• S.A.C.T. - Samba Automated Configuration Tool - Version 1.20

    by
    jdmcdaniel3
    Published on 10-Mar-2013 14:23  Number of Views: 11774  
    11 Comments Comments
    SCREENSHOTS - MAIN MENU:



    I have written a new tool to Setup and Configure Samba which should work on all present supported versions of openSUSE and specifically to work with the new openSUSE 12.3 release.



    S.A.C.T. supports the complete and automatic configuration of Samba for use by anyone not familiar with just how to setup Samba the first time to get it to work properly. You should run this setup once on a new system. You need to manually install the samba-doc file from YaST on an existing setup if you are not going to run this S.A.C.T. installation option.



    The three Primary Help Documents included with Samba (samba-doc is required) can be viewed in PDF format or in HTML format in your default Web Browser.



    S.A.C.T. Has a new Status and testing Menu with smb and nmb log file viewers.



    As you make Samba Configuration Changes, you can then Start, Stop, Restart and Check Status of the nmb and smb services at will.



    And Finally, S.A.C.T. provides an easy way to create, view and edit the Samba User Database.



    What do you see from the desktop to start S.A.C.T.? Here, I select the S.A.C.T. icon in my desktop folder and pick option 5 to edit my smb.conf file. It is just that easy to use.

    DOWNLOAD the S.A.C.T. Bash Script:

    You can obtain the raw bash script from SUSE Paste at the following link:

    S.A.C.T. - Samba Automated Configuration Tool - Version 1.20

    Open the above Link in a new Tab. Select the Download option in the top right and then select Open With Kwrite or other text editor and then save the bash script text file as ~/bin/sact. It is possible to directly download sact using the following terminal command (You must delete or remove the old version first):

    Code:
    rm ~/bin/sact
    Code:
    wget -nc http://paste.opensuse.org/view/download/60035 -O ~/bin/sact
    This script must be marked executable to be used. Please run the following Terminal command:

    Code:
    chmod +x ~/bin/sact
    It is even possible to string all three of these commands together as one which is Highly Recommended for you to use! Copy the following command, open up a terminal session, paste it in and press enter:

    Code:
    rm ~/bin/sact ; wget -nc http://paste.opensuse.org/view/download/60035 -O ~/bin/sact ; chmod +x ~/bin/sact
    To use sact, open up a terminal session and type in the command:

    Code:
    sact
    When S.A.C.T. is first run, it creates both a Desktop and Program icon for you, used to run S.A.C.T.



    SMB and NMB Services:

    The smbd (Server Message Block) daemon provides file sharing and printing services to Windows & Samba clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol. The default ports on which the server listens for SMB traffic are TCP ports 139 and 445. If smb is not working, you will be unable to find any PC's, including your own PC, sharing resources on your local network.

    The smbd daemon is controlled by the smb service.

    The nmbd (NetBIOS Message Block) daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows-based systems. These systems include Windows 95/98/ME/7/8, Windows NT, Windows 2000, Windows XP, LanManager and Samba clients. It also participates in the browsing protocols that make up the Windows Network Neighborhood view. The default port that the server listens to for NMB traffic is UDP port 137. If nmb is not working and smb is working, you can find other PC's on the network, but no one can find your PC on the network. If smb and nmb are working, you should be able to find what your PC is sharing. Use the S.A.C.T. main menu option six to create a /home sharing icon for your PC on the same PC to see if it is sharing /home properly.

    The nmbd daemon is controlled by the nmb and smb services.

    HOSTNAME:

    To locate your PC on your network, you look for the hostname you have provided. For Samba, you can have a separate name, set in your /etc/samba/smb.conf file or, remark out that line there and use the original hostname as setup in your openSUSE installation, which is recommenced. To see what your actual Computer Name will be, as set by openSUSE during the installation, open up a terminal session and type in the command:

    Code:
    hostname
    To Actually Change the PC name (For this Session Only), open up a terminal session and type the command:

    Code:
    sudo hostname new_name
    Where you substitute the actual PC name you want to use in place of the name new_name. To make a permanent change to your hostname, that is persistent after you reboot, you can do this. Open up a terminal session and enter the following commands:

    Code:
    su -

echo "new_hostname" > /etc/HOSTNAME

hostname -F /etc/HOSTNAME
    Your PC will now have a new hostname that will persist even after a restart of your PC. It is not recommended (or needed) that you set a hostname in your /etc/samba/smb.conf and use the same name in your openSUSE network configuration. You can use a different hostname for Samba and openSUSE, but I am not sure why you would want to do that. You can change the hostname in YaST as well:

    Go to YaST (enter root password) / Network Devices / Network Settings / Hostname/DNS Tab / and enter Hostname, press OK when complete.

