The following smb.conf file describes a simple and useful Samba configuration that makes every user's home directory on my Linux box available over the network.
[global] netbios name = FRODO workgroup = UAB-TUCC server string = John Blair's Linux Box security = user printing = lprng [homes] comment = Home Directory browseable = no read only = no
The settings in the [global] section set the name of the host, the workgroup of the host and the string that appears next to the host in the browse list. The security parameter tells Samba to use “user level” security. SMB has two modes of security: share, which associates passwords with specific resources, and user, which assigns access rights to specific users. There isn't enough space here to describe the subtleties of the two modes, but in nearly every case you will want to use user-level security.
The printing command describes the local printing system type, which tells Samba exactly how to submit print jobs, display the print queue, delete print jobs and other operations. If your printing system is one that Samba doesn't already know how to use, you can specify the commands to invoke for each print operation.
Since no encryption mode is specified, Samba will default to using plaintext password authentication to verify every connection using the standard UNIX password utilities. Remember, if your Linux distributions uses PAM, the PAM configuration must be modified to allow Samba to authenticate against the password database. The Red Hat package handles this automatically. Obviously, in many situations, using plaintext authentication is foolish. Configuring Samba to support encrypted passwords is outside the scope of this article, but is not difficult. See the file ENCRYPTION.txt in the /docs directory of the Samba distribution for details.
The settings in the [homes] section control the behavior of each user's home directory share. The comment parameter sets the string that appears next to the resource in the browse list. The browseable parameter controls whether or not a service will appear in the browse list. Something non-intuitive about the [homes] section is that setting browseable = no still means that a user's home directory will appear as a directory with its name set to the authenticated user's username. For example, with browseable = no, when I browse this Samba server I will see a share called jdblair. If browseable = yes, both a share called homes and jdblair would appear in the browse list. Setting read only = no means that users should be able to write to their home directory if they are properly authenticated. They would not, however, be able to write to their home directory if the UNIX access rights on their home directory prevented them from doing so. Setting read only = yes would mean that the user would not be able to write to their home directory regardless of the actual UNIX permissions.
The following configuration section would grant access to every printer that appears in the printcap file to any user that can log into the Samba server. Note that the guest ok = yes normally doesn't grant access to every user when the server is using user-level security. Every print service must define printable = yes.
[printers] browseable = no guest ok = yes printable = yes
This last configuration snippet adds a server share called public that grants read-only access to the anonymous ftp directory. You will have to set up the printer driver on the client machine. You can use the printer name and printer driver commands to automate the process of setting up the printer client on Windows 95 and Windows NT clients.
[public] comment = Public FTP Directory path = /home/ftp/pub browseable = yes read only = yes guest ok = yes
Be aware that this description doesn't explain some subtle issues, such as the difference between user and share level security and other authentication issues. It also barely scratches the surface of what Samba can do. On the other hand, it's a good example of how easy it can be to create a simple but working smb.conf file.
Samba is the tool of choice for bridging the gap between UNIX and Windows systems. This article discussed using Samba on Linux in particular, but it is also an excellent tool for providing access to more traditional UNIX systems like Sun and RS/6000 servers. Further, Samba exemplifies the best features of free software, especially when compared to commercial offerings. Samba is powerful, well supported and under continuous active improvement by the Samba Team.
Free DevOps eBooks, Videos, and more!
Regardless of where you are in your DevOps process, Linux Journal can help!
We offer here the DEFINITIVE DevOps for Dummies, a mobile Application Development Primer, and advice & help from the expert sources like:
- Linux Journal
- New Products
- Users, Permissions and Multitenant Sites
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- High-Availability Storage with HA-LVM
- DevOps: Everything You Need to Know
- Tighten Up SSH
- Non-Linux FOSS: MenuMeters
- diff -u: What's New in Kernel Development
- Solving ODEs on Linux