Samba is a file sharing service in linux that uses SMB (Server Message Block) protocol. Both windows and linux support SMB protocols. So this service can be used for file sharing between two linux machines or linux and windows machines. In addition to file sharing samaba can also be used to share printers in network. It can also act as a Domain controller or client in an active directory environment.
Samba runs two daemons, smbd (SMB daemon) & nmbd (Netbios naming daemon). They listen on 4 ports as listed below
Netbios Name Service: netbios-ns 137
Netbios Datagram Service: netbios-dgm 138
Netbios Session Service: netbios-ssn 139
Microsoft Active Directory Service: microsoft-ds 445
The main configuration file of samba is /etc/samba/smb.conf. It contains a number of sections, starting with a section name enclosed in square brackets and containing one or more key/value pair seperated by equal sign.
The [global] section contains settings that are applied server wide. The most common of them are listed below:
workgroup: The name of the windows work group to which this samba server should belong. This name will be shown in a windows machines My Network Places -> Entire Network -> Microsoft Windows Network.
Eg:
workgroup = Linux Shares
We can also set a description about this particular server using (This is optional)
server string = Linuxbox1_WinShare
As part of security measures, you should restrict which networks or machines have access to this share. Here we will allow our local network 192.168.0.0/24 and the local loop.
host allow = 192.168.0. 127.
We can share a directory through samba with the following syntax (minimal)
[sharename]
comment = Comment about this share
path = /path/to/directory/to/be/shared
We can use many other configuration parameters to change the properties of this share, some of them are:
read only = [yes]/[no] :If yes, permits only read access to the share
writable = [yes]/[no] : If yes, data can be written to the share
By default all shares will have read only permission. The above two are actually complements of each other.
bowsable = [yes]/[no] : Whether the share should be visible in when browsing machine resources, set to 'yes' by default.
hide dot files = [yes]/[no] : If yes, hides unix hidden files in windows also. Set to 'no' by default.
In places where you can provide a list of values, separate each value by space.
admin user = admin1 admin2 ..... : Users allowed to act as root (for the share)
valid users = user1 user2 ..... : Users allowed to access the share
invalid users = root nfs mail .... :Users not allowed to access the share.
read list = user1 user2 ..... : Users who have read only permission on the share
write list = user 5 user6 ... : Users who have write permission to the share.
You can grant permission to members of a group instead of a long list of users. If you want to grant write permission on a share to the accounts group members, add the following line to the share section.
write list = @accounts
Samba uses separate user database (when the variable "security = user" is set - default ) stored in /etc/samba/smbpaswd. This database is manipulated by the command smbpasswd. To add a user to samba database, he should be present in the system user database (/etc/passwd). Some useful options of smbpasswd are:
-a : Add a samba user
-x : Delete samba user
-d : Disable samba user
-e : enable samba user
[root@LinuxBox1 ~]#smbpasswd -a safeer
New SMB password:
Retype new SMB password:
Added user safeer.
The share [homes] is a special share which lets the users to access their home directories via samba.
[homes]
browsable = no
writable = yes
The user home directories will not be visible in the browse list, but authenticated users will be able to see their home directory.
[printers] is another special session used to share the printers configured on the samba server. When a request comes for a printer, samba will search the Unix printer capability file (/etc/printcap usually), and automatically use each printers listed in the file. The minimum configuration required for printing is
[printers]
printable = yes
path = /var/spool/samba
printcap name = /etc/printcap
public = no
valid users = user1 user2 user2
If you want to add a separate printer
[hp-accounts]
printable = yes
path = /var/spool/samba/hp-3500
printer = hp-3500
valid users = @accounts
This will create a printer share hp-accounts accessible only by accounts department.
Restart samba service, when smb.conf is changed
[root@LinuxBox1 ~]#service smb restart
No comments:
Post a Comment