Nowadays, it is quite common to find computers running Linux and Windows on the same local network. The reasons for this symbiosis can be different: for example, the owners of an Internet cafe did not have enough funds to purchase a licensed OS for all computers, or the system administrator was simply attracted by the positive aspects of Linux. The popularity of Microsoft operating systems is largely determined by client software for Windows. It's no secret that this software sector is very developed. Many companies have made serious efforts to this and have created really good, and most importantly, easy-to-use programs that even an ordinary user can easily master. But as a server, Windows’ position is no longer so clear. A server running Unix is traditionally characterized by reliability, stable operation, security and often lower requirements for system resources. But in any case, simply connecting computers with different software platforms to the network will not get the expected result. The problem is that these two systems use different principles for organizing network resources that are incompatible with each other. Since there is no need to wait for Microsoft's mercy, and Windows is unlikely to learn to work with the Unix network file system (NFS) using standard means, and, to be honest, I don't know any third-party programs, the most popular way is to try to teach Unix to "pretend" that if it were Windows NT.
Interaction in a network of computers running Windows is based on the use of the protocol SMB (Server Message Block)— blocks of server messages. It ensures that all the tasks necessary in these cases are performed: opening and closing, reading and writing, searching for files, creating and deleting directories, setting a print job and deleting it from there. All actions necessary for this are implemented in Unix-like operating systems using the package SAMBA. Its capabilities can be divided into two categories: provision of resources (by which we mean access to the printer system and files) for Windows clients and access to client resources. That is, a computer running Linux can act as both a server and a client. First, let's consider the SAMBA server option.
What should SAMBA provide for normal operation of Windows machines on a network? First, access control, which can be implemented either at the resource level (share level), when a password and corresponding usage rules are assigned to any resource on the network (for example, “read only”), while the user name has absolutely no no meaning; or a more advanced and flexible organization at the user level, when an account is created for each user, which, in addition to the name and password, contains all the necessary information about access rights to the resource. Before gaining access to the required resource, each user is authenticated, after which he is granted rights according to his accounts. Secondly, emulation of access rights determined by the file system is necessary. The thing is that the systems in question have access rights to files and directories on the disk differently. In Unix, there are traditionally three categories of file users: owner, group And the rest (other). Each of these entities may be provided read permissions, write And execution. In Windows NT, the access system is somewhat more flexible; access is granted to several groups or users, and the corresponding access rights are determined separately for each subject. Therefore, it is impossible to fully emulate the access rights inherent in NTFS using SAMBA.
With clients running Windows 9x, the situation is different. Since the time of the grandfather of DOS, due to the fact that the system is single-user and there could be no talk of any users, much less groups, only four attributes have been defined for the FAT file system - read only, system, archive and hidden. Plus, in Windows, unlike Unix, the file extension has a special meaning - those that are intended to be executed have the extensions .exe, .com or .bat. When copying files from Unix machines to Windows computers, the attributes are set like this:
only for reading— reading, writing for the owner;
archival— execution for the owner;
systemic— execution for the group;
hidden - execution for the group.
A network of Windows machines can be organized as a workgroup, when the computers are independent of each other and each has its own database of passwords and logins with its own security policy, and also as an NT domain. The entire basis for user and computer authentication is managed primary domain controller (PDC, Primary Domain Controller), i.e. centralized. Samba allows you to restrict access at all of these levels and acts as a "master browser" in the context of a workgroup or domain controller.
We have sorted out the general organizational issues. Let's now look specifically at the implementation and configuration of a SAMBA server in Linux. For the Samba server to work, two daemons must be running: smbd, which provides a print and file sharing service for Samba clients (such as Windows of all stripes), and nmbd, which powers the NetBIOS name service (it can also be used to query other name service daemons). The protocol is used to access clients TCP/IP. Typically, Samba is installed with a Linux distribution. How to check? Just give the command:
$whereis samba
and you should get something like this:
Samba: /usr/sbin/samba /etc/samba /usr/share/man/man7/samba.7.gz
If it is not included in the standard distribution, then welcome to ftp://ftp.samba.org/pub/samba/samba-latest.tar.gz or almost any server with programs for Linux. The package is easy to install, so in order not to take up space, we will assume that you have it installed. Now let's check if the daemon is running:
$ ps -aux | grep smbd root 1122 0.0 0.6 4440 380 ? S 16:36 0:00 smbd -D
As you can see, I already have it running. If you don’t have it, and you want it to start when the system boots, then in Linux Mandrake, for example, check the desired box in DrakConf— starting services or in Red Hat Control-panel— Service Configuration, usually this is enough. Or start manually: ./etc/rc.d/init.d/smb start. The only Samba configuration file is called smb.conf and is usually located in the /etc directory (although in AltLinux, for example, it is in the /etc/samba directory). The SAMBA service reads it every 60 seconds, so changes made to the configuration take effect without rebooting, but do not apply to already established connections.
This is why I love Linux, because the configuration files are plain text (and well commented inside), and in order to use most of the parameters, you just need to uncomment the corresponding line. The smb.conf file is no exception. It consists of named sections starting with the section name enclosed in square brackets. Inside each section there are a number of parameters in the form key=value. The configuration file contains four special sections: , , and individual resources (shares). As the name suggests, the section contains the most general characteristics that will apply everywhere, but which, however, can then be overridden in sections for individual resources. Some parameters in this section are also relevant to configuring the Samba client part.
Values of typical section parameters global:
Workgroup = group_name # name of the workgroup on the Windows network netbios name = name of the server on the network server string = comment that is visible in the network browsing properties window guest ok = yes # allowing guest login (guest ok = no - guest login is prohibited) guest account = nobody # name under which guest login is allowed security = user # Access level. user - at the user level, security = share - authentication based on username and password. When storing the password database on another SMB server, the values security = server and password server = name_server_NT are used. If the server is a member of a domain, the value security = domain is used, the access password is specified in the file defined using the smb passwd file = /path/to/file option.
In addition, during registration you can use encrypted and unencrypted (plain-text) passwords. The latter are used in older Windows (Windows for Workgroups, Windows 95 (OSR2), all versions of Windows NT 3.x, Windows NT 4 (up to Service Pack 3)). To enable the option to use an encrypted password, use the encrypt password = yes option. Please pay special attention to this option. On older Linux distributions that were built during the Windows 95 era (and with an older version of Samba), password encryption is disabled by default, and samba before version 2.0 does not support this mode at all (by the way, this option and similar ones - those that do not relate to access to specific resources - are also used in the client).
To correctly display Russian file names, the following options are needed: client code page = 866 and character set = koi8-r. In distributions with good localization, for example, derivatives from Mandrake and Russian ones, this line is already there; sometimes it’s enough just to uncomment it, but in most others you have to add it yourself.
The interfaces = 192.168.0.1/24 option specifies which network (interface) the program should run on if the server is connected to several networks at once. When setting the bind interfaces only = yes parameter, the server will only respond to requests from these networks.
hosts allow = 192.168.1. 192.168.2. 127. — defines clients for whom access to the service is allowed.
In the global section, you can use various variables for more flexible configuration of the server. After the connection is established, real values are substituted instead. For example, in the log file = /var/log/samba/%m.log directive, the %m parameter helps define a separate log file for each client machine. Here are the most common variables used in the global section:
%a - OS architecture on the client machine (possible values - Win95, Win NT, UNKNOWN, etc.);
%m — NetBIOS name of the client computer;
%L — NetBIOS name of the SAMBA server;
%v — SAMBA version;
%I — IP address of the client computer;
%T — date and time;
%u is the name of the user working with the service;
%H is the home directory of user %u.
Also, for more flexible configuration, the include directive is used, using the above variables. For example: include = /etc/samba/smb.conf.%m - now when you request sales from a computer and there is a file /etc/samba/smb.conf.sales, the configuration will be taken from this file. If there is no separate file for a particular machine, then a common file is used to work with it.
There is also an interesting possibility creating a virtual server. To do this, use the netbios aliases parameter:
Netbios aliases = sales accounting admin
Now we tell Samba to use its own configuration file for each virtual server:
Include = /etc/samba/smb.conf.%L
Three servers will be visible in the network browser window: sales, accounting, admin.
Enabling the preserve case and short preserve case options causes the server to save all input in a case-sensitive manner (on Windows case is not case-sensitive, on all Unix systems it is the other way around).
The section allows users to connect to their working directories without explicitly describing them. When a client requests its //sambaserver/sergej directory, the machine looks for the corresponding description in the file and, if it does not find it, then looks for the presence of this section. If the partition exists, it looks through the password file to find the working directory of the user making the request and, if found, makes it available to the user.
A typical description of this section looks like this:
Comment = Home Directories # comment that is visible in the network properties window browseable = no # determines whether to display the resource in the browse list. writable = yes # allows (no - denies) writing to the home directory create mode = 0750 # access rights for newly created files directory mode = 0775 # also, but only for directories
After configuring the default settings, you can create network resources that can be accessed by a specific user or group of users. Such a resource is created from an already existing directory; for this we write in the file:
Comment = Public Stuff path = /home/samba public = yes writable = no printable = no write list = administrator, @sales
The path parameter points to the directory in which the resource is located; the public parameter specifies whether the resource can be used by a guest, and the printable parameter specifies whether the resource can be used for printing. The write list parameter allows you to define users who are allowed to write to a resource regardless of the writable value (in this example, these are the administrator user and the sales group). It is also possible to use the opposite list - read list. If there is a need to hide some files, then in Unix/Linux the file name must begin with a dot (the hide dot files parameter, which controls the display of hidden files, is equal to yes). In addition, it is possible to specify templates for the names of hidden files, for which the hide files parameter is used. Each pattern begins and ends with a forward slash (/) character and can contain characters used in regular expressions. For example: hide files = /*.log/??.tmp/. Such tricks cost Windows users just by setting the “Show hidden and system files” mode in Explorer. To confidently limit the availability (the ability to delete) a file (directory), use the veto files and delete veto files parameters.
With CD drives the situation is somewhat more complicated. The thing is that in Unix-like systems there is no concept of a disk as such, and in order to gain access to the desired device, it must first be mounted into a directory tree (# mount -t iso9660 /dev/cdrom /mnt/cdrom) , and after use, in order not to destroy the file system, it must be unmounted (# umount /dev/cdrom), otherwise the device simply will not give up the disk. If you have a daemon running on your server autofs, then the problem is easily solved. To automatically unmount a device that has been unused for some time, set the timeout parameter in the /etc/auto.master file to the desired value. For example:
/mnt/auto/etc/ --timeout=5
(a similar line is already there, you just need to uncomment it). Then set the options for the appropriate device in the /etc/auto.tab file:
Cdrom -fstype=auto,ro:/dev/cdrom
After all this, we write the following lines in /etc/smb.conf to make this resource available:
Path = /mnt/cdrom writable = no
The second option is to use the preexec and postexec directives, which indicate which commands must be executed when accessing a resource and after disconnecting from it (these parameters can be specified for any resource and even in the global section, which opens up great possibilities).
Path = /mnt/cdrom read only = yes root preexec = mount /mnt/cdrom # Only root has the right to mount a resource root postexec = umount /mnt/cdrom # Naturally, these mount points must be described in the /etc/fstab file, otherwise You must also provide other information.
Now, when accessing a resource, the CD-ROM is automatically mounted, and sometimes unmounted. The whole problem is that the decision to close a resource must be made by the server - clients, as a rule, do not notify about this. But usually this happens because several users are using the resource at the same time or an open file on this resource is left on one computer (Device busy). Therefore, the CD-ROM is not automatically unmounted; the only acceptable way to free up the resource is to look using the utility smbstatus number of the process using this resource and kill it with the command # kill pid_number (or kill -s HUP pid_number).
Having established the necessary configuration, we will now create user accounts (with the exception of the guest login with minimal rights nobody). To identify SAMBA users, the file /etc/samba/smbpasswd is used, which contains user names and encrypted passwords. Since the encryption mechanism in networks of Windows machines is not compatible with standard Unix mechanisms, a separate utility is used to fill out the password file - smbpasswd.
# useradd -s /bin/false -d /home/samba/sergej -g sales sergej # smbpasswd -a sergej # smbpasswd -e sergej
This example adds a new user sergej belonging to a group sales, with a dummy shell (possible options are /sbin/nologin, /dev/null) and a home directory /home/samba/sergej. Then we create a password for the user sergej and the last step is to enable access for the user, because it is disabled by default. An interesting point that can sometimes be confusing. The fact is that when connecting to a SAMBA server on a computer with Windows NT/2000, the user is prompted to enter, as expected, a login and password, and if a computer with Windows 9x/Me is used for access, then the user is prompted to enter only the password, and The login is generated automatically based on the registration name.
You can also map multiple Windows users to one Linux/Unix user. To do this, a mapping file /etc/smbusers.map is created, in which each mapping is specified as a separate line:
User_Linux = user_win1 user_win2 user_winN
In the section, add the line username map = /etc/smbusers.map. In this case, the Windows user must register with the password of the user with whom he is associated.
Using SAMBA, you can organize network printing from computers running Windows (if you are planning a separate print server, then a machine based on a 486 processor is sufficient for this).
To do this, you need to write the following lines in the section:
Printcap name = /etc/printcap # file describing printers connected to the system load printers = yes # indicates the need for automatic inclusion in the list of network resources printing = lprng # printing system (for Linux bsd can also be used).
Path = /var/spool/samba # points to the directory where print jobs are placed browseable = yes printable = yes read only = yes
After creating the file, test it using the utility testparm. Unfortunately, using this program you can only detect syntax errors, not logical ones, so there is no guarantee that the services described in the file will work correctly (during testing, all settings will be displayed, even those installed by default - so review carefully result). But if the program does not complain, you can hope that the file will be downloaded without problems when launched. You can check the correct operation of the printers listed in the /etc/printcap file with the SAMBA server using the utility testprns. Plus, don’t forget about .log files: if problems arise, you can sometimes find a solution there.
Now a little about the good stuff. Configuring Samba is quite complex, but the distribution comes with a Web-based administration tool called swat(Samba Web Administration Tool, ). Swat runs as a service or using an Apache server and is designed to edit the smb.conf file, as well as check the status, start and stop Samba daemons, and change user passwords. For it to work as a service, the /etc/services file must contain the line swat 901/tcp, and the /etc/inetd.conf file must contain swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat (this is if the network daemon is used inetd, usually in older distributions; modern distributions use a more secure option - xinetd). In order to use swat in the /etc/xinet.d directory, create a swat file with the following content:
Service swat ( disable = no port = 901 socket_type = stream wait = no only_from = 127.0.0.1 # this is a line to run only from the local machine user = root server = /usr/sbin/swat log_on_failure += USERID )
Now to launch Swat in your browser window, enter:
Http://localhost:901
But before that, be sure to create a user admin in the manner described above. And never run the SAMBA service on behalf of root.
After all the changes to the smb.conf file, you will sometimes need to restart the daemon:
Smb: /etc/rc.d/init.d/smb restart
If after all the above steps it was still not possible to organize access to SAMBA resources, then utilities such as ping(to check the availability of a node on the network), nmblookup(to query NetBIOS names), or as a last resort tcpdump. And don’t forget about access rights, because by assigning the /gde/to/w/glubine directory to the user, you will give him the ability to read (execute right) the previous directories.
Now let's talk about using the Samba client, because we (Linux users) also want to work with Windows network resources. To find out what resources are available, you must enter the command /usr/bin/smbclient -L host_name. The program will ask for a password, in response to which in most cases you just need to press Enter. Now, to connect to the required resource, enter the computer name and the required resource. For example:
# /usr/bin/smbclient \\Alex\Sound
(here we are trying to connect to the Sound folder on Alex's computer). As a result, if the command was entered correctly and the network resource exists, you should be prompted to enter a password. Enter it or press Enter if a password is not required for access. In response, you will receive a samba client prompt: smb: >. Further work occurs through a set of commands, with which you can perform all the necessary operations for working with files (copying, creating, moving, etc.). For help, enter smb: > help. This mode is somewhat inconvenient, so in most cases the module is used smbfs, part of samba; but in older distributions the kernel may be compiled without smbfs support, and then it will have to be rebuilt. To mount the required resource, type something like this:
Mount -t smbfs -o username=user,password=123456,iocharset=koi8-r,codepage=866 //alex/sound /mnt/sound.
If you do not specify a username and password, the system will ask you for it. Don't forget that by looking at the ~HOME/.bash_history file, you can find out the password based on the commands you typed. Another subtlety: if the smbclient program correctly displays files with Russian names, then the smbfs module sometimes does not pay absolutely no attention to other encoding, even if you specify it explicitly. They say this can be fixed with a patch, but I haven't found one for my Red Hat yet.
If you want the SMB share to be mounted automatically at system startup, add a line like this to your /etc/fstab file:
//guest@alex/sound /mnt/alex/sound smbfs rw, noauto 0 0.
In this example, on behalf of the user guest(if the resource supports this user and if this user has access only with a password, then do not worry: you will certainly be asked for it) the sound network resource on the alex computer is mounted in the /mnt/alex/sound folder with the ability to write to this directory. By the way, the Samba client perfectly sees hidden network resources, i.e. those whose network name ends with a $ sign.
As you can see, you have to work with the command line, which causes quiet horror for the modern user. And here the OpenSource world met him halfway - many utilities have been created that allow you to work with Samba resources in a more familiar way, by pressing buttons in graphical shells. The most popular program included in the Mandrake distribution and its derivatives, as well as Debian - gnomba. In any case, it can be found on most servers with Linux software (I saw it on ftp://ftp.altlinux.ru/ for sure). This utility allows you to view available network resources () and, if necessary, mount them in the desired directory, while a mounting option is possible by specifying the login and password for those resources that require it. It is possible to launch the file manager when mounting (by default gmc), creating directories for mounted resources, setting the option of automatic scanning at program startup (possible using the SMB protocol by default) and scanning by IP addresses (planned using the WINS protocol). For reasons unknown to me, in some distributions, when scanning using the SMB protocol, network resources were not displayed, so I always use the second method, since it works flawlessly, you just need to set the range of IP addresses for scanning (if you know). In order for Russian file names to be displayed correctly, do not forget to install the koi8-r fonts in the tab Options > Font selection, and also check the lines indicating the Cyrillic encoding in the smb.conf file (see above).
If gnomba can only mount and unmount resources, then the program xsmbrowser It also allows you to enter them as folders on the local computer (). True, I have not yet been able to get this program to understand files with Russian names, but there are also positive aspects: when this program is running, all mounting commands and various network requests are output to the console, which allows you to understand them well. The KDE developers also tried: through Preferences > Information utility available Samba Status, which displays all connections to/from the local computer, while also being a convenient tool for viewing .log files. The utility provides similar information komba, which can be found at http://linux.tucows.com/().
As much as I would like to tell you more, a magazine is a magazine—you can’t fit everything. Next, the ubiquitous man and info will come to your aid. Also, all the necessary reference information can be obtained from the SWAT utility, and in Red Hat 7.3 there was a book Using Samba Robert"a Eckstein"a(English language - bad, completely free - good: /usr/share/swat/using_samba), also available from SWAT (). Additional documentation, FAQs, and example configuration files can be found in the /usr/share/doc/samba directory. In various forums you can find quite contradictory opinions about the work of Samba, from extremely negative to complete delight. Personally, I am on the side of supporters of this Windows NT emulator; moreover, according to test results with the same equipment, the Samba server shows performance approximately 25-30% higher than a computer running a system from Microsoft. Good luck.
Samba is software for organizing file sharing and working with shared resources between computers running Linux/Unix and the Windows operating system. Samba consists of a client and server part. The client part allows you to access network folders and Windows resources, and the server part, in turn, opens general access to the Ubuntu folder for other machines, including Windows.
This short instruction will cover the simplest setup of Samba Ubuntu 18.04, as well as how to set up shared access to the Ubuntu folder with several levels of privileges.
We will create three shared folders with different permission levels. A folder with anonymous access, with access for users belonging to a specific group and access only for a specific user.
Both Linux and Windows machines can access shared folders in Ubuntu, using any program running over the SMB protocol.
In order for everything to work correctly, all machines must be in the same workgroup specified on the Samba server. By default, for Windows, Linux, and MacOS, the workgroup is called Workgroup. To find out which workgroup is used in your Windows, open the command line (Win+R, then cmd) and run the following command:
net config workstation
We see the parameter we need in the line Workstation domain. This is the working group.
Now, if a computer with a Samba server on your network has a permanent IP address, it is advisable to enter it in the hosts file. To do this, run the command line as an administrator:
And run the command:
notepad C:\Windows\System32\drivers\etc\hosts
In the file that opens, add a line with the IP address of the computer on which Samba will be installed:
192.168.0.1 srvr1.domain.com srvr1
Now you can move on to the question of how to share the Ubuntu folder.
Let's start, as usual, with installation. Installing Samba Ubuntu along with all the necessary components is done with the command:
sudo apt-get install -y samba samba-common python-glade2 system-config-samba
Once everything is installed, you can proceed to configuration. First, create a backup of your original Samba configuration file:
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
After creating the backup, create your configuration file with this command:
sudo vi /etc/samba/smb.conf
First, let's specify the global file server settings. To do this, insert the following lines into the file:
workgroup = WORKGROUP netbios name = Ubuntu Share dns proxy = no max log size = 1000 passdb backend = tdbsam unix password sync = yes pam password change = yes map to guest = bad user usershare allow guests = yes
Let's take a closer look at what these lines mean.
When you complete creating the configuration file, we move on to the question of how to share the Ubuntu folder for Windows.
First, let's create a shared folder accessible to everyone. That is, with anonymous access, without samba authorization.
