Samba in the Home and Office
What I have done with Samba at my office with about 20 computers on the LAN is more complex, but was not difficult to set up and is very stable. If you are only going to set up a home network, you can probably skip to the end of this article. If you already administer a Windows 95 network, the Windows-specific information presented here probably isn't new to you.
The Samba server is running Linux 1.2.13 (elf) with samba-1.9.15p8 running on a 100MHZ Pentium with 16M ram, 4G SCSI disk, and a 4G DAT.
The Samba clients are running WFWG 3.11 and Win95 on various i486's with 8-16M of ram.
1. Policies via the new Win95 Registry: The registry is a new format that stores all settings for users and system specific settings. There is a Registry Editor that is needed to modify settings held within the registry.
Policies are what a user can and can't do on the system and what they can and can't do on the network. There is also a Policy Editor to edit user and computer policies from.
2. Remote logon authentication: where all Win95 client machines have all logins to the network and client machine be authenticated via Linux accounts.
This is where you would set up Samba to be the Domain Controller.
1. Log in to the Win95 workstation with domain password if in the smb.conf file you have user = security and you set up the Win95 registry to “require domain authentication before access to windows”.
2. Samba has a function to read the /etc/passwd, look up the uid and verify the password the user entered is correct.
3. If the password is correct, a result code is sent to the Win95 machine for “access granted”.
4. If there is a [netlogon] entry in the smb.conf file, this directory is checked for a config.pol file that the Win95 machine wants to read for the policies for the machine and user. This must be set up in the Win95 setup in the registry with “remote update” and “automatic path” in the Network settings of the registry.
5. If you have logon script = %U.bat in the smb.conf file, the specified batch file will be executed on the client for each user. (%U is replaced by the user name, so %U.bat becomes username.bat—you can have a separate batch file for each user). Make sure the logon scripts (which will be kept in the directory specified in the [netlogon] section) use DOS-style line endings; a good way to ensure that is to use a DOS editor on a DOS system to create the files.
The logon scripts are good if you use them. Only simple DOS commands are required:
net time /set /yes
would match up the time on the server to the workstation. It is nice to have to maintain time on only one system. Having policies stored on the server is another good idea. You can update the policy file from another workstation and the next time a user logs in, the policy file is read and the client registry is updated—automatically!
All the necessary information about these Win95 specifics is found in the Windows 95 Resource Kit. Other discussions of these topics can be found at:
comp.os.ms-windows.networking.tcp-ip for Windows and TCP/IP networking.
comp.os.ms-windows.setup.win95 for setup, hardware, and driver issues in Win95.
comp.os.ms-windows.networking.win95 for Win95 to Novell, TCP/IP, other nets.
For the larger LAN, the smb.conf file looks like this:
; --------------------------------------------- ; Service(s): [globals] [homes] [printers] ; --------------------------------------------- ; [globals] status = yes ; This enables or disables logging of ; connections to a status file that ; smbstatus can read. Yes by default. printing = bsd ; See manpage for your system. This ; one is Linux and requires BSD ; printing entries. guest account = dos ; for printing to work invalid users = root, @wheel ; don't let super-users access from ; the network browseable = yes ; By default, everything is browsable ; unless specified elsewhere in ; services sections hosts allow = 10.10.1. ; you can specify who is allowed in ; 10.10.1. is a class C network that ; never sees the internet lock directory = /var/lock/samba/locks ; Locks for sessions log file = /var/log/samba/log.%m ; Individual logfile for each client ; machine syslog = 2 ; Anything level 2 and below will also ; be sent to syslogd message command = /bin/mail -s \ 'message from %f on %m' \ pkelly < %s; rm %s ; If someone sends a "win-popup" ; message - mail it to sys admin socket options = TCP_NODELAY dead time = 30 ; Close any unused sessions after ; 30 minutes - good for big network. read prediction = yes ; Speeds up reads from disk share modes = yes ; For a 'dos share' type of use max xmit = 8192 ; This option controls the maximum ; packet size that will be negotiated ; by Samba. os level = 33 ; This integer value controls what level ; Samba advertises itself as for browse ; elections. See BROWSING.txt for details. security = user ; For /etc/passwd to be used ; for Domain Logons to work domain master = yes ; Master browser domain logons = yes ; For network authentication logon script = scripts/login.bat ; Single batch file to be executed ; when users logon to the network ; These are simple dos Batch files ; logon script = scripts/%U.bat ; individual batch files - where %U ; is the person's logon name [netlogon] comment = Network Logon Services path = /u/netlogon ; This is the default setting for ; the Win95 machines to look for ; the config.pol file and and .bat ; scripts to run for the client. writable = yes ; I make this writable so I can add ; or delete items in the config.pol ; file and update the .bat scripts guest ok = no ; guests not allowed on our network [homes] comment = Secure Home Directory for : %u path = /u/users/%u ; This will match up the user's name ; to their home directory. guest ok = no ; guests not allowed on our network read only = no ; Let people write to their own ; home directory. create mode = 640 ; This is handy! I can set this for ; each service differently. So users ; can create files people can't ; delete in their home dir. writable = yes ; The above "read only = no" does ; this, but I like to be safe :) browseable = no ; Don't let people know who's home ; directories are there. [printers] comment = HP4L in BSC Office path = /usr/spool/public printcap name = /etc/printcap ; "man printcap" for details on the ; syntax for your printer. printable = yes public = yes ; Everyone connected can print! writable = no ; Default create mode = 0700 ; Default browseable = no ; Default load printers = yes ;------------------------------------------- ; fcp Services ;------------------------------------------- [programs] comment = Shared Programs path = /u/programs ; This is where I store the shared programs ; and have only read access for people. public = yes ; Public - but not writable for all. writable = yes ; Writable for the sys admin to install ; new programs. create mode = 644 ; What the ownerships are to be [data] comment = Data Directories path = /u/data public = no ; You have to be a member of this group ; who owns these files to be able to ; work on the files create mode = 770 ; This is for all the database files that ; need to be shared and group writable. ; The 770 is needed because dir-'s are ; sometimes created and need to be ; executable in order to work right. writeable = yes ; Allow people to write and delete files volume = "Data on Fileserver"
I totally replaced a LANtastic network with Win95 and Windows for Workgroups as the clients and Linux Samba servers for the servers with that configuration. TCP/IP is the only protocol used, and the peer-to-peer networking people were used to with LANtastic is still available with the client network software.
I have totally eliminated all network-related errors I was getting from a multi-user C-Tree database written by Angus Systems Group Ltd. All disk accesses from the Samba server have dropped to about half the time they used to take, and the system as a whole performs much better than on the previous MS-DOS fileserver. The MS-DOS .EXE's load three times faster over the network.
Peter Kelly (email@example.com) is a Network Administrator for JDP Computer Systems and Systems Software. He also does database and network functions for O & Y Properties Inc.'s 1 First Canadian Place. Sometimes he does leave his Linux X-Workstation to go outside to eat or to attend part-time classes at the University of Toronto's Computer Science Facilty.
|Designing Electronics with Linux||May 22, 2013|
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
- RSS Feeds
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Designing Electronics with Linux
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Validate an E-Mail Address with PHP, the Right Way
- What's the tweeting protocol?
- Kernel Problem
4 hours 51 sec ago
- BASH script to log IPs on public web server
8 hours 27 min ago
12 hours 3 min ago
- Reply to comment | Linux Journal
12 hours 36 min ago
- All the articles you talked
14 hours 59 min ago
- All the articles you talked
15 hours 2 min ago
- All the articles you talked
15 hours 4 min ago
19 hours 28 min ago
- Keeping track of IP address
21 hours 19 min ago
- Roll your own dynamic dns
1 day 2 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?