Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.
no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
Previous revisionNext revision | |||
— | slackware:samba [2006/03/29 18:22] – alien | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | FIXME ** This article is being worked on ** FIXME | ||
+ | --------------------------------------------------- | ||
+ | |||
+ | ===== File- and printersharing on the local network ===== | ||
+ | |||
+ | |||
+ | Suppose you are living in a household with Windows and Linux computers scattered all over the place. How are you going to share all the data across those Operating Systems? Running up the stairs with USB sticks is only so much fun.\\ | ||
+ | Here is where Linux shines (yeah I know you can setup a Windows server, but you'll have to pay the price for that). In this article, I will try to explain how to setup a file- and print server where Windows and Linux clients (right... and Mac OSX too!) can connect and store their valuable stuff.\\ | ||
+ | This will not be a complete hand-holding experience - I will assume you've got at least a basic knowledge of Linux, Samba and (possibly) NFS. This article helps you get things right, when you tried and failed before. | ||
+ | |||
+ | Having said that, let's delve a little deeper. There are two basic methods of accessing files on filesystems located on a networked machine. When you're a Windows users, filesharing amounts to //Windows File Sharing// using the SMB or CIFS protocols. These protocols are built into Windows, so why let them go to waste? I'll describe how you setup a Samba server on your central Linux box and all your Windows clients will be happy. Looking at Linux users, the horizon broadens. Here, we face several more alternatives, | ||
+ | |||
+ | The rest of the article will describe how to set up a Samba server as well as a NFS server, and enhance the network experience of your fellow computer users (or perhaps it's only you that will be using Samba). Setting up networked printers will also be discussed. An [[slackware: | ||
+ | |||
+ | |||
+ | ==== Setting up Samba on Slackware ==== | ||
+ | ----------------------------------------- | ||
+ | |||
+ | The exercise is meant to setup a Samba server where you make available several shares, some username/ | ||
+ | Here is the skinny: | ||
+ | |||
+ | === Basic setup === | ||
+ | |||
+ | * Install Samba and CUPS packages\\ Strictly speaking, we're talking about setting up a file server here. But since fileserving and printserving are closely related issues, and the Samba package depends on the CUPS package anyway, we will proceed to install both. If you decide not to use the CUPS printserver, | ||
+ | |||
+ | * Create a Samba guest user account (for anonymous aka public shares) < | ||
+ | groupadd smbguest | ||
+ | useradd -g smbguest -m -d / | ||
+ | smbpasswd -a smbguest -d | ||
+ | passwd smbguest -l | ||
+ | </ | ||
+ | |||
+ | * Make sure these lines are in ''/ | ||
+ | guest account = smbguest | ||
+ | map to guest = bad user | ||
+ | </ | ||
+ | |||
+ | * This should be in ''/ | ||
+ | passdb backend = tdbsam guest | ||
+ | </ | ||
+ | smbpasswd -a smbguest -d | ||
+ | </ | ||
+ | |||
+ | * Create samba directories (as root) that don't yet exist (but we need them): < | ||
+ | # General purpose: | ||
+ | mkdir -p / | ||
+ | mkdir -p / | ||
+ | mkdir -p / | ||
+ | # A shared directory where you can dump stuff temporarily: | ||
+ | mkdir -p / | ||
+ | chmod 1777 / | ||
+ | # These are for the network printers: | ||
+ | mkdir -p / | ||
+ | chgrp -R wheel / | ||
+ | chmod -R g+w / | ||
+ | </ | ||
+ | |||
+ | * Make sure you have configured printers in CUPS if you want to use printing in Samba. For Linux, you will use a CUPS printer configuration that is using the printer-specific PPD file, but for Windows clients, you will have to setup additional printer queues that use //RAW// printing (i.e. CUPS does not mess with the incoming printer data and passes the data on to the printer unaltered). The CUPS server does not know about raw printer data by default, so you will have to uncomment a couple of lines.\\ | ||
