Samba SMB file sharing in openSUSE 11.2

Samba SMB file sharing in openSUSE 11.2

Program Versions Used in this Example Setup:

OS Version: openSUSE 11.2 64 bit (x86_64)
Kernel Version: Linux x86_64
Samba Version: 3.4.2-
KDE Version: 4.3.5 (KDE 4.3.5) “release 0”

The openSUSE Firewall DISABLED.

In KDE 4.3.5 my “Desktop Settings – Plasma Workspace – Appearance – Desktop Activity: Type” is set for “Folder View”. This does make a difference in creating icons on your desktop as suggested further into this document.

Loading Samba into openSUSE 11.2:**

By default I think you will get most of Samba program files already loaded for you, but we will want to add to the list and verify that you have everything your need to get Samba up and running. Even though I am using 64 bit software, I am still loading the 32 bit versions to ensure all 64 and 32 bit program will work properly with Samba. If you are running 32 bit openSUSE, you just need to leave out the 64 bit version, if they are ever a choice for you. I assume you have the default “Software Repositories” installed for you when openSUSE is installed connected to a network that had access to the INTERNET.

Menu > System > YaST > enter root password to start YaST Control Center

In YaST Select: Software > Software Management

In YaST2, pick the “Search” tab and enter “samba” and press the search button. You want to have installed the following applications so check any programs that are missing to be installed for you:


The samba-doc file is not loaded by default and is imported when we use the SWAT browser configuration program. After making your selections press the “Select” button on the bottom right and allow the missing applications to be loaded into openSUSE for you.

Editing Text Files using Root Permissions:

You will need to manually edit several plain text files to get Samba configured properly and you must do so with root permissions. Now you have a couple of choices to do this. Just login into openSUSE using the root usename and password. Or, you can make the following suggested change to KWrite in your KDE menu system and make the changes as your normal user self.

First, we want to modify your menu entry for KWrite so that you will run the application as root and will be required to enter the root password when you start the editor. Once the root password is entered correctly, you will be able to view and edit any text file on your computer as root.

Right Click your mouse over the Menu Icon on the bottom left of your desktop and Select “Menu Editor”. Navigate on your left of the menu editor to: Utilities > Editor > KWrite. Select the advanced Tab on the right and check “Run as different user”. Next to Username enter “root”. Now press the save button on the top left corner of the menu editor. Your changes have now been made and saved.

To use the KWrite application without any error messages select: Menu > Utilities > Editor > KWrite (Text Editor) and the text editor will ask for your root password (the first time, but not all of the time) then start if the password is correct. Your default save folder will be listed as Root > home > username > Documents. You will need to select the up arrow until you get to the root folders were you will see the etc folder. This is where most of the changes we will be making are located. After each successful text file modification, do a File/Save, File/Close and then a File/Open for the next file until all files have been modified as I suggest.
SWAT, SERVERS and SERVICES file Modifications:**

The following text files located in the folder “/etc/xinetd.d” should already exist. The two lines in each file that you are modifying are shown in bold letters. Basically you are changing “disable=yes” to “disable=no” in each file and you are adding a comment “#” in front of each line “only_from= 127.0.01” which changes this entry to a comment and is thus not used in the setup file.

Three files located in folder “/etc/xinetd.d”

Plane Text Filename: servers

default: off

description: An internal xinetd service, listing active servers.

service servers
port = 9099
socket_type = stream
protocol = tcp
wait = no
** disable = no

only_from =**



Plane Text Filename: services

default: off

description: An internal xinetd service, listing active services.

service services
port = 9098
socket_type = stream
protocol = tcp
wait = no
** disable = no

only_from =**

FLAGS		= IPv6 IPv4


Plane Text Filename: swat

SWAT is the Samba Web Administration Tool.

service swat
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/swat
# only_from =
log_on_failure += USERID
** disable = no**
Samba SMB.CONF file Modifications:**

Next you need to modify the smb.conf file located in the “/etc/samba” folder. Items shown in bold should be changed to match your network setup. Specifically, you need to insert the name of your work group in the line starting with “workgroup=”. Next, you need to insert the name of your computer in the line starting with “netbios name =”. You can optionally make the “server string=” anything you want which shows up like a comment next your nextbios name on Windows computers. You need to modify the “hosts allow=” to the first three IP address numbers you are using for all of your home computers.

The next portion of the Samba configuration file shows the folders your are sharing on your computer. The name shown on brackets such as [Software] will be the share name for the folder or drive you are sharing. The “path = /Software” tells Samba the path in the the Linux folder riser to be shared. In my example I am sharing three folders, all of which are NTFS hard drive partitions mounted per fstab entries into the Linux file system. You will make changes to the example shown below based on your actual drive partition setup you wish to share. You could copy and past the following file and then make the required modifications before you save it.

One file located in folder “/etc/samba”

Plane Text Filename: smb.conf

smb.conf is the main Samba configuration file. You find a full commented

version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the

samba-doc package is installed.

Date: 2010-3-15

workgroup = WINDOWSNT
netbios name = LINUXMASTER
server string = Master of the Universe
security = SHARE
map to guest = Bad Password
printcap name = cups
logon path = \%25L\profiles.msprofile
logon drive = P:
logon home = \%25L%25U.9xprofile
local master = No
domain master = No
ldap ssl = no
usershare allow guests = Yes
usershare max shares = 100
hosts allow =,
hosts deny = ALL
cups options = raw
posix locking = No

path = /Software
read only = No
acl check permissions = No
inherit acls = Yes
guest ok = Yes
profile acls = Yes

path = /Windows/HDC
read only = No
acl check permissions = No
inherit acls = Yes
guest ok = Yes
profile acls = Yes

path = /Windows/HDD
read only = No
acl check permissions = No
inherit acls = Yes
guest ok = Yes
profile acls = Yes

Activation of services required to use Samba:

In order for Samba and Samba SWAT to function, we need to start several run servicesto be loaded each time we start or reboot our openSUSE Linux computer. Once the following steps are performed, you will not need to do this again unless your reload your copy of SuSE.

Menu > System > YaST > enter root password to start YaST Control Center

In Yast Select: System > System Services (Runlevel)

Select the Expert bullet at the top and then scroll to the bottom entries. For each of the following services highlight the service with your mouse, select the Set/Reset button on the bottom right and pick “Enable the service”. Next, select the Start/Stop/Refresh button on the bottom left and pick “Start now”. A windows should pop up for each service indicating success with a result of “0”.

Services to Enable/Start:


Select OK on the bottom right to save your selections. This will start all of the required Samba services for you.

All of the requires services to use Samba should now be running and ready to be used.
Suggested NTFS Partitions settings in fstab:**

If you will be sharing any NTFS partitions using Samba please consider using these suggested settings in fstab for these partitions. If you make any changes to fstab, you must restart your computer for them to take affect. Making these changes shown in bold will allow full read and write control of your shared NTFS partitions through Samba.

One file located in folder “/etc”

Plane Text Filename: fstab

This is only a portion of fstab shown. The rw,defaults provides full read/write ability locally and through Samba file shearing. The folder where the drive is mounted such as “/Software” will be different in your fstab copy as will the disk uid. You are only changing the portion shown in bold for drives already being mounted by fstab when you start up your computer.

/dev/disk/by-id/<disk uid name and partition number> /Software ntfs-3g ** rw,defaults** 0 0
/dev/disk/by-id/<disk uid name and partition number> /Windows/HDC ntfs-3g rw,defaults 0 0
/dev/disk/by-id/<disk uid name and partition number> /Windows/HDD ntfs-3g rw,defaults 0 0

Create SWAT and Network Access Icon on Your Desktop:

If everthing has gone correctly for you, it is now time to see the results of your efforts. While SWAT will allow you to see if Samba is running and to make future modifications to your smb.conf file, all should be working after starting the four required services.

To create a SWAT desktop icon go to your desktop and right click your mouse and pick “Create New” and then “Link to Application”. Select the Application Tab and enter the Name “SWAT”. In the Command line enter “firefox localhost:901” and then select the General Tab. Press the icon button on the top left (which defaults to a page with a question mark). System icons will be selected by default. In the search line type in “samba” and pick the monitor icon with the Windows symbol on the bottom left. You can use any icon you want in the future for the SWAT browser function. Pick OK and then pick OK one more time and your changes will be saved. You should now have a SWAT icon on your desktop. Press the icon and see what happens. Firefox should start and an Authentication Window should appear. Enter “root” for the User Name and the root password for Password. Press the OK button and the main Samba screen should appear. Select the the Status Tab and see if smbd, nmbd and winbindd all show to be running. If so, so far so good.

Now we want to create a network Workgroup access icon on your desktop. On your desktop, right click your mouse and pick “Create New” and then “Link to Location (URL)”. A two line window pops up that says “Plasma Workspace”. On the “File Name:” line type in “SMB” and on the “Enter link location (URL):” enter the name of your Workgroup as “smb://workgroup/” were you substitute the name of your for “workgroup” and you do not enter the quotes. In my case I am entering “smb://windowsnt/” for my home Workgroup name. Press the OK button when done and you should now have an icon that will open up all of the computers on your network that are in your selected Workgroup. I get an Earth like icon with a network connection on the bottom. When I press the icon it starts up Dolphin which says “smb – Dolphin” in the top left hand corner and all of my fellow computers at home show up in the list. You can then select any computer sharing icon to see what you can browse through on that computer.
Windows Computer file Sharing:**

The intent of this document is to not go over how to share files from a Windows computer. In general file sharing in Windows XP just seems to work with Samba, however you may need to check a few things in Windows Vista and in Windows 7. On the Windows Vista or Windows 7 machine go to:

Start > Control Panel > Administrative Tools > Local Security Policy

In the application “Local Security Policy” open up “Local Polices” on the Left Tree options and select “Security Options”. On the right look for the setting called “Network Security: LAN Manager Authentication Level” and double click this setting with your mouse. On the first tab called “Local Security Setting” select the pull down option that says “Send LM and NTLM – use NTLMv2 session security if negotiated”. Hit the Apply button and then the OK button.

On the same “Security Options” page find the options called “Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients” and “Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers. Both should say next to them “No minimum” as its setting. If either security option does not say “No minimum” then double click that option and on the first tab labeled “Local Security Setting” uncheck the options for “Require NTLMv2 session security” and “Require 128-bit encryption” then press Apply and then OK to set the required options

After the above changes I still had an issue with a computer running Windows 7. When I entered my login name and password, it would not be accepted, even though it was correct. After searching the Internet I found the suggestion to uninstall the “Windows Live Sign in Assistant” on the windows 7 system. To do this on the Windows 7 machine select:

Start > Control Panel > Programs and Features

Allow the loaded application Window to populate with all of your applications then find the “Windows Live Sign in Assistant”, highlight it with your mouse and select to “Uninstall” the application. Reboot your computer when done and see if you can not log into your Windows 7 computer.

Thank You,

James D. McDaniel – Austin

Due to space limitations during my first post, I did not have room for a full description of your Firewall setup, so I just said it was disabled. Here is more detail of your openSUSE Firewall setup that should be appended to my first post.

Samba and Your Firewall Settings:

During this example, I am running with the openSUSE Firewall Enabled. You may optionally Disable the Firewall or you can add three External Services to your Firewall so that all of the Samba functions will work properly with the Firewall Enabled. To add these services and start your Firewall, follow this procedure:

Menu > System > YaST > enter root password to start YaST Control Center

In YaST Select: Security and Users > Firewall

If the Firewall is not enabled, then on the “Firewall Configuration: Startup” tab, select the “Enable Firewall Automatic Starting” bullet. Next, press the “Start Firewall Now” button. When/If the Firewall is enabled, proceed to the next step.

On the top Left of the Firewall Configuration select “Allowed Services”. The “Allowed Services for Selected Zone” option should be set to “External Zone”. Under “Service to Allow” pick “Netbios Server” and press the Add button on the right. Next pick “Samba Client” and press the Add button on the right and finally pick “Samba Server” and press the Add button on the right. In the Window for “Allowed Service” you should three items, Netbios Server, Samba Client and Samba Server. If so, then press the Next button and then the Finish button in sequence, both on the bottom right of the screen. Samba should now be able run properly with the Firewall Enabled.

Thank You,

The “logon home” parameter specifies the home directory location when a Win95/98 or NT Workstation logs into a Samba PDC. However you have not configured the machine as a PDC. I’m confused, please clarify.

The “logon path” parameter is only useful if Samba is set up as a domain controller. Am I missing something?

Hello swerdna, it has been a while since I looked back at this post of mine. I am thinking the three parameters…

logon path = \\%25L\profiles\.msprofile
logon drive = P:
logon home = \\%25L\%25U\.9xprofile

All need to be revisited. The bottom line is that I first developed this when I was using version 10 of openSUSE and I indeed had a copy of Windows 98 running. Since these values have not caused a problem, they have not been removed. If there is a good reason to revise the Samba setup for openSUSE 11.3, I could do so. For instance, the need for Windbind is no longer there either and could be removed. When I first made the post, I could not fit the firewall instructions in either, due to space limitation. I could rewrite the whole thing and pass it by you if you would like.

Thank You,

Winbind was my next question. I see no reason for it, just as you mention belatedly. I think you should do away with it.

Also, I have a problem with the “NTLMv2 session security” mods, why do you do that?

In the application “Local Security Policy” open up “Local Polices” on the Left Tree options and select “Security Options”. On the right look for the setting called “Network Security: LAN Manager Authentication Level” and double click this setting with your mouse. On the first tab called “Local Security Setting” select the pull down option that says “Send LM and NTLM – use NTLMv2 session security if negotiated”. Hit the Apply button and then the OK button.
This function was added when Windows Vista came out, to allow it to work with Samba shares. I don’t remember which direction did not work, but I think you could not look at the Windows Vista share from Samba. If you know better, then let us hear about it.

Thank You,

I recall in the early days of vista, maybe in the time of openSUSE 10.2 approx, can’t remember exactly, Samba could not see the vista shares. There was a how to released that advised altering the NTLMv2 Security Policy in vista to enable Linux boxes to see vista shares. That article became a mantra and its vestiges still persist widely on the Internet.

Very quickly the Samba team altered Samba to enable comms with vista shares and the Secpol alteration involving NTLMv2 became unnecessary. You can leave it out completely.

There are permissions issues and special settings in vista and (more importantly) in windows 7 that one needs to set to get easy communications. You have to set the networking permissions properly in vista and win 7 AND you have to make sure the filesystem permissions are set correctly too. I’ve outlined the necessary steps for vista here: Setup Vista to Share Resources on an openSUSE Samba Network. You’ll see there my view of the secpol issue, which is as follows:

Caution: Various Internet HowTo articles advise changing the default Vista and Samba security policies. Those articles are wrong. There is no need to adjust the default settings relating to NTLMv2 in Linux or Vista.

The settings for win 7 are almost the same as in the above article for vista, but if one does not make the adjustments, the Linux boxes can seem to freeze when trying to make contact with win7, so it’s important to make the correct permissions settings, and for completeness the settings are here: Setup Windows 7 to Share Resources on an openSUSE Samba Network

So I think there are a number of issues where you could improve the nice tutorial you’ve placed here. If you’d like to do that, I’d be glad to make constructive comments. Some things to look at are:

  • winbind is not necessary
  • secpol in vista and win7 can be left alone
  • special settings are required in “network and sharing” in windows
  • the filesystem permissions on the windows shared resources require care
  • I’m not sure why you’ve got special mention of socket options, only Debian still uses those, IMO unnecessarily
  • you’ve set for a workgroup, not a domain, so your [global] stanza is off key a bit e.g. the logon stuff
  • (maybe also check the name resolve order which might better be set with priority for broadcasts rather than setting lmhosts as the first priority. see here: About the Name Resolve Order)
  • I think swat has been deprecated, no longer maintained, but not sure about that
  • posix locking should be left out IMO (see “man smb.conf” re posix locking).
  • if ppl blindly apply the hosts allow that you have set there, many, many users will be locked out because that’s not their subnet, so maybe you should explain how to use that parameter

The information you have provided will be great in helping rewrite my Samba article. I normally test any setup using a Windows XP, Vista, Win7 and a couple of openSUSE machines online at the same time. Lately I have noticed that if you have a couple of Win 7 machines, an XP and no Vista, that you must set the openSUSE Samba as the Local Master, as if Windows 7 no longer accepts that role even as it works with a Samba Master. So, anyway I will take on that task.

I must tell you that I will be going back into the hospital within a week for another operation and if it is like last time, it might be month before I get back into the saddle working on my computer. I really appreciate the attention and information provided and I will make use if it, but perhaps a little slowly after a week. Just so you will know why.

Thank You,

Good luck with the Hospital. Take your time with the rewrite.