11.2 SambaOnce you've configured your hostnames, you're ready to provide services to hosts on the network. To provide printer and file sharing, Windows uses a facility known as the Server Message Block (SMB). This same facility is sometimes known as the Common Internet File System (CIFS), NetBIOS, or LanManager. Thanks to Andrew Tridgell and others, Linux systems provide support for SMB via a package known as Samba. Like SMB, Samba lets you:
Samba has proven its reliability and high performance in many organizations. According to the online survey at http://www.samba.org/pub/samba/survey/ssstats.html, Bank of America is using Samba in a configuration that includes about 15,000 clients, and Hewlett-Packard is using Samba in a configuration that includes about 7,000 clients. 11.2.1 Installing the Samba ServerIf you've never installed and configured a network server, Samba is a good place to begin; its installation and configuration are generally straightforward. The Samba server includes the nmbd and smbd programs (which run as daemons), several utility programs, manpages and other documentation, and three configuration files: /etc/samba/smbusers, /etc/samba/smb.conf, and /etc/samba/lmhosts. The smbusers file associates several user accounts that are special to Samba with Linux user accounts; for example, it associates the Samba user IDs, administrator and admin, with root. Generally, you don't need to change smbusers. Likewise, you don't generally need to revise lmhosts. You'll learn how to configure the smb.conf file shortly. The simplest way to install Samba is to select the Windows File Sharing package group during system installation. However, if you failed to do so, you can install Samba by using the Package Management Tool. Whether or not you installed the Windows File Sharing package group during system installation, you should ensure that the package samba-client, associated with the System Tools package group, is also installed. Finally, to simplify configuration of Samba, you should install the samba-swat package. Unfortunately, this package does not appear on the package list provided by the Package Management Tool. To install it, mount installation CD 2, open a terminal window, and issue the following command: redhat-install-packages /mnt/cdrom/RedHat/RPMS/samba-swat-*.rpm 11.2.2 Configuring SambaThe /etc/samba/smb.conf file lets you specify a variety of options that control Samba's operation. You can edit the file by using your favorite text editor; however, the Samba Web Administration Tool (SWAT) lets you view and change options using your web browser, which is generally much easier than using a text editor. The SWAT tool verifies the values of parameters you enter and provides online help. To use SWAT, you must first configure xinetd to launch SWAT when you request it. To do so, launch the Service Configuration Tool by choosing Server Settings Services from the GNOME or KDE menu. Configure swat and xinetd to run at the current run level and save your changes. If xinetd is not currently running, start it by selecting the xinetd entry and clicking Start. The swat service runs under control of xinetd, so you don't need to start swat. To access SWAT, first log out of GNOME or KDE and login again, so that the menu is reloaded. Then, choose Extras Samba Configuration from the GNOME or KDE menu. Doing so launches Mozilla, pointing the browser to port 901 of the local host using the URL http://localhost:901/. Your web browser will prompt you for a user account and password; specify root as the user account and give the appropriate password. Figure 11-3 shows SWAT's main menu. Figure 11-3. SWAT's main menuTo configure your Samba server, click the following toolbar icons:
11.2.2.1 Configuring global variablesTo configure global options, click the Globals button on the toolbar. Figure 11-4 shows the Global Variables page, and Table 11-1 describes the most important options. You can access additional options by clicking Advanced View. To change an option, select or type the desired value. When you've changed all the options you want to change, click Commit Changes, and the changes take effect. Figure 11-4. SWAT's Global Variables screen
You probably won't need to make many changes to Samba's global variables. Setting the workgroup and netbios name is sufficient for most users. If your system has more than one network adapter card, you'll also need to set the interfaces variable. If your network includes Windows 98/NT/2000/XP clients, you'll need to set encrypt passwords.
11.2.2.2 Configuring file share parametersTo establish and maintain file shares, use the Shares button on the toolbar. Figure 11-5 shows the Share Parameters page. Figure 11-5. SWAT's Share Parameters screenRed Hat Linux configures a default share, homes, which lets Linux users access their Linux /home directory as a Samba share. You can create a new share by typing its name and clicking Create Share. To delete a share, choose the share name from the drop-down list and click Delete Share. To work with an existing share, choose it from the drop-down list and click Choose Share. When you click Choose Share, the page shown in Figure 11-6 appears. This page lets you view and change a variety of share options. Table 11-2 describes the principal share options. You can access additional options by clicking Advanced View. As with the global options, you may not need to change many share options. Likely candidates for change are the comment, path, and read only options. Figure 11-6. SWAT's expanded Share Parameters screen
11.2.2.3 Configuring printer share parametersYou configure printer share parameters in much the same way you configure shares. Begin by clicking the Printers toolbar button. You can use the page shown in Figure 11-7 to create a new printer share, delete a printer share, or modify an existing printer share. Figure 11-7. SWAT's Printer Parameters screenIf you select a printer from the drop-down list and click Choose Printer, the page shown in Figure 11-8 appears. Table 11-3 describes the available print share options. You can access additional options by clicking Advanced View. As with the global options and file share options, you may not need to change many printer share options. The comment option is the most likely to be changed.
