Wednesday, March 31, 2010

How to Install and configure a Samba Server in linux rhel5 / centos /all about samba

Samba have mainly following important uses:
  1. As a domain controller
  2. As a file server

This post explains how to configure and install Samba Server (Samba linux) in redhat rhel5 / Centos5 system. it'll work for other similar distros.
Samba provides mainly two services
1)file and
2)print services.
It allows data transfer between Linux boxes and Windows boxes. Samba uses SMB protocol to communicate with windows.

### Important Daemons in Samba ###
These are the mail services or daemons that runs samba.
smbd (139/445 _cifs)
nmbd (137/138)
winbindd - Mapping of users [ADS]

### Installing and Configuring a Samba Server ###
If you have a yum server configured, execute the following steps. Else find the required rpms and install.
# yum install samba*

The following packages will be installed.
xinetd [dep]
samba
samba-client
samba-swat

Start the samba service.

#/etc/init.d/smb start
SMB services started
NMB services started
#chkconfig smb on


Important fields in /etc/samba.smb.conf [Samba configuration file] :

When you use samba server there is one important thing you have to note. Thats in the configuration file. In glogal settings there is a "workgroup" field. In that you have to give the domain name if your windows machine belongs to one. Or you can give workgroup name if it is belongs to any. For sharing files and folders workgroup is enough.
You can make the above changes in windows also, but it requires rebooting of the windows machine. So its better you change the corresponding fields in linux box.

There is also another field "server string" in global settings. Its just as hostname. You can give any name by which you can identify the samba box.

The field "host allow" specifies the hosts which are allowed for the particular share. See the example below.

host allow = 192.168.0.21 #allow 192.168.0.21 only
host allow = 192.168.0. # allows all the machines starting with 192.168.0. network.

The field "write list" specifies the group of users who has write permission on that share.
For example

write list = @admins #the group admins has the write permission on that share.
The field "valid users" means only that users specified has access to that share.

valid users = root, samba1
## Some useful samba linux commands ##


#findsmb
The command findsmb returns the systems running samba compatible services.

#smbtree
smbtree is a smb browser program in text mode. It is similar to the "Network Neighborhood" found on Windows computers. It prints a tree with all the known domains, the servers in those domains and the shares on the servers.

To login Annonimously to a Windows box. If enabled.
[root@vm1 ~]# smbclient //192.168.0.77/Share_name -N
Anonymous login successful

[root@vm1 ~]# smbclient -L 192.168.0.77 [192.168.0.77 is a Windows box]
binds to windows as guest user. you have to enable the guest user login.
shows the domains and workgroups but not the shares. To see shares you have to login as privillaged user.

How to list the shares in a windows machine to a samba server?
[root@vm1 ~]# smbclient -L 192.168.0.77 -U administrator
binds to windows as administrator. You can see all the shares in the system. It will promt password.
Note: administrator is the windows user.

### using samba credential file ###
Using a credential file you can save time. The format of the file and the usage given below.

#vi samba_password

username = administrator
password = ******
:wq
[root@vm1 ~]# smbclient -L 192.168.0.77 -A samba_passwd

### smbget ###
How to get a file from windows machine to linux samba server using smbget command?
smbget is a wget-like utility for download files over SMB
[root@vm1 ~]# smbget -u administrator -p redhat smb://192.168.0.77/chanku/samba_sambaget.txt
downloads samba_sambaget.txt to local system.

### smbtar ###
How to get all files in windows share archived to linux samba server?
smbtar is a shell script for backing up SMB/CIFS shares directly to UNIX tape drives or directories.

[root@vm1 ~]# smbtar -s 192.168.0.77 -u administrator -p redhat -t chanku.tar -v -x chanku
It will archive all the files and directories in share "chanku" and will download to local directory. Empty files will not be archived.

### Mounting a Windows Share to a Linux box ###
How to mount windows share to linux samba server using cifs?
[root@vm1 ~]# mount -t cifs -o username=administrator //192.168.0.77/chanku /mnt
mounts the remote windows share 192.168.0.77/chanku into local linux samba machine.

smbfs - rhel4
cifs - rhel5 common internet file system

###File masks and Directory masks###
[root@vm1 ~]# mount -t cifs -o username=administrator,file_mode=0777,dir_mode=0755 //192.168.0.77/chanku /mnt
will mount the share with file permissions 777 and directory permissions 755.

###Mounting Samba permanently###
How to mount a windows share to linux samba server permanently?
Goto /etc/fstab and add the entry for samba share as shown below
//192.168.0.77/chanku /mnt cifs defaults,username=administrator,password=redhat,file_mode=0777,dir_mode=0755 0 0

[FOR COMMUNICATING A WINDOWS MACHINE AND A SAMBA SERVER SMOOTHLY THEY SHOULD BE IN SAME WORKGROUP]

### Adding a SAMBA user ###
How to add a samba user to linux samba server?
#smbpasswd -a username
Give and verify password for username

### Configuring WINS Client For Samba ###
speed ups the resolution of netbios name to IP

Samba name resolution:
Default Order
1. /etc/hosts
2. /etc/samba/lmhosts
3. WINS - One or more IP Addresses
4. Broadcast 192.168.0.255

### Steps In windows ###
Installation:
Control panel -> Add/Remove programs -> Add/Remove Windows components ->
network services -> Windows Interent Name Service -> Install

Configuration:
Start -> Administrative tools -> WINS Check!

Control panel -> Network Connections -> Local Area Connection -> Properties ->
TCP/IP -> Advanced -> WINS tab

Add wins server IP
Ip of windows machine. Which we use as wins server.
Display records after restarting the smb service in linux box[steps below] and click find now

### Steps in linux ###
vi /etc/samba/smb.conf
Name resolve order = wins host lmhosts bcast
wins support = no
wins server = 192.168.0.60
#service smb restart

now when we execute
#smclient -v -U administrator -L linuxcbt2k3
gives the result fast because itstead of using broadcast search, it uses wins server for resolution.
-v for verbose. to check whether it is still using broadcast method.

### Share Level Security ###
Default is User level. We can change it in smb.conf file. as

security = user
or
security = share

in /etc/samba/smb.conf file
[public]
path = /public
public = yes It is to enable guest user mount in windows.
read only = yes

in output of #testparm
[public]
path = /public
guest ok = Yes

### SAMBA - SWAT ###
SWAT - Samba Web Administration Tool

### SWAT INSTALLATION ###
#yum install samba-swat

vi /etc/xinetd.d/swat

# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
disable = no //Change the 'yes' to 'no'.
port = 901
socket_type = stream //means tcp based
wait = no
# only_from = 127.0.0.1 //If not commented can be accessible only from localhost. increase security
user = root //In order to bind privillaged port 901
server = /usr/sbin/swat
log_on_failure += USERID
:wq

#service xinetd restart

### SWAT INTERFACE ###
Take any browser and give following url in address bar.
http://IP_of_samba_server:port_number_of_swat[901]
http://192.168.0.21:901

samba log files can be found in
/var/log/samba

### NETBIOS ALIASES ###
setting alias

access the global section in swat
goto advanced mode
netbios aliases [give names]
now you can access the aliases machine in many names.

### Blocking a particular user from accessing a share. ###
goto swat and take shares section
goto the advance mode
choose the share u want to modify
in invalid users field
give the user names u want to block with commas.

Restart the service
#service smb restart

1 comment: