11.2 Samba

Once you've configured your hostnames, you're ready to provide services to hosts on the network. To provide printer and file sharing, Windows uses a facility known as the Server Message Block (SMB). This same facility is sometimes known as the Common Internet File System (CIFS), NetBIOS, or LanManager. Thanks to Andrew Tridgell and others, Linux systems provide support for SMB via a package known as Samba. Like SMB, Samba lets you:

  • Authorize users to access Samba resources

  • Share printers and files among Windows, OS/2, Netware, and Unix systems

  • Establish a simple name server for identifying systems on your LAN

  • Back up PC files to a Linux system and restore them

Samba has proven its reliability and high performance in many organizations. According to the survey at http://www.samba.org/pub/samba/survey/ssstats.html, Bank of America is using Samba in a configuration that includes about 15,000 clients, and Hewlett-Packard is using Samba in a configuration that includes about 7,000 clients.

11.2.1 Installing the Samba Server

If you've never installed and configured a network server, Samba is a good place to begin; its installation and configuration are generally straightforward.

The Samba server includes the nmbd and smbd programs (which run as daemons), several utility programs, manpages and other documentation, and three configuration files: /etc/samba/smbusers, /etc/samba/smb.conf, and /etc/samba/lmhosts. The smbusers file associates several user accounts that are special to Samba with Linux user accounts; for example, it associates the Samba user IDs, administrator and admin, with root. Generally, you don't need to change smbusers. Likewise, you don't generally need to revise lmhosts. You'll learn how to configure the smb.conf file shortly.

The simplest way to install Samba is to select the Windows File Server package group during system installation. However, if you failed to do so, you can install Samba by using the Package Management Tool.

11.2.2 Configuring Samba

The /etc/samba/smb.conf file lets you specify a variety of options that control Samba's operation. You can edit the file by using your favorite text editor; however, the Samba Server Configuration Tool enables you to view and change options using your web browser, which is generally much easier than using a text editor. The Samba Server Configuration tool verifies the values of parameters you enter and provides online help.

To install the Samba Server Configuration Tool, select System Settings Add/Remove Applications from the main menu. The Package Management Tool appears. Select Server Configuration Tools Details redhat-config-samba. Select Close Update, and insert the appropriate installation CDs when prompted. To launch the tool, select System Settings Server Settings Samba from the main menu. Figure 11-3 shows the Samba Server Configuration screen.

The Samba menu item may not appear immediately following the installation of the Windows File Server package. If your system's menu lacks the Samba menu item, log out and log in again. Doing so should cause your desktop manager to regenerate the menus, causing the Samba menu item to appear.

Figure 11-3. The Samba Server Configuration screen

Configuring your Samba server involves configuring:

  • Security options

  • Users

  • Shares

The following three sections explain how to configure your server.

Although Samba supports sharing printers, the Samba Server Configuration Tool does not provide access to the related Samba configuration items. Instead, the Samba Server Configuration Tool automatically configures shared access to all available printers. If you want to manually specify options related to a shared printer, see the manual page on Samba configuration, smb.conf. Configuring Samba security options

To configure your Samba server, select Preferences Server Settings from the Samba Server Configuration Tool menu. Figure 11-4 shows the Server Settings dialog box that appears. The dialog box has two tabs. The Basic tab lets you specify the name of the workgroup that your Samba server will serve, and a description of your Samba server. If your Samba server is the only Samba server on your LAN, you can accept the default workgroup name, mygroup.

Figure 11-4. The Basic tab of the Server Settings dialog box

The Security tab (Figure 11-5) enables you to specify options that control access to your server and the file and printer shares it provides.

Figure 11-5. The Security tab of the Server Settings dialog box

The most important security option is the authentication mode, which determines how the server decides who can use which shared files and printers. The dialog box provides five authentication modes from which you can choose:


In ADS mode, the Samba server acts as a member server within an Active Directory Services (ADS) realm. To use this mode, you must install and configure Kerberos authentication on your workstation. The realm must also be configured to accept your workstation's Samba server. Setting up a Samba server in ADS mode requires special networking knowledge and skill and is not considered further in this book.


In Domain mode, the Samba server relies on a Windows domain controller to perform authentication. Specify the NetBIOS name of the domain controller in the textbox labeled Authentication Server.


In Server mode, the Samba server relies on another Samba server to perform authentication. Specify the NetBIOS name of the domain controller in the textbox labeled Authentication Server. If the Samba server cannot contact the designated authentication server, it attempts to authenticate using User mode.


In Share mode, a user is prompted for a username and password each time he attempts to access a shared file or printer.


In User mode, a user is prompted for a username and password when he initially contacts the Samba server.

The default authentication mode, User, is appropriate for most common situations.

The Encrypt Password option is initially enabled. You should not disable this option if your network includes clients using Windows 98 or any more recent version of Windows. PCs running recent versions of Windows send passwords in encrypted form and, unless the appropriate option is enabled, your Samba server will be unable to communicate properly with them.

The Guest Account option enables you to specify a default account, known as the guest account. Users logging into your Samba server will automatically receive the privileges assigned to the guest account in addition to any privileges assigned to their personal account. To maximize LAN security, you should not specify a guest account.

