Samba-2.2.8a

Introduction to Samba

The Samba package provides file and print services to SMB/CIFS clients.

Package information

Installation of Samba

Install Samba by running the following commands:

cd source &&
mkdir -p /etc/samba/private &&
mkdir -p /var/cache/samba &&
./configure \
   --prefix=/usr \
   --sysconfdir=/etc \
   --localstatedir=/var \
   --with-piddir=/var/run \
   --with-fhs \
   --with-smbmount &&
make &&
make install &&

rm -rf /usr/private &&
echo "swat 901/tcp" >> /etc/services &&
echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" >> \
   /etc/inetd.conf

Installation command explanations

mkdir -p /etc/samba/private
mkdir -p /var/cache/samba
Directories needed for proper operation of the smbd and nmbd daemons.

--prefix=/usr: Sets the prefix for almost all the file paths to /usr.

--sysconfdir=/etc: Sets the configuration file directory to avoid the default of /usr/etc.

--localstatedir=/var: Sets the variable data directory to avoid the default of /usr/var.

--with-fhs: Assigns all other file paths in a manner compliant with the Filesystem Hierarchy Standard (FHS).

--with-smbmount: Orders the creation of an extra binary for use by the mount command so that mounting remote SMB (windows) shares becomes no more complex than mounting remote NFS shares.

rm -rf /usr/private: Removes a directory erroneously created by source/scripts/installbin.sh during the make install.

Configuring Samba

We will configure one Samba server (SAMBABOX) to act as a primary domain controller, as well as configure one domain client running Windows 2000 Server(WIN2KBOX) and acting as a member server of the domain. Detailed instructions will be given for adding WIN2KBOX to the domain due to the extra steps necessary. Instructions for adding Windows 95/98/XP clients can be found in the newly installed documentation by pointing a web browser to:

file:///usr/share/samba/swat/using_samba/ch03_01.html#ch03-55770.

Config files

/etc/samba/smb.conf, /etc/rc.d/init.d/samba

First we set up some directories needed by Samba :

mkdir /var/lib/samba &&
mkdir /var/lib/samba/netlogon &&
mkdir /var/lib/samba/ntprofile &&
mkdir /var/lib/samba/profiles &&
chmod -R 1777 /var/lib/samba

And the Samba configuration file:

cat > /etc/samba/smb.conf << "EOF"
[global]
    netbios name = SAMBABOX
    workgroup = DOMAIN01
    os level = 64
    preferred master = yes
    domain master = yes
    local master = yes
    security = user
    encrypt passwords = yes
    domain logons = yes
    log file = /var/log/log.%m
    log level = 1
    logon path = \\%N\home\%u
    logon drive = H:
    logon home = \\homeserver\%u
    logon script = logon.cmd
[netlogon]
      path = /var/lib/samba/netlogon
      read only = yes
      write list = ntadmin
[profiles]
      path = /var/lib/samba/ntprofile
      read only = no
      create mask = 0600
      directory mask = 0700
; World writable share for testing
[tmp]
comment = Temporary file space
        path = /tmp
        read only = no
        public = yes
[home]
comment = Users' home directories
        path = /home
        read only = no
        public = no
EOF

Now add the machine trust account for WIN2KBOX:

/usr/sbin/useradd -g 100 -d /dev/null -c \
    "machine nickname" -s /bin/false win2kbox$ &&
passwd -l win2kbox$ &&
smbpasswd -a -m win2kbox

Create the Samba boot script:

cat > /etc/rc.d/init.d/samba << "EOF"
#!/bin/bash
# Begin $rc_base/init.d/samba
# Based on sysklogd script from LFS-3.1 and earlier.
# Rewritten by Gerard Beekmans  - [email protected]
source /etc/sysconfig/rc
source $rc_functions
case "$1" in
	start)
		echo "Starting nmbd..."
		loadproc /usr/sbin/nmbd -D
		echo "Starting smbd..."
		loadproc /usr/sbin/smbd -D
		;;
	stop)
		echo "Stopping smbd..."
		killproc /usr/sbin/smbd
		echo "Stopping nmbd..."
		killproc /usr/sbin/nmbd
		;;
	reload)
		echo "Reloading smbd..."
		reloadproc /usr/sbin/smbd
		echo "Reloading nmbd..."
		reloadproc /usr/sbin/nmbd
		;;
	restart)
		$0 stop
		sleep 1
		$0 start
		;;
	status)
		statusproc /usr/sbin/nmbd
		statusproc /usr/sbin/smbd
		;;
	*)
		echo "Usage: $0 {start|stop|reload|restart|status}"
		exit 1
		;;
esac
# End $rc_base/init.d/samba
EOF

Add the run level symlinks:

chmod 754 /etc/rc.d/init.d/samba &&
ln -s  /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba &&
ln -s  /etc/rc.d/init.d/samba /etc/rc.d/rc1.d/K48samba &&
ln -s  /etc/rc.d/init.d/samba /etc/rc.d/rc2.d/K48samba &&
ln -s  /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S24samba &&
ln -s  /etc/rc.d/init.d/samba /etc/rc.d/rc4.d/S24samba &&
ln -s  /etc/rc.d/init.d/samba /etc/rc.d/rc5.d/S24samba &&
ln -s  /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba

Now, we'll use our new boot script to start Samba :

/etc/rc.d/init.d/samba start

We have to add the SAMBABOX root account to the Samba user list first in order to join WIN2KBOX to the DOMAIN01 domain:

smbpasswd -a root

After starting Samba and adding root to the Samba user list, the first machine we'll join to DOMAIN01 will be WIN2KBOX, the Windows 2000 Server box we created the machine trust account for. On WIN2KBOX:

1.  Right click on My Computer.
2.  Click on Properties.
3.  Click on the Network Identification notebook tab.
4.  Click on the Properties button.
5.  In the Computer Name: edit field enter WIN2KBOX.
6.  Click on the Domain: radio button and enter DOMAIN01 in the edit
    field and click OK.
7.  When presented with the Domain Username And Password dialog box,
    enter root and root's password on SAMBABOX and click OK.
8.  After the machine trust is negotiated, click the OK button in the
    dialog box welcoming you to the DOMAIN01 domain.
9.  Click OK in the reboot reminder dialog box.
10. Click OK to close the System Properties window.
11. Click Yes to reboot WIN2KBOX.

Add a new user to the DOMAIN01 domain.

Before logging on to WIN2KBOX, we will create a new user with the following commands:

useradd -m win2kuser01 &&
passwd win2kuser01 &&
smbpasswd -a win2kuser01

Logging on to DOMAIN01.

Now we will log on the domain as our newly created user as follows:

1. Press Ctrl-Alt-Del to bring up the Log On to Windows dialog box.
2. Enter the win2kuser01 name and password.
3. Select DOMAIN01 from the Log on to: combination box and click OK.

Add the swat entry to /etc/serviceswith the following command:

echo "swat            901/tcp" >> /etc/services

If inetd is used, the following command will add the swat entry to /etc/inetd.conf:

echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" \
    >> /etc/inetd.conf

If xinetd is used, the following command will add the swat entry to /etc/xinetd.conf:

cat >> /etc/xinetd.conf << "EOF"
service swat
{
    port            = 901
    socket_type     = stream
    wait            = no
    only_from       = 127.0.0.1
    user            = root
    server          = /usr/sbin/swat
    log_on_failure  += USERID
}
EOF

The Samba Web Administration Tool, SWAT, can be launched with the following command on SAMBABOX:

lynx http://localhost:901

Note: Be sure inetd is running, and issue a killall -HUP inetd before starting SWAT.

The Lynx browser is used in this demonstration, but is not necessary.

Configuration command explanations

cat > /etc/samba/smb.conf << "EOF" : Create a default Samba configuration file. This configuration will allow Samba to act as a Primary Domain Controller for a Microsoft Windows based network. If this is not desired, a simpler default smb.conf file is bundled with the Samba distribution. See the samba2.2.8a/examples/smb.conf.default file. Primary Domain Controller configuration is slightly more complicated than ordinary member server configuration, so instructions for PDC configuration will be given here.

cat > /etc/rc.d/init.d/samba << "EOF": Create the Samba boot script, used to start and stop Samba automatically on machine startup and shutdown.

/usr/sbin/useradd -g 100 -d /dev/null -c \
    "Win2k Server" -s /bin/false win2kbox$
This command creates a machine trust account, necessary only for Windows 2000/NT servers to authenticate to our new PDC. Machine trust accounts are not necessary for Win95/98 clients.

echo "swat 901/tcp" >> /etc/services: Register the swat service to run on port 901.

echo "swat stream tcp nowait.400 root /usr/sbin/swat swat" >> /etc/inetd.conf: Instruct inetd where to find and how to run swat.

ln -s /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S600samba etc.: Create the Samba boot scripts, used to start and stop Samba automatically on machine startup and shutdown.

Contents

The Samba package contains make_smbcodepage, make_unicodemap, mount.smbfs, nmbd, nmblookup, rpcclient, smbcacls, smbclient, smbcontrol, smbd, smbpasswd, smbspool, smbstatus, swat, testparm, testprns, wbinfo and winbindd.

Description

make_smbcodepage

make_smbcodepage converts text descriptions of code pages to binary code page files and vice versa.

make_unicodemap

make_unicodemap converts text Unicode map files to binary, for use in mapping characters to 16 bit Unicode.

mount.smbfs

mount.smbfs provides /bin/mount with a way to mount remote windows (or samba) fileshares.

nmbd

nmbd is the Samba NetBIOS name server.

nmblookup

nmblookup is used to query NetBIOS names and map them to IP addresses.

rpcclient

rpcclient is used to execute MS-RPC client side functions.

smbcacls

smbcacls is used to manipulate NT access control lists.

smbclient

smbclient is a SMB/CIFS access utility, similar to FTP.

smbcontrol

smbcontrol is used to control running smbd , nmbd and winbindd daemons.

smbd

smbd is the main Samba daemon.

smbpasswd

smbpasswd changes a user's Samba password.

smbspool

smbspool sends a print job to an SMB printer.

smbstatus

smbstatus reports current Samba connections.

swat

swat is the Samba Web Administration Tool.

testparm

testparm checks an smb.conf file for proper syntax.

testprns

testprns tests printer names.

wbinfo

wbinfo queries a running winbindd daemon.

winbindd

winbindd resolves names from NT servers.