SAMBA: Integrating UNIX and Windows
Author: John D. Blair
Publisher: Specialized Systems Consultants, Inc.
Price: $29.95 US
Reviewer: Dan Wilder
Samba, a subject of previous articles in LJ, is a software package that lets a UNIX or Linux system provide file and print services for Windows clients, including Windows for WorkGroups, Windows 95, Windows NT, and OS-2 and, for that matter, UNIX using smbclient or Linux using that or the Linux SMB file system. It earns lots of interoperability points for Linux, allowing a Linux system to earn its keep as a file server in a Windows shop, instead of the more costly, and perhaps less robust, Windows NT server.
For some years I have administered such a Samba installation. From that experience, I can say with great enthusiasm that Samba is a fine package—proof that free software can achieve commercial-or-better quality. Once installed, it is simple and easy to use; so much so, I've even seen Samba used to share user home directories between Linux hosts. Unfortunately, the ones who witness my enthusiasm for this software too often say, “Yes, it sounds great, if only I could manage to configure it.”
Samba configuration, especially the initial configuration, is not always a breeze. While sample configuration files, offering good starting points, are provided in the source tree, there remain many parameters to set or tune. These parameters reflect in part the significant complexity underlying Microsoft networking, and in part the difficulties of mapping the Microsoft file system and security model to the UNIX models, with their corresponding wealth of alternate solutions that offer various tradeoffs.
There is a lot of information in Samba's man pages and source tree /docs directory. However, this information isn't highly integrated, notwithstanding some nice HTML pages, and it is by no means complete.
When I first installed Samba, there was less information than now but it was still substantial. It took me a week of browsing through it, off and on, before I was ready to attempt my first Samba configuration. I remember thinking several times as I struggled to master this information and the gaps in it, “I wish there was a good book on Samba.” Now there is.
Written by John D. Blair, who has been made a member of the Samba team, all the snippets of information in the Samba source tree are combined in a single volume. (The Samba Team helped out by providing last minute information and editing.) More, lots of information that never found its way to the source tree is collected here. For example, Chapter 2 gives an introduction to SMB (service message block networking protocol), including some discussion of protocol details. This chapter contributes much toward understanding the context in which Samba operates.
Well-organized and well-indexed, this book guides the reader through a UNIX-eye tour of Windows networking concepts, terms and history, past the unpacking and building of the package, and into the complexities of configuring, testing and troubleshooting an installation. The Table of Contents, nine pages long, contains enough detail to avoid many trips to the extensive index.
You will find discussions of network service browsing, name resolution, performance, authentication and access control, name mangling, multiple subnets, a very thorough chapter on problem diagnosis, and a whole chapter at the end devoted to the SMB file system.
Chapters 5 and 6 talk about the configuration parameters found in the main Samba configuration file, /etc/smb.conf. Perhaps the most important chapters for the working system administrator, each begins with an outline and its own index. This is a nice touch and potentially saves a lot of flipping back and forth to the main index or the Table of Contents. Options are grouped in these chapters by goal, rather than alphabetically as in the man pages, helping the reader draw connections between related options. Much of my week of browsing, when I first installed this software, was devoted to drawing connections between options.
The book comes complete with a CD-ROM containing Samba-1.9.18. This may be helpful for evaluating Samba; however, if you find this software useful, you should check the web site. At the time of writing this review (March), Samba-1.9.18p3 was current. No doubt a few more patches will be released between now and the time you read it.
Mr. Blair apparently felt obligated to include information on using both 1.9.17, which required the U.S. export-controlled DES library, libdes, and 1.9.18, which includes exportable limited-DES hashing code. You may already be familiar with the peculiar U.S. laws regarding export of encryption software. Even encryption software featuring the venerable and well-known DES algorithms, software written outside the US and freely available around the globe, is affected by these laws.
The Samba team has found a solution that may avoid the issue. Samba now includes the DES algorithm, in the form of a dedicated implementation used only to calculate a hash value as its output—this value cannot easily be deciphered to provide the original input. This method is apparently exempt from classification as encryption software. In any case, there are no obvious export restrictions on the present version, and the necessity of obtaining a DES library to link Samba against is avoided.
Having encryption support is nice, as it avoids multiple re-entry of passwords when signing onto NT. Without it, Samba shares that are marked for automatic network mount on NT login will result in your being asked to enter your password repeatedly, a situation that becomes quite frustrating. With encrypted password support, if you use the same Samba password on the server and locally on your NT system, you'll be prompted for your password only once when you sign on to NT.
The book covers the use of libdes with Samba-1.9.17, at some length, in several places. In each, there are words which sound like afterthoughts, to the effect that none of this is necessary with 1.9.18. I'd rather have seen this 1.9.17 information moved out of the way to an Appendix.
This is a minor blemish, however. I have enjoyed reading this book in its galley proofs, and it has helped me in a recent upgrade of several Linux systems from Samba-1.9.16 to the current version. I look forward to obtaining this book in its final printed form.
I believe SAMBA: Integrating UNIX and Windows will be of great assistance to those who like to get started with a good book. Use of the Samba software, combined with the information contained in this book, will enable Linux to continue to establish a foothold in mostly-Windows shops for use as a file server.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- Open-Source Project Secretly Funded by CIA
- The Death of RoboVM
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide