Samba installation settings

Samba installation settings-Linux Enterprise Application-Linux server application information. For details, refer to the following section. Network Interconnection between Solaris and Windows
-- Samba Application
Introduction: 1
I. Prerequisites 1
2. installation and configuration of SAMBA on SOLARIS8 2
Iii. Start SAMBA service for SOLARIS 8 system 3
Iv. SAMBA service system management and configuration tools 4
5. WEB Page Management Configuration tool SWAT 5
6. Access SAMBA server from WINDOWS 6
VII. Outlook: 6
Appendix: SAMBA parameter reference directory 6

Introduction:
Today's operating system market is dominated by Unix and Windows. One encroached on the absolute server market, while the other almost swallowed up the entire desktop market. It is often complained that the current file system and network heterogeneity make access between different systems difficult. A common "language" needs to be introduced to explain the communication between heterogeneous systems. This article describes how to use Samba for Solaris to share and print files between UNIX and windows. You can access files on Solaris by network neighbors on a local windows system, print shares, and you can even picture the network drive, which is as convenient as using a local disk. In addition, with the powerful access control of Unix, you can set permissions for different shared directories without worrying that someone will delete your documents, but you can operate them freely.
[Keyword] Samba server shares smb swat service process heterogeneous network interconnection
I. Prerequisites
First, let's introduce what Samba is. Let's take A look at the Samba organization's goal: Opening Windows To A Wider World. Users familiar with Linux may often install the Samba service on Linux to share files and printers with Windows systems. Data transmission between them uses the SMB (Service Message Block) protocol. this is a protocol on the transport layer, so it can support network interconnection between many different Heterogeneous systems (such as Linux, Solaris, and Windows). Samba is able to work, because the SMB protocol imitates the file and print sharing protocols in the Windows Kernel. Microsoft has changed SMB to a public Internet File System (CIFS, Common Internet File System) and intends to design it as a standard protocol for the Internet. To some extent, this is because it wants to keep a certain distance from the initial NetBIOS-based SMB. NetBIOS is a great tool for Windows networks. Microsoft uses NetBIOS to implement a network file/print service system, but it is destined to be unable to be routed for the LAN design.
Samba runs a version of SMB/CIFS, which is largely compatible with most Windows versions. However, whether connected from Windows to Linux or from Linux to Windows machines, the Samba system is always stable for implementing file and print services. We can easily access the UNIX/LINUX server installed with Samba through Windows Network neighbors. (For more documents, see www.samba.org)
2. installation and configuration of Samba on solaris8
1. the system first needs to add a newer EIS, and then download the required software package from www.sunfreeware.com, as shown below:
Libiconv-1.8-sol8-sparc-local.gz
Ncurses-5.4-sol8-sparc-local.gz
Libgcc-3.3-sol8-sparc-local.gz
Readline-5.0-sol8-sparc-local.gz
Popt-1.7-sol8-sparc-local.gz
Samba-3.0.10-sol8-sparc-local.gz
Install the preceding five software packages before installing samba. Run the following command to decompress and install the samba software package;
# Gunzip samba-3.0.10-sol8-sparc-local.gz
# Pkgadd? D samba-3.0.10-sol8-sparc-local
After the installation is complete, go to/usr/local to view the Installed Package samba directory.
2. configuration files
The samba configuration file is/usr/local/samba/lib/smb. conf. This file must be created by yourself and does not exist after installation. You can configure relevant parameters as needed to implement complex or simple access control. Smb. the conf format contains multiple segments. Each segment starts from the segment name until the next segment name. Each segment name is placed in the middle of square brackets. The smb is given below. conf file example.
# More/usr/local/samba/lib/smb. conf
[Global]
Workgroup = UEC
Netbios name = UEC-server
Server string = Samba Server
Log file =/usr/local/samba/var/log. % m
Security = user
Guest account = guest
[Gcp docs]
Comment = this is shared gcp docs
Path =/gcp
Guest OK = yes
Read only = no
Browseable = yes
[John docs]
Comment = this is shared john docs
Path =/john
Guest OK = yes
Read only = no
The [global] segment is a global variable. It sets parameters such as the working group, NetBIOS name, and security parameter security. Except for the [global] segment, all segments can be considered as a shared resource, the segment name is the name of the shared resource, and the parameter in the segment is the attribute of the shared resource. [Gcp docs] and [john docs] are shared directories. Their parameters can be used to set shared directory paths and access control permissions. (For detailed parameters, see the appendix)
3. Start the Samba service of the Solaris 8 System
After the software package is installed, copy the three applications under/usr/local/samba/sbin, nmbd, smbd, and winbindd to/usr/local/samba/bin.
