Introduction: This article shows how to configure Samba to share files to a Workgroup in the local LAN, and to receive files from other members of the Workgroup. Here is a list of topics covered:
- Installation
- The Samba configuration file
- Make a copy (backup) of the default Samba config file
- Reconfigure the [global] Stanza for use in a Workgroup
- How to edit root-owned files like smb.conf
- How to blank out unwanted Shares
- How to Set up a Roaming Share (to share your personal Linux home files)
- Create Credentials to allow access to Secure Shares (like the [homes] share)
- How to Set up a specific secure Share for one user
- How to Set up an insecure Share with Guest access for all users on the LAN
- Configure the Firewall for Samba
- Activate the Samba daemons
- Modify the file nsswitch.conf to help Linux respond to pings from Windows
- Comments
Installation: Samba is usually installed by default. You can check that it exists with this console command:
Code:
rpm -qa | grep samba
A list of RPMs containing the word "samba" should appear in the console interface. If not, then you need to install Samba, perhaps using Yast:
Go to Yast ==> Software ==> Software Management.
Seach on samba and select to install samba, samba-client, samba-winbind, yast2-samba-server, yast2-samba-client.
Also search on cifs to install cifs-utils.
When you execute the installation, quite a few samba-based dependencies will come along too.
The Samba configuration file (smb.conf located at /etc/samba/smb.conf)
Code:
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
The behaviour of Samba shares is controlled (almost entirely) by the constructs in the configuration file smb.conf located in the directory /etc/samba. The file on the left is a copy of the smb.conf file in openSUSE Leap 42.1. It doesn't vary much from one distro to the next, so this article should endure over time.
The file is separated into so-called stanzas. The topmost stanza [global] contains the overarching instructions for all the samba shares. FYI the indents are totally unnecessary (just there for ease of reading).
The series of stanzas underneath the [global] stanza each control one share. There are six such shares in the default configuration file, much more than most people would need. The six shares are included as templates and not intended to be "switched on" by all users.
The fist task, then, is to rationalise the broad-based samba configuration file. This follows next.
Make a copy (backup) of the default Samba config file.
I always reserve a copy (backup) of the default config file as a handy reference re syntax of various bits and pieces. Occasionally I have needed to restore the original and start again.
Run this console command to make an exact replica of the default file (except it will have the extension .original to differentiate it from the working/active file)
Code:
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.original
Reconfigure the [global] Stanza for use in a Workgroup
Code:
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
Code:
[global]
workgroup = WORKGROUP
netbios name = some appropriate name
server string = ""
name resolve order = bcast host lmhosts wins
local master = yes
preferred master = yes
os level = 65
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
usershare allow guests = Yes
The extract on the left is the default and the item on the right is the workgroup-oriented version. In particular I have tweaked network "name resolution", and one or two smaller issues.
In the RHS you must consider four of the lines and perhaps alter them to suit your particular situation. These lines:
- workgroup = WORKGROUP
- netbios name = some appropriate name
- server string = ""
- preferred master = yes
Here's what to do with them:
For #1: Check the name of the Workgroup as defined in the Windows and Linux computers in your LAN. They should be and must be identical. So alter the first of the three lines appropriately.
For #2: The NetBios name will attach itself to the Icon representing your Linux server in the Network Browsers. So alter "some appropriate name" to a name of your choice (it can be a phrase).
For #3: The Server String is attached to servers (in addition to the Netbios Names) when running various "net" views of servers (e.g. put some words in there and then reboot Linux and run the cmd line
net view in windows to see the string, or the command
smbtree -SN in Linux to see the string. For most cases the null name ( "" ) is adequate if netbios is switched on (as it is here). Normally you would accept this line as is.
For #4: The preferred master is set to
yes if this is the only sharing Linux computer in the Workgroup. If you have similarly configured Linux Samba members in the Workgroup, you would set your preferred member to
yes and the others to be
auto (on the RHS). If this confuses you, set them all to auto.
How to edit root-owned files like smb.conf
The files that need to be modified in this tutorial belong to root, so root powers are needed to edit them. I'll exemplify that by editing the file smb.conf which needs to be altered to make a linux host responsive to pings-by-name from windows machines.
To edit it in KDE run this console command:
Code:
kdesu kwrite /etc/nsswitch.conf
To edit it in Gnome run this console command:
Code:
gnomesu gedit /etc/nsswitch.conf
Once you have the file open you can use a simple copy/paste process to change the [global] stanza. Use "copy" to get the text from the RHS code I placed above and paste it over the contents you see in your smb.conf file. Then uses File ==> Save to store the edited smb.conf file. Be sure to alter, if necessary, the four lines I have set out above.
How to blank out unwanted Shares
The default config file contains six [stanzas] that broadcast "shares" when you switch on the Samba daemons. They have been put there as templates, for reference purposes. You will certainly not need them all. Here are two handy methods for blocking out the ones you don't need. Start by running the kdesu-or-gnomesu method to edit the file, then:
- either simply delete any unwanted stanzas completely
- or put a # (hash) at the front of the [stanza] and the lines that belong to that stanza.
Here's a before and after view of a hashed-out stanza:
Code:
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
Code:
#[users]
# comment = All users
# path = /home
# read only = No
# inherit acls = Yes
# veto files = /aquota.user/groups/shares/
If you need to restore a deleted or blocked [stanza] at a later time, for method 1 you can copy the full stanza from the backup file and paste it back into the working file, and for method 2 you can simply delete the hashes you have installed to block the stanza.
I recommend the first version because it's very simple to delete a stanza and just as simple to paste it back from the backup file. IMHO the #-blocker method is messy.
How to Set up a Roaming Share (to share your personal Linux home files)
This share allows access to your Linux home file-system, entirely, e.g. if your Linux username is angetina, then the directory tree located at /home/angetina will be available, with full read/write permissions. It's called "roaming" because you can roam around the LAN and access your home on the Linux server from all computers (whether from windows or Linux). You need to supply your Linux username and Samba password to access the share (see next section about these credentials).
Once you replace the [homes] stanza underneath the [global] stanza, like the example below, and reboot the Linux computer, then the [homes] share will be accessible (but only to you).
Code:
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
In Windows you can sometimes see the share as an icon named for your Linux username. Whether you see the icon depends on your transaction history with the server earlier that session. If you can see it, drill down into the share. If you can't see it then use an address like this in the Windows network browser: \\NetbiosName\linux_username.
On the linux client you do not initially see the share as an icon as you sometimes do in Windows. Instead you always address the share in your browser by its netBIOS name; e.g. smb://NetbiosName/linux_username. You can use the IP address instead of "NetbiosName" in the address line. This is a fine share for users who like to keep their work on one server but access it from many machines.
Create Credentials to allow access to Secure Shares (like the [homes] share)
Samba maintains a list a list of credentials for Samba users. You can only add users into the Samba user database if they already exist as Linux users on the server. You can use any password you like as the Samba password, it does not have to be the same as the user's Linux Logon password. You would need a username's Samba password to exist in the samba user database before you could access a secure share like the roaming share above or william's more specific share outlined in the next section below.
To check who's already in the database, run this terminal command:
To add members. e.g. angetina, issue this command in a terminal:
Code:
sudo smbpasswd -a angetina
To remove members. e.g. william, issue this command:
Code:
sudo smbpasswd -x william
How to Set up a specific secure Share for one user
Scenario: A Linux user with username william creates and shares a specific directory (e.g. named shared_directory) at location /path_to/shared_directory. The intention is that only the users who know the username "william" and the associated Samba password can access the share.
Code:
[WilliamsShare]
/path_to/shared_directory
valid users = william
read only = No
force user = william
The shared_directory can be anywhere in the normal Linux file system. User william has added a password in the Samba database. The directory should be made by user william (or chown ownership over to william). The [stanza] on the left will enable william (and only william) to access the shared directory from within the LAN.
How to Set up an insecure Share with Guest access for all users on the LAN
Scenario: A Linux user with username william creates and shares a specific directory (e.g. named shared_directory) at location /path_to/shared_directory. The intention is that every person who accesses the LAN can access the files in the directory without needing any credentials.
Code:
[WilliamsShare]
/path_to/shared_directory
guest OK = yes
read only = No
force user = william
The shared_directory can be anywhere in the normal Linux file system. The directory should be made by user william (or chown ownership over to william). The [stanza] on the left will enable everyone to access the shared directory from within the LAN and create, edit or delete files inside.
Compare the coding of these two shares: only one line was changed to achieve the guest access (change
valid users = william to
guest OK = yes).
Configure the Firewall for Samba
Use Yast to configure the Firewall:
Set your network interface: Go To Yast ==> Security & users ==> Firewall ==> Interfaces ==> set network Device to External.
Set your network services: Go To Yast ==> Security & users ==> Firewall ==> Allowed Services ==> set these allowed services: Netbios server, Samba client, Samba server.
Activate the Samba daemons
You can turn Samba on permanently in Yast (and if you like, turn it off there too).
Go To Yast ==> System ==> Services ==> locate/scroll to nmb (Samba NMB daemon) ==> set to "enabled" and "active".
And similarly for smb, at the same time use the same method to set the smb daemon to "enabled" and "active".
Modify the file nsswitch.conf to help Linux respond to pings from Windows
The file nsswitch.conf resides on the path /etc/nsswitch.conf. Edit the file using the root-based method I described immediately above, using e.g. gnomesu or kdesu.
Locate the following line:
Code:
hosts: files mdns_minimal [NOTFOUND=return] dns
Change it to this:
Code:
hosts: files mdns_minimal [NOTFOUND=return] dns wins
Then save it back to the original (File ==> Save).
Comments and questions
I've provided for comments and questions to this thread in the Network Forum:
https://forums.opensuse.org/showthre...-the-local-LAN
