What is samba?
This is a quote from the README that comes with the samba tarball:
The very short answer is that it is the protocol by which a lot of PC-related machines share files and printers and other information such as lists of available files and printers. Operating systems that support this natively include Windows NT, OS/2, and Linux and add on packages that achieve the same thing are available for DOS, Windows, VMS, Unix of all kinds, MVS, and more. Apple Macs and some Web Browsers can speak this protocol as well. Alternatives to SMB include Netware, NFS, Appletalk, Banyan Vines, Decnet etc; many of these have advantages but none are both public specifications and widely implemented in desktop machines by default.
What Samba can do?
Here is a small list of the features Samba has to offer. (Quote from the README):
– a SMB server, to provide Windows NT and LAN Manager-style file and print services to SMB clients such as Windows 95, Warp Server, smbfs and others.
– a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives browsing support. Samba can be the master browser on your LAN if you wish.
– a ftp-like SMB client so you can access PC resources (disks and printers) from unix, Netware and other operating systems.
– a tar extension to the client for backing up PCs.
– limited command-line tool that supports some of the NT administrative functionality, which can be used on Samba, NT workstation and NT server.
Downloading and uncompressing
Download the newest source tarball from www.samba.org or the current version (as of 08/04/02) from here. The file is 5 megs so be patient.
To uncompress the source file, you are going to have to type in the following:
‘gzip -dc samba-2.2.5.tar.gz | tar xvvf -‘
What this will do is both untar and ungzip the file.
Compiling the files you just uncompressed
Change the directory to samba-2.2.5.
‘cd samba-2.2.5’
Now the compiling step is easy, just 3 simple commands. ‘./configure’
What this will do will generate all the makefiles that samba needs to compile.
‘make’
This will start the build process. When this is finished and there were no errors you will have to change to root (if your not already) and continue on with the last command.
‘make install’
This will install all the compiled files and all the default configuration files to the proper directories. Pretty easy eh? Well the next part is a little tougher, but still really easy. Please stay logged in as root.
Making your own Samba configuration file
Change the directory to /etc/samba.
‘cd /etc/samba’
Now use a text editor and edit smb.conf, I use pico, so exchange ‘pico’ for your editor, unless your going to use ‘pico’.
‘pico smb.conf’
Now, your in the editor, if smb.conf is blank, thats alright, Im going to give you a barebones samba config for filesharing. If its not, exit the program and move smb.conf smb.conf.bak.
‘mv smb.conf smb.conf.bak’
Then create a blank smb.conf file.
‘touch smb.conf’
Now re-open smb.conf.
‘pico -w smb.conf’
Now you should be looking at a blank file. Insert the following lines into it:
workgroup = your_workgroup_name
server string = your_server_name
lock dir = /tmp/samba
security = share
guest account = guest
share modes = yes
local master = no
name resolve order = host bcast
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
[cdrom]
comment = CDROM
path = /mnt/cdrom
read only = no
browseable = yes
public = yes
A printer can be added like this:
[ljet]
comment = “Laserjet”
path = /var/spool/lpd/lp
printer = lp
public = yes
printable = yes
print command = lpr -r -h
-P %p %s
This is a basic configuration file, you will just have to add more sections like the cdrom one you just added to create more samba shares.
Adding a user
This is simple from the command (as root) type:
‘smbpasswd -a ‘
Then enter the password you want for that username.
Setting up your swat on your system
SWAT is an easy way to edit the Samba configuration file (smb.conf), but to make SWAT work, you have to get in there and first edit both the /etc/services and /etc/inetd.conf files. Add the following line to your /etc/services file:
‘swat 901/tcp’
And the following line to your /etc/inetd.conf file:
‘swat stream tcp nowait,400 root /usr/sbin/swat swat’
This assumes that SWAT is installed in the /usr/sbin directory. If SWAT is in a different directory, change that part of the line to reflect its actual location.
Now, restart inetd:
killall -HUP inetd’
If you use inetd you can skip the rest of this step, if you are using xinetd instead of inetd use the following instructions.
After having edited the /etc/services file as explained above for inetd, you will create into the /etc/xinetd.d directory (or your own distribution equivalent) one file called swat. This file will contain the following information :
service swat
{
port = 901
socket_type = stream
wait = no
user = root
server = /usr/sbin/tcpd
server_args = /usr/local/samba/bin/swat
log_on_failure += USERID
disable = no
}
You must also add the following information to be able to use SWAT in authentication mode. Because SWAT is using the PAM (Pluggable Authentication Module) system, you need to configure the PAM sub-system to be used by SWAT. So you will create a file called samba in the /etc/pam.d directory. This file will contain the following two lines:
‘auth required /lib/security/pam_pwdb.so nullok shadow’
‘account required /lib/security/pam_pwdb.so’
Now restart xinetd:
‘killall -HUP xinetd’
And open up in your web-browser http://localhost:901 and login as root with your root password.
Securing Swat
Add the following lines to the following files to secure your samba server.
In /etc/hosts.deny:
swat: ALL
In /etc/hosts.allow:
swat: LOCAL, <ip_address>
Exchange <ip_address> for whatever ip address you wish to allow access to your shares.
Starting and stopping samba
Starting and stopping samba is as easy as pie, to start the server up type the following:
‘/etc/rc.d/init.d/smb start’
and stop it by typing:
‘/etc/rc.d/init.d/smb stop’
You have successfully completed installing samba, now to access your samba shares from another computer, its the same as if you were to do it in windows with filesharing.
Example: //server/share