You are previewing Using Samba.
O'Reilly logo
Using Samba

Book Description

This book, which has been officially adopted by the Samba team under an open content license, is a comprehensive guide to Samba administration, including such recent additions as integration with Windows NT domains and the SWAT graphic configuration tool. Samba is a cross-platform triumph: it turns a Unix or Linux system into a file and print server for Microsoft Windows network clients. Now you can let users store their files (and even important executables) in a single place for easy sharing and backup, protected by Unix or NT security mechanisms, and still offer such transparent access that PC users don't even realize they're going to another system. The magic behind Samba is that it recognizes and speaks the SMB protocol developed by Microsoft for file and printer sharing on its own systems. Basic Samba configuration is simple, but you'll want to make sure your security settings are just right and find out about the full range of options (how do you like your filenames mangled?). Trouble-shooting, security, connectivity, performance, and logging are thoroughly covered with examples in this book. Samba is so robust, flexible, and secure that many people are choosing it over Windows NT for their file and print services. Furthermore, Samba is proving to be a necessity for the many organizations that have an existing Unix or Linux system and want to tie in PCs running Microsoft software. Samba is also open source software, licensed under the GNU General Public License. The authors present the most common configurations and problems in an easy-to-follow manner, along with instructions for getting the most out of Samba. Whether you're playing on one note or a full three-octave range, this book will give you an efficient and secure server. The included CD-ROM holds sources and ready-to-install binaries, plus other useful information.

Table of Contents

  1. Using Samba
    1. Preface
      1. The Samba Suite
      2. Audience for this Book
      3. Samba Installation Checklist
      4. Organization
      5. Conventions
      6. Request for Comments
      7. Acknowledgments
    2. 1. Learning the Samba
      1. What is Samba?
      2. What Can Samba Do For Me?
        1. Sharing a Disk Service
        2. Sharing a Printer
          1. Seeing things from the Unix side
      3. Getting Familiar with a SMB/CIFS Network
        1. Understanding NetBIOS
        2. Getting a Name
        3. Node Types
        4. What’s in a Name?
          1. Resource names and types
          2. Group names and types
        5. Datagrams and Sessions
      4. Microsoft Implementations
        1. Windows Domains
          1. Domain controllers
          2. Primary and backup domain controllers
        2. Browsing
          1. Levels of browsing
          2. Browsing elections
        3. Can a Windows Workgroup Span Multiple Subnets?
        4. The Windows Internet Name Service (WINS)
        5. What Can Samba Do?
      5. An Overview of the Samba Distribution
      6. How Can I Get Samba?
      7. What’s New in Samba 2.0?
        1. NT Domains
        2. Ease of Administration
        3. Performance
        4. More Features
        5. Compatibility Improvements
        6. Smbwrapper
      8. And That’s Not All...
    3. 2. Installing Samba on a Unix System
      1. Downloading the Samba Distribution
        1. Binary or Source?
        2. Read the Documentation
      2. Configuring Samba
      3. Compiling and Installing Samba
        1. Final Installation Steps
      4. A Basic Samba Configuration File
        1. Using SWAT
        2. Testing the Configuration File
      5. Starting the Samba Daemons
        1. Starting the Daemons by Hand
        2. Stand-alone Daemons
          1. BSD Unix
          2. System V Unix
        3. Starting From Inetd
      6. Testing the Samba Daemons
    4. 3. Configuring Windows Clients
      1. Setting Up Windows 95/98 Computers
        1. Accounts and Passwords
          1. Changing the Windows password
          2. Logging in for the first time
        2. Setting Up the Network
          1. Adding TCP/IP
          2. Configuring TCP/IP
          3. IP Address tab
          4. DNS Configuration tab
          5. WINS Configuration tab
          6. Hosts files
          7. Check the bindings
        3. Setting Your Name and Workgroup
        4. Accessing the Samba Server
      2. Setting Up Windows NT 4.0 Computers
        1. Basic Configuration
          1. Name the machine
          2. Installing the TCP/IP protocol
          3. Installing the Workstation service
        2. Configuring TCP/IP
          1. IP Address tab
          2. DNS tab
          3. WINS Address tab
          4. Hosts files
          5. Bindings
        3. Connecting to the Samba Server
      3. An Introduction to SMB/CIFS
        1. SMB Format
          1. SMB header format
          2. SMB command format
          3. SMB variations
        2. SMB Clients and Servers
        3. A Simple SMB Connection
          1. Establishing a virtual connection
        4. Negotiating the Protocol Variant
        5. Set Session and Login Parameters
        6. Making Connection to a Resource
    5. 4. Disk Shares
      1. Learning the Samba Configuration File
        1. Configuration File Structure
          1. Whitespaces, quotes, and commas
          2. Capitalization
          3. Line continuation
          4. Comments
          5. Changes at runtime
        2. Variables
      2. Special Sections
        1. The [globals] Section
        2. The [ homes] Section
        3. The [printers] Section
        4. Configuration Options
      3. Configuration File Options
        1. config file
        2. include
        3. copy
      4. Server Configuration
        1. Server Configuration Options
          1. netbios name
          2. server string
          3. workgroup
      5. Disk Share Configuration
        1. Disk Share Configuration Options
          1. path
          2. guest ok
          3. comment
          4. volume
          5. read only and writeable
      6. Networking Options with Samba
        1. Networking Options
          1. hosts allow
          2. hosts deny
          3. interfaces
          4. bind interfaces only
          5. socket address
      7. Virtual Servers
        1. netbios aliases
      8. Logging Configuration Options
        1. Using syslog
        2. Logging Configuration Options
          1. log file
          2. log level
          3. max log size
          4. ;debug timestamp or timestamp logs
          5. syslog
          6. syslog only
    6. 5. Browsing and Advanced Disk Shares
      1. Browsing
        1. Preventing Browsing
        2. Default Services
        3. Browsing Elections
        4. Domain Master Browser
          1. Multiple subnets
        5. Browsing Options
          1. announce as
          2. announce version
          3. browseable
          4. browse list
          5. auto services
          6. default service
          7. local master
          8. lm announce
          9. lm interval
          10. preferred master
          11. os level
          12. domain master
          13. remote browse sync
          14. remote announce
      2. Filesystem Differences
        1. Hiding and Vetoing Files
        2. Links
        3. Filesystem Options
          1. unix realname
          2. dont descend
          3. follow symlinks
          4. getwd cache
          5. wide links
          6. hide files
          7. hide dot files
          8. veto files
          9. delete veto files
      3. File Permissions and Attributes on MS-DOS and Unix
        1. Creation masks
        2. File and Directory Permission Options
          1. create mask
          2. directory mask
          3. force create mode
          4. force directory mode
          5. force group
          6. force user
          7. delete readonly
          8. map archive
          9. map system
          10. map hidden
      4. Name Mangling and Case
        1. The Samba Mangling Operation
          1. Representing and resolving filenames with Samba
        2. Mangling Options
          1. case sensitive
          2. default case
          3. preserve case
          4. short preserve case
          5. mangled names
          6. mangle case
          7. mangling char
          8. mangled stack