Figure 11-8. SWAT's expanded Printer Parameters screen11.2.3 Viewing Samba Server StatusThe Status button on SWAT's toolbar lets you view the status of the Samba server. The page shown in Figure 11-9 shows the following information about the status of your Samba server:
Figure 11-9. Samba's Server Status pageUsing the controls on the page, you can refresh the contents, set the auto refresh interval (in seconds), start and stop either daemon, and kill an active connection. 11.2.4 Viewing Samba Server ConfigurationThe View button on SWAT's toolbar lets you view the Samba server's main configuration file, /etc/samba/smb.conf (shown in Figure 11-10). By default, the page shows only the basic configuration options; clicking Full View causes SWAT to display every configuration option. Figure 11-10. SWAT's Current Config screen11.2.5 Managing Users and PasswordsYou can specify user accounts authorized to access Samba resources by clicking SWAT's Password toolbar button and accessing the page shown in Figure 11-11. Figure 11-11. The Server Password Management pageThe Server Password Management page lets you:
The user accounts that you specify on the Server Password Management page are those that your Samba server recognizes as authorized to access its resources. The bottom part of the page, titled Client/Server Password Management, lets you change the password associated with a user account on a remote system running Samba or SMB. Changing a password by using Client/Server Password Management is often more convenient than logging in to the remote host and using its password change facility. 11.2.6 Starting and Stopping SambaIf you've reconfigured Samba, you should restart the smb service so that the changes take effect. To do so, highlight the Service Configuration Tool's entry for the smb service and click Restart. If you want Samba to start automatically when you boot your system, use the Service Configuration Tool to associate the smb service with the current runlevel. To stop Samba, highlight the Service Configuration Tool's entry for the smb service and click Stop. 11.2.7 Troubleshooting SambaTo verify that Samba is working, use the Share Parameters screen to create a publicly accessible, read-only share. Then, use the Server Password Management screen to authorize a Linux user account to access the share. Restart the smb service to make your changes effective. On the Windows host, launch the Explorer and choose Tools Map Network Drive. The Map Network Drive dialog box appears. Click Connect using a different username and specify a username and password that you configured Samba to accept. Click OK to return to the Map Network Drive dialog box. Specify the hostname and share name in the Folder textbox by using the Windows convention, \\server\share, where system is the hostname of your Samba system and share is the name of a share you created. You'll find more information on using Samba shares in the next section. If you can't access the share, consider the following likely reasons:
If your host firewall is blocking access, use the Security Level Tool to customize your firewall, allowing the following ports and protocols: 137:tcp,138:tcp,139:tcp,445:tcp,137:udp,138:udp,139:udp If you're unable to find the problem, consult the documentation that accompanies Samba. In particular, peruse the file DIAGNOSIS.txt, which resides in the /usr/share/doc/samba-*/docs/textdocs directory or its equivalent on your system. This file includes a step-by-step procedure for verifying the operation of your Samba server. When a step fails, you can consult the file to determine the likely causes and how to go about fixing the problem. Chances are, you'll be able to administer Samba without outside help, but if not, you'll find the participants in the comp.protocols.smb newsgroup to be helpful. Another resource is O'Reilly's Using Samba, by Robert Eckstein, David Collier-Brown, and Peter Kelly. Since the book was published under the Open Publication License (OPL), Using Samba is also available online in electronic form at http://www.oreilly.com/catalog/samba/. Like any network server, Samba provides a wealth of options and facilities. If you thoroughly explore these facilities, you're likely to break your server. To avoid problems, you should keep a backup copy of your /etc/samba/smb.conf file. Doing so can be as easy as issuing the following command after Samba is up and running: # cp /etc/samba/smb.conf /etc/samba/smb.conf.bak Then, if your server ceases to work, you can restore your old configuration by issuing the command: # cp /etc/samba/smb.conf.bak /etc/samba/smb.conf You'll also need to restart the smb service. 11.2.8 Samba Client Configuration and UseOnce you've got your Samba server up and running, you can access it via Windows and Linux. This section shows you how to access the Samba server and also how to use your Samba server to create backups of important datafiles on client systems. SMB clients are also available for most popular operating systems, including OS/2 and Mac OS (including Mac OS X). You shouldn't expect to have trouble getting them to work with Samba. If your client seems not to work, simply follow the procedure given earlier in Section 11.2.7. 