View RSS Feed

James' openSUSE Bash Scripting (and other things) Blog - Your Comments are Welcome!

S.A.C.T. - Samba Automated Configuration Tool - Version 1.20

Rating: 2 votes, 5.00 average.
SCREENSHOTS - MAIN MENU:



I have written a new tool to Setup and Configure Samba which should work on all present supported versions of openSUSE and specifically to work with the new openSUSE 12.3 release.



S.A.C.T. supports the complete and automatic configuration of Samba for use by anyone not familiar with just how to setup Samba the first time to get it to work properly. You should run this setup once on a new system. You need to manually install the samba-doc file from YaST on an existing setup if you are not going to run this S.A.C.T. installation option.



The three Primary Help Documents included with Samba (samba-doc is required) can be viewed in PDF format or in HTML format in your default Web Browser.



S.A.C.T. Has a new Status and testing Menu with smb and nmb log file viewers.



As you make Samba Configuration Changes, you can then Start, Stop, Restart and Check Status of the nmb and smb services at will.



And Finally, S.A.C.T. provides an easy way to create, view and edit the Samba User Database.



What do you see from the desktop to start S.A.C.T.? Here, I select the S.A.C.T. icon in my desktop folder and pick option 5 to edit my smb.conf file. It is just that easy to use.

DOWNLOAD the S.A.C.T. Bash Script:

You can obtain the raw bash script from SUSE Paste at the following link:

S.A.C.T. - Samba Automated Configuration Tool - Version 1.20

Open the above Link in a new Tab. Select the Download option in the top right and then select Open With Kwrite or other text editor and then save the bash script text file as ~/bin/sact. It is possible to directly download sact using the following terminal command (You must delete or remove the old version first):

Code:
rm ~/bin/sact
Code:
wget -nc http://paste.opensuse.org/view/download/60035 -O ~/bin/sact
This script must be marked executable to be used. Please run the following Terminal command:

Code:
chmod +x ~/bin/sact
It is even possible to string all three of these commands together as one which is Highly Recommended for you to use! Copy the following command, open up a terminal session, paste it in and press enter:

Code:
rm ~/bin/sact ; wget -nc http://paste.opensuse.org/view/download/60035 -O ~/bin/sact ; chmod +x ~/bin/sact
To use sact, open up a terminal session and type in the command:

Code:
sact
When S.A.C.T. is first run, it creates both a Desktop and Program icon for you, used to run S.A.C.T.



SMB and NMB Services:


The smbd (Server Message Block) daemon provides file sharing and printing services to Windows & Samba clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol. The default ports on which the server listens for SMB traffic are TCP ports 139 and 445. If smb is not working, you will be unable to find any PC's, including your own PC, sharing resources on your local network.

The smbd daemon is controlled by the smb service.

The nmbd (NetBIOS Message Block) daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows-based systems. These systems include Windows 95/98/ME/7/8, Windows NT, Windows 2000, Windows XP, LanManager and Samba clients. It also participates in the browsing protocols that make up the Windows Network Neighborhood view. The default port that the server listens to for NMB traffic is UDP port 137. If nmb is not working and smb is working, you can find other PC's on the network, but no one can find your PC on the network. If smb and nmb are working, you should be able to find what your PC is sharing. Use the S.A.C.T. main menu option six to create a /home sharing icon for your PC on the same PC to see if it is sharing /home properly.

The nmbd daemon is controlled by the nmb and smb services.

HOSTNAME:

To locate your PC on your network, you look for the hostname you have provided. For Samba, you can have a separate name, set in your /etc/samba/smb.conf file or, remark out that line there and use the original hostname as setup in your openSUSE installation, which is recommenced. To see what your actual Computer Name will be, as set by openSUSE during the installation, open up a terminal session and type in the command:

Code:
hostname
To Actually Change the PC name (For this Session Only), open up a terminal session and type the command:

Code:
sudo hostname new_name
Where you substitute the actual PC name you want to use in place of the name new_name. To make a permanent change to your hostname, that is persistent after you reboot, you can do this. Open up a terminal session and enter the following commands:

Code:
su -

echo "new_hostname" > /etc/HOSTNAME

hostname -F /etc/HOSTNAME
Your PC will now have a new hostname that will persist even after a restart of your PC. It is not recommended (or needed) that you set a hostname in your /etc/samba/smb.conf and use the same name in your openSUSE network configuration. You can use a different hostname for Samba and openSUSE, but I am not sure why you would want to do that. You can change the hostname in YaST as well:

Go to YaST (enter root password) / Network Devices / Network Settings / Hostname/DNS Tab / and enter Hostname, press OK when complete.


