Samba configuration details

Use Linux and Samba to replace Windows NT / 2000 Server Summary: This article provides programs for LinuxFocus articles about Samba for sharing resources in UNIX-Windows heterogeneous networks. In particular, it focuses on running Windows with Samba. This is not only because Linux is strong and flexible, but also for economic considerations: * greatly saves the license fee for the purchase of Windows servers. * To achieve similar performance performance, Linux uses fewer hardware resources than Windows (also processor and memory). A proper Linux server that runs Samba configuration can replace Windows NT / 2000 servers, which generally share directory, providing Active Directory Service, ADS, but it can be the primary domain controller (PDC), Perform Windows 2000 / NT / 98/95 as a user authentication, shared resource (directory, and printer) and custom user sessions. This article is mainly focused on these aspects. Many computer environments are based on the Functions provided by Windows servers. The Linux server with Samba will replace all Windows-based systems without changing the client. The following steps to be discussed assume that Samba has been installed and running the correct machine will be used as a server. Readers need the basic knowledge of Linux and Windows servers. Case Study Considering Linux / Samba Server As the Main Domain Controller (PDC), each certified user enters two shared directories, one is a public space, one is private space. In this article, discussing an extremely common situation in entering private data space, that is, each user has a personal directory. Details to be considered: Linux / Samba Netbios Name: SMBServerWindows Domain Name (Working Group): TheDomain's private partition: H: (Windows) => / home / (Linux Server) Public partition: P: (Windows) => / HOME / PUBLIC Figure 1 shows a simple network diagram, the client runs the Windows system, using the resources and services provided by Windows NT / 2000 servers. This server can be replaced by Linux / Samba servers. Fig. 1 - The primary domain controller and file server configuration running on a Windows server follow these steps: 1) Creating users to be authenticated in the primary domain server (Linux / Samba). Using the addUser command, UserAdd or UserConf, you can use some user-managed tools, or a graphical interface (Webmin, LinuxConf, YaST, etc.). Need to confirm that if the user enters Linux / Samba service (if you want), This means that the user does not have to enter the Linux command line, so that only the home directory is set to / dev / null, the command line is set to / bin / false. 2) Convert UNIX users to Linux / Samba / Windows users to generate a SMBPASSWD file. CAT / etc / passwd | mksmbpasswd.sh> / etc / samba / smbpasswd another method is to perform the Samba command to create a user and definition password: SMBADDUSERSMBPASSWD These commands and adduser have a similar role as PASSWD.

3) Edit Samba's profile (SMB.CONF), you have to determine the addition or minus the following marked options: NetBIOS name = SMBSERVERWORKGROUP = theDOMAINSERVER STRING = Linux Samba NT ServerLog File = / var / log / samba /% m.logmax log file = 0security = userencrypt password = yessmb password file = / etc / samba / smbpasswdssl CA certificate = / usr / share / ssl / .... (cancel comment) socket options = (cancel comment) local master = yespreferred Master = yesdomain master = yesdomain logons = yeslogon script = logon.batwins support = yes Note: For each user's unique landing (login), you need to replace the original "login description" using the "% u.bat" file (Login " Script). Such a "landing description" with your own username is also available.% U can be used. If you want to define the user belong to that group, you can use% g or% g, these parameters, and other parameters Definitions can be found in the manual. (Man SMB.CONF) 4) Creating a shared resource editing the smb.conf file and commenting all the "shared" examples, add the following information, if there is no necessary words, no change: [Netlogon] comment = initialization scriptspath = / home / netlogonread only = yesguest ok = yesbrowseable = no [home] comment = User Directorypath = / home /% Ubrowseable = yeswritable = yes [public] comment = public Directorypath = / home / publicbrowseable = yeswritable = yesguest ok = yescreate mask = 0777force create mask = 0777 Save the SMB.conf file. 5) You can use the following command to verify that smb.conf is correct: TestParm These commands analyze the smb.conf file and report the discovered error. 6) Create / Home / Netlogon and / Home / Public Directory separately, respectively. 7) Edit the logon description file Logon.bat. Important: Use the DOS / Windows text editor (such as NOTEPAD or EDIT) to create a logon.bat file (so saved text files is a Microsoft-compatible form), you can also do this on Linux but you must convert into The correct text form. You can use the command ": set textmode" such as a vim to get a file with a Microsoft line.

NET TIME SMBSERVER / Y (You CAN Also Use: / Yes INSTEAD OF / Y) NET Use H: SMBSerHome -Y (You CAN Also Use: / Yes Or / Y ISTEAD OF -Y) NET USE P: SMBSERVERPUBLIC -Y8 Add to SMBServer information is in the LMHOSTS file. Edit the / etc / lmhosts file / etc / lmhosts file and join the row of SMBSERVER information. SMB servers, such as: 192.168.0.10 SMBServer9) Restart Samba's Background Program (SMBD). Service SMB RESTART If you don't work in your Linux version, you can use the following command: ps -auxgx | grep smbkill -9 SMBD10) Use SMBClient to verify that the above configuration is correct. SMBCLIENT -L // SMBSERVER If "Password:" is displayed, press the "Enter" button, the resource shared by the server will appear. 11) Use the Windows 95/98 / NT computer to log in to the domain THEDOMAIN, using Linux / Samba created users (see steps 1 and 2). In 95/98 / me, the configuration can follow the order: Start => Setting => Control Panel => Network => Microsoft Network Customer => Properties. The Windows NT / 2000 (Workstation / Professional Edition) is also similar to the usage, the order is not the same. Click Options "Start Session in Windows NT / 2000 Domain" and Write the Domain Name TheDomain (Workgroup). An instance of a profile A complete Samba configuration file is listed as follows, this file is tested in a non-linked Linux distribution version. The reader can modify it to achieve the result you want. Each of these instructions are properly annotated. Finally, the suggestion for those who want to quickly configure Samba is to install Webmin or SWAT, which allows you to make it easy. # ===================================================== =========== ## /etc/smb.conf# -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- ---------------------------- ## Samba Main Profile # Profile The skeleton of the configuration file, select the parameters according to your needs.

# ------------------------------------------------- -------------------------------------------------- --------- ## Test the system: Solaris system and Linux all release version # Redhat 6.0, 7.0 and 7.1 # Solaris 7 # Slackware 7.x # Mandrake 6.1, 7.0 and 8.1 # SUSE 7.2 # - -------------------------------------------------- -------------------------------------------------- ------ ## last change time: 08/12/2001 # author: Sebastian Sasias - sasias@Linuxmail.org#==================== ================================================ ### This file is developed according to Samba specifications. You can see the SMB.CONF (5) manual. ## Obs: After changing this file, use the "TestParm" command to test.

## ======================== Global options ======================= = ### Total configuration # [Global] # ....................................... ................................................ ............................................. ## Workgroup = NT -Domain-name o Workgroup-name, such as: the 3Ain # pdc domain Workgroup = the 3ain (not case sensitive) # ....................... ................................................ ................................................ ......... ## The name of this machine declared in other machines Netbios name = SMBSERVER # ..................... ................................................ ................................................ ........... ## This statement will appear in Windows "Network Neighbors" Server String = Samba Server de Este Lugar # ............. ................................................ ................................................ ................ ## This line is critical because of the reason for security, which is only connected to a specific computer in the local area. # In this example, the interface of the 192.168.8.0 (Class C network) network # and "loopback" can be connected. # More details, please read the SMB.CONF MAN manual. # P如: Only the address after IP of the specified start can share resources. # 192.168.8 and 127 (Note from later); hosts allow = 192.168.8. 127. # ......................... ................................................ ................................................ ... ## If you want to automatically load a list of printers, you don't have to enter a manual entry, you can use:; loading printers = yes # ............ ................................................ ................................................ .................... ## The path to PrintCap is possible.

PRINTCAP Name = / etc / printcap # ....................................... ................................................ ........................................... ## PrintCap in the Systemv system The LPSTAT Name Property must allow # to acquire a list of printers from the SPOOL system from SystemV (such words! :-)). PRINTCAP Name = lpstat # .......................................... ................................................ ........................................ ## If the printer system is non-standard, Need to specify what print system. # Now supported printing systems include: # BSD, SYSV, PLP, Lprng, AIX, HPUX, QNX; Printing = BSD # ....................... ................................................ ................................................ ......... ## If you need a guest account, don't comment out below. # You must join this to / etc / passwd, otherwise this user has no "people" available. Guest Account = pcguest # .......................................... ................................................ ........................................ ## The following is made to make each computer There is a different log file, and the file is connected to the Samba server. Log file = /VAR/LOG/Samba/log.%M # ................................. ................................................ ............................................. # Set the limit of the Log file length (unit KB). Max log size = 50 # .......................................... ................................................ ........................................ ## Read safe_level.txt for more Detail # Specify how to verify password # User-level security policy = Every user has its own password (Samba password) Security = user # ................... ................................................ ................................................ ............... ## If you use a server-level security policy, the verification process is performed on another machine. # Only when using the server-level security policy, use the value "Password Server" # password server equal to [Authentication Server Address].

Password server = # .................................. ................................................ ..............................................## If you To use an encrypted password, read Encryption.txt in the Samba document, # Win95.txt and Winnt.txt. # You only know enough information to understand this property to use it. # Information: Win95, Win98 and Winnt can send encrypted passwords. Encrypt passwords = yes # ........................................... ................................................ ....................................... ## Use the following line to customize your configuration . # On each computer in the network,% m replaces the name of its own NetBIOS. Include = /usr/local/samba/lib/smb.conf.%M # ............................. ................................................ ................................................ ... ## You will find documents and some popular "prompts" will tell you that the following options can get better performance. # Try! # Read Speed.txt and Manual to know more details. Socket options = tcp_nodelay # ........................................... ................................................ ....................................... ## samba can configure a variety of network interfaces. # If you use a variety of network interfaces, you must listed below. # Read the manual to know more details. Interfaces = 192.168.8.2/24 192.168.12.2/24 # .................................. ................................................ ................................................ ## Browser Control Options: # If you don't want Samba as the primary browser in the network, set "Local Master = No". Local master = yes # ........................................... ................................................ ....................................... ## On the OS level, this server is elected Browser priority settings. # Generally, the default value may be possible. oth Level = 33 # .......................................... ................................................ ........................................ ## domain host Specifies Samba to become the main domain Browser.

# This allows the Samba Run Domain Controller and can be "see" in different TCP / IP subnets. # If you use a Windows NT / 2000 domain controller, you should not use it. Domain master = yes # ........................................... ................................................ ..................................... ## More advanced domains make Samba becomes a local Browser, # this makes it more opportunities (elections become domain owners). # If we have more than 2 servers, high-level servers will be more popular, #Trientels. Preferred master = yes # ........................................... ................................................ ..................................... ## Only you use NT / 2000 server One main domain controller (PDC) is running, you can use the following. Domain controller = # .................................. ................................................ ................................................ ## If you want to regard Samba as a "domain login server" in a Windows 9x / ME station, you have to use the following. Domain logons = yes # ............................................. ................................................ ..................................... ## If you use the "domain landing", You must use a landing script, # in each machine or each user in the Windows network. # Specific login batch of each workstation is; logon script =% m.bat # Each user's specific login batch is; logon script =% u.bat # ........... ................................................ ................................................ ..................... ## There is a sporadic Profiles file (only for Win95 and WinNT) #% L replaces the NetBIOS name of this server,% U replaces Username # If you use it, do not comment out of the PROFILES share below; logon path = /% lprofiles /% U # ....................... ................................................ ................................................ ........... ## Windows Internet Resolution Server: # WINS Support - Inform NMBD Enable its WINS server. # WINS protocol converts the machine name into an IP address, # it works like DNS in TCP / IP.

Wins support = yes # ........................................ ................................................ ............................................................................................................................................................................................................. Become a customer of WINS. # Samba server can be one of them: WINS server or WINS client, # but can not be two people. # Here the WINS IP server must be specified. WINS Server = 192.168.8.1 # ........................................ ................................................ .......................................................... ## WINS Agent - Inform Samba Response Request for the name parsing of customers without WINS capabilities, # This situation is only valid when there is at least one WINS server in the network. # 缺. Wins proxy = yes # ............................................ ................................................ ........................................ ## DNS agent - Inform Samba Whether to resolve NetBIOS Name # version 1.9.17 built-in default is "Yes", from version 1.9.18 to "No" # Here we can tell Samba name resolution Use DNS or not. # DNS proxy = yes # DNS proxy = no (name resolution will be worth) # ......................... ................................................ ................................................ ....... ## If the driver of the login is not specified, Z: The unit will automatically log in.

Logon Drive = P: # .......................................... ................................................ ...................................... ## When a login appears, this script Performed: /etc/samba/netlogon/samba.bat# and use "netuse" to log in to disk unit logon script = samba.bat # ==================== == Share definitions ======================== ## Each user's private directory # Unit P: [homes] comment = Home DirectoriesBrowSeable = nowRitable = YESREADONLY = NOFORCE CREATE MODE = 0700create mode = 0700force directory mode = 0700directory mode = 700 # ---------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- -------------------------- ## Temporary Document Directory # Unit T: [TMP] Comment = Tempora FileSPATH = / TmpReadOnly = Nopublic = YESWRITABLE = YESforce create mode = 0777create mode = 0777fort directory mode = 0777directory mode = 0777 # ---------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- ------------------------ ## server CD-ROM # unit L: [CDROM] comment = cd-rompath = / mnt / cdromPublic = YESWRITABLE = No # ----------------- -------------------------------------------------- ----------------------------------------- ## group, according to / home / grp .name_group # / home / user / group is /Home/grp.name_group a link # Grp.name_Group Usage Permissions 770 # Unit G: [Group] Comment = Directory of GroupPath = / Home /% u / groupwritable = yesreadonly = NOFORCE CREATE MODE = 0770CREATE MODE = 0770force directory mode = 0770directory mode =

0770 # ---------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- ---------- ## This unit stores application software, install software, dedicated software, etc. # / net and / net / install permissions are 755, such as here, root is its owner # unit N: [Net] comment = Directory NetPath = / netwritable = yesreadonly = NOFORCE CREATE MODE = 0750create mode = 0750force directory mode = 0750Directory mode = 0750 # ------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------- ------------- # [Netlogon] Comment = Logon Services in the networkpath = / etc / samba / netlogonguest ok = yeswritable = nolocking = NOPUBLIC = NobrowSeable = YESSHARE MODES = no # ---- -------------------------------------------------- -------------------------------------------------- ---- ## ============================================= =========== The last considerations of Samba packages and other tools used on Linux are constantly developing, so some details that may be lecture will lose utility. In fact, some parameter names in Samba have changed small in the configuration file and maintain a more optimized structure. If you find some unknown parameters in the Samba configuration, you may have 2 simple ways to solve it: * Read the default SMB.conf file, the same lines are generally commented, some "may produce Information of the parameters of the problem. * Read the Samba documentation starting from the document describing the last version of the last version.