11.2.8.1 Windows clientWindows 3.11, 9x, Me, and NT—including Windows 2000 and XP, which are updated releases of Windows NT—have built-in support for the SMB protocol, so systems running these operating systems can easily access your Samba server's resources. Under Windows 9x/NT, you can access Samba resources by using the Windows Explorer. Log on with a user account that's authorized to access Samba resources, then click Network Neighborhood, and you should see a subtree that corresponds to your workgroup. Click that subtree, and you should see a subtree that corresponds to your Samba server. By expanding the subtree, you can see the browseable file and printer shares that are available. You can easily drag and drop files to and from a shared directory, assuming your user account is permitted the necessary access. To use a shared printer, click Start Settings Printers and then double-click Add Printer. The wizard will guide you through the setup procedure. Simply choose the Network Printer option and browse to select the desired printer. If you configured the printer share without the browseable option, you cannot browse and therefore must type the name of the printer share. To do so, type two backward slashes, followed by the name of your Samba server, followed by a single backslash, followed by the name of the printer share. For example, if you want to access a printer share named lp on the Samba server known as SERVER, you'd type \\SERVER\lp. You can map a file share to a drive letter by using the Tools Map Network Drive menu item of the Windows Explorer. Simply select an available drive letter and type the name of the file share, which consists of two backward slashes, followed by the name of your Samba server, followed by a single backslash, followed by the name of the file share. For example, if you want to access a file share named db on the Samba server known as SERVER, you'd type \\SERVER\db. If you have difficulty connecting to your Samba server, follow the procedure given earlier in Section 11.2.7. 11.2.8.2 Linux clientThe Samba package includes a simple SMB client that can access your Samba server and other SMB servers accessible to your system. To demonstrate that your client and server are working, log on using a user account that has Samba authorization and issue the following command: $ smbclient -L localhost You should see a list of the browseable shares available on your server. To query a different SMB server, issue the following command: $ smbclient -L server where server is the name of the SMB server you want to contact. Rather than logging on using an authorized user account, you can explicitly specify a user account by using this command form: $ smbclient -L server -U userid To actually access resources via SMB, use the following command form: $ smbclient ' service ' -U userid where service specifies the name of the SMB host and share and userid specifies the user account to be used. The name of the SMB host should be preceded by two backward slashes and followed by one backward slash; for example: $ smbclient //server/myshare -U billmccarty If the SMB server accepts your request, the client displays a special prompt: smb: dir> where dir indicates the current working directory on the SMB server. To download a file from the server, issue the command: get file where file specifies the name of the file to be downloaded. To upload a file to the server, issue the command: put file where file specifies the name of the file. To list the contents of the current directory, issue the command: dir To enter a subdirectory, issue the following command, where dir specifies the name of the subdirectory: cd dir You can return to the parent directory by issuing the command: cd .. You can obtain a list of commands by issuing the command help or, to obtain help on a particular command, by issuing the command: help command where command specifies the command that you need help with. To exit the SMB client, issue the command exit. You can use the smbprint script included in the Samba package to print Linux files by using a printer share. However, you'll probably have to do some tweaking of configuration files and adjusting of shell scripts to get smbprint to work. 11.2.8.3 Using the Linux Samba client for file backup and recoveryOne of the most practical uses of the Linux SMB client is creating backup copies of files stored on a Windows system. To do so, simply share the drive or directory containing the files you want to back up. Using the Windows Explorer, right-click the drive or directory, click Properties, click the Sharing tab, and select the desired share options. Then, access the share from Linux using smbclient. Once you have the SMB prompt, move to the directory you want to back up and issue the SMB tar command: tar c backup.tar The syntax of the SMB tar command resembles that of the tar command, though it supports only a handful of options. When you issue the SMB tar command with the c option, the files of the current directory and all its subdirectories will be backed up and stored in the file backup.tar on your Linux system. Of course, you can specify a filename other than backup.tar if you wish (although the .tar extension is required). Once you've created the backup file, you can write it to a tape, a writable CD-ROM, or other media. If your backup requirements are meager, it may be sufficient merely to have a copy of the file on both your Windows and Linux systems. To restore a backup, move to the directory where you want the files restored and issue the SMB tar command: tar x backup.tar The SMB client restores each file from the backup.tar file. Of course, you must have write access to the shared directory in order to be able to restore files. |