- Installation
- The Samba configuration file
- Make a copy (backup) of the default Samba config file
- Reconfigure the [global] Stanza for use in a Workgroup
- How to edit root-owned files like smb.conf
- How to blank out unwanted Shares
- How to Set up a Roaming Share (to share your personal Linux home files)
- Create Credentials to allow access to Secure Shares (like the [homes] share)
- How to Set up a specific secure Share for one user
- How to Set up an insecure Share with Guest access for all users on the LAN
- Configure the Firewall for Samba
- Activate the Samba daemons
- Modify the file nsswitch.conf to help Linux respond to pings from Windows
- Comments
Installation: Samba is usually installed by default. You can check that it exists with this console command:
Code:
rpm -qa | grep samba
Go to Yast ==> Software ==> Software Management.
Seach on samba and select to install samba, samba-client, samba-winbind, yast2-samba-server, yast2-samba-client.
Also search on cifs to install cifs-utils.
When you execute the installation, quite a few samba-based dependencies will come along too.
Seach on samba and select to install samba, samba-client, samba-winbind, yast2-samba-server, yast2-samba-client.
Also search on cifs to install cifs-utils.
When you execute the installation, quite a few samba-based dependencies will come along too.
The Samba configuration file (smb.conf located at /etc/samba/smb.conf)
Code:
[global] workgroup = WORKGROUP passdb backend = tdbsam printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = Yes [homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes [profiles] comment = Network Profiles Service path = %H read only = No store dos attributes = Yes create mask = 0600 directory mask = 0700 [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775
The behaviour of Samba shares is controlled (almost entirely) by the constructs in the configuration file smb.conf located in the directory /etc/samba. The file on the left is a copy of the smb.conf file in openSUSE Leap 42.1. It doesn't vary much from one distro to the next, so this article should endure over time.
The file is separated into so-called stanzas. The topmost stanza [global] contains the overarching instructions for all the samba shares. FYI the indents are totally unnecessary (just there for ease of reading).
The series of stanzas underneath the [global] stanza each control one share. There are six such shares in the default configuration file, much more than most people would need. The six shares are included as templates and not intended to be "switched on" by all users.
The fist task, then, is to rationalise the broad-based samba configuration file. This follows next.
Make a copy (backup) of the default Samba config file.
I always reserve a copy (backup) of the default config file as a handy reference re syntax of various bits and pieces. Occasionally I have needed to restore the original and start again.
Run this console command to make an exact replica of the default file (except it will have the extension .original to differentiate it from the working/active file)
Code:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original
Code:
[global] workgroup = WORKGROUP passdb backend = tdbsam printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = Yes
Code:
[global] workgroup = WORKGROUP netbios name = some appropriate name server string = "" name resolve order = bcast host lmhosts wins local master = yes preferred master = yes os level = 65 passdb backend = tdbsam printing = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User usershare allow guests = Yes
The extract on the left is the default and the item on the right is the workgroup-oriented version. In particular I have tweaked network "name resolution", and one or two smaller issues.
In the RHS you must consider four of the lines and perhaps alter them to suit your particular situation. These lines:
- workgroup = WORKGROUP
- netbios name = some appropriate name
- server string = ""
- preferred master = yes
Here's what to do with them:
For #1: Check the name of the Workgroup as defined in the Windows and Linux computers in your LAN. They should be and must be identical. So alter the first of the three lines appropriately.
For #2: The NetBios name will attach itself to the Icon representing your Linux server in the Network Browsers. So alter "some appropriate name" to a name of your choice (it can be a phrase).
For #3: The Server String is attached to servers (in addition to the Netbios Names) when running various "net" views of servers (e.g. put some words in there and then reboot Linux and run the cmd line net view in windows to see the string, or the command smbtree -SN in Linux to see the string. For most cases the null name ( "" ) is adequate if netbios is switched on (as it is here). Normally you would accept this line as is.
For #4: The preferred master is set to yes if this is the only sharing Linux computer in the Workgroup. If you have similarly configured Linux Samba members in the Workgroup, you would set your preferred member to yes and the others to be auto (on the RHS). If this confuses you, set them all to auto.
How to edit root-owned files like smb.conf
The files that need to be modified in this tutorial belong to root, so root powers are needed to edit them. I'll exemplify that by editing the file smb.conf which needs to be altered to make a linux host responsive to pings-by-name from windows machines.
To edit it in KDE run this console command:
Code:
kdesu kwrite /etc/nsswitch.conf
Code:
gnomesu gedit /etc/nsswitch.conf
How to blank out unwanted Shares
The default config file contains six [stanzas] that broadcast "shares" when you switch on the Samba daemons. They have been put there as templates, for reference purposes. You will certainly not need them all. Here are two handy methods for blocking out the ones you don't need. Start by running the kdesu-or-gnomesu method to edit the file, then:
- either simply delete any unwanted stanzas completely
- or put a # (hash) at the front of the [stanza] and the lines that belong to that stanza.
Here's a before and after view of a hashed-out stanza:
Code:
[users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/
Code:
#[users] # comment = All users # path = /home # read only = No # inherit acls = Yes # veto files = /aquota.user/groups/shares/
If you need to restore a deleted or blocked [stanza] at a later time, for method 1 you can copy the full stanza from the backup file and paste it back into the working file, and for method 2 you can simply delete the hashes you have installed to block the stanza.
I recommend the first version because it's very simple to delete a stanza and just as simple to paste it back from the backup file. IMHO the #-blocker method is messy.
How to Set up a Roaming Share (to share your personal Linux home files)
This share allows access to your Linux home file-system, entirely, e.g. if your Linux username is angetina, then the directory tree located at /home/angetina will be available, with full read/write permissions. It's called "roaming" because you can roam around the LAN and access your home on the Linux server from all computers (whether from windows or Linux). You need to supply your Linux username and Samba password to access the share (see next section about these credentials).
Once you replace the [homes] stanza underneath the [global] stanza, like the example below, and reboot the Linux computer, then the [homes] share will be accessible (but only to you).
Code:
[homes] comment = Home Directories valid users = %S, %D%w%S browseable = No read only = No inherit acls = Yes
In Windows you can sometimes see the share as an icon named for your Linux username. Whether you see the icon depends on your transaction history with the server earlier that session. If you can see it, drill down into the share. If you can't see it then use an address like this in the Windows network browser: \\NetbiosName\linux_username.
On the linux client you do not initially see the share as an icon as you sometimes do in Windows. Instead you always address the share in your browser by its netBIOS name; e.g. smb://NetbiosName/linux_username. You can use the IP address instead of "NetbiosName" in the address line. This is a fine share for users who like to keep their work on one server but access it from many machines.
Create Credentials to allow access to Secure Shares (like the [homes] share)
Samba maintains a list a list of credentials for Samba users. You can only add users into the Samba user database if they already exist as Linux users on the server. You can use any password you like as the Samba password, it does not have to be the same as the user's Linux Logon password. You would need a username's Samba password to exist in the samba user database before you could access a secure share like the roaming share above or william's more specific share outlined in the next section below.
To check who's already in the database, run this terminal command:
Code:
sudo pdbedit -L
Code:
sudo smbpasswd -a angetina
Code:
sudo smbpasswd -x william
Scenario: A Linux user with username william creates and shares a specific directory (e.g. named shared_directory) at location /path_to/shared_directory. The intention is that only the users who know the username "william" and the associated Samba password can access the share.
Code:
[WilliamsShare] /path_to/shared_directory valid users = william read only = No force user = william
The shared_directory can be anywhere in the normal Linux file system. User william has added a password in the Samba database. The directory should be made by user william (or chown ownership over to william). The [stanza] on the left will enable william (and only william) to access the shared directory from within the LAN.
How to Set up an insecure Share with Guest access for all users on the LAN
Scenario: A Linux user with username william creates and shares a specific directory (e.g. named shared_directory) at location /path_to/shared_directory. The intention is that every person who accesses the LAN can access the files in the directory without needing any credentials.
Code:
[WilliamsShare] /path_to/shared_directory guest OK = yes read only = No force user = william
The shared_directory can be anywhere in the normal Linux file system. The directory should be made by user william (or chown ownership over to william). The [stanza] on the left will enable everyone to access the shared directory from within the LAN and create, edit or delete files inside.
Compare the coding of these two shares: only one line was changed to achieve the guest access (change valid users = william to guest OK = yes).
Configure the Firewall for Samba
Use Yast to configure the Firewall:
Set your network interface: Go To Yast ==> Security & users ==> Firewall ==> Interfaces ==> set network Device to External.
Set your network services: Go To Yast ==> Security & users ==> Firewall ==> Allowed Services ==> set these allowed services: Netbios server, Samba client, Samba server.
Activate the Samba daemons
You can turn Samba on permanently in Yast (and if you like, turn it off there too).
Go To Yast ==> System ==> Services ==> locate/scroll to nmb (Samba NMB daemon) ==> set to "enabled" and "active".
And similarly for smb, at the same time use the same method to set the smb daemon to "enabled" and "active".
Modify the file nsswitch.conf to help Linux respond to pings from Windows
The file nsswitch.conf resides on the path /etc/nsswitch.conf. Edit the file using the root-based method I described immediately above, using e.g. gnomesu or kdesu.
Locate the following line:
Code:
hosts: files mdns_minimal [NOTFOUND=return] dns
Code:
hosts: files mdns_minimal [NOTFOUND=return] dns wins
Comments and questions
I've provided for comments and questions to this thread in the Network Forum: https://forums.opensuse.org/showthre...-the-local-LAN