What Can You Find Using Samba?


The Samba Setup option then creates a SMB browser icon for you as well:



And When Selected, it will open up a File Browser showing the hostnames of your Samba Compatible Shares:



Samba Configuration:

When you elect to setup Samba for the first time, S.A.C.T. creates a default Samba configuration file called smb.conf and located in the folder named /etc/samba as follows:

Code:
# smb.conf is the main Samba configuration file. 
# You find a full commented version at 
# /usr/share/doc/packages/samba/examples/smb.conf.SUSE 
# if the samba-doc package is installed.
# Samba config file created using SWAT 
# from $netbios_name (127.0.0.1)
# Date: $(date)

[global]
  workgroup = $Workgroup
#  netbios name = $netbios_name
  passdb backend = tdbsam
  name resolve order = bcast host lmhosts wins
  server string = ""
  printing = cups
  printcap name = cups
  printcap cache time = 750
  cups options = raw
  use client driver = yes
  map to guest = Bad User
  local master = yes
  os level = 33
  usershare allow guests = Yes
  usershare max shares = 100
  usershare owner only = False

[homes]
  comment = Home Directories
  valid users = %S, %D%w%S
  browseable = No
  read only = No
  inherit acls = Yes

[printers]
  comment = All Printers
  path = /var/tmp
  printable = Yes
  create mask = 0700
  browseable = No
  guest OK = Yes

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/drivers
  write list = @ntadmin root
  force group = ntadmin
  create mask = 0664
  directory mask = 0775
Folder Sharing Other than /home:

Your /home folder can not be browsed by default in a file manager. For two or more PC setups using S.A.C.T., see the S.A.C.T. main menu option two to create a /home browse icon you must enter a password to use. To Allow the sharing of a common folder(s) for all users, not requiring a password (from openSUSE as Windows will normally ask for a password), you might make the following addition at the end of your /etc/samba/smb.conf file as follows:

Code:
[Windows]
    path = /windows/C
    read only = No
    acl check permissions = No
    inherit acls = Yes
    guest ok = Yes
    profile acls = Yes
    use sendfile = Yes
Make sure to use your actual folder name to share in place of my example folder named /windows/C. I might use the following chmod terminal command on the Windows folder shown here to allow full user access:

Code:
sudo chmod 777 /windows/C
Consider that the /etc/fstab file entry will allso effect the ability of any user to read and write to this folder. Have a look at the suggested mount options for a NTFS folder in my fstab file:

Code:
/dev/disk/by-id/ata-Hitachi_HDS5C3020ALA632_ML0220F30MGP7D-part2        /windows/C             ntfs-3g    defaults,noatime                      0 0
Your partition or device name name will likely not be the same as mine, but note the mount options of defaults,noatime that I have used to allow all users to use this partition. When you modify the /etc/samba/smb.conf configuration file with the edit option from the main menu, make sure to restart the smb/nmb services for the changes to take effect. In general do not modify the fstab entry for anything mounted inside your /home partition. For fstab changes to take effect, you can restart openSUSE or open up terminal and run this command:

Code:
sudo mount --all
-- CONTINUED --

Submit "S.A.C.T. - Samba Automated Configuration Tool - Version 1.20" to Digg Submit "S.A.C.T. - Samba Automated Configuration Tool - Version 1.20" to del.icio.us Submit "S.A.C.T. - Samba Automated Configuration Tool - Version 1.20" to StumbleUpon Submit "S.A.C.T. - Samba Automated Configuration Tool - Version 1.20" to Google Submit "S.A.C.T. - Samba Automated Configuration Tool - Version 1.20" to Facebook Submit "S.A.C.T. - Samba Automated Configuration Tool - Version 1.20" to Twitter

Updated 27-May-2013 at 11:41 by jdmcdaniel3

Categories
openSUSE Software

Comments

  1. jdmcdaniel3's Avatar
    [SIZE=4][SIZE=2][B][SIZE=4]ADDED SECURITY:[/SIZE][/B][/SIZE][/SIZE]

    For added security in using Samba on your home or small network, a couple of added parameters can help insure no communications from outside your local network subnet will be allowed. These next values shown will be added under the Global section (the first group at the top of your /etc/samba/smb.conf file) as:

    [CODE]hosts deny = ALL
    hosts allow = 192.168.0.0/255.255.255.0, 127.0.0.1[/CODE]

    In this example, the local subnet is 192.168.0 as determined by the 255.255.255.0 plus we are allowing the localhost by adding in 127.0.01 and the first statement of hosts deny = ALL, means if you are not in the host allow list, you are being denied, by default.

    [SIZE=3][B]hosts deny (S)[/B][/SIZE]

    The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the allow list takes precedence.

    In the event that it is necessary to deny all by default, use the keyword ALL (or the netmask 0.0.0.0/0) and then explicitly specify to the hosts allow = hosts allow parameter those hosts that should be permitted access.

    [CODE]Default: hosts deny = # none (i.e., no hosts specifically excluded)[/CODE]

    [CODE]Example: hosts deny = 150.203.4. badhost.mynet.edu.au [/CODE]

    [SIZE=3][B]hosts allow (S)[/B][/SIZE]

    A synonym for this parameter is allow hosts.

    This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.

    If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.

    You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like allow hosts = 150.203.5.. The full syntax of the list is described in the man page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also.

    Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option.

    You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:

    [CODE]Example 1: allow all IPs in 150.203.*.*; except one[/CODE]

    [CODE]hosts allow = 150.203. EXCEPT 150.203.6.66[/CODE]

    [CODE]Example 2: allow hosts that match the given network/netmask[/CODE]

    [CODE]hosts allow = 150.203.15.0/255.255.255.0[/CODE]

    [CODE]Example 3: allow a couple of hosts[/CODE]

    [CODE]hosts allow = lapland, arvidsjaur[/CODE]

    [CODE]Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host[/CODE]

    [CODE]hosts allow = @foonet[/CODE]

    [CODE]hosts deny = pirate[/CODE]

    Note that access still requires suitable user-level passwords.

    See testparm(1) for a way of testing your host access to see if it does what you expect.

    [CODE]Default: hosts allow = # none (i.e., all hosts permitted access)[/CODE]

    [CODE]Example: hosts allow = 150.203.5. myhost.mynet.edu.au [/CODE]

    [B][SIZE=4]INCREASED SPEED using SMB2:[/SIZE][/B]

    If you are using Linux kernel version 3.7 or newer, the Samba protocol SMB2 has been added to the kernel. Check out this link and look for SMB2: [url=http://www.samba.org/samba/history/samba-3.6.0.html]Samba - Release Notes Archive[/url] And another interesting Document can be found here: [URL="http://www.samba.org/%7Esfrench/presentations/smf-linux-collab-summmit-future-of-file-protocols-smb2.2.pdf"]http://www.samba.org/~sfrench/presen...ols-smb2.2.pdf[/URL]

    You can take advantage of this fact by adding in the next value. This next setting shown will be added under the Global section (the first group at the top of your /etc/samba/smb.conf file) as:

    [CODE]max protocol = SMB2[/CODE]

    Possible values are :

    [B]CORE[/B]: Earliest version. No concept of user names.

    [B]COREPLUS[/B]: Slight improvements on CORE for efficiency.

    [B]LANMAN1[/B]: First modern version of the protocol. Long filename support.

    [B]LANMAN2[/B]: Updates to Lanman1 protocol.

    [B]NT1[/B]: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.

    [B]SMB2[/B]: Re-implementation of the SMB protocol. Used by Windows Vista and newer. The Samba implementation of SMB2 is currently marked experimental!

    [CODE]Default: [I][I]max protocol[/I] = NT1 [/I][/CODE]
    [SIZE=4][B]
    NMB Failing to Start on Reboot:[/B][/SIZE]

    If, after you restart openSUSE, you notice that no one can find your PC on the network through your Samba share, it may be due to the fact that nmb is not starting. Its possible this is due to a failing of timing by systemd on bootup of your PC. One way to handle that issue to to allow it more time to find your network interfaces.

    This is a [B]YaST[/B] / [B]System[/B] / [B]/etc/sysconfig Editor[/B] Setting at:

    [IMG]http://paste.opensuse.org/view/download/81331522[/IMG]

    / [B]etc[/B] / [B]sysconfig[/B] / [B]Network[/B] / [B]General[/B] /[B] WAIT_FOR_INTERFACES[/B] Default is [B]30[/B], but I suggest you select [B]60[/B] seconds instead and press [B]OK[/B] and allow this change to be saved. It will be used then on your next openSUSE PC restart.