          9. mangled map
      5. Locks and Oplocks
        1. Opportunistic Locking
        2. Unix and Locking
          1. share modes
          2. locking
          3. strict locking
          4. blocking locks
          5. oplocks
          6. fake oplocks
          7. kernel oplocks
          8. veto oplock files
          9. lock directory
    7. 6. Users, Security, and Domains
      1. Users and Groups
        1. The [ homes] Share
      2. Controlling Access to Shares
        1. Guest Access
        2. Access Control Options
          1. admin users
          2. v alid users and invalid users
          3. read list and write list
          4. max connections
          5. guest only
          6. guest account
        3. Username Options
          1. username map
          2. username level
      3. Authentication Security
        1. Share-level Security
          1. Share Level Security Options
          2. only user
          3. username
        2. User-level Security
        3. Server-level Security
        4. Domain-level Security
          1. Adding a Samba server to a Windows NT Domain
      4. Passwords
        1. Disabling encrypted passwords on the client
        2. The smbpasswd File
          1. Adding entries to smbpasswd
          2. Changing the encrypted password
        3. Password Synchronization
        4. Password Configuration Options
          1. unix password sync
          2. encrypt passwords
          3. passwd program
          4. passwd chat
          5. passwd chat debug
          6. password level
          7. update encrypted
          8. null passwords
          9. smb passwd file
          10. hosts equiv
          11. use rhosts
      5. Windows Domains
        1. Configuring Samba for Windows Domain Logons
          1. Windows 95/98 clients
          2. Windows NT clients
          3. Creating trust accounts for NT clients
        2. Configuring Windows Clients for Domain Logons
          1. Windows 95/98
          2. Windows NT 4.0
        3. Domain Options
          1. domain logons
          2. domain group map
          3. domain user map
          4. local group map
          5. revalidate
      6. Logon Scripts
        1. Roaming profiles
        2. Mandatory profiles
        3. Logon Script Options
          1. logon script
          2. logon path
          3. logon drive
          4. logon home
        4. Other Connection Scripts
          1. root preexec
          2. preexec
          3. postexec
          4. root postexec
        5. Working with NIS and NFS
          1. nis homedir and homedir map
    8. 7. Printing and Name Resolution
      1. Sending Print Jobs to Samba
        1. Print Commands
        2. Printing Variables
        3. A Minimal Printing Setup
        4. The [printers] Share
        5. Test Printing
        6. Setting Up and Testing a Windows Client
        7. Automatically Setting Up Printer Drivers
          1. Install the drivers on a windows client
          2. Create a printer definition file
          3. Create a PRINTER$ share
          4. Modify the Samba configuration file
          5. Testing the configuration
      2. Printing to Windows Client Printers
        1. BSD printers
        2. System V printers
        3. Samba Printing Options
          1. printing
          2. printable
          3. printer
          4. printer driver
          5. printer driver file
          6. printer driver location
          7. lpq cache time
          8. postscript
          9. print command, lpq command, lprm command, lppause command, lpresume command
          10. load printers
          11. printcap name
          12. min print space
          13. queuepause command
          14. queueresume command
      3. Name Resolution with Samba
        1. The LMHOSTS File
        2. Setting Up Samba to Use Another WINS Server
        3. Setting Up Samba as a WINS Server
        4. Name Resolution Configuration Options
          1. wins support
          2. wins server
          3. wins proxy
          4. dns proxy
          5. name resolve order
          6. max ttl
          7. max wins ttl
          8. min wins ttl
    9. 8. Additional Samba Information
      1. Supporting Programmers
        1. Time Synchronization
          1. time server
          2. time offset
          3. dos filetimes
          4. dos filetime resolution
          5. fake directory create times
      2. Magic Scripts
        1. magic script
        2. magic output
      3. Internationalization
        1. client code page
        2. character set
        3. coding system
        4. valid chars
      4. WinPopup Messages
        1. message command
      5. Recently Added Options
        1. change notify timeout
        2. machine password timeout
        3. stat cache
        4. stat cache size
      6. Miscellaneous Options
        1. deadtime
        2. dfree command
        3. fstype
        4. keep alive
        5. max disk size
        6. max mux
        7. max open files
        8. max xmit
        9. nt pipe support
        10. nt smb support
        11. ole locking compatibility
        12. panic action
        13. set directory
        14. smbrun
        15. status
        16. strict sync
        17. sync always
        18. strip dot
      7. Backups with smbtar
    10. 9. Troubleshooting Samba
      1. The Tool Bag
        1. Samba Logs
          1. Log levels
          2. Activating and deactivating logging
          3. Logging by individual client machines or users
        2. Samba Test Utilities
        3. Unix Utilities
          1. Using trace
          2. Using tcpdump
      2. The Fault Tree
        1. How to use the fault tree
        2. Troubleshooting Low-level IP
          1. Testing the networking software with ping
          2. Testing local name services with ping
          3. Testing the networking hardware with ping
          4. Testing connections with ping
        3. Troubleshooting TCP
          1. Testing TCP with FTP
        4. Troubleshooting Server Daemons
          1. Before you start
          2. Looking for daemon processes with ps
          3. Looking for daemons bound to ports
          4. Checking smbd with telnet
          5. Testing daemons with testparm
        5. Troubleshooting SMB Connections
          1. A minimal smb.conf file
          2. Testing locally with smbclient
          3. Testing connections with smbclient
          4. Testing connections with NET USE
          5. Testing connections with Windows Explorer
        6. Troubleshooting Browsing
          1. Testing browsing with smbclient
          2. Testing the server with nmblookup
          3. Testing the client with nmblookup
          4. Testing the network with nmblookup
          5. Testing client browsing with net view
          6. Browsing the server from the client
        7. Other Things that Fail
          1. Not logging on
        8. Troubleshooting Name Services
          1. Identifying what’s in use
          2. Cannot look up hostnames
          3. Long and short hostnames
          4. Unusual delays
          5. Localhost issues
        9. Troubleshooting Network Addresses
          1. Netmasks
          2. Broadcast addresses
          3. Network address ranges
          4. Finding your network address
        10. Troubleshooting NetBIOS Names
      3. Extra Resources
        1. Documentation and FAQs
        2. Samba Newsgroups
        3. Samba Mailing Lists
        4. Samba Discussion Archives
        5. Further Reading
    11. A. Configuring Samba with SSL
      1. About Certificates
        1. What is a Certificate?
        2. What is an X.509 certificate, technically?
        3. What are the implications of this certificate structure?
      2. Requirements
      3. Installing SSLeay
        1. Configuring SSLeay for Your System
        2. Configuring Samba to use SSL
        3. Becoming a Certificate Authority
        4. Creating Certificates for Clients
        5. Configuring the Samba Server
        6. Testing with smbclient
      4. Setting Up SSL Proxy
      5. SSL Configuration Options
        1. ssl
        2. ssl hosts
        3. ssl hosts resign
        4. ssl CA certDir
        5. ssl CA certFile
        6. ssl server cert
        7. ssl server key
        8. ssl client cert
        9. ssl client key
        10. ssl require clientcert
        11. ssl require servercert
        12. ssl ciphers
        13. ssl version
        14. ssl compatibility
    12. B. Samba Performance Tuning
      1. A Simple Benchmark
      2. Samba Tuning
        1. Benchmarking
        2. Things to Tweak
          1. Log level
          2. Socket options
          3. read raw and write raw
          4. Opportunistic locking
          5. IP packet size (MTU)
          6. The TCP receive window
          7. max xmit
          8. read size
          9. read prediction
        3. Other Samba Options
        4. Our Recommendations
      3. Sizing Samba Servers
        1. The Bottlenecks
        2. Reducing Bottlenecks
        3. Practical Examples
        4. How Many Clients can Samba Handle?
          1. How to guess
        5. Measurement Forms
    13. C. Samba Configuration Option Quick Reference
      1. Configuration Options
        1. admin users = user list
        2. allow hosts = host list
        3. alternate permissions = boolean
        4. [global] announce as = system type
        5. [global] announce version = number.number
        6. [global] auto services = share list
        7. available = boolean
        8. [global] bind interfaces only = boolean
        9. browsable = boolean
        10. blocking locks = boolean
        11. [global] browse list = boolean
        12. [global] case sensitive = boolean
        13. [global] case sig names = boolean
        14. [global] change notify timeout = number
        15. character set = name
        16. client code page = name
        17. coding system = code
        18. comment = text
        19. [global] config file = pathname
        20. copy = section name
        21. create mask = octal value
        22. create mode = octal permission bits
        23. [global] deadtime = minutes
        24. [global] debug level = number
        25. [global] debug timestamp = boolean
        26. [global] default = name
        27. default case = case
        28. [global] default service = share name
        29. delete readonly = boolean
        30. delete veto files = boolean
        31. deny hosts = host list
        32. [global] dfree command = command
        33. directory = pathname
        34. directory mask = octal permission bits
        35. directory mode = octal permission bits
        36. [global] dns proxy = boolean
        37. [global] domain logons = boolean
        38. [global] domain master = boolean
        39. dont descend = comma-list
        40. dos filetimes = boolean
        41. dos filetime resolution = boolean
        42. [global] encrypt passwords = boolean
        43. exec = command
        44. fake directory create times = boolean
        45. fake oplocks = boolean
        46. follow symlinks = boolean
        47. force create mask = octal permission bits
        48. force create mode = octal permission bits
        49. force directory mask = octal permission bits
        50. force directory mode = octal permission bits
        51. force group = unix group
        52. force user = name
        53. fstype = string
        54. [global] getwd cache = boolean
        55. group = group
        56. guest account = user
        57. guest ok = boolean
        58. guest only = boolean
        59. hide dot files = boolean
        60. hide files = slash-separated list
        61. [global] homedir map = NIS map name
        62. hosts allow = host list
        63. hosts deny = host list
        64. [global] hosts equiv = pathname
        65. include = pathname
        66. [global] interfaces = interface list
        67. invalid users = user list
        68. [global] keepalive = number
        69. [global] kernel oplocks = boolean
        70. [global] ldap filter = various
        71. [global] ldap port = various
        72. [global] ldap root = various
        73. [global] ldap server = various
        74. [global] ldap suffix = various
        75. [global] load printers = boolean
        76. [global] local master = boolean
        77. [global] lm announce = value
        78. [global] lm interval = seconds
        79. [global] lock directory = pathname
        80. locking = boolean
        81. [global] log file = pathname
        82. [global] log level = number
        83. [global] logon drive = drive
        84. [global] logon home = path
        85. [global] logon path = pathname
        86. [global] logon script = pathname
        87. lppause command = /absolute_ path/command
        88. lpresume command = /absolute_ path/command
