Setting up Samba

From SUSE Wiki

Type: Howto, Application-Specific (Samba)

Tested Versions: 9.x, does work on 10.x

Written By: Jamadagni

Further Modifications By: Kamatsu

This article has not been tested to work on the latest full release version (i.e 9 or 10, not 10.0 or 10.1) of SUSE Linux. You can help SUSE Wiki by testing this and updating the article where possible.

This article is in need of a cleanup. You can help SUSE Wiki by editing it to conform to the Article and Design Guidelines

Samba is used by Linux to communicate with other operating Systems. It is also used by other Operating Systems to communicate with Linux. A Samba Server can be used as File/Print server and/or Domain Controller.

Contents 1 Installation 2 Configuration 2.1 General Settings 2.2 Samba as PDC 2.3 File Sharing 3 Samba start/stop 4 Creating Accounts 4.1 Mass user creation scripts 5 Accessing other computer

Installation

An installation can be done with Yast or apt-get. For a basic installation the packages samba and libsmbclient (Suse 9.2) are needed.

The sources to RPM packages of the current Samba release for all SuSE Linux products (including SLES) are listed at http://en.openSUSE.org/Samba.

Configuration

After the installation, you will find the most important files in /etc/samba. The most important file might be smb.conf. This configuration file can be altered using an ascii editor.

It is recomended for a beginner to use the Yast tools included in openSUSE 10.1 and onwards. It is very easy to set up the server via the "Samba Server" program and the client via the "Windows authentication" program.

General Settings

[global]
	 workgroup = MY_WORKGORUP
	 server string = %h server
	 interfaces = 127.0.0.1, 192.168.0.0/24
	 hosts allow = 127.0.0.1, 192.168.0.0/24
	 hosts deny = all
	 map to guest = Bad User
	 passwd program = /usr/bin/passwd %u
	 passwd chat = *password* %n\n *password* %n\n *changed*
	 passwd chat debug = yes
	 username map = /etc/samba/smbusers
	 unix password sync = yes
	 log level = 3
	 passdb backend = smbpasswd 
	 encrypt passwords = yes

Samba as PDC

	 domain logons = yes
	 preferred master = Yes
	 domain master = Yes
	 os level = 65
	 netbios name = bart
	 logon path = \\%L\profiles\.msprofile
	 logon drive = Z:
	 logon home = \\%L\%U\.9xprofile
	 logon script = logon.bat
	 wins support = yes
	 admin users = smbadmin

admin user is the user, who has the rights to create Samba accounts. The admin user is also used when adding a computer to the domain (creating a machine account). The admin user must not be root.

	 add user script = ldapsmb -a -u
	 delete user script = ldapsmb -d -u
	 add group script = ldapsmb -a -g
	 delete group script = ldapsmb -d -g
	 add user to group script = ldapsmb -j -u
	 delete user from group script = ldapsmb -j -u
	 set primary group script = ldapsmb -m -u
	 add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$

these are scripts that help administer the Samba, i.e. create a machine account ...

File Sharing

[homes]
	 comment = Home Directories
	 valid users = %S
	 read only = no
	 inherit acls = yes
	 browseable = no

The homes of the current user.

[profiles]
	 comment = Network Profiles Service
	 path = %H
	 read only = no
	 create mask = 0600
	 directory mask = 0700
	 store dos attributes = yes

This is where the profilesof the user will be stored.
%H -> Home of the current user

[public]
	 comment = Public
	 path = /home/public
	 browseable = yes
	 create mask = 0777
	 directory mask = 0777
	 guest ok = yes
	 writable = yes
	 share modes = yes

A folder will be available for all users. It is in the logon script.

[netlogon]
	 comment = Network Logon Service
	 path = /home/netlogon
	 writable = no
	 browseable = no 

This is necessary for using a logon script.
Put your logon script files here.

Samba start/stop

rcsmb {start|stop|restart|status}
rcnmb {start|stop|restart|status}

This can be automated using:

(SuSE 9.1) YaST -> System -> Runlevel Editor
(SuSE 9.3 and later) YaST -> System -> System Services (Runlevel)

Enable the Services smb and nmb

Creating Accounts

If you are using the scripts above, then the creation of a machine account will be done automatically when you add the computer to the domain. All the Samba user are listed in /etc/samba/smbpasswd. The passwords are shown encrypted.

A Samba user(i.e. smbadmin) can also be created manually. Samba user need to exist as a linux user.

useradd smbadmin      # create a Linux user

smbpasswd -a smbadmin     # create a Samba user

smbpasswd -e smbadmin     # enable a Samba user

Mass user creation scripts

If you need to create a large amount of users it's easy to write a bash script that reads username and passwords from a text file and then creates accounts by using these commands:

echo $password > /tmp/smbpass
smbpasswd -a $user < /tmp/smbpass

Of course, you should also create the UNIX account before doing that with adduser - you could do that in that very same script.

Accessing other computer

To access from another computer running the Windows 2000/XP platform, edit the file "SuSEFirewall2" in directory "/etc/sysconfig". Change the value of attribute FW_ALLOW_INCOMING_HIGHPORTS_UDP to:

FW_ALLOW_INCOMING_HIGHPORTS_UDP=”netbios-ns”