By Robert Eckstein, David Collier-Brown, Peter Kelly

Cover | Table of Contents

Table of Contents

Chapter 1: Samba Pocket Reference

Content preview·Buy reprint rights for this chapter

Samba is a suite of Unix applications that speak the Server Message Block (SMB) protocol. Many operating systems, including Windows and OS/2, use SMB to perform client/server networking. By supporting this protocol, Samba allows Unix servers to get in on the action, communicating with the same networking protocol as Microsoft Windows products. This book covers Version 2.0 of Samba, and many 2.2 options, but points out which options have been recently added in case you are still running an earlier version.

This pocket reference is aimed at system administrators who have already learned the basics of Samba and related information about Windows clients and domains. If you are new to Samba, we recommend you read Using Samba, by Robert Eckstein, David Collier-Brown, and Peter Kelly (O'Reilly). The material in this book comes from two appendixes of Using Samba.

A Samba-enabled Unix machine can masquerade as a server on your Microsoft network and offer the following services:

• Sharing one or more filesystems
• Sharing printers installed on both the server and its clients
• Assisting clients with Network Neighborhood browsing
• Authenticating clients logging onto a Windows domain
• Providing or assisting with WINS nameserver resolution

Section 1.2 lists the types of lines you can put in your Samba configuration file, usually named smb.conf.

Section 1.5 lists command-line options and related information for running the Samba daemons, and Section 1.7 lists various commands included in the Samba distribution that you can run from the Unix shell on the system hosting Samba.

The Samba daemons are:

smbd

A program responsible for managing the shared resources between the Samba server machine and its clients. It provides file, print, and browser services to SMB clients across one or more networks. smbd handles all notifications between the Samba server and the network clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol.

nmbd

A simple nameserver that mimics the WINS and NetBIOS nameserver functionality, as you might expect to encounter with the LAN Manager package. This daemon listens for nameserver requests and provides the appropriate information when called upon. It also provides browse lists for the Network Neighborhood, and participates in browsing elections.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Introduction

Content preview·Buy reprint rights for this chapter

Samba is a suite of Unix applications that speak the Server Message Block (SMB) protocol. Many operating systems, including Windows and OS/2, use SMB to perform client/server networking. By supporting this protocol, Samba allows Unix servers to get in on the action, communicating with the same networking protocol as Microsoft Windows products. This book covers Version 2.0 of Samba, and many 2.2 options, but points out which options have been recently added in case you are still running an earlier version.

This pocket reference is aimed at system administrators who have already learned the basics of Samba and related information about Windows clients and domains. If you are new to Samba, we recommend you read Using Samba, by Robert Eckstein, David Collier-Brown, and Peter Kelly (O'Reilly). The material in this book comes from two appendixes of Using Samba.

A Samba-enabled Unix machine can masquerade as a server on your Microsoft network and offer the following services:

• Sharing one or more filesystems
• Sharing printers installed on both the server and its clients
• Assisting clients with Network Neighborhood browsing
• Authenticating clients logging onto a Windows domain
• Providing or assisting with WINS nameserver resolution

Section 1.2 lists the types of lines you can put in your Samba configuration file, usually named smb.conf.

Section 1.5 lists command-line options and related information for running the Samba daemons, and Section 1.7 lists various commands included in the Samba distribution that you can run from the Unix shell on the system hosting Samba.

The Samba daemons are:

smbd

A program responsible for managing the shared resources between the Samba server machine and its clients. It provides file, print, and browser services to SMB clients across one or more networks. smbd handles all notifications between the Samba server and the network clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol.

nmbd

A simple nameserver that mimics the WINS and NetBIOS nameserver functionality, as you might expect to encounter with the LAN Manager package. This daemon listens for nameserver requests and provides the appropriate information when called upon. It also provides browse lists for the Network Neighborhood, and participates in browsing elections.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuration File Options

Content preview·Buy reprint rights for this chapter

This section lists each of the options that can be used in a Samba configuration file, which is usually named smb.conf. Most configuration files contain a global section of options that apply to all directories (shares), and a separate section for various individual shares. If an option applies only to the global section, [global] appears before its name in the following reference section. Any lists mentioned are space-separated, except where noted. A glossary of terms and a list of variables Samba recognizes follow this reference section.

