Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

If you want to support my work, please consider a small donation:

This is an old revision of the document!


PlayGround

File- and printersharing on the local network

Suppose you are living in a household with Windows and Linux computers scattered all over the place. How are you going to share all the data across those Operating Systems? Running up the stairs with USB sticks is only so much fun.
Here is where Linux shines (yeah I know you can setup a Windows server, but you'll have to pay the price for that). In this article, I will try to explain how to setup a file- and print server where Windows and Linux clients (right… and Mac OSX too!) can connect and store their valuable stuff.
This will not be a complete hand-holding experience - I will assume you've got at least a basic knowledge of Linux, Samba and (possibly) NFS. This article helps you get things right, when you tried and failed before.

Having said that, let's delve a little deeper. There are two basic methods of accessing files on filesystems located on a networked machine. When you're a Windows users, filesharing amounts to Windows File Sharing using the SMB or CIFS protocols. These protocols are built into Windows, so why let them go to waste? I'll describe how you setup a Samba server on your central Linux box and all your Windows clients will be happy. Looking at Linux users, the horizon broadens. Here, we face several more alternatives, Samba and NFS being the two that will be available to virtually every Linux user. NFS has the advantage of being able to map all the user IDs on the server to the same user IDs of the client. With Samba, an exported share can be mounted on the client (provided you have sufficient access rights) using another user ID or group ID than that of the original files.

The rest of the article will describe how to set up a Samba server as well as a NFS server, and enhance the network experience of your fellow computer users (or perhaps it's only you that will be using Samba). Setting up networked printers will also be discussed. An article on setting up CUPS printing is not in scope of this article, but we do need a configured CUPS server if we want to print from our Windows clients.

Setting up Samba on Slackware


The exercise is meant to setup a Samba server where you make available several shares, some username/password protected, others that don't need a password. People will be able to connect to their homedirectory on the server. The printers that were configured in the CUPS printserver will be available as shared network printers through Samba, and Windows printer driver files can be automatically downloaded from the Samba server by Windows clients. So far, sounds nice, doesn't it? The next paragraph contains an example smb.conf file that is based on what we're about to do.
Here is the skinny:

  • Install Samba and CUPS packages
    Strictly speaking, we're talking about setting up a file server here. But since fileserving and printserving are closely related issues, and the Samba package depends on the CUPS package anyway, we will proceed to install both. If you decide not to use the CUPS printserver, that's up to you. If you do a fulle install of Slackware, both packages will have been installed.
  • Create a Samba guest user account (for anonymous aka public shares)
    groupadd smbguest
    useradd -g smbguest -m -d /home/smbguest -s /bin/false -c "Samba guest user" smbguest
    smbpasswd -a smbguest -d
    passwd smbguest -l
  • Make sure these lines are in /etc/samba/smb.conf so that Samba can use it for the public shares:
        guest account = smbguest
        map to guest = bad user
  • This should be in /etc/samba/smb.conf, it defines the password backend Sabma will use (I will not discuss the alternative LDAP backend here, I hope to write another article on that all of it's own):
        passdb backend = tdbsam guest

    NOTE: when you enable tdbsam on an already configured and running Samba server, and run killall -HUP smbd to let it re-load the configuration files, you might have to re-add the 'smbguest' user to Samba, since the default to use is the smbpasswd file and not the tdbsam database.
    So, again run:

    smbpasswd -a smbguest -d
  • Create samba directories (as root) that don't yet exist (but we need them):
        # General purpose:
        mkdir -p /var/log/samba/messages
        mkdir -p /usr/local/samba/bin
        mkdir -p /usr/local/samba/netlogon
        # A shared directory where you can dump stuff temporarily:
        mkdir -p /usr/local/samba/share
        chmod 1777 /usr/local/samba/share
        # These are for the network printers:
        mkdir -p /usr/local/samba/printers/{W32ALPHA,W32MIPS,W32X86,WIN40}
        chgrp -R wheel /usr/local/samba/printers
        chmod -R g+w /usr/local/samba/printers
  • Make sure you have configured printers in CUPS if you want to use printing in Samba. For Linux, you will use a CUPS printer configuration that is using the printer-specific PPD file, but for Windows clients, you will have to setup additional printer queues that use RAW printing (i.e. CUPS does not mess with the incoming printer data and passes the data on to the printer unaltered). The CUPS server does not know about raw printer data by default, so you will have to uncomment a couple of lines.
  1. In the file /etc/cups/mime.types uncomment the line application/octet-stream
  2. In the file /etc/cups/mime.convs uncomment application/octet-stream application/vnd.cups-raw 0 -

And then restart CUPS daemon using

/etc/rc.d/rc.cups restart

A sample smb.conf

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba, 
# read the Samba HOWTO Collection.
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
   workgroup = SLACKWARE

# The server's NETBIOS name
   netbios name = BOB

# server string is the equivalent of the NT Description field
   server string = BOB File Server

# Security mode. Defines in which mode Samba will operate. Possible 
# values are share, user, server, domain and ads. Most people will want 
# user level security. See the HOWTO Collection for details.
   security = user

# Specify the debug  level for multiple debug classes.
# The  default will be the log level specified on the command line,
# or level zero if none was specified.
   #log level = 2 passdb:5 auth:3 winbind:2
   log level = 1

# Don't log anything at all in the syslog.
   syslog = 0

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow = 192.168. 127.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# you may wish to override the location of the printcap file
   printcap name = cups

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, cups, sysv, plp, lprng, aix, hpux, qnx
   printing = cups

# Commands with which to control the printer queues
   print command = lpr -oraw -r -P'%p' %s
   lpq command = /usr/bin/lpq -P%p

# Members of the wheel group should be able
# to add drivers and set printer properties
# root is implicitly a 'printer admin'
   printer admin = @wheel

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
   guest account = smbguest

# Bad User - Means user logins with an invalid password are rejected,
# unless the username does not exist, in which case it is treated as a guest
# login and mapped into the  guest account.
   map to guest = bad user

# User name remapping
;  username map = /etc/samba/smbusers

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/%m.log

# Put a capping on the size of the log files (in Kb).
   max log size = 50

# Backend to store user information in. New installations should 
# use either tdbsam or ldapsam. smbpasswd is available for backwards 
# compatibility. tdbsam requires no further configuration.
   passdb backend = tdbsam guest

# Synchronize Samba and Unix passwords
   passwd program = /usr/bin/passwd %u
   passwd chat = *password* %n\n *password* %n\n *changed*
   unix password sync = Yes

# Most people will find that this option gives better performance.
# See the chapter 'Samba performance issues' in the Samba HOWTO Collection
# and the manual pages for details.
# You may want to add the following on a Linux system:
#         SO_RCVBUF=8192 SO_SNDBUF=8192
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
;   interfaces = 192.168.12.2/24 192.168.13.2/24 
   interfaces = eth0 lo
   bind interfaces only = yes

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
;   local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
;   os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
   domain master = yes 

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
   preferred master = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
;   logon script = %m.bat
# run a specific logon batch file per username
;   logon script = %U.bat

# Where is a user's home directory and where should it be mounted at?
   logon drive = H:
   logon home = \\%N\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
   wins support = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The default is NO.
   dns proxy = no 

# Message command action
# (whenever a client user types "net send SILAS 'some message text'")
   message command = sh -c 'echo ""|cat %s >> /var/log/samba/messages/%m.msg -; rm -f %s' &

#============================ Share Definitions ==============================
[homes]
   comment = Home Directories
   hide dot files = yes
   browseable = no
   writable = yes
   valid users = $S
   create mode = 0664
   directory mode = 0751
   invalid  users = root nobody smbguest


# NOTE: there is no need to specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   # Set public = yes to allow user 'guest account' to print
   public = yes
   writable = no
   printable = yes
   printer admin = @wheel
   # See http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/printing.html#id2553131
   # Try to work around crashing Explorer.exe ("function address 0x606xxxx
   # protection fault" messages) when installing a printer driver
   # (e.g. for the HP3820C). Set 'default devmode' to 'yes' and reboot the
   # client PC that experiences the explorer crash ; then install the driver
   # onto the server share and re-set this parameter to 'no':
   default devmode = no

# This one is useful for people to share files
[tmp]
   comment = Temporary file space
   path = /usr/local/samba/share
   read only = no
   public = yes


# A publicly accessible directory, but read only, except for people in
# the "wheel" group
[public]
   comment = Public Stuff
   path = /home/ftp/pub
   public = yes
   writable = yes
   printable = no
   write list = @wheel


[print$]
   comment = Printer Drivers
   path = /usr/local/samba/printers
   guest ok = yes
   #browseable = yes
   browseable = no
   read only = yes
   ; since this share is configured as read only, then we need
   ; a 'write list'.  Check the file system permissions to make
   ; sure this account can copy files to the share.  If this
   ; is setup to a non-root account, then it should also exist
   ; as a 'printer admin'
   write list = @wheel,root
   create mode = 0664
   directory mode = 0775
   force group = wheel

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
[pool]
   comment = Pool
   path = /home/ftp/pool
   public = yes
   only guest = yes
   writable = yes
   printable = no
   force group = users
   create mode = 664
   directory mode = 775
   

## Example: share with mp3 file, accessible without a password (read-only)
## And only someone in the 'wheel' group can write here if he mapped the drive
## using his account and password.
#[mp3]
#   comment = MP3 files
#   path = /data/mp3
#   level2 oplocks = True
#   write list = @wheel
#   create mode = 775
#   directory mode = 775
#   public = yes
#   writable = yes
#   follow symlinks = yes
#   wide links = yes

Personal Tools
sponsoring