Home
Back To Top
Home
1. Installation of SAMBA packages :-
Packages those are required for installation is as below
i. samba
ii. samba-client
iii. samba-doc
iv. kdebase3-samba (optional)
v. kdenetwork3-lan (optional)
vi. kdenetwork3-lisa (optional)
Figure 1
Figure 2
2. The power and flexibility of Samba is controlled by a single configuration file, smb.conf
3. Two typical locations for smb.conf are /usr/local/samba/lib and/etc/samba.
4. The first thing anyone new to Samba should do is: (a) make a copy of smb.conf so you always have an "clean" original
5. To add samba in Auto-start mode at Boot-up :-
a. chkconfig smb on
b. chkconfig smb off
Figure 3
6. Ports required for Samba TCP/UDP Ports
a. smbd (port 139-TCP) Shares and printers data transfer
b. nmbd (ports 137-UDP & 138-UDP) WINS, WINS Proxying, Browsing
7. Manual start/stop of Samba:
a. /etc/init.d/nmb {start|stop|restart|reload|status}
b. /etc/init.d/smb {start|stop|restart|reload|status}
Figure 4
8. Create Linux users:
As here we will be having primary motive to create user who can be used for accessing samba, for that the user should be present on OS hence if shell login of this user is not required then same can be disabled at OS level, it will be active only at Samba level. Below mentioned steps can be used for creation of users which are only to be used for Samba
mkdir /etc/empty; useradd -l -mk /etc/empty -s /bin/false username
Figure 5
9. Create Samba users:
a. smbpasswd -a username àAdds a new samba username and can also used for setting password for samba user
Figure 6
b. smbpasswd -d username àDisables an existing samba username
c. smbpasswd -e username àEnables an existing samba username
Figure 7
d. smbpasswd -x username àDeletes an existing samba username
Figure 8
10. Testing samba configuration and listing all the default configurations:
testparm | tee /etc/samba/smb.conf.all | less
Figure 9
Note :- The Share names should be without space and no longer than 13 chars.
11. Checking listening ports (137,138,139) and Searching for SMB Hosts :-
a. netstat -ltun | egrep ":137 |:138 |:139" (Shows listening ports)
b. findsmb [BroadcastAddr] or findsmb workgroup (Shows SMB hosts)
Sign before names: +=LocalMaster
Browser *=Domain Master Browser
Figure 10
12. Testing local samba with smbclient:
smbclient -N -L localhost à localhost word can be replaced with local IP address
Figure 11
13. Testing a remote SMB server (Unix)
a. smbclient //ServeName/ShareName -U UserName
or
smbclient //IP address/ShareName -U UserName
b. Then once authenticated for username/password use the typical ftp like commands.
c. (eg. cd, lcd, pwd, ls, put, mput, get, mget, del, rename, mkdir, rmdir, chown, chmod, exit, quit )
14. Testing a remote SMB server (Windows)
a. //ServeName/ShareName
or
//IP address/ShareName
b. Then once authenticated for username/password use typical browsing to access the specified samba share
15. A simple example is in order. By default (ie, the global default option) Samba allows anyone who passes the authentication process--typically a valid username/password combination--access to a listed share. An administrator can, however, restrict user access to a share by using the valid users = option. For example:
[homes]
comment = Home Directories
valid users = sandeep
read only = yes
browseable = yes
Figure 12
16. The above share can only be accessed by the user sandeep, effectively overriding any other options (implied or otherwise) specified in the [global] section of the configuration file.
Figure 13
17. Below, for reference, is the fully assembled Samba PDC configuration file:
# /etc/samba/smb.conf
# samba configuration file
# last updated: 2/28/2002 by tms
[global]
;basic server settings
workgroup = syroidmanor
netbios name = phoenix
server string = Samba PDC running %v
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
;PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
;security and logging settings
security = user
encrypt passwords = yes
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
;user profiles and home directory
logon home = \\%L\%U\
logon drive = H:
logon path = \\%L\profiles\%U
logon script = netlogon.bat
# ==== shares ====
[homes]
comment = Home Directories
browseable = no
writeable = yes
[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700
[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = yes
browseable = no
write list = tom
18. General information regarding various parameters in smb.conf file
a. Standard Shares à share names are reserved only for these purposes
[homes]
comment = Heimatverzeichnis
browseable = no ; Name of user share seen by other users
read only = no ; Cannot write ? (same as writable=no)
create mode = 0750 ; ANDed with 0766(default) to set the files access rights
[printers]
comment = All Printers
browseable = no ; Seen as a directory share (absolutely NO !)
read only = yes ; We can save files there (absolutely NO !)
printable = yes ; We can send print jobs to it (absolutely yes !)
public = yes ; Usable by all users including guests
directory = /tmp ; Where the print jobs will be saved before they are printed
create mode = 0700 ; Allow owners to do anything to these saved print jobs
b. Normal Shares :
[cdrom] ; Example of a typical share
comment = CD-ROM
path = /media/cdrom ; Path of the share
writeable = no ; Preventing trying to write on CDROMs. (Same as read only=yes)
locking = no ; Prevent samba from locking the accessed files while opened
public = yes ; Usable by all users including guests ? (Same as guest ok = yes)
[LaserJet] ; Single Printer share settings if load printers = no
printable = yes ; Here the user paul is the only one allowed to use this printer.
printer = laserjet
printing = cups
read only = yes ; Same as writeable = no
valid users = paul
19. List of extra usefull share parameters of smb.conf file
hosts equiv =/etc/hosts.equiv ; List of users allowed without passwords.(Global)
path = /var/pc/%m ; Each machine gets its own share directory
; (directory must exist and must be all in lowercase characters)
path = /var/users/%u ; Each user gets its own share directory (user dir. must exist)
create mode = 0740 ; Mode ANDed with Windows(rw/ro) and 0766 for file creation
; Default = 0744
directory mode = 0751 ; Mode ANDed with Windows(rw/ro) and 0755 for Dir. creation
; Default = 0755
force create mode = 0740 ; Forces all the files to have this mode when created
force directory mode = 0750 ; Forces all directories to have this mode when created
hosts deny = 192.168. ; Hosts that are not allowed to access the share.
; Valid values are ALL, FQDN, IPAddr, NetAddr/Netmask, Partial IP
hosts allow = 150.203. ; Allows all hosts clients with IP starting with 150.203.
; Valid values: ALL, FQDN, IPAddr, NetAddr/Netmask, Partial IP
; hosts allow takes priority over hosts deny if conflicting.
valid users = john, sophie ; Sets the only users allowed access to the share.
write list = marie, @admin ; Only these users or group(@) are allowed to write to
; share, Normally combined with writeable = yes
read list = marie, @shipping ; These users or group(@) are limited to rear-only to the
; share, Normally combined with writeable = no
follow symlinks = no ; Doesn't permit to follow symbolic links. Default is yes
wide links = no ; Limits following symbolic links to inside the share
; tree.(Def=yes)
preexec = LinuxCommand ; Runs a command as user before access to a share
root preexec = LinuxCommand ; Runs a command as root before access to a share
postexec = LinuxCommand ; Run a command as user before closing access to a share
root postexec = LinuxCommand ; Run a command as root before closing access to a share
20. Mounting SMB shares on a local Directory will be updated in this post shortly with many more details.
21. To view list of users created in samba use "pdbedit command"
Home
No comments:
Post a Comment