Article: S.A.C.T. - Samba Automated Configuration Tool - Version 1.20

SCREENSHOTS - MAIN MENU:

I have written a new tool to Setup and Configure Samba which should work on all present supported versions of openSUSE and specifically to work with the new openSUSE 12.3 release.

S.A.C.T. supports the complete and automatic configuration of Samba for use by anyone not familiar with just how to setup Samba the first time to get it to work properly. You should run this setup once on a new system. You need to manually install the samba-doc file from YaST on an existing setup if you are not going to run this S.A.C.T. installation option.

The three Primary Help Documents included with Samba (samba-doc is required) can be viewed in PDF format or in HTML format in your default Web Browser.


**
**[size=2]S.A.C.T. Has a new Status and testing Menu with smb and nmb log file viewers.
[/size]

As you make Samba Configuration Changes, you can then Start, Stop, Restart and Check Status of the nmb and smb services at will.

And Finally, S.A.C.T. provides an easy way to create, view and edit the Samba User Database.

What do you see from the desktop to start S.A.C.T.? Here, I select the S.A.C.T. icon in my desktop folder and pick option 5 to edit my smb.conf file. It is just that easy to use.

DOWNLOAD the S.A.C.T. Bash Script:

You can obtain the raw bash script from SUSE Paste at the following link:

S.A.C.T. - Samba Automated Configuration Tool - Version 1.20

Open the above Link in a new Tab. Select the Download option in the top right and then select Open With Kwrite or other text editor and then save the bash script text file as ~/bin/sact. It is possible to directly download sact using the following terminal command (You must delete or remove the old version first):

rm ~/bin/sact
wget -nc http://paste.opensuse.org/view/download/60035 -O ~/bin/sact

This script must be marked executable to be used. Please run the following Terminal command:

chmod +x ~/bin/sact

It is even possible to string all three of these commands together as one which is Highly Recommended for you to use! Copy the following command, open up a terminal session, paste it in and press enter:

rm ~/bin/sact ; wget -nc http://paste.opensuse.org/view/download/60035 -O ~/bin/sact ; chmod +x ~/bin/sact

To use sact, open up a terminal session and type in the command:

sact

When S.A.C.T. is first run, it creates both a Desktop and Program icon for you, used to run S.A.C.T.


**
SMB and NMB Services:**

The smbd (Server Message Block) daemon provides file sharing and printing services to Windows & Samba clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the SMB protocol. The default ports on which the server listens for SMB traffic are TCP ports 139 and 445. If smb is not working, you will be unable to find any PC’s, including your own PC, sharing resources on your local network.

The smbd daemon is controlled by the smb service.

The nmbd (NetBIOS Message Block) daemon understands and replies to NetBIOS name service requests such as those produced by SMB/CIFS in Windows-based systems. These systems include Windows 95/98/ME/7/8, Windows NT, Windows 2000, Windows XP, LanManager and Samba clients. It also participates in the browsing protocols that make up the Windows Network Neighborhood view. The default port that the server listens to for NMB traffic is UDP port 137. If nmb is not working and smb is working, you can find other PC’s on the network, but no one can find your PC on the network. If smb and nmb are working, you should be able to find what your PC is sharing. Use the S.A.C.T. main menu option six to create a /home sharing icon for your PC on the same PC to see if it is sharing /home properly.

The nmbd daemon is controlled by the nmb and smb services.

HOSTNAME:

[size=2]To locate your PC on your network, you look for the hostname you have provided. For Samba, you can have a [size=2]separate name, set in your /etc/samba/smb.conf file or, remark out that line there and use the original hostname as setup in your openSUSE installation, which is recommenced. To see what your actual Computer Name will be, as set by openSUSE during the installation, open up a terminal session and type in the command:

hostname

To Actually Change the PC name (For this Session Only), open up a terminal session and type the command:

sudo hostname new_name

Where you substitute the actual PC name you want to use in place of the name new_name. To make a permanent change to your hostname, that is persistent after you reboot, you can do this. Open up a terminal session and enter the following commands:

su -

echo "new_hostname" > /etc/HOSTNAME

hostname -F /etc/HOSTNAME

Your PC will now have a new hostname that will persist even after a restart of your PC. It is not recommended (or needed) that you set a hostname in your /etc/samba/smb.conf and use the same name in your openSUSE network configuration. You can use a different hostname for Samba and openSUSE, but I am not sure why you would want to do that. You can change the hostname in YaST as well:

