Revision / Modified: June 05, 2002
Author: Tom Berger
Original documents:
http://www.mandrakeuser.org/docs/connect/csamba.html
http://www.mandrakeuser.org/docs/connect/csamba2.html
http://www.mandrakeuser.org/docs/connect/csamba3.html
The SMB (Server Message Block) protocol is Microsoft's proprietary network
resource sharing protocol, just like AppleTalk for Macs or SUN's NFS for UNIX machines.
SAMBA is a reverse engineered implementation of that protocol: basically those
guys are looking at what SMB does and write code which emulates the observed
behavior.
More background information on Samba can be found in Christopher R. Hertel's
Understanding the
Network Neighborhood Linux Magazine feature .
Basically, SAMBA allows you to
This article will discuss each of these capabilities in this order.
I assume that your local network is up and running, i.e. you can ping any other machine on the network. If not, have a look at the article about Building A Small Mixed Network. It doesn't matter if you are using 'hosts' files or DHCP to assign dynamic IPs.
I will not elaborate on how to configure the MS Windows machines for SMB.
If you need help with this topic, check out these illustrated guides for MS Windows 98 or
MS Windows
XP.
How to configure remote printers via SMB is explained in the article on CUPS.
Install the 'samba-client' package via the Software Manager or from a command line as 'root' with
urpmi samba-client
For demonstration purposes I assume that the SMB machine name of the MS Windows system is 'win' and that there's a shared directory on that system with the name 'export'.
In order to access the shared directory 'export' on the machine 'win', you type
smb://win/export
into the location bar and press the 'Enter' key. If the share is password protected, you will be prompted for the password. After some seconds, the directory should appear.
Although this method is very comfortable when you are using Konqueror as your file manager, it currently has several - rather annoying - disadvantages:
Possibly the most flexible and easy way to access a Windows share is via one of these applications. Both come with the 3 CD set of Mandrake Linux 8.2 and once installed can be started via 'Networking - Other'.
Komba2 detects and displays available shares on startup, . If your share is password protected, you have to click the 'lock' icon first and enter your SMB user name and password for that share. If you don't do that, mounting the share will fail with a generic error message.
Mark the share you want to mount and click on the 'mount' icon. By default, Komba will mount shares to '~/komba/MACHINE/SHARE', in our example '~/komba/WIN/EXPORT'. It will also start up the Konqueror file manager in that directory. Both options and more can be configured.
To unmount the share (highly recommended since Linux sometimes doesn't take kindly to 'dead' Samba shares on shutdown), close the Konqueror window first and then click the 'unmount' button.
LinNeighboorhood works in a similar fashion. After first startup configure the 'workgroup' setting in the 'Preferences' window. Now right-click the entry for your machine in the window below and choose 'rescan group'. This might take a while, especially if there's a Windows XP machine in the workgroup (dunno why, maybe local problem).
Once you've reached a share, double-click it and a mount preferences window will appear where you can configure - if you want - some nifty options. By default, the share will be mounted under '~/mnt/MACHINE/share', in our example '~/mnt/WIN/export'.
Which one to choose? Well, 'Komba2' is faster, whereas 'LinNeighboorhood' offers more options. 'Komba2' uses Qt, the KDE widget set, whereas 'LinNeighboorhood' uses 'GTK' which makes for a more uniform look in GNOME. Try for yourself ;-)
This is the 'old-fashioned' way of configuring static mount points. If you configure shares this way, you can mount them during boot, or even use something fancy like autofs to mount and unmount those shares automatically.
Open the Mandrake Control Center and choose 'Mount Points - Samba Mount
Points'. Wait, scanning can take quite a while. If no machines appear, click
on the 'Search Servers' tab in the upper left corner. Once the machines
appear, double click their entries to display their shares.
For some reason (local problem?) MCC won't display shares on a Windows XP
machine here, but maybe you are more lucky.
Mark the share and click 'Mount point'. Specify a mount directory (if it doesn't exist, it will be created). Next click on 'Options' and on 'Advanced'.
The 'user' option might be useful when you want normal users to be able to
mount the share. 'noauto' is useful when the share usually isn't available on
boot time.
You can specify your SMB user name and share password in the 'advanced'
options. It should be obvious that this might be a security risk, since both
will appear in clear text in '/etc/fstab'. But if you're sure no one except
you has access to that file or you just don't care, go ahead.
When finished, press 'OK' and 'Done'. The new entry will be written to '/etc/fstab' and you can mount that file system like every other local file system.
An 'fstab' entry for an SMB share for the shared directory 'export' on our 'win' example machine would look like this:
//win/EXPORT /mnt/vmsmb smbfs user,noauto 0 0
The scheme is:
//SMB_server/share local_mount_dir smbfs
options 0 0
You see, it's not that different from entries for local mounts. 'smbfs' is the file system of the SMB protocol. This overlay file system allows you to write to file systems which have no write support in Linux, like NTFS.
