Chapter 14 Samba File and Print Server Administration

  Table of Contents

  Glossary

  Index

The Samba File and Print Server consists of the following three daemons, each listening on its own port:

The Samba server daemons read the smb.conf configuration file (installed in the /usr/local/samba/lib/ directory) to determine how to authenticate users and how to serve UNIX files and print queues to PC clients.

Enabling and Disabling the Samba Server

To control the Samba server, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Samba Server.

  3. From the Samba Server Administration menu, choose Enable/Disable the Samba Server.

    The Start/Stop the Samba Server form shows the current status of the Samba server.

  4. If the server is currently running, you can stop it by clicking on Disable.

    If the server is currently stopped, you can start it by clicking on Enable.

Options for Modifying the smb.conf Configuration File

There are two methods to modify the smb.conf configuration file:

  • Use a text editor to modify the file – See Section : Understanding the smb.conf Configuration File for a description of the smb.conf file included with Internet Express.

  • Use the Samba Web Administration Tool (SWAT) – This program allows the Samba administrator to configure the smb.conf configuration file through a Web browser. Section : Configuring the Samba Server Using the SWAT Program describes how to use SWAT.

    Note:

    Because SWAT has limited functionality and cannot be used to set all options in the smb.conf file, it might be necessary to edit the file directly.

    If you decide to configure Samba by editing the smb.conf file, do not use SWAT, because SWAT will cause the configuration file to be overwritten, losing any values in smb.conf that are not among those that SWAT is capable of configuring.

Before modifying the Samba server configuration provided by Internet Express, read the Samba documentation in /usr/internet/docs/samba and the Samba reference pages (see the Internet Express Reference Pages).

Understanding the smb.conf Configuration File

Example 14-1 shows the smb.conf file supplied with Internet Express.

Example 14-1 Samba Server Configuration File

; Configuration file for smbd.
⋮
[global] 1
   workgroup  WORKGROUP
   domain master  yes
   local master  yes
   preferred master  yes
   printing  bsd
   printcap name  /etc/printcap
   load printers  yes
   guest account  nobody
   browseable  yes
   wins support  true
   hosts allow  domain_name

;  This next option sets a separate log file for each client. Remove
;  it if you want a combined log file.
   log file  /usr/local/samba/log. 2

; You will need a world readable lock directory and "share modes=yes"
; if you want to support the file sharing modes for multiple users
; of the same files.
;  lock directory = /usr/local/samba/var/locks 3
;  share modes = yes

; UNIX login names and passwords are used for access control.
   security = user 4

   hide dot files = yes 5
⋮
   case sensitive = no 6
   default case = lower
   preserve case = yes
   short preserve case = no
   mangle case = no

[homes] 7
   comment = Home Directories
   public = no
   browseable = no
   read only = no
   create mode = 0750

[printers] 8
   comment = All Printers
   path = /var/tmp
   browseable = yes
   printable = yes
   public = no
   writable = no
   create mode = 0700

As shown in Example 14-1, the Samba server configuration file provided with the Internet Express kit specifies the following:

1

If you use a workgroup other than Workgroup (the default workgroup name), replace the value of the workgroup option with your workgroup name.The domain master option causes the Samba server to act as the domain master browser. The role of a domain master browser is to collate the browse lists from local master browsers on all the subnets that have a machine participating in the workgroup. The local master option allows Samba to act as a local master browser. The preferred master option causes the nmbd daemon to force a browser election on startup. For more information on domain masters and browsing, see /usr/internet/docs/samba/Browsing.txt.The printing, printcap name, and load printers options configure the Samba server to allow all printers on the Tru64 UNIX system configured with the normal BSD printing mechanism to be used by the Windows clients.When you install the Samba server, the installation procedure sets the hosts allow option to the name of your DNS domain.
2

A separate log file will be maintained for each client. To create a log file that combines all clients, remove the log file line from the Samba server configuration file.

3

To support the file-sharing modes for multiple users of the same files, remove the comment character in front of the following lines:

lock directory = /usr/local/samba/var/locks
share modes = yes

If you are using a directory other than /usr/local/samba/var/locks, specify the full path of your lock directory instead.

4

When you set security to user, UNIX login names and passwords are used for access control. That is, the Samba server will use the authorization mechanism provided by the operating system. Therefore, the user name and password used to log into the user's PC must be the same as the user name and password used to log into the UNIX system.[1]

The Samba server (as configured by Internet Express) does not support encrypted passwords. To enable clear text password handling on a Windows 2000 or Windows NT Version 4.0 Service Pack 3 system (or later), you must edit the Registry, as follows:
  1. Run regedt32.exe and locate the following key entry:

    HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\
  2. Add the following value:

    EnablePlainTextPassword:REG_DWORD1
Alternatively, use the appropriate registry file such as NT4_PlainPassword.reg or the Win2000_PlainPassword.reg file in the /usr/internet/docs/samba/Registry/ directory (either by double clicking on it, or run regedt32.exe and select Import Registry File from the Registry menu). For a complete explanation of this and other issues about using the Samba server with a Windows NT system, read /usr/internet/docs/samba/textdocs/WinNT.txt.To enable clear text password handling on a Windows 98 system or a Windows 95 system with the VRDRUPD.EXE update, you must edit the Registry as follows:
  1. Run regedit.exe and locate the following key entry:

    /HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/VxD/VNETSUP
  2. Create a new DWORD value, EnablePlainTextPassword and set its value to 1.

Alternatively, use the Win95_PlainPassword.reg file in the /usr/internet/docs/samba/ directory (either by double clicking on it, or run regedit and select Import Registry File from the Registry menu). For a complete explanation of this and other issues regarding using the Samba server with a Windows 95 or Windows 98 system, read /usr/internet/docs/samba/Win95.txt.When you set security to server, the Samba server looks for passwords on a remote server (such as a Windows NT server). Specify the name of one or more password server systems using the password server option.
Note:

If you want to allow handling of encrypted passwords on Windows 98 or Windows NT clients, the Samba server must maintain its own password database. (See /usr/internet/docs/samba/htmldocs/ENCRYPTION.html for instructions on how to create the password database.)

5

When hide dot files is set to yes, hidden files on the UNIX system are not displayed in PC client applications (such as Explorer).

6

Internet Express configures the Samba server to preserve case in file names. The name of a file should appear exactly the same on either the UNIX system or the PC, regardless of which system you used to create the file.

When case sensitive is set to no, older versions of Windows and DOS applications will work correctly; however, files with names that are identical except for case cannot be distinguished. If you set case sensitive to yes, file names are case sensitive, but you might encounter problems with older Windows and DOS programs.
7

The options in the [homes] section enable users to see their home directory as a share when they connect to the Samba server. Each user sees only his or her home directory.

8

As specified in the [printers] section, each printer that is available on the UNIX system is also available to PCs connected to the Samba server, represented by the same queue name on both systems.

For more information on how to configure the Samba server, see smb.conf(5).

For more information on the Samba server daemons, see nmbd(8) and smbd(8). A complete listing of the Samba server reference pages installed by Internet Express is given in the Internet Express Reference Pages.

Administering the Samba Server Using the SWAT Program

To administer the Samba Server using SWAT, choose Manage Components from the Administration menu, then choose Samba Server. Figure 14-1 shows the Samba Server Administration Menu.

Figure 14-1 Samba Server Administration Menu

Samba Server Administration Menu

From the Samba Server Administration Menu, you can perform the following tasks:

Configuring the Samba Server Using the SWAT Program

The first time your browser connects to SWAT, you will be prompted for a user name and password. This user name must be a user on the UNIX system that has read and write access to /usr/local/samba/lib/smb.conf. As installed, the iass user has the required access. Be careful in using SWAT from remote locations since the user name and password are transmitted in clear text across the network from the browser to the server. For this reason it is preferable to use the iass user name rather than root. If you specify the name of a user who has read but not write access to smb.conf, SWAT will be able to display the current values but will not be able to modify them.

The smb.conf file is a configuration file for the Samba suite. This file consists of several sections and parameters. Each section describes a shared resource, known as a share. The special sections include Global, Homes, and Printers.

When you select Configure the Samba Server, the Home menu shown in Figure 14-2 displays.

Figure 14-2 Configure the Samba Server Menu

Configure the Samba Server Menu

From the Configure the Samba Server menu, you can perform the following tasks:

Configuring Global Variables

Parameters set in the Global section apply to the server as a whole, or are defaults for sections that do not specifically define certain items. When you select Globals from the Configure the Samba Server menu, the Global Variables page displays. Use this page to set the global parameters, in categories such as the following:

  • Base Options

  • Security Option

  • Logging Options

  • Printing Options

  • Filename Options

  • Browse Options

  • WINS Options

By default, the Global Variables page shows the Basic View of the global variables. To view a more complete list of global parameters, select the Advanced View option.

For all parameters shown on the Global Variables page, there is a Help option, which, when selected, goes directly to the corresponding section in the smb.conf(5) reference page.

Configuring Share Parameters

This page allows you to set parameters relating to shares. By default, the Share Parameters page shows the Basic View of the settings. To view a more complete list of parameters, select the Advanced View option.

To set parameters for shares, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Samba Server.

  3. From the Samba Server Administration menu, choose Configure the Samba Server.

  4. Click on the Shares icon. The Share Parameters form displays.

  5. Use the Choose Share drop-down box to select the specific share that you want to modify.

  6. Set the values for each of the parameters by either specifying a value or by selecting a choice from a drop-down box.

For all parameters shown on the Shares page, there is a Help option, which, when selected, goes directly to the corresponding section in the smb.conf(5) reference page.

Controlling Printers

This page allows you to set parameters for printers. By default, the Printer Parameters page shows the Basic View of the settings. To view a more complete list of parameters, select the Advanced View option.

To set parameters for shares, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Samba Server.

  3. From the Samba Server Administration menu, choose Configure the Samba Server.

  4. Click on the Printers icon. The Printer Parameters form displays.

  5. Use the Choose Printer drop-down box to select a specific printer. The drop-down box lists printers specified in the local host's printcap file.

  6. Set the values for each of the parameters by either specifying a value or by selecting a choice from a drop-down box.

For all parameters shown on the Printer Parameters page, there is a Help option, which, when selected, goes directly to the corresponding section in the smb.conf(5) reference page.

Viewing the Status of the Server

The Status page identifies the current state of the server, including the following information:

  • Whether the smbd and nmbd daemons are running

  • A list of all active connections, identifies by process ID (PID)

  • A list of all active shares

  • A list of all open files

By default, server status refresh is disabled. To select an updated of server status at regular intervals, specify a Refresh Interval, then click on the Auto Refresh button.

Viewing the Current Configuration

Selecting View from the Configure the Samba Server menu displays the Current Configuration page. This page shows the Samba configuration file, smb.conf, as created using the SWAT program.

By default, this page displays Normal View, which displays the values that differ from the defaults. To view all the values, including the default values for parameters that are not in the smb.conf file, click on the Normal View button.

Administering Passwords

The Password page allow you to manage passwords used for SMB sessions. There are two sections:

  • Server Password Management—Changes the SMB password on the local machine.

  • Client/Server Password Management—Changes the SMB password on a remote machine, such as a Windows NT Primary Domain Controller.

The information entered on the Password page communicates with a locally running smbd.

To set SMB passwords on the Server Password Management page, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Samba Server.

  3. From the Samba Server Administration page, choose Configure the Samba Server.

  4. On the Configure the Samba Server page, click on the Password icon. The Server Password Management form displays.

  5. If you have Samba administrator privileges, you can modify the User Name field.

  6. If you are modifying a password for an existing user, enter the current password in the Old Password field, then enter the new password in the New Password field and in the Retype New Password Field.

  7. Click on the Change Password button.

To set SMB passwords on the Client/Server Password Management page, follow the previous steps. There is one additional field that you can fill in, Remote Machine. The value entered for Remote Machine is the NETBIOS name of the Samba Server to contact to attempt to attempt the password modification. The name entered is resolved into an IP address using the name resolution mechanism used by programs in the Samba suite.

For more information on Samba password management, see the smbpasswd(5) reference page.



[1] Windows NT and Windows 2000 allow users to enter an alternate user name and password if a connection cannot be established using the UNIX user name and password.