[global] add user script = script

allowable values:full path to shell script

default:NULL

Specifies a script that creates a new user on the system hosting the Samba server. This script runs as root when access to a Samba share is attempted by a Windows user who does not have an account on the hosting system, but does have an account maintained by a primary domain controller on a different system. The script should accept the name of the user as a single argument, which matches the behavior of typical adduser scripts. Samba honors the %u value (username) as the argument to the script. Requires security = server or security = domain. See also delete user script.

admin users = user list

allowable values:user list

default:NULL

Specifies a list of users who will be granted root permissions on the share by Samba.

allow hosts = host list

allowable values:list of hosts or networks

default:NULL

Specifies a list of machines that may connect to a share or shares. If NULL, any machine can access the share unless there is a hosts deny option. Synonym for hosts allow.

[global] allow trusted domains = boolean

allowable values:YES, NO

default:YES

Allows access to users who lack accounts on the Samba server but have accounts in another, trusted domain. Requires security = server or security = domain.

[global] announce as = system type

allowable values:NT, Win95, Wf W

default:NT

Has Samba announce itself as something other than an NT server. Discouraged because it interferes with serving browse lists.

[global] announce version = number.number

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Glossary of Configuration Values

Content preview·Buy reprint rights for this chapter

Address list

A space-separated list of IP addresses in ###.###.###.### format.

Command

A Unix command, with a full path and parameters.

Comma-separated list

A list of items separated by commas.

Host list

A space-separated list of hosts. Allows IP addresses, address masks, domain names, ALL, and EXCEPT.

Interface list

A space-separated list of interfaces, in either address/netmask or address/n-bits format. For example, 192.168.2.10/24 or 192.168.2.10/255.255.255.0.

Map list

A space-separated list of file-remapping strings such as (*.html *.htm).

Remote list

A space-separated list of subnet-broadcast-address/workgroup pairs. For example:

192.168.2.255/SERVERS 192.168.4.255/STAFF

Service (share) list

A space-separated list of share names, without the enclosing square brackets.

Slash-list

A list of filenames, separated by "/" characters to allow embedded spaces. For example:

/.*/fred flintstone/*.frk/

Text

One line of text.

User list

A space-separated list of usernames. @group_name includes whomever is in the NIS netgroup group_name if one exists, or otherwise whomever is in the Unix group group_name. In addition, +group_name is a Unix group, &group_name is an NIS netgroup, and &+ and +& cause an ordered search of both Unix and NIS groups.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuration File Variables

Content preview·Buy reprint rights for this chapter

Table 1-2 lists the Samba configuration file variables.

Table 1-2: Variables in Alphabetic Order

Name	Meaning
%a	Client's architecture (Samba, WWfg, WinNT, Win95, or UNKNOWN)
%d	Current server process's process ID
%f	Print-spool file as a relative path (printing only)
%f	User from which a message was sent (messages only)
%G	Primary group name of %U (requested username)
%g	Primary group name of %u (actual username)
%H	Home directory of %u (actual username)
%h	Samba server's (Internet) hostname
%I	Client's IP address
%j	Print job number (printing only)
%L	Samba server's NetBIOS name (virtual servers have multiple names)
%M	Client's (Internet) hostname
%m	Client's NetBIOS name
%N	Name of the NIS home directory server (without NIS, same as %L)
%n	New password (password change only)
%o	Old password (password change only)
%P	Current share's root directory (actual)
%p	Current share's root directory (in an NIS homedir map)
%p	Print filename (printing only)
%R	Protocol level in use (CORE, COREPLUS, LANMAN1, LANMAN2, or NT1)
%S	Current share's name
%s	Name of file the message is in (messages only)
%s	Print-spool file name (printing only)
%T	Current date and time
%t	Destination machine (messages only)
%U	Requested username for current share
%u	Current share's username
%v	Samba version

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Samba Daemons

Content preview·Buy reprint rights for this chapter

The following sections provide information about the command-line parameters for smbd and nmbd.

The smbd program provides Samba's file and printer services, using one TCP/IP stream and one daemon per client. It is controlled from the default configuration file, samba_dir/lib/smb.conf, and can be overridden by command-line options.

The configuration file is automatically reevaluated every minute. If it has changed, most new options are immediately effective. You can force Samba to reload the configuration file immediately if you send a SIGHUP to smbd. Reloading the configuration file, however, will not affect any clients that are already connected. To escape this "grandfather" configuration, a client would need to disconnect and reconnect or the server itself would have to be restarted, forcing all clients to reconnect.