Install the 'samba' package, either via the Software Manager or as 'root' with
urpmi samba
If you prefer a browser based graphical configuration tool over a text editor, also install the 'samba-swat' package. To use this tool, point your browser to the address http://localhost:901.
If you are using MS Windows 9x to connect to Linux , make sure there's at least one user profile set and that 'Client for Microsoft Networks' is set as the 'Primary Network Logon' in 'Settings - Control Panel - Network'.
Notice that older versions of Mandrake Linux did not feature a separate sub directory for Samba configuration file in '/etc'.
Changes to Samba's configuration file usually require restarting the Samba Server to take effect.
Samba has two authentication models which do not rely on a third server, 'share' and 'user'. On 'share' level security, requests are authenticated per share, on 'user' level, the default, the request is authenticated before listing the shares.
While this seems to be a minor detail, it is worth considering which level you want. The 'share' level makes it easier to set up public shares on the Linux server, whereas the 'user' level provides a bit more comfort and security for authenticated logins.
In the first incarnation of this article back in '99, I described the setup using the 'share' level. In it's second incarnation in '01, I switched to 'user'. Each attempt left some people unsatisfied. So this time, I'm going to describe both, and you can choose which one you want to implement ;-).
Either use SWAT or open '/etc/samba/smb.conf' in a text editor as 'root'.
Change the workgroup
default value to the one you are using on
your network. Change security = user
to security =
share
. Search for the [tmp]
section and remove the
semicolons in front of these lines:
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
Save and start the Samba server as 'root' with
service smb start
This allows all clients ('public = yes') in your workgroup to access the '/tmp' directory on your Linux machine and to put files there ('read-only = no').
Example: Your account name on the Linux machine is 'jim', your profile name on the Windows machine is 'Jim Smith'. You want to use your 'Jim Smith' profile to access your 'jim' home directory.
username map =
/etc/samba/smbusers
Explanation: In '/etc/samba/smb.conf', you'll find this entry:
[homes]
comment = Home Directories
browseable = no
writable = yes
This opens all valid home directories on the Linux machine for read / write
access. In order to access a home directory, the user profile name from the
Windows machine has to match the Linux account name the home directory belongs
to. Otherwise the share isn't even displayed ('browseable = no').
In order to map a Windows user profile name to a Unix account name, the file
'/etc/samba/smbusers' is used. Notice that you can map an arbitrary number of
profile names against a Unix account name. If the profile name contains empty
spaces, it has to be enclosed in quotes.
Alternatively you can create a user profile on the Windows machine with a
user name which matches the Unix account name ('jim' in the given example).
Then no mapping on the Linux machine has to be performed.
SMB and the Unix user account system both use one-way encrypted
authentication. Since there is no way to decrypt one of these systems and thus
compare hashes, Samba needs its own password file,
'/etc/samba/smbpasswd'.
Notice that accounts added to that file via the 'smbpasswd' command
have to be valid accounts on the Linux system. The passwords do not
have to match, though, that is you can set a Samba password different from
that account's password on the Unix machine. Using the '-n' option to
'smbpasswd', you can also 'create' passwordless accounts, but then you have to
add null passwords = yes
to 'smb.conf' in order to allow clients
to access shares under these accounts.
Changes to the '/etc/samba/smbpasswd' file require restarting the Samba
server to take effect.
Open '/etc/samba/smb.conf' as 'root' in the editor of your choice:
Set the 'workgroup' value to the workgroup your MS Windows machines are members of.
Below that option add this line:
map to guest = Bad User
Scroll down to [tmp]
and remove the semicolons from these
lines:
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
The first step makes the Samba server a member of the Windows workgroup. The last opens the '/tmp' directory ('path = /tmp') for read / write access ('read only = no') to every member ('public = yes') of the workgroup. The second and third step need some more elaborate explaining.
In 'user' level security mode, 'Samba' relies on '/etc/samba/smbpasswd' to
decide if a connection request is granted or not. That is,
authentication is performed before the available shares are listed.
In 'share' level security, shares appear on the browse list without
authentication (unless browseable = no
is set).
If you try to connect (e.g. by clicking on the machine name in the 'Network Neighborhood' window) from a Windows machine with a user profile name / password combination not listed in '/etc/samba/smbpasswd', you will be presented with the dreaded 'IPC$' share password window. This window is bogus, you can't provide a matching password.
In order to allow non-authenticated connections from the workgroup, Samba has to be configured to treat requests with 'invalid' SMB account names as 'guest' logins and to map that 'guest' login to an existing system account. That's what you are doing in steps two and three.