After specifying the security options, click OK. The Server Settings dialog box saves your changes, which take effect immediately. Configuring Samba users

To configure Samba users, select Preferences Samba Users from the Samba Server Configuration Tool menu. The Samba Users dialog box (Figure 11-6) appears.

Figure 11-6. The Samba Users dialog box

To create a new Samba user, click the Add User button. The Create New Samba User dialog box (Figure 11-7) appears. Choose an existing Linux username by using the listbox titled Unix Username. The user will receive the privileges associated with the specified username. The user may log in to the Samba server by using a different username. Specify the login username by using the textbox labeled Windows Username. Finally, specify the password by entering in the the textboxes labeled Samba Password and Confirm Samba Password. Click OK to create the Samba user..

Figure 11-7. The Create New Samba User dialog box

Sometimes, the Create New Samba User dialog box gets stuck, displaying only a single Linux username rather than the Unix Username listbox. Deselecting any selected username before clicking Add User may not solve this problem. If you find yourself in this situation, exit the Samba Server Configuration Tool and then re-launch it. This will generally clear the problem

You can use the Samba Users dialog box to edit or delete a Samba user. To do so, highlight the user and click Edit User or Delete User, as appropriate.

Changes made using Edit User take effect when you dismiss the Edit User dialog box. Samba users are immediately deleted when you click Delete User. Therefore, be sure you click the proper buttons and enter the proper data when using the Samba Users dialog boxes.

Samba passwords are not automatically synchronized with Linux passwords. To change the Samba password associated with a Samba user, user the Edit User button of the Samba Users dialog box. Configuring Samba shares

Once you've configured one or more Samba users, you're ready to configure Samba shares. To do so, click Add on the Samba Server Configuration Tool toolbar. The Create Samba Share dialog box, shown in Figure 11-8, appears.

Any user having valid access to a Samba server (which may require the user to login when trying to access a share) has automatic access to her home directory.

Figure 11-8. The Create Samba Share dialog box

To specify the Linux directory to be shared, enter the directory name in the textbox labeled Directory or use the Browse button to choose a directory. You can specify a description of the share in the textbox labeled Description. By default, users are permitted only read access to shares. If you want users to be able to write to the share, enable the Read/Write radiobutton. Click OK to save your changes and immediately activate the share.

If you want to limit access to the share to certain users, you can use the Access tab of the Create Samba Share dialog box (Figure 11-9). Enable the radiobutton labeled "Only allow access to specific users," and enable the checkbox associated with users permitted to access the share.

Figure 11-9. The Access tab of the Create Samba Share dialog box

11.2.3 Starting and Stopping Samba

If you want Samba to start automatically when you boot your system, use the Service Configuration Tool, described in Chapter 9, to associate the smb service with the current runlevel.

To stop Samba, highlight the Service Configuration Tool's entry for the smb service and click Stop.

11.2.4 Troubleshooting Samba

To verify that Samba is working, use the Create Samba Share dialog box to temporarily create a read-only share accessible to an arbitrary Samba user. On the Windows host, launch the Explorer and choose Tools Map Network Drive. The Map Network Drive dialog box appears. Click Connect using a different username and specify a username and password that you configured Samba to accept. Click OK to return to the Map Network Drive dialog box. Specify the hostname and share name in the Folder textbox by using the Windows convention, \\server\share, where system is the hostname of your Samba system and share is the name of a share you created. You'll find more information on using Samba shares in the next section.

If you can't access the share, consider the following likely reasons:

  • Your host firewall is blocking access.

  • You specified the wrong username or password.

  • The username and password are not the same on the Samba and Windows hosts.

  • You haven't authorized the user to access Samba.

  • Networking isn't properly configured on the Samba or Windows host.

If your host firewall is enabled, Samba will not function. You can easily disable the host firewall. However, you should not do so if your system resides on a LAN that is connected to the Internet or another un-trusted network unless the LAN is protected by a network firewall, such as a gateway router. To disable the firewall, select System Settings Security Level from the main menu. In the Security Level listbox, select the value Disable Firewall and click OK.

If you're unable to find the problem, consult the documentation that accompanies Samba. In particular, use a web browser to peruse the file diagnosis.html, which resides in the /usr/share/doc/samba-*/docs/htmldocs directory. This file includes a step-by-step procedure for verifying the operation of your Samba server. When a step fails, you can consult the file to determine the likely causes and how to go about fixing the problem. Chances are, you'll be able to administer Samba without outside help, but if not, you'll find the participants in the comp.protocols.smb newsgroup to be helpful. Another resource is O'Reilly's Using Samba, by Robert Eckstein, David Collier-Brown, and Peter Kelly. Since the book was published under the Open Publication License (OPL), Using Samba is also available online in electronic form at http://www.oreilly.com/catalog/samba.

Like any network server, Samba provides a wealth of options and facilities. If you thoroughly explore these facilities, you're likely to break your server. To avoid problems, you should keep a backup copy of your /etc/samba/smb.conf file. Doing so can be as easy as issuing the following command after Samba is up and running:

# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

Then, if your server ceases to work, you can restore your old configuration by issuing the command:

# cp /etc/samba/smb.conf.bak /etc/samba/smb.conf

You'll also need to restart the smb service.

11.2.5 Samba Client Configuration and Use

Once you've got your Samba server up and running, you can access it via Windows and Linux. This section shows you how to access the Samba server and also how to use your Samba server to create backups of important datafiles on client systems.

SMB clients are also available for most popular operating systems, including OS/2 and Mac OS (including Mac OS X). You shouldn't expect to have trouble getting them to work with Samba. If your client seems not to work, simply follow the procedure given earlier in Section 11.2.4. Windows client

Windows 3.11, 9x, Me, and NT?including Windows 2000 and XP, which are updated releases of Windows NT?have built-in support for the SMB protocol, so systems running these operating systems can easily access your Samba server's resources. Under Windows 9x/NT, you can access Samba resources by using the Windows Explorer. Log on with a user account that's authorized to access Samba resources, then click Network Neighborhood, and you should see a subtree that corresponds to your workgroup. Click that subtree, and you should see a subtree that corresponds to your Samba server. By expanding the subtree, you can see the browseable file and printer shares that are available. You can easily drag-and-drop files to and from a shared directory, assuming your user account is permitted the necessary access.

To use a shared printer, click Start Settings Printers and Faxes, or the equivalent on your system, and then double-click Add Printer. The wizard will guide you through the setup procedure. Simply choose the Network Printer option and browse to select the desired printer. If you have difficulty locating the printer share, you can manually specify its name. To do so, type two backward slashes, followed by the name of your Samba server, followed by a single backslash, followed by the name of the printer. For example, if you want to access a printer named lp on the Samba server known as SERVER, you'd type \\SERVER\lp.

You can map a file share to a drive letter by using the Tools Map Network Drive menu item of the Windows Explorer. Simply select an available drive letter and type the name of the file share, which consists of two backward slashes, followed by the name of your Samba server, followed by a single backslash, followed by the name of the file share. For example, if you want to access a file share named db on the Samba server known as SERVER, you'd type \\SERVER\db.

If you have difficulty connecting to your Samba server, follow the procedure given earlier in Section 11.2.4.

The Samba package includes a simple SMB client that can access your Samba server and other SMB servers accessible to your system. To demonstrate that your client and server are working, log on using a user account that has Samba authorization and issue the following command:

$ smbclient -L localhost

If you're prompted for a password, be sure to enter the Samba password for the user account rather than the Linux password.

You should see a list of the browseable shares available on your server. To query a different SMB server, issue the following command:

$ smbclient -L  server 

where server is the name of the SMB server you want to contact. Rather than logging on using an authorized user account, you can explicitly specify a user account by using this command form:

$ smbclient -L  server  -U  userid 

To actually access resources via SMB, use the following command form:

$ smbclient  ' service '  -U  userid 

where service specifies the name of the SMB host and share and userid specifies the user account to be used. The name of the SMB host should be preceded by two slashes and followed by one slash; for example:

$ smbclient //server/myshare -U billmccarty

Although Windows uses backward slashes to specify server names of SMB shares, you can use forward slashes when specifying arguments to the Linux smbclient command.

If the SMB server accepts your request, the client displays a special prompt:

smb: dir>

where dir indicates the current working directory on the SMB server. To download a file from the server, issue the command:

get  file 

where file specifies the name of the file to be downloaded. To upload a file to the server, issue the command:

put  file 

where file specifies the name of the file. To list the contents of the current directory, issue the command:


To enter a subdirectory, issue the following command, where dir specifies the name of the subdirectory:

cd  dir 

You can return to the parent directory by issuing the command:

cd ..

You can obtain a list of commands by issuing the command help or, to obtain help on a particular command, by issuing the command:

help  command 

where command specifies the command that you need help with. To exit the SMB client, issue the command exit.

You can use the smbprint script included in the Samba package to print Linux files by using a printer share. However, you'll probably have to do some tweaking of configuration files and adjusting of shell scripts to get smbprint to work. Using the Linux Samba client for file backup and recovery

One of the most practical uses of the Linux SMB client is creating backup copies of files stored on a Windows system. To do so, simply share the drive or directory containing the files you want to back up. Using the Windows Explorer, right-click the drive or directory, click Properties, click the Sharing tab, and select the desired share options. Then, access the share from Linux using smbclient. Once you have the SMB prompt, move to the directory you want to back up and issue the SMB tar command:

tar c backup.tar

The syntax of the SMB tar command resembles that of the tar command, though it supports only a handful of options. When you issue the SMB tar command with the c option, the files of the current directory and all its subdirectories will be backed up and stored in the file backup.tar on your Linux system. Of course, you can specify a filename other than backup.tar if you wish (although the .tar extension is required). Once you've created the backup file, you can write it to a tape, a writable CD-ROM, or other media. If your backup requirements are meager, it may be sufficient merely to have a copy of the file on both your Windows and Linux systems.

To restore a backup, move to the directory where you want the files restored and issue the SMB tar command:

tar x backup.tar

The SMB client restores each file from the backup.tar file. Of course, you must have write access to the shared directory in order to be able to restore files.