Go to YaST[/size] (enter root password) /** Network Devices** / Network Settings / Hostname/DNS Tab / and enter Hostname, press OK when complete.**

What Can You Find Using Samba?**[/size]

The Samba Setup option then creates a SMB browser icon for you as well:

And When Selected, it will open up a File Browser showing the hostnames of your Samba Compatible Shares:

Samba Configuration:

When you elect to setup Samba for the first time, S.A.C.T. creates a default Samba configuration file called smb.conf and located in the folder named /etc/samba as follows:

# smb.conf is the main Samba configuration file. 
# You find a full commented version at 
# /usr/share/doc/packages/samba/examples/smb.conf.SUSE 
# if the samba-doc package is installed.
# Samba config file created using SWAT 
# from $netbios_name (127.0.0.1)
# Date: $(date)

[global]
  workgroup = $Workgroup
#  netbios name = $netbios_name
  passdb backend = tdbsam
  name resolve order = bcast host lmhosts wins
  server string = ""
  printing = cups
  printcap name = cups
  printcap cache time = 750
  cups options = raw
  use client driver = yes
  map to guest = Bad User
  local master = yes
  os level = 33
  usershare allow guests = Yes
  usershare max shares = 100
  usershare owner only = False

[homes]
  comment = Home Directories
  valid users = %S, %D%w%S
  browseable = No
  read only = No
  inherit acls = Yes

[printers]
  comment = All Printers
  path = /var/tmp
  printable = Yes
  create mask = 0700
  browseable = No
  guest OK = Yes

[print$]
  comment = Printer Drivers
  path = /var/lib/samba/drivers
  write list = @ntadmin root
  force group = ntadmin
  create mask = 0664
  directory mask = 0775

Folder Sharing Other than /home:

Your /home folder can not be browsed by default in a file manager. For two or more PC setups using S.A.C.T., see the S.A.C.T. main menu option two to create a /home browse icon you must enter a password to use. To Allow the sharing of a common folder(s) for all users, not requiring a password (from openSUSE as Windows will normally ask for a password), you might make the following addition at the end of your /etc/samba/smb.conf file as follows:

[Windows]
    path = /windows/C
    read only = No
    acl check permissions = No
    inherit acls = Yes
    guest ok = Yes
    profile acls = Yes
    use sendfile = Yes

Make sure to use your actual folder name to share in place of my example folder named /windows/C. I might use the following chmod terminal command on the Windows folder shown here to allow full user access:

sudo chmod 777 /windows/C

Consider that the /etc/fstab file entry will allso effect the ability of any user to read and write to this folder. Have a look at the suggested mount options for a NTFS folder in my fstab file:

/dev/disk/by-id/ata-Hitachi_HDS5C3020ALA632_ML0220F30MGP7D-part2        /windows/C             ntfs-3g    **defaults,noatime **                     0 0

Your partition or device name name will likely not be the same as mine, but note the mount options of **defaults,noatime **that I have used to allow all users to use this partition. When you modify the /etc/samba/smb.conf configuration file with the edit option from the main menu, make sure to restart the smb/nmb services for the changes to take effect. In general do not modify the fstab entry for anything mounted inside your /home partition. For fstab changes to take effect, you can restart openSUSE or open up terminal and run this command:

sudo mount --all

[size=2][size=4]ADDED SECURITY:[/size][/size]

For added security in using Samba on your home or small network, a couple of added parameters can help insure no communications from outside your local network subnet will be allowed. These next values shown will be added under the Global section (the first group at the top of your /etc/samba/smb.conf file) as:

hosts deny = ALL
hosts allow = 192.168.0.0/255.255.255.0, 127.0.0.1

In this example, the local subnet is 192.168.0 as determined by the 255.255.255.0 plus we are allowing the localhost by adding in 127.0.01 and the first statement of hosts deny = ALL, means if you are not in the host allow list, you are being denied, by default.

hosts deny (S)

The opposite of hosts allow - hosts listed here are NOT permitted access to services unless the specific services have their own lists to override this one. Where the lists conflict, the allow list takes precedence.

In the event that it is necessary to deny all by default, use the keyword ALL (or the netmask 0.0.0.0/0) and then explicitly specify to the hosts allow = hosts allow parameter those hosts that should be permitted access.

Default: hosts deny = # none (i.e., no hosts specifically excluded)
Example: hosts deny = 150.203.4. badhost.mynet.edu.au 

hosts allow (S)

A synonym for this parameter is allow hosts.

This parameter is a comma, space, or tab delimited set of hosts which are permitted to access a service.

If specified in the [global] section then it will apply to all services, regardless of whether the individual service has a different setting.

You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like allow hosts = 150.203.5… The full syntax of the list is described in the man page hosts_access(5). Note that this man page may not be present on your system, so a brief description will be given here also.

Note that the localhost address 127.0.0.1 will always be allowed access unless specifically denied by a hosts deny option.

You can also specify hosts by network/netmask pairs and by netgroup names if your system supports netgroups. The EXCEPT keyword can also be used to limit a wildcard list. The following examples may provide some help:

Example 1: allow all IPs in 150.203.*.*; except one
hosts allow = 150.203. EXCEPT 150.203.6.66
Example 2: allow hosts that match the given network/netmask
hosts allow = 150.203.15.0/255.255.255.0
Example 3: allow a couple of hosts
hosts allow = lapland, arvidsjaur
Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host
hosts allow = @foonet
hosts deny = pirate
Note that access still requires suitable user-level passwords.

See testparm(1) for a way of testing your host access to see if it does what you expect.
Default: hosts allow = # none (i.e., all hosts permitted access)
Example: hosts allow = 150.203.5. myhost.mynet.edu.au 

INCREASED SPEED:

If you are using Linux kernel version 3.7 or newer, the Samba protocol SMB2 has been added to the kernel. You can take advantage of this fact by adding in the next value. This next setting shown will be added under the Global section (the first group at the top of your /etc/samba/smb.conf file) as:

max protocol = SMB2

Possible values are :

**CORE**: Earliest version. No concept of user names.

**COREPLUS**: Slight improvements on CORE for efficiency.

**LANMAN1**: First modern version of the protocol. Long filename support.

**LANMAN2**: Updates to Lanman1 protocol.

**NT1**: Current up to date version of the protocol. Used by Windows NT. Known as CIFS.

**SMB2**: Re-implementation of the SMB protocol. Used  by Windows Vista and newer. The Samba implementation of SMB2 is  currently marked experimental!
Default: **max protocol* = NT1 *

**
NMB Failing to Start on Reboot:**

If, after you restart openSUSE, you notice that no one can find your PC on the network through your Samba share, it may be due to the fact that nmb is not starting. Its possible this is due to a failing of timing by systemd on bootup of your PC. One way to handle that issue to to allow it more time to find your network interfaces.

This is a YaST / System / /etc/sysconfig Editor Setting at:

/ etc / sysconfig / Network / General /** WAIT_FOR_INTERFACES** Default is 30, but I suggest you select 60 seconds instead and press OK and allow this change to be saved. It will be used then on your next openSUSE PC restart.

CIFS Mount from fstab File Problems:

For more information on using the cifs mount command from your /etc/fstab file, have a look at this guide here: Samba: HowTo Mount a CIFS Network Share [AKA Map Network Drive] in openSUSE 11 plus FAQs

While I am not a fan of having a permanent Samba share mount being made from your fstab file, I do see a lot of folks having a problem with it not working properly when used from the fstab file but it does work from the command prompt. If this is happening to you, then the problem may be due to your network not yet being up when the fstab mounts are executed at boot time. You could test this theory by opening up a terminal after an openSUSE restart and where the cifs mounts did not work and try this command:

james@LinuxMaster:~> su -
Password: 
LinuxMaster:~ # mount -a
LinuxMaster:~ # df
Filesystem      1K-blocks      Used  Available Use% Mounted on
devtmpfs          8182504         4    8182500   1% /dev
tmpfs             8209780       168    8209612   1% /dev/shm
tmpfs             8209780      8148    8201632   1% /run
/dev/sdb2       106994728  17296160   84256828  18% /
tmpfs             8209780         0    8209780   0% /sys/fs/cgroup
tmpfs             8209780      8148    8201632   1% /var/lock
tmpfs             8209780      8148    8201632   1% /var/run
/dev/sda2       207846992     60684  206729832   1% /Backup
/dev/sda4       480834248 203225952  253176680  45% /DataSafe
/dev/sda3       264093632  68140372  194879508  26% /home
/dev/sdd2      1953153020  62139568 1891013452   4% /Windows
/dev/sdc1      1465136124 306207028 1158929096  21% /Multimedia
/dev/sde1      1465136124 283431900 1181704224  20% /Software

If all of your cifs mounts work (I don’t use the cifs command myself) then you should look at if your network card is being turned on at boot time or if it is set to start On cable connection. To check this setting in YaST lets go to YaST / Network Settings / Network Devices

In order to make a change, we need to being using Traditional Method with ifup. You can switch back to **User Controlled by NetworkManager **after this change is made:

Next, lets go to the Overview Tab, select your network card and pick the Edit Button at the bottom:

On the** General** tab make sure the Device Activation is set to:** At Boot Time**

Once done, select Next and then Done. If you normally use the Network Manager, before you select Done, Go Back and Select the Global Options Tab and select** User Controlled with NetworkManager** and then press the Done Button.

Additional Resources:

To edit your /etc/fstab file or any system file, have a look at the following blog post.

SYSEdit - System File Editor - Version 1.50: https://forums.opensuse.org/blogs/jdmcdaniel3/sysedit-system-file-editor-version-1-00-60/

Additional Online Resources can be found here:

  1. Index of /samba/docs/man
  2. openSUSE SuSE Linux HOWTOs and Tutorials by Swerdna
  3. Samba - opening windows to a wider world

As always, if you have any comments, issues or requests, please let me know what they are.

Thank You,

Very nice tool. Thank you!

You are welcome tweakhound and thanks for the very kind words.

Thank You,

Is there an option to run a testparm from this tool?, if not this would be nice to have it added

thanks

Consider it done. I added the testparm command in tonight and here is the output format I am considering:

testparm — check your smb.conf configuration file for internal correctness

Terminal Command: testparm -s > /dev/null

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[Software]"
Processing section "[Windows]"
Processing section "[DataSafe]"
Processing section "[Multimedia]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press Enter to Continue ...

You will select it from the main menu. I need to do more testing this weekend, but expect the new feature to show up no later than by this Sunday and thanks for your suggestions.

Thank You,

I found the following error message …

rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)

Can be eliminated by editing the system file /etc/security/limits.conf as root and adding the following line at the end:

*                -       nofile         16384

Save the file and restart openSUSE and the error will be gone when you run testparm. I read that this error does not really need to be fixed, but just in case you wondered.

Thank You,

Hi, after pressing enter in the output of the testparm option I can not see the rest of the output, where it shows the options used in the smb.conf file, this is useful to see the content of the smb.conf file without having to open it in edit mode.

thanks

Since you can see and edit the file, I sent it to null, you can edit the bash script and remove the “> /dev/null” and get it back. It exists in two places, once for the actual command and for the indication of the command being run from terminal. And I do wish to promote users to modify the bash script to work as they wish. Further, post any comments to the reason you want it to be shown for all to see, just as you have done.

Thank You,

removing the > /dev/null sentence did the trick

thanks for this great tool

You are welcome and keep those suggestions coming.

Thank You,

Thank you so very much for this tool & tutorial. It really has pulled me out of an abyss of pain this week.

I updated our file server OS from OpenSUSE 11.4 to OpenSUSE 13.1, and I was trying YAST so start up the SAMBA server and getting nowhere fast, then I discovered your contribution and all is well.

Thanks again.
Michael

I will try the tool later but I have a weird problem with SUSE 13.1. I can access my Linux shares ok from my Windows PC’s but, although smbtree shows my Workgroup PC’s, I get the error: “Could not connect to host for smb://workgroup/” when I try to access them using Dolphin. It looks like an smbclient problem but I can not see it. Usually the seerver set-up is the PITA.

The only other clue I can offer is this machine was upgraded from 12.2 to 13.1. I have SUSE 13.1 PC’s that were created as 13.1 (ie not upgraded) and they work perfectly as client and server. So it must be a configuration problem somewhere…

David

Thank you so very much for this tool & tutorial. It really has pulled me out of an abyss of pain this week.I will try the tool for my site gsa search engine ranker discount and also for the best spinner discount coupon .Its really useful.

Thanks again.