Let's all do the SAMBA? - perhaps not (Redhat 7)

Member Name: tagheur

Product:	Redhat 7
Date:	26/08/02 (235 review reads)
Rating:

Advantages: sharing data

Disadvantages: confusing as hell

Dunno if this is the right place or not for this - maybe we should have a SAMBA section under Linux?

BEWARE - this is Techy McTech from Techtown shit. It's only worth reading if you actually want to share files between a Linux box and Windows. Otherwise it will just bore the arse off you. Sorry sorry sorry. I'm such a sad bugger.

Got your Linux/UNIX box up and running? Got your network all slicked up and ready to roll? Want to share files with your Windows machines?? You need SAMBA mate, that's what you need. And SAMBA stands for?

Such A Mess, it's Bloody Awful.

Actually SAMBA itself is OK; it's the documentation (or, quality of it), which stinks. The standard LINUX HOWTO is, to my mind, pants. So, here is Coco's rough guide to setting up SAMBA quickstyle.

SAMBA is basically a Windows emulator running under Linux that can participate in Workgroups and Domains. To the Microsoft stuff it looks just like another Microsoft box on the LAN. Now, like all emulators, it can be a bit finicky to set up. However, if you do EXACTLY what I do here, then it will work. Promise. If it doesn't then tough tomatoes - don't call me. He he.

So what do we have to do?

First off, check that SAMBA is actually installed on your Linux box. Most installs load it automatically. I have Red Hat 7.1 and while it installs SAMBA, it doesn't start it at boot time. To start SAMBA fire up a root console and type;

/etc/rc.d/init.d/smb start

You should see two daemons come up; - SMB and NMB.
You can restart it any time you like by issuing; -

/etc/rc.d/init.d/smb restart

which, as we will see later, is dead good.

If for some reason it ain?t there, then you will need to install the RPM from your Linux CDROM.

OK let's take a very brief look at what SAMBA does and how it does it. That will make the rest of this stuff a bi
t more logical.

SAMBA implements a protocol called 'Server Message Block', or SMB - hence the name SaMBa. SMB was developed by Microsoft on behalf of IBM (back in the days when they were friends) in or around 1984. In layman's terms, it is a set of rules whereby computers (originally PC's) can share files across a network. SAMBA is effectively a Linux implementation of the protocol.

SAMBA itself consists of two main components, the SAMBA program and a configuration file called SMB.CONF. SMB.CONF tells SAMBA how to behave in the environment it's in, what files to share and so on. There is another VERY IMPORTANT file, the SAMBA password file. Very little documentation on the web mentions this file but it is crucial to the working of SAMBA. Listen up, because there is an important bit somewhere hereabouts. Now, what was it? Oh yes, I remember -

Each Microsoft Windows machine on the LAN that wishes to access a SAMBA file share or service MUST have a USER account in the Linux password file and MUST have an account in the SAMBA password file. Got that? Good.

So - here we go:-

STEP1 - create an account for each Windows PC on the Linux box. The account should have the EXACT SAME name and password as you have for the Windows PC.

For example let's assume your Wintel box has a network name of CLIENT1. This is the name you gave it in the Identification tab when you set up your network. It is also the name that will appear for your PC if you open a DOS window and type NET VIEW.
Let's also assume that the password for CLIENT1 is CL1PASSWD.

Create a user account on the Linux box with the name CLIENT1 and the password CL1PASSWD. Next you need to do the same thing for SAMBA. Unfortunately, you can?t do this through the GUI admin screens so open a console and type: -

smbpasswd -a CLIENT1

The system will ask you to supply a password to which you reply


CL1PASSWD

END OF STEP1 - go and have a cig - you've earned it!

STEP2 - now we need to create the SMB.CONF file. Red Hat comes with a pre-prepared conf file. If you want you can just use that. However, in my opinion, it tries to do too much for a beginner and it just leaves you bloody confused. Just so you know, there are several GUI products that can help you build your SAMBA shares. You can find a list at www.samba.com. The one I like best is called webmin and you can get it from www.webmin.com. However, before you do, you still need to have a basic understanding of how SAMBA works or it will just be so much gobbledegook to you.


STEP 2 - Here is a VERY simple SMB.CONF file - it works fine - I?ve just tried it. Copy and paste it into your SAMBA folder (save the old one first). You will also need to create a folder called scratch in the root folder.

# This is the main Samba configuration file.
# NOTE: Whenever you modify this file you should run the command
# "testparm"
# to check that you have not made any basic syntactic errors.
#

#
# Special Section GLOBAL
#
[global]
smb passwd file = /etc/samba/smbpasswd
dns proxy = no
encrypt passwords = yes
null passwords = yes
workgroup = WORKGROUP
server string = SAMBA %v on %L
socket options = TCP_NODELAY
#
# Special Section HOMES
#
[homes]
comment = Home Directories
browseable = yes
#
# First fileshare - a folder called tmp
#

[tmp]
path = /tmp
read only = no
#
# Second fileshare - a folder called scratch
#

[scratch]
comment = scratch area
path = /scratch
read only = no
#
# Third fileshare - the SAMBA folder itself.
#

[SAMBA]
comment = SAMBA Directory
path = /etc/samba
read only = no

END OF STEP2

STEP 3 - F
ire up SAMBA

/etc/rc.d/init.d/smb start

END OF STEP3 - whoopee!
OK, let's try and understand the .CONF file a little bit. The file is split into 'sections' and each section describes a 'share'. There are three special sections called [global], [homes] and [printers]. Each of the other sections in .CONF describes a share, or in other words, a directory or a file.

[global]

As its name implies, [global] is where you set parameters that affect the overall behaviour of the SAMBA server. A good example is the 'workgroup' parameter in the example above. It tells SAMBA what workgroup to join in a win 95/98/ME environment (there are similar domain based statements for NT & 2000). There are just under two hundred (actually 182) different [global] parameters that can be specified in the GLOBAL section. However, most them auto-default to values that mean you can ignore them most of the time. I just mention it here so that you are aware of just how customisable (and complex) SAMBA can be.

[homes]

[homes] is really just a handy shortcut. If you know anything at all about Linux you will know that when you create a new user on the system, Linux creates a 'home folder' with the same name in the /home/ folder. So, our user CLIENT1, which we created earlier, will have a home folder /home/CLIENT1. All [homes] does is set you up with access to your home folder on the fly.

[printers]

Ah, you?ve spotted the deliberate mistake have you? Yes, our little example doesn?t have a [printers] section. I will do printers on another day - I promise. For now - let's just concentrate on getting a file server up and running OK? Good.

[share]

A share describes a file or directory that you wish to share. Again, there are over one hundred (124) different parameters you can specify. Incidentally, the manual can be found at www.samba.com. At its most basic, a
share is nothing more than a label and a path to a file or directory; -

[scratch]

Path = /etc/scratch_area

Your Wintel machines will see this folder as 'scratch' on 'Linuxbox', or whatever you called your Linux machine when you defined it to the network.

Other parameters can allow or deny hosts, allow or deny specific users, grant read or write access - the list goes on and on. However, just because we have referenced these files as shares to SAMBA, doesn't mean that we have changed their Linux permissions in any way. So you may finds that you can see a share that you have declared as 'write' which you can't actually write to (which will confuse the shit out of you). This will almost always be due to a Linux file permission that conflicts with the SAMBA permission. In such negotiations Linux always wins!

Pre Windows 95, once you had these shares set up, then that was pretty much all you had to do. However, with Win95 and since, Windows will always send encrypted passwords over the LAN. It then uses a complex hand-shaking routine to verify the password has been received and decrypted. This gave rise to an awkward situation. SAMBA didn't know that the passwords were encrypted so it tried to verify them just as they were against its password files. Of course this failed and so SAMBA effectively stopped working.

The original fix was to apply a small change to the Windows Registry to force it to send its passwords in clear. This was something of a retrograde step but it worked (still does). However the downside is that if someone manages to run a sniffer on your network then the passwords will be there for all to see. Not very secure. Later releases of SAMBA have caught up and now support encrypted passwords. You specify which you want in [global] as follows: -

encrypt passwords = <yes>/<no>

I would strongly recommend that you use 
9;encrypt passwords = yes' unless you have some particular reason why you must have passwords flying around in clear.

One of the really nice things about Linux services like SAMBA is that you don?t have to bounce the machine every time you change something; you just have to restart the service. This means that you can play around adding and removing parameters and immediately see their effect. I have a Wintel box right next to my SAMBA server so I can mess around with the parameters easily and quickly (what a sad little bugger I must be).

Going from Linux to Windows - mapping a Windows share onto a Linux box is much easier. Here briefly is how its done.

First of all, in order to see what shares a Windows machine has available you can run the smbclient command as follows (in this case for a machine on my network called ATLAS); -

smbclient -L ATLAS

The output will look something like this; -

Server time is Sat Aug 10 15:58:27 1996
Timezone is UTC+10.0
Password:
Domain=[WORKGROUP] OS=[Windows NT 3.51] Server=[NT LAN Manager 3.51]

Sharename Type Comment
--------- ---- -------
PRINTER$ Disk
EPSON STYLUS Printer
AUDIOLIB1 Disk
ADMIN$ Disk
ATLAS_SYS Disk
IPC$ IPC Remote Inter Process Communication

Server Comment
--------- -------

Workgroup Master
--------- -------

OK - I want to get at the MP3 library which lives on a fully shared drive called AUDIOLIB1. So, first of all I need to create a mountpoint for the share;-

mkdir /mnt/audiolib1

Then I can simply mount the share using a special command called smbmount. It looks a bit odd because of the weird treatment of backslashes however it
is very analagous to the windows "map network drive" procedure. Here is the command; -

smbmount "\\\\atlas\\audiolib1" /mnt/audiolib1

atlas will ask for a password (the network password you use when you bring it up) and the mount will be actioned. You can now browse /mnt/audiolib1 as if it were your own. Easy peasy lemon squeezy.

And that, is a very quick expose of SAMBA and what it can do. Think I'll go down the pub now. My mate Zorba (the geek) is going to tell me how to re-flash my BIOS... Out there, on the edge, that's me (not).

Summary: