Preparing Samba for Configuration
This section of the Samba-HOWTO-Collection contains general info on how to install Samba and how to configure the parts of Samba you will most likely need. PLEASE read this.
Obtaining and Installing Samba
Binary packages of Samba are included in almost any Linux or UNIX distribution. There are also some packages available at the Samba home-page. Refer
to the manual of your operating system for details on installing packages for your specific
operating system.
If you need to compile Samba from source, check How to compile Samba chapter.
1.2 Configuring Samba (smb.conf) Samba’s configuration is stored in the smb.conf file, which usually resides in /etc/samba/
smb.conf or /usr/local/samba/lib/smb.conf. You can either edit this file yourself or do it using one of the many graphical tools that are available, such as the Web-based interface SWAT, that is included with Samba.
Configuration file syntax
The smb.conf file uses the same syntax as the various old .ini files in Windows 3.1: Each file
consists of various sections, which are started by putting the section name between brackets
([]) on a new line. Each contains zero or more key/value-pairs separated by an equality sign
(=). The file is just a plain-text file, so you can open and edit it with your favorite editing
tool.
Each section in the smb.conf file represents a share on the Samba server. The section
“global” is special, since it contains settings that apply to the whole Samba server and not
to one share in particular.
Following example contains a very minimal smb.conf.
Configuring Samba (smb.conf)
Example 1.2.1. A minimal smb.conf
[global]
workgroup = WKG
netbios name = MYNAME
[share1]
path = /tmp
[share2]
path = /my shared folder
comment = Some random files
Starting Samba
Samba essentially consists of two or three daemons. A daemon is a UNIX application that runs in the background and provides services. An example of a service is the Apache Web server for which the daemon is called httpd. In the case of Samba there are three daemons, two of which are needed as a minimum.
The Samba server is made up of the following daemons:
nmbd This daemon handles all name registration and resolution requests. It is the primary ehicle involved in network browsing. It handles all UDP based protocols. The nmbd daemon should be the first command started as part of the Samba start-up process.
smbd This daemon handles all TCP/IP based connection services for file and print based operations. It also manages local authentication. It should be started immediately following the start-up of nmbd.
winbindd This daemon should be started when Samba is a member of a Windows NT4 or ADS Domain. It is also needed when Samba has trust relationships with another Domain. The winbindd daemon will check the smb.conf file for the presence of the idmap uid and idmap gid parameters. If they are not found winbindd will bail-out and refuse to start.
When Samba has been packaged by an operating system vendor the start-up process is typically a custom feature of its integration into the platform as a whole. Please refer to your operating system platform administration manuals for specific information pertaining to correct management of Samba start-up.
Example Configuration
There are sample configuration files in the examples subdirectory in the distribution. It is suggested you read them carefully so you can see how the options go together in practice. See the man page for all the options. It might be worthwhile to start out with the smb.conf.default configuration file and adapt it to your needs. It contains plenty of comments.
The simplest useful configuration file would contain something like shown in the next example.
Example
Another simple smb.conf File
[global]
workgroup = MIDEARTH
[homes]
guest ok = no
read only = no
This will allow connections by anyone with an account on the server, using either their login name or homes as the service name. (Note: The workgroup that Samba should appear in must also be set. The default workgroup name is WORKGROUP.)
Make sure you put the smb.conf file in the correct place.
For more information about security settings for the [homes] share please refer to Securing
Samba chapter.
Test Your Config File with testparm
It’s important to validate the contents of the smb.conf file using the testparm program. If testparm runs correctly, it will list the loaded services. If not, it will give an error message.
Make sure it runs correctly and that the services look reasonable before proceeding. Enter the command:
root# testparm /etc/samba/smb.conf
Testparm will parse your configuration file and report any unknown parameters or incorrect
syntax.
Always run testparm again whenever the smb.conf file is changed!
SWAT
SWAT is a Web-based interface that can be used to facilitate the configuration of Samba.
SWAT might not be available in the Samba package that shipped with your platform, but in a separate package. Please read the SWAT man page on compiling, installing and configuring SWAT from source.
List Shares Available on the Server
To launch SWAT, just run your favorite Web browser and point it to. Replace localhost with the name of the computer on which Samba is running if that is a di erent computer than your browser.
SWAT can be used from a browser on any IP-connected machine, but be aware that connecting from a remote machine leaves your connection open to password sni ng as passwords will be sent over the wire in the clear.
More information about SWAT can be found in corresponding chapter.
List Shares Available on the Server
To list shares that are available from the configured Samba server execute the following
command:
$ smbclient -L yourhostname
You should see a list of shares available on your server. If you do not, then something is
incorrectly configured. This metho d can also be used to see what shares are available on
other SMB servers, such as Windows 2000.
If you choose user-level security you may find that Samba requests a password before it will
list the shares. See the smbclient man page for details. You can force it to list the shares
without a password by adding the option -N to the command line.
Connect with a UNIX Client
Enter the following command:
$ smbclient //yourhostname/aservice
Typically yourhostname is the name of the host on which smbd has been installed. The
aservice is any service that has been defined in the smb.conf file. Try your user name if
you just have a [homes] section in the smb.conf file.
Example: If the UNIX host is called bambi and a valid login name is fred, you would type:
$ smbclient //bambi/fred
Connect from a Remote SMB Client
Now that Samba is working correctly locally, you can try to access it from other clients.
Within a few minutes, the Samba host should be listed in the Network Neighborhood on all
Windows clients of its subnet. Try browsing the server from another client or ’mounting’ it.
Mounting disks from a DOS, Windows or OS/2 client can be done by running a command
such as:
C:\> net use d: \\servername\service
Try printing, e.g.
C:\> net use lpt1: \\servername\spoolservice
C:\> print filename
What If Things Don’t Work?
You might want to read The Samba Checklist. If you are still stuck, refer to Analyzing and
Solving Samba Problems chapter. Samba has been successfully installed at thousands of sites
worldwide. It is unlikely that your particular problem is unique, so it might be productive
to perform an Internet search to see if someone else has encountered your problem and has
found a way to overcome it.
Common Errors
The following questions and issues are raised repeatedly on the Samba mailing list.
Large Number of smbd Processes
Samba consists of three core programs: nmbd, smbd, and winbindd. nmbd is the name server message daemon, smbd is the server message daemon, and winbindd is the daemon that handles communication with Domain Controllers. If Samba is not running as a WINS server, then there will be one single instance of nmbd running on your system. If it is running as a WINS server then there will be two instances — one to handle the WINS requests.
smbd handles all connection requests. It spawns a new process for each client connection
made. That is why you may see so many of them, one per client connection. winbindd will run as one or two daemons, depending on whether or not it is being run in split mode (in which case there will be two instances).
Error Message: open oplock ipc
An error message is observed in the log files when smbd is started: “open oplock ipc: Failed
to get local UDP socket for address 100007f. Error was Cannot assign requested.”
Your lo opback device isn’t working correctly. Make sure it is configured correctly. The
loopback device is an internal (virtual) network device with the IP address 127.0.0.1. Read
your OS documentation for details on how to configure the loopback on your system.
“The network name cannot be found”
This error can be caused by one of these mis-configurations:
• You specified an non-existing path for the share in smb.conf.
• The user you are trying to access the share with does not have su cient permissions
to access the path for the share. Both read (r) and access (x) should be possible.
• The share you are trying to access does not exist.
This section of the Samba-HOWTO-Collection contains general info on how to install Samba and how to configure the parts of Samba you will most likely need. PLEASE read this.
Obtaining and Installing Samba
Binary packages of Samba are included in almost any Linux or UNIX distribution. There are also some packages available at the Samba home-page
to the manual of your operating system for details on installing packages for your specific
operating system.
1.2 Configuring Samba (smb.conf) Samba’s configuration is stored in the smb.conf file, which usually resides in /etc/samba/
smb.conf or /usr/local/samba/lib/smb.conf. You can either edit this file yourself or do it using one of the many graphical tools that are available, such as the Web-based interface SWAT, that is included with Samba.
Configuration file syntax
The smb.conf file uses the same syntax as the various old .ini files in Windows 3.1: Each file
consists of various sections, which are started by putting the section name between brackets
([]) on a new line. Each contains zero or more key/value-pairs separated by an equality sign
(=). The file is just a plain-text file, so you can open and edit it with your favorite editing
tool.
Each section in the smb.conf file represents a share on the Samba server. The section
“global” is special, since it contains settings that apply to the whole Samba server and not
to one share in particular.
Following example contains a very minimal smb.conf.
Configuring Samba (smb.conf)
Example 1.2.1. A minimal smb.conf
[global]
workgroup = WKG
netbios name = MYNAME
[share1]
path = /tmp
[share2]
path = /my shared folder
comment = Some random files
Starting Samba
Samba essentially consists of two or three daemons. A daemon is a UNIX application that runs in the background and provides services. An example of a service is the Apache Web server for which the daemon is called httpd. In the case of Samba there are three daemons, two of which are needed as a minimum.
The Samba server is made up of the following daemons:
nmbd This daemon handles all name registration and resolution requests. It is the primary ehicle involved in network browsing. It handles all UDP based protocols. The nmbd daemon should be the first command started as part of the Samba start-up process.
smbd This daemon handles all TCP/IP based connection services for file and print based operations. It also manages local authentication. It should be started immediately following the start-up of nmbd.
winbindd This daemon should be started when Samba is a member of a Windows NT4 or ADS Domain. It is also needed when Samba has trust relationships with another Domain. The winbindd daemon will check the smb.conf file for the presence of the idmap uid and idmap gid parameters. If they are not found winbindd will bail-out and refuse to start.
When Samba has been packaged by an operating system vendor the start-up process is typically a custom feature of its integration into the platform as a whole. Please refer to your operating system platform administration manuals for specific information pertaining to correct management of Samba start-up.
There are sample configuration files in the examples subdirectory in the distribution. It is suggested you read them carefully so you can see how the options go together in practice. See the man page for all the options. It might be worthwhile to start out with the smb.conf.default configuration file and adapt it to your needs. It contains plenty of comments.
The simplest useful configuration file would contain something like shown in the next example.
Example
Another simple smb.conf File
[global]
workgroup = MIDEARTH
[homes]
guest ok = no
read only = no
This will allow connections by anyone with an account on the server, using either their login name or homes as the service name. (Note: The workgroup that Samba should appear in must also be set. The default workgroup name is WORKGROUP.)
Make sure you put the smb.conf file in the correct place.
For more information about security settings for the [homes] share please refer to Securing
Samba chapter.
Test Your Config File with testparm
It’s important to validate the contents of the smb.conf file using the testparm program. If testparm runs correctly, it will list the loaded services. If not, it will give an error message.
Make sure it runs correctly and that the services look reasonable before proceeding. Enter the command:
root# testparm /etc/samba/smb.conf
Testparm will parse your configuration file and report any unknown parameters or incorrect
syntax.
Always run testparm again whenever the smb.conf file is changed!
SWAT
SWAT is a Web-based interface that can be used to facilitate the configuration of Samba.
SWAT might not be available in the Samba package that shipped with your platform, but in a separate package. Please read the SWAT man page on compiling, installing and configuring SWAT from source.
List Shares Available on the Server
To launch SWAT, just run your favorite Web browser and point it to
SWAT can be used from a browser on any IP-connected machine, but be aware that connecting from a remote machine leaves your connection open to password sni ng as passwords will be sent over the wire in the clear.
More information about SWAT can be found in corresponding chapter.
List Shares Available on the Server
To list shares that are available from the configured Samba server execute the following
command:
$ smbclient -L yourhostname
You should see a list of shares available on your server. If you do not, then something is
incorrectly configured. This metho d can also be used to see what shares are available on
other SMB servers, such as Windows 2000.
list the shares. See the smbclient man page for details. You can force it to list the shares
without a password by adding the option -N to the command line.
Connect with a UNIX Client
Enter the following command:
$ smbclient //yourhostname/aservice
Typically yourhostname is the name of the host on which smbd has been installed. The
aservice is any service that has been defined in the smb.conf file. Try your user name if
you just have a [homes] section in the smb.conf file.
Example: If the UNIX host is called bambi and a valid login name is fred, you would type:
$ smbclient //bambi/fred
Connect from a Remote SMB Client
Now that Samba is working correctly locally, you can try to access it from other clients.
Within a few minutes, the Samba host should be listed in the Network Neighborhood on all
Windows clients of its subnet. Try browsing the server from another client or ’mounting’ it.
Mounting disks from a DOS, Windows or OS/2 client can be done by running a command
such as:
C:\> net use d: \\servername\service
Try printing, e.g.
C:\> net use lpt1: \\servername\spoolservice
C:\> print filename
What If Things Don’t Work?
You might want to read The Samba Checklist. If you are still stuck, refer to Analyzing and
Solving Samba Problems chapter. Samba has been successfully installed at thousands of sites
worldwide. It is unlikely that your particular problem is unique, so it might be productive
to perform an Internet search to see if someone else has encountered your problem and has
found a way to overcome it.
Common Errors
The following questions and issues are raised repeatedly on the Samba mailing list.
Large Number of smbd Processes
Samba consists of three core programs: nmbd, smbd, and winbindd. nmbd is the name server message daemon, smbd is the server message daemon, and winbindd is the daemon that handles communication with Domain Controllers. If Samba is not running as a WINS server, then there will be one single instance of nmbd running on your system. If it is running as a WINS server then there will be two instances — one to handle the WINS requests.
smbd handles all connection requests. It spawns a new process for each client connection
made. That is why you may see so many of them, one per client connection. winbindd will run as one or two daemons, depending on whether or not it is being run in split mode (in which case there will be two instances).
Error Message: open oplock ipc
An error message is observed in the log files when smbd is started: “open oplock ipc: Failed
to get local UDP socket for address 100007f. Error was Cannot assign requested.”
Your lo opback device isn’t working correctly. Make sure it is configured correctly. The
loopback device is an internal (virtual) network device with the IP address 127.0.0.1. Read
your OS documentation for details on how to configure the loopback on your system.
This error can be caused by one of these mis-configurations:
• You specified an non-existing path for the share in smb.conf.
• The user you are trying to access the share with does not have su cient permissions
to access the path for the share. Both read (r) and access (x) should be possible.
• The share you are trying to access does not exist.
0 commenti:
Post a Comment