LINUX HELP ALL: samba

MRKAVANA (mrkavana@gmail.com) - www.facebook.com/kavanathai

Showing posts with label samba. Show all posts

Jul 28, 2011

Samba Standalone Server With tdbsam Backend on CentOS 5.6

this tutorial explains the installation of a Samba fileserver on CentOS 5.6 and how to configure it to share files over the SMB protocol as well as how to add users. Samba is configured as a standalone server, not as a domain controller. In the resulting setup, every user has his own home directory accessible via the SMB protocol and all users have a shared directory with read-/write access.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

I'm using a CentOS 5.6 system here with the hostname server1.example.com and the IP address 192.168.0.100.

Please make sure that SELinux is disabled as shown in chapter 6 of this tutorial: The Perfect Server - CentOS 5.6 x86_64 [ISPConfig 2] - Page 3

2 Installing Samba

Connect to your server on the shell and install the Samba packages:

yum install cups-libs samba samba-common

Edit the smb.conf file:

vi /etc/samba/smb.conf

Make sure you see the following lines in the [global] section:

[...]
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.

        security = user
        passdb backend = tdbsam
[...]

This enables Linux system users to log in to the Samba server.

Then create the system startup links for Samba and start it:

chkconfig --levels 235 smb on
/etc/init.d/smb start

3 Adding Samba Shares

Now I will add a share that is accessible by all users.

Create the directory for sharing the files and change the group to the users group:

mkdir -p /home/shares/allusers
chown -R root:users /home/shares/allusers/
chmod -R ug+rwx,o+rx-w /home/shares/allusers/

At the end of the file /etc/samba/smb.conf add the following lines:

vi /etc/samba/smb.conf

[...]
[allusers]
  comment = All Users
  path = /home/shares/allusers
  valid users = @users
  force group = users
  create mask = 0660
  directory mask = 0771
  writable = yes

If you want all users to be able to read and write to their home directories via Samba, add the following lines to/etc/samba/smb.conf (make sure you comment out or remove the other [homes] section in the smb.conf file!):

[...]
[homes]
   comment = Home Directories
   browseable = no
   valid users = %S
   writable = yes
   create mask = 0700
   directory mask = 0700

Now we restart Samba:

/etc/init.d/smb restart

4 Adding And Managing Users

In this example, I will add a user named tom. You can add as many users as you need in the same way, just replace the username tom with the desired username in the commands.

useradd tom -m -G users

Set a password for tom in the Linux system user database. If the user tom should not be able to log into the Linux system, skip this step.

passwd tom

-> Enter the password for the new user.

Now add the user to the Samba user database:

smbpasswd -a tom

-> Enter the password for the new user.

Now you should be able to log in from your Windows workstation with the file explorer (address is \\192.168.0.100 or\\192.168.0.100\tom for tom's home directory) using the username tom and the chosen password and store files on the Linux server either in tom's home directory or in the public shared directory.

Jul 18, 2011

How to install and configure Samba PDC domain controller on linux redhat rhel5

Samba PDC is used for centralized authentication and domain control of Windows
operating systems.

Here we will set a samba PDC machine with domain name lap.work and create some
users. And we will check whether these users are able to login to this domain from different
machines.

In this example we are working on rhel5. It will also work on other distributions like Centos, Fedora, SUSE etc.

Samba PDC Machine:
rhel 5.4
IP : 192.168.0.25

Windows Client:
Windows XP Professional SP2
Computer Name : lap-xp
Domain Name : lap.work
IP : 192.168.0.26

Installation:

Install samba packages:
[root@sambapdc ~]# yum install samba*

Configuration:

open the samba configuration file and make the following edits.
[root@sambapdc ~]# vim /etc/samba/smb.conf

Uncomment or edit the lines as shown below.

In global settings:

workgroup = lap.work #domain name
server string = Samba PDC Server #as host name. just to identify
netbios name = samba #netbios name for communication
local master = yes
preferred master = yes
domain master = yes
domain logons = yes
logon path = \\%L\Profiles\%U #profile entry
security = user
passdb backend = tdbsam

In share definishions:

[homes]
browseable = yes
writable = yes

[netlogon]
path = /home/netlogon
writable = no

[Profiles]
path = /home/profiles
create mask = 0755
directory mask = 0755
writable = yes #should give. Else you will get ACCESS DENIED errors

Now create the following directories:

[root@sambapdc ~]# mkdir -m 1777 /home/profiles
[root@sambapdc ~]# mkdir -m 1777 /home/netlogon

Attaching a windows machine:

