Samba Advanced System Administration Course James Lwali University computing Centre Ltd, University of Dar es salaam, E-mail: jamesjm@udsm.ac.tz Website: www.ucc.co.tz Samba Samba is a suite of utilities that allows your Linux box to share files and other resources, such as printers, with Windows boxes. Either configuration will allow everyone at home to have: their own logins on all the home windows boxes while having their files on the Linux box appear to be located on a new Windows drive shared access to printers on the Linux box shared files accessible only to members of their Linux user group. A PDC stores the login information in a central database on its hard drive. This allows each user to have a universal username and password when logging in from all PCs on the network. In a Windows Workgroup, each PC stores the usernames and passwords locally so that they are unique for each PC. Download and Install Packages Most RedHat and Fedora Linux software products are available in the RPM format. Samba is comprised of a suite of RPMs that come on the Fedora CDs. The files are named: samba samba-common samba-client samba-swat How to Get Samba Started You can configure Samba to start at boot time using the chkconfig command: [root@test tmp]# chkconfig smb on You can start/stop/restart Samba after boot time using the smb initialization script as in the examples below: [root@test tmp]# service smb start [root@test tmp]# service smb stop [root@test tmp]# service smb restart The Samba Configuration File The /etc/samba/smb.conf file is the main configuration file you'll need to edit. It is split into five major sections, [global] - General Samba configuration parameters [printers] - Used for configuring printers [homes] - Defines treatment of user logins [netlogon] - A share for storing logon scripts. (Not created by default.) [profile] - A share for storing domain logon information such as "favorites" and desktop icons. (Not created by default.) You can edit this file by hand, or more simply through Samba's SWAT web interface. NOTE: Make sure you copy the original configuration file before editing it! The [Global] Section The [global] section governs the general Samba settings. domain logons Yes Tells Samba to become the PDC preferred master Yes Makes the PDC act as the central store for the names of all windows clients, servers and printers on the network. Very helpful when you need to "browse" your local network for resources. Also known as a local master browser. Yes Tells Samba to become the master browser across multiple networks all over the domain. The local master browsers register themselves with the domain domain master master to learn about resources on other networks. os level Yes Sets the priority the Samba server should use when negotiating to become the PDC with other Windows servers. A value of 65 will usually make the Samba server win. wins support Yes Allows the Samba server to provide name services for the network. In other words keeps track of the IP addresses of all the domain's servers and clients. Cont.. time server Yes Lets the samba server provide time updates for the domain's clients. workgroup "homenet" The name of the Windows domain we'll create. The name you select is your choice. I've decided to use "homenet". security user Make domain logins query the Samba password database located on the samba server itself. [global] workgroup = TEST time server = Yes domain logons = Yes os level = 65 preferred master = Yes domain master = Yes The [homes] Section The [homes] section governs how Samba handles default login directories. browseable No Doesn't allow others to browse the contents of the directory read only No Allows the samba user to also write to their Samba Linux directory create mask 0664 Makes new files created by the user to have "644" permissions. You want to change this to "0600" so that only the login user has access to files. directory mask 0775 Makes new sub-directories created by the user to have "775" permissions. You want to change this to "0700" so that only the login user has access to directories. [homes] read only = No browseable = No create mask = 0644 directory mask = 0755 The [netlogon] and [profiles] Share Sections The [netlogon] share section contains scripts that the windows clients may use when they log into the domain. The [profiles] share section stores things such as favorites and desktop icons. Your smb.conf file should look like this when you're finished: [netlogon] path = /home/samba/netlogon guest ok = Yes [profiles] path = /home/samba/profiles read only = No create mask = 0600 directory mask = 0700 Cont… Remember to create these share directories from the command line afterwards. [root@test tmp]# mkdir -p /home/samba/netlogon [root@test tmp]# mkdir -p /home/samba/profile [root@test tmp]# chmod -R 0755 /home/samba The [printers] Share Section Samba has special shares just for printers, and these are configured in the [printers] section. [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No How To Create A Samba PDC Administrator User By default, the root user is the Samba administrator, Fortunately, you can add workstations to the Windows domain by creating a Samba specific root password. This is done using the smbpasswd command. [root@test tmp]# /usr/bin/smbpasswd -a root password Note: Samba domain logins use the smbpasswd password. Samba passwords are stored in the /etc/samba/smbpasswd file. Adding The Users In Linux To create the user, use [root@test tmp]# useradd -g 100 peter the command: Giving them a Linux password is only necessary if the user needs to log into the Samba server directly. If the user does, use this method: [root@test tmp]# passwd peter Changing password for user peter. New password: Retype new password: passwd: all authentication tokens updated successfully. [root@test tmp]# Creating Group Shares in SAMBA 1. Create a new Linux group managers: [root@test tmp]# /usr/sbin/groupadd managers 2. Create a new directory for the group's files. If one user is designated as the leader, you might want to change the chown statement to make them owner [root@test tmp]# mkdir /home/managers-files [root@test tmp]# chgrp parents /home/managers-files [root@test tmp]# chmod 0770 /home/managers-files Cont… 3. Add the group members to the new group. For instance, the command to add a user named jimmy to the group is: [root@test tmp]# /usr/sbin/usermod -G managers jimmy All your members are in the group; now they need to share. Mapping The Linux Users To An smbpassword Next, you need to create Samba domain login passwords for the user [root@test tmp]# /usr/bin/smbpasswd -a username password The -a switch adds the user to the /etc/smbpasswd file. Use a generic password then have users change it immediately from their workstations in the usual way. Remember the smbpasswd sets the Windows Domain login password for a user, which is different from the Linux login password to log into the Samba box. How To Delete Users From Your Samba Domain Deleting users from your Samba domain is a two stage process in which you have to remove the user from the Linux server and also remove the user's corresponding smbpasswd entry. Here's how: 1. Delete the users using the smbpasswd with the -x switch [root@test tmp]# smbpasswd -x john Deleted user john. [root@test root]# 2. Delete The Linux User by following the normal deletion process. For example, to delete the user john and all john's files from the Linux server use: [root@test tmp]# userdel -r john Cont… Sometimes you may not want to delete the user's files so that they can be accessed by other users at some other time. In this case you can just deactivate the user's account using the passwd -l username command. EnD