\title{Samba} \subtitle{Interoperating with Windows} \author{Nick Urbanik \texttt{<nicku@vtc.edu.hk>}\\ \footnotesize{}Copyright Conditions: GNU FDL (see \url{http://www.gnu.org/licenses/fdl.html})} \institution{A computing department} Group file permissions are hard to set from a client. \end{itemize} \end{slide} \begin{slide}{Limitations of Samba 2.2.x --- 2} \begin{itemize} \item Full support for \ACL{}s (access control lists) depends on applying a patch to the Linux kernel and recompiling the kernel, or waiting till the Linux 2.6.x kernel is released \item When samba is working as a \WINS server, it cannot replicate to other \WINS servers, whether Microsoft or samba. \item Support for Unicode is not very good (greatly improved in samba 3) \end{itemize} \end{slide} \begin{slide}{Samba Version 3 (alpha release)} \begin{itemize} \item Currently used in some commercial systems, but documentation not complete \item See {\footnotesize \url{http://us1.samba.org/samba/ftp/alpha/WHATSNEW.txt}} \item Supports Active Directory: a Samba 3 server can join an \ADS realm as a member server and authenticate users using \LDAP/kerberos \item Supports migrating from a Windows \NT 4 domain \item Supports trust relationships with Windows \NT domain controllers \item \texttt{samba-3.0alpha24-1.i386.rpm} is available since 16 May 2003 from \url{http://www.samba.org/} \end{itemize} \end{slide} \begin{slide}{Parts of Samba} \begin{itemize} \item Samba consists of two services: \begin{itemize} \item \texttt{smbd}, which does the file sharing, provides print services, and handles authentication of clients, which can be any version of Windows or Linux; \item \texttt{nmbd}, which does name resolution (the ``\WINS'' server), and provides support for browsing the network in the ``Network Neighbourhood'' \end{itemize} \item The other parts you will work with include: \begin{itemize} \item The configuration file, \texttt{/etc/samba/smb.conf} \item \texttt{testparm} which checks the syntax of \texttt{/etc/samba/smb.conf} \item The \texttt{smbpasswd} program for setting and changing samba passwords \end{itemize} \end{itemize} \end{slide} \begin{slide}{Other Samba Utilities} \begin{itemize} \item \texttt{nmblookup} is useful for troubleshooting Net\BIOS name lookup from \WINS servers or from samba \item \texttt{smbclient} is useful for testing samba and Microsoft servers \item \texttt{smbmount} mounts \SMB shares from samba or Windows servers locally. \begin{itemize} \item Usually not necessary to call this directly, you can use \texttt{mount}. \end{itemize} \item \texttt{smbtar} is useful for backing up a Windows machine over the network to a Linux or \UNIX machine. \item Many others, all with \texttt{man} pages. See \texttt{rpm -ql samba-client}. \end{itemize} \end{slide} \begin{slide}{Is samba installed? --- 1} \begin{itemize} \item On an \RPM based system, such as Red Hat Linux, do: \begin{alltt} $ \textbf{rpm -qa | grep samba} samba-swat-2.2.7-5.8.0 samba-2.2.7-5.8.0 samba-client-2.2.7-5.8.0 samba-common-2.2.7-5.8.0 \end{alltt}%$ This tells us that: \begin{itemize} \item the samba server is installed, together with \item the \texttt{swat} web configuration system, and that \item samba version 2.2.7 is installed \end{itemize} \end{itemize} \end{slide} \begin{slide}{Is samba installed? --- 2} \begin{itemize} \item You can also check on any system that samba is installed, and find the version with: \begin{alltt} $ \textbf{smbd -V} Version 2.2.7-security-rollup-fix $ \textbf{nmbd -V} Version 2.2.7-security-rollup-fix \end{alltt} Note that this is an updated version, for Red Hat version 8.0. \end{itemize} \end{slide} \begin{slide}{Starting, Stopping Samba} \begin{itemize} \item Starting, stopping the samba service is the same as with any other service on Linux. \item Here we assume that \texttt{/sbin} is on your \texttt{PATH}. If not, you can simply type \texttt{/sbin/service} instead of \texttt{service}. \item Is the service running? \begin{alltt} $ \textbf{sudo service smb status} smbd is stopped nmbd is stopped \end{alltt}%$ \end{itemize} \end{slide} \begin{slide}{Starting, Stopping Samba --- 2} \begin{itemize} \item To start the two samba daemons: \begin{alltt}\tiny $ \textbf{sudo service smb start} Starting SMB services: [ {\green{}OK} ] Starting NMB services: [ {\green{}OK} ] \end{alltt}%$ \item We can verify that they are running: \begin{alltt}\tiny $ \textbf{sudo service smb status} smbd (pid 2523) is running... nmbd (pid 2527) is running... \end{alltt}%$ \item We can stop the service in the same way as other services: \begin{alltt}\tiny $ \textbf{sudo service smb stop} Shutting down SMB services: [ {\green{}OK} ] Shutting down NMB services: [ {\green{}OK} ] \end{alltt}%$ \end{itemize} \end{slide} \begin{slide}{Starting Samba Automatically} \begin{itemize} \item To ensure samba starts when the server boots is the same as for any other service. \item Is the service configured to start on boot? \begin{alltt}\tiny $ \textbf{chkconfig smb --list} smb 0:off 1:off 2:off 3:off 4:off 5:off 6:off \end{alltt}%$ This tells us that it is not configured to start at any runlevel. \begin{alltt}\tiny $ \textbf{sudo chkconfig smb on} \end{alltt}%$ \item Now let's check to see if we turned it on: \begin{alltt}\tiny $ \textbf{chkconfig smb --list} smb 0:off 1:off 2:on 3:on 4:on 5:on 6:off \end{alltt}%$ \item Now it will start automatically in runlevels 2, 3, 4 and 5. \end{itemize} \end{slide} \begin{slide}{Configuration: \texttt{/etc/samba/smb.conf}} \begin{itemize} \item Divided into \emphcolour{sections} \item Two kinds of sections: \begin{itemize} \item \emphcolour{global} section, holds information about the operation of the whole server \item \emphcolour{share} sections, holds information about each ``share'' or service provided by server \end{itemize} \item \emphcolour{Comments} start with either a hash `\texttt{\#}' or a semi-colon~`\texttt{;}' \item Extensive documentation in \texttt{man smb.conf} \end{itemize} \end{slide} \begin{slide}{Example \texttt{/etc/samba/smb.conf} --- 1} \label{sld:global}% \begin{listing}[1]{1} [global] netbios name = my-name workgroup = my-named add user script = /usr/sbin/useradd \ -n -g machines \ -c 'Samba Machine PDC member' \ -d /dev/null -s /bin/false -M %m$ security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers os level = 65 domain logons = yes logon script = scripts\%U.bat wins server = \end{listing}%$ \end{slide} \begin{slide}{Discussing Example --- 1} \begin{itemize} \item Configuration is for a Primary Domain Controller (\PDC) \item slide~\pageref{sld:global} shows global options that determine overall behaviour of samba \begin{itemize} \item lines 2 and 3 determine the ``computer name'' and domain name of this \PDC \item lines 4--7 are executed to automatically create a special account for any computer that joins the domain \item line 8 requires a username and password for someone to access resources from the server \item line 11 tells samba to use a file that maps Windows names to Linux names, e.g., \texttt{administrator} $\to$ \texttt{root} \end{itemize} \end{itemize} \end{slide} \begin{slide}{Discussion of global section --- 2} \begin{itemize} \item line 12 increases samba's chances of winning ``browser elections'' with Windows machines (see the documentation about browsing) \item line 13 says that this is a \PDC \item line 14 tells samba where to find login scripts \item line 15 tells samba to act as a \WINS client of that machine \begin{itemize} \item To make samba a \WINS server, provide a line like this: \begin{verbatim} wins support = yes \end{verbatim} \end{itemize} \end{itemize} \end{slide} \begin{slide}{Example \texttt{/etc/samba/smb.conf} --- 2} \label{sld:shares}% \begin{listing}[1]{1} [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /var/samba/netlogon guest ok = no share modes = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no printable = yes \end{listing} \end{slide} \begin{slide}{Discussing slide~\pageref{sld:shares}} \begin{itemize} \item slide~\pageref{sld:shares} shows configuration for individual shares and services offered by the server \item The \emphcolour{homes} section (lines 1--4) allow users to automatically access their Linux home directories from the client when they log into the domain. \begin{itemize} \item Will appear as a share with the same name as the Linux username. \end{itemize} \item The \emphcolour{netlogon} section (lines 5--9) is necessary to handle domain log[io]ns, which fail if this share does not exist. \begin{itemize} \item It stores log[io]n scripts and system policy files. \end{itemize} \item The \emphcolour{printers} section (lines 10--15) allows any user to print from a Windows client to a Linux printer. \end{itemize} \end{slide} \begin{slide}{profiles share} \begin{verbatim} [profiles] path = /var/samba/profiles browsable = no writeable = yes create mask = 0600 directory mask = 0700 \end{verbatim} \begin{itemize} \item Suports roaming profiles on NT/2000/XP \item The directory in \texttt{path} must exist and be writable: \begin{alltt}\footnotesize $ \textbf{sudo mkdir -p /var/samba/\{profiles,netlogon\}} $ \textbf{sudo chmod 775 /var/samba/netlogon} $ \textbf{sudo chmod 777 /var/samba/profiles} \end{alltt}%$ \end{itemize} \end{slide} \begin{slide}{Samba Accounts} \begin{itemize} \item Note that each user needs to have \emphcolour{two} account entries: \begin{itemize} \item a \POSIX account entry (i.e., an entry in \texttt{/etc/passwd}, or an \LDAP \POSIX account) \item a Samba account entry, which for samba 2.2 is generally in \texttt{/etc/samba/smbpasswd}, but can also be in an \LDAP directory. \end{itemize} \item Unless both exist, you will not get access to the samba server from any client. \item Machines that join the domain also need an entry in the \texttt{/etc/passwd} file (or in the \LDAP directory). \item This is created automatically with the \texttt{add user script} entry in your \texttt{smb.conf} file. \begin{itemize} \item See lines 4--7 of slide~\pageref{sld:global} \end{itemize} \end{itemize} \end{slide} \begin{slide}{Documentation} \begin{itemize} \item Enormous amounts of documentation in \texttt{/usr/share/doc/samba-2.2.*/} \begin{itemize} \item \texttt{Samba-HOWTO-Collection.pdf} is very helpful \end{itemize} \item The manual pages are extensive and quite complete. \texttt{man smb.conf} is helpful. \item You can visit the samba website to see more documentation: \url{http://us1.samba.org/samba/samba.html} \item The printed book, \emph{Using Samba}, 2nd Edition, O'Reilly, 2003, ISBN 0-596-00256-4 is very clear and helpful. \end{itemize} \end{slide} \end{document}