Now create a group named machine and add a user with the name of windows client
[root@sambapdc ~]# groupadd -g 200 machine
[root@sambapdc ~]# useradd -d /dev/null -g 200 -s /sbin/nologin lap-xp$
Where lap-xp is the name of the machine we are attaching to samba PDC
[root@sambapdc ~]# smbpasswd -m -a lap-xp

Start the samba service:

[root@sambapdc ~]# service smb start
[root@sambapdc ~]# chkconfig smb on
Run testparm and test your configuration settings:
[root@sambapdc ~]# testparm
[root@sambapdc ~]# smbpasswd -a root
[root@sambapdc ~]# smbpasswd -e root

Add two more users for testing:

#useradd user1
#smbpasswd -a user1
#smbpasswd -e user
#useradd user2
#smbpasswd -a user2
#smbpasswd -e user2
[root@sambapdc ~]# service smb restart

On windows machine:

Right click the My Computer icon
Take properties
Take Computer name tab
Add the system to lap.work domain
you will be prompted for a username and password. Give root and its password.
System may need to restart

you can see that when we are logged as user1 a directory user1 will be created in /home/profiles
in samba PDC machine. This will be the home directory of that user. He will he able to login
from all machines in this domain and will be getting to this same directory.

Thats it. Enjoy. Have fun.

How to Install and configure a Samba Server in linux rhel5 / centos /all about samba

Samba have mainly following important uses:

As a domain controller
As a file server

This post explains how to configure and install Samba Server (Samba linux) in redhat rhel5 / Centos5 system. it'll work for other similar distros.
Samba provides mainly two services
1)file and
2)print services.
It allows data transfer between Linux boxes and Windows boxes. Samba uses SMB protocol to communicate with windows.

### Important Daemons in Samba ###
These are the mail services or daemons that runs samba.
smbd (139/445 _cifs)
nmbd (137/138)
winbindd - Mapping of users [ADS]

### Installing and Configuring a Samba Server ###
If you have a yum server configured, execute the following steps. Else find the required rpms and install.
# yum install samba*

The following packages will be installed.
xinetd [dep]
samba
samba-client
samba-swat

Start the samba service.

#/etc/init.d/smb start
SMB services started
NMB services started
#chkconfig smb on

Important fields in /etc/samba.smb.conf [Samba configuration file] :

When you use samba server there is one important thing you have to note. Thats in the configuration file. In glogal settings there is a "workgroup" field. In that you have to give the domain name if your windows machine belongs to one. Or you can give workgroup name if it is belongs to any. For sharing files and folders workgroup is enough.
You can make the above changes in windows also, but it requires rebooting of the windows machine. So its better you change the corresponding fields in linux box.

There is also another field "server string" in global settings. Its just as hostname. You can give any name by which you can identify the samba box.

The field "host allow" specifies the hosts which are allowed for the particular share. See the example below.

host allow = 192.168.0.21 #allow 192.168.0.21 only
host allow = 192.168.0. # allows all the machines starting with 192.168.0. network.

The field "write list" specifies the group of users who has write permission on that share.
For example

write list = @admins #the group admins has the write permission on that share.
The field "valid users" means only that users specified has access to that share.

valid users = root, samba1
## Some useful samba linux commands ##

#findsmb
The command findsmb returns the systems running samba compatible services.

#smbtree
smbtree is a smb browser program in text mode. It is similar to the "Network Neighborhood" found on Windows computers. It prints a tree with all the known domains, the servers in those domains and the shares on the servers.

To login Annonimously to a Windows box. If enabled.
[root@vm1 ~]# smbclient //192.168.0.77/Share_name -N
Anonymous login successful

[root@vm1 ~]# smbclient -L 192.168.0.77 [192.168.0.77 is a Windows box]
binds to windows as guest user. you have to enable the guest user login.
shows the domains and workgroups but not the shares. To see shares you have to login as privillaged user.

How to list the shares in a windows machine to a samba server?
[root@vm1 ~]# smbclient -L 192.168.0.77 -U administrator
binds to windows as administrator. You can see all the shares in the system. It will promt password.
Note: administrator is the windows user.

### using samba credential file ###
Using a credential file you can save time. The format of the file and the usage given below.

#vi samba_password

username = administrator
password = ******
:wq
[root@vm1 ~]# smbclient -L 192.168.0.77 -A samba_passwd

### smbget ###
How to get a file from windows machine to linux samba server using smbget command?
smbget is a wget-like utility for download files over SMB
[root@vm1 ~]# smbget -u administrator -p redhat smb://192.168.0.77/chanku/samba_sambaget.txt
downloads samba_sambaget.txt to local system.

### smbtar ###
How to get all files in windows share archived to linux samba server?
smbtar is a shell script for backing up SMB/CIFS shares directly to UNIX tape drives or directories.

