Samba in the Home and Office

by Peter Kelly

Linux users consistently experiment, finding uses for Linux far beyond what was even thought of five years ago, when Linux itself was an experiment. For many users, Linux has been far more than just another Unix clone; people want something extra. The fact that Linux comes with networking built in, including all the tools needed for connecting to the Internet, makes it easy to pick Linux. The decision is not based on the pure cost of Linux (negligible), the decision is based on the vast amount Linux enables you to do with your PC.

With a small investment (or perhaps just rearranging hardware), you can have a complete home network with two computers, even if only one of the computers runs Linux. Linux is also a good network server for an office, and setting up a home network can give you the experience you want to set up an office network.

I didn't know Samba even existed until a friend showed me his Linux drives on his WFWG 3.11 file manager. He showed me that he could copy files back and forth just as if the Linux drives were local. What he built was a small home LAN that consists of 2 computers. He wanted Samba installed on his main Linux server so that his kids could run large programs on the server, without having to take up limited hard drive space on their machine.

Home Networks

The home LAN installation was easy. The sources compiled “out of the box,” and the default settings for the installation were used:

/usr/local/samba/bin for binaries /usr/local/samba/lib for configuration files /usr/local/samba/locks for samba locks /usr/local/samba/man for samba manpages /usr/local/samba/var for samba logs

Some Linux distributions come with Samba included, in which case /usr/bin/, /var/samba/, and /usr/man are more likely places for files, and the configuration file is usually kept in /etc/smb.conf.

A basic configuration file (which defaults to /usr/local/samba/lib/smb.conf) would consist of some basic entries like [global], [printers], and [homes]. These specify global configuration details that describe the environment, printers that are available to clients, and user-specific home directories. You also create your own sections for other directories which you wish to export to other machines; see the [dos] entry.

The general structure of a configuration file is like that of a Windows .INI file, with sections of statements, and comments on lines of their own that start with ; characters.

;----------------------------------------------
; Service(s): [globals] [homes] [printers]
;----------------------------------------------
[globals]
    status=yes
    printing = bsd
    guest account = dos
    browseable = yes
    lock directory = /usr/local/samba/locks
    domain master = yes
    os level=33
[homes]
    comment = Home Directories
    guest ok = no
    read only = no
    browseable = yes
[printers]
    comment = All Printers
    path = /usr/spool/public
    printcap name = /etc/printcap
    printable = yes
    public = yes
    writable = no
    create mode = 0700
    browseable = yes
    load printers = yes
[dos]
    comment = Dos public directory
    path = /g/dos
    public = yes
    writable = yes
    printable = no
    guest ok = yes

This configuration file allows Samba to serve a printer, a shared directory, and home directories to network clients. There must be a user named “dos” in the /etc/passwd file with no password or a known password (and preferably /bin/false for a shell, at least if there is no password) in order to have a “world shared” directory, as shown in the [dos] section. Make sure the directory (in this case, /g/dos/) is owned by this user “dos”.

If you want more explanation of this file, use man smb.conf.

At boot time, /usr/local/samba/lib/rc.samba starts the smbd and nmbd daemons and has them wait for client connections. I run them as daemons because I want some extra speed when I issue a request from Samba.

A normal /usr/local/samba/lib/rc.samba file looks like this:

#!/bin/sh
PATH=/usr/local/samba/bin:$PATH
smbd -D -d1
nmbd -D -d1 -G MY_WORKGROUP \
 -n THIS_MACHINE_NAME

For both smbd (the file and printer server daemon) and nmbd (the nameserver daemon), the -D option says to act as a daemon, working in the background. The -d1 says to be a little more verbose than usual with debugging messages; you will probably want to remove that once your network is stable. The -G option specifies the netbios group (or lanmanager domain) that the computer should be part of, and the -n option can be used to specify the name of the server on the network; if it is ommitted, the server's normal hostname is used instead.

Some people disagree with running the Samba daemons as daemons that are always running in the background, and prefer to run them from inetd. This gives slower network response, but if demand is light it reduces load on the server. The basic entry in the /etc/inetd.conf file that comes with most distributions is:

netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
netbios-ns  dgram  udp wait   root /usr/sbin/nmbd nmbd

You obviously have to provide the correct path to the binaries to have them called via inetd.

On the client end, whether it is running WFWG 3.11 or Win95, TCP/IP should be the default protocol. Each machine that has services should show up in browse list. To connect to the dos shared service on the Samba server, you could just use the basic net command.

c:\> net use d: \\MACHINE_NAME\dos
password : XXXXXX

This would be sufficient for a small LAN that needs to share a couple of home dir's and a printer. Make sure there is a valid /etc/printcap file with proper entries for your printer; setting up standard Linux printing is beyond the scope of this article. You can do man printcap for additional information on the syntax this file requires, or read the Linux Printing HOWTO which provides much more detailed information on printing setup.

Office Networks

What I have done with Samba at my office with about 20 computers on the LAN is more complex, but was not difficult to set up and is very stable. If you are only going to set up a home network, you can probably skip to the end of this article. If you already administer a Windows 95 network, the Windows-specific information presented here probably isn't new to you.

The Samba server is running Linux 1.2.13 (elf) with samba-1.9.15p8 running on a 100MHZ Pentium with 16M ram, 4G SCSI disk, and a 4G DAT.

The Samba clients are running WFWG 3.11 and Win95 on various i486's with 8-16M of ram.

Win95 Features

1. Policies via the new Win95 Registry: The registry is a new format that stores all settings for users and system specific settings. There is a Registry Editor that is needed to modify settings held within the registry.

Policies are what a user can and can't do on the system and what they can and can't do on the network. There is also a Policy Editor to edit user and computer policies from.

2. Remote logon authentication: where all Win95 client machines have all logins to the network and client machine be authenticated via Linux accounts.

This is where you would set up Samba to be the Domain Controller.

1. Log in to the Win95 workstation with domain password if in the smb.conf file you have user = security and you set up the Win95 registry to “require domain authentication before access to windows”.

2. Samba has a function to read the /etc/passwd, look up the uid and verify the password the user entered is correct.

3. If the password is correct, a result code is sent to the Win95 machine for “access granted”.

4. If there is a [netlogon] entry in the smb.conf file, this directory is checked for a config.pol file that the Win95 machine wants to read for the policies for the machine and user. This must be set up in the Win95 setup in the registry with “remote update” and “automatic path” in the Network settings of the registry.

5. If you have logon script = %U.bat in the smb.conf file, the specified batch file will be executed on the client for each user. (%U is replaced by the user name, so %U.bat becomes username.bat—you can have a separate batch file for each user). Make sure the logon scripts (which will be kept in the directory specified in the [netlogon] section) use DOS-style line endings; a good way to ensure that is to use a DOS editor on a DOS system to create the files.

The logon scripts are good if you use them. Only simple DOS commands are required:

net time /set /yes

would match up the time on the server to the workstation. It is nice to have to maintain time on only one system. Having policies stored on the server is another good idea. You can update the policy file from another workstation and the next time a user logs in, the policy file is read and the client registry is updated—automatically!

All the necessary information about these Win95 specifics is found in the Windows 95 Resource Kit. Other discussions of these topics can be found at:

  • comp.os.ms-windows.networking.tcp-ip for Windows and TCP/IP networking.

  • comp.os.ms-windows.setup.win95 for setup, hardware, and driver issues in Win95.

  • comp.os.ms-windows.networking.win95 for Win95 to Novell, TCP/IP, other nets.

For the larger LAN, the smb.conf file looks like this:

; ---------------------------------------------
; Service(s): [globals] [homes] [printers]
; ---------------------------------------------
;
[globals]
    status = yes
;    This enables or disables logging of
;    connections to a status file that
;    smbstatus can read. Yes by default.
    printing = bsd
;    See manpage for your system.  This
;    one is Linux and requires BSD
;    printing entries.
    guest account = dos
;    for printing to work
    invalid users = root, @wheel
;    don't let super-users access from
;    the network
    browseable = yes
;    By default, everything is browsable
;    unless specified elsewhere in
;    services sections
    hosts allow = 10.10.1.
;    you can specify who is allowed in
;    10.10.1. is a class C network that
;    never sees the internet
    lock directory = /var/lock/samba/locks
;    Locks for sessions
    log file = /var/log/samba/log.%m
;    Individual logfile for each client
;    machine
    syslog = 2
;    Anything level 2 and below will also
;    be sent to syslogd
    message command = /bin/mail -s  \
        'message from %f on %m' \
         pkelly < %s; rm %s
;    If someone sends a "win-popup"
;    message - mail it to sys admin
    socket options = TCP_NODELAY
    dead time = 30
;    Close any unused sessions after
;    30 minutes - good for big network.
    read prediction = yes
;    Speeds up reads from disk
    share modes = yes
;    For a 'dos share' type of use
    max xmit = 8192
;    This  option controls the maximum
;    packet size that will be negotiated
;    by Samba.
    os level = 33
;    This integer value controls what level
;    Samba advertises itself as for  browse
;    elections. See BROWSING.txt for details.
    security = user
;    For /etc/passwd to be used
;    for Domain Logons to work
    domain master = yes
;    Master browser
    domain logons = yes
;    For network authentication
    logon script = scripts/login.bat
;    Single batch file to be executed
;    when users logon to the network
;    These are simple dos Batch files
;    logon script = scripts/%U.bat
;    individual batch files - where %U
;    is the person's logon name
[netlogon]
    comment = Network Logon Services
    path = /u/netlogon
;    This is the default setting for
;    the Win95 machines to look for
;    the config.pol file and and .bat
;    scripts to run for the client.
    writable = yes
;    I make this writable so I can add
;    or delete items in the config.pol
;    file and update the .bat scripts
    guest ok = no
;    guests not allowed on our network
[homes]
    comment = Secure Home Directory for : %u
    path = /u/users/%u
;    This will match up the user's name
;    to their home directory.
    guest ok = no
;    guests not allowed on our network
    read only = no
;    Let people write to their own
;    home directory.
    create mode = 640
;    This is handy!  I can set this for
;    each service differently.  So users
;    can create files people can't
;    delete in their home dir.
    writable = yes
;    The above "read only = no" does
;    this, but I like to be safe :)
    browseable = no
;    Don't let people know who's home
;    directories are there.
[printers]
    comment = HP4L in BSC Office
    path = /usr/spool/public
    printcap name = /etc/printcap
;    "man printcap" for details on the
;    syntax for your printer.
    printable = yes
    public = yes
;    Everyone connected can print!
    writable = no
;    Default
    create mode = 0700
;    Default
    browseable = no
;    Default
    load printers = yes
;-------------------------------------------
; fcp Services
;-------------------------------------------
[programs]
    comment = Shared Programs
    path = /u/programs
;    This is where I store the shared programs
;    and have only read access for people.
    public = yes
;    Public - but not writable for all.
    writable = yes
;    Writable for the sys admin to install
;    new programs.
    create mode = 644
;    What the ownerships are to be
[data]
    comment =  Data Directories
    path = /u/data
    public = no
;    You have to be a member of this group
;    who owns these files to be able to
;    work on the files
    create mode = 770
;    This is for all the database files that
;    need to be shared and group writable.
;    The 770 is needed because dir-'s are
;    sometimes created and need to be
;    executable in order to work right.
    writeable = yes
;    Allow people to write and delete files
    volume = "Data on Fileserver"

I totally replaced a LANtastic network with Win95 and Windows for Workgroups as the clients and Linux Samba servers for the servers with that configuration. TCP/IP is the only protocol used, and the peer-to-peer networking people were used to with LANtastic is still available with the client network software.

I have totally eliminated all network-related errors I was getting from a multi-user C-Tree database written by Angus Systems Group Ltd. All disk accesses from the Samba server have dropped to about half the time they used to take, and the system as a whole performs much better than on the previous MS-DOS fileserver. The MS-DOS .EXE's load three times faster over the network.

Peter Kelly (pkelly@ets.net) is a Network Administrator for JDP Computer Systems and Systems Software. He also does database and network functions for O & Y Properties Inc.'s 1 First Canadian Place. Sometimes he does leave his Linux X-Workstation to go outside to eat or to attend part-time classes at the University of Toronto's Computer Science Facilty.

Load Disqus comments

Firstwave Cloud