The samba server Service is composed of three daemon,
Nmbd-Netbios name server. This process uses UDP protocol to provide Netbios Name Service and browsing support for processing name registration and Decision-making requests. The process should be started first.
The smbd-SMB server uses the TCP protocol to provide file and print services to SMB customers. It should be started immediately after the nmbd process.
Winbindd-when the Samba server is a member of the windows NT or ADS domain, this daemon is started.
After modifying the configuration file smb. conf, We need to restart these three processes to make the parameter settings take effect.
The following configuration goes to the Automatic startup script. we can write a STARTUP script and add the three processes (note the order of startup ), in fact, we only need to make some modifications after samba has installed a script for starting example.
# Cp/usr/local/samba/doc/samba/examples/svr4-startup/samba. server/etc/init. d/samba. server
# Vi/etc/init. d/samba. server
Put the default two rows/opt/samba/bin/smbd-D-s/opt/samba/smb. conf
/Opt/samba/bin/nmbd-D-l/opt/samba/log-s/opt/samba/smb. conf
Change to three rows
/Usr/local/samba/sbin/smbd-D-s/usr/local/samba/lib/smb. conf
/Usr/local/samba/sbin/nmbd? D-l/var/adm/samba. log-s/usr/local/samba/lib/smb. conf
/Usr/local/samba/sbin/winbindd
# Cd/etc/rc2.d
# Ln-s/etc/init. d/samba. server S99samba. server (Link it to the startup directory)
In this way, the Samba service process will automatically start as the system starts.
Iv. samba service system management and configuration tools
In addition, Samba provides several practical components (in the/usr/local/samba/bin directory ):
Smbclient and SMB client program, used to access Shared resources on SMB servers;
Testprns test the printer access program on the server;
Testparms is a tool that tests the correctness of Samba configuration files;
The smbstatus tool can list connections on the current Samba server;
Smbtree is a tool used to display the tree structure of shared directories.
Smbpasswd is used to set the user password;
Swat samba Web management tool;
These tools are actually very useful. With them, we can better manage and configure the samba server.
The following is an example.
# Cd/usr/local/samba/bin
# Testparms
Test the parameter setting format and whether the attribute is correct.
# Smbstatus
Samba version 3.0.10
PID Username Group Machine
-------------------------------------------------------------------
2502 root UEC uec-gcp (192.168.1.2)
Service pid machine Connected
-------------------------------------------------------
IPC $2502 uec-gcp Mon Sep 12 13:11:31 2005
John docs 2502 uec-gcp Mon Sep 12 12:59:01 2005
Gcp docs 2502 uec-gcp Mon Sep 12 12:58:54 2005
No locked files
# Smbpasswd? A username
Users who add shared resources can also access SWAT, but only have the permission to view the status.
# Smbtree
Password:
WORKGROUP
\ SUN440EN Samba 3.0.10
\ SUN440EN \ ADMIN $ IPC Service (Samba 3.0.10)
\ SUN440EN \ IPC $ IPC Service (Samba 3.0.10)
\ SUN440EN \ john docs
\ SUN440EN \ gcp docs
# Smbclient-L yourhostname.
Displays the shared resources on the samba server.
How does the Samba server use the SMB/CIFS protocol to mimic the NetBIOS protocol of Windows?
Table 4-1 describes the specific service and port usage.
Port service description and Process Used
137 Used for NetBIOS network browsing (nmbd)
138 Used for NetBIOS name service (nmbd)
139 Used for file and printer sharing and other operations (smbd)
445 Used by Windows 2000/XP when NetBIOS over TCP/IP is disabled
901 Used by SWAT (SWAT management tool)
Table 4-1 service port description
5. web Page Management Configuration tool swat
Swat is described separately because it is a gui web page management method, and provides almost all of the parameter configuration, Status view, and other functions. The default SWAT process is not started. We add it to the inet. d daemon.
# Vi/etc/services
Add swat 901/tcp
# Vi/etc/inetd. conf
Add a swat stream tcp nowait.400 root/usr/local/samba/bin/swat
Then restart the/usr/sbin/inetd daemon, where Swat uses the TCP901 port listener and enters the web Management page in browser input: http://x.x.x.x: 901. Of course, we need to get the permission before setting it. 5-1:

-1 swat Management page
This page management tool can configure almost all Samba parameters, improving the ease of use and ease of use of Samba. On the homepage, it also provides help documentation for commands and parameters.
6. Access the Samba server from Windows
After Samba is configured as a document Server, it can be accessed from a windows Network Neighbor. Of course, the Client and Server must be configured in the same LAN segment and Working Group, after entering the user and password, we can access the shared documents and printers. At the same time, we can configure the personal shared directory we need as a network drive. When the network is connected, just like manipulating a local disk. Note: Sometimes the Samba server cannot be seen in the network neighbor, and the Samba server compatibility may be poor. In this case, you can also access the Samba server by searching the computer in the network neighbor. This is much easier than FTP and NFS access. We can also place files on the Samba server by setting up FTP and WWW servers on Windows, which also solves the problem that SMB cannot be routed.
VII. Outlook:
The latest SOLARIS 9 has integrated SAMBA software packages, which makes it easier to use Samba. It also shows the urgency of Solaris and Windows interconnection. The real purpose of the Samba system is to help simplify the challenges in the hybrid operating system environment. For large enterprises, there are huge challenges in accessing shared files and Shared printing. The Samba system aims to change this phenomenon. Moreover, UNIX can be added to an existing Windows domain through the SMB protocol. Implement more complex network management. To some extent, this also provides opportunities for UNIX to enter the desktop market. Samba supports versions on multiple platforms, which provides a solution for compatibility between heterogeneous systems and Windows. Samba Server can also replace NT/2000 PDC (Primary Domain Controller) to become the Primary Domain Controller of NT/2000. Of course, samba can also share directories and files to other Mac and OS/2 machines. The application layer is quite broad. In addition to file Server, Samba can also be used as a WINS Server. The biggest benefit of Wins Server is that it can be used for name resolution in the NT/2000 domain. I believe that with Microsoft, SMB/CIFS will shine on the Internet in the future.
Appendix: samba parameter Reference Directory
1. Global Parameters
1. Basic parameters
Workgroup
Note: this parameter is used to specify the working group to which samba is to be added. If security = domain is set, workgroup can specify the domain name. For example:
Workgroup = UEC
Specify the Working Group as UEC
Netbios name
Note: This parameter specifies the NetBIOS Name of samba. If this parameter is not set, samba will use the first part of the DNS name of the machine. If your machine's DNS name is host1.domain, it will use host1.
For example:
Netbios name = GCP
Specify NetBios name as GCP
Server string
Note: This parameter specifies the machine description in the browsing list, which is the same as the machine description When configuring the network in ms windows. It can be any string. You can also leave it empty. samba will use the default samba % v, that is, samba will follow its version number. However, if you want to imitate NT, you can leave it empty. For example:
Server string = UEC File Server
2. Security Parameters
Security
Note: This is an important security configuration parameter, which has four values: share, user, server, and domain. It defines the basic security level of samba, usually user.
Security = user
This is the default configuration of samba. In this case, users must provide the user name and password for authentication before accessing shared resources.
Securtiy = share
This is almost no security level. Any user can access resources on the server without a user name or password.
Security = server
It is similar to the user security level, but the user name and password are submitted to another SMB server for verification, for example, submitted to an NT server. If the submission fails, the system will return to the user security level. From the perspective of the user end, there is no difference between the server level and the user level.
Security = domain
This security level requires an nt pdc on the network. samba submits the username and password to the nt pdc for verification.
From the perspective of the user end, there is actually no difference between user-level and higher security levels, but the methods for server verification are different, however, all three security levels require users to have system accounts on their Linux machines. Otherwise, it cannot be accessed.
Encrypt passwords
Note: whether to encrypt the password. samba itself can maintain a password file/etc/smbpasswd. If the password is not encrypted, the plaintext password is transmitted between the client and the server during the verification session, samba verifies the password directly with the/etc/passwd password file in Linux. Generally, the application of samba is set to yes: encrypt passwords = yes.
Username map
Note: This parameter allows you to specify a ing between the user name of the client and the user name of the Linux system. The file format is a ing of each line. The ing format is: linux usename = client username... .
For example, root = admin adminstrator
In this way, when the client user is admin or administrator, it is converted to root.
This function is convenient for user management, so that the Administrator does not need to take a big role in the user accounts on the customer or server.
The file name usually uses the default/et/smbusers
Password level
Note: This is intended for SMB customers such as Windows for Workgroup and OS/2. When a system such as WFW sends user passwords, the password is converted to uppercase and then sent, which is inconsistent with the samba password. This parameter can be used to set the number of uppercase letters allowed in the password, in this way, samba reassembles the received passwords based on the number, and then tries to verify the correctness of the passwords. The larger the value, the more combinations, the longer the verification time, and the lower the security!
Guest account
Note: This parameter specifies the username of a guest-level account, which can be nobody or ftp. A guest-level user can access a given guest service without a password.
Host allow
Note: This parameter specifies which machines can access samba, for example, host allow = 192.168.1. 127.
All machines in 192.168.1.0 can be accessed.
If you do not allow access from a machine in the subnet, you can set host allow = 192.168.1. ipvt 192.168.1.33 as follows:
Disable access to 192.168.1.33
Host deny
Note: The opposite of host allow is to specify those machines that cannot be accessed. The format is the same.
3. logging parameters
Log file
Note: This parameter specifies the name of the log file. The path is usually stored in/var/log/samba, you can add a macro % m after the file name to record a log file for each machine accessing samba.
For example, log file =/var/log/samba/log. % m,
If the host host1 and host2 have accessed samba, the log files log. host1 and log. host2 are left.
Max log size
Note: This parameter specifies the maximum log file size, in KB.
For example, max log size = 50 k
4. Protocol Parameters
Announce version
Note: The declared version number of the specified Server. The default value is 4.2. If you view the attributes of the samba Server in the network neighbor of WINDOWS, you can see the words Windows NT 4.2 Server in the type line. Generally, do not change it. If you want samba to simulate NT like a bit, you can change it to 4.0.
5. Computer browsing Parameters
OS level
Note: The OS level value is an integer, which determines whether nmbd has the opportunity to become the local master browser in the Working Group of the local broadcast area. The default value is zero, which means that nmbd has no browsing options. If you want nmbd to have a better chance of becoming the local host browser, you can set it to 65.
Preferred master
Note: This parameter specifies whether nmbd is the primary browser in the Working Group. If yes is specified, nmbd forces a browser selection when it is started. If this parameter is set to yes, it is best to specify domain master as yes. When using this parameter, note that if another machine (whether windows nt or another samba server) is specified as the primary browser on the subnet where the samba server is located, these machines broadcast on the network because they compete for the main browser, causing unnecessary network performance degradation.
Local master
Note: This parameter specifies whether nmbd tries to become the local host browser. The default value is yes. If it is set to no, the samba server will never become the local host browser. However, even if yes is set, the samba server becomes the main browser. Only participate in the selection of the local host browser.
Domain master
Note: This parameter makes nmbd a domain browser, obtains the browsing list of each local host browser, and submits the browsing list of the entire domain to each local host browser. The default value is no. If there is already an nt pdc on the network, do not set this parameter to yes, but it cannot compete for nt pdc.
In addition, if you are not very clear about the computer browsing service, you can refer to NT network management materials.
6. Shared Resource setting parameters
Comment
Description: it refers to the description of sharing, which can be any string.
For example, comment = Share Stuff.
Path
Note: path is the path to provide shared services. You can use a macro such as % u % m to replace the Netbios Name of unix users and clients in the path.
For example, if we do not want to use the home segment as the customer's share, but create a directory for each Linux User under/home/share/as the shared directory with his/her username, in this way, the path can be written as: path =/home/share/% u ;.
When a user connects to the shared object, the specific path will be replaced by the user name. Note that the path of the user name must exist. Otherwise, the client cannot find the network path during access. Similarly, if we do not divide directories by users, but by dividing directories by clients, we will create a path with its netbios name for each machine on the network that can access samba, as the shared resources of different machines, you can write path: path =/home/share/% m as follows.
Writeable
Description: whether the shared path can be written. The value is yes or no.
Browseable
Description: whether shared items can be viewed. The default value is yes.
Available
Description: whether the shared resource is available. The default value is yes. If it is set to no, the shared service of the resource is disabled and the user cannot connect to the resource.
Exec and postexec
Root preexec and root postexec
Note: It specifies that a command is executed on the server when the user and the shared resource are connected or disconnected. These two parameters are useful. The difference is that root preexec and root preexec run with root permissions.
Some special printing parameters are also described as follows:
Load printers
Specify whether to automatically load all the printers in the printcap file when samba is started, so that all the printers can be viewed in the browsing list. The default value is yes.
Printable
Whether the user can print the data. The default value is no. To make a print share available to the user, the value must be set to yes.
Print name
Printer name
Printer driver
The driver type of the printer. This parameter allows WINDOWS to know the type of the remote printer. For specific values, see the printer type when selecting the printer type when installing the printer in WINDOWS. For example, the Espon LQ1600K printer:
Printer driver = Espon LQ-1600K
These are some common configurations of samba. Through these configuration parameters, we can establish a file server for general applications. Although many parameters are not mentioned, samba can use the default value.
Start samba. You can start samba with/usr/sbin/samba start or ntsysv.
Ii. samba advanced Parameters
The following describes the configuration of some advanced parameters. If these parameters are used properly, samba can be applied more flexibly on the network.
1. Macro
Some parameters mentioned in the basic configuration can be followed by % u and % m. This is a macro defined in samba. The macro is represented by a character after the percent sign, the actual parameters are used in actual operations. Common macros are:
% S = current service name
% P = root path of the current service
% U = User Name of the current service
% G = Name of the master workgroup where the given % u is located
% H = The Home Directory of the given % u
% V = Samba version number
% H = Host Name of the machine running Samba
% M = client NETBIOS Name
% L = server NetBIOS Name
% T = current date and time
Flexible application of macros allows you to easily manage complex networks.
2. Some common advanced configuration parameters
2.1 global Parameters
Config file
Note: this parameter is a global parameter that allows you to overwrite the default configuration file with another configuration file. If the file does not exist, this parameter is invalid. This parameter is very useful and makes samba configuration more flexible. It allows a Linux server to simulate multiple NT servers with different configurations to meet different requirements.
For example, if you want a machine on the network named host1 to use its own configuration file, configure an smb name for host1 under/etc. conf. host1 file, in the default smb. add this line to conf:
Config file =/etc/smb. conf. % m
In this way, when host1 requests a connection, smb. conf. % m is replaced with smb. conf. host1. For host1, the samba that it sees is composed of smb. conf. host1 defined. Other machines still use smb. conf.
Deadtime
Note: The value of this parameter is an integer in minutes. It is used to disconnect an inactive connection. When the inactive time of a connection that does not open any file exceeds the time specified by datetime, samba will automatically disconnect the connection. This parameter can save the server's resource consumption, especially when a large number of connections exist. The default value is zero. Zero indicates that samba does not automatically disconnect any connection.
Time server
Note: This parameter makes nmbd a time server for ipvs customers. The default value is no.
2.2 share resource parameters
Admin users
This parameter is used to grant users the Administrator permission to share resources, meaning that these users can perform all file operations like root, of course, only limited to this shared resource. This option should be used with caution, because any such user can operate the files on the shared file at will. The default value is admin users = no.
For example:
Admin users = Su_27
Then Su_27 is the administrator of the shared resource.
Valid users
Description: a valid user of a shared resource, that is, the user who is allowed to access the resource.
Example: valid users = user1, user2
User1 and user2 are valid users.
Invalid users
Description: opposite to valid users, it specifies that users cannot access this shared resource.
Max connections (S)
Note: specify the maximum number of connections to a service. If the number of connections to the service reaches the specified value, the new connection request will be rejected.
Example: max connections = 100
Maximum number of connections is 100
The above are some advanced configuration parameters for samba, but there are many samba parameters, such as file creation permission setting, code page, and file name Case sensitivity. For details, refer to the samba official documentation.