- Atul Chtnis and Nikhil Datta
COLOR="#000000" size="2">Those above-average sys admins
have traditionally sneaked Linux into company networks with a file and print server. And
the software behind this, that allows Linux and most other Unix variants participate
seamlessly and even outperform Windows-based machines on small networks, is called Samba.
size="2">
Samba (from the Server Message Block protocol or SMB) is a suite of
programs that implement the SMB protocol on Linux. The SMB protocol is the foundation of
Windows networking, or as Microsoft now calls it, the Common Internet File System
(CIFS).
The latest version of Samba, 2.0.2, includes many new features to increase compatibility
with NT domains and improve performance. We’ll take a quick look at how to set up
your newly installed Linux server as a File and Print server that can be used by Win 9x
users on LAN.
There are two kinds of server configurations you need to
consider–the server is/isn’t on a network controlled by a Win NT server
acting as primary domain server (PDS). The difference between the two is that a Win NT PDS
needs to be in control of network access, that is, it does the user login validation, not
the Linux server.
If your LAN doesn’t have a Win NT server, you need not worry.
Here are the steps to set up your Linux server as a file and print server on your non-NT
LAN. All of them must be done as the superuser (root).
cd/etc
cp smb.conf smb.conf.backup
- Make a few required directories.
mkdir /home/netlogon
mkdir /home/profiles
mkdir /home/common
mkdir /home/netlogon
mkdir /home/profiles
mkdir /home/common
joe /etc/smb.conf
joe /etc/smb.conf
- Set your workgroup or domain.
Change the setting "workgroup" from "MYGROUP" to whatever name
you’ve assigned to your workgroup or domain. For example, we set it to PCQLABS.
Change the setting "workgroup" from "MYGROUP" to whatever name
you’ve assigned to your workgroup or domain. For example, we set it to
PCQLABS.
Change the setting "server string" from "Samba Server" to whatever
description you want to be broadcast as your server’s description. We set it to
"PCQ Labs Linux Server".
Change the setting "server string" from "Samba Server" to whatever
description you want to be broadcast as your server’s description. We set it to
"PCQ Labs Linux Server".
- Set the server type.
"user".
Make the server the Local Master.
Change the setting "local master" from "no" to "yes".
- Make sure that the machine is in control no matter what.
Enable the setting "OS level = 33" by removing the semicolon at the beginning of
the line.
Enable the setting "domain master = yes" by removing the semicolon from the
beginning of the line.
Enable the setting "domain master = yes" by removing the semicolon from the
beginning of the line.
Enable the setting "preferred master = yes" by removing the semicolon from
the beginning of the line.
Enable the setting "preferred master = yes" by removing the semicolon from
the beginning of the line.
- Enable domain logons.
Enable the setting "domain logons= yes" by removing the semicolon from the
beginning of the line.
Enable the setting "domain logons= yes" by removing the semicolon from the
beginning of the line.
Enable the setting "wins support = yes" by removing the semicolon from the
beginning of the line.
Enable the setting "wins support = yes" by removing the semicolon from the
beginning of the line.
logons).
Remove the semicolons from the following lines:
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
Remove the semicolons from the following lines:
comment = Network Logon Service
path = /home/netlogon
guest ok = yes
writable = no
share modes = no
- Similarly, enable roaming user profiles.
Remove the semicolons from the following lines:
path = /home/profiles
browseable = no
guest ok = yes
- Set up the guest account as "nobody".
- Change the "guest account" setting to
"nobody". - Give users some "scratch" space for temporary files.
Remove the semicolons from the following lines:
comment = Temporary file space
path = /tmp
read only = no
public = yes
Add the following lines to the bottom of the file:
comment = Shared CD ROM Drive
path = /mnt/cdrom
public = yes
only guest = no
writable = no
printable = no
Add the following lines to the bottom of the file:
comment = Common file access area (read only)
path = /home/common
only guest = no
writable = no
printable = no
Add the following lines to the bottom of the file:
comment = Common file access area (read only)
path = /home/common
only guest = no
writable = no
printable = no
If you wish your Samba server to perform domain login
authentication for your Win 95 and 98 clients, you’ll have to enable encrypted
passwords in the configuration file. By default, Win 95 will use plain text passwords, but
Win NT and 98 require encrypted passwords. To enable this, add the line "encrypt
passwords= yes" to the configuration file.
encryption to work. The simplest way to get around this issue (if you don’t have a
Win NT server in your network) is to disable the encrypted passwords option in Windows. To
do this, insert a Windows or DOS formatted floppy disk into the A drive (OK, the /dev/fd0
drive), and run the following command:
encryption to work. The simplest way to get around this issue (if you don’t have a
Win NT server in your network) is to disable the encrypted passwords option in Windows. To
do this, insert a Windows or DOS formatted floppy disk into the A drive (OK, the /dev/fd0
drive), and run the following command:
mcopy /usr/doc/samba-2.0.2/docs/Win95_PlainPassword.reg a:
Now insert this disk in drive A of every Win 9x machine, open the
drive through My Computer and double click on the .reg file. Then reboot the machine, and
Windows will no longer use encrypted passwords by default (though it will use them if a
server requests it).
You will be returned to the shell prompt
You will be returned to the shell prompt
And that’s it. Now all you need to do is restart the SMB
services with the command:
/etc/rc.d/init.d/smb restart
Your server is now ready for business.
The setup outline above is suitable for LANs where you don’t
have a Win NT machine acting as a PDC. If you already have a domain logon by a Win NT
machine, you can set up your Samba server to participate in the network with full
authentication being performed by the PDC. Adding support for this involves a few
additional steps, which we’ll get to in a moment.
Using SWAT COLOR="#000000" size="2">
SWAT is a Web-based, fully graphical
interface to the Samba configuration file. It’s available only on Samba version 2 and
above. Once you have Samba installed, you can access it at
href="http://%3cyourmachinename%3e:901">http://
Once you have SWAT running in front of you, spend some time reading
the various articles that are available from the first (home) page. Pay attention to the
article "Joining an NT Domain with Samba 2.0" appearing at the bottom of the
list. It details the steps you need to take to make your Linux machine and Samba join the
Win NT domain, so that users are validated not by the Linux box but by the Win NT server.
SWAT additionally allows you to perform tasks such as restarting the
Samba daemons remotely each time you modify the configuration file.
SWAT provides two basic views to each set of entries it allows you
to edit: default and advanced. In many cases, you’ll be able to make configuration
changes from within the default view, but a new setup generally requires that you modify
settings in the advanced view. Don’t feel intimidated by the sheer number of options
available in the advanced view. The essential changes that you are required to make to a
default configuration have been outlined above. Once you have made the necessary changes,
click on the "commit changes" button, and restart the smb daemon.
Samba is an extremely complex piece of software, and it will take
you time to learn the intricacies of it. What is described here is no more than a
kick-start to get you going the first time. Extensive documentation is available, on the
Web as well as with your Red Hat 5.2 installation in the /usr/doc directory.