What is Samba?
TOC
Samba is an open source software
package that mimics a Windows server. Its purpose is to offer an alternative
to expensive, unstable Windows servers. Samba can replicate nearly all of
Windows server functionality. It appears in the Network Neighborhood like any
other Windows machine and functions in the same way. In fact, some servers on
your network right now could be running Samba instead of Windows and no one
would ever notice.
Why Use Samba?
TOC
There are many reasons to use
Samba. Here are just a few:
- It is free! NO LICENSING COSTS!
-
It outperforms Microsoft Windows
2000 Server! Documentation of this can be found at www.pcmag.com in an article entitled
"Server Throughput and Response Times".
-
It is reliable. Samba servers
have been known to have uptimes of months and then only malfunctioned due to
hardware failure.
-
It is relatively easy to
administer yet very customizable. Samba can be set up to function as
anything from a simple print server to a complex Windows Domain
Controller.
-
It is secure. There are no
security holes known to exist in the current release of Samba.
-
It is available for many
platforms. IRIX, Solaris, Linux, HP-UX, SCO UnixWare, and BSD are just some
examples. Chances are most departments will already have a machine that can
run Samba.
-
It seamlessly integrates into
existing networks. Since Windows cannot distinguish between a Samba server
and a Windows server, compatibility problems arise only under the rarest
circumstances.
Where Can I Get
Samba?
TOC
Samba ships with most Linux
distributions, some commercial Unix platforms and is available for almost any
operating system from www.samba.org.
Remember that the most current version is 2.2.2.
Is Samba On My Machine Now?
TOC
There is a very good chance that
it is, especially if the machine in question is running Linux. To check to see
is Samba is already on the machine execute the following
command:
find / -name samba -
print
This will search the entire hard
disk for Samba and print the results out to the screen. If Samba is on the
machine already, check now to see if it is running. To do this execute the
following command on Linux:
ps aux | grep
smbd
Or the following command on other
Unix systems
ps -ef | grep
smbd
If either of these commands
returns a string that resembles
root 9798 0.0 0.4 2388 1104 ? S
Oct30 0:00 nmbd -D
Then Samba is running already. It
may need some special configuration to show up on the network, however. That
is covered later in this article.
If Samba is there on the machine
but not running, find the executables for smbd and nmbd (these are the
processes that actually allow Samba to function). You can find the executables
with the command:
find / -name smbd
-print
And
find / -name nmbd
-print
These commands will return a
result that looks similar to this
/usr/sbin/smbd
To start Samba execute the
following commands as root:
/usr/sbin/smbd
-D
/usr/sbin/nmbd
-D
Of course these commands may need
to be altered a bit to reflect the locations of the executables on your
machine.
If Samba isn't on your machine
already, read the section below, Installing Samba.
If Samba is installed on your
machine test whether or not you have a fairly current version. To do this,
execute the following command as root:
/usr/sbin/smbd
-V
Of course the might need to be
modified to reflect the location of the smbd executable on your
system.
Installing
Samba
TOC
The easiest way to do this is via
a pre-assembled package for your system. For Linux these are RPMs for IRIX
they are called tardists. Regardless of what operating system you are using,
make sure to get the appropriate package. The RPM for RedHat 7.1 will most
likely not work on Slackware 8, for example. When using IRIX, make sure to get
the package that matches your operating system version.
Installing On
Linux
Once you have downloaded the
appropriate package, install it. This is accomplished on a Linux machine in
the following way.
Rpm -Ivh
<nameOfPackage>
Installing On
IRIX
To install Samba on an IRIX
machine, as root, from the desktop choose System then Software Manager. When
the Software Manager opens up, choose File, then Open Distribution. Now
navigate to the location of the Samba tardist and choose "Open". From here the
process is fairly straightforward. Just follow the prompts to install the
software.
Installing From Source On Linux
and Other Operating Systems
If your version of Linux doesn't
support RPMs or there are none available or you are installing Samba on
platforms for which there are no pre-assembled packages, you will have to
install Samba from source. This really isn't as complicated as it sounds but
does require a few more steps than the ways listed above. The full process of
installing Samba from source is outside the scope of this article but the
basic steps go something like this:
- Download the source file. They are normally named
something like samba-2.2.2.tar.gz
-
Unpack the archive with the
command tar xfvz <nameOfPackage>
-
Change into the newly created
directory. For example, if Samba version 2.2.2 was downloaded and unpacked,
the new directory would be Samba-2.2.2.
-
Configure the Samba installation
with the command ./configure -with smbmount
-
Compile the code with the
command make
-
Finish with the command make
install
Finishing the Install
Process
Depending on the method you chose
to install Samba, some finishing touches may need to be applied to make the
whole thing work. They include ensuring that a firewall or machine level
security will not hamper Samba's operation, making sure the Samba service
starts when the machine is booted, modifying /etc/services to account for the
newly installed Samba services, and enabling SWAT, the graphical Samba
configuration tool.
Modifying
/etc/services
TOC
This step can be skipped on IRIX
and some other operating systems. On Linux, simply make sure that the file
/etc/services has these lines:
netbios-ns 137/tcp
netbios-ns 137/udp
netbios-dgm 138/tcp
netbios-dgm 138/udp
netbios-ssn 139/tcp
netbios-ssn
139/udp
If these lines are not included in
/etc/services, Samba will not function properly. Note that you should not just
add these lines to /etc/services since they might already be there. Just make
sure the lines are there and if they aren't, add them.
Firewalls and
Security
TOC
To operate, Samba needs to be able
to accept connections on ports 137 and 139. In the latest versions of RedHat,
a firewall is installed that will, by default, block access to these ports.
The file that controls this on these RedHat machines in
/etc/sysconfig/ipchains. The following is an example of what this file should
look like if it is to allow incoming Samba connections:
# Firewall
configuration written by lokkit
# Manual
customization of this file is not recommended.
# Note:
ifup-post will punch the current nameservers through the
# firewall;
such entries will *not* be listed here.
:input
ACCEPT
:forward
ACCEPT
:output
ACCEPT
-A input -s
0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s
0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s
0/0 -d 0/0 137 -p tcp -y -j ACCEPT
-A input -s
0/0 -d 0/0 139 -p tcp -y -j ACCEPT
-A input -s
0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s
0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s
0/0 -d 0/0 -i lo -j ACCEPT
-A input -p
tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p
tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p
udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p
udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p
tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p
tcp -s 0/0 -d 0/0 7100 -y -j REJECT
On IRIX, the firewall is a
non-issue since there most likely isn't one running on the
machine.
Starting Samba When the
Machine Boots
TOC
On Linux, Samba should be started
via one of the startup scripts. Examples of these are:
/etc/rc.local
or
/etc/rc.3
Edit these scripts to contain the
lines below:
/usr/sbin/smbd -D
/usr/sbin/nmbd -D
Alternatively, if you are using
RedHat 7.1 or later, you can use the utility, setup, to tell Samba to
start automatically. To do this, execute the command setup. Then choose
"System Services", then check the box next to "smb".
If you don't want Samba to start
every time the machine boots, you can start it whenever you want to by simply
executing these commands:
/usr/sbin/smbd -D
/usr/sbin/nmbd
-D
On IRIX, this is not an issue
normally as the process of installing Samba took care of it by itself. If it
didn't, however, change to the directory /etc/rc2.d and execute the following
command:
ln -s S81samba
/etc/init.d/samba
Enabling
SWAT
TOC
To enable SWAT, the graphical
configuration utility for Samba, the process is the same on both IRIX and most
versions of Linux except RedHat 7.0 and greater. On IRIX and Linux versions
other than RedHat 7.0 and greater, simply add the following line to
/etc/inetd.conf
swat stream tcp nowait root
/usr/samba/bin/swat swat
On RedHat 7.0 and greater, you
must edit the file /etc/xinet.d/swat to look like the example
below:
service
swat
{
port =
901
socket_type =
stream
wait =
no
>
user =
root
server =
/usr/sbin/swat
log_on_failure
+= USERID
disable =
no
}
Configuring Samba
TOC
There are two basic ways to
configure Samba. You can either use SWAT or hand edit
smb.conf.
Using SWAT
This process is the same on both
Linux and IRIX. SWAT is the preferred way to configure Samba. It is also very
easy to use. Simply open your favorite web browser and go to http://127.0.0.1:901. SWAT will now ask for
the username and password. Give it the root username and
password.
Editing
smb.conf
Logically, the first step to
editing smb.conf is finding it. There are several standard locations for
smb.conf depending on what operating system you are using. Some examples are
given below.
/usr/samba/lib/smb.conf
or
/etc/smb.conf
or
/etc/samba/smb.conf
Alternatively, if you can't find
smb.conf, use the following command to locate it.
find / -name smb.conf
-print
After find smb.conf, open it in
your favorite text editor. An example of a very basic smb.conf is given below.
The text after the "#" sign is for instructional purposes only. Do not include
it in your smb.conf file.
[global]
#The [global] section sets up parameters that affect the Samba server as a
whole.
workgroup =
MCSR
#This sets the workgroup of which Samba is to be a member
server string =
Linux #This
line shows up as a comment in the network neighborhood
security =
user
#This is the security mode Samba will operate in. This requires that #users
supply a username and password. There are other security level as
#well including share, domain, and server
encrypt passwords = yes #This line
is HIGHLY recommended if Windows 2000 clients are expected to access the Samba
machine.
[stuff]
#This is the name of the share. It will appear in the network
neighborhood.
path =
/tmp
#The path to the share on the local machine.
[printers]
#This is the easiest way to set up a print server. This will detect all the
printers #that the machine is configured to work with and share them.
public =
yes
#This means that anyone can access this share
printable =
yes
#This actually makes this share printable, which it must be since it's a
printer #share
Of course this is a very basic
smb.conf. There are many, many options available for use. In fact, the manpage
for smb.conf is the second longest manpage available to Linux at over 7000
lines and 35,970 words.
Adding Users to the Samba Machine
TOC
If someone needs to access a share on your Samba
server, they must be both a valid user of the system and a valid Samba user.
Adding Users to a Linux System
To add users to a Linux system, use the
following command:
adduser <username>
For example, to add user joe to the system,
execute the command
adduser joe
After adding the user, specify a password for
them with the command
passwd <username>
For example to change joe's password execute
passwd joe
Adding Users to an IRIX System
To add a user to an IRIX system, use the "System
Manager" that is located in the menu on the desktop.
Adding Samba Users
To add users to the Samba users list, execute
the command
smbpasswd -a <username>
For example, to add joe, execute the following
smbpasswd -a joe
Wrapping It All
Up
TOC
This concludes the introduction to
Samba. If there is interest, The MCSR will produce another article covering
Samba configuration in more depth. In the meantime, you can email the main
author of this article at [EMAIL PROTECTED] for more
information or general Samba setup help.
Don't forget to visit and support
www.samba.org.
by JAKE JENKINS