Getting the NT Out—And the Linux In

An overview of configuring Linux using Samba to replace the services provided from Windows NT servers.
Global Parameters

security = user is the default security setting for Samba 2.x. This configures Samba to require a user to provide authentication to access the server. To understand how Samba works with NT domains and servers, see “Security = Domain” in the Samba documentation.

iworkgroup = MyGroup controls which workgroup your server will appear to be in when queried by clients.

encrypt passwords = Yes controls whether encrypted passwords will be negotiated with the client. Windows NT 4SP3+ and Windows 98 will expect an encrypted password by default.

min passwd length = 6 sets the minimum length in characters of a plaintext password that smbd will accept when performing UNIX password changing.

smb passwd file = /etc/smbpasswd sets the path to the encrypted smbpasswd file. By default, the path to the smbpasswd file is compiled into Samba. I always add this to reduce confusion.

logon script = STARTUP.BAT specifies the batch file (.bat) or NT command file (.cmd) to be downloaded and run on a machine when a user successfully logs in. The file must contain the DOS-style cr/lf (carriage return/line feed) line endings.

If domain logons = Yes is set to true, the Samba server will serve Windows 95/98 domain logons for the workgroup it is in. For more details on setting up this feature, see the file DOMAINS.txt in the Samba documentation.

domain master = Yes enables WAN-wide (wide area network) browse list collation. Setting this option causes nmbd to claim a special domain-specific NetBIOS name that identifies it as a domain master browser for its given workgroup. Local master browsers in the same workgroup on broadcast-isolated subnets will give this nmbd their local browse lists, and will then ask smbd for a complete copy of the browse list for the entire WAN. Browser clients will then contact their local master browser and will receive the domain-wide browse list, instead of just the list for their broadcast-isolated subnet.

preferred master = Yes is a Boolean parameter which controls whether nmbd is a preferred master browser for its workgroup.

Setting Up Network Shares

That's it for our global parameters. We can now move on to creating network shares. By setting up a [homes] section, our server can create home-directory mappings on the fly:

[homes]
comment = Home Directories
read only = No
create mask = 0750
browseable = No

Now let's create some shares for users to access. The share definition should include the path, who can access the share (valid or invalid) and whether the share is writeable. By default, if no valid user or group is defined, the share is open to any client, so keep this in mind when creating your shares. In the apps share, I chose to create the UNIX group all_users containing just my local users.

[apps]
comment = Apps Directory
path = /shares/apps
valid users = @all_users
read only = No
[project1]
comment = Project 1 Directory
path = /shares/proj1
valid users = dcsmith kholmes joe katie redpup
read only = No
Last, I set up my netlogon home. This will be set to the relative path for my netlogon scripts. In this example, my login script is located at /etc/netlogon/STARTUP.BAT.
[netlogon]
path = /etc/netlogon
The full Samba configuration script is shown in Listing 1.

Listing 1

Samba Dæmons

The next step is to start the Samba dæmons. After checking everything out, you will probably want to add this to your system startup procedures.

/usr/local/samba/bin/smbd -D -s
/usr/local/samba/lib/smb.conf
/usr/local/samba/bin/nmbd -D
Troubleshooting

If everything went well, both smbd and nmbd were started successfully. If not, start troubleshooting by reading the log files at /var/adm/logs and review the FAQs from the Samba site.

Troubleshooting utilities, located in the Samba bin directory, are testparm, which will parse your smb.conf for errors, smbstatus, and nmblookup for NetBIOS name issues.

Setting Up the Samba Password File

Now it's time to add your users and passwords to your smbpassword file. One item to note is that users must have a UNIX account password as well. There are many options regarding passwords, such as remote password sync and NT domain and pass-through authentication, to help you with larger administration issues. In our case, user accounts are on our local Linux box. This command will create a SMB account and then prompt you to change your password.

/usr/local/samba/bin/smbpasswd -a testuser

You should now be able to log in as testuser and get authenticated from your Windows machines and access network shares. Great fun, eh? Once you get up and running, you will want to use some of the tools and utilities that Samba provides. One of the more useful utilities available is SWAT, a web-based administration tool that helps monitor and configure almost all Samba configurations. If SWAT is not available on your system, you can find it and more on the Samba home page.

______________________

White Paper
Linux Management with Red Hat Satellite: Measuring Business Impact and ROI

Linux has become a key foundation for supporting today's rapidly growing IT environments. Linux is being used to deploy business applications and databases, trading on its reputation as a low-cost operating environment. For many IT organizations, Linux is a mainstay for deploying Web servers and has evolved from handling basic file, print, and utility workloads to running mission-critical applications and databases, physically, virtually, and in the cloud. As Linux grows in importance in terms of value to the business, managing Linux environments to high standards of service quality — availability, security, and performance — becomes an essential requirement for business success.

Learn More

Sponsored by Red Hat

White Paper
Private PaaS for the Agile Enterprise

If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.

Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.

Learn More

Sponsored by ActiveState