General thread: Samba introduction part 2

Article Title: General thread: Samba introduction part 2. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Compile, install, and configure Samba for your environment
　　
Daniel Robbins
President/CEO, Gentoo Technologies, Inc.
　　
Content:
　　
　　
Download Samba
Compile and install
Configuration Server
Security Options
Test sharing
Create User
Final configuration
Start Samba
Configure the client
Test
Next time
References
About the Author
　　
In his previous article, Daniel introduced the use of Samba. Now it's time to run it on the system. In this article, he will guide you through compiling, installing, and initial configuration of Samba (version 2.0.7) so that it can be used in your environment.
　　
Download Samba
Download Samba 2.0.7 or later from the Samba.org website (see references later in this article ). Select the nearest image site and click the \ "download \" (download) link. Now we are preparing to download the source code. You can find the correct link in the section next to the \ "Download \" title in the middle of the page. This is because it is easy for people to miss this section, so they do not know which link to click.
　　
Installation instructions:
To compile Samba from the beginning, you can choose to install Samba from a binary package (for example, RPM provided together with the Linux release. Of course. But as I mentioned in the previous article, if you do this, the file location is slightly different from the one referenced here.
　　
After you download Samba 2.0.7 or later, you can decompress it to the directory you selected. Enter:
　　
% Tar xzvf samba-2.0.7.tar.gz
　　
A samba-2.0.7 directory will be created. Cd to it, and then view the content it contains. First, pay attention to the docs directory. In this directory, you can see another directory called textdocs. Texdocs contains the entire Samba document set. DIAGNOSIS.txt is the most important file in the textdocs directory. If you encounter some problems when using the corresponding Samba operation, it will guide you through the one-step troubleshooting process. We will introduce some diagnostic procedures mentioned in this file, but not all.
　　
Compile and install Samba
Pay attention to the sources directory in the main samba-2.0.7 directory. In sources, you can find a well-designed configuration script designed to correctly create all makefiles. Like all other configuration scripts, to obtain a list of configuration options, enter:
　　
$./Configure -- help
　　
You can direct the output to \ 'more \ 'to view all the options:
　　
$./Configure -- help | more
　　
Note the directory and file name options. Pay attention to the installation location of each file. the default installation path is/usr/local/samba. You can change it to/usr/local by passing the \ "-- prefix =/usr/local \" option during Samba configuration. For example, I will use the following path settings:
　　
$./Configure -- prefix =/usr/local -- localstatedir =/var/log -- sysconfdir =/etc
　　
The above configuration options will cause the default tree of Samba except the configuration file to be in/usr/local. Samba searches for these files in/etc, and the log files are usually in/var/log. If you omit these configuration options, you can find all the files in the/usr/local/samba (/usr/local/samba/var,/usr/local/samba/etc) directory.
　　
Now you can start compiling. After running the configuration, enter:
　　
$ Make
　　
After compilation, run the following command as root to install the software:
　　
# Make install
　　
Configuration Server
The configuration usually starts and ends from the smb. conf file. This is the main configuration file of Samba. It has many different configuration options. To avoid confusion, we will only introduce the options that are essential for proper Samba operations. First, find the location of smb. conf. If you use the configuration options I specified above, put smb. conf in/etc. If the default path is used, Samba searches for it in/usr/local/samba/etc. To get started, cd to the corresponding directory, start your frequently-used text editor, and enter the following lines. I will provide some comments at any time to help you understand the role of each option. Add the following lines to the smb. conf file:
　　
[Global]
Workgroup = YOURWORKGROUP
Security = user
Encrypt passwords = yes
Guest account = guest
　　
The first line tells Samba that the options are placed in the \ "global \" section. There are many options that can only be defined in this section. These options control the overall behavior of Samba.
　　
The second line tells Samba the name of the Windows workgroup it will create. Replace YOURWORKGROUP with the name of your workgroup.
　　
On the third line, we told Samba to run in a user-level security mode. This option will cause Samba to notify all connected Windows clients that they need to provide a valid combination of usernames and passwords to access any network resources. This is definitely a good solution. User-level security is the most common security level for Samba, because it is the best solution for most file sharing scenarios. However, other security levels can also be used. There is a convenient way to tell Samba to authenticate all users based on the existing Windows NT or 2000 Server security database. This method is not described in this article. For more information, see the \ "security \" (security) option on the smb. conf homepage.
　　
Now it's the fourth line. Here, we tell Samba and Samba to exchange passwords encrypted. Generally, you always want to run Samba in encrypted mode unless all clients are very old (such as machines in the Windows for Workgroup era ). The support for encrypted passwords does allow Samba to require its own password files in addition to the standard Unix password database. If you do not think that the encrypted password is better, you can avoid maintaining two password files. do not do this! If you do not use an encrypted password, the sharing problem may occur in Windows 2000 and earlier versions of Windows NT 4.0. If you really want to avoid maintaining two separate databases, Samba provides several methods to synchronize the two databases, which is a good method.
　　
The next row specifies a valid Unix user account for guest access. People usually use \ "guest account = nobody \". Therefore, if you do not have such a user, we recommend that you add a user literally \ "guest \" to the system. You do not need to set a password for the new \ "guest \" account and do not need to log on in interactive mode. (You can also use a password and a valid default shell to configure guest .)
　　
Now, we can add the WINS support option to smb. conf. You need to add one of the following two rows to the global section:
　　
Wins support = yes
　　
Or
　　
Wins server = IP address of the WINS server
　　
If there is already a WINS Server in the current subnet (for example, Windows NT Server running WINS), you need to use another option and specify the name of the WINS Server on the right of the equal sign. In this way, the internal WINS service of Samba is disabled and the specified WINS server is used.
　　
If no WINS server is running in the subnet, or you set Samba at home, you do not know the exact WINS server, you need to use the first option. It will notify Samba to make it a WINS server on the LAN.
　　
You must know what WINS is. Basically, we can regard WINS as a local dynamic DNS database. When Samba runs as a WINS server, every Windows-compatible machine on the same subnet registers its IP address and NetBIOS name (also known as "Computer Name") with Samba "). This allows Windows machines to use the WINS database of Samba to request the IP address of a specific NetBIOS name. WINS is a key component for network browsing. when you look around in a "network neighbor" on a Windows machine, the behavior is a kind of network browsing.
　　
Now you can add more options to the global section:
　　
Local master = yes
OS level = 99
Domain master = yes
Preferred master = yes
　　
Now let's start with a one-to-one explanation. All these options are related to network browsing. I have mentioned that WINS is a key component for web browsing, but to make the browsing run correctly, another element is required. You must have a local master browser. It sounds strange, right? Further explanation is required.
　　
For normal browsing, some central locations are required to store records of machines and working groups on the local subnet. This special list is called a Browsing list. The browsing list is used to build a list of working groups, domains, and machines that you see when you click "network neighbors" for the first time. Any modern Windows machine can become the local host browser. Ideally, we want Samba to be the local main browser on the network.
　　
How is this implemented? Basically, there will be several strong Windows-compatible machines on the subnet that regularly pass back and forth information packets over the LAN, trying to determine who will become the local host browser, use this method to understand the situation. This process is called "browser election ".
　　
Be a generous person
Do not use Samba to beat Windows in all browser elections as a reason to make fun of Microsoft administrators in your organization. Remember, it is important to be a moral winner.
　　
Finally, the "winner" in the broadcast information package war will become the main browser. We can win Samba by using option OS level = 99, which can defeat all other machines on the LAN. This is because each version of Windows (from Windows 95 to NT and then to 2000) has a hard-coded OS level, and the highest version of Windows becomes the local host browser (the newer the Windows version, the larger the number ). Setting Samba to 99 can make it defeat all Microsoft products and make it become the master browser each time.
　　
Security Options
Before ending the global section, there are some security options that you may be interested in. The \ 'allow \ 'option of the host allows you to restrict the IP address connected to Samba:
　　
Hosts allow = 192.168.1. 127.
　　
Except localhost 127, this option only allows machines in the 192.168.1 network to connect to Samba. Make sure that there is a 127 value at the end of the hosts allow line.
　　
Interface options are particularly useful when the machine happens to have multiple network interfaces. It allows you to specify the network interface on which Samba can be used. The usage is as follows: