WebSpy is a Fastvue Product

Support Center

Using Samba

Last Updated: Oct 07, 2014 08:47PM PDT
If you've ever used a Windows PC on a network, then you know that you can "map" or "share" network drives. Assuming that your network is properly set up to allow it, you should be able to use this tool to make a disk on another system appear as if it were part of your local machine's filesystem. In other words, you could make another machine's D: drive appear to be the G: drive on your system.

Samba allows you to do the same thing with directories on your Linux system. Samba also lets you share other resources, such as printers.

Samba uses Microsoft's Server Message Block (SMB) protocol. SMB originated in the 1980s and was later adopted and extended by Microsoft. SMB lets you share files over a network.

Samba is included with most popular Linux distributions. Most distributions in the past two years will include Samba. If Samba hasn't already been installed on your system, the easiest way to install it is to download the binary (precompiled) packages.

Being open source, Samba is maintained by volunteers. Samba continues to improve with new releases. Remember that new versions of application packages such as Samba get released independently. While it is not practical to upgrade an application each time an update appears, it is wise to watch for needed bug fixes, security patches, or specific new features.

If you encounter any problems with Samba, these are likely to be related to security settings and passwords, and you should read the Samba documentation.

For more information, visit the Samba website or type the command man smb.conf on a Linux machine with Samba installed.
 

Finding out if you have Samba

To determine whether Samba is currently running:
  1. Open a shell
  2. Become root. su and enter your root password when asked for it.
  3. At the command prompt type:
ps aux | grep mbd | more 

and verify that both smbd and nmbd appear in the process list.
  • If the error said "wrong fs type or bad superblock n //compname/sharename", it means Samba isn't installed. Install it and try again.
  • If it said "unknown filesystem smbfs" or "kernel doesn't support smbfs" or something like that, it means you don't have smbfs support in your kernel. Run modprobe smbfs and try again. If it still doesn't work, you will have to build a new kernel with SMB support enabled.

Starting, Stopping, and Restarting Samba

Most Linux distributions come with scripts to start, stop, and restart Samba properly. If yours does not, use the alternate commands under Without Scripts below.

Samba's client communication is handled in the background by a number of daemon programs that can be configured to start automatically when your Linux system boots. Daemon is the name given to any type of program that runs constantly in the background. If your Samba daemons are not automatically started, you can specify them to do so using a utility such as linuxconf. You can also start the daemons manually with the following commands. (Note that you must be logged in as root to use these.)

When the daemons are started, they read your smb.conf file and advertise the directories and services that are configured within that file. By default, the daemons recheck the smb.conf file every 60 seconds. Changes made to the file will automatically take effect the next time the daemons check the file.

With Scripts

Start Samba
/etc/rc.d/init.d/samba start

Stop Samba
/etc/rc.d/init.d/samba stop>

Restart Samba
/etc/rc.d/init.d/samba restart

Without Scripts

Start Samba
/usr/sbin/smbd -D and /usr/sbin/nmbd -D

Stop Samba
killall -TERM smbd and killall -TERM nmbd

Restart Samba
killall -HUP smbd and killall -HUP nmbd

UNIX

Start and stop Samba daemons in the normal Unix fashion:
/etc/rc.d/init.d/smb start
/etc/rc.d/init.d/smb stop
 

Sharing Linux Directories

To share directories on Linux:

1. Open a shell and become root
2. Open your /etc/smb.conf file. kedit /etc/smb.conf (replace kedit with your favorite editor if you want)
  • Change the WORKGROUP setting to the name of the workgroup you want to be in. 
  • The HOSTS ALLOW line should contain the list of IP ranges that are on your home network. For example, if your computers were all 192.168.0.* your line would look like this:
  • hosts allow = 192.168.0. 127 
  • Set ENCRYPT PASSWORDS to yes 
  • Set SMB PASSWORD FILE to /etc/smbpasswd 
  • On the INTERFACES line, list all of your computer's IP addresses, except the internet address if it has one. For example, if you computer had a loopback IP 127.0.0.1, an internal IP 192.168.0.1, and an internet IP 25.246.105.108, your line would be: interfaces = 192.168.0.1 127.0.0.1
3. Save it and exit the editor
4. Add an account for your Windows box. smbpasswd -a user password
Replace user with the username you want, and password with a password. The username should be a valid user on the Linux box.
5. Open up /etc/smb.conf again
6. Scroll down to the Share Definitions part
7. Add a shares for your log files, perhaps like this: 
[webspy]
comment = WebSpy log files
path = /usr/share
security = domain
password server = *
valid users = john sam
browseable = yes
public = no
writable = no
printable = no

8. Save and exit

The hosts allow and interfaces lines are there to make the server inaccessible to anything other than the computers on your LAN. You may find that other security measures are required.

WORKGROUP

You can specify which Windows Network Neighborhood Workgroup your Linux machine is seen in and the description of the machine by editing the following lines in smb.conf: 
workgroup = WORKGROUPNAME
server string = MACHINE DESCRIPTION


The use of the "*" argument to "password server" will cause Samba to locate the domain controller in a way analogous to the way this is done within Microsoft Windows NT.

In order for this method to work the Samba server needs to join the Microsoft Windows NT security domain. This is done as follows:

On the Microsoft Windows NT domain controller using the Server Manager add a machine account for the Samba server.

Next, on the Linux system execute: smbpasswd -r PDC_NAME -j DOMAIN_NAME

Use of this mode of authentication does require there to be a standard account for the user in order to assign a uid once the account has been authenticated by the remote Windows domain controller. This account can be blocked to prevent logons by other than Microsoft Windows clients by things such as setting an invalid shell in the /etc/passwd entry.

HOSTS ALLOW

smb.conf can be used to allow and deny access by IP addresses. This is done by listing IP addresses or subnets on the lines beginning with hosts allow and hosts deny.

Examples:
hosts allow 192.168.10.0/255.255.255.0
Allow all hosts in the given network/netmask

hosts allow 160.210 EXCEPT 160.210.24.56
Allow all hosts beginning with 160.210 except 160.210.24.56

hosts allow 192.168.10 192.168.20
allow all hosts beginning with 192.168.10 or 192.168.20

hosts deny 130.74
deny all hosts beginning with 130.74

smbpassword

Samba can be configured to send plain-text passwords or encrypted passwords. The Microsoft SMB protocol originally used plain-text passwords. However, with Service Pack 3 or higher for Windows NT 4.0, they changed the protocol to use encrypted passwords. You will therefore need to configure Samba to send encrypted passwords.

This can be done with the following steps:

1. Create a separate password file for Samba based on your /etc/passwd file. This will create Samba users for every user that already exists on your system. To do this by executing the command cat /etc/passwd | mksmbpasswd.sh > /etc/smbpasswd.
The script should be in the /usr/bin directory

2. Make sure only root has permission to read and write to the Samba password file with the command chmod 600 smbpasswd.
3. The script does not copy the passwords. To set the Samba password for each users thus enabling their Samba accounts, use the command smbpasswd username for each user.
4. Edit the smb.conf file to include the two lines
encrypt passwords = yes 
smb passwd file = /etc/smbpasswd

 

Configuring Samba

Configuring Samba is done by editing the configuration file /etc/smb.conf that is usually located under the /etc directory. Everytime you modify this file, Samba must be restarted for the changes to take effect.

Configuring Samba

After installing Samba, you configure it to "advertise" certain directories and resources that other systems can access. The details about which resources to advertise are contained in the Samba configuration file, /etc/smb. conf.

You can configure Samba by editing the smb.conf file manually (with a text editor), but the easiest way is to use the SWAT Web-based interface.

smb.conf: The smb.conf man page is more than 75 pages long. Pretty intimidating. Luckily, you can set up Samba between two or three machines without digesting the full 75 pages of man documentation.

There are some important security concerns involved with Samba. In "advertising" a directory as accessible, that directory can be directly accessed from the other systems on your network. If you have a large network, or if your network is accessible from the Internet, you should investigate the security settings more thoroughly.

About the smb.conf File

The smb.conf File: When you install Samba, it includes a copy of the /etc/ smb.conf file. You should configure Samba by modifying this file, rather than by trying to create your own smb.conf file from scratch. The default file contains fairly extensive documentation that will guide you through the process of enabling, disabling, or changing the various options. In the file, the documentation appears in lines preceded by a ; or a #, which tells Samba to ignore those lines when reading the configuration.

The smb.conf file is divided into sections, each of which begins with a bracketed keyword. To set up your small home system, you will need to edit the [global] section and add a brief entry for each directory or resource you wish to advertise.

smb.conf: [global] Section: A set of general Samba parameters are defined in the [global] section of the smb.conf file. This is where you specify the name of the Windows workgroup and the IP addresses of the machines allowed to access the Samba-shared resources.

The security line is where the basic security level is specified. Again, if your machine is part of a larger network or is on the Internet, be careful. And make sure you read the Samba security documentation thoroughly.

Shared Directories: The [global] section affects all directories exported by your Linux system, but user settings are specific to each shared, or exported, directory.

You will need to create a [user] section for each directory that you wish to export.

Testing smb.conf: Once you have finished editing your smb.conf file, you can verify it using the testparm command. This reads the smb.conf file and displays any errors that it finds. When the errors have been displayed, press "Enter" to display all of the parameters that have been set. Figure Two shows the testparm output from my system (the [global] section has been truncated due to length).
 

Configuring Windows

You need to either create a user on your Linux box with your Windows Login or create a Windows Login with the same username on your Linux machine. Optionally, you can have the Windows Login and password for Windows 95/98/NT/2000 be the same as your Linux Samba username and password and it will not prompt for a password. Obviously, this is a security issue if others have access to your system.

Here are some ways to access Unix or linux shares from Windows clients:
  1. Browse Network Neighborhood to find the hostname, then double-click on the host to reveal shares (directories)
  2. Use the Find/Computer option on the Start Menu to specify the Unix host name
  3. Use the Tools/Map Network Drive option in Explorer to map a network drive directly to the Unix share. For example, \\shared\dev specifies the path to a Samba share named dev on the host shared
Windows NT

In Windows NT, the Server network service (available through Control Panel/Network, Services tab) provides SMB server support, the Workstation network service provides SMB client support, and the NetBIOS Interface supplies additional necessary SMB functionality. First, ensure that these components have been installed appropriately. As SMB runs on top of TCP/IP, also ensure that this protocol is installed and bound to the Ethernet card.
 

Other Issues to Consider

Name mangling commonly occurs when transferring files between Unix and Windows computers. For example, copying a long filename from a Linux ext2 filesystem to Windows FAT filesystem can result in the file name and file extension being truncated to fit the 8.3 naming convention. Conversely, file names that are in mixed case on the Windows filesystem can become names in all lower-case when copied to the Unix system.

Unix and Windows systems implement the end-of-line (EOL) convention for ASCII text files differently. Samba does not perform EOL conversion during file transfer and so Unix text files appear as one very long single line of text when transferred to a Windows computer with Samba.
 

Resources

Sharing files between Windows and Linux: Samba
Unofficial Samba HOWTO
Man page for smb.conf file
MS Windows security options and how to configure Samba for seamless integration

Contact Us

support@fastvue.co
http://assets3.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete