The Linux Guide Online

Chapter 06 - Samba

6.1 Introduction

This section deals with the setup and configuration of samba for Linux. It describes how to use the Server Message Block (SMB) protocol, also called the Session Message Block, NetBIOS or LanManager protocol, with Linux using Samba. Although this document is Linux-centric, Samba runs on most Unix-like operating systems.

The SMB protocol is used by Microsoft Windows 3.11, NT and 95/98 to share disks and printers. Using the Samba suite of tools by Andrew Tridgell ( Andrew.Tridgell@anu.edu.au), UNIX (including Linux) machines can share disk and printers with Windows hosts. The smbfs tools by Paal-Kr. Engstad ( engstad@intermetrics.com) and Volker Lendecke ( lendecke@namu01.gwdg.de) enable Unix machines to mount SMB shares from Windows or Samba hosts. Please note that for Windows 3.x machines to access SMB shares, they must have a TCP/IP stack and the Win32s DLLs.

There are four basic things that one can do with Samba:

  1. Share a Linux drive with Windows machines.
  2. Access an SMB share with Linux machines.
  3. Share a Linux printer with Windows machines.
  4. Share a Windows printer with Linux machines.

6.2 Installation and running

This is done using the appropriate samba rpm files. If you used the option of including samba during install time, these rpms would have been installed for you.

The following two daemons are required for the Samba package. They are typically installed in /usr/sbin and run either on boot from the systems startup scripts or from inetd.

smbd (The SMB daemon)
nmbd (Provides NetBIOS nameserver support to clients)

Typically, the following Samba binaries are installed in /usr/bin

smbclient (An SMB client for UNIX machines)
smbprint (A script to print to a printer on an SMB host)
smbprint.sysv (As above, but for SVR4 UNIX machines)
smbstatus (Lists the cuurent SMB connections for the local host)
smbrun (A 'glue' script to facilitate runnning applications on SMB hosts)

The two SMB daemons are /usr/sbin/smbd and /usr/sbin/nmbd. Under most Linux distributions, these are started, stopped and restarted via the startup script located in /etc/rc.d/init.d/smb and symlinked to the appropriate runlevels.

If you choose not to use the standard startup script, you can run the Samba daemons from inetd or as stand-alone processes. Samba will respond slightly faster as a standalone daemon than running from inetd.

In either case, you should check the file /etc/services for lines that look like this:

netbios-ns 137/tcp nbns
netbios-ns 137/udp nbns
netbios-dgm 138/tcp nbdgm
netbios-dgm 138/udp nbdgm
netbios-ssn 139/tcp nbssn

Make sure they are all uncommented. Samba will not be able to bind to the appropriate ports unless /etc/services has these entries.

To run the daemons from inetd, place the following lines in the inetd configuration file, /etc/inetd.conf:

# SAMBA NetBIOS services (for PC file and print sharing)
netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd

Then restart the inetd daemon by running the command:

$ /etc/rc.d/inet.d/inet restart

To run the daemons from the system startup scripts, use the sysV script /etc/rc.d/init.d/smb and symbolically link it to the start files in the rcN.d directory with appropriate order after the network and other daemons have run.

If when starting Samba you get an error that says something about the daemon failing to bind to port 139, then you probably have another Samba process already running that hasn't yet shut down. Check a process list (with 'ps auxww | grep mbd') to determine if another Samba service is running.

6.3 General Configuration (/etc/smb.conf)

Samba configuration on a Linux (or other UNIX machine) is controlled by a single file, /etc/smb.conf. This file determines which system resources you want to share with the outside world and what restrictions you wish to place on them.

Since the following sections will address sharing Linux drives and printers with Windows machines, the smb.conf file shown in this section is as simple as you can get, just for introductory purposes.

Don't worry about the details, yet. Later sections will introduce the major concepts.

Each section of the file starts with a section header such as [global], [homes], [printers], etc.

The [global] section defines a few variables that Samba will use to define sharing for all resources.

The [homes] section allows a remote users to access their (and only their) home directory on the local (Linux) machine). That is, users trying to connect to this share from Windows machines, will be connected to their personal home directories. Note that to do this, they must have an account on the Linux box.

The sample smb.conf file below allows remote users to get to their home directories on the local machine and to write to a temporary directory. For a Windows user to see these shares, the Linux box has to be on the local network. Then the user simply connects a network drive from the Windows File Manager or Windows Explorer.

; /etc/smb.conf
;
; Make sure and restart the server after making changes to this file, ex:
; /etc/rc.d/init.d/smb stop
; /etc/rc.d/init.d/smb start

[global]
; Uncomment this if you want a guest account
; guest account = nobody
log file = /var/log/samba-log.%m
lock directory = /var/lock/samba
share modes = yes

[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750

[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes

Having written a new smb.conf, it is useful to test it to verify its correctness. You can test the correctness of a smb.conf file , using the 'testparm' utility (man page: testparm); if testparm reports no problems, smbd will correctly load the configuration file.

If your Samba server has more than one ethernet interface, the smbd may bind to the wrong one. If so, you can force it to bind to the intended one by adding a line that looks like this to the [global] section of /etc/smb.conf:

interfaces = 192.168.1.1/24

where you replace the IP address above with the one that is assigned to the correct ethernet interface. The "24" is correct for a Class C network, but may have to be recalculated if you have subnetted the network. The number relates to the netmask.

Like everything in Linux that is the basic configuration required for samba to e ready for use. However there are a lot more options that can be seen from the man pages or from the howto pages. Here are some examples.

To share a directory with the public, create a clone of the [tmp] section above by adding something like this to smb.conf:

[public]
comment = Public Stuff
path = /home/public
public = yes
writable = yes
printable = no

To make the above directory readable by the public, but only writable by people in group staff, modify the entry like this:

[public]
comment = Public Stuff
path = /home/public
public = yes
writable = yes
printable = no
write list = @staff

That was all the configuration required to make samba run. However with the release of newer version of Windows, Microsoft has made the use of encrypted passwords. So a connection cannot normally be established. The method to overcome this is to either allow Windows to send unencrypted password or for samba to allow use of encrypted passwords.

To configure Samba to use encrypted passwords:

In the [global] section of /etc/smb.conf, add the following lines:

encrypt passwords = yes
smb passwd file = /etc/smbpasswd

6.4 Accessing Samba Share with Linux Machines

Linux (UNIX) machines can also browse and mount SMB shares. Note that this can be done whether the server is a Windows machine or a Samba server!

An SMB client program for UNIX machines is included with the Samba distribution. It provides an ftp-like interface on the command line. You can use this utility to transfer files between a Windows 'server' and a Linux client.

Most Linux distributions also now include the useful smbfs package, which allows one to mount and umount SMB shares. More on smbfs below.

To see which shares are available on a given host, run:

/usr/bin/smbclient -L host

where 'host' is the name of the machine that you wish to view. this will return a list of 'service' names - that is, names of drives or printers that it can share with you. Unless the SMB server has no security configured, it will ask you for a password. Get it the password for the 'guest' account or for your personal account on that machine.

For example:

smbclient -L zimmerman

The output of this command should look something like this:

Server time is Sat Aug 10 15:58:27 1996
Timezone is UTC+10.0
Password:
Domain=[WORKGROUP] OS=[Windows NT 3.51] Server=[NT LAN Manager 3.51]

Server=[ZIMMERMAN] User=[] Workgroup=[WORKGROUP] Domain=[]

Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
public Disk Public
C$ Disk Default share
IPC$ IPC Remote IPC
OReilly Printer OReilly
print$ Disk Printer Drivers


This machine has a browse list:

Server Comment
--------- -------
HOPPER Samba 1.9.15p8
KERNIGAN Samba 1.9.15p8
LOVELACE Samba 1.9.15p8
RITCHIE Samba 1.9.15p8
ZIMMERMAN

The browse list shows other SMB servers with resources to share on the network.

To use the client, run:

/usr/bin/smbclient service <password>

where 'service' is a machine and share name. For example, if you are trying to reach a directory that has been shared as 'public' on a machine called zimmerman, the service would be called \\zimmerman\public. However, due to shell restrictions, you will need to escape the backslashes, so you end up with something like this:

/usr/bin/smbclient \\\\zimmerman\\public mypasswd

where 'mypasswd' is the literal string of your password.

You will get the smbclient prompt:

Server time is Sat Aug 10 15:58:44 1996
Timezone is UTC+10.0
Domain=[WORKGROUP] OS=[Windows NT 3.51] Server=[NT LAN Manager 3.51]
smb: \>

Type 'h' to get help using smbclient:

smb: \> h
ls dir lcd cd pwd
get mget put mput rename
more mask del rm mkdir
md rmdir rd prompt recurse
translate lowercase print printmode queue
cancel stat quit q exit
newer archive tar blocksize tarmode
setmode help ? !
smb: \>

If you can use ftp, you shouldn't need the man pages for smbclient.

Although you can use smbclient for testing, you will soon tire of it for real work. For that you will probably want to use the smbfs package. Smbfs comes with two simple utilties, smbmount and smbumount. They work just like mount and umount for SMB shares.

One important thing to note: You must have smbfs support compiled into your kernel to use these utilities!

The following shows a typical use of smbmount to mount an SMB share called "customers" from a machine called "samba1":

[root@postel]# smbmount "\\\\samba1\\customers" -U rtg2t -c 'mount /customers -u 500 -g 100'
Added interface ip=192.168.35.84 bcast=192.168.255.255 nmask=255.255.0.0
Got a positive name query response from 192.168.168.158 (192.168.168.158 )
Server time is Tue Oct 5 10:27:36 1999
Timezone is UTC-4.0
Password:
Domain=[IPM] OS=[Unix] Server=[Samba 2.0.3]
security=user

Issuing a mount command will now show the share mounted, just as if it were an NFS export:

[root@postel]# mount
/dev/hda2 on / type ext2 (rw)
none on /proc type proc (rw)
none on /dev/pts type devpts (rw,mode=622)
//SAMBA1/CUSTOMERS on /customers type smbfs (0)

Please see the manual pages for smbmount and smbumount for details on the above operation.

6.5 Share a printer

To share a Linux printer with Windows machines, you need to make certain that your printer is set up to work under Linux. If you can print from Linux, setting up an SMB share of the printer is straight forward.

Note that Windows users must have an account on the Linux/Samba server in order to print. Windows 95/98 will attempt to authenticate to the print server using the username and password used on login to the Windows box. This means that if you clicked 'Cancel' when logging onto Windows, you can't print (or connect to other SMB services)! Windows NT allows one to explicitly provide a username and password when connecting to a printer.

See the Printing HOWTO to set up local printing.

Add printing configuration to your smb.conf:

[global]
printing = bsd
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba-log.%m
lock directory = /var/lock/samba

[printers]
comment = All Printers
security = server
path = /var/spool/lpd/lp
browseable = no
printable = yes
public = yes
writable = no
create mode = 0700

[ljet]
security = server
path = /var/spool/lpd/lp
printer name = lp
writable = yes
public = yes
printable = yes
print command = lpr -r -h -P %p %s

It is also possible to share a windows printer for use, under Linux using special configurations and scripts. There are also functions and programs that can be used to back up whole windows clients under a Linux host. It is also possible, though problematic to do SMB host browsing across routers.

Hence here we have seen the basics of both the DNS system and the configurations required for Linux boxes to connect to Windows machines and vice versa using SMB.