Samba in the Home and Office
What I have done with Samba at my office with about 20 computers on the LAN is more complex, but was not difficult to set up and is very stable. If you are only going to set up a home network, you can probably skip to the end of this article. If you already administer a Windows 95 network, the Windows-specific information presented here probably isn't new to you.
The Samba server is running Linux 1.2.13 (elf) with samba-1.9.15p8 running on a 100MHZ Pentium with 16M ram, 4G SCSI disk, and a 4G DAT.
The Samba clients are running WFWG 3.11 and Win95 on various i486's with 8-16M of ram.
1. Policies via the new Win95 Registry: The registry is a new format that stores all settings for users and system specific settings. There is a Registry Editor that is needed to modify settings held within the registry.
Policies are what a user can and can't do on the system and what they can and can't do on the network. There is also a Policy Editor to edit user and computer policies from.
2. Remote logon authentication: where all Win95 client machines have all logins to the network and client machine be authenticated via Linux accounts.
This is where you would set up Samba to be the Domain Controller.
1. Log in to the Win95 workstation with domain password if in the smb.conf file you have user = security and you set up the Win95 registry to “require domain authentication before access to windows”.
2. Samba has a function to read the /etc/passwd, look up the uid and verify the password the user entered is correct.
3. If the password is correct, a result code is sent to the Win95 machine for “access granted”.
4. If there is a [netlogon] entry in the smb.conf file, this directory is checked for a config.pol file that the Win95 machine wants to read for the policies for the machine and user. This must be set up in the Win95 setup in the registry with “remote update” and “automatic path” in the Network settings of the registry.
5. If you have logon script = %U.bat in the smb.conf file, the specified batch file will be executed on the client for each user. (%U is replaced by the user name, so %U.bat becomes username.bat—you can have a separate batch file for each user). Make sure the logon scripts (which will be kept in the directory specified in the [netlogon] section) use DOS-style line endings; a good way to ensure that is to use a DOS editor on a DOS system to create the files.
The logon scripts are good if you use them. Only simple DOS commands are required:
net time /set /yes
would match up the time on the server to the workstation. It is nice to have to maintain time on only one system. Having policies stored on the server is another good idea. You can update the policy file from another workstation and the next time a user logs in, the policy file is read and the client registry is updated—automatically!
All the necessary information about these Win95 specifics is found in the Windows 95 Resource Kit. Other discussions of these topics can be found at:
comp.os.ms-windows.networking.tcp-ip for Windows and TCP/IP networking.
comp.os.ms-windows.setup.win95 for setup, hardware, and driver issues in Win95.
comp.os.ms-windows.networking.win95 for Win95 to Novell, TCP/IP, other nets.
For the larger LAN, the smb.conf file looks like this:
; --------------------------------------------- ; Service(s): [globals] [homes] [printers] ; --------------------------------------------- ; [globals] status = yes ; This enables or disables logging of ; connections to a status file that ; smbstatus can read. Yes by default. printing = bsd ; See manpage for your system. This ; one is Linux and requires BSD ; printing entries. guest account = dos ; for printing to work invalid users = root, @wheel ; don't let super-users access from ; the network browseable = yes ; By default, everything is browsable ; unless specified elsewhere in ; services sections hosts allow = 10.10.1. ; you can specify who is allowed in ; 10.10.1. is a class C network that ; never sees the internet lock directory = /var/lock/samba/locks ; Locks for sessions log file = /var/log/samba/log.%m ; Individual logfile for each client ; machine syslog = 2 ; Anything level 2 and below will also ; be sent to syslogd message command = /bin/mail -s \ 'message from %f on %m' \ pkelly < %s; rm %s ; If someone sends a "win-popup" ; message - mail it to sys admin socket options = TCP_NODELAY dead time = 30 ; Close any unused sessions after ; 30 minutes - good for big network. read prediction = yes ; Speeds up reads from disk share modes = yes ; For a 'dos share' type of use max xmit = 8192 ; This option controls the maximum ; packet size that will be negotiated ; by Samba. os level = 33 ; This integer value controls what level ; Samba advertises itself as for browse ; elections. See BROWSING.txt for details. security = user ; For /etc/passwd to be used ; for Domain Logons to work domain master = yes ; Master browser domain logons = yes ; For network authentication logon script = scripts/login.bat ; Single batch file to be executed ; when users logon to the network ; These are simple dos Batch files ; logon script = scripts/%U.bat ; individual batch files - where %U ; is the person's logon name [netlogon] comment = Network Logon Services path = /u/netlogon ; This is the default setting for ; the Win95 machines to look for ; the config.pol file and and .bat ; scripts to run for the client. writable = yes ; I make this writable so I can add ; or delete items in the config.pol ; file and update the .bat scripts guest ok = no ; guests not allowed on our network [homes] comment = Secure Home Directory for : %u path = /u/users/%u ; This will match up the user's name ; to their home directory. guest ok = no ; guests not allowed on our network read only = no ; Let people write to their own ; home directory. create mode = 640 ; This is handy! I can set this for ; each service differently. So users ; can create files people can't ; delete in their home dir. writable = yes ; The above "read only = no" does ; this, but I like to be safe :) browseable = no ; Don't let people know who's home ; directories are there. [printers] comment = HP4L in BSC Office path = /usr/spool/public printcap name = /etc/printcap ; "man printcap" for details on the ; syntax for your printer. printable = yes public = yes ; Everyone connected can print! writable = no ; Default create mode = 0700 ; Default browseable = no ; Default load printers = yes ;------------------------------------------- ; fcp Services ;------------------------------------------- [programs] comment = Shared Programs path = /u/programs ; This is where I store the shared programs ; and have only read access for people. public = yes ; Public - but not writable for all. writable = yes ; Writable for the sys admin to install ; new programs. create mode = 644 ; What the ownerships are to be [data] comment = Data Directories path = /u/data public = no ; You have to be a member of this group ; who owns these files to be able to ; work on the files create mode = 770 ; This is for all the database files that ; need to be shared and group writable. ; The 770 is needed because dir-'s are ; sometimes created and need to be ; executable in order to work right. writeable = yes ; Allow people to write and delete files volume = "Data on Fileserver"
I totally replaced a LANtastic network with Win95 and Windows for Workgroups as the clients and Linux Samba servers for the servers with that configuration. TCP/IP is the only protocol used, and the peer-to-peer networking people were used to with LANtastic is still available with the client network software.
I have totally eliminated all network-related errors I was getting from a multi-user C-Tree database written by Angus Systems Group Ltd. All disk accesses from the Samba server have dropped to about half the time they used to take, and the system as a whole performs much better than on the previous MS-DOS fileserver. The MS-DOS .EXE's load three times faster over the network.
Peter Kelly (firstname.lastname@example.org) is a Network Administrator for JDP Computer Systems and Systems Software. He also does database and network functions for O & Y Properties Inc.'s 1 First Canadian Place. Sometimes he does leave his Linux X-Workstation to go outside to eat or to attend part-time classes at the University of Toronto's Computer Science Facilty.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Secure Desktops with Qubes: Introduction
- Fancy Tricks for Changing Numeric Base
- Seeing Red and Getting Sleep
- Working with Command Arguments
- Secure Desktops with Qubes: Installation
- CentOS 6.8 Released
- Linux Mint 18
- The Italian Army Switches to LibreOffice
- Petros Koutoupis' RapidDisk
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide