|
 |
|
| |
Available since version 3.11 of Microsoft Windows, printer and file
sharing are two of Window's most useful features. For example,
outfitting each computer in a large office with a laser printer would
be quite expensive. But printer sharing lets you reduce the cost of
providing every user with printing capability; with printer sharing,
each computer system in the office can print to a single
printer.
Just as printer sharing lets your computer access a printer attached
to another computer, file sharing lets your computer access files
stored on another computer. File sharing makes it quick and easy to
transfer data from one system to another and avoids the confusion that
results when everyone has their own - possibly out of date or
inconsistent - copy of important data files they could not
otherwise access.
To provide printer and file sharing, Microsoft Windows uses a facility
known as SMB (Server Message Block). This same facility is sometimes
known as NetBIOS or LanManager. Thanks to Andrew Tridgell and others,
Linux systems provide support for SMB via a package known as
Samba. Like SMB, Samba lets you:
-
Share printers and files among Microsoft Windows, OS/2, Netware,
and Unix systems -
Establish a simple nameserver for identifying systems on your
local area network -
Backup PC files to a Linux system and restore them -
Administer users and passwords
Samba has proven its reliability and high performance in many
organizations. According to the online survey at
https://www.samba.org/pub/samba/survey/ssstats.html,
Bank of America is using Samba in a configuration that includes about
15,000 clients, and Hewlett-Packard is using Samba in a configuration
that includes about 7,000 clients.
If you've never installed and configured a network server, Samba's a
good place to begin; its installation and configuration are generally
simple and straightforward.
Samba includes the
smbd program, which runs as a
daemon, several utility programs, man pages and other documentation,
and the configuration file:
/etc/smb.conf. You'll
learn how to configure the
/etc/smb.conf file in
the next subsection.
NOTE: The pending unstable version of Samba places its configuration files in
/etc/samba, rather than
/etc. If you install a recent version of Samba, you should look in
/etc/samba for the Samba configuration files.
The
/etc/smb.conf file lets you specify a variety
of options that control Samba's operation. The install script for
Samba establishes a simple
/etc/sbm.conf that may
meet your requirements.
You can edit the
/etc/sbm.conf file to suit
your special needs by using your favorite text editor. However, Samba
includes a tool called
swat that lets you view and
change options by using your Web browser, which is generally much
easier than using a text editor. The
swat tool
verifies the values of parameters you enter and provides online
help. To access
swat, point your browser to port
901 of your system. For example, you can use the URL
https://localhost:901/. Your web browser will
prompt you for a userid and password; specify
root
as the userid and give the appropriate password.
Figure 10.1 shows
swat's main menu,
accessed by using the system's IP address in place of its
hostname. 
To configure your Samba server, you click on simulated tool bar
entries:
-
Globals lets you configure global Samba variables (options) -
Shares lets you configure file shares -
Printers lets you configure shared printers -
Status lets you view the status of the Samba server -
View lets you view the
smb.conf file -
Password lets you add and delete users and change user passwords
The main menu also provides convenient access to Samba documentation.
To configure global options, click on the Globals button on the tool
bar.
Figure 10.2 shows the Global Variables page and
Table 10.2 describes the most important options. You
can access additional options by clicking on Advanced View. To change
an option, select or type the desired value. When you've changed all
the options you want to change, click on Commit Changes, which causes
the changes to take effect.
Table 10.2: Samba Global Variables
|
Option group |
Option |
Description |
|
Base |
workgroup |
The workgroup name displayed when the server is queried by a client. |
|
|
netbios name |
The name by which the server is known to the NetBIOS nameserver. |
|
|
server string |
The text string displayed to describe the server. |
|
Base (cont.) |
interfaces |
The IP address of the interface or the IP addresses of the interfaces through which Samba should listen. Each IP address is followed by a forward slash and a number that specifies the number of bits that pertain to the network portion of the IP address (usually 24). If this option is not set, Samba attempts to locate and automatically configure a primary interface. |
|
Security |
security |
Specifies how Samba authenticates requests for access to shared resources. The default value,
user, is helpful when the Samba server and its clients have many common userids. The value
share can be useful when few common userids exist. The value
system lets another SMB server perform authentication on behalf of the server. You should generally use the default value; see the Samba documentation for details.