Create a folder to which we will share access, for example:
sudo mkdir -p /samba/allaccess
After the folder is created, you need to set the correct access rights for it. The following commands allow access to the folder to everyone and make the owner nobody:
cd /samba sudo chmod -R 0755 allaccess sudo chown -R nobody:nogroup allaccess/
The next step is to describe the allaccess folder in the samba configuration file:
path = /samba/allaccess browsable = yes writable = yes guest ok = yes read only = no
Your configuration file should now look like this:
workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) netbios name = Ubuntu Share dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 passdb backend = tdbsam unix password sync = yes passwd program = /usr/bin/passwd %u pam password change = yes map to guest = bad user usershare allow guests = yes #==============path = /samba/allaccess browsable = yes writable = yes guest ok = yes read only = no
Let's take a closer look at the options that were used here:
To apply the changes, restart the Samba server:
sudo systemctl restart samba
Setting up Samba Ubuntu 16.04 for anonymous access is complete. Now you can check the availability of the allaccess shared folder from Windows, to do this, press Win+R and run:
\\srvr1\allaccess
You will see our folder. If you don't see it, check your configuration again. The folder can be accessed without samba authorization. Setting up Samba shares with access without authorization is complete.
You can also connect to this server from Linux using Nautilus; just type the address smb://ip-server, in the section other places:
To share a folder for Windows Ubuntu, which only users from a certain group will have access to, we will create a separate folder and describe it in the Samba configuration file in Ubuntu.
First we create a folder:
sudo mkdir -p /samba/allaccess/secured
Create a group:
sudo addgroup securedgroup
Setting up rights:
cd /samba/allaccess $ sudo chown -R richard:securedgroup secured $ sudo chmod -R 0770 secured/
The last step is to add settings to the samba configuration file:
path = /samba/allaccess/secured valid users = @securegroup guest ok = no writable = yes browsable = yes
Restart the Samba server. Now only users of the securegroup can access the shared folder in Ubuntu.
To check how this works, let's add the user richard to our group:
sudo usermod -a -G securedgroup richard
Or maybe it’s just interest and curiosity that push users to search for various suitable software. Samba is one such software. You need to know how to set up Samba on Ubuntu Server if you want to turn your computer into a database or file storage.
Installing Samba on Ubuntu Server allows you to create a database.
If you thought that the page was dedicated to learning dance, you were slightly mistaken. Samba is free software. It provides access to printers and files. And it does this on various operating systems.
In comparison with other software packages for similar purposes, Samba has several advantages and features.
Probably, for many, the main thing from this is communication with Windows machines. In this case, they act as a client, and the Ubuntu computer acts as a server. On the other hand, an Ubuntu user can also access Windows network folders.
Samba has been produced since 1992. And, most importantly, new versions are still being released. The latter was released on March 7, 2017. Every year, developers try to establish compatibility with a large number of different versions of operating systems, but the main feature remains the connection of Linux systems with Microsoft. Compared to Windows Server, Samba may be inferior to it due to the lack of support for some protocols and host infrastructure. However, many argue that the speed of Samba is much higher.
Before setting up, the program must be installed. Installing Samba is done in the same way as with other programs - by entering the command into the terminal:
sudo apt-get install samba
Please note right away: all the steps that will be described, including installing the program, can be performed both on simple Ubuntu and on Ubuntu Server. Only the latter has an exclusively text interface available.
After installation, you should make a backup of the configuration file:
$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
$ sudo vi /etc/samba/smb.conf
Or we edit an existing one. This file contains the basic settings of the Samba server. To figure out what we'll do next, we need to understand what the different lines mean.
This is the simplest action with which you can start working with Samba.
Add a user in the OS itself:
$ useradd -M -l -s /sbin/nologin username
Let's create a password for it:
Let's add our user to the Samba database:
$ smbpasswd -a username
You can perform various other actions using the $ smbpasswd command:
The server must be rebooted if you make changes to the configuration file. This is done using the command:
$ systemctl restart smb
These are the basic Samba settings. Now you can try to put the program into practice.
First, let's try to create a folder that will be accessible to all users, even those who are not authorized in Samba.
We create a folder with which we will then work on two computers:
$ sudo mkdir -p /samba/access
Now we give this folder extended access so that any client on our local network can open it:
$cd/samba $ sudo chmod -R 0755 access $ sudo chown -R nobody:nogroup access/
The owner according to the code is nobody.
Now in the server configuration file you need to make two sections: the first one containing basic information:
workgroup = WORKGROUP server string = Samba Server %v netbios name = srvr1 security = user map to guest = bad user name resolve order = bcast host dns proxy = no #==============And the second one, containing data about the access folder: path = /samba/access browsable =yes writable = yes guest ok = yes read only = no
The sections follow one after another in the same order.
Update server changes:
$ sudo service smbd restart
On Windows, you also need to perform some steps so that you can easily open a new shared folder and edit it.
A configured Samba server can also be used to create network folders with limited access. Such a folder must also be created first and then added to the Samba configuration.
Let's make a folder called "Closed":
$ sudo mkdir -p /samba/allaccess/closed
Let's create a special group that can have access to this folder:
$ sudo addgroup securedgroup
We create special rights for different groups:
$ cd /samba/access $ sudo chown -R richard:securedgroup closed $ sudo chmod -R 0770 closed/
Just as in the case of an open folder, we add information to the configuration:
path = /samba/access/closed valid users = @securegroup guest ok = no writable = yes browsable = yes
We restart the server.
As you can understand, we created a Closed folder inside Access. Thus, Access can be opened by every user on the local network, but in order to view and edit Closed, you need to have special rights.
To make sure that everything works exactly as we specified in the batch file, you can follow a few simple steps.
We create a user and add him to our closed group:
$ sudo usermod -a -G securedgroup winston
Our user's name is like a pack of cigarettes (or the Prime Minister of Britain).
Let's create a password for Winston:
$ sudo smbpasswd -a winston
After this, we will be prompted to enter a new password to log in again under the newly created account. Don't forget to reboot after this. Now you know how to set up a server via Samba in Ubuntu.
Of course, Samba's capabilities are not limited to just creating simple folders. But these simple instructions and examples show what you can do with this program. This will be the first step towards understanding the essence of server PCs and their management.
Samba is a program that allows UNIX/Linux computers to emulate Windows machines. Using Samba, computers can share files or manage print jobs as file servers or Windows print servers. Like the UNIX/Linux operating system on which it runs, Samba is open source software developed by many programmers.
The SMB protocol is used by Microsoft Windows 2000, NT and 95/98 to provide access to disks and printers. Using the Samba suite of utilities from Andrew Tridgell ( [email protected]), UNIX machines (including Linux) can provide access to disks and printers for Windows machines. smbfs utilities written by Paal-Kr. Engstad ( [email protected]) and Volker Lendecke ( [email protected]), enable UNIX machines to mount SMB resources available on Windows or Samba machines.
Using Samba you can implement the following most common ones:
Installation, as you know, should begin with a detailed study of the documentation. True, most system administrators neglect this rule, guided by another: “If all else fails, read the documentation.” In general, we recommend starting the Samba installation with a simple command: $ man samba (Fig. 1).
And also from reading the documentation available on the website http://www.samba.org/. It should be noted that to use Samba, your machine must be on a single Ethernet segment of the local network, while using the TCP/IP protocol. Samba will not work when using other network protocols. This is basically easy since Linux and Windows 95/98/NT come with TCP/IP support. However, if you are using Windows 3.x machines, you will need to add TCP/IP support.
To obtain the source code for the latest version of Samba, contact http://www.samba.org/ and select the mirror server closest to you: ftp://ftp.samba.org/. The Samba package is included in the distribution kits of a number of UNIX/Linux systems, for example Rad Hat or Suse Linux. Carefully study the documentation of your Linux, and it is quite possible that you will only need to insert the CD and install the Samba packages. In this case, you can continue reading the article from the next chapter.
After receiving this package, extract everything that is labeled *.tar.gz, for example, into the /tmp directory (and you don’t have to be root for this:), that is:
$ tar -zxvf samba-latest.tar.gz
If you have no problems extracting this package, you will find a new directory, such as samba-latest, with the extracted files in it. Go to it, look at the “README” and “Manifest” files - installation instructions are in the last file and look something like this:
$ ./configure $ make $ su # make install
Now you need to pay attention to where your configuration files are located. Most Samba distributions by default place them in the /etc directory and themselves in the /usr/local/samba directory.
Basic Samba configuration information is found in the smb.conf file. This file should be handled with care. If you plan to change the running version in any way, be sure to make a copy.
In order to start the server for the first time, you must have a working version of the smb.conf file. Go to the directory where your configuration file should be located. Most likely it will be /etc or /usr/local/samba/lib. Make a copy of this file, for example smb.old - this is possible if you have root rights. Now that you have a “clean” file, you can enter the simplest configuration, that is, type the following lines:
#Basic Samba configuration file (smb.conf) workgroup = PTO netbios name = GALKA
We'll look at what these lines in the configuration file mean below, but first we'll take a break from that for a moment and move on to the SMB daemons.
There are two SMB daemons: /usr/sbin/smbd and /usr/sbin/nmbd. You can run Samba daemons from inetd or as a standalone process. Samba will respond slightly faster if it is running as a standalone process.
Sometimes it is necessary to check for the following lines in the /etc/services file:
Netbios-ns 137/tcp nbns netbios-ns 137/udp nbns netbios-dgm 138/tcp nbdgm netbios-dgm 138/udp nbdgm netbios-ssn 139/tcp nbssn
Make sure they are all uncommented. Depending on your distribution, you may even need to add them to this file. Samba will not be able to bind to the appropriate ports unless these lines are in the /etc/services file.
To start daemons from inetd, place the following lines in the inetd configuration file, /etc/inetd.conf:
# SAMBA NetBIOS services (for PC file and print sharing) netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd
Then restart the inetd daemon by running the command:
Kill -HUP 1 `cat /var/run/inetd.pid`
To start daemons from system startup scripts, place the following script in the file /etc/rc.d/init.d/smb (for the RedHat distribution) or /etc/rc.d (for the Suse Linux distribution) and create symbolic links to it with names like /etc/rc.d/rcX.d/S91smb (starts SMB services in multi-user mode), /etc/rc.d/rcX.d/K91smb (kills SMB services when shutdown), /etc/rc.d/rc6 .d/K91smb (kills SMB services on reboot), where X is the system boot level number, usually the number 2 or 3.
#! /bin/sh . /etc/rc.config # Determine the base and follow a runlevel link name. base=$(0##*/) link=$(base#*) # Force execution if not called by a runlevel directory. test $link = $base && START_SMB=yes test "$START_SMB" = "yes" || exit 0 # The echo return value for success (defined in /etc/rc.config). return=$rc_done case "$1" in start) echo -n "Starting SMB services:" startproc /usr/sbin/nmbd -D || return=$rc_failed startproc /usr/sbin/smbd -D || return=$rc_failed echo -e "$return" ;; startd) echo -n "Starting SMB services:" startproc /usr/sbin/nmbd -D -d 10 || return=$rc_failed startproc /usr/sbin/smbd -D -d 10 || return=$rc_failed echo -e "$return" ;; stop) echo -n "Shutting down SMB services:" killproc -TERM /usr/sbin/nmbd || return=$rc_failed killproc -TERM /usr/sbin/smbd || return=$rc_failed echo -e "$return" ;; restart|reload) $0 stop && $0 start || return=$rc_failed ;; status) echo -n "Checking for service smb: " checkproc /usr/sbin/nmbd && echo -n "OK " || echo -n "No process " checkproc /usr/sbin/smbd && echo "OK " || echo "No process" ;; *) echo "Usage: $0 (start|stop|restart|reload|status)" exit 1 esac # Inform the caller not only verbosely and set an exit status. test "$return" = "$rc_done" || exit 1 exit 0
If you receive a message when you start Samba saying that the daemon cannot connect to port 139, then most likely you already have Samba processes running that have not been terminated. Look at the list of processes (using the command "ps ax | grep mbd") to determine if there are any Samba services still running. If the daemons refuse to start for some other reason, then most likely this script does not fit your UNIX/Linux and you will have to dig into the documentation again, correct something in it, and maybe even rewrite it.
Obviously, in the configuration described above, Samba can function, but practically nothing can be done. More useful and complex examples will be discussed below. But first you need to understand the smb.conf directives.
Each section of the file begins with a section header, such as , , etc.
Now go to the very first tab “Configuration” and click on the “File and print sharing” button. In the window that appears, you need to check the boxes “The files on this computer can be shared” (I want to be able to give others access to my files) and “The printers on this computer can be shared” (I want to be able to allow others to print to my printer(s)).
And finally, we indicate to Windows that Samba is a WINS server and it will be the browse master. To do this, go to the properties of the TCP/IP protocol (Fig. 4). In the window that appears, select “WINS Configuration”. Check the box “Enable WINS Resolution.” In the “Primary WINS Server Search Order” field that appears, enter the IP address of the server (Samba) - 192.168.0.1 and click “Add” or simple... Go to the "Advanced" tab and click on "Browse Master" in the left window, and in the right window set the value to "Disabled". That's all. Now all that remains is to click the "OK" button several times and restart Windows.
In Windows NT, the network properties screens are slightly different (shown in the pictures), but the basic concept remains the same.
After restarting Windows, feel free to click on “Network Neighborhood” and you will be able to see the Samba server, as well as your home directory on the Linux server. Now you can simply connect these resources as network drives and assign drive letters to them.
Let's complicate the configuration a little: we will make the /home/public directory readable by everyone, but we will only allow people from the ADMINS group to place information in it. To do this, change the entry as follows:
Comment = Public Stuff path = /home/public public = yes writable = yes printable = no write list = @ADMINS
There are many more examples of Samba file server settings that can be given, but it would be better if you look at the Samba documentation or man pages and figure them out yourself.
It is unlikely that novice Linux OS users will be able to quickly understand the system for accessing Linux files from Windows, and vice versa. But it's not all that complicated. Access to Linux resources from Windows was briefly described above, and we will now consider access to Windows resources from Linux.
The SMB client program for UNIX/Linux machines is included in the Samba distribution. It provides an ftp-like command line interface. You can use this utility to transfer files between a Windows "server" and a Linux client.
To see what resources are available on a given machine, run the command:
/usr/sbin/smbclient -L host
where host is the name of the machine you want to see. This command will return a list of service names - that is, the names of drives or printers that can be accessed. Until the SMB server is configured without access control, it will prompt you for a password. When prompted, enter the password for the “guest” user or your personal password on this machine.
To use the client, run the following command:
/usr/sbin/smbclient service
where service is the name of the machine and service. For example, if you are trying to access a directory that is accessible as public on a machine called galka, then the service name should be \\galka\public.
You will receive a smbclient prompt:
Server time is Wen May 22 15:58:44 2001 Timezone is UTC+10.0 Domain= OS= Server= smb: \>
The commands for using Samba are the same as ftp, but if you don't know how to use either, type h for help.
Of course, you can use smbclient for testing, but very soon you will get tired of it. To work, you will most likely need the smbfs package. Smbfs comes with two simple utilities - smbmount and smbumount. They work similar to mount and umount for SMB resources. For example,
Smbmount//computer_name/catalog/Mountpoint -U user_name
As a result, you will receive a “mounted” resource with the ability to access it using the usual Explorer methods.
Print server for Linux
To access a Linux printer from Windows machines, you need to make sure that the printer runs on Linux. If you can print under Linux, then organizing access to the printer will be very simple.
Add the printer setting to your smb.conf file:
Printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba-log.%m lock directory = /var/lock/samba comment = All Printers security = server path = /var/spool /lpd/lp browseable = no printable = yes public = yes writable = no create mode = 0700 security = server path = /var/spool/lpd/lp printer name = lp writable = yes public = yes printable = yes print command = lpr -r -h -P %p %s
Make sure that the path to the printer (in our case for ) matches the spool directory specified in the /etc/printcap file, that is, check for the presence of the lines:
Printcap name = /etc/printcap load printers = yes
These lines control whether all printers listed in /etc/printcap should be loaded by default. In this case, there is no need to configure each printer separately. The section specifies settings for printers that you want to define explicitly. If the print subsystem you are using does not work this way (BSD), then you will need to set up a fake printcap file (or use the "print command", see below). For more information about the printcap system, see the Printing-HOWTO.
Accessing a Windows printer from Linux machines
To access the printer on a Windows machine, the following conditions must be met:
The entry in the /etc/printcap file below is for an HP 5MP printer on a Windows NT server. The following fields in the /etc/printcap file are used:
Cm - comment; lp - name of the device to be opened for output; sd - printer spool directory (on the local machine); af - printer usage accounting file; mx - maximum file size (zero - no restrictions); if - name of the input filter (script).