[root@vm1 ~]# smbtar -s 192.168.0.77 -u administrator -p redhat -t chanku.tar -v -x chanku
It will archive all the files and directories in share "chanku" and will download to local directory. Empty files will not be archived.

### Mounting a Windows Share to a Linux box ###
How to mount windows share to linux samba server using cifs?
[root@vm1 ~]# mount -t cifs -o username=administrator //192.168.0.77/chanku /mnt
mounts the remote windows share 192.168.0.77/chanku into local linux samba machine.

smbfs - rhel4
cifs - rhel5 common internet file system

###File masks and Directory masks###
[root@vm1 ~]# mount -t cifs -o username=administrator,file_mode=0777,dir_mode=0755 //192.168.0.77/chanku /mnt
will mount the share with file permissions 777 and directory permissions 755.

###Mounting Samba permanently###
How to mount a windows share to linux samba server permanently?
Goto /etc/fstab and add the entry for samba share as shown below
//192.168.0.77/chanku /mnt cifs defaults,username=administrator,password=redhat,file_mode=0777,dir_mode=0755 0 0

[FOR COMMUNICATING A WINDOWS MACHINE AND A SAMBA SERVER SMOOTHLY THEY SHOULD BE IN SAME WORKGROUP]

### Adding a SAMBA user ###
How to add a samba user to linux samba server?
#smbpasswd -a username
Give and verify password for username

### Configuring WINS Client For Samba ###
speed ups the resolution of netbios name to IP

Samba name resolution:
Default Order
1. /etc/hosts
2. /etc/samba/lmhosts
3. WINS - One or more IP Addresses
4. Broadcast 192.168.0.255

### Steps In windows ###
Installation:
Control panel -> Add/Remove programs -> Add/Remove Windows components ->
network services -> Windows Interent Name Service -> Install

Configuration:
Start -> Administrative tools -> WINS Check!

Control panel -> Network Connections -> Local Area Connection -> Properties ->
TCP/IP -> Advanced -> WINS tab

Add wins server IP
Ip of windows machine. Which we use as wins server.
Display records after restarting the smb service in linux box[steps below] and click find now

### Steps in linux ###
vi /etc/samba/smb.conf
Name resolve order = wins host lmhosts bcast
wins support = no
wins server = 192.168.0.60
#service smb restart

now when we execute
#smclient -v -U administrator -L linuxcbt2k3
gives the result fast because itstead of using broadcast search, it uses wins server for resolution.
-v for verbose. to check whether it is still using broadcast method.

### Share Level Security ###
Default is User level. We can change it in smb.conf file. as

security = user
or
security = share

in /etc/samba/smb.conf file
[public]
path = /public
public = yes It is to enable guest user mount in windows.
read only = yes

in output of #testparm
[public]
path = /public
guest ok = Yes

### SAMBA - SWAT ###
SWAT - Samba Web Administration Tool

### SWAT INSTALLATION ###
#yum install samba-swat

vi /etc/xinetd.d/swat

# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
disable = no //Change the 'yes' to 'no'.
port = 901
socket_type = stream //means tcp based
wait = no
# only_from = 127.0.0.1 //If not commented can be accessible only from localhost. increase security
user = root //In order to bind privillaged port 901
server = /usr/sbin/swat
log_on_failure += USERID
:wq

#service xinetd restart

### SWAT INTERFACE ###
Take any browser and give following url in address bar.
http://IP_of_samba_server:port_number_of_swat[901]
http://192.168.0.21:901

samba log files can be found in
/var/log/samba

### NETBIOS ALIASES ###
setting alias

access the global section in swat
goto advanced mode
netbios aliases [give names]
now you can access the aliases machine in many names.

### Blocking a particular user from accessing a share. ###
goto swat and take shares section
goto the advance mode
choose the share u want to modify
in invalid users field
give the user names u want to block with commas.

Restart the service
#service smb restart

How to install and configure Samba-swat in rhel5 linux / centos

### SWAT INSTALLATION ### For rhel5/ centos5
If you have a yum server configured, run the following command. else find the rpm and install.

#yum install samba-swat

Open the following swat configuration file
#vi /etc/xinetd.d/swat

# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
disable = no //Change the 'yes' to 'no'.
port = 901
socket_type = stream //means tcp based
wait = no
# only_from = 127.0.0.1 //If not commented can be accessible only from localhost. increase security
user = root //In order to bind privillaged port 901
server = /usr/sbin/swat
log_on_failure += USERID
:wq //Save and quit
#service xinetd restart //restart the service

### SWAT INTERFACE ###
accessing in browser

http://IP_of_samba_server:port_number_of_swat[901]
an example

http://192.168.0.21:901

LINUX HELP ALL

Menu