Basically, you must run, as root:

     pdbedit -a -u username

for each user that you wish to add. Note that the username is the local userid, not the Windows userid (which is mapped to a local userid by /etc/samba/smbusers, above).

/etc/samba/smb.conf or /etc/smb.conf (for older versions of Samba):

Configure Samba by hacking /etc/samba/smb.conf. Pay attention to the following (especially the "interfaces" IP addresses, which should be set to your machine's IP address plus 127.0.0.1):

     workgroup = WORKGROUP
     # netbios name = MRSERVER  <== Set this only if you don't want to use the
                                    machine's name from /etc/sysconfig/network
     comment = mysys
     server string = Samba %v Server
     hosts allow = 192.168.1. 127.
     interfaces = 192.168.1.1/24 127.0.0.1    <==== Machine's IP address here
     remote browse sync = 192.168.1.255
     local master = yes
     domain master = yes
     [homes]
     [Root]

For versions of Samba before 3.x, you will probably want to pay attention to the password stuff:

     encrypt passwords = yes
     smb passwd file = /etc/samba/smbpasswd
     unix password sync = no
     username map = /etc/samba/smbusers

For versions of Samba 3.x and above, you simply need to use:

     passdb backend = tdbsam

You can copy the sample config file from the build directory tree:

     cp ../examples/smb.conf.default /etc/samba/smb.conf

Or, if you'd like, here is a sample of a complete config file:

