To verify that Samba is installed:
[root@smblab3 samba.d]# rpm -qa|grep samba samba-2.2.2-4 samba-doc-2.2.2-4 [root@smblab3 samba.d]# rpm -V `rpm -qa|grep samba` S.5....T c /etc/samba.d/smb.conf S.5....T c /etc/samba.d/smbusers(configuration files might be reported as being changed, this is expected)
To (re)install Samba, you can either use the RPMs on your OL311 Server media, or download them from:
ftp://ftp.caldera.com/pub/OpenLinux3.1.1/Server/RPMS/
The Samba RPMs that are shipped with OpenLinux3.1.1 Server are:
Use the rpm command to install any missing packages:
[root@smblab3 samba.d]# rpm -i samba-2.2.2-4.i386.rpmTo start Samba, either use the KDE Kontrol Center, or use the samba command:
[root@smblab3 samba.d]# samba startTo check that Samba is running, you can check the process table for the Samba daemons nmbd and smbd:
[root@smblab3 samba.d]# ps -ef|grep mbd root 10000 1 0 09:27 ? 00:00:00 smbd -D root 10003 1 0 09:27 ? 00:00:00 nmbd -D root 10005 10003 0 09:27 ? 00:00:00 nmbd -DYou can also check the status of these services with the samba command:
[root@smblab3 samba.d]# samba status Checking status of samba service: nmbd smbd.
There are several ways to configure Samba, including command line
configuration, SWAT - Samba Web Administration Tool and Webmin - The Web
Administration Tool. For the Cookbook we will discuss how to configure
Samba with Webmin (where possible).
(See the Using SWAT and Samba
Files sections under Advanced Topics for more
information.)
Using your browser, follow this key to find the main configuration page for Samba in Webmin:
https://localhost:1000 -or- https://remote.samba.server.com:1000 (with webmin configured for remote use) Login with root or admin account Choose Servers->Samba Windows File Sharing
Scroll down to Global Configuration section Choose Windows Networking
There are 3 different roles Samba can play in a Windows network:
|
|
Which role Samba should play will depend upon your existing Windows network configuration, if you have an NT Domain to join, an NT server to replace or want to be part of an existing Workgroup. If you are setting up a new Windows network you may want Samba to be the Domain Controller.
We will discuss how to configure each role, for more information on Domains, see Advanced Topics.
In all roles it is important that the server name used by Samba is unique within the Windows network. Be aware that the term Workgroup is used to refer to either the Workgroup Name or the Domain Name. The difference between Workgroup and Domain is only the security model used within the group of machines in the Windows network. This name should be common on all machines in the same group.
In Webmin on the Windows Networking page for Samba there are only a few key items that need to be configured, while the defaults for the other parameters will work for most networks. Here is a table to help you configure Samba for the 3 common roles.
Samba Role | Samba configuration in Webmin |
---|---|
Stand-alone
(NOT recommended) |
additionally, for Windows 95/98/ME clients, configure the smb.conf parameter domain logons = No |
Domain Member |
(see Advanced Topics ) for more information about WINS and Domains |
Domain Controller |
additionally, for Windows 95/98/ME clients, configure the smb.conf parameter domain logons = Yes |
domain logons = [Yes|No]Or you can use SWAT to control this parameter:
GLOBALS->Advanced View->Logon Options (Commit Changes)
You can also access Windows disk shares from OpenLinux. To connect the Windows share to a OpenLinux directory (mount point), use the commands:
[root@smblab3 root]# mkdir /MOUNTPOINT [root@smblab3 root]# smbmount //WINDOWS_CLIENT/SHARENAME /MOUNTPOINT [root@smblab3 root]# cd /MOUNTPOINT [root@smblab3 root]# ls -l
To add additional printer share definitions
If you have a lot of existing OpenLinux users that you wish to add to Samba, you may want to use the "Convert Unix® users to Samba users." link below Samba's Global Configuration section in Webmin to automatically add Samba accounts for those users.
User synchronization can also be configured through the link, "Configure automatic Unix and Samba user synchronisation". Here you can choose to have a Samba account automatically created when an OpenLinux user is added.
Adding users can also be done at the command line.
To add a local system account that allows OpenLinux logins:
[root@smblab3 samba.d]# useradd -m -s /bin/sh smbuser3 [root@smblab3 samba.d]# passwd smbuser3 New user password: Retype new user password: [root@smblab3 samba.d]#Or if you want to create Samba-Only Users that don't allow direct logins into OpenLinux, set the shell for the system account to /bin/false:
[root@smblab3 samba.d]# useradd -m -s /bin/false smbuser3 [root@smblab3 samba.d]# passwd smbuser3 New user password: Retype new user password: [root@smblab3 samba.d]#Set the default shell for the useradd command in the file, /etc/default/useradd.
To add the Samba account:
[root@smblab3 samba.d]# smbpasswd -a smbuser3 New SMB password: Retype new SMB password: Added user smbuser3. [root@smblab3 samba.d]#We suggest that you use the same password for both accounts.
[root@smblab3 samba.d]# cat /etc/samba.d/smbpasswd|cut -f1 -d:Restarting Samba
[root@smblab3 samba.d]# samba restart
Control Panel->Network->Indentification Control Panel->Network->Client for Microsoft Networks->Properties Network Neighborhood->Properties->Client for Microsoft Networks->PropertiesAs there were different roles for Samba to play in the Windows network, Windows systems can also play different roles. Windows 95/98/ME can be clients of workgroups or domains, but not domain controllers. While Windows NT/2000/XP can be, either domain members or controllers. All Windows clients need to be configured to match the network and server that they wish to connect to.
Samba Role | Windows client configuration |
---|---|
Stand-alone |
|
Domain Member |
|
Domain Controller |
|
* NT/2000/XP Systems also need machine accounts
on the Samba server *
(see Advanced Topics ) for more information about WINS and Domains |
After restarting Windows and logging in you should find the Samba shares available under:
Network Neighborhood->Entire Network->DOMAIN_NAME->SAMBA_SERVER_NAME
Explorer->Tools->Map Network Drive.Choose an available drive letter and associate it with the Samba share and pathname with this syntax:
\\SAMBA_SERVER_NAME\SHARENAME\PATHNAME
Control Panel->Printers->Add PrintersAdd a Network printer which points to the Samba shared printer with this syntax:
\\SAMBA_SERVER_NAME\PRINTER_SHARENAMEContinue and choose the matching driver for the printer
Samba provides these protocols and is fully compatible with Windows
95/98/ME/NT/2000/XP. Samba can be a Domain Controller but it's most common
role is to be a member of an existing Windows security domain.
Samba can be configured to store these locally or access a remote
authentication server, hosted by either another Samba server, or more commonly
by a Windows NT/2000/XP domain controllers.
Samba does not currently provide the facilities to replicate the authentication
databases. This replication was the purpose for MS NT4 Primary and Backup
Domain Controllers.
|
|
Domain Controllers require Domain Members (Windows NT/2000/XP not 95/98/ME)
to have machine accounts.
If Samba is acting as the Domain Controller, Domain Members need accounts
in both the SMB database and the OpenLinux password database.
You can add machine accounts to OpenLinux, using the commands:
[root@smblab3 root]# useradd -d /dev/null -s /bin/false smblab4\$ [root@smblab3 root]# passwd -l smblab4\$ Password changed. [root@smblab3 root]#NOTE: The "$" suffix is required for machine accounts.
You can add machine accounts to Samba's SMB database with the command:
[root@smblab3 root]# smbpasswd -a -m smblab4 Added user smblab4$. [root@smblab3 root]#If Samba is playing the role of a Domain Member it requires an machine account in the Domain Controller's database
There are 2 steps to joining an existing NT Domain
[root@smblab3 samba.d]# smbpasswd -r PDC_NAME -j DOMAIN_NAME [root@smblab3 samba.d]# samba start
Because many NetBIOS names can be for the same machine, there are additional codes which identify what the name is registering. And since some names must be unique and others aren't, names are registered as either "Unique" or "Group" names.
These names are being registered, queried, and re-registered frequently. With the default behavior being to use broadcasts, it doesn't take too many machines to cause a lot of name resolution traffic on the network.
Since broadcast are not allowed to cross subnets, any Domain that spans multiple subnets, requires WINS. The Domain Master Browser needs WINS to be able to coordinate a list of available resources for the Local Master Browsers, so they can provide a consistant "Network Neighborhood" view to the clients in the domain.
Using WINS helps busy Windows networks tremendously. Since clients can ask the WINS server directly for name resolution information, the extra broadcasts traffic is eliminated.
Once a WINS server is designated, all clients should be configured to point to it. For Windows clients provide the IP address of the WINS server under the client's networking configuration section.
To configure Samba for WINS in Webmin:
There are 2 ways to get to SWAT, through Webmin use the SWAT icon in Samba's Global Configuration section or use the URL:
http://localhost:901Once you've logged into SWAT you will find links to documentation and icons to modify the various configuration parameters for Samba. You should recognize the parameters that we have discussed under the "GLOBALS" icon. All of these parameters may be a bit overwhelming, perhaps making SWAT a more difficult interface to use for first time administrator.
Configuration Files | |
|
|
Log Files | |
|
|
Daemons | |
|
|
Commands | |
|
|
Sample configuration for Samba as the Domain Controller for the Cookbook Domain:
# Global parameters [global] workgroup = COOKBOOK netbios name = SMBLAB3 server string = Samba Server on Caldera OpenLinux null passwords = Yes username map = /etc/samba.d/smbusers password level = 8 username level = 8 log file = /var/log/samba.d/smb.%m max log size = 200 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon path = \\%L\Profiles\%U logon home = \\%L\Profiles\%U domain logons = Yes os level = 35 preferred master = True domain master = True dns proxy = No wins support = Yes printing = cups printer name = printer1 [homes] comment = Home Directories path = %H/Samba username = %S valid users = %S read only = No create mask = 0750 only user = Yes browseable = No [netlogon] comment = Samba Network Logon Service path = /srv/samba/netlogon guest ok = Yes [profiles] path = /srv/samba/profiles admin users = root read only = No guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/cups read only = No create mask = 0700 guest ok = Yes printable = Yes browseable = No [public] comment = Public Stuff path = /srv/samba/Public write list = @users [smbprt] comment = Samba shared cups printer smbprt path = /var/spool/cups read only = No create mask = 0700 guest ok = Yes printable = Yes postscript = Yes
Robert Eckstein, David Collier-Brown, Peter Kelly
1st Edition November 1999
1-56592-449-5, Order Number: 4495
To help us implement your suggestions please email relevant details, such as cookbook title and section name to:
NOTE: We cannot provide technical support via the above alias. For answers to technical questions, please contact your Caldera Support Provider or visit http://www.caldera.com/support for details of support offerings that are available to you.
Thank you.
Copyright © 2002, Caldera International. All Rights Reserved Worldwide. Caldera International assumes no responsibility for the accuracy or completeness of the information in this document. The use of this information or the implementation of any of these techniques is a customer responsibility and depends upon the customer's ability to evaluate and integrate them into the customer's operational environment. Information in this document is subject to change without notice, and does not imply a commitment on the part of Caldera.
Caldera, the Caldera logos, OpenLinux, and Webmin are trademarks or registered trademarks of Caldera International, Inc. in the USA and other countries. Linux is a registered trademark of Linux Torvaldsl Netscape and Netscape Navigator are trademarks or registered trademarks of Netscape Communications Corporation. All other brand and product names are trademarks or registered marks of the respective owners.
Copyright © 2002, Caldera International, Inc. All Rights Reserved Worldwide.
Caldera Legal: http://www.caldera.com/company/legal/