        89. [global] lpq cache time = seconds
        90. lpq command = /absolute_ path/command
        91. lprm command = /absolute_ path/command
        92. machine password timeout = seconds
        93. magic output = pathname
        94. magic script = pathname
        95. mangle case = boolean
        96. mangled map = map list
        97. mangled names = boolean
        98. mangling char = character
        99. [global] mangled stack = number
        100. map aliasname = pathname
        101. map archive = boolean
        102. map hidden = boolean
        103. map groupname = pathname
        104. map system = boolean
        105. max connections = number
        106. [global] max disk size = number
        107. [global] max log size = number
        108. [global] max mux = number
        109. [global] max packet = number
        110. [global] max open files = number
        111. [global] max ttl = seconds
        112. [global] max wins ttl = seconds
        113. [global] max xmit = bytes
        114. [global] message command = /absolute_ path/command
        115. min print space = kilobytes
        116. [global] min wins ttl = seconds
        117. name resolve order = list
        118. [global] netbios aliases = list
        119. netbios name = hostname
        120. [global] networkstation user login = boolean
        121. [global] nis homedir = boolean
        122. [global] nt pipe support = boolean
        123. [global] nt smb support = boolean
        124. [global] null passwords = boolean
        125. ole locking compatibility = boolean
        126. only guest = boolean
        127. only user = boolean
        128. oplocks = boolean
        129. [global] os level = number
        130. [global] packet size = bytes
        131. [global] passwd chat debug = boolean
        132. [global] passwd chat = command sequence
        133. [global] passwd program = program
        134. [global] password level = number
        135. [global] password server = netbios names
        136. panic action = /absolute_ path/command
        137. path = pathname
        138. postexec = /absolute_ path/command
        139. postscript = boolean
        140. preexec = /absolute_ path/command
        141. [global] preferred master = boolean
        142. preload = share list
        143. preserve case = boolean
        144. print command = /absolute_ path/command
        145. print ok = boolean
        146. printable = boolean
        147. [global] printcap name = pathname
        148. printer = name
        149. printer driver = printer driver name
        150. [global] printer driver file = path
        151. printer driver location = path
        152. printer name = name
        153. printing = style
        154. [global] protocol = protocol
        155. public = boolean
        156. queuepause command = /absolute_ path/command
        157. queueresume command = /absolute_ path/command
        158. read bmpx = boolean
        159. read list = comma-separated list
        160. read only = boolean
        161. [global] read prediction = boolean
        162. [global] read raw = boolean
        163. [global] read size = bytes
        164. [global] remote announce = remote list
        165. [global] remote browse sync = address list
        166. revalidate = boolean
        167. [global] root = pathname
        168. [global] root dir = pathname
        169. [global] root directory = pathname
        170. root postexec = /absolute_ path/command
        171. root preexec = /absolute_ path/command
        172. [global] security = value
        173. [global] server string = text
        174. set directory = boolean
        175. [global] shared file entries = number
        176. shared mem size = bytes
        177. [global] smb passwd file = path
        178. [global] smbrun = /absolute_ path/command
        179. share modes = boolean
        180. short preserve case = boolean
        181. [global] socket address = IP address
        182. [global] socket options = socket option list
        183. [global] status = boolean
        184. strict sync = boolean
        185. strict locking = boolean
        186. [global] strip dot = boolean
        187. [global] syslog = number
        188. [global] syslog only = boolean
        189. sync always = boolean
        190. [global] time offset = minutes
        191. [global] time server = boolean
        192. unix password sync = boolean
        193. unix realname = boolean
        194. update encrypted = boolean
        195. user = comma-separated list
        196. username = comma-separated list
        197. username level = number
        198. [global] username map = pathname
        199. valid chars = list
        200. valid users = user list
        201. veto files = slash-list
        202. veto oplock files = slash-list
        203. volume = share name
        204. wide links = boolean
        205. [global] wins proxy = boolean
        206. [global] wins server = host
        207. [global] wins support = boolean
        208. [global] workgroup = name
        209. writable = boolean
        210. write list = comma-separated list
        211. write ok = boolean
        212. [global] write raw = boolean
      2. Glossary of Configuration Values
      3. Configuration File Variables
    14. D. Summary of Samba Daemons and Commands
      1. Samba Distribution Programs
        1. smbd
          1. Other signals
          2. Command-line options
          3. Testing/debugging options
        2. nmbd
          1. Signals
          2. Command-line options
          3. Testing/debugging options
        3. Samba Startup File
        4. smbsh
          1. Options
        5. smbclient
          1. General command-line options
          2. Smbclient operations
          3. Printing commands
          4. Tar commands
          5. Command-line message program options
          6. Command-line tar program options
          7. Command-line query program
          8. Command-line debugging /diagnostic program options
        6. smbstatus
          1. Options
        7. smbtar
          1. Options
        8. nmblookup
        9. smbpasswd
          1. Regular user options
          2. Root-only options
        10. testparm
          1. Options
        11. testprns
        12. rpcclient
        13. tcpdump
          1. Options
    15. E. Downloading Samba with CVS
    16. F. Sample Configuration File
    17. Index
    18. Colophon