|
|
|
encrypt passwords |
Specifies whether Samba will negotiate encrypted passwords, which are expected by Windows NT 4.0 SP3 and Windows 98. |
|
|
update encrypted |
Allows automatic updating of an encrypted password when a user logs on using a non-encrypted password. This option is useful when migrating to encrypted passwords and should otherwise be set
off. |
|
|
map to guest |
Specifies Samba's action when a user attempts to log on using an invalid password. The
Bad User option is generally appropriate. |
|
|
guest account |
The Linux account used to provide services for guest users. |
|
|
hosts allow |
A list of hosts that can access the server. If not specified, all hosts are permitted access. |
|
|
hosts deny |
A list of hosts that cannot access the server. |
|
Logging |
log level |
An integer that specifies the verbosity of log messages. A low value (such as 0) specifies that few messages are written to the log. |
|
|
log file |
Specifies the name of Samba's log file. |
|
|
max log size |
The maximum size of the log file in kilobytes (kb). When the specified size is exceeded, Samba begins a new log file. A value of zero lets the log file grow indefinitely large. |
|
Tuning |
read prediction |
Specifies whether Samba will attempt to pre-read data from files, in order to speed data transfer. This code is disabled in Samba 2.0. |
|
|
socket options |
Specifies TCP options that can improve performance. See the Samba documentation for details. |
|
Printing |
printcap name |
Specifies the name of the
printcap file used by the server. |
|
|
printing |
Specifies how Samba interprets printer status information. Generally,
SYSV is an appropriate choice for a Linux system. |
|
Logon |
logon script |
Specifies the path of a BAT file that is downloaded from the server and run when a user logs on to Samba. |
|
|
domain logons |
Specifies whether Samba will serve Windows 9x domain logons for its workgroup. Note: Samba cannot yet serve Windows NT domain logons, which require a Primary Domain Controller (PDC). |
|
Browse |
os level |
Specifies the level at which Samba advertises itself for browse elections. A high number makes it more likely that Samba will be selected as the browser. The value 65 will cause clients to prefer Samba to a Windows NT server. |
|
|
preferred master |
Specifies whether the NetBIOS name server is the preferred master browser for its workgroup. |
|
|
local master |
Specifies whether the NetBIOS name server will bid to become the local master browser on a subnet. |
|
|
domain master |
Specifies collation of browse lists across a wide-area network (WAN). May result in strange behavior when a workgroup includes a Windows NT Primary Domain Controller (PDC). |
|
WINS |
wins server |
Specifies the IP address of the WINS server with which the NetBIOS nameserver should register itself, if any. |
|
|
wins support |
Specifies that the NetBIOS nameserver should act as a WINS server. Useful when the network includes several subnets. Do not specify this option for multiple systems of a single network. |
|
Locking |
strict locking |
Specifies whether the server will automatically lock files and check locks when files are accessed. Enabling this option may slow performance. |
You probably won't need to make many changes to Samba's global
variables. Setting the
workgroup and
netbios name is sufficient for most users. If your
system has more than one network adapter card, you'll also need to set
the interfaces variable.
WARNING:
If your system is attached to a cable modem or other interface that
makes it available to other network users, you should consider
specifying security options that prevent unauthorized users from
accessing your files or printer. Like other Samba users, the author
has had a rogue system (in Pakistan) repeatedly attempt to access his
shared files. To ensure that such attempts are unsuccessful, you might
(for example) use the
hosts allow option to
restrict the hosts allowed to access your Samba server.
To establish and maintain file shares, you use the Shares button on
the tool bar.
Figure 10.3 shows the Share Parameters
page. 
You can create a new share by typing its name and clicking on
Create Share. To delete a share, choose it from the drop-down list,
and click on Delete Share. To work with an existing share, choose it
from the drop-down list, and click on Choose Share. When you click on
Choose Share, the page shown in
Figure 10.4
appears. This page lets you view and change a variety of share
options.
Table 10.3 describes the available share
options. You can access additional options by clicking on Advanced
View. As with the global options, you may not need to change many (if
any) share options. Likely candidates for change are the
comment,
path,
read
only, and
create mask options.
Table 10.3: Samba File Share Options
|
Option Group |
Option |
Description |
|
Base |
comment |
The description displayed when the file share is queried by a client. |
|
|
path |
The path (directory or file) that is shared by the server. |
|
Security |
guest account |
The Linux account used to provide services for guest users. |
|
|
read only |
Specifies whether access to the share is read-only. |
|
|
create mask |
The default mode assigned to a newly created file within a shared directory. |
|
|
guest ok |
Specifies whether guest access (access without a password) is allowed. |
|
|
hosts allow |
A list of hosts that can access the file share. If not specified, all hosts are permitted access. |
|
|
hosts deny |
A list of hosts that cannot access the file share. |
|
Browse |
browseable |
Specifies whether the file share is visible in the list of shares made available by the server. |
|
Locking |
strict locking |
Specifies whether the server will automatically lock files and check locks when files are accessed. Enabling this option may slow performance. |
|
Miscellaneous |
available |
Specifies whether the share is available; by setting this option to "no" you can prevent access to the share. |
|
|
volume |
The volume label returned for the share. |
You configure printer share parameters in much the same way you
configure file shares. Begin by clicking on the Printers tool bar
button. The page shown in
Figure 10.5 appears. You can
use the page to create a new printer share, delete a printer share, or
modify an existing printer share. 
If you select a printer from the drop-down list and click on
Choose Printer, the page shown in
Figure 10.6
appears.
Table 10.4 describes the available print
share options. You can access additional options by clicking on
Advanced View. As with the global options and file share options, you
may not need to change many (if any) printer share options. Likely
candidates for change are the
comment,
path,
read only, and
create mask options. 
Table 10.4: Samba Print Share Options
|
Option Group |
Option |
Description |
|
Base |
comment |
The description displayed when the printer share is queried by a client. |
|
|
path |
The print spooling directory. |
|
Security |
guest account |
The Linux account used to provide services for guest users. |
|
|
guest ok |
Specifies whether guest access (access without a password) is allowed. |
|
|
hosts allow |
A list of hosts that can access the printer share. If not specified, all hosts are permitted access. |
|
|
hosts deny |
A list of hosts that cannot access the printer share. |
|
Printing |
print ok |
Specifies whether printing is permitted. If this option is set to "no," clients may still be able to browse the printer share. |
|
Printing (cont.) |
printing |
Specifies the type of printer interface used, which determines what commands Samba issues to control the printer. "BSD" is generally a good choice. |
|
|
printer name |
Specifies the name of the printer to which the printer share corresponds; "lp" is generally a good choice. |
|
Browse |
browseable |
Specifies whether the printer share is visible in the list of shares made available by the server. |
|
Miscellaneous |
available |
Specifies whether the printer share is available; by setting this option to "no" you can prevent access to the printer share. |
The Status button on
swat's tool bar lets you view
the status of the Samba server.
Figure 10.7 shows the
page that appears when you click on Status. The page shows:
Using the controls on the page, you can refresh the page contents, set
the auto refresh interval, start and stop either daemon, or kill an
active connection. 
The View button on
swat's tool bar lets you view
the Samba server's main configuration file,
/etc/smb.conf.
Figure 10.8 shows
the page that appears when you click on View. By default, the page
shows only the basic configuration options; clicking on Full View
causes
swat to display every configuration
option. 
You can create userids for accessing Samba resources by clicking on
swat's Password tool bar button.
Figure 10.9 shows the
Password page that appears. 
The top part of the page, titled Server Password Management,
lets you:
The userids you specify using Server Password Management are
those that your Samba server recognizes as authorized to access its
resources.
The bottom part of the page, titled Client/Server Password
Management, lets you change the password associated with a userid on a
remote system running Samba or SMB. Changing a password by using
Client/Server Password Management is often more convenient than
logging in to the remote host and using its password change facility.
Like any network server, Samba provides a wealth of options and
facilities. If you thoroughly explore these facilities, you're likely
to break your server. To avoid problems, you should keep a backup copy
of your
/etc/smb.conf file. Doing so can be as
easy as issuing the following command after Samba is up and
running: cp /etc/smb.conf /etc/smb.conf.SAVE
Then, if your server ceases to work, you can restore your old
configuration by issuing the command: cp /etc/smb.conf.SAVE /etc/smb.conf
You'll also need to restart your system (or at least the Samba daemons).
On the other hand, you may have difficulty in getting Samba to operate correctly in the first place. Or, you may need to change Samba's configuration and therefore be unwilling to simply restore its previous status.
In such cases, you can consult the documentation that accompanies
Samba. In particular, peruse the file
DIAGNOSIS.txt, which should be in the
/usr/doc/ Samba-2.0.3/docs/textdocs directory, or
its equivalent on your system. This file includes a step-by-step
procedure for verifying the operation of your Samba server. When a
step fails, you can consult the file to determine the likely causes
and how to go about fixing the problem. Chances are, you'll be able to
administer Samba without outside help; but, if you can't, you'll find
the participants of the
comp.protocols.smb
newsgroup to be helpful.
NOTE: Some versions of the Samba package do not include the file
DIAGNOSIS.txt. If your system lacks the file, you can obtain it from
the Samba web site,
https://www.samba.org/.
 |
 |
 |
|
10.2 Network Administration |
 |
10.4 Samba Client Configuration and Use |
|
|
|