+ | - In the file ''/ | ||
+ | - In the file ''/ | ||
+ | |||
+ | * It is now time to fire up our Samba server. But we will test the configuration first by running the command '' | ||
+ | chmod +x / | ||
+ | / | ||
+ | </ | ||
+ | smbclient -L localhost | ||
+ | </ | ||
+ | smbstatus | ||
+ | </ | ||
+ | |||
+ | Was it really that easy? Yes! It really is that easy. We have of course not yet messed with networkprinters, | ||
+ | |||
+ | |||
+ | === Advanced setup === | ||
+ | |||
+ | There are some topics I have to cover. These are: password-protected access, and Windows clients. | ||
+ | |||
+ | == Windows clients == | ||
+ | |||
+ | Ever since Windows 98 and NT4SP3, windows clients exchange encrypted passwords with the server. The Samba server is configured for encrypted passwords, so this will cause no problems. Only DOS, and Windows 95 clients will //not// be able to access our Samba server. People with these old Operating Systems in their network will need to disable the use of encrypted passwords on their other OS'es like Windows 2000/XP and Samba. The line to add to your ''/ | ||
+ | encrypt passwords = no | ||
+ | </ | ||
+ | With Windows XP, the authentication mechanism changed somewhat, due to MS Active Directory (AD) support. A Windows XP client can only connect and authenticate against a Samba server after a small registry modification (the // | ||
+ | Windows Registry Editor Version 5.00 | ||
+ | |||
+ | ; | ||
+ | ; This registry key is needed for a Windows XP Client to join | ||
+ | ; and logon to a Samba domain. Note: Samba 2.2.3a contained | ||
+ | ; this key in a broken format which did nothing to the registry - | ||
+ | ; however XP reported " | ||
+ | ; check the key by hand with regedit. | ||
+ | |||
+ | [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] | ||
+ | " | ||
+ | </ | ||
+ | |||
+ | == Passwords in Samba == | ||
+ | |||
+ | The Samba server will use your local Linux accounts (the ones in ''/ | ||
+ | # Synchronize Samba and Unix passwords | ||
+ | | ||
+ | | ||
+ | unix password sync = Yes | ||
+ | </ | ||
+ | There is one caveat: for every Linux account that wants to use the Samba server, you will have to add the entry in the Samba password database manually. You do this as root, and it's only needed once for every user: < | ||
+ | smbpasswd -a < | ||
+ | </ | ||
+ | smbpasswd < | ||
+ | </ | ||
+ | |||
+ | |||
+ | === The Linux client setup === | ||
+ | |||
+ | On a linux client computer, it is the '' | ||
+ | mount -t smbfs // | ||
+ | </ | ||
+ | The //-o rw, | ||
+ | // | ||
+ | </ | ||
+ | chmod 600 / | ||
+ | </ | ||
+ | username = < | ||
+ | password = < | ||
+ | </ | ||
+ | |||
+ | === Mixing protected and passwordless shares === | ||
+ | |||
+ | <note tip>A note on the sometimes unexpected consequences of using a mix of passwordless shares (like the //PUBLIC// share in my example) and protected shares, where you have to type a username and password to access the data (like the //HOMES// share in the example). | ||
+ | </ | ||
+ | Windows will not allow you to logon to a Samba (or even a real Windows) server using more than one set of credentials. This means that if you start with a connection to a passwordless share, you actually are using the " | ||
+ | This is annoying, and on some occasions it will be sufficient to close the Windows Explorer, open another, and then remove the lingering " | ||
+ | Things can become more difficult once you've connected to a //printer share// that is exported by the Samba server. If printing does not require a password (because that is quite convenient) and you have printed anything, it will be //very// hard to get rid of the " | ||
+ | |||
+ | |||
+ | === A sample smb.conf === | ||
+ | |||
+ | < | ||
+ | # This is the main Samba configuration file. You should read the | ||
+ | # smb.conf(5) manual page in order to understand the options listed | ||
+ | # here. Samba has a huge number of configurable options (perhaps too | ||
+ | # many!) most of which are not shown in this example | ||
+ | # | ||
+ | # For a step to step guide on installing, configuring and using samba, | ||
+ | # read the Samba HOWTO Collection. | ||
+ | # | ||
+ | # Any line which starts with a ; (semi-colon) or a # (hash) | ||
+ | # is a comment and is ignored. In this example we will use a # | ||
+ | # for commentry and a ; for parts of the config file that you | ||
+ | # may wish to enable | ||
+ | # | ||
+ | # NOTE: Whenever you modify this file you should run the command " | ||
+ | # to check that you have not made any basic syntactic errors. | ||
+ | # | ||
+ | # | ||
+ | [global] | ||
+ | |||
+ | # workgroup = NT-Domain-Name or Workgroup-Name, | ||
+ | | ||
+ | |||
+ | # The server' | ||
+ | | ||
+ | |||
+ | # server string is the equivalent of the NT Description field | ||
+ | | ||
+ | |||
+ | # Security mode. Defines in which mode Samba will operate. Possible | ||
+ | # values are share, user, server, domain and ads. Most people will want | ||
+ | # user level security. See the HOWTO Collection for details. | ||
+ | | ||
+ | |||
+ | # Specify the debug level for multiple debug classes. | ||
+ | # The default will be the log level specified on the command line, | ||
+ | # or level zero if none was specified. | ||
+ | #log level = 2 passdb:5 auth:3 winbind:2 | ||
+ | log level = 1 | ||
+ | |||
+ | # Don't log anything at all in the syslog. | ||
+ | | ||
+ | |||
+ | # This option is important for security. It allows you to restrict | ||
+ | # connections to machines which are on your local network. The | ||
+ | # following example restricts access to two C class networks and | ||
+ | # the " | ||
+ | # the smb.conf man page | ||
+ | hosts allow = 192.168. 127. | ||
+ | |||
+ | # If you want to automatically load your printer list rather | ||
+ | # than setting them up individually then you'll need this | ||
+ | load printers = yes | ||
+ | |||
+ | # you may wish to override the location of the printcap file | ||
+ | | ||
+ | |||
+ | # It should not be necessary to specify the print system type unless | ||
+ | # it is non-standard. Currently supported print systems include: | ||
+ | # bsd, cups, sysv, plp, lprng, aix, hpux, qnx | ||
+ | | ||
+ | |||
+ | # Commands with which to control the printer queues | ||
+ | print command = lpr -oraw -r -P' | ||
+ | lpq command = / | ||
+ | |||
+ | # Members of the wheel group should be able | ||
+ | # to add drivers and set printer properties | ||
+ | # root is implicitly a ' | ||
+ | | ||
+ | |||
+ | # Uncomment this if you want a guest account, you must add this to /etc/passwd | ||
+ | # otherwise the user " | ||
+ | guest account = smbguest | ||
+ | |||
+ | # Bad User - Means user logins with an invalid password are rejected, | ||
+ | # unless the username does not exist, in which case it is treated as a guest | ||
+ | # login and mapped into the guest account. | ||
+ | map to guest = bad user | ||
+ | |||
+ | # User name remapping | ||
+ | ; username map = / | ||
+ | |||
+ | # this tells Samba to use a separate log file for each machine | ||
+ | # that connects | ||
+ | log file = / | ||
+ | |||
+ | # Put a capping on the size of the log files (in Kb). | ||
+ | max log size = 50 | ||
+ | |||
+ | # Backend to store user information in. New installations should | ||
+ | # use either tdbsam or ldapsam. smbpasswd is available for backwards | ||
+ | # compatibility. tdbsam requires no further configuration. | ||
+ | | ||
+ | |||
+ | # Synchronize Samba and Unix passwords | ||
+ | | ||
+ | | ||
+ | unix password sync = Yes | ||
+ | |||
+ | # Most people will find that this option gives better performance. | ||
+ | # See the chapter 'Samba performance issues' | ||
+ | # and the manual pages for details. | ||
+ | # You may want to add the following on a Linux system: | ||
+ | # | ||
+ | | ||
+ | |||
+ | # Configure Samba to use multiple interfaces | ||
+ | # If you have multiple network interfaces then you must list them | ||
+ | # here. See the man page for details. | ||
+ | ; | ||
+ | | ||
+ | bind interfaces only = yes | ||
+ | |||
+ | # Browser Control Options: | ||
+ | # set local master to no if you don't want Samba to become a master | ||
