Serving Files with Samba
Samba (www.samba.org) is an open-source project designed to give Unix systems the ability to share directories and printers in a way that's compatible with Windows. Actually, it's also compatible with any system running Samba, OS/2, and LAN Manager; all of these implement the same basic protocol, which was later standardized as CIFS (for the Common Internet File System, formerly known as SMB, which is where the name Samba came from). Besides being almost ubiquitous, Samba has the advantages of being secure, reliable, and fast. There's nothing stopping you from using it on networks that don't have any Windows machines. Because Cygwin runs on top of Windows, it already supports CIFS natively; you use the standard Windows techniques for mounting a shared directory or for sharing part of your file system. Mac OS X supports CIFS directly from the Finder's Go menu (although it's running Samba under the covers), making it easy to mount shared directories. Fedora Core also comes with Samba client support, and you can access Windows networks from the desktop by double-clicking the Computer icon, double-clicking the Network icon, and then double-clicking the Windows network icon. It can't currently work as a Samba server, because of a conflict with the built-in firewall.
To install Samba
FreeBSD systems need to install Samba through the ports system (Code Listing 6.1).
1. | Log in as root, or use su to get a root shell. | 2. | cd /usr/ports/net/samba3
Code listing 6.1. Using smbclient to list the shares on a server.
bsd# smbclient -U chrish -L taffer
Password:
Domain=[TAFFER] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
--------- ---- -------
E$ Disk Default share
IPC$ IPC Remote IPC
D$ Disk Default share
print$ Disk Printer Drivers
SharedDocs Disk
scribe Printer Lexmark Z22-Z32 Color Jetprinter (Copy 1)
home Disk Taffer's home
Movies Disk
G$ Disk Default share
wallpaper Disk Desktop wallpaper galore
tmp Disk
Music Disk
ADMIN$ Disk Remote Admin
C$ Disk Default share
Domain=[TAFFER] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Server Comment
--------- -------
Workgroup Master
--------- -------
bsd#
| 3. | make install clean The ports system displays the "Options for samba" dialog (Figure 6.1).
Figure 6.1. FreeBSD offers to build Samba with quite a few options.
| 4. | Unless you need one of the disabled options, you can go with the defaults. To turn on an additional option, use the up and down arrow keys to move to the option's entry, then press the spacebar to select (or deselect) it. The options include LDAP
Add support for authenticating users stored in an LDAP server. ADS
Add support for authenticating users stored in an Active Directory server. CUPS
Add support for sharing CUPS-based printers. WINBIND
Add support for adding the Samba server to an existing Active Directory or Windows domain. ACL_SUPPORT
Add support for ACLs (Access Control Lists; detailed Windows-style file and directory permissions). SYSLOG
Add support for standard syslog error and diagnostic reporting (as opposed to writing log messages in a Samba-specific log file). QUOTAS
Add support for per-user disk quotas. UTMP
Add support for checking for currently logged-in users through the /var/ log/utmp file. MSDFS
Add support for the Microsoft Distributed File System. SAM_XML
Allow storing Samba passwords in an XML file. SAM_MYSQL
Allow storing Samba passwords in a MySQL database. SAM_PGSQL
Allow storing Samba passwords in a PostgreSQL database. SAM_OLD_LDAP
Samba 2.xcompatible LDAP user-authentication support. PAM_SMBPASS
Add support for authenticating users with PAM. POPT
Build with Samba's built-in popt() function instead of trying to use the OS's. You should leave this one alone on the theory that the BSD folks knew what they were doing when they made it the default. | 5. | Press Tab and then Enter to dismiss the "Options for samba" dialog and continue the installation with your selected options. | 6. | Using your favorite text editor, add the following line to /etc/rc.conf:
samba_enable="YES"
| 7. | Restart the machine, or run the following command to start Samba:
/usr/local/etc/rc.d/samba.sh start
|
To configure Samba
Cygwin users need to share directories or printers through the standard Windows interfaces. Everyone else controls their shares through the /etc/smb.conf file.
1. | Open a root shell, or use su (or sudo) to become root. | 2. | If you're using FreeBSD,
cd /usr/local/etc
or, if you're using Mac OS X,
cd /etc
| 3. | Use your favorite text editor to create or edit the smb.conf file. The smb.conf file consists of comments (lines starting with a semicolon or # character), section headings (lines enclosed in square brackets), and section data (anything after a section heading up to the next section heading). | 4. | Add or edit the [global] section so that it has at least the following entries:
[global]
workgroup = name
security = user
hosts allow = nets 127.
log file = /var/log/samba/log.%m
max log size = maxlog
passdb backend = tdbsam
Replace name with the name of the domain or workgroup. nets should be one or more networks (use 192.168.0. to allow 192.168.0.*, for example) that are allowed to attach to your Samba server; all others will be denied. Set maxlog to the maximum log file size, such as 50 for 50 Kbytes maximum. Setting security to user means that users will be authenticated with the server using a user ID and password stored locally. Using the above value for log file will create one log file per machine (named log.machine_name) in the /var/log/samba directory. Finally, the passdb backend indicates which type of database to use for storing user IDs and passwordsin this case, a TDB file. | 5. | testparm Test your configuration (Figure 6.2) to see if you've made any syntax errors. If you have, fix them.
Figure 6.2. Using testparm to test your Samba configuration.
|
To add users to Samba
If you've configured Samba with user-level security (as we have, above), you'll need to add users to the Samba-specific password database. This is separate from the OS password database found in /etc/passwd, allowing you to create users specifically for Samba without needing to muck with your machine configuration.
1. | Log in as root, or use su (or sudo) to become root. Manipulating the Samba password database requires root's privileges. | 2. | pdbedit -a -u userid Add (-a) the specified userid to the Samba password database. Note that pdbedit works transparently with whatever database back end is specified in the global smb.conf file (and you can force it to use another back end with the -b option). | 3. | Type the user's password at the "new password" prompt. Type it again at the "retype new password" prompt to make sure you've got it right. |
To share a directory with Samba
To share a directory with Samba, you add a new section to the smb.conf file giving details about what you're sharing.
1. | Open a root shell, or use su (or sudo) to become root. | 2. | If you're using FreeBSD,
cd /usr/local/etc
or, if you're using Mac OS X,
cd /etc
| 3. | Use your favorite text editor to create or edit the smb.conf file. | 4. | Add one or more share sections similar to this:
[sharename]
path = /the/directory/to/share
writable = yes
guest ok = no
browseable = yes
comment = description
Each section like this creates one shared directory; in this case, it will be named sharename and map to /the/directory/ to/share on this system. Set writable to no if you want a read-only share, guest ok to yes if you want to let anonymous users access the share, and browseable to no if you want to hide the share from network browsing (as through the smbclient command or Windows' View Workgroup Computers). If you've set browseable to no, you can also leave off the comment, which is displayed next to the share name during network browsing. | 5. | Save the file, then run testparm to make sure you didn't accidentally include some syntax errors. | 6. | If you're using FreeBSD:
/usr/local/etc/rc.d/samba.sh
restart
or, if you're using Mac OS X:
service smbd stop
service smbd start
Restart the Samba services to incorporate your changes in smb.conf. |
To mount a shared directory
For systems that don't sport a nice graphical interface for mounting remote shares, we'll need to know how to discover the shares, and mount them locally.
1. | smbclient -U userid -L server Use the smbclient command's -L option to list the shares available on the specified server (Code Listing 6.1), connecting as the user specified in userid. You'll be prompted for userid's password. Or, if you're using Cygwin:
net view \\\\server
This lists the available shares on server in a slightly different format (Code Listing 6.2) and leaves out the "hidden" administrative shares. The four backslash characters are required because the shell uses \to escape "special" characters; \\turns into one \ being passed to the command.
Code listing 6.2. Using net view under Cygwin to list the shares on a server.
chrish@taffer [514]: net view \\\\taffer
Shared resources at \\taffer
Taffer (P4 2.53GHz)
Share name Type Used as Comment
-------------------------------------------------------------------------------
home Disk Taffer's home
Movies Disk
Music Disk
scribe Print Lexmark Z22-Z32 Color Jetprinter
SharedDocs Disk
tmp Disk
wallpaper Disk Desktop wallpaper galore
The command completed successfully.
chrish@taffer [515]:
| 2. | Use su to become root, or use sudo with the commands in the following steps. On most systems, only root can mount file systems. | 3. | mkdir /path/to/mountpoint If you don't already have a directory to use as a mount point, create one. This can be anywhere in the file system, although it's usually under /mnt (or /Volumes on Mac OS X). | 4. |
mount -t smbfs -o username=userid
//server/share /path/to/mountpoint
on Fedora Core, or, if you're using FreeBSD:
mount -t smbfs
//userid@server/share
/path/to/mountpoint
or, if you're using Cygwin:
mount -f //server/share
/path/to/mountpoint
or, if you're using Mac OS X:
mount -t smbfs -o -U=userid
//server/share /path/to/mountpoint
Mount share on server as the directory at mountpoint, logging in to server as userid. You will be prompted for userid's password. |
|