You are previewing Using Samba, 3rd Edition.
O'Reilly logo
Using Samba, 3rd Edition

Book Description

This book is the comprehensive guide to Samba administration,officially adopted by the Samba Team. Wondering how to integrateSamba's authentication with that of a Windows domain? How to getSamba to serve Microsoft Dfs shares? How to share files on Mac OSX? These and a dozen other issues of interest to systemadministrators are covered. A whole chapter is dedicated totroubleshooting!

The range of this book knows few bounds. Using Samba takes youfrom basic installation and configuration -- on both the client andserver side, for a wide range of systems -- to subtle details ofsecurity, cross-platform compatibility, and resource discovery thatmake the difference between whether users see the folder theyexpect or a cryptic error message.

  • Integration with Active Directory and OpenLDAP

  • Migrating from Windows NT 4.0 domains to Samba

  • Delegating administrative tasks to non-root users

  • Central printer management

  • Advanced file serving features, such as making use of VirtualFile System (VFS) plugins.

  • Samba is a cross-platform triumph: robust, flexible and fast, itturns a Unix or Linux system into a file and print server forMicrosoft Windows network clients. This book will help you makeyour file and print sharing as powerful and efficient as possible.The authors delve into the internals of the Windows activities andprotocols to an unprecedented degree, explaining the strengths andweaknesses of each feature in Windows domains and in Sambaitself.

    Whether you're playing on your personal computer or anenterprise network, on one note or a full three-octave range,Using Samba will give you an efficient and secureserver.

    The current edition covers such advanced 3.x features as:

