Advertisment

Samba for File and Print

author-image
PCQ Bureau
New Update

Samba is the brainchild of an Australian named Andrew Tridgell. He needed to run an application which required the NetBIOS interface on his DOS PC from a Unix server. It eventually led him to write a program that cloaked the Unix server into appearing as a PC file server and thus Samba was born in early 1991. Samba has evolved into a mighty beast since then and is a major contender in the file and print server game.

Advertisment

Samba mainly consists of two key programs: smbd and nmbd. Their job is to implement the four basic modern-day CIFS services, which are: file and print services; authentication and authorization; name resolution; and service announcement (browsing).

Installing the required packages



If Samba is not installed, mount the PCQ Linux CD


/mnt/cdrom/RedHat/RPMS/


and


# rpm -ivh samba*.rpm


Configuring Samba

Advertisment

The file /etc/samba/smb.conf contains the config parameters which are used by the Samba service. This file can either be edited directly using your favorite editor (vim/pico/joe) or by using a browser-based administration tool such as SWAT (Samba Web Administration Tool). We shall configure it as a domain controller.

If you have an existing network with at least one NT 4 server, please read the documentation on how you can add the Samba server to that domain. It does not support logon requests from Windows 2000 workstations.

Before this, we need to do create the directories that will be shared.



# mkdir /home/netlogon


# mkdir /home/profiles


Now we, need to change permissions for the profiles directory.


# chmod 1755 /home/profiles


Advertisment

Using SWAT

To make sure Samba and SWAT are started on boot-up, run the command ntsysv and check the boxes marked smb and swat. Now instead of rebooting for the changes to take effect run the commands ‘service smb start’ and ‘service xinetd restart’ at the prompt.

Once this is done, open up a browser, point it to http://localhost:901/ and login as root.

Advertisment

The first page has links to most of the Samba documentation. For the time being, we are interested in the other pages, but please ensure you read the documentation for fine tuning your Samba server. With it you can easily configure Samba to fit into a variety of Windows environments.

The Globals page contains options that are common to all. Below is an extract from the smb.conf file. These entries are only the ones that need to be modified to enable what we need to achieve. They are not in any particular order and can be made directly by removing the ‘#’ marks and replacing the variables. It can also be done through SWAT by modifying the variables in the respective fields. After changes are made in a page, the changes should be saved by clicking the ‘Commit changes’ button. To get some of these options in SWAT, you’ll need to press the ‘Advanced View’ button.

//Section heading so that Samba knows that whatever

Advertisment

options come beneath it are global options



workgroup = PCQLINUX //This is the workgroup/domain of the server


netbios name = FPS //The machine name of the server


server string = Samba Domain Server //The description of the server


interface = 192.168.1.0 //The interface on which to listen on


encrypt passwords = Yes //Required to enable Windows 95B/98/ME/NT 4 workstation logons


os level = 65 //Settings for browse master elections


preferred master = Yes //Setting it as the master server


domain master = Yes //Setting it as a domain controller


wins support = Yes //WINS server


printing = lprng


logon script = startup.bat //The name of the logon script


logon drive = Y:










By clicking the Shares icon, the Share Parameters page pops up. By default, the homes share is already created by Samba. From the drop-down list box, choose homes and click the ‘Choose Share’ button to bring up the details on that share. These values should checked to the corresponding section in smb.conf.

//The Name of the share



comment = Home Directories //A simple description


writeable = Yes //The share can be written into


browseable = No //The share cannot be browsed

Advertisment

To create a new share, enter a name for the share in the text box and click the Create share button. For example, type in netlogon in the text box and click Create share. Then, change options in the fields below to match the corresponding

smb.conf section






comment = Network Logon Share


path = /home/netlogon //The full path to where the share is located


guest ok = Yes


writeable = No //We don’t want people writing into this share



All scripts that have to be executed when a user logs in should be placed in this directory and should be read-only to normal users, for example, the startup.bat script mentioned in the section.

Advertisment

Similarly create the Profiles share for storing roaming profiles.






path = /home/profiles


browseable = No


guest ok = Yes


Sharing a CD-ROM on the server can also be done by creating a cdrom share.







comment = Shared CD ROM Drive


path = /mnt/cdrom


writeable = No


root prexec = mount /mnt/cdrom


root postexec = umount /mnt/cdrom\



Setting up the Linux printing daemon

Set up the Linux print services by running the printconf-gui command. Select your printer model and the driver. In the Queue Name field put in “lp”. Click the Apply button to save the changes and restart the printing daemon.



If this has been done right, you can choose the printer from the list-box on the Printers page in SWAT. No changes are required here. Just commit the changes to get this output.

//the name that you have specified to your printer while running printconf



path = /var/spool/samba


writeable = Yes


guest ok = Yes


printable = Yes


printer = lp


oplocks = No


share modes = No





Now you can print from a Windows client using a printer connected to your Samba server.

By default, the values that are shown by SWAT are the basic values. Clicking on the Advanced View will give you a lot more options than you’d care for. Once all the necessary changes have been made, you can view the smb.conf file by clicking on the View button. If you’ve edited smb.conf directly instead of from the command prompt, make sure you run the ‘testparm’ command to check the config file for errors.

For these changes to take effect, click on the Status button and then click on ‘restart smbd’ and ‘restart nmbd’ buttons. Or you can issue the command:



# service smb restart

Enabling domain logons

One point to remember is that you need to have Unix user accounts for every Samba user. So, first you have to add a Unix user by issuing the command ‘adduser’. Now you can add users by issuing the command ‘smbadduser’. You can change passwords by issuing the command ‘smbpasswd’ or users can change these themselves from the Passwords applet in the Control Panel of the Windows client. Alternatively, the command ‘smbpasswd —a’ can be used to add a Samba user account and change the password in one go.

Windows NT 4 workstations and member servers

To enable Windows NT 4 workstation or member server logons, we need to first create a Unix account and then a Samba machine account. For security reasons, it’s advisable to create a separate Unix group account for NT 4 workstations and restrict each machine account from having any shell or directory privileges. A machine account is created by appending a ‘$’ to the end of the workstation’s name. Let’s enable domain logon for an NT workstation called NTWS1.

First make a Unix group for all NT 4 machine accounts called ‘ntmachines’.



# groupadd ntmachines


Now create the ntws1 Unix user account as a member of the ntws.


# useradd -d /dev/null -s /bin/false -g ntmachines NTWS1$


To create the Samba account:


# smbpasswd -a NTWS1$


When prompted for a password, just press Enter.




Do not change passwords by running ‘smbpasswd’ for machine accounts.



Now, all that needs to be done is configuring your Windows clients to login to the newly created domain. The next article deals with that.

Sony Philip is a technology research consultant with Exocore Consulting

Advertisment