    [B][SIZE=3]-- CONTINUED --[/SIZE][/B]
    Updated 12-May-2013 at 19:23 by jdmcdaniel3
  2. jdmcdaniel3's Avatar
    [SIZE=3][B]CIFS Mount from fstab File Problems[/B][/SIZE]:

    For more information on using the cifs mount command from your /etc/fstab file, have a look at this guide here: [URL="http://www.swerdna.net.au/susesambacifs.html"]Samba: HowTo Mount a CIFS Network Share [AKA Map Network Drive] in openSUSE 11 plus FAQs[/URL]

    While I am not a fan of having a permanent Samba share mount being made from your fstab file, I do see a lot of folks having a problem with it not working properly when used from the fstab file but it does work from the command prompt. If this is happening to you, then the problem may be due to your network not yet being up when the fstab mounts are executed at boot time. You could test this theory by opening up a terminal after an openSUSE restart and where the cifs mounts did not work and try this command:

    [CODE]james@LinuxMaster:~> su -
    Password:
    LinuxMaster:~ # mount -a
    LinuxMaster:~ # df
    Filesystem 1K-blocks Used Available Use% Mounted on
    devtmpfs 8182504 4 8182500 1% /dev
    tmpfs 8209780 168 8209612 1% /dev/shm
    tmpfs 8209780 8148 8201632 1% /run
    /dev/sdb2 106994728 17296160 84256828 18% /
    tmpfs 8209780 0 8209780 0% /sys/fs/cgroup
    tmpfs 8209780 8148 8201632 1% /var/lock
    tmpfs 8209780 8148 8201632 1% /var/run
    /dev/sda2 207846992 60684 206729832 1% /Backup
    /dev/sda4 480834248 203225952 253176680 45% /DataSafe
    /dev/sda3 264093632 68140372 194879508 26% /home
    /dev/sdd2 1953153020 62139568 1891013452 4% /Windows
    /dev/sdc1 1465136124 306207028 1158929096 21% /Multimedia
    /dev/sde1 1465136124 283431900 1181704224 20% /Software
    [/CODE]

    If all of your cifs mounts work (I don't use the cifs command myself) then you should look at if your network card is being turned on at boot time or if it is set to start [B]On cable connection[/B]. To check this setting in YaST lets go to [B]YaST[/B] / [B]Network Settings[/B] / [B]Network Devices[/B]

    [IMG]http://paste.opensuse.org/view/download/21452380[/IMG]

    In order to make a change, we need to being using [B]Traditional Method with ifup[/B]. You can switch back to [B]User Controlled by NetworkManager [/B]after this change is made:

    [IMG]http://paste.opensuse.org/view/download/95082965[/IMG]

    Next, lets go to the [B]Overview[/B] Tab, select your network card and pick the [B]Edit[/B] Button at the bottom:

    [IMG]http://paste.opensuse.org/view/download/13093757[/IMG]

    On the[B] General[/B] tab make sure the [B]Device Activation[/B] is set to:[B] [U]At Boot Time[/U][/B]

    [IMG]http://paste.opensuse.org/view/download/74845457[/IMG]

    Once done, select [B]Next[/B] and then [B]Done[/B]. If you normally use the Network Manager, before you select [B]Done[/B], Go Back and Select the [B]Global Options[/B] Tab and select[B] User Controlled with NetworkManager[/B] and then press the [B]Done[/B] Button.

    [SIZE=4][B]Additional Resources:[/B][/SIZE]

    To edit your /etc/fstab file or any system file, have a look at the following blog post.

    SYSEdit - System File Editor - Version 1.50: [URL]https://forums.opensuse.org/blogs/jdmcdaniel3/sysedit-system-file-editor-version-1-00-60/[/URL]

    Additional Online Resources can be found here:

    1. [URL="http://www.samba.org/samba/docs/man/"]Index of /samba/docs/man[/URL]
    2. [URL="http://opensuse.swerdna.org/index.html"]openSUSE SuSE Linux HOWTOs and Tutorials by Swerdna[/URL]
    3. [URL="http://www.samba.org/"]Samba - opening windows to a wider world[/URL]

    As always, if you have any comments, issues or requests, please let me know what they are.

    Thank You,
    Updated 12-Apr-2013 at 15:12 by jdmcdaniel3
  3. jdmcdaniel3's Avatar
    [SIZE=4][B]Folder Sharing For /home:

    [/B][SIZE=2]You can share your home area if you want it to show up like the other folder shares. When accessed this way, you must still enter the user name and password, but a viewer will know that /home/username is present for access. You make an entry at the end of your /etc/samba/smb.conf file as root:

    [CODE][UserHome]
    comment= User Home
    path=/home/username
    browseable=Yes
    writeable=Yes
    only guest=no
    create mask=0777
    directory mask=0777
    public=no[/CODE]
    [/SIZE]
    [SIZE=2]Anyway, just another /home folder sharing option you can use.

    Thank You,

    [/SIZE]
    [/SIZE]
    Updated 23-Nov-2013 at 10:16 by jdmcdaniel3
  4. jdmcdaniel3's Avatar
    In the S.A.C.T. New Main menu option "6 . Samba Status, Testing and Log File Viewer Menu" , you will find a status check named "3 . Run testparm on your default /etc/samba/smb.conf file" and when you run this test, you may find the error that says:

    [CODE]rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)[/CODE]

    This error is said to not be a problem and not in need of fixing, but if you would like to eliminate it, here is what you do:

    Edit the file /etc/security/limits.conf as root and add the following line at the bottom, save the file and reatrt openSUSE when done:

    [CODE]* - nofile 16384[/CODE]

    I have a bash script useful in editing system files own by root you can find here: [URL="http://forums.opensuse.org/blogs/jdmcdaniel3/sysedit-system-file-editor-version-1-00-60/"]SYSEdit - System File Editor - Version 1.00 - Blogs - openSUSE Forums

    [/URL] After you restart openSUSE, run the same test again and you will find the old error message will now be gone.

    Thank You,
  5. jdmcdaniel3's Avatar
    S.A.C.T. - Samba Automated Configuration Tool has been updated to Version 1.07 with new status menus in:

    "6 . Samba Status, Testing and Log File Viewer Menu"

    showing the new:

    "3 . Show the smb program build status"

    and:

    "5 . Run testparm on /etc/samba/smb.conf file with defaults"

    menu options. Other minor changes have also been made.

    Thank You,
  6. jdmcdaniel3's Avatar
    I have upgraded S.A.C.T. - Samba Automated Configuration Tool to Version 1.20 with lots and lots of internal changes that make it operate better and to be more in line with my other recent changes to my bash script collection. If you are a frequent S.A.C.T. user, then you are going to want version 1.20.

    Thank You,
  7. DonMLewis's Avatar
    James, I ran your SACT script to get Samba going which ran to completion without any hiccup's. I then ran the desktop SMB icon which opened Dolphin and asked for credentials for WORKGROUP. I tried my user credentials which didn't take (the dialog restarted) so I went to yast, looked at the Samba Server/User Information Services which pointed to the TDB database. I ran pdbedit -L which listed only root as a user, so I added my userid/password to the database but still can't get past the login screen. What am I missing?

    My goal is to be able to share files/folders with a Mac OSX machine.

    A couple of notes about sact:

    The first time I ran it, it installed the documentation. When I reran it, it said the documentation was not installed but the installation process said it was already installed.

    When the dialog asked for the workgroup name, I had to type in something, hitting enter to take the default did not work.
  8. cmcgrath5035's Avatar
    [QUOTE=DonMLewis;bt999]James, I ran your SACT script to get Samba going which ran to completion without any hiccup's. I then ran the desktop SMB icon which opened Dolphin and asked for credentials for WORKGROUP. I tried my user credentials which didn't take (the dialog restarted) so I went to yast, looked at the Samba Server/User Information Services which pointed to the TDB database. I ran pdbedit -L which listed only root as a user, so I added my userid/password to the database but still can't get past the login screen. What am I missing?

    My goal is to be able to share files/folders with a Mac OSX machine.

    A couple of notes about sact:

    The first time I ran it, it installed the documentation. When I reran it, it said the documentation was not installed but the installation process said it was already installed.

    When the dialog asked for the workgroup name, I had to type in something, hitting enter to take the default did not work.[/QUOTE]
    Don
    Are you running Samba 3 (12.3) or Samba4 (13.1)? I was about to try SACT, but it was unclear if it had been tweaked for Samba4
  9. isusogdus's Avatar
    Well, the question above says it all! All that I'd like to know, for the present, in any case.

    What say, James, are you up to a Samba4 tweak (v.1.21?) for the sake us lesser souls?

    Thx!
  10. isusogdus's Avatar
    [QUOTE=isusogdus;bt1029]Well, the question above says it all! All that I'd like to know, for the present, in any case.

    What say, James, are you up to a Samba4 tweak (v.1.21?) for the sake us lesser souls?

    Thx![/QUOTE]


    Me again, somehow (how?!) the title got sacked! Here it is:


    "Yeah, has S.A.C.T. v.1.20 been tweaked for openSUSE 13.1/ Samba4?"


    Thanks again, James, in advance, just in case you have a version 1.21 in mind!