    Table of Contents

    1. Special Upgrade Offer
    2. Preface
      1. Audience for This Book
      2. How This Book Is Organized
      3. Conventions Used in This Book
      4. Using Code Examples
      5. How to Contact Us
      6. Safari® Enabled
      7. Acknowledgments
        1. Gerald Carter
        2. Jay Ts
        3. Robert Eckstein
        4. All
    3. 1. An Introduction to Samba
      1. 1.1. What Is Samba?
      2. 1.2. What Can Samba Do for Me?
        1. 1.2.1. Sharing Files
        2. 1.2.2. Sharing a Printer
        3. 1.2.3. Seeing Things from the Unix Side
      3. 1.3. The Common Internet File System
        1. 1.3.1. Understanding NetBIOS
        2. 1.3.2. Getting a Name
        3. 1.3.3. Node Types
        4. 1.3.4. What’s in a Name?
          1. 1.3.4.1. Resource names and types
          2. 1.3.4.2. Group names and types
        5. 1.3.5. Datagrams and Sessions
      4. 1.4. Connecting to a CIFS File Share
      5. 1.5. Browsing
        1. 1.5.1. Browsing Elections
      6. 1.6. Authentication: Peer-to-Peer Versus Domains
      7. 1.7. What’s in Samba 3.0?
        1. 1.7.1. Windows NT Domain Controller Support
        2. 1.7.2. Active Directory Domain Member Servers
        3. 1.7.3. Local Nested Groups
        4. 1.7.4. Unicode and Internationalization
        5. 1.7.5. User and Group Account Storage Plug-in Modules
        6. 1.7.6. Stackable Virtual File System (VFS) Modules
        7. 1.7.7. User Privileges
        8. 1.7.8. Windows Automatic Driver Downloads
        9. 1.7.9. But Wait, There’s More
      8. 1.8. Future Research in Samba 4.0
      9. 1.9. What Can Samba Do?
      10. 1.10. An Overview of the Samba Distribution
      11. 1.11. How Can I Get Samba?
    4. 2. Installing Samba on a Unix System
      1. 2.1. Binary Packages
      2. 2.2. Compiling from Source
        1. 2.2.1. Downloading the Source Distribution
        2. 2.2.2. Read the Documentation
        3. 2.2.3. Configuring Samba
        4. 2.2.4. Kerberos and LDAP
        5. 2.2.5. Unicode and the iconv Library
      3. 2.3. Compiling and Installing Samba
        1. 2.3.1. Upgrading Your Installation
        2. 2.3.2. Reconfiguring Samba
        3. 2.3.3. Setting Search Paths
      4. 2.4. Enabling the Samba Web Administration Tool (SWAT)
      5. 2.5. A Basic Samba Configuration File
        1. 2.5.1. Encrypted Passwords
        2. 2.5.2. Using SWAT to Create an smb.conf File
        3. 2.5.3. Testing the Configuration File
      6. 2.6. Firewall Configuration
      7. 2.7. Starting the Samba Daemons
        1. 2.7.1. Starting the Daemons Manually
        2. 2.7.2. Automatic Startup
          1. 2.7.2.1. BSD Unix
          2. 2.7.2.2. System V Unix and most Linux distributions
          3. 2.7.2.3. Mac OS X
          4. 2.7.2.4. Testing automatic startup
        3. 2.7.3. Starting from inetd/xinetd
        4. 2.7.4. Testing the Samba Daemons
    5. 3. Configuring Windows Clients
      1. 3.1. Windows Networking Concepts
        1. 3.1.1. Networking Components
        2. 3.1.2. IP Address
        3. 3.1.3. Name Resolution
          1. 3.1.3.1. Windows’ LMHOSTS and HOSTS
      2. 3.2. Windows Setup
        1. 3.2.1. Networking Components
        2. 3.2.2. Configuring TCP/IP
          1. 3.2.2.1. IP address and DNS servers
          2. 3.2.2.2. WINS server
        3. 3.2.3. Computer and Workgroup Names
        4. 3.2.4. Connecting to the Samba Server
        5. 3.2.5. Creating Local Users on Window Clients
        6. 3.2.6. Browsing the Samba Server
    6. 4. The Samba Configuration File
      1. 4.1. Basic Syntax and Rules
        1. 4.1.1. Configuration File Structure
          1. 4.1.1.1. Whitespace, delimiters, and capitalization
          2. 4.1.1.2. Line continuation
          3. 4.1.1.3. Comments
        2. 4.1.2. Updating a Live System
        3. 4.1.3. Variables
      2. 4.2. Special Sections
        1. 4.2.1. The [global] Section
        2. 4.2.2. The [homes] Section
        3. 4.2.3. The [printers] Section
      3. 4.3. Configuration File Options
        1. 4.3.1. config file
        2. 4.3.2. include
        3. 4.3.3. copy
      4. 4.4. Basic Server Configuration
        1. 4.4.1. Server Configuration Options
          1. 4.4.1.1. netbios name
          2. 4.4.1.2. workgroup
          3. 4.4.1.3. server string
      5. 4.5. Disk Share Configuration
        1. 4.5.1. Disk Share Configuration Options
          1. 4.5.1.1. path
          2. 4.5.1.2. comment
          3. 4.5.1.3. volume
          4. 4.5.1.4. read only, writable
      6. 4.6. Networking Options with Samba
        1. 4.6.1. Networking Options
          1. 4.6.1.1. hosts allow
          2. 4.6.1.2. hosts deny
          3. 4.6.1.3. interfaces
          4. 4.6.1.4. bind interfaces only
      7. 4.7. Virtual Servers
        1. 4.7.1. Virtual Server Configuration Options
          1. 4.7.1.1. netbios aliases
          2. 4.7.1.2. smb ports
      8. 4.8. Logging Configuration Options
        1. 4.8.1. Using syslog
        2. 4.8.2. Logging Configuration Options
          1. 4.8.2.1. log file
          2. 4.8.2.2. log level
          3. 4.8.2.3. max log size
          4. 4.8.2.4. debug timestamp
          5. 4.8.2.5. debug pid, debug uid
          6. 4.8.2.6. syslog
          7. 4.8.2.7. syslog only
    7. 5. Accounts, Authentication, and Authorization
      1. 5.1. Security Modes
        1. 5.1.1. Guest Access with security = user
        2. 5.1.2. Passwords and Authentication
          1. 5.1.2.1. Clear-text passwords
          2. 5.1.2.2. Pluggable Authentication Modules (PAM)
          3. 5.1.2.3. NTLMv1
          4. 5.1.2.4. NTLMv2
      2. 5.2. User Management
        1. 5.2.1. Security Identifiers
        2. 5.2.2. Account Storage
          1. 5.2.2.1. passdb backend = smbpasswd
          2. 5.2.2.2. passdb backend = tdbsam
          3. 5.2.2.3. passdb backend = ldapsam
        3. 5.2.3. Username Maps
        4. 5.2.4. Account Utilities
        5. 5.2.5. Synchronizing Passwords
      3. 5.3. Group Mapping
      4. 5.4. User Privilege Management
        1. 5.4.1. The net Tool
      5. 5.5. Controlling Authorization for File Shares
    8. 6. Advanced Disk Shares
      1. 6.1. Special Share Names
      2. 6.2. Filesystem Differences
        1. 6.2.1. Name Mangling and Filename Lengths
        2. 6.2.2. Case Sensitivity and Preservation
        3. 6.2.3. Symbolic Links
        4. 6.2.4. Hiding Files
        5. 6.2.5. Locks and Leases
        6. 6.2.6. DOS Attributes
          1. 6.2.6.1. DOS attributes and Unix permissions bits
          2. 6.2.6.2. DOS attributes and Unix extended attributes
        7. 6.2.7. Permissions
      3. 6.3. Access Control Lists
        1. 6.3.1. What’s in a POSIX ACL?
        2. 6.3.2. The nt acl support Parameter
        3. 6.3.3. Understanding the Explorer Security Tab
      4. 6.4. Microsoft Distributed File Systems
      5. 6.5. Virtual File Systems
      6. 6.6. Executing Server Scripts
    9. 7. Printing
      1. 7.1. Print Shares
      2. 7.2. A Usable Print Share
      3. 7.3. Samba and CUPS
      4. 7.4. The [printers] Service
      5. 7.5. Enabling SMB Printer Sharing in OS X
      6. 7.6. Creating a PDF Printer
      7. 7.7. Managing Windows Print Drivers
        1. 7.7.1. Point and Print Prerequisites
        2. 7.7.2. Installing Print Drivers
        3. 7.7.3. Assigning Print Drivers and Initializing DeviceModes
        4. 7.7.4. Testing Point and Print
      8. 7.8. Printers and Security
      9. 7.9. Disabling Point and Print
      10. 7.10. Printing, Queue Lists, and tdb Files
      11. 7.11. Printing to Windows Printers
        1. 7.11.1. Sharing Windows Printers
        2. 7.11.2. Adding a Unix Printer
          1. 7.11.2.1. BSD printers
          2. 7.11.2.2. System V printers
          3. 7.11.2.3. CUPS printers
      12. 7.12. Printing Parameters
    10. 8. Name Resolution and Network Browsing
      1. 8.1. Name Resolution
        1. 8.1.1. WINS Clients and Server Interaction
        2. 8.1.2. Setting Up Samba As a WINS Server
          1. 8.1.2.1. Proxying name resolution requests to DNS
          2. 8.1.2.2. Catching WINS database modifications
        3. 8.1.3. Setting Up Samba to Use Another WINS Server
          1. 8.1.3.1. Configuring a WINS proxy
        4. 8.1.4. The lmhosts File
        5. 8.1.5. Configuring Name Resolution for the Samba Suite
        6. 8.1.6. Name-Resolution Configuration Options
      2. 8.2. Network Browsing
        1. 8.2.1. Browsing in a Windows Network
        2. 8.2.2. Browser Elections
        3. 8.2.3. Server Announcements
        4. 8.2.4. Configuring Samba for Browsing
        5. 8.2.5. Samba As the Domain Master Browser
        6. 8.2.6. Samba Browsing Enhancements
        7. 8.2.7. Browsing Options
    11. 9. Domain Controllers
      1. 9.1. Samba Domains: NT 4.0 or Active Directory?
      2. 9.2. Configuring a Samba PDC
        1. 9.2.1. Setting Up Domain Joins
          1. 9.2.1.1. Domain Admins
          2. 9.2.1.2. Required privileges
          3. 9.2.1.3. Joining a Windows client
        2. 9.2.2. Managing Users and Groups
        3. 9.2.3. User Profiles
        4. 9.2.4. System Policies
      3. 9.3. Configuring a Samba BDC
      4. 9.4. passdb Recommendations
      5. 9.5. Migrating an NT 4.0 Domain to Samba
      6. 9.6. Domain Trusts
      7. 9.7. Remote Server Management
        1. 9.7.1. File Shares
        2. 9.7.2. Services
        3. 9.7.3. Eventlogs
        4. 9.7.4. Performance Monitor
