Samba/Configuring a Workgroup from the Shell with Samba

Configuring Samba
After you have installed Samba, you need to configure it:

Samba is configured by editing the smb.conf file, which is generally located in /etc/samba/. There is usually a smb.conf.example file that is well commented and will help you on your way to configuring the server. Just edit it and save it as smb.conf for an easy way get the server running.

Using Samba
To start samba, start its two daemons, smbd and nmbd.

Your computer's shared directories and files should now also be viewable on your windows network (My Network Places).

To view windows shares in the Linux environment run the smbtree command.

Decide before what you really want
This topic forks in two branches:

- Server (File, print, etc.)

- Domain Controller

Of course it is an oversimplification. You can combine these approaches, but for now keep it simple to avoid unnecessary trouble.

Server
- A file server consists in computer shares - files, printers, devices, queues, etc. - in a network controlled by smbd daemon.

It's a role of smbd take care of grant or deny controlled access to these parts.

Server KISS
There are many forms to configure and install samba. Better is to keep it simple, focusing your needs. To a hurry sysadmin, or even poorman, I recommend some basic approach, delaying complexities and security tuning for future iterations.

Shortly, it is a Standalone Server for centralized tasks: file and print serving.

Backup your original in smb.conf:


 * 1) cd /etc/samba
 * 2) mv smb.conf smb.conf.orig
 * 3) touch smb.conf

and insert these lines in the new one:

[global] workgroup = SAMBAGRP netbios name = SAMBAKISS security = SHARE passdb backend = guest [data] comment = Public Data path = /srv/myshares read only = no

This approach requires just one account - guest - to connect. To add guest account, follow script:

adduser script fits well
 * 1) Create guest account on Unix system
 * 2) Block local access changing shell to false
 * 3) Eliminate password from guest account


 * 1) adduser --home /dev/null --shell /bin/false --no-create-home --uid 65533 --disabled-password guest

New SMB password: (type ENTER) Retype new SMB password: (type ENTER) Added user guest.
 * 1) Create or map samba account
 * 2) smbpasswd -a guest

Domain Controller
[TODO]

Basic Check
It's a good idea to check samba running parts in a host machine, before start:

$ ps ax &#166; grep .*mbd

Usually there are two process, nmbd and smbd, (number of smbd instances and path of daemon may vary). It indicate that samba is running.

$ ps ax &#166; grep mbd 29402 ?       Ss     0:03 /usr/sbin/nmbd -D 29404 ?       Ss     0:00 /usr/sbin/smbd -D

Another way (more sophisticated) requires root privileges:

$ sudo smbcontrol nmbd ping PONG from pid 29402 $ sudo smbcontrol smbd ping PONG from pid 29407 (number of smbd daemons may vary)

Samba main parts are daemons named smbd and nmbd.


 * smbd: take care of files, logons, shares, etc
 * nmbd: deal with names

When you are using samba suite, you are sending requests to these daemons, mostly to smbd.

Database moves
Samba uses files to keep its controls. There are two types of files in focus: flat files and trivial database files.

User database have to be created and initialized and the main configuration file prepared with shares and system parameters. It's better to get a nice reading on existent documentation before try to implement a real production site, identify and possibly write down instructions.

Its is common to start a samba server based on a fire-up and forget philosophy, and later (at an year basis) have to recover in a hurry the same server and find out you can't remember how to add users, tune, etc.

Tasks to Write Down
After configure or change smb.conf, it is recommended test modifications before start. You can do it running and reading possibly error messages or abnormalities
 * Check smb.conf

$mybox:~$ sudo testparm


 * Start/Stop samba

Actually, depending on your distribution, you will start samba running a previous prepared batch file, that resides on startup script set.

Debian based distributions use:

$mybox:~$ sudo /etc/init.d/samba start     # starts samba

$mybox:~$ sudo /etc/init.d/samba stop      # stops samba


 * Restart and check in one step


 * 1) /etc/init.d/samba restart && ps ax | grep mbd

[TODO] Using smbpasswd to - add user - change password
 * Add/Remove users

[TODO]
 * Check log files

[TODO]
 * Backup smb.conf and tdb databases