By Jay Ts, Robert Eckstein, David Collier-Brown

Cover | Table of Contents | Online Book | Online Book | Colophon

Table of Contents

Chapter 1: Learning the Samba

Content preview·Buy reprint rights for this chapter

Samba is an extremely useful networking tool for anyone who has both Windows and Unix systems on his network. Running on a Unix system, it allows Windows to share files and printers on the Unix host, and it also allows Unix users to access resources shared by Windows systems.

Although it might seem natural to use a Windows server to serve files and printers to a network containing Windows clients, there are good reasons for preferring a Samba server for this duty. Samba is reliable software that runs on reliable Unix operating systems, resulting in fewer problems and a low cost of maintenance. Samba also offers better performance under heavy loads, outperforming Windows 2000 Server by a factor of 2 to 1 on identical PC hardware, according to published third-party benchmarks. When common, inexpensive PC hardware fails to meet the demands of a huge client load, the Samba server can easily be moved to a proprietary "big iron" Unix mainframe, which can outperform Windows running on a PC many times. If all that weren't enough, Samba has a very nice cost advantage: it's free. Not only is the software itself freely available, but also no client licenses are required, and it runs on high-quality, free operating systems such as Linux and FreeBSD.

After reading the previous paragraph, you might come to the conclusion that Samba is commonly used by large organizations with thousands of users on their networks—and you'd be right! But Samba's user base includes organizations all over the planet, of all types and sizes: from international corporations, to medium and small businesses, to individuals who run Samba on their Linux laptops. In the last case, a tool such as VMware is used to run Windows on the same computer, with Samba enabling the two operating systems to share files.

The types of users vary even more—Samba is used by corporations, banks and other financial institutions, government and military organizations, schools, public libraries, art galleries, families, and even authors! This book was developed on a Linux system running VMware and Windows 2000, with Adobe FrameMaker running on Windows and the document files served by Samba from the Linux filesystem.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

What Is Samba?

Content preview·Buy reprint rights for this chapter

Samba is a suite of Unix applications that speak the Server Message Block (SMB) protocol. Microsoft Windows operating systems and the OS/2 operating system use SMB to perform client-server networking for file and printer sharing and associated operations. By supporting this protocol, Samba enables computers running Unix to get in on the action, communicating with the same networking protocol as Microsoft Windows and appearing as another Windows system on the network from the perspective of a Windows client. A Samba server offers the following services:

• Share one or more directory trees
• Share one or more Distributed filesystem (Dfs) trees
• Share printers installed on the server among Windows clients on the network
• Assist clients with network browsing
• Authenticate clients logging onto a Windows domain
• Provide or assist with Windows Internet Name Service (WINS) name-server resolution

The Samba suite also includes client tools that allow users on a Unix system to access folders and printers that Windows systems and Samba servers offer on the network.

Samba is the brainchild of Andrew Tridgell, who currently heads the Samba development team. Andrew started the project in 1991, while working with a Digital Equipment Corporation (DEC) software suite called Pathworks, created for connecting DEC VAX computers to computers made by other companies. Without knowing the significance of what he was doing, Andrew created a file-server program for an odd protocol that was part of Pathworks. That protocol later turned out to be SMB. A few years later, he expanded upon his custom-made SMB server and began distributing it as a product on the Internet under the name "SMB Server." However, Andrew couldn't keep that name—it already belonged to another company's product—so he tried the following Unix renaming approach:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

What Can Samba Do for Me?

Content preview·Buy reprint rights for this chapter

As explained earlier, Samba can help Windows and Unix computers coexist in the same network. However, there are some specific reasons why you might want to set up a Samba server on your network:

• You don't want to pay for—or can't afford—a full-fledged Windows server, yet you still need the functionality that one provides.
• The Client Access Licenses (CALs) that Microsoft requires for each Windows client to access a Windows server are unaffordable.
• You want to provide a common area for data or user directories to transition from a Windows server to a Unix one, or vice versa.
• You want to share printers among Windows and Unix workstations.
• You are supporting a group of computer users who have a mixture of Windows and Unix computers.
• You want to integrate Unix and Windows authentication, maintaining a single database of user accounts that works with both systems.
• You want to network Unix, Windows, Macintosh (OS X), and other systems using a single protocol.

Let's take a quick tour of Samba in action. Assume that we have the following basic network configuration: a Samba-enabled Unix system, to which we will assign the name toltec, and a pair of Windows clients, to which we will assign the names maya and aztec, all connected via a local area network (LAN). Let's also assume that toltec also has a local inkjet printer connected to it, lp, and a disk share named spirit—both of which it can offer to the other two computers. A graphic of this network is shown in Figure 1-1.

Figure 1-1: A simple network set up with a Samba server

In this network, each computer listed shares the same workgroup. A workgroup is a group name tag that identifies an arbitrary collection of computers and their resources on an SMB network. Several workgroups can be on the network at any time, but for our basic network example, we'll have only one: the METRAN workgroup.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Getting Familiar with an SMB Network

Content preview·Buy reprint rights for this chapter

Now that you have had a brief tour of Samba, let's take some time to get familiar with Samba's adopted environment: an SMB network. Networking with SMB is significantly different from working with common TCP/IP protocols such as FTP and Telnet because there are several new concepts to learn and a lot of information to cover. First, we will discuss the basic concepts behind an SMB network, followed by some Microsoft implementations of it, and finally we will show you where a Samba server can and cannot fit into the picture.

To begin, let's step back in time. In 1984, IBM authored a simple application programming interface (API) for networking its computers, called the Network Basic Input/Output System (NetBIOS). The NetBIOS API provided a rudimentary design for an application to connect and share data with other computers.

It's helpful to think of the NetBIOS API as networking extensions to the standard BIOS API calls. The BIOS contains low-level code for performing filesystem operations on the local computer. NetBIOS originally had to exchange instructions with computers across IBM PC or Token Ring networks. It therefore required a low-level transport protocol to carry its requests from one computer to the next.

In late 1985, IBM released one such protocol, which it merged with the NetBIOS API to become the NetBIOS Extended User Interface (NetBEUI ). NetBEUI was designed for small LANs, and it let each computer claim a name (up to 15 characters) that wasn't already in use on the network. By a "small LAN," we mean fewer than 255 nodes on the network—which was considered a generous number in 1985!

The NetBEUI protocol was very popular with networking applications, including those running under Windows for Workgroups. Later, implementations of NetBIOS over Novell's IPX networking protocols also emerged, which competed with NetBEUI. However, the networking protocols of choice for the burgeoning Internet community were TCP/IP and UDP/IP, and implementing the NetBIOS APIs over those protocols soon became a necessity.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

An Introduction to the SMB Protocol

Content preview·Buy reprint rights for this chapter

Now we're going to cover some low-level technical details and explore the elementals of the SMB protocol. You probably don't need to know much about this to implement a simple Samba network, and therefore you might want to skip or skim over this section and go on to the next one ("Windows Workgroups and Domains") on your first reading. However, assuming you are going to be responsible for long-term maintenance of a Samba network, it will help if you understand how it actually works. You will more easily be able to diagnose and correct any odd problems that pop up.

At a high level, the SMB protocol suite is relatively simple. It includes commands for all the file and print operations that you might perform on a local disk or printer, such as:

• Opening and closing files
• Creating and deleting files and directories
• Reading and writing files
• Searching for files
• Queueing and dequeueing files in a print spool

Each operation can be encoded into an SMB message and transmitted to and from a server. The original name "SMB" comes from the way in which the commands are formatted: they are versions of the standard DOS system-call data structures, or Server Message Blocks, redesigned for transmitting to another computer across a network.

Richard Sharpe of the Samba team defines SMB as a request-response protocol. In effect, this means that a client sends an SMB request to a server and the server sends an SMB response back to the client. In only one rare circumstance does a server send a message that is not in response to a client.

An SMB message is not as complex as you might think. Let's take a closer look at the internal structure of such a message. It can be broken down into two parts: the header, which is a fixed size, and the command string, whose size can vary dramatically based on the contents of the message.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Windows Workgroups and Domains

Content preview·Buy reprint rights for this chapter

Up to now, we've covered basic SMB technology, which is all you would need if you had nothing more advanced than MS-DOS clients on your network. We do assume you want to support Windows clients, especially the more recent versions, so next we'll describe the enhancements Microsoft has added to SMB networking—namely, Windows for Workgroups and Windows domains.

Windows Workgroups are very similar to the SMB groups already described. You need to know just a few additional things.

Section 1.5.1.1: Browsing

Browsing is the process of finding the other computers and shared resources in the Windows network. Note that there is no connection with a World Wide Web browser, apart from the general idea of "discovering what's there." On the other hand, browsing the Windows network is like the Web in that what's out there can change without warning.

Before browsing existed, users had to know the name of the computer they wanted to connect to on the network and then manually enter a UNC such as the following into an application or file manager to access resources:

\\toltec\spirit\

Browsing is much more convenient, making it possible to examine the contents of a network by using the point-and-click GUI interface of the Network Neighborhood (or My Network Places) on a Windows client.

You will encounter two types of browsing in an SMB network:

• Browsing a list of computers and shared resources
• Browsing the shared resource of a specific computer

Let's look at the first one. On each LAN (or subnet) with a Windows workgroup or domain, one computer has the responsibility of maintaining a list of the computers that are currently accessible through the network. This computer is called the

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

What's New in Samba 2.2?

Content preview·Buy reprint rights for this chapter

In Version 2.2, Samba has more advanced support for Windows networking, including the ability to perform the more important tasks necessary for acting in a Windows NT domain. In addition, Samba 2.2 has some support for technologies that Microsoft introduced in Windows 2000, although the Samba team has saved Active Directory support for Version 3.0.

Samba previously could act as a PDC to authenticate Windows 95/98/Me and Windows NT 4 systems. This functionality has been extended in Release 2.2 to include Windows 2000 and Windows XP. Thus, it is possible to have a Samba server supporting domain logons for a network of Windows clients, including the most recent releases from Microsoft. This can result in a very stable, high-performance, and more secure network, and gives you the added benefit of not having to purchase per-seat Windows CALs from Microsoft.

Microsoft Dfs allows shared resources that are dispersed among a number of servers in the network to be gathered together and appear to users as if they all exist in a single directory tree on one server. This method of organization makes life much simpler for users. Instead of having to browse around the network on a treasure hunt to locate the resource they want to use, they can go directly to the Dfs server and grab what they want. Samba 2.2 offers support for serving Dfs, so a Windows server is no longer needed for this purpose.

Windows NT/2000/XP has a different Remote Procedure Call (RPC)-based printer interface than Windows 95/98/Me does. In Samba 2.2, the Windows NT/2000/XP interface is supported. Along with this, the Samba team has been adding support for automatically downloading the printer driver from the Samba server while adding a new printer to a Windows client.

Samba now supports ACLs on its Unix host for Unix variants that support them. The list includes Solaris 2.6, 7, and 8, Irix, AIX, Linux (with either the ACL patch for the ext2/ext3 filesystem from

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

What's New in Samba 3.0?

Content preview·Buy reprint rights for this chapter

The main distinguishing feature of Samba 3.0 is that it includes support for Kerberos 5 authentication and LDAP, which are required to act as clients in an Active Directory domain. Another feature that appeared in Samba 3.0 is support for Unicode, which greatly simplifies supporting international languages.

In later Version 3 releases, the Samba team plans to develop support for WINS replication, allowing Samba to act as a secondary WINS server or as a primary WINS server with Windows or Samba secondary WINS servers. Also planned are support for acting as a Windows NT BDC and support for Windows NT domain trust relationships.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

What Can Samba Do?

Content preview·Buy reprint rights for this chapter

Now let's wrap up by showing where Samba can help out and where it is limited. Table 1-9 summarizes which roles Samba can and cannot play in a Windows NT or Active Directory domain or a Windows workgroup. Many of the Windows domain protocols are proprietary and have not been documented by Microsoft and therefore must be reverse-engineered by the Samba team before Samba can support them. As of Version 3.0, Samba cannot act as a backup in most roles and does not yet fully support Active Directory.

Table 1-9: Samba roles (as of Version 3.0)

Role	Can perform?
File server	Yes
Printer server	Yes
Microsoft Dfs server	Yes
Primary domain controller	Yes
Backup domain controller	No
Active Directory domain controller	No
Windows 95/98/Me authentication	Yes
Windows NT/2000/XP authentication	Yes
Local master browser	Yes
Local backup browser	Yes
Domain master browser

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

An Overview of the Samba Distribution

Content preview·Buy reprint rights for this chapter

As mentioned earlier, Samba actually contains several programs that serve different but related purposes. These programs are documented more fully in Appendix C. For now, we will introduce each of them briefly and describe how they work together.

The majority of the programs that come with Samba center on its two daemons. Let's take a refined look at the responsibilities of each daemon:

nmbd

The nmbd daemon is a simple name server that supplies WINS functionality. This daemon listens for name-server requests and provides the appropriate IP addresses when called upon. It also provides browse lists for the Network Neighborhood and participates in browsing elections.

smbd

The smbd daemon manages the shared resources between the Samba server and its clients. It provides file, print, and browse services to SMB clients across one or more networks and handles all notifications between the Samba server and the network clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol.

New with Version 2.2, there is an additional daemon:

winbindd

This daemon is used along with the name service switch to get information on users and groups from a Windows NT server and allows Samba to authorize users through a Windows NT/2000 server.

The Samba distribution also comes with a small set of Unix command-line tools:

findsmb

A program that searches the local network for computers that respond to SMB protocol and prints information on them.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

How Can I Get Samba?

Content preview·Buy reprint rights for this chapter

Source and binary distributions of Samba are available from mirror sites across the Internet. The primary web site for Samba is located at http://www.samba.org/. From there, you can select a mirror site that is geographically near you.