    12. 10. Domain Member Servers
      1. 10.1. Joining a Domain
      2. 10.2. Domain and ADS Security Modes
        1. 10.2.1. security = domain
        2. 10.2.2. security = ads
          1. 10.2.2.1. Basic Samba settings
          2. 10.2.2.2. Time synchronization
          3. 10.2.2.3. Encryption types
          4. 10.2.2.4. Realm/domain and KDC lookups
            1. 10.2.2.4.1. Using DNS for KDCs lookups
            2. 10.2.2.4.2. Manually configuring KDCs lookups
          5. 10.2.2.5. Final steps
          6. 10.2.2.6. Integrating Kerberized Unix services
        3. 10.2.3. Locating a Domain Controller
      3. 10.3. Matching Domain Users to Local Accounts
      4. 10.4. Winbind
        1. 10.4.1. idmap Backends
          1. 10.4.1.1. idmap backed = ldap
          2. 10.4.1.2. idmap backed = rid
          3. 10.4.1.3. idmap backed = ad
      5. 10.5. Additional Winbind Features
        1. 10.5.1. PAM and Domains
        2. 10.5.2. Local Nested Groups
    13. 11. Unix Clients
      1. 11.1. The Linux CIFS Filesystem
        1. 11.1.1. Installation
        2. 11.1.2. Mounting a SMB/CIFS File Share
        3. 11.1.3. Allowing Normal User CIFS Mounts
        4. 11.1.4. CIFS Extensions for Unix Clients
      2. 11.2. FreeBSD’s smbfs
        1. 11.2.1. smbutil
        2. 11.2.2. mount_smbfs
      3. 11.3. Mac OS X
      4. 11.4. smbclient
        1. 11.4.1. Listing Shares and Workgroups
        2. 11.4.2. An Interactive smbclient Session
        3. 11.4.3. Backups with smbclient
        4. 11.4.4. Programming with smbclient
      5. 11.5. Remote Administration with net
        1. 11.5.1. net rpc
          1. 11.5.1.1. Shares
          2. 11.5.1.2. Services
        2. 11.5.2. net ads
    14. 12. Troubleshooting Samba
      1. 12.1. The Tool Box
      2. 12.2. Samba Logs
        1. 12.2.1. Log Level
        2. 12.2.2. Activating and Deactivating Logging
        3. 12.2.3. Logging by Individual Client Systems or Users
      3. 12.3. Unix Utilities
        1. 12.3.1. Tracing System Calls
        2. 12.3.2. Network Packet Captures
          1. 12.3.2.1. Using Wireshark
      4. 12.4. The Fault Tree
        1. 12.4.1. How to Use the Fault Tree
        2. 12.4.2. Troubleshooting Low-Level IP
          1. 12.4.2.1. Testing the networking software with ping
          2. 12.4.2.2. Testing local name services with ping
          3. 12.4.2.3. Testing the networking hardware with ping
          4. 12.4.2.4. Testing connections with ping
        3. 12.4.3. Troubleshooting Server Daemons
          1. 12.4.3.1. Tracking daemon startup
          2. 12.4.3.2. Looking for daemons bound to ports
          3. 12.4.3.3. Checking smbd with telnet
          4. 12.4.3.4. Testing daemons with testparm
        4. 12.4.4. Troubleshooting SMB Connections
          1. 12.4.4.1. A minimal smb.conf file
          2. 12.4.4.2. Testing locally with smbclient
          3. 12.4.4.3. Testing connections with smbclient
          4. 12.4.4.4. Testing connections with net use
      5. 12.5. Troubleshooting Browsing
        1. 12.5.1. Testing the Server with nmblookup
        2. 12.5.2. Testing the Client with nmblookup
        3. 12.5.3. Testing the Network with nmblookup
        4. 12.5.4. Testing Browsing with smbclient
        5. 12.5.5. Testing Client Browsing with net view
        6. 12.5.6. Browsing the Server from the Client
      6. 12.6. Troubleshooting Name Services
        1. 12.6.1. Identifying What’s in Use
        2. 12.6.2. Cannot Look Up Hostnames
        3. 12.6.3. Long and Short Hostnames
        4. 12.6.4. Unusual Delays
        5. 12.6.5. Localhost issues
      7. 12.7. Troubleshooting Network Addresses
        1. 12.7.1. Netmasks
        2. 12.7.2. Broadcast Addresses
        3. 12.7.3. Network Address Ranges
        4. 12.7.4. Finding Your Network Address
      8. 12.8. Troubleshooting NetBIOS Names
      9. 12.9. Extra Resources
        1. 12.9.1. Documentation and FAQs
        2. 12.9.2. Samba Mailing Lists, Newsgroups, and IRC
        3. 12.9.3. Filing a Bug Report
    15. A. Summary of Samba Daemons and Commands
      1. A.1. SMB URI Syntax
      2. A.2. Samba Daemons
      3. A.3. Samba Client Programs
        1. A.3.1. Common Options
          1. A.3.1.1. General options
          2. A.3.1.2. Authentication options
          3. A.3.1.3. Connection options
    16. B. Downloading Samba with Subversion
    17. C. Configure Options
      1. C.1. Install Directory and Library Options
      2. C.2. Developer Options
      3. C.3. Authentication Options
      4. C.4. File Serving Features
      5. C.5. Printing Options
      6. C.6. Clients and Libraries
    18. Index
    19. About the Authors
    20. Colophon
    21. Special Upgrade Offer
    22. Copyright