Samba: An Alternative to Windows Servers
Table of Contents
Samba is an open source software
package that mimics a Windows server. Its purpose is to offer an alternative to
expensive, unstable Windows servers. Samba can replicate nearly all of Windows
server functionality. It appears in the Network Neighborhood like any other
Windows machine and functions in the same way. In fact, some servers on your
network right now could be running Samba instead of Windows and no one would
ever notice.
There are many reasons to use Samba. Here are just a few:
It outperforms Microsoft Windows 2000 Server! Documentation of this can be found at www.pcmag.com in an article entitled "Server Throughput and Response Times".
It is reliable. Samba servers have been known to have uptimes of months and then only malfunctioned due to hardware failure.
It is relatively easy to administer yet very customizable. Samba can be set up to function as anything from a simple print server to a complex Windows Domain Controller.
It is secure. There are no security holes known to exist in the current release of Samba.
It is available for many platforms. IRIX, Solaris, Linux, HP-UX, SCO UnixWare, and BSD are just some examples. Chances are most departments will already have a machine that can run Samba.
It seamlessly integrates into existing networks. Since Windows cannot distinguish between a Samba server and a Windows server, compatibility problems arise only under the rarest circumstances.
Samba ships with most Linux
distributions, some commercial Unix platforms and is available for almost any
operating system from www.samba.org.
Remember that the most current version is 2.2.2.
There is a very good chance that
it is, especially if the machine in question is running Linux. To check to see
is Samba is already on the machine execute the following command:
find / -name samba - print
This will search the entire hard
disk for Samba and print the results out to the screen. If Samba is on the
machine already, check now to see if it is running. To do this execute the
following command on Linux:
ps aux | grep smbd
Or the following command on other Unix systems
ps -ef | grep smbd
If either of these commands
returns a string that resembles
root 9798 0.0 0.4 2388 1104 ? S
Oct30 0:00 nmbd -D
Then Samba is running already. It
may need some special configuration to show up on the network, however. That is
covered later in this article.
If Samba is there on the machine
but not running, find the executables for smbd and nmbd (these are the processes
that actually allow Samba to function). You can find the executables with the
command:
find / -name smbd -print
And
find / -name nmbd -print
These commands will return a
result that looks similar to this
/usr/sbin/smbd
To start Samba execute the
following commands as root:
/usr/sbin/smbd -D
/usr/sbin/nmbd -D
Of course these commands may need
to be altered a bit to reflect the locations of the executables on your machine.
If Samba isn't on your machine
already, read the section below, Installing Samba.
If Samba is installed on your
machine test whether or not you have a fairly current version. To do this,
execute the following command as root:
/usr/sbin/smbd -V
Of course the might need to be
modified to reflect the location of the smbd executable on your system.
The easiest way to do this is via
a pre-assembled package for your system. For Linux these are RPMs for IRIX they
are called tardists. Regardless of what operating system you are using, make
sure to get the appropriate package. The RPM for RedHat 7.1 will most likely not
work on Slackware 8, for example. When using IRIX, make sure to get the package
that matches your operating system version.
Installing On Linux
Once you have downloaded the
appropriate package, install it. This is accomplished on a Linux machine in the
following way.
Rpm -Ivh <nameOfPackage>
Installing On IRIX
To install Samba on an IRIX
machine, as root, from the desktop choose System then Software Manager. When the
Software Manager opens up, choose File, then Open Distribution. Now navigate to
the location of the Samba tardist and choose "Open". From here the
process is fairly straightforward. Just follow the prompts to install the
software.
Installing From Source On Linux
and Other Operating Systems
If your version of Linux doesn't support RPMs or there are none available or you are installing Samba on platforms for which there are no pre-assembled packages, you will have to install Samba from source. This really isn't as complicated as it sounds but does require a few more steps than the ways listed above. The full process of installing Samba from source is outside the scope of this article but the basic steps go something like this:
Unpack the archive with the command tar xfvz <nameOfPackage>
Change into the newly created directory. For example, if Samba version 2.2.2 was downloaded and unpacked, the new directory would be Samba-2.2.2.
Configure the Samba installation with the command ./configure -with smbmount
Compile the code with the command make
Finish with the command make install
Finishing the Install Process
Depending on the method you chose to install Samba, some finishing touches may need to be applied to make the whole thing work. They include ensuring that a firewall or machine level security will not hamper Samba's operation, making sure the Samba service starts when the machine is booted, modifying /etc/services to account for the newly installed Samba services, and enabling SWAT, the graphical Samba configuration tool.
This step can be skipped on IRIX
and some other operating systems.
On Linux, simply make sure that the file /etc/services has these lines:
netbios-ns 137/tcp
netbios-ns 137/udp
netbios-dgm 138/tcp
netbios-dgm 138/udp
netbios-ssn 139/tcp
netbios-ssn 139/udp
If these lines are not included in /etc/services, Samba will not function properly. Note that you should not just add these lines to /etc/services since they might already be there. Just make sure the lines are there and if they aren't, add them.
To operate, Samba needs to be able
to accept connections on ports 137 and 139. In the latest versions of RedHat, a
firewall is installed that will, by default, block access to these ports. The
file that controls this on these RedHat machines in /etc/sysconfig/ipchains. The
following is an example of what this file should look like if it is to allow
incoming Samba connections:
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
# firewall; such entries will *not* be listed here.
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 137 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 139 -p tcp -y -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100
-y -j REJECT
On IRIX, the firewall is a
non-issue since there most likely isn't one running on the machine.
Starting Samba When the Machine
Boots
On Linux, Samba should be started via one of the startup scripts. Examples of these are:
/etc/rc.local
or
/etc/rc.3
Edit these scripts to contain the
lines below:
/usr/sbin/smbd -D
/usr/sbin/nmbd -D
Alternatively, if you are using
RedHat 7.1 or later, you can use the utility, setup, to tell Samba to
start automatically. To do this, execute the command setup. Then choose
"System Services", then check the box next to "smb".
If you don't want Samba to start
every time the machine boots, you can start it whenever you want to by simply
executing these commands:
/usr/sbin/smbd -D
/usr/sbin/nmbd -D
On IRIX, this is not an issue
normally as the process of installing Samba took care of it by itself. If it
didn't, however, change to the directory /etc/rc2.d and execute the following
command:
ln -s S81samba /etc/init.d/samba
To enable SWAT, the graphical
configuration utility for Samba, the process is the same on both IRIX and most
versions of Linux except RedHat 7.0 and greater. On IRIX and Linux versions
other than RedHat 7.0 and greater, simply add the following line to /etc/inetd.conf
swat stream tcp nowait root /usr/samba/bin/swat
swat
On RedHat 7.0 and greater, you
must edit the file /etc/xinet.d/swat to look like the example below:
service swat
{
port = 901
socket_type = stream
wait = no
only_from = localhost
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}
There are two basic ways to
configure Samba. You can either use SWAT or hand edit smb.conf.
Using SWAT
This process is the same on both
Linux and IRIX. SWAT is the preferred way to configure Samba. It is also very
easy to use. Simply open your favorite web browser and go to http://127.0.0.1:901.
SWAT will now ask for the username and password. Give it the root username and
password.
Editing
smb.conf
Logically, the first step to
editing smb.conf is finding it. There are several standard locations for
smb.conf depending on what operating system you are using. Some examples are
given below.
/usr/samba/lib/smb.conf
or
/etc/smb.conf
or
/etc/samba/smb.conf
Alternatively, if you can't find
smb.conf, use the following command to locate it.
find / -name smb.conf -print
After find smb.conf, open it in
your favorite text editor. An example of a very basic smb.conf is given below.
The text after the "#" sign is for instructional purposes only. Do not
include it in your smb.conf file.
[global]
#The [global] section
sets up parameters that affect the Samba server as a whole.
workgroup = MCSR #This sets the workgroup of which Samba is to be a member
server string = Linux #This line shows up as a comment in the network neighborhood
security = user #This is the security mode Samba will operate in. This requires that #users supply a username and password. There are other security level as #well including share, domain, and server
encrypt passwords = yes #This line is HIGHLY recommended if Windows 2000 clients are expected to access the Samba machine.
[stuff] #This is the name of the share. It will appear in the network neighborhood.
path = /tmp
#The path to the share
on the local machine.
[printers] #This is the easiest way to set up a print server. This will detect all the printers #that the machine is configured to work with and share them.
public = yes #This means that anyone can access this share
printable
= yes
#This actually makes this share printable, which it must be since it's a
printer #share
Of course this is a very basic smb.conf. There are many, many options available for use. In fact, the manpage for smb.conf is the second longest manpage available to Linux at over 7000 lines and 35,970 words.
Adding
Users to the Samba Machine
If someone needs to access a share on your Samba server, they must be both a valid user of the system and a valid Samba user.
Adding Users to a Linux System
To add users to a Linux system, use the following command:
adduser <username>
For example, to add user joe to the system, execute the command
adduser joe
After adding the user, specify a password for them with the command
passwd <username>
For example to change joe's password execute
passwd joe
Adding Users to an IRIX System
To add a user to an IRIX system, use the "System Manager" that is located in the menu on the desktop.
Adding Samba Users
To add users to the Samba users list, execute the command
smbpasswd -a <username>
For example, to add joe, execute the following
smbpasswd -a joe
This concludes the introduction to Samba. If there is interest, The MCSR will produce another article covering Samba configuration in more depth. In the meantime, you can email the main author of this article at jmjenki2@olemiss.edu for more information or general Samba setup help.
Don't forget to visit and
support www.samba.org.
by JAKE JENKINS