Samba is the UNIX service for Microsoft Windows File and Print serving. The funny thing is, a well tuned Linux Samba server is a FASTER NT server than a well tuned NT server itself! As of Samba 2.0, it still doesn't offer full PDC/BDC support yet but they do have some beta versions that do.
* Please note that these installation docs are for Samba 1.9.x and might be somewhat different for a Samba 2.x distribution.
- Download the newest Samba code from:
and also check out some of the great docs at:
NOTE: These installation assume that you are running Shadow passwords. (you really should be!)
--
- Uncompress the .tgz "tar -xzvf *"
- cd into the new Samba directory and then "cd sources"
- Edit the "Makefile"
- Find the lines:
"# The permissions to give the executables INSTALLPERMS = 0755"
and change them to 0750"
- Redhat users: find the following lines and un-#ed out the last two lines:
"# This is for PAM authentication. RedHat Linux uses PAM.
# If you use PAM, then uncomment the following lines:
# PAM_FLAGS = -DUSE_PAM
# PAM_LIBS = -ldl -lpam"
Ditto here:
"# FLAGSM = -DLINUX -DAXPROC -DFAST_SHARE_MODES
# FLAGSM = -DLINUX -DFAST_SHARE_MODES
# LIBSM ="
Same here:
"# FLAGSM = -DLINUX -DNETGROUP -DALLOW_CHANGE_PASSWORD -DFAST_SHARE_MODES -DNO_AS MSIGNALH -DGLIBC2
# LIBSM = -lnsl -lcrypt"
- Save the changes and then run "make all; make install"
- Security: Post from the Samba team on 11/20/98, you should do the following:
rm /usr/sbin/wsmbconf
chmod +t /var/spool/samba
- Next, edit the /etc/smb.conf file. If you need more information, run "man smb.conf" to read an exceptionally well written MAN page.
- Under the [Global] Section:
- Edit the "WORKGROUP" line to reflect the name of the workgroup you want
WORKGROUP = ACME123
- Edit the "server string" line to reflect the name of the machine
server string = Roadrunner Samba Server
- Edit the "hosts" allow line to ONLY reflect:
hosts allow = 192.168.0. 127.
- Make sure that printing is enabled:
printcap name = /etc/printcap
load printers = no
printing = bsd
- Make sure the GUEST account is disabled by having a ";" in the front of:
"; guest account = pcguest"
- For Windows 95/98/NT viewing, turn on "user level" security
"security = user"
- Windows98, patched Windows95, and Windows NT now required ENCRYPTED SMB passwords. So, make sure you have the follow lines in your smb.conf file (or remove the ";"s if the lines are already there):
encrypt passwords = yes
smb passwd file = /etc/smbpasswd
- Since the Samba server and all clients are on the same LAN segment, add the following:
"socket options = IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192"
- Since we have multiple NICS, set the following:
"interfaces = 192.168.0.1/24 127.0.0.0/8"
- Add the line:
"bind interfaces only = true"
- Also set the following:
"remote announce = 192.168.0.255 "
- Allow Samba to be a subnet master browser
"local master = yes"
- Enable Samba to always win the Subnet Master Browser election
"preferred master = yes"
- Enable full Win95 login support:
"domain logons = yes"
- Fix Samba permissions so when you create a file/directory, the UNIX permissions are correct too!
"create mask = 0770"
"directory mask = 0750"
- **OPTIONAL** Since my Samba server is only used by me, I can essentially disable file write locking on all shares. If you are going to have a lot of users editing the same file, you should NOT enable this option.
"fake oplocks = yes"
- **OPTIONAL** Since I have a CD-ROM changer on my machine, I don't need to enable file write locking so I'll disable it here.
"veto oplock files = /home/hpe/CDROMs/Cdrom*"
-----------------------
- Set or verify the setting of follow shares for each user's home DIR and a central Hp Laserjet IIp printer.
* NOTE: The printer name CANNOT be any longer than -8 characters-!
[homes]
comment = Home Directories
# Making this NON-BROWSABLE gets rid of the duplicated "username" and
# "homes" shares
browseable = no
writable = yes
# Allows only the current Samba user into their home directory
user = %S
[Hp_Lj2p]
printer = raw
comment = Hp LaserJet IIp on RoadRunner
path = /var/spool/samba
browseable = yes
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
print command = /usr/bin/lpr -b -r -PHp_Lj2p %s
lpq command = lpq -PHp_Lj2p
lprm command = lprm -PHp_Lj2p %j
[Epson_S]
printer = raw
comment = Epson Stylus 500 Color on RoadRunner
path = /var/spool/samba
browseable = yes
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
print command = /usr/bin/lpr -b -r -PEpson_S %s
lpq command = lpq -PEpson_S
lprm command = lprm -PEpson_S %j
- The /home/hpe directory is a common directory and SMB share for ALL users. Since ALL the files in this dir should be readable by all other users, I want all files/dirs to be created with the WHEEL group.
[hpe]
comment = Hpe
path = /home/hpe
read only = no
public = no
force group = wheel
--
- Next, you need to test that your /etc/smb.conf file is correct. To do this, simply run the "testparm" program and it will check it for you and tell you everything it understands. Browse over this real quick but don't expect to understand much of it! Hehehe..
- Now start up Samba, run
- Redhat:
/etc/rc.d/init.d/smb start
- Slackware:
/usr/local/samba/bin/smbd -D
/usr/local/samba/bin/nmbd -D
- Lastly, we need to add your login to the Samba username file. Yes, it's separate from the normal /etc/password file. Though this is initially a pain, you can have it auto-syncronise with the UNIX password file (Not covered in the TrinityOS doc..yet) though it is covered in the Samba documentation.
--- This is all covered in /usr/doc/samba-*/ENCRYPTION.txt file ---
- Ok, to create the /etc/smbpasswd file: run the following command:
cat /etc/passwd | mksmbpasswd.sh >/etc/smbpasswd
- Next, fix the permissions of the file:
chmod 500 /etc/smbpasswd
- With this command, all users defined in the /etc/passwd file will have a SMB entry put into the /etc/smbpasswd file. Though the user is defined, the user will be LOCKED out until they change their SMB password. To fix this, do the following PER user:
smbpasswd johndoe
- A few things to do on your Windows 95/NT box:
- One thing that you need to now to that you might not be used is acutally logging into your Windows95 or NT box. You need to create a Username AND a password on your Windows box which is the same on your UNIX box
- One more thing, you need to re-configure your Windows95 or WindowsNT servers to use the correct WORKGROUP (ACME123).
Windows 95 and NT: Use the Network Control Panel
NOTE: Verify that your Windows95/NT machine does NOT have the Netbeui protocol installed. If it does, DELETE that protocol.
- Whew! Ok, the home stretch. Reboot your Windows boxes with the new WORKGROUP setting and when prompted, login with the configured Windows Username and password from above. Now, go to the "Network Neighborhood" and see if you see the ROADRUNNER server. If everything goes well, you should see your home UNIX directory!
So go for it and see if you can create, delete, move files, etc from File Explorer on your Windows machine. Cool huh?
-------------------------------------------------- If you want to do printing, check out Section 47 --------------------------------------------------
** If you canot get Samba to run right, please read the Samba Diagnostic docs:
/usr/doc/samba-*/docs/DIAGNOSIS.txt
- If everything went ok... Excellent! Congratulations! Make sure that SMB is enabled upon boot.
- To do this, UN-DO all edits for SMB lines in Section 8
*************************************************************************************
On the flip side, you can mount your Windows95/NT shares onto your Linux box! Cool huh!
- Ok, if everything is working ok with Samba (from above), you should be able get a list of shares from your Windows 95/NT box, do:
"smbclient -L //your-nt-boxs-name -U johndoe"
When prompted for a password, enter in the same password that you use to log into your Windows95/NT machine. You should then see something like:
Added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0
Server time is Tue Jan 12 17:22:36 1999
Timezone is UTC-8.0
Password:
Domain=[ACME123] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0]
security=user
Server=[your-nt-boxs-name] User=[] Workgroup=[ACME123] Domain=[]
Sharename Type Comment
--------- ---- -------
C$ Disk
IPC$ IPC Remote IPC
- If the above step worked ok, you should be able to mount your Windows95/NT share directly onto your linux box. To do this, run the following:
mkdir /tmp/smb-c /usr/sbin/smbmount //your-nt-boxs-name/c$ /mnt/smb -U johndoe -c roadrunner