Fragment of the /etc/printcap file:
# /etc/printcap # # //galka/oreilly via smbprint # lp:\ :cm=HP 5MP Postscript OReilly on galka:\ :lp=/dev/lp1:\ :sd=/var/spool/lpd/lp: \ :af=/var/spool/lpd/lp/acct:\ :mx#0:\ :if=/usr/bin/smbprint:
Make sure that the buffer directories and the directory used for usage tracking exist and have write permission. Make sure that the "if" line contains the correct path to the smbprint script (given below) and that the entries point to the correct output device (the /dev special file).
#!/bin/sh –x # # Debugging log file, change to /dev/null if you like. # logfile=/tmp/smb-print.log # logfile=/dev/null # # The last parameter to the filter is the accounting file name. # spool_dir=/var/spool/lpd/lp config_file=$spool_dir/.config # Should read the following variables set in the config file: # server # service # password # user eval `cat $config_file` # # Some debugging help, change the >> to > if you want to same space. # echo "server $server, service $service" >> $logfile (# NOTE You may wish to add the line `echo translate" if you want automatic # CR/LF translation when printing. echo translate echo "print -" cat) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $user -N -P >> $logfile
Most Linux distributions come with a program called nenscript to convert ASCII documents to PostScript.
Until recently, Samba's capabilities were limited to those listed above. However, we can say with confidence that the new version of Samba 2.2 catches up with Windows 2000 in functionality and contains additional improvements. One of Samba's lead developers, Jeremy Allison, calls it a "major update" that will help Samba systems integrate more easily into Microsoft networks. The software provides savings not only because you don't have to pay for a server OS, but also because you don't have to pay for "client" licenses for all the computers that use the server.
About new features of Samba 2.2. read our article “Samba 2.2 - what new » .
ComputerPress 10"2001
Samba runs on most Unix-like systems, such as GNU/Linux, POSIX-compliant Solaris and Mac OS X Server, various BSD variants, OS/2, Windows. Samba included in almost all GNU/Linux distributions, including, of course, Ubuntu.
To make a shared folder in Ubuntu Desktop, just right-click on the folder and select the “Publish Folder” menu item. There is no need to edit any configuration files. Everything described below applies only to manual configuration, for example, in the case of creating a file server.
To install, just open a terminal and enter:
Sudo apt-get install samba
The application will be automatically downloaded and installed.
Using the terminal, we will make a backup copy of the initial configuration file:
Sudo cp /etc/samba/smb.conf(,.bak)
Now you can edit the settings file /etc/samba/smb.conf; to do this, open it in any text editor with superuser rights. For example, like this:
Sudo nano /etc/samba/smb.conf
What is written below is generally speaking just one specific scenario for using Samba, and in a huge number of cases everything is configured absolutely wrong. The article needs to be corrected, focusing on the capabilities of Samba, and not just on the use of this program as a file storage with local authorization. It is better to include the example with file storage in a separate detailed article.
An example of setting up Samba as a standalone file server with authorization:
; Global server settings; General server settings; Computer name that will be displayed in the network environment netbios name = main-server server string = ; Client workgroup workgroup = WORKGROUP announce version = 5.0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 passdb backend = tdbsam security = user null passwords = true ; File for user name aliases username map = /etc/samba/smbusers name resolve order = hosts wins bcast ; wins support is set to yes if your nmbd(8) in Samba is a WINS server. Do not set this parameter to yes unless you have multiple subnets and do not want your nmbd to act as a WINS server. Never set this parameter to yes on more than one machine within the same subnet. wins support = no ; Printer support printing = CUPS printcap name = CUPS ; Logs log file = /var/log/samba/log.%m syslog = 0 syslog only = no ; Configuring binding to which interfaces to listen on, if listens on all interfaces are not specified; interfaces = lo, eth0 ; bind interfaces only = true ; ; ; path = /var/lib/samba/printers ; browseable = yes ; guest ok = yes ; read only = yes ; write list = root ; create mask = 0664 ; directory mask = 0775 ; ; ; path = /tmp ; printable = yes ; guest ok = yes ; browseable = no ; ; ;path = /media/cdrom ;browseable = yes ;read only = yes ;guest ok = yes ; Hard drive ball; The name of the balls is visible from clients; Path to the shared disk path = /media/sda1 ; Is it possible to browse browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755 ; Binding to a specific user name or group, names separated by a space; force user = user1 user2 ; force group = group1 group2 ; Another hard drive, similar to the one above path = /media/sde1 browseable = yes read only = no guest ok = no create mask = 0644 directory mask = 0755
Now we need to deal with the users.
Samba uses users that are already in the system, let’s take the name user as an example, let’s say that it is already in the system, we need to add it to the SMB database and assign a password to access shared resources, we’ll do this with the command:
Smbpasswd -a user
You will be prompted to enter a password, the user will be added to the database, now you need to enable this user.
Smbpasswd -e user
Next, let's create an alias for the username user to make it easier for us to access from a Windows machine on which we have, for example, a user named Admin. To do this, we'll create and edit the file /etc/samba/smbusers:
Sudo touch /etc/samba/smbusers sudo gedit /etc/samba/smbusers
Write a couple of lines into the file
# Unix_name = SMB_name1 SMB_name2 user = Admin
This completes the setup, restart Samba.
You can install the simplest GUI for Samba with the command:
Sudo apt-get install system-config-samba
It is launched with the command:
Sudo system-config-samba
It writes all changes to the samba configuration file.
Perfect for remote administration of Samba as a web interface for Samba