Section 1.5.1.1: Other signals

To shut down an smbd process, send it the termination signal SIGTERM (-15), which allows it to die gracefully, instead of a SIGKILL (-9). To increment the debug logging level of smbd at runtime, send the program a SIGUSR1 signal. To decrement it at runtime, send the program a SIGUSR2 signal.

Section 1.5.1.2: Command-line options

-D

Runs the smbd program as a daemon. This is the recommended way to use smbd (it is also the default action). In addition, smbd can be run from inetd.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from to 10. Specifying the value on the command line overrides the value specified in the smb.conf file. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow smbd considerably.

-h

Prints command-line usage information for the smbd program.

Section 1.5.1.3: Testing/debugging options

-a

If this option is specified, each new connection to the Samba server appends all logging messages to the log file. This option is the opposite of -o, and is the default.

-i scope

Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Samba Startup File

Content preview·Buy reprint rights for this chapter

The most common way to start Samba is to run it from your Unix system's rc files at boot time. For systems with a System V-like set of /etc/rcN.d directories, you can do this by placing a suitably-named script in the rc directory. Usually, the script starting Samba is called S91samba, while the script stopping or "killing" Samba is called K91samba. On Linux, the usual subdirectory for the scripts is /etc/rc2.d. On Solaris, the directory is /etc/rc3.d. For machines with /etc/rc.local files, you would normally add the following lines to that file:

/usr/local/samba/bin/smbd -D
/usr/local/samba/bin/nmbd -D 

The following example script supports two extra commands, status and restart, in addition to the normal start and stop for System V machines:

#!/bin/sh
#
# /etc/rc2.d./S91Samba  --manage the SMB server in a  
# System V manner
#
OPTS="-D"
#DEBUG=-d3
PS="ps  ax"
SAMBA_DIR=/usr/local/samba
case "$1" in
'start')
	echo "samba "
	$SAMBA_DIR/bin/smbd $OPTS $DEBUG
	$SAMBA_DIR/bin/nmbd $OPTS $DEBUG
	;;
'stop')
	echo "Stopping samba"
	$PS | awk '/usr.local.samba.bin/ { print $1}' |\
	xargs kill
	;;
'status')
	x=`$PS | grep -v grep | grep '$SAMBA_DIR/bin'`
	if [ ! "$x" ]; then
		echo "No samba processes running"
	else
		echo "  PID TT STAT  TIME COMMAND"
		echo "$x"
	fi
	;;
'restart')
	/etc/rc2.d/S91samba stop
	/etc/rc2.d/S91samba start
	/etc/rc2.d/S91samba status
	;;
*)
	echo "$0: Usage error -- you must say $0 start, \
   stop, status or restart ."
	;;
esac
exit

You'll need to set the actual paths and ps options to suit the machine you're using. In addition, you might want to add commands to tell Samba to reload its smb.conf file or dump its nmbd tables, depending on your actual needs.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Samba Distribution Programs

Content preview·Buy reprint rights for this chapter

This section lists the command-line options and subcommands provided by each of the executables in the Samba distribution.

nmblookup is a client program that exercises the NetBIOS-over-UDP/IP name service for resolving NBT machine names into IP addresses. The program works by broadcasting its queries on the local subnet until a machine with the specified name responds. You can think of it as a Windows nslookup(1) or dig(1).This is useful for looking up normal NetBIOS names as well as the odd ones, like _ _MSBROWSE_ _ , that the Windows name services use to provide directory-like services. If you wish to query for a particular type of NetBIOS name, add the NetBIOS <type> to the end of the name.

The command line is:

nmblookup [options] name

The options supported are:

-A

Interprets name as an IP address and does a node-status query on this address.

-B broadcast_address

Sends the query to the given broadcast address. The default is to send the query to the broadcast address of the primary network interface.

-d debug_level

Sets the debug (sometimes called logging) level. The level can range from to 10. Debug level logs only the most important messages; level 1 is normal; and levels 3 and above are primarily for debugging and slow the program considerably.

-h

Prints command-line usage information for the program.

-i scope

Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.

-M

Searches for a local master browser. This is done through a broadcast searching for a machine that will respond to the special name _ _MSBROWSE_ _ , and then asking that machine for information, instead of broadcasting the query itself.

-R

Sets the recursion desired bit in the packet. This will cause the machine that responds to try doing a WINS lookup and to return the address and any other information the WINS server has saved.

-r

Uses the root port of 137 for Windows 95 machines.

-S

Performs a node-status query once the name query has returned an IP address. This returns all the resource types that the machine knows about, with their numeric attributes. For example:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Return to Samba Pocket Reference