Samba - UDSM ICT Services - University of Dar es salaam

advertisement
Samba
Advanced System Administration Course
James Lwali
University computing Centre Ltd,
University of Dar es salaam,
E-mail: jamesjm@udsm.ac.tz
Website: www.ucc.co.tz
Samba

Samba is a suite of utilities that allows your Linux box to share
files and other resources, such as printers, with Windows boxes.

Either configuration will allow everyone at home to have:

their own logins on all the home windows boxes while having
their files on the Linux box appear to be located on a new
Windows drive

shared access to printers on the Linux box

shared files accessible only to members of their Linux user
group.

A PDC stores the login information in a central database on its
hard drive. This allows each user to have a universal username
and password when logging in from all PCs on the network.

In a Windows Workgroup, each PC stores the usernames and
passwords locally so that they are unique for each PC.
Download and Install Packages





Most RedHat and Fedora Linux software
products are available in the RPM format.
Samba is comprised of a suite of RPMs that
come on the Fedora CDs. The files are
named:
samba
samba-common
samba-client
samba-swat
How to Get Samba Started

You can configure Samba to start at boot
time using the chkconfig command:
[root@test tmp]# chkconfig smb on

You can start/stop/restart Samba after boot
time using the smb initialization script as in
the examples below:

[root@test tmp]# service smb start

[root@test tmp]# service smb stop

[root@test tmp]# service smb restart
The Samba Configuration File

The /etc/samba/smb.conf file is the main configuration file
you'll need to edit. It is split into five major sections,
 [global] - General Samba configuration parameters
 [printers] - Used for configuring printers
 [homes] - Defines treatment of user logins
 [netlogon] - A share for storing logon scripts.
(Not created by default.)
 [profile] - A share for storing domain logon information such as
"favorites" and desktop icons.
(Not created by default.)
You can edit this file by hand, or more simply through
Samba's SWAT web interface.
NOTE: Make sure you copy the original configuration file
before editing it!
The [Global] Section

The [global] section governs the general Samba
settings.
domain logons
Yes
Tells Samba to become the PDC
preferred master
Yes
Makes the PDC act as the central store for the names of all windows clients,
servers and printers on the network. Very helpful when you need to "browse"
your local network for resources. Also known as a local master browser.
Yes
Tells Samba to become the master browser across multiple networks all over
the domain. The local master browsers register themselves with the domain
domain master
master to learn about resources on other networks.
os level
Yes
Sets the priority the Samba server should use when negotiating to become the
PDC with other Windows servers. A value of 65 will usually make the Samba
server win.
wins support
Yes
Allows the Samba server to provide name services for the network. In other
words keeps track of the IP addresses of all the domain's servers and clients.
Cont..
time server
Yes
Lets the samba server provide time updates for the domain's clients.
workgroup
"homenet"
The name of the Windows domain we'll create. The name you select is
your choice. I've decided to use "homenet".
security
user
Make domain logins query the Samba password database located on
the samba server itself.
[global]
workgroup = TEST
time server = Yes
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
The [homes] Section

The [homes] section governs how Samba handles default login
directories.
browseable
No
Doesn't allow others to browse the contents of the directory
read only
No
Allows the samba user to also write to their Samba Linux directory
create mask
0664
Makes new files created by the user to have "644" permissions. You want
to change this to "0600" so that only the login user has access to files.
directory mask
0775
Makes new sub-directories created by the user to have "775" permissions.
You want to change this to "0700" so that only the login user has access to
directories.
[homes]
read only = No
browseable = No
create mask = 0644
directory mask = 0755
The [netlogon] and [profiles] Share
Sections

The [netlogon] share section contains scripts that the windows
clients may use when they log into the domain.

The [profiles] share section stores things such as favorites and
desktop icons.

Your smb.conf file should look like this when you're finished:
[netlogon]
path = /home/samba/netlogon
guest ok = Yes
[profiles]
path = /home/samba/profiles
read only = No
create mask = 0600
directory mask = 0700
Cont…

Remember to create these share directories
from the command line afterwards.
[root@test tmp]# mkdir -p /home/samba/netlogon
[root@test tmp]# mkdir -p /home/samba/profile
[root@test tmp]# chmod -R 0755 /home/samba
The [printers] Share Section

Samba has special shares just for printers,
and these are configured in the [printers]
section.
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
How To Create A Samba PDC
Administrator User

By default, the root user is the Samba administrator,
Fortunately, you can add workstations to the
Windows domain by creating a Samba specific root
password. This is done using the smbpasswd
command.
[root@test tmp]# /usr/bin/smbpasswd -a root password
Note: Samba domain logins use the smbpasswd password. Samba passwords are stored in
the /etc/samba/smbpasswd file.
Adding The Users In Linux
 To create the user, use
[root@test tmp]# useradd -g 100 peter

the command:
Giving them a Linux password is only necessary if
the user needs to log into the Samba server directly.
If the user does, use this method:
[root@test tmp]# passwd peter
Changing password for user peter.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@test tmp]#
Creating Group Shares in SAMBA
1. Create a new Linux group managers:
[root@test tmp]# /usr/sbin/groupadd managers
2. Create a new directory for the group's files. If one
user is designated as the leader, you might want to
change the chown statement to make them owner
[root@test tmp]# mkdir /home/managers-files
[root@test tmp]# chgrp parents /home/managers-files
[root@test tmp]# chmod 0770 /home/managers-files
Cont…
3. Add the group members to the new group. For
instance, the command to add a user named jimmy
to the group is:
[root@test tmp]# /usr/sbin/usermod -G managers jimmy
All your members are in the group; now they
need to share.
Mapping The Linux Users To An
smbpassword

Next, you need to create Samba domain login passwords for the
user
[root@test tmp]# /usr/bin/smbpasswd -a username password
The -a switch adds the user to the /etc/smbpasswd file. Use a
generic password then have users change it immediately from
their workstations in the usual way.

Remember the smbpasswd sets the Windows Domain login
password for a user, which is different from the Linux login
password to log into the Samba box.
How To Delete Users From Your Samba
Domain
Deleting users from your Samba domain is a two stage process
in which you have to remove the user from the Linux server and
also remove the user's corresponding smbpasswd entry. Here's
how:
1. Delete the users using the smbpasswd with the -x switch

[root@test tmp]# smbpasswd -x john
Deleted user john.
[root@test root]#
2. Delete The Linux User by following the normal deletion process.
For example, to delete the user john and all john's files from the
Linux server use:
[root@test tmp]# userdel -r john
Cont…
Sometimes you may not want to delete the user's files so that they can be
accessed by other users at some other time. In this case you can just
deactivate the user's account using the passwd -l username command.
EnD
Download