Skip to content

Samba

Presented by David Cantrell on September 5, 2007

Table of Contents


1. Introduction

This page is written for people unfamiliar with
Samba or Windows networking on Unix. The topics introduced here do not go in
to much detail, but are here to give you an idea of the capabilities of
Samba.


1.1. About Samba

Samba is the name of an open source software
project that aims to bring SMB/CIFS networking to Unix systems. The original
goal of Samba was to provide Unix systems the ability to act as a Windows
server, but this has expanded in to client capabilities as well (though this
varies by Unix operating system).

The acronym SMB stands for Server Message Block
and CIFS stands for Common Internet Filesystem. SMB was originally created
at IBM for the LanManager networking system. It provides file and print
sharing protocols, naming protocols, and automatic routing and discovery
protocols. Microsoft, the major adopter of SMB, has moved existing standards
for most of what SMB did. This move brought a name change to CIFS. The main
function of CIFS is file and print sharing.

There are two main parts to a Samba installation.
The first is the server component. Samba’s main goal was to let Unix systems
provide Windows network services. The second part are client services. This
varies by host operating system, but the goal is to allow a Unix system to act
as a Windows network client. Linux has the most client functionality in
Samba, but other operating systems are gaining support.


1.2. The Daemons

There are two daemons necessary for a Samba
server: nmbd and smbd. If you are running a Samba server, you
will need to be familiar with these two programs.

nmbd: The NetBIOS name server. SMB name
resolution and discovery ("Network Neighborhood") consist of many broadcast
packets sent over UDP. The nmbd program handles this traffic. If you are
running Samba as a domain controller, you can also use nmbd as a WINS server.
This is necessary for some older Windows clients, but everything post Win2k
can deal with networks without WINS servers.

smbd: SMB/CIFS file and print sharing
services. In a SMB/CIFS network, file and print services are TCP. The smbd
program handles all of this traffic between the Samba server and the requesting
client. The smbd program also handles authentication for shares.

Both daemons listen for SIGTERM to exit. If
the daemons are hosed, use SIGTERM as a last resort. Most distributions
provide a wrapper script to handle sending the right signals to the daemons.
The nmbd daemon must be started before the smbd daemon.


1.3. Configuration

Configuration of Samba is contained in the
smb.conf. The actual location of this file varies by installation.
Some distributions put it in /etc, some in /etc/samba, some in /etc/smb,
and if you install by hand it might be in /usr/local/etc. Wherever it is,
the syntax is the same. Much like the old WIN.INI and SYSTEM.INI files,
the smb.conf file is divided in to stanzas with a series of setting = value
entries. The man page for smb.conf is very descriptive and the HOWTO also
contains a lot documentation for this file. Most people are able to use
the default file and modify it for their needs.

Click here to see an
example smb.conf file.


2. Server

Samba is pretty simple to run as a server. After
you configure the smb.conf file, just run the daemons. The hardest part is
usually getting Samba accounts configured.


2.1. Important Global Settings

Make sure you set the workgroup to your
workgroup or domain name. The server string is cosmetic only. You
can restrict the allowed network hosts with the hosts allow setting.
The security setting should be left as user unless you are using Samba
for a domain controller.

I always recommend setting local master

to yes, domain master to yes, and preferred master to yes. I
also jack the os level to 250 just to mess with NetBIOS elections.


2.2. Special Stanzas

The [global] section contains Samba-wide
settings. The workgroup or domain name, network settings, and log file
settings are what you will find in the global section.

The [homes] section is a special share
that will automatically make a user’s home directory available when they log
in to the Samba server. This is useful for mixed environments where users are
likely to be moving between Windows and Unix systems frequently.

The [netlogon] and [Profiles]

sections are useful for Samba servers acting as primary domain controllers.
The Windows roaming profiles and network logon service is handled by these
shares.


2.3. File Share Stanza

The other stanzas in the smb.conf file are
file shares. The name inside the brackets is the name of the share that the
client would see. An example share would be:


[music]

comment = Ripped Music

path = /srv/music

public = yes

writable = no

This share allows anyone on my network to read
my music directory.


2.4. Authentication

In the early years of Samba, authentication was
a crude hack to link Unix accounts to Windows accounts. This involved creating
duplicate entries in a special smbpasswd file. You can still do this
and it’s usually sufficient for most small sites, but if you have to manage a
lot of accounts -or- need to have Windows-only and Unix-only accounts, you may
want to explore other authentication options in Samba.

The most complex system I’ve set up uses LDAP
to contain account data for Windows and Unix accounts. NSS and PAM modules
allow Unix services to authenticate users and Samba can speak directly to
the LDAP server.

Password sychronization between Windows and
Unix account entries is a fine art. In the most difficult cases, you can
write a chat script so when a user changes their password from Windows, it
updates their Unix password. If you go with the LDAP/NSS/PAM solution, this
is handled automatically.


3. Client

Samba client capabilities vary by operating
system. On Linux, we can mount SMB/CIFS shares directly via a kernel
module.


3.1. Included Tools

The included command line tools are usually
sufficient for me to find what I’m looking for. Using smbtree and
smbclient, I am able to browse the Network Neighborhood and
find shares to mount. The smbmount command on Linux lets you mount
SMB/CIFS shares directly on your system.


3.2. Graphical Browsers

The larger the network, the less useful these
commands become. You may prefer a graphical Network Neighborhood browser.
There are many available, so I can’t really recommend a good one. The built
in browsers in GNOME and KDE are good ones to try first and then start
looking at alternatives. The Samba Home Page maintains a list of currently
compatible NetHood browsers.


4. Advanced Topics


4.1. Centralized Windows and Unix Accounts

I’ve found no better system that using LDAP to
manage the account information. The smbldap-tools software makes
managing these accounts a lot easier. Setting up LDAP can be challenging,
but it’s not impossible.


4.2. ADS Interoperability

Recent versions of Samba are introducing more
interoperability with Active Directory Service. As of now, Samba cannot act
as an ADS server, but it can do share authentication from an ADS master
server. This requires setting up Kerberos on the Samba server and some
tweaks in the smb.conf file.


4.3. Using Samba for Linux-to-Linux Shares

No one said Samba had to be restricted to
sharing Unix resources with Windows clients. It also works well between
two Linux hosts.


5. References

Posted in Articles.

No comments

Posted on

« »