|
Install the 'samba' package, either via the Software
Manager or as 'root' with
urpmi samba
If you prefer a browser based graphical configuration
tool over a text editor, also install the 'samba-swat' package. To use this
tool, point your browser to the address http://localhost:901.
If you are using MS Windows 9x to connect to Linux ,
make sure there's at least one user
profile set and that 'Client for Microsoft Networks' is set as the 'Primary
Network Logon' in 'Settings - Control Panel - Network'.
Notice that older versions of Mandrake Linux did not
feature a separate sub directory for Samba configuration file in '/etc'.
Changes to Samba's configuration file usually require
restarting the Samba Server to take effect.
 section index  top
Samba has two authentication models which do not rely
on a third server, 'share' and 'user'. On 'share' level security, requests
are authenticated per share, on 'user' level, the default, the request is
authenticated before listing the shares.
While this seems to be a minor detail, it is worth considering
which level you want. The 'share' level makes it easier to set up public
shares on the Linux server, whereas the 'user' level provides a bit more
comfort and security for authenticated logins.
In the first incarnation of this article back in '99,
I described the setup using the 'share' level. In it's second incarnation
in '01, I switched to 'user'. Each attempt left some people unsatisfied.
So this time, I'm going to describe both, and you can choose which
one you want to implement ;-).
section index top
Either use SWAT or open '/etc/samba/smb.conf' in a text
editor as 'root'. Change the workgroup default value to the
one you are using on your network. Change security = user to
security = share. Search for the [tmp]
section and remove the semicolons in front of these lines:
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
Save and start the Samba server as 'root' with
service smb start
This allows all clients ('public = yes') in your workgroup
to access the '/tmp' directory on your Linux machine and to put files there
('read-only = no').
Accessing Home Directories
Example: Your account name on the Linux machine is 'jim',
your profile name on the Windows machine is 'Jim Smith'. You want to use
your 'Jim Smith' profile to access your 'jim' home directory.
- Open '/etc/samba/smb.conf' in an editor as 'root'.
- Remove the semicolon in front of the line
username
map = /etc/samba/smbusers
- Open '/etc/samba/smbusers' as 'root' in an editor.
Add the line jim = "Jim Smith"
- As 'root', run the command smbpasswd -a jim using
jim's account password as the new Samba password.
- Restart Samba as 'root' with service samba restart
- Go to your Windows machine and hit the 'reload' button
in the 'Network Neighbor'. A new folder ('jim') will appear. Double click
on it, provide the password (not the password of the profile on
the Windows machine, but the password of the 'jim' account on the Linux machine!),
et voila, jim's home directory.
Explanation: In '/etc/samba/smb.conf', you'll find this
entry:
[homes]
comment = Home Directories
browseable = no
writable = yes
This opens all valid home directories on the Linux machine
for read / write access. In order to access a home directory, the user profile
name from the Windows machine has to match the Linux account name the home
directory belongs to. Otherwise the share isn't even displayed ('browseable
= no').
In order to map a Windows user profile name to a Unix account name, the file
'/etc/samba/smbusers' is used. Notice that you can map an arbitrary number
of profile names against a Unix account name. If the profile name contains
empty spaces, it has to be enclosed in quotes.
Alternatively you can create a user profile on the Windows machine with
a user name which matches the Unix account name ('jim' in the given example).
Then no mapping on the Linux machine has to be performed.
SMB and the Unix user account system both use one-way
encrypted authentication. Since there is no way to decrypt one of these systems
and thus compare hashes, Samba needs its own password file, '/etc/samba/smbpasswd'.
Notice that accounts added to that file via the 'smbpasswd' commandhave
to be valid accounts on the Linux system. The passwords do not have to match,
though, that is you can set a Samba password different from that account's
password on the Unix machine. Using the '-n' option to 'smbpasswd', you can
also 'create' passwordless accounts, but then you have to add null
passwords = yes to 'smb.conf' in order to allow clients to access
shares under these accounts.
Changes to the '/etc/samba/smbpasswd' file require restarting the Samba server
to take effect.
section index top
Open '/etc/samba/smb.conf' as 'root' in the editor of
your choice:
-
Set the 'workgroup' value to the workgroup your
MS Windows machines are members of.
-
Below that option add this line:
map to guest = Bad User
- Scroll down to ; guest account = pcguest Remove the
semicolon and replace 'pcguest' with 'ftp'
-
Scroll down to [tmp] and remove the
semicolons from these lines:
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
The first step makes the Samba server a member of the
Windows workgroup. The last opens the '/tmp' directory ('path = /tmp') for
read / write access ('read only = no') to every member ('public = yes') of
the workgroup. The second and third step need some more elaborate explaining.
In 'user' level security mode, 'Samba' relies on '/etc/samba/smbpasswd'
to decide if a connection request is granted or not. That is, authentication
is performed before the available shares are listed. In 'share'
level security, shares appear on the browse list without authentication (unless
browseable = no is set).
If you try to connect (e.g. by clicking on the machine
name in the 'Network Neighborhood' window) from a Windows machine with a
user profile name / password combination not listed in '/etc/samba/smbpasswd',
you will be presented with the dreaded 'IPC$' share
password window. This window is bogus, you can't provide a matching password.
In order to allow non-authenticated connections from
the workgroup, Samba has to be configured to treat requests with 'invalid'
SMB account names as 'guest' logins and to map that 'guest' login
to an existing system account. That's what you are doing in steps two and
three.
Now start (or restart) the Samba server with
service smb start
Open the 'Network Neighborhood' on a Windows machine
and display the workgroup. Your Linux Samba server should now appear along
the other machines. Double click on it and the 'tmp' share should be displayed.
Congratulations! ;-).
Accessing Home Directories
Example: Your account name on the Linux machine is 'jim',
your profile name on the Windows machine is 'Jim Smith'. You want to use
your 'Jim Smith' profile to access your 'jim' home directory.
- Open '/etc/samba/smb.conf' in an editor as 'root'.
- Remove the semicolon in front of the line
username
map = /etc/samba/smbusers
- Open '/etc/samba/smbusers' as 'root' in an editor.
Add the line jim = "Jim Smith"
- As 'root', run the command smbpasswd -a jim using
the password for the 'Jim Smith' Windows user profile as the new Samba password.
- Restart Samba as 'root' with service samba restart
- Hit the 'reload' button in the 'Network Neighbor'.
A new folder ('jim') will appear. Double click on it, et voila, jim's home
directory.
Notice that in contrast to 'share' level security, you
will not receive a password request upon entering the home directory. This
is because you have already been authenticated earlier.
section index top
 Additional configuration,
non-Windows clients, resources
|