    What Can You Find Using Samba?

    The Samba Setup option then creates a SMB browser icon for you as well:



    And When Selected, it will open up a File Browser showing the hostnames of your Samba Compatible Shares:



    Samba Configuration:

    When you elect to setup Samba for the first time, S.A.C.T. creates a default Samba configuration file called smb.conf and located in the folder named /etc/samba as follows:

    Code:
    # smb.conf is the main Samba configuration file. 
# You find a full commented version at 
# /usr/share/doc/packages/samba/examples/smb.conf.SUSE 
# if the samba-doc package is installed.
# Samba config file created using SWAT 
# from $netbios_name (127.0.0.1)
# Date: $(date)

[global]
  workgroup = $Workgroup
#  netbios name = $netbios_name
  passdb backend = tdbsam
  name resolve order = bcast host lmhosts wins
  server string = ""
  printing = cups
  printcap name = cups
  printcap cache time = 750
  cups options = raw
  use client driver = yes
  map to guest = Bad User
  local master = yes
  os level = 33
  usershare allow guests = Yes
  usershare max shares = 100
  usershare owner only = False

[homes]
  comment = Home Directories
  valid users = %S, %D%w%S
  browseable = No
  read only = No
  inherit acls = Yes

[printers]
  comment = All Printers
  path = /var/tmp
  printable = Yes
  create mask = 0700
  browseable = No
  guest OK = Yes

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/drivers
  write list = @ntadmin root
  force group = ntadmin
  create mask = 0664
  directory mask = 0775
    Folder Sharing Other than /home:

    Your /home folder can not be browsed by default in a file manager. For two or more PC setups using S.A.C.T., see the S.A.C.T. main menu option two to create a /home browse icon you must enter a password to use. To Allow the sharing of a common folder(s) for all users, not requiring a password (from openSUSE as Windows will normally ask for a password), you might make the following addition at the end of your /etc/samba/smb.conf file as follows:

    Code:
    [Windows]
    path = /windows/C
    read only = No
    acl check permissions = No
    inherit acls = Yes
    guest ok = Yes
    profile acls = Yes
    use sendfile = Yes
    Make sure to use your actual folder name to share in place of my example folder named /windows/C. I might use the following chmod terminal command on the Windows folder shown here to allow full user access:

    Code:
    sudo chmod 777 /windows/C
    Consider that the /etc/fstab file entry will allso effect the ability of any user to read and write to this folder. Have a look at the suggested mount options for a NTFS folder in my fstab file:

    Code:
    /dev/disk/by-id/ata-Hitachi_HDS5C3020ALA632_ML0220F30MGP7D-part2        /windows/C             ntfs-3g    defaults,noatime                      0 0
    Your partition or device name name will likely not be the same as mine, but note the mount options of defaults,noatime that I have used to allow all users to use this partition. When you modify the /etc/samba/smb.conf configuration file with the edit option from the main menu, make sure to restart the smb/nmb services for the changes to take effect. In general do not modify the fstab entry for anything mounted inside your /home partition. For fstab changes to take effect, you can restart openSUSE or open up terminal and run this command:

    Code:
    sudo mount --all
    ADDED SECURITY:

    For added security in using Samba on your home or small network, a couple of added parameters can help insure no communications from outside your local network subnet will be allowed. These next values shown will be added under the Global section (the first group at the top of your /etc/samba/smb.conf file) as:

    Code:
    hosts deny = ALL
hosts allow = 192.168.0.0/255.255.255.0, 127.0.0.1
    In this example, the local subnet is 192.168.0 as determined by the 255.255.255.0 plus we are allowing the localhost by adding in 127.0.01 and the first statement of hosts deny = ALL, means if you are not in the host allow list, you are being denied, by default.

    hosts deny (S)

    The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the allow list takes precedence.

    In the event that it is necessary to deny all by default, use the keyword ALL (or the netmask 0.0.0.0/0) and then explicitly specify to the hosts allow = hosts allow parameter those hosts that should be permitted access.

    Code:
    Default: hosts deny = # none (i.e., no hosts specifically excluded)
    Code:
    Example: hosts deny = 150.203.4. badhost.mynet.edu.au
    hosts allow (S)

    A synonym for this parameter is allow hosts.

    This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.

    If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.

    You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like allow hosts = 150.203.5.. The full syntax of the list is described in the man page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also.

    Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option.

    You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:

    Code:
    Example 1: allow all IPs in 150.203.*.*; except one
    Code:
    hosts allow = 150.203. EXCEPT 150.203.6.66
    Code:
    Example 2: allow hosts that match the given network/netmask
    Code:
    hosts allow = 150.203.15.0/255.255.255.0
    Code:
    Example 3: allow a couple of hosts
    Code:
    hosts allow = lapland, arvidsjaur
    Code:
    Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host
    Code:
    hosts allow = @foonet
    Code:
    hosts deny = pirate
    Note that access still requires suitable user-level passwords.

    See testparm(1) for a way of testing your host access to see if it does what you expect.

    Code:
    Default: hosts allow = # none (i.e., all hosts permitted access)
    Code:
    Example: hosts allow = 150.203.5. myhost.mynet.edu.au
    INCREASED SPEED:

    If you are using Linux kernel version 3.7 or newer, the Samba protocol SMB2 has been added to the kernel. You can take advantage of this fact by adding in the next value. This next setting shown will be added under the Global section (the first group at the top of your /etc/samba/smb.conf file) as:

    Code:
    max protocol = SMB2
    Possible values are :

    CORE: Earliest version. No concept of user names.

    COREPLUS: Slight improvements on CORE for efficiency.

    LANMAN1: First modern version of the protocol. Long filename support.

    LANMAN2: Updates to Lanman1 protocol.

    NT1: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.

    SMB2: Re-implementation of the SMB protocol. Used by Windows Vista and newer. The Samba implementation of SMB2 is currently marked experimental!

    Code:
    Default: max protocol = NT1

    NMB Failing to Start on Reboot:

    If, after you restart openSUSE, you notice that no one can find your PC on the network through your Samba share, it may be due to the fact that nmb is not starting. Its possible this is due to a failing of timing by systemd on bootup of your PC. One way to handle that issue to to allow it more time to find your network interfaces.

    This is a YaST / System / /etc/sysconfig Editor Setting at:



    / etc / sysconfig / Network / General / WAIT_FOR_INTERFACES Default is 30, but I suggest you select 60 seconds instead and press OK and allow this change to be saved. It will be used then on your next openSUSE PC restart.

    CIFS Mount from fstab File Problems:

    For more information on using the cifs mount command from your /etc/fstab file, have a look at this guide here: Samba: HowTo Mount a CIFS Network Share [AKA Map Network Drive] in openSUSE 11 plus FAQs

    While I am not a fan of having a permanent Samba share mount being made from your fstab file, I do see a lot of folks having a problem with it not working properly when used from the fstab file but it does work from the command prompt. If this is happening to you, then the problem may be due to your network not yet being up when the fstab mounts are executed at boot time. You could test this theory by opening up a terminal after an openSUSE restart and where the cifs mounts did not work and try this command:

    Code:
    james@LinuxMaster:~> su -
Password: 
LinuxMaster:~ # mount -a
LinuxMaster:~ # df
Filesystem      1K-blocks      Used  Available Use% Mounted on
devtmpfs          8182504         4    8182500   1% /dev
tmpfs             8209780       168    8209612   1% /dev/shm
tmpfs             8209780      8148    8201632   1% /run
/dev/sdb2       106994728  17296160   84256828  18% /
tmpfs             8209780         0    8209780   0% /sys/fs/cgroup
tmpfs             8209780      8148    8201632   1% /var/lock
tmpfs             8209780      8148    8201632   1% /var/run
/dev/sda2       207846992     60684  206729832   1% /Backup
/dev/sda4       480834248 203225952  253176680  45% /DataSafe
/dev/sda3       264093632  68140372  194879508  26% /home
/dev/sdd2      1953153020  62139568 1891013452   4% /Windows
/dev/sdc1      1465136124 306207028 1158929096  21% /Multimedia
/dev/sde1      1465136124 283431900 1181704224  20% /Software
    If all of your cifs mounts work (I don't use the cifs command myself) then you should look at if your network card is being turned on at boot time or if it is set to start On cable connection. To check this setting in YaST lets go to YaST / Network Settings / Network Devices



    In order to make a change, we need to being using Traditional Method with ifup. You can switch back to User Controlled by NetworkManager after this change is made:



    Next, lets go to the Overview Tab, select your network card and pick the Edit Button at the bottom:



    On the General tab make sure the Device Activation is set to: At Boot Time



    Once done, select Next and then Done. If you normally use the Network Manager, before you select Done, Go Back and Select the Global Options Tab and select User Controlled with NetworkManager and then press the Done Button.

    Additional Resources:

    To edit your /etc/fstab file or any system file, have a look at the following blog post.

    SYSEdit - System File Editor - Version 1.50: https://forums.opensuse.org/blogs/jd...rsion-1-00-60/

    Additional Online Resources can be found here:

    1. Index of /samba/docs/man
    2. openSUSE SuSE Linux HOWTOs and Tutorials by Swerdna
    3. Samba - opening windows to a wider world

    As always, if you have any comments, issues or requests, please let me know what they are.

    Thank You,
    1. User Type:
    2. 2-Intermediate
    Comments 11 Comments
    1. tweakhound's Avatar
      tweakhound - 13-Mar-2013, 09:26
      Very nice tool. Thank you!
    1. jdmcdaniel3's Avatar
      jdmcdaniel3 - 20-Mar-2013, 17:28
      You are welcome tweakhound and thanks for the very kind words.

      Thank You,
    1. Easgs's Avatar
      Easgs - 11-Apr-2013, 15:47
      Is there an option to run a testparm from this tool?, if not this would be nice to have it added

      thanks
    1. jdmcdaniel3's Avatar
      jdmcdaniel3 - 11-Apr-2013, 19:42
      Quote Originally Posted by Easgs View Post
      Is there an option to run a testparm from this tool?, if not this would be nice to have it added

      thanks
      Consider it done. I added the testparm command in tonight and here is the output format I am considering:

      Code:
      testparm — check your smb.conf configuration file for internal correctness

Terminal Command: testparm -s > /dev/null

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[Software]"
Processing section "[Windows]"
Processing section "[DataSafe]"
Processing section "[Multimedia]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press Enter to Continue ...
      You will select it from the main menu. I need to do more testing this weekend, but expect the new feature to show up no later than by this Sunday and thanks for your suggestions.

      Thank You,
    1. jdmcdaniel3's Avatar
      jdmcdaniel3 - 11-Apr-2013, 20:01
      I found the following error message ...

      Code:
      rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
      Can be eliminated by editing the system file /etc/security/limits.conf as root and adding the following line at the end:

      Code:
      *                -       nofile         16384
      Save the file and restart openSUSE and the error will be gone when you run testparm. I read that this error does not really need to be fixed, but just in case you wondered.

      Thank You,
    1. Easgs's Avatar
      Easgs - 13-Apr-2013, 08:38
      Hi, after pressing enter in the output of the testparm option I can not see the rest of the output, where it shows the options used in the smb.conf file, this is useful to see the content of the smb.conf file without having to open it in edit mode.

      thanks
    1. jdmcdaniel3's Avatar
      jdmcdaniel3 - 13-Apr-2013, 09:09
      Quote Originally Posted by Easgs View Post
      Hi, after pressing enter in the output of the testparm option I can not see the rest of the output, where it shows the options used in the smb.conf file, this is useful to see the content of the smb.conf file without having to open it in edit mode.

      thanks
      Since you can see and edit the file, I sent it to null, you can edit the bash script and remove the "> /dev/null" and get it back. It exists in two places, once for the actual command and for the indication of the command being run from terminal. And I do wish to promote users to modify the bash script to work as they wish. Further, post any comments to the reason you want it to be shown for all to see, just as you have done.

      Thank You,
    1. Easgs's Avatar
      Easgs - 13-Apr-2013, 09:39
      removing the > /dev/null sentence did the trick

      thanks for this great tool
    1. jdmcdaniel3's Avatar
      jdmcdaniel3 - 13-Apr-2013, 11:07
      Quote Originally Posted by Easgs View Post
      removing the > /dev/null sentence did the trick

      thanks for this great tool
      You are welcome and keep those suggestions coming.

      Thank You,
    1. miclac's Avatar
      miclac - 07-Mar-2014, 04:42
      Thank you so very much for this tool & tutorial. It really has pulled me out of an abyss of pain this week.

      I updated our file server OS from OpenSUSE 11.4 to OpenSUSE 13.1, and I was trying YAST so start up the SAMBA server and getting nowhere fast, then I discovered your contribution and all is well.

      Thanks again.
      Michael
    1. dgoadby's Avatar
      dgoadby - 02-Apr-2014, 19:56
      I will try the tool later but I have a weird problem with SUSE 13.1. I can access my Linux shares ok from my Windows PC's but, although smbtree shows my Workgroup PC's, I get the error: "Could not connect to host for smb://workgroup/" when I try to access them using Dolphin. It looks like an smbclient problem but I can not see it. Usually the seerver set-up is the PITA.

      The only other clue I can offer is this machine was upgraded from 12.2 to 13.1. I have SUSE 13.1 PC's that were created as 13.1 (ie not upgraded) and they work perfectly as client and server. So it must be a configuration problem somewhere..

      David