Most Linux and many Unix vendors provide binary packages. These can be more convenient to install and maintain than the Samba team's source or binary packages, due to the vendor's efforts to supply a package that matches its specific products.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 2: Installing Samba on a Unix System

Content preview·Buy reprint rights for this chapter

Now that you know what Samba can do for you and your users, it's time to get your own network set up. Let's start with the installation of Samba. When dancing the samba, one learns by taking small steps. It's just the same when installing Samba; we need to teach it step by step. This chapter will help you start off on the right foot.

For illustrative purposes, we will be installing the 2.2.6 version of the Samba server on a Linux system running Version 2.4 of the kernel. However, the installation steps are essentially the same for all the platforms Samba supports.

Samba is in such popular use that many Unix distributions come with it already installed. If you choose to use a bundled version of Samba, you can breeze through most of this chapter, but you'll be stuck with the Samba version and compile-time options your vendor selected for you. That version of Samba can't be any newer than the operating system release, so you're likely to be pretty far behind the latest developments. On the other hand, you can be fairly sure that a bundled version has been installed properly, and perhaps it will take only a few simple modifications to your smb.conf file for you to be off and running. Samba is mature enough that you probably don't need the latest release to meet your basic needs, so you might be perfectly happy running a bundled version.

If you choose this option, be aware that your Samba files, including the very important smb.conf, might be in different places than they would be if you were to install from a binary or source distribution. For example, with the Red Hat, Debian, and Mandrake Linux distributions, smb.conf and some other Samba-related files are in the /etc/samba directory.

If Samba is already installed on your system, you can check to see what version you have by using the command:

$ smbd -V
Version 2.2.6

(If this doesn't work, it might be because smbd is not in your shell's search path. If you have the locate or whereis command in your Unix variant, you can use it to locate the

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Bundled Versions

Content preview·Buy reprint rights for this chapter

Samba is in such popular use that many Unix distributions come with it already installed. If you choose to use a bundled version of Samba, you can breeze through most of this chapter, but you'll be stuck with the Samba version and compile-time options your vendor selected for you. That version of Samba can't be any newer than the operating system release, so you're likely to be pretty far behind the latest developments. On the other hand, you can be fairly sure that a bundled version has been installed properly, and perhaps it will take only a few simple modifications to your smb.conf file for you to be off and running. Samba is mature enough that you probably don't need the latest release to meet your basic needs, so you might be perfectly happy running a bundled version.

If you choose this option, be aware that your Samba files, including the very important smb.conf, might be in different places than they would be if you were to install from a binary or source distribution. For example, with the Red Hat, Debian, and Mandrake Linux distributions, smb.conf and some other Samba-related files are in the /etc/samba directory.

If Samba is already installed on your system, you can check to see what version you have by using the command:

$ smbd -V
Version 2.2.6

(If this doesn't work, it might be because smbd is not in your shell's search path. If you have the locate or whereis command in your Unix variant, you can use it to locate the smbd executable.)

You might also be able to use a system-specific tool to query a software-package maintenance utility. On Red Hat Linux, you can use the rpm command to query the installed packages for Samba:

$ rpm -qa | grep samba
samba-client-2.0.8-1.7.1
samba-2.0.8-1.7.1
samba-common-2.0.8-1.7.1

This shows we have Samba 2.0.8, divided into three Red Hat Package Manager (RPM) packages, bundled with Red Hat 7.1. If your version of Samba is old, you might at the very least want to check with your vendor for an update.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Downloading the Samba Distribution

Content preview·Buy reprint rights for this chapter

If you would like to download the latest version of the Samba software, the primary web site is http://www.samba.org. Once connected to this page, you'll see links to several Samba mirror sites across the world, both for the standard Samba web pages and for sites devoted exclusively to downloading Samba. For the best performance, choose a site that is closest to your own geographic location.

The standard Samba web sites have Samba documentation and tutorials, mailing-list archives, and the latest Samba news, as well as source and binary distributions of Samba. The download sites (sometimes called F T P sites) have only the source and binary distributions. Unless you specifically want an older version of the Samba server or are going to install a binary distribution, download the latest source distribution from the closest mirror site. This distribution is always named:

samba-latest.tar.gz

which for the 2.2.6 release is an approximately 5MB file.

The source distribution has been archived with tar and then compressed with the GNU gzip program. To unpack it, move the file to the directory in which you want the Samba source directory to be located, then cd to that directory and run the command:

$ tar xvfz samba-latest.tar.gz
         

Or, if you do not have the GNU tar program (which also handles the unzipping):

$ gunzip samba-latest.tar.gz
$ tar xvf samba-latest.tar
         

In that latter case, you might need to install the GNU gunzip program first. While the tar command runs, it will print out a list of the files it installs.

This part might seem obvious, but at one time or other you probably uncompressed a package, blindly typed:

$ configure; make; make install
            

and walked away to get another cup of coffee. Do yourself a favor and be a little more careful this time.

In the top-level directory that you just installed, there is a file named WHATSNEW.txt, which contains the latest news about the release. If you are upgrading, you can find important information about bug fixes or configuration parameters that have been added or are no longer supported.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Configuring Samba

Content preview·Buy reprint rights for this chapter

Samba automatically configures itself prior to compilation. This reduces the likelihood of a machine-specific problem, but you might end up wishing for an option after Samba has been installed.

The source distribution of Samba 2.2 and above doesn't initially have a makefile. Instead, one is generated through a GNU configure script, which is located in the samba-2.2.x /source/ directory. The configure script takes care of the machine-specific issues of building Samba.

Before running the configure script, it is important that you become the root user on the system. Otherwise, you might get a warning such as:

configure: warning: running as non-root will disable some tests

You don't want any test to be disabled when the Samba makefile is being created; it would leave the potential for errors down the road when compiling or running Samba on your system.

When the configure script is run, it prints out messages telling what it is doing, and error messages might be mixed in. To make sure you see those very important error messages, we suggest you run configure with its standard output passed through some filter to capture the output and keep it from scrolling out of sight. One method is using the more command:

# ./configure | more
         

We will show you another in a moment.

Although you can run configure as previously with no options, you might want to add support for extra features by passing options on the command line. For example:

# ./configure --with-winbind
         

will configure the Samba makefile with support for winbind authentication. If you would like a complete list of options, type the following:

# ./configure --help
         

Each option enables or disables various features. You typically enable a feature by specifying the -- with- feature option, which will cause the feature to be compiled and installed. Likewise, if you specify a

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Compiling and Installing Samba

Content preview·Buy reprint rights for this chapter

At this point you should be ready to build the Samba executables. Compiling is also easy: in the source directory, type make on the command line. The make utility will produce a stream of explanatory and success messages, beginning with:

Using FLAGS = -O -Iinclude ...

This build includes compiles for both smbd and nmbd and ends in a linking command for bin/nmblookup. For example, here is a sample make of Samba Version 2.2.6 on a Linux server:

# make 2>&1 | tee make.log
Using FLAGS =  -O  -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE64
_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE  -DLOGFILEBASE="/usr/local/samba/va
r" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/
lib/lmhosts"   -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin
" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/local/samba/lib/cod
epages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/sa
mba/bin"  -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/u
sr/local/samba/private/smbpasswd" -DTDB_PASSWD_FILE="/usr/local/samba/private/sm
bpasswd.tdb"
Using FLAGS32 =  -O  -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE
64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE  -DLOGFILEBASE="/usr/local/samba/
var" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samb
a/lib/lmhosts"   -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/b
in" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/local/samba/lib/c
odepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/
samba/bin"  -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="
/usr/local/samba/private/smbpasswd" -DTDB_PASSWD_FILE="/usr/local/samba/private/
smbpasswd.tdb"
Using LIBS = -ldl -lnsl -lpam
Compiling smbd/server.c
Compiling smbd/files.c
Compiling smbd/chgpasswd.c
Compiling smbd/connection.c
Compiling smbd/utmp.c
Compiling smbd/session.c
Compiling smbd/dfree.c
Compiling smbd/dir.c

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Enabling SWAT

Content preview·Buy reprint rights for this chapter

The Samba Web Administration Tool (SWAT) runs as a daemon under inetd or xinetd and provides a forms-based editor in your web browser for creating and modifying Samba's configuration file. For SWAT to work, entries must be added for it in the /etc/services and /etc/inetd.conf (or /etc/xinetd.d/swat) configuration files. To add the entries, follow these two steps:

1. Check your /etc/services file, and if it does not contain the following line, add it to the end of the file:

   swat   901/tcp

2. Now for inetd or xinetd. These are "Internet super daemons" that handle starting daemons on demand, instead of letting them sit around in memory consuming system resources. Most systems use inetd, but xinetd is also used in some versions of Unix, notably the Red Hat Linux (Versions 7 and newer) that we use in our examples. You can use the ps command to see which of the two your system is running.

For inetd, add a line to the /etc/ inetd.conf file. (Check your inetd.conf manual page to see the exact format of the inetd.conf file if it differs from the following example.) Don't forget to change the path to the SWAT binary if you installed it in a different location from the default /usr/local/samba:

swat   stream  tcp  nowait  root  /usr/local/samba/bin/swat  swat

Then force inetd to reread its configuration file by sending it a SIGHUP (hangup) signal:

# /bin/kill -HUP -a inetd
         

Notice that we are using a version of the kill command that supports the -a option, so as to allow us to specify the process by name. On FreeBSD and Linux, you can use the killall command as follows:

# killall -HUP inetd
         

If you are not running Linux or FreeBSD and your version of kill doesn't have the -a option, you will need to use the ps command to find the process ID and then supply that to kill:

# ps ax | grep inetd

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

A Basic Samba Configuration File

Content preview·Buy reprint rights for this chapter

The key to configuring Samba is its configuration file, smb.conf. This configuration file can be very simple or extremely complex, and the rest of this book is devoted to helping you get deeply personal with this file. For now, however, we'll show you how to set up a single file service, which will allow you to fire up the Samba daemons and see that everything is running as it should be. In later chapters, you will see how to configure Samba for more complicated and interesting tasks.

The installation process does not automatically create an smb.conf configuration file, although several example files are included in the Samba distribution. To test the server software, though, we'll use the following file, which you can create in a text editor. It should be named smb.conf and placed in the /usr/local/samba/lib directory:

[global]
    workgroup = METRAN 
[test] 
    comment = For testing only, please
    path = /usr/local/samba/tmp
    read only = no
    guest ok = yes

This brief configuration file tells the Samba server to offer the /usr/local/samba/tmp directory on the server as an SMB share called test. The server also becomes part of the METRAN workgroup, of which each client must also be a part. If you have already chosen a name for your own workgroup, use the name of your workgroup instead of METRAN in the previous example. In case you are connecting your Samba system into an existing network and need to know the workgroup name, you can ask another system administrator or go to a Windows system in the workgroup and follow these instructions:

• Windows 95/98/Me/NT: open the Control Panel, then double-click the Network icon. Click the Identification tab, and look for the "Workgroup:" label.
• Windows 2000: open the Control Panel and double-click the System icon. Click the Network Identification tab. The workgroup name will appear below the computer name.
• Windows XP: open the Control Panel in Classic View mode and double-click the System icon. Then click the Computer Name tab.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Firewall Configuration

Content preview·Buy reprint rights for this chapter

As with any services that run on TCP/IP, the SMB networking services offered by Samba can be accessed from across the Internet unless your organization's firewall is properly configured. The following ports are used by Samba for SMB networking and SWAT:

Port 137

Used for NetBIOS network browsing

Port 138

Used for NetBIOS name service

Port 139

Used for file and printer sharing and other operations

Port 445

Used by Windows 2000/XP when NetBIOS over TCP/IP is disabled

Port 901

Used by SWAT

At the minimum, your organization's Internet firewall should shut down all the ports in the list to traffic in both directions. Do not assume that preventing incoming connections is sufficient; there are cracks that trick Windows clients into sending data out of the local area network and into the Internet by SMB protocol, even from a local network that uses private IP addresses not forwarded by routers. If you want SMB traffic to travel across the Internet to remote sites, the best way is to use a virtual private network (VPN). See the O'Reilly book, Virtual Private Networks, for more information on this subject.

In addition, you might wish to configure a firewall on the Samba host system to keep SMB packets from traveling further than necessary within your organization's network. For example, port 901 can be shut down for remote accesses so that SWAT can be run only on the Samba host system. If you are using Samba to serve only a fraction of the client systems within your organization, consider allowing SMB packets (i.e., packets on ports 137-139 and 445) to go to or come from only those clients.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Starting the Samba Daemons

Content preview·Buy reprint rights for this chapter

Two Samba processes, smbd and nmbd , need to be running for Samba to work correctly. There are three ways to start them:

• Manually
• Automatically, during system boot
• From inetd or xinetd

If you're in a hurry, you can start the Samba daemons by hand. As root, simply enter the following commands:

# /usr/local/samba/bin/smbd -D
# /usr/local/samba/bin/nmbd -D
            

Samba will now be running on your system and is ready to accept connections. However, keep in mind that if either of the daemons exit for any reason (including system reboots), they will need to be restarted manually.

To have the Samba daemons started automatically when the system boots, you need to add the commands listed in the previous section to your standard Unix startup scripts. The exact method varies depending on the flavor of Unix you're using.

Section 2.8.2.1: BSD Unix

With a BSD-style Unix, you need to append the following code to the rc.local file, which is typically found in the /etc or /etc/rc.d directories:

if [ -x /usr/local/samba/bin/smbd]; then
    echo "Starting smbd..."
    /usr/local/samba/bin/smbd -D
    echo "Starting nmbd..."
    /usr/local/samba/bin/nmbd -D
fi

This code is very simple: it checks to see if the smbd file exists and has execute permissions, and if it does, it starts up both of the Samba daemons on system boot.

Section 2.8.2.2: System V Unix

With System V, things can get a little more complex. Depending on your Unix version, you might be able to get away with making a simple change to an

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Testing the Samba Daemons

Content preview·Buy reprint rights for this chapter

We're nearly done with the Samba server setup. All that's left to do is to make sure everything is working as we think it should. A convenient way to do this is to use the smbclient program to examine what the server is offering to the network. If everything is set up properly, you should be able to do the following:

# /usr/local/samba/bin/smbclient -U% -L localhost
added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0
Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.6]

        Sharename      Type      Comment
        ---------      ----      -------
        test           Disk      For testing only, please
        IPC$           IPC       IPC Service (Samba 2.2.6)
        ADMIN$         Disk      IPC Service (Samba 2.2.6)
        
        Server               Comment
        ---------            -------
        TOLTEC               Samba 2.2.6 on toltec

        Workgroup            Master
        ---------            -------
        METRAN               TOLTEC

If there is a problem, don't panic! Try to start the daemons manually, and check the system output or the debug files at /usr/local/samba/var/log.smb to see if you can determine what happened. If you think it might be a more serious problem, skip to Chapter 12 for help on troubleshooting the Samba daemons.

If it worked, congratulations! You now have successfully set up the Samba server with a disk share. It's a simple one, but we can use it to set up and test the Windows 95/98/Me and NT/2000/XP clients in the next chapter. Then we will start making it more interesting by adding services such as home directories, printers, and security, and by seeing how to integrate the server into a larger Windows domain.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 3: Configuring Windows Clients

Content preview·Buy reprint rights for this chapter

Configuring Windows to use your new Samba server is really quite simple. SMB is Microsoft's native language for resource sharing on a local area network, so much of the installation and setup on the Windows client side have been taken care of already.

Windows is different from Unix in many ways, including how it supports networking. Before we get into the hands-on task of clicking our way through the dialog boxes to configure each version of Windows, we need to provide you with a common foundation of networking technologies and concepts that apply to the entire family of Windows operating systems.

For each Windows version, these are the main issues we will be dealing with:

• Making sure required networking components are installed and bound to the network adapter
• Configuring networking with a valid IP address, netmask and gateway, and WINS and DNS name servers
• Assigning workgroup and computer names
• Setting the username(s) and password(s)

In addition, some minor issues involving communication and coordination between Windows and Unix are different among Windows versions.

One can go crazy thinking about the ways in which Unix is different from Windows, or the ways in which members of the Windows family are different from each other in underlying technology, behavior, or appearance. For now let's just focus on their similarities and see if we can find some common ground.

Unix systems historically have been monolithic in nature, requiring recompilation or relinking to create a kernel with a customized feature set. However, modern versions have the ability to load or unload device drivers or various other operating-system features as modules while the system is running, without even needing to reboot.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Windows Networking Concepts

Content preview·Buy reprint rights for this chapter

Windows is different from Unix in many ways, including how it supports networking. Before we get into the hands-on task of clicking our way through the dialog boxes to configure each version of Windows, we need to provide you with a common foundation of networking technologies and concepts that apply to the entire family of Windows operating systems.

For each Windows version, these are the main issues we will be dealing with:

• Making sure required networking components are installed and bound to the network adapter
• Configuring networking with a valid IP address, netmask and gateway, and WINS and DNS name servers
• Assigning workgroup and computer names
• Setting the username(s) and password(s)

In addition, some minor issues involving communication and coordination between Windows and Unix are different among Windows versions.

One can go crazy thinking about the ways in which Unix is different from Windows, or the ways in which members of the Windows family are different from each other in underlying technology, behavior, or appearance. For now let's just focus on their similarities and see if we can find some common ground.

Unix systems historically have been monolithic in nature, requiring recompilation or relinking to create a kernel with a customized feature set. However, modern versions have the ability to load or unload device drivers or various other operating-system features as modules while the system is running, without even needing to reboot.

Windows allows for configuration by installing or uninstalling components. As far as networking goes, components can be one of three things:

• Protocols
• Clients

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Setting Up Windows 95/98/Me Computers

Content preview·Buy reprint rights for this chapter

The Windows 95/98/Me operating systems are very similar to each other, and as far as this chapter is concerned, it is possible to treat them with a common set of directions.

Samba uses TCP/IP to communicate with clients on the network, so you will need to make sure there is support for TCP/IP on each Windows client. Unlike Unix operating systems, Windows does not necessarily have support for TCP/IP installed. However, when Windows is installed on a computer with a network card or a network card is added to a system already running Windows, TCP/IP support is installed by default, along with the Client for Microsoft Networks, which supports SMB file and printer sharing.

To make sure both services are installed on your Windows system, double-click the Network icon in the Control Panel to open the Network dialog box, as shown in Figure 3-3.

Figure 3-3: The Windows 95/98/Me Network dialog

You should see at least the Client for Microsoft Networks component installed on the system, and hopefully a networking device (preferably an Ethernet card) bound to the TCP/IP protocol. If there is only one networking hardware device, you'll see the TCP/IP protocol listed below the device to which it is bound, as shown in Figure 3-3.

You might also see "File and printer sharing for Microsoft Networks," which is used to make the system into a server. In addition, you might see NetBEUI or Novell Networking. Definitely remove NetBEUI unless you are sure you need it, and if you don't have any Novell servers on your network, you can remove Novell (IPX/SPX) as well. To remove a service, simply click its name and then click the Remove button.

Section 3.2.1.1: Adding TCP/IP

If you don't see TCP/IP listed, you'll need to install the protocol.

You can add the protocol by inserting the Windows distribution CD-ROM in your CD-ROM drive and clicking the Add button below the component window. Indicate that you wish to add a protocol by selecting Protocol and clicking "Add..." on the following dialog box, which should look similar to Figure 3-4.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Setting Up Windows NT 4.0 Computers

Content preview·Buy reprint rights for this chapter

Configuring Windows NT is a little different than configuring Windows 95/98/Me. To use Samba with Windows NT, you will need both the Workstation service and the TCP/IP protocol. Both come standard with NT, but we'll work through installing and configuring them to make sure they are configured correctly.

This section presents the steps to follow for TCP/IP-related configuration on Windows NT to get it to cooperate with Samba. If you need more details on Windows NT network administration, refer to Craig Hunt and Robert Bruce Thompson's Windows NT TCP/IP Network Administration (O'Reilly), an excellent guide.

You should perform the following steps as the Administrator or another user in the Administrators group.

Section 3.3.1.1: Installing the TCP/IP protocol

From the Control Panel, double-click the Network icon, click the Protocols tab in the Network dialog box, and look to see if you have the TCP/IP protocol installed, as shown in Figure 3-20.

Figure 3-20: The Protocols tab

If the protocol is not installed, you need to add it. Click the Add button, which will display the Select Network Protocol dialog box shown in Figure 3-21. You should immediately see the TCP/IP protocol as one of the last protocols listed.

Figure 3-21: Select Network Protocol dialog box

Select TCP/IP as the protocol and confirm it. If possible, install only the TCP/IP protocol. If you see anything other than TCP/IP listed in the Protocols tab and it is not a protocol that you need, you can remove it. If you try to remove a protocol and get an error message saying that the protocol is being used by another service, you need to click the Services tab and remove that service before you can remove the protocol. For example, to remove the NWLink IPX/SPX Compatible Transport protocol, you would need to remove the Client Service for Netware first.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Setting Up Windows 2000 Computers

Content preview·Buy reprint rights for this chapter

Although Windows 2000 is based on NT technology and is similar to Windows NT in many respects, configuring it for use with Samba is quite different.

You should perform the following steps as the Administrator or another user in the Administrators group.

Go to the Control Panel and double-click the Network and Dial-up Connections icon. You should see at least one Local Area Connection icon. If there is more than one, identify the one that corresponds to the network adapter that is connected to your Samba network. Right-click the Local Area Connection icon, and click the Properties button. (Or double-click the Local Area Connection icon, and then click the Properties button in the dialog box that comes up.) You should now be looking at the Local Area Connection Properties dialog box, as shown in Figure 3-36.

Figure 3-36: Windows 2000 Local Area Connection Properties dialog

First of all, you might want to click the Configure button under the field for the network adapter, to make sure you see the message "This device is working properly" in the Device status window. If there is a problem, make sure to correct it before continuing. You should also see the message "Use this device (enable)" in the Device usage field of the dialog box. Make sure to set it this way if it is not already. Click OK or Cancel to get back to the Local Area Connection Properties dialog box.

You should see at least the following two components:

• Client for Microsoft Networks
• Internet Protocol (TCP/IP)

If you do not see either Client for Microsoft Networks or Internet Protocol (TCP/IP) in your list, you will need to add them. For either, the method is to click the Install... button, click the type of component (Client or Protocol), and then click the Add... button. Next, click the component you want to add, and click the OK button. You should see the component added to the list with the others.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Setting Up Windows XP Computers

Content preview·Buy reprint rights for this chapter

Although Windows XP is very similar to Windows 2000, it has a very different user interface, and there are a number of subtle differences. For example, getting to the Control Panel is different than in any previous version