Samba configuration details

Use
Replacing Windows NT/2000 servers with Linux and samba

Abstract:

This article provides
This article describes how Samba is used to share resources on a Unix-Windows heterogeneous network.
Specifically, Samba is used to run Windows Services.
This is not only because Linux is powerful and flexible, but also because of economic considerations:

*
This greatly saves the cost of purchasing a Windows server license.
*
To achieve similar performance, Linux uses less hardware resources (processor and memory) than windows ).

An appropriate Linux server running Samba can replace windows
NT/2000 Server, which can generally share directories and provide active directory service (ADS)
However, it can be used as the master Domain Controller (PDC) for Windows 2000/NT/98/95
As client user authentication, shared resources (directories and printers) and custom user sessions.
This article focuses on these aspects.

Many computer environments use Windows
Based on the functions provided by the server, Linux with Samba
The server replaces all functions provided by windows without changing the client.
The following procedure assumes that a machine that has been installed in Samba and runs correctly will be used as a server. Reader needs
Basic knowledge of Linux and Windows servers.

Case Study

Consider Linux/samba
As the master Domain Controller (PDC), each authenticated user enters two shared directories: public space and private space. In this article, we will discuss
It is very common for a user to enter a private data space, that is, each user has a personal directory.

Details to consider:

Linux/samba
NetBIOS Name: smbserver
Windows Domain Name (workgroup): thedomain
Private partition for each user: H: (Windows)
=>/Home/(Linux Server)
Public partition: P: (Windows) =>
/Home/Public

Figure 1 shows a simple network where the client runs windows and uses Windows
Resources and services provided by the NT/2000 Server. This server can be replaced by the Linux/Samba server.

Fig. 1-
Master Domain Controller and file server running on Windows Server

Configuration

Follow these steps:

1)
Create a user to be authenticated on the Primary Domain Server (Linux/samba.
Use the adduser command, useradd or userconf,
You can use some user management tools or
It has a graphical interface (Webmin, linuxconf, YaST, etc ).

Make sure that if you only access the Linux/SAMBA service (If You Want ),
This means that you do not have to enter the Linux Command Line. In this case, you only need to set the home directory to/dev/null and the command line to/bin/false.

2)
Convert Unix users to Linux/samba/Windows users to generate the smbpasswd file.

CAT/etc/passwd |
Mksmbpasswd. Sh>
/Etc/samba/smbpasswd

Another method is to execute the samba command to create a user and define a password:

Smbadduser
Smbpasswd

These commands are similar to adduser and passwd.

3)
Edit the samba configuration file (smb. conf). Be sure to add or subtract the following options marked with comment:

NetBIOS name =
Smbserver
Workgroup = thedomain
Server String = Linux Samba NT
Server
Log File =/var/log/samba/% m. Log
Max log file = 0
Security =
User
Encrypt password = Yes
Smb password file =
/Etc/samba/smbpasswd
Ssl ca certificate =/usr/share/SSL/... (cancel
Comment)
Socket Options = (cancel comment)
Local Master = Yes
Preferred
Master = Yes
Domain Master = Yes
Domain logons = Yes
Logon script =
Logon. bat
Wins support = Yes

Note:
Login ),
Use the "% u. Bat" file to replace the original "login script ). In this way, each user has a "Login description" with its own user name, % u
If you want to define which group the user belongs to, you can use % G or % G. The definitions of these parameters and other parameters can be found in the Manual. (Man
Smb. conf)

4) create shared resources
Edit the smb. conf file and comment out all "sharing" examples. Add the following
If not necessary, do not change:

[Netlogon]
Comment = initialization scripts
Path
=/Home/netlogon
Read Only = Yes
Guest OK = Yes
Browseable =
No

[Home]
Comment = user directory
Path =/home/% u
Browseable =
Yes
Writable = Yes

[Public]
Comment = public directory
Path =
/Home/Public
Browseable = Yes
Writable = Yes
Guest OK = Yes
Create
Mask = 0777
Force create mask = 0777

Save the smb. conf file.

5)
You can use the following command to verify that smb. conf is correct:

Testparm

These commands analyze smb. conf
File and report the error.

6) Use permissions 0754 and 0777 to create/home/netlogon
And/home/public directory.

7) edit the logon description file logon. bat.
Important: Use the DOS/Windows text editor.
(Such as NotePad or edit) to create the logon. BAT file
(Therefore, the saved text file is compatible with Microsoft.) You can also do this on Linux, but you must convert it to the correct text format. You can use the vim command ": Set
Textmode "to get the file with the Microsoft line terminator.

NET Time smbserver/Y (you can also use:/Yes
Instead of/y)
Net use H: smbserverhome-y (you can also use:/yes or/y
Instead of-y)
Net use P: smbserverpublic-y

8)
Add the smbserver information to The LmHosts file.
Edit the/etc/samba/LmHosts file and
Add a line about smbserver information.

SMB server, such as 192.168.0.10 smbserver

9)
Restart the samba Background Program (smbd ).

Service SMB
Restart

If the command in your Linux version does not work, you can use the following command:
PS-auxgx | grep SMB
Kill
-9 <process ID of SMB>
Smbd

10)
Use smbclient to verify that the above configuration is correct.

Smbclient-l
// Smbserver

If "Password:" is displayed, press "enter" to display the shared resources of the server.

11)
Use a Windows 95/98/NT computer to log on to the domain thedomain,
Users created using Linux/samba (see steps 1 and 2 ).

In 95/98/Me, the configuration can be in the following order:

Start => set
=> Control Panel => network => Microsoft Network Customer => properties.

Windows
The usage is similar in NT/2000 (workstation/Professional Edition), and the sequence may be different.

Click the option "Start session in Windows NT/2000
Domain "and write down the domain name thedomain
(Workgroup ).

An instance of a configuration file

A complete Samba configuration file is listed as follows. This file has passed the test in an inaccessible Linux distribution version.
You can modify it to achieve the desired result. Each Command is properly annotated.

Finally, it is recommended for those who want to quickly configure Samba to install
Webmin Or SWAT. These tools make configuration easier.

#===================================================== ================================== #
#
/Etc/smb. conf
# Region #------------------------------------------------------------------------------------------------------------#
#
Samba main configuration file
#
Configure the file skeleton and select the parameters based on your needs.
# Region #------------------------------------------------------------------------------------------------------------#
#
Tested systems: Solaris and Linux released versions
# RedHat 6.0, 7.0, and 7.1
# Solaris 7
#
Slackware 7.x
# Mandrake 6.1, 7.0, and 8.1
# SuSE
7.2
# Region #------------------------------------------------------------------------------------------------------------#
#
Last modification time: 08/12/2001
# Author: Sebastian sasias-
Sasias@Linuxmail.org
#===================================================== ================================== #
#
#
This file is developed in accordance with Samba specifications. See the smb. conf (5) manual.
#
# Obs:
After changing this file, use the "testparm" command to test.
#
#====================================== Global Options
====================================== #
#
#
Total Configuration
#
[Global]
#....................................... ........................................ ........................................ ............... #
#
Workgroup = Nt-domain-name o workgroup-name, for example, thedomain
# PDC domain
Workgroup
= Thedomain
(Case Insensitive)
#....................................... ........................................ ........................................ ............... #
#
Name of the current machine declared in other machines
NetBIOS name =
Smbserver
#....................................... ........................................ ........................................ ............... #
#
This statement will appear in Windows's "Network Neighbor ".
Server String = Samba server de este
Lugar
#....................................... ........................................ ........................................ ............... #
#
This line is critical for security reasons. Only a specific computer connection is allowed in the LAN.
# In this example, the network is 192.168.8.0 (Class C network ).
#
And loopback interfaces can be connected.
# For more details, read the smb. conf man manual.
#
For example, a resource can be shared only after the specified IP address.
#192.168.8 and 127 (comments later)
; Hosts allow =
192.168.8.
127.
#....................................... ........................................ ........................................ ............... #
#
If you want to automatically load a printer list, you do not need to manually input one by one. You can use:
; Load printers =
Yes
#....................................... ........................................ ........................................ ............... #
#
It is possible to overwrite the printcap path.
; Printcap name =
/Etc/printcap
#....................................... ........................................ ........................................ ............... #
#
In the systemv system, printcap must allow the lpstat name attribute.
#
Automatically starting from systemv (this word! In the spool system to obtain the printer list.
; Printcap name =
Lpstat
#....................................... ........................................ ........................................ ............... #
#
If the printer system is non-standard, you need to specify the printing system.
# Currently, the supported printing systems include:
# BSD, sysv, PLP, LPRng, Aix,
HPUX, QNX
; Printing =
BSD
#....................................... ........................................ ........................................ ............... #
#
If you need a guest account, do not comment out the following line.
# Do you have to add this item to/etc/passwd; otherwise, this user will not be available as a "person.
; Guest
Account =
Pcguest
#....................................... ........................................ ........................................ ............... #
#
The following example shows that each computer has a different log file,
# Use this file to connect to the Samba server.
Log File =
/Var/log/samba/log. % m
#....................................... ........................................ ........................................ ............... #
#
Set the log file length limit (unit: KB ).
Max log size =
50
#....................................... ........................................ ........................................ ............... #
#
Read security_level.txt for more details.
# Password verification method
# User-level security policy = each user has his/her own password
(Samba password)
Security =
User
#....................................... ........................................ ........................................ ............... #
#
If a server-level security policy is used, the verification process is performed on another machine.
# The "password server" value is used only when server-level security policies are used"
#
The password server is the same as the authentication server address ].
; Password Server =
<NT-server-Name>
#....................................... ........................................ ........................................ ............... #
#
If you want to use an encrypted password, read encryption. txt In the samba document,
# Win95.txtand winnt.txt.
#
You can use this attribute only by knowing enough information about it.
# Information: an encrypted password can be sent to Win95, Win98, and WinNT.
Encrypt
Passwords =
Yes
#....................................... ........................................ ........................................ ............... #
#
Use the following lines to customize your configuration.
# % M replaces the NetBIOS name of each computer on the network.
; Include =
/Usr/local/samba/lib/smb. conf. % m
#....................................... ........................................ ........................................ ............... #
#
When you find documents and some popular "Tips", you will be notified of the following options for better performance.
# Try it!
#
Read speed.txt and the manual to learn more details.
Socket Options =
Tcp_nodelay
#....................................... ........................................ ........................................ ............... #
#
Samba can be configured with multiple network interfaces.
# If you use multiple network interfaces, you must list them below.
# Read the manual to learn more details.
;
Interfaces = 192.168.8.2/24
192.168.12.2/24
#....................................... ........................................ ........................................ ............... #
#
Browser control options:
# If you do not want Samba to be the main browser in the network, set "Local Master = No ".
Local
Master =
Yes
#....................................... ........................................ ........................................ ............... #
#
At the OS level, the server is elected as the master browser priority setting.
# Generally, the default value may be enough.
; OS level =
33
#....................................... ........................................ ........................................ ............... #
#
The domain host specifies that samba becomes the main browser in the domain.
# This allows Samba to run domain controllers and be "treated" as a machine in different TCP/IP subnets.
#
If you use a Windows NT/2000 Domain Controller, you should not use it.
Domain Master =
Yes
#....................................... ........................................ ........................................ ............... #
#
A more advanced Domain Master makes Samba a local browser at startup,
# This gives it more opportunities (election as the Domain Master ).
#
If we have more than two servers, high-level servers will become more popular ",
# Customer opportunities search for a server in a list.
Preferred master =
Yes
#....................................... ........................................ ........................................ ............... #
#
Only when you use an NT/2000 server running in a primary domain controller (PDC) Can you use the following.
; Domain Controller =
<NT-Domain-controller-smbname>
#....................................... ........................................ ........................................ ............... #
#
If you want to use Samba as the "domain login server" of Windows 9x/me workstation, use the following.
Domain logons =
Yes
#....................................... ........................................ ........................................ ............... #
#
If you use "domain login", you must use a login script,
# Every machine or user in the Windows network.

#
The specific login batch processing for each workstation is
; Logon script = % m. bat

# The specific login batch processing for each user is
; Logon
Script =
% U. bat
#....................................... ........................................ ........................................ ............... #
#
Store sporadic profiles (only valid for Win95 and WinNT)
# % L replace the NetBIOS Name of the server, and % u Replace the username
#
If you use it, do not comment out the following profiles sharing.
; Logon Path =
/% Lprofiles/% u
#....................................... ........................................ ........................................ ............... #
#
Windows Internet Resolution Server:
# Wins support-inform nmbd to enable its WINS server.
# The wins protocol converts a machine name to an IP address,
#
It works as DNS in TCP/IP.
; Wins support =
Yes
#....................................... ........................................ ........................................ ............... #
#
WINS server-inform Samba that The nmbd component is a WINS customer.
# The Samba server can be one of them: WINS server or
Wins client,
# But not both of them.
# Here, the wins ip server must be specified.
; WINS Server =
192.168.8.1
#....................................... ........................................ ........................................ ............... #
#
Wins proxy-inform Samba to respond to the name resolution requests of customers without wins capabilities,
# This condition is valid only when at least one WINS server exists in the network.
#
No by default.
; Wins proxy =
Yes
#....................................... ........................................ ........................................ ............... #
#
DNS proxy-Tell Samba whether to resolve NetBIOS Name
# The default value of version 1.9.17 is "yes", which is changed from version 1.9.18 to "no"
#
Here we can tell Samba to use DNS for name resolution or not.
# DNS proxy = Yes
# DNS proxy = No (name
Resolution will be made by using the file LmHosts
)
#....................................... ........................................ ........................................ ............... #
#
If the drive disk to be logged on is not specified, the Z: Unit will automatically log on.
Logon drive =
P:
#....................................... ........................................ ........................................ ............... #
#
When a login occurs, the script is executed:/etc/samba/netlogon/samba. bat
#
And use "netuse" to log on to disk units.
Logon script = Samba. bat

#======================================
Share definitions ============================ #

# Private directories for each user
# Unit
P:

[Homes]
Comment = Home Directories
Browseable = No
Writable =
Yes
Readonly = No
Force create mode = 0700
Create mode = 0700
Force
Directory mode = 0700
Directory mode =
700

# Region #------------------------------------------------------------------------------------------------------------#
#
Temporary File directory
# Unit t:

[TMP]
Comment = tempora files
Path =
/Tmp
Readonly = No
Public = Yes
Writable = Yes
Force create mode =
0777
Create mode = 0777
Force directories mode = 0777
Directory mode =
0777

# Region #------------------------------------------------------------------------------------------------------------#
#
Server CD-ROM
# Unit L:

[CDROM]
Comment = CD-ROM
Path =
/Mnt/CDROM
Public = Yes
Writable =
No

# Region #------------------------------------------------------------------------------------------------------------#
#
Group, according to/home/GRP. name_group
#/Home/user/group is a link of/home/GRP. name_group
#
GRP. name_group permission 770
# Unit G:

[Group]
Comment = directory
Group
Path =/home/% u/group
Writable = Yes
Readonly = No
Force
Create mode = 0770
Create mode = 0770
Force directory mode =
0770
Directory mode =
0770

# Region #------------------------------------------------------------------------------------------------------------#
#
This unit stores application software, installation software, and specialized software.
# The permissions of/net and/NET/install are 755. For example, root is its owner.
#
Unit N:

[Net]
Comment = directory net
Path =/Net
Writable =
Yes
Readonly = No
Force create mode = 0750
Create mode = 0750
Force
Directory mode = 0750
Directory mode =
0750

# Region #------------------------------------------------------------------------------------------------------------#
[Netlogon]
Comment
= Logon services in the Network
Path =/etc/samba/netlogon
Guest OK =
Yes
Writable = No
Locking = No
Public = No
Browseable = Yes
Share
Modes =
No

# Region #------------------------------------------------------------------------------------------------------------#
#===================================================== ================================== #

Final considerations

Samba packages and other tools used on Linux are constantly developing.
It is possible that some of the details mentioned here will be ineffective. In fact, some parameters in Samba Development
The number name changes little in the configuration file and maintains a more optimized structure.

If you find some unknown parameter error information in Samba configuration, you may have two
A simple solution:

* Read the default smb. conf file. Comments are usually provided for the same line, which can provide information about "parameters that may cause problems.
*
Read the samba document, starting from the file that describes the latest version change.