Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Samba Doug Maxwell November 13, 2004 – GHGLUG

Published byPhilip Baker Modified over 7 years ago

Similar presentations

Presentation on theme: "Using Samba Doug Maxwell November 13, 2004 – GHGLUG"— Presentation transcript:

1 Using Samba Doug Maxwell doug@unixlore.net November 13, 2004 – GHGLUG
Updated March, 2006

2 What is Samba? Samba is a collection of programs that speak the SMB protocol Server Message Block protocol Windows client-server protocol, useful for networked file and printer sharing Samba runs natively on Unix platforms, and so provides a way to bridge the OS divide

3 Terminology A domain is a group of networked resources
NT Domain: Legacy Windows domain Win 95/98/Me/NT PDC: Primary domain controller BDC: Backup domain controller WINS: Windows name resolution services NBT: NetBIOS over TCP Provides name resolution and reliable or unreliable messaging NT Lan Manger: Version of SMB used in Windows NT4 This is the version of SMB implemented by Samba

4 Terminology Since Win2k, Active Directory (AD)
AD Domains are LDAP/Kerberos based Win2k/XP/2003 Server Use DNS instead of WINS CIFS: Common Internet File System The version of SMB used by Win2k/XP Browsing Process of discovering shared resources

5 What Good is Samba? Integrating Unix and Windows authentication
Single Sign-On for all Sharing files and printers across OS platforms Saves on license costs (or drives you less crazy trying to administer it) A Samba server can be an NT domain PDC, client, or server An AD client or server (but not a domain controller) A primary WINS server

6 What Good is Samba? A replacement for NFS Unix-to-Unix filesharing
Has the advantage of authenticating users, not clients

7 Limitations A Samba server cannot be An AD domain controller
This is being worked on by the Samba team A BDC to a Windows PDC ...and a Windows PDC cannot replicate to a Samba BDC

8 Components The Samba suite is comprised of several daemons and many other utilities nmbd Name resolution and registration smbd TCP/IP connection handling for file/printer sharing winbindd Only needed if the Samba server is an NT domain or AD member server Handles authentication with domain controllers

9 Components Command-line utilities smbpasswd
Used for Samba user and machine account maintenance smbclient Used to access shared resources from the command line testparm Checks the smb.conf file smbstatus Displays the server status and existing network connections

10 Components SWAT

11 Questions?

12 Secure File Server Requirements: Unix file server
Accessible by Windows and Unix clients User authentication User home directories Group storage in /export Owned by admin Accesible to members of the users group

13 Secure File Server Requirements:
Make sure the Unix users have been created and are members of the group “users” useradd -c "Test User" -m -g users -p abc123 test mkdir /export chown admin.users /export chmod 770 /export smbpasswd -a root smbpasswd -a test smbpasswd -a admin

14 Secure File Server, smb.conf
# Global parameters [global] workgroup = GHGLUG netbios name = STEALTH [homes] comment = Home Directories valid users = %S read only = No browseable = No [public] comment = Shared User Data path = /export force user = admin force group = users guest ok = Yes

15 Secure File Server Check the smb.conf with “testparm”
Start the Samba daemons /etc/init.d/samba start (Debian) service smb start (Red Hat) Check the server status smbclient -L localhost -U% smbclient //STEALTH/test -Utest%abc123

16 Lab I I've configured smb.conf as noted before
You connect to it as user “test” with password “abc123” Try accessing the public share as well

17 Samba as a PDC The smb.conf is still pretty simple
We add a netlogon and profiles shares, for domain logins and roaming profile support The OS Level parameter must be > 32 Windows clients now need machine accounts in the Samba server's Unix password file Unix clients will run the winbind daemon This requires the idmap uid and idmap gid parameters be set in the client smb.conf

18 Samba as a PDC [global] netbios name = STEALTH workgroup = GHGLUG
passdb backend = tdbsam os level = 35 preferred master = yes domain master = yes local master = yes security = user domain logons = yes logon path = \\%N\profiles\%U logon home = \\%L\%u\.profiles logon drive = H: logon script = logon.cmd [netlogon] path = /var/lib/samba/netlogon read only = yes write list [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700

19 Samba as a PDC Manually adding machine trust accounts
Do this on the Samba server for each Win2k/XP client useradd -d /dev/null -c "nickname" -s /bin/false machine_name$ && passwd -l machine_name$ Note the trailing “$” - this is required Now we add the machine account to the Samba password database smbpasswd -a -m machine_name

20 Samba as a PDC We should now see netlogon and profiles shares available, after a service restart: stealth:/# smbclient -L localhost -U% Domain=[GHGLUG] OS=[Unix] Server=[Samba Debian] Sharename Type Comment netlogon Disk profiles Disk IPC$ IPC IPC Service (Samba Debian) ADMIN$ IPC IPC Service (Samba Debian) Server Comment STEALTH Samba Debian Workgroup Master GHGLUG STEALTH

21 Samba as a PDC Windows clients - Gotchas
The first time the client joins the domain, you must login with an account that has domain admin privileges This is usually the Samba “root” account Subsequent logins will use the client's usual username/password pair

22 Samba as a PDC Windows clients - Gotchas
There are some registry/security settings that might need tweaking in older versions of Samba (<3): Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters "RequireSignOrSeal" should have the DWORD value of 0 HKEY_LOCAL_MACHINE\SOFTWARE\Policies \Microsoft\Windows\System\CompatibleRUPSecurity should have the DWORD value of 1 Local Security Policy (disable the following): "Domain member: Digitally encrypt or sign secure channel data (always)" "Domain member: Digitally encrypt secure channel data (when possible)" "Domain member: Digitally sign secure channel data (when possible)" "Domain member: Require strong (Windows 2000 or later) session key"

23 Questions?

24 Samba as a Domain Member
Samba and windbind run on the client Join the domain with the Samba “net” command net rpc join -Uroot%'password' Start the Samba and winbind daemons Store winbind auth info for session setup wbinfo –set-auth-user=root%'password' Test winbind with wbinfo -u, wbinfo -g, and getent passwd username

25 Samba as a Domain Member
The smb.conf is simple: [global] workgroup = GHGLUG security = DOMAIN idmap uid = idmap gid = winbind use default domain = Yes

26 Lab II Try to connect your Linux or Windows client to the GHGLUG domain controller I setup earlier The test and root users have password “abc123” A note about security In practice, the network administrator configures and logs the client in for the first time This way, the domain administrator password does not have to be shared

27 Final Notes If you just want to quickly access Windows shares from a Linux workstation, you don't need a full-blown Samba installation Usually you just need smbclient and smbfs support in your kernel Debian: apt-get install smbfs smbclient

28 Final Notes I have the following in my .bashrc
alias mmp3='smbmount "\\\\IP_ADDRESS\\MP3" ~/mmp3 -o username="dmaxwell/DOMAIN%password"' By running the command 'mmp3', I can then access the shared mp3 repository from my locally mounted ~/mmp3 directory

29 Final Notes Use smbclient like an FTP client
smbclient "\\\\FILESRV\\path" -I [IP address] - d 3 -A ~/dom.txt Once logged in, use the standard FTP commands to store and retrieve data The file “dom.txt” should have the following format: username = test password = abc123 domain = GHGLUG

30 Final Notes We didn't cover printing
Samba makes a great print server, and integrates with CUPS natively Configure each CUPS printer with no filter Windows clients install the printer driver locally The Samba documentation is excellent Several of the books are freely available online, or can be read through the SWAT web interface Debian: apt-get install swat samba-doc

31 Questions?

32 Copyright & License Copyright (c) 2004, 2006 Doug Maxwell ( Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is at

Download ppt "Using Samba Doug Maxwell November 13, 2004 – GHGLUG"

Similar presentations

Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.

Homework 5b: Samba. Computer Center, CS, NCTU 2 Network-based File Sharing (1)  NFS (UNIX-based) mountd is responsible for mount request nfsd and nfsiod.
Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.

Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 7 Configuring File Services in Windows Server 2008.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
FINAL PROJECT SAMBA Server

FINAL PROJECT SAMBA Server
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
CMSC 691X – Summer 2002 Project By Pravin D’Souza.

CMSC 691X – Summer 2002 Project By Pravin D’Souza.
Installing Samba Vicki Insixiengmay Jonathan Krieger.

Installing Samba Vicki Insixiengmay Jonathan Krieger.
1 COP 4343 Unix System Administration Unit 16: file server – samba.

1 COP 4343 Unix System Administration Unit 16: file server – samba.
UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.

UNIT - III. Installing Samba Windows uses Sever Message Block(SMB) to communicate with each other using sharing services like file and printer. Samba.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
VPN Plus Samba Making My Home Computing Environment Identical to My Work Computing Environment.

VPN Plus Samba Making My Home Computing Environment Identical to My Work Computing Environment.
Samba Objectives Contents Practical Summary

Samba Objectives Contents Practical Summary
Samba

Samba
1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.

1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.

One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.

Similar presentations

Ads by Google