     # This is the main Samba configuration file. You should read the
     # smb.conf(5) manual page in order to understand the options listed
     # here. Samba has a huge number of configurable options (perhaps too
     # many!) most of which are not shown in this example
     #
     # Any line which starts with a ; (semi-colon) or a # (hash)
     # is a comment and is ignored. In this example we will use a #
     # for commentry and a ; for parts of the config file that you
     # may wish to enable
     #
     # NOTE: Whenever you modify this file you should run the command "testparm"
     # to check that you have not many any basic syntactic errors.
     #
     #======================= Global Settings ===================================
     [global]
     # workgroup = NT-Domain-Name or Workgroup-Name
         workgroup = WORKGROUP
         comment = mysys
     # server string is the equivalent of the NT Description field
         server string = Samba %v Server
     # This option is important for security. It allows you to restrict
     # connections to machines which are on your local network. The
     # following example restricts access to two C class networks and
     # the "loopback" interface. For more examples of the syntax see
     # the smb.conf(5) man page
         hosts allow = 192.168.1. 127.
     # if you want to automatically load your printer list rather
     # than setting them up individually then you'll need this
     ;    printcap name = /etc/printcap
     ;    load printers = yes
     # It should not be necessary to spell out the print system type unless
     # yours is non-standard. Currently supported print systems include:
     # cups, bsd, sysv, plp, lprng, aix, hpux, qnx
     ;   printing = cups
     # Uncomment this if you want a guest account, you must add this to
     # /etc/passwd otherwise the user "nobody" is used
     ;   guest account = pcguest
     # this tells Samba to use a separate log file for each machine
     # that connects
         log file = /var/log/samba/log.%m
     # Have no cap on log file size or put a cap on the size of the log
     # files (in Kb).
     ;   max log size = 0
         max log size = 50
     # Security mode. Most people will want user level security. See
     # security_level.txt for details.
         security = user
     # Use password server option only with security = server
     ;   password server = <NT-Server-Name>
     # For versions of Samba prior to 3.x.
     #
     # Username and password level allows the matching of up to n characters of
     # the username and password in mixed case.  All combinations of upper and
     # lower case with up to n letters mixed are tried.  A value of zero tries
     # two usernames and two passwords and is probably what you want.
         username level = 0
         password level = 0
     # Disallow access to accounts that have null passwords.
         null passwords = no
     # You may wish to use password encryption. Please read
     # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
     # Do not enable this option unless you have read those documents
         encrypt passwords = yes
         smb passwd file = /etc/samba/smbpasswd
     # The following are needed to allow password changing from Windows to
     # update the Linux sytsem password also.
     # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
     # NOTE2: You do NOT need these to allow workstations to change only
     #        the encrypted SMB passwords. They allow the Unix password
     #        to be kept in sync with the SMB password.
         unix password sync = no
     ;   passwd program = /usr/bin/passwd %u
     ;   passwd chat = NewUNIXpassword %n\n ReTypenewUNIXpassword* %n\n \
                       passwd:allauthenticationtokensupdatedsuccessfully*
     # End of stuff for Samba versions < 3.x.
     # Unix users can map to different SMB User names
         username map = /etc/samba/smbusers
     # Using the following line enables you to customise your configuration
     # on a per machine basis. The %m gets replaced with the netbios name
     # of the machine that is connecting
     ;   include = /etc/samba/smb.conf.%m
     # Most people will find that this option gives better performance.
     # See speed.txt and the manual pages for details
     ;   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     # Configure Samba to use multiple interfaces
     # If you have multiple network interfaces then you must list them
     # here. See the man page for details.
     ;   interfaces = 192.168.1.1/24
         interfaces = 192.168.1.1/24 127.0.0.1
         bind interfaces only = True
     # Configure remote browse list synchronisation here
     #  request announcement to, or browse list sync from:
     #     a specific host or from / to a whole subnet (see below)
     ;   remote browse sync = 192.168.3.25 192.168.5.255
         remote browse sync = 192.168.1.255
     # Cause this host to announce itself to local subnets here
     ;   remote announce = 192.168.1.255 192.168.2.44
     # Browser Control Options:
     # set local master to no if you don't want Samba to become a master
     # browser on your network. Otherwise the normal election rules apply
     ;   local master = no
         local master = yes
     # OS Level determines the precedence of this server in master browser
     # elections. The default value should be reasonable
         os level = 33
     # Domain Master specifies Samba to be the Domain Master Browser. This
     # allows Samba to collate browse lists between subnets. Don't use this
     # if you already have a Windows NT domain controller doing this job
         domain master = yes
     # Preferred Master causes Samba to force a local browser election on
     # startup and gives it a slightly higher chance of winning the election
         preferred master = yes
     # Use only if you have an NT server on your network that has been
     # configured at install time to be a primary domain controller.
     ;   domain controller = <NT-Domain-Controller-SMBName>
     # Enable this if you want Samba to be a domain logon server for
     # Windows95 workstations.
     ;   domain logons = yes
     # if you enable domain logons then you may want a per-machine or
     # per user logon script
     # run a specific logon batch file per workstation (machine)
     ;   logon script = %m.bat
     # run a specific logon batch file per username
     ;   logon script = %U.bat
     # Where to store roving profiles (only for Win95 and WinNT)
     #        %L substitutes for this servers netbios name, %U is username
     #        You must uncomment the [Profiles] share below
     ;   logon path = \\%L\Profiles\%U
     # All NetBIOS names must be resolved to IP Addresses
     # 'Name Resolve Order' allows the named resolution mechanism to be specified
     # the default order is "host lmhosts wins bcast". "host" means use the unix
     # system gethostbyname() function call that will use either /etc/hosts OR
     # DNS or NIS depending on the settings of /etc/host.config,
     # /etc/nsswitch.conf and the /etc/resolv.conf file. "host" therefore is
     # system configuration dependant. This parameter is most often of use to
     # prevent DNS lookups in order to resolve NetBIOS names to IP Addresses.
     # Use with care! The example below excludes use of name resolution for
     # machines that are NOT on the local network segment
     # - OR - are not deliberately to be known via lmhosts or via WINS.
     ; name resolve order = wins lmhosts bcast
     # Windows Internet Name Serving Support Section:
     # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
         wins support = no
     # WINS Server - Tells the NMBD components of Samba to be a WINS Client
     #     Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
     ;   wins server = w.x.y.z
     # WINS Proxy - Tells Samba to answer name resolution queries on
     # behalf of a non WINS capable client, for this to work there must be
     # at least one     WINS Server on the network. The default is NO.
     ;   wins proxy = yes
     # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
     # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
     # this has been changed in version 1.9.18 to no.
         dns proxy = no
      map to guest = never
      dead time = 0
      debug level = 0
     # Case Preservation can be handy - system default is no
     # NOTE: These can be set on a per share basis
     ;  preserve case = no
     ;  short preserve case = no
     # Default case is normally upper case for all DOS files
     ;  default case = lower
     # Be very careful with case sensitivity - it can break things!
     ;  case sensitive = no
     #============================ Share Definitions ============================
     [homes]
         comment = Home Directory
         browseable = no
         writable = yes
     [Root]
         comment = Root Directory
         path = /
         public = yes
         browseable = yes
         writeable = yes
         write list = @joeblow
     # Un-comment the following and create the netlogon directory for Domain
     # Logons
     ; [netlogon]
     ;   comment = Network Logon Service
     ;   path = /home/netlogon
     ;   guest ok = yes
     ;   writable = no
     ;   share modes = no