+ | # browser on your network. Otherwise the normal election rules apply | ||
+ | ; local master = no | ||
+ | |||
+ | # OS Level determines the precedence of this server in master browser | ||
+ | # elections. The default value should be reasonable | ||
+ | ; os level = 33 | ||
+ | |||
+ | # Domain Master specifies Samba to be the Domain Master Browser. This | ||
+ | # allows Samba to collate browse lists between subnets. Don't use this | ||
+ | # if you already have a Windows NT domain controller doing this job | ||
+ | | ||
+ | |||
+ | # Preferred Master causes Samba to force a local browser election on startup | ||
+ | # and gives it a slightly higher chance of winning the election | ||
+ | | ||
+ | |||
+ | # if you enable domain logons then you may want a per-machine or | ||
+ | # per user logon script | ||
+ | # run a specific logon batch file per workstation (machine) | ||
+ | ; logon script = %m.bat | ||
+ | # run a specific logon batch file per username | ||
+ | ; logon script = %U.bat | ||
+ | |||
+ | # Where is a user's home directory and where should it be mounted at? | ||
+ | logon drive = H: | ||
+ | logon home = \\%N\%U | ||
+ | |||
+ | # Windows Internet Name Serving Support Section: | ||
+ | # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server | ||
+ | wins support = yes | ||
+ | |||
+ | # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names | ||
+ | # via DNS nslookups. The default is NO. | ||
+ | dns proxy = no | ||
+ | |||
+ | # Message command action | ||
+ | # (whenever a client user types "net send SILAS 'some message text'" | ||
+ | | ||
+ | |||
+ | # | ||
+ | [homes] | ||
+ | | ||
+ | hide dot files = yes | ||
+ | | ||
+ | | ||
+ | valid users = $S | ||
+ | | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | # NOTE: there is no need to specifically define each individual printer | ||
+ | [printers] | ||
+ | | ||
+ | path = / | ||
+ | | ||
+ | # Set public = yes to allow user 'guest account' | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | # See http:// | ||
+ | # Try to work around crashing Explorer.exe (" | ||
+ | # protection fault" messages) when installing a printer driver | ||
+ | # (e.g. for the HP3820C). Set ' | ||
+ | # client PC that experiences the explorer crash ; then install the driver | ||
+ | # onto the server share and re-set this parameter to ' | ||
+ | | ||
+ | |||
+ | # This one is useful for people to share files | ||
+ | [tmp] | ||
+ | | ||
+ | path = / | ||
+ | read only = no | ||
+ | | ||
+ | |||
+ | |||
+ | # A publicly accessible directory, but read only, except for people in | ||
+ | # the " | ||
+ | [public] | ||
+ | | ||
+ | path = / | ||
+ | | ||
+ | | ||
+ | | ||
+ | write list = @wheel | ||
+ | |||
+ | |||
+ | [print$] | ||
+ | | ||
+ | path = / | ||
+ | guest ok = yes | ||
+ | # | ||
+ | | ||
+ | read only = yes | ||
+ | ; since this share is configured as read only, then we need | ||
+ | ; a 'write list' | ||
+ | ; sure this account can copy files to the share. | ||
+ | ; is setup to a non-root account, then it should also exist | ||
+ | ; as a ' | ||
+ | write list = @wheel,root | ||
+ | | ||
+ | | ||
+ | force group = wheel | ||
+ | |||
+ | # A publicly accessible directory, read/write to all users. Note that all files | ||
+ | # created in the directory by users will be owned by the default user, so | ||
+ | # any user with access can delete any other user's files. Obviously this | ||
+ | # directory must be writable by the default user. Another user could of course | ||
+ | # be specified, in which case all files would be owned by that user instead. | ||
+ | [pool] | ||
+ | | ||
+ | path = / | ||
+ | | ||
+ | only guest = yes | ||
+ | | ||
+ | | ||
+ | force group = users | ||
+ | | ||
+ | | ||
+ | |||
+ | |||
+ | ## Example: share with mp3 file, accessible without a password (read-only) | ||
+ | ## And only someone in the ' | ||
+ | ## using his account and password. | ||
+ | #[mp3] | ||
+ | # | ||
+ | # path = /data/mp3 | ||
+ | # | ||
+ | # write list = @wheel | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # wide links = yes | ||
+ | </ |