Now start (or restart) the Samba server with
service smb start
Open the 'Network Neighborhood' on a Windows machine and display the workgroup. Your Linux Samba server should now appear along the other machines. Double click on it and the 'tmp' share should be displayed. Congratulations! ;-).
Example: Your account name on the Linux machine is 'jim', your profile name on the Windows machine is 'Jim Smith'. You want to use your 'Jim Smith' profile to access your 'jim' home directory.
username map =
/etc/samba/smbusers
Notice that in contrast to 'share' level security, you will not receive a password request upon entering the home directory. This is because you have already been authenticated earlier.
man smb.conf lists several dozens of available options. I've picked out a few which might be interesting even for the casual Samba user.
Samba allows you to configure code pages in order to display non-English
characters correctly. The options are client code page
and
character set
. You'll find a commented example in 'smb.conf',
just above the share definitions.
The options hosts allow =
and hosts deny =
allow
you to specify machines or networks which are allowed (or denied) to access
the server. By default, all machines and networks are allowed to connect. This
option can be set by share.
By default, the Samba server uses the machine's DNS hostname as the NetBIOS
name (i.e. the machine name which appears on the browse list). If you prefer
another name, set the option netbios name =
. You can specify
aliases for that name with the netbios aliases =
option.
The option hosts equiv =
allows you to specify a file (usually
called '/etc/hosts.equiv') which contains the profile and NetBIOS names of
users allowed to use all services without having to provide a password. Quote
'man smb.conf':
I recommend that the hosts equiv option be only used if you really know what you are doing, or perhaps on a home network where you trust your spouse and kids. And only if you really trust them :-).
See man hosts.equiv for the structure of the 'hosts.equiv' file.
By default no limit on the number of connections to the Samba server is
set. You can change this with the max connections =
option.
MS Windows 9x comes with 'WinPopUp', a small tool to send and receive
messages over the local network of SMB machines. You can take part in the fun,
just remove the semicolon in front of the message command =
option in 'smb.conf' and install 'LinPopUp' (included in Mandrake Linux 8.2).
Start 'WinPopUp' on the Windows machine and 'LinPopUp' on the Linux machine
and start messaging.
'WinPopUp' is a rather basic utility and not part of the NT/2k/XP line of Ms Windows. You might want to consider going for a more powerful equivalent like the freeware RealPopup.
If the option time server = yes
is set, the Samba server will
act as a time server to MS Windows clients.
Using the valid users =
option in a share definition, you can
decide which users might access this share.
Once the basic setup for anonymous logins works, you can share directories you own on your Mandrake Linux 8.2 system by right-clicking on them in KDE's Konqueror or GNOME's Nautilus. First, you have to enable this feature via 'Properties - Share - Configure File Sharing'. Once you have enabled it, you can share directories via the new 'Share' field at the bottom of the directory's context menu.
By default, these directories are set 'read only'. In order to change this,
open 'smb.conf' as 'root' in an editor, scroll down to the entry of the share
and set writable
to 'yes'. Restart Samba.
Make sure shared directories have the proper permissions (world readable for read only, world writable for read / write). You can adjust those permissions from the context menus in Konqueror or Nautilus.
A Linux system running a Samba server can be accessed by about every other system which understands the SMB protocol. Samba runs on every Unix operating system, including Mac OS X, and ports exist for a variety of non-Unix operating systems like OS/2 or even AmigaOS.
Linux clients can employ the methods introduced on the first page. Mac OS X
clients can either use the
Finder or - preferably, since much more convenient - the freeware SMB Browse which works very much
like its Linux equivalents.
Non-Windows clients actually enjoy an added bonus, since they can choose their
login name upon connect.
Of course, this basic setup is just a start. Read the next two pages kindly provided by Mandrake Linux user Buchan Milne which introduce you to advanced topics like using Winbind or running the Samba server as a Primary Domain Controller.
If you run into trouble along the way, there's a very nice document on Troubleshooting
Techniques (PDF) for Samba. This document introduces all the tools needed
to diagnose Samba problems and ways to solve these problems.
Be aware that there's a somewhat confusing line on page 7:
Both POGO and WIN-CLIENT should be using a network mask of 255.255.255.0 and a broadcast address of 192.168.255.The broadcast address actually should be 192.168.1.255. I guess that's a typo since the author later on refers to the correct address.
More information can be gathered by installing the 'samba-doc' package. This package includes a complete book on Samba ('Using Samba' by Eckstein, Collier-Brown, Kelly) as well as FAQs, HOWTOs, HTML versions of the manual pages and documents on special features.
If you prefer dead tree manuals, check out the Samba books page.