Difference between revisions of "Samba"

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
Jump to navigation Jump to search
m (→‎Commands: moved future article)
m (→‎Commands: manpage links)
Line 9: Line 9:
 
*** DMB = [[Domain Master Browser]]
 
*** DMB = [[Domain Master Browser]]
 
*** LMB = [[Local Master Browser]]
 
*** LMB = [[Local Master Browser]]
** [[smbtree]] ({{link/manpage|smbtree}}): shows Samba servers and their shares in a hierarchical format
+
** [[smbtree]] ({{link/manpage|smbtree|manpage}}): shows Samba servers and their shares in a hierarchical format
** {{l/sub|net}}
+
** {{link/manpage|net}}
 
** [[nmblookup]] ({{link/manpage|nmblookup|manpage}})
 
** [[nmblookup]] ({{link/manpage|nmblookup|manpage}})
 
** [[smbclient]] ({{link/manpage|smbclient|manpage}})
 
** [[smbclient]] ({{link/manpage|smbclient|manpage}})

Revision as of 23:39, 9 October 2015

Navigation

computing: software: Samba

Overview

Samba is a program which allows "Network Neighborhood"-style communication between Windows and other platforms such as Linux. It is named after the SMB protocol, which is what Windows uses for "Network Neighborhood" communication.

Commands

Related Articles

  • /browser: debugging master/domain browser issues
  • /printing: using Samba to serve shared printers
  • files

Notes

as explained by user adaptr on #samba on freenode:

Each machine that participates in a netbios/smb network (or workgroup) is both client and server - it takes services and advertises them. Any machine at least advertises the MACHINE service – just its own netbios machine name with a specific SMB service type – so even if it's only trying to browse or auth to an SMB server, that client offers its own service data to what is known as the master browser.

user kukks adds:

To get more debug info from the cifs kernel module, use the following as root:

echo 7 > /proc/fs/cifs/cifsFYI

This will instruct cifs vfs to write more debug stuff to the kernel log.

can't browse into folders

The following lines in smb.conf fix a common problem where you can see folders underneath a share but can't browse into them (this may only be a problem if they are symbolic links):

# 2010-04-20 makes wide links work again
 # allows samba to show/include symbolic-linked folders and files:
 follow symlinks = yes
 # allows links to targets not within the shared folder
 wide links = yes
 # disable option incompatible with wide links
 unix extensions  = no

How To

Debug connection/access issues

Samba maintains activity logs in /var/log/samba/. There seem to be two logs, log.nmbd and log.smbd; log.smbd generally has information about connections and access, while log.nmbd has more to to with network-name resolution. The nature of the log files is configurable somewhat through smb.conf (see log level, among others). Use tail -f /var/log/samba/log.smbd (for example) to monitor a logfile in real-time.

Restart the Samba Server

If you have Fedora Core, there's a convenient little "services" application you can use to restart Samba and several dozen other services. For the rest of us, however, there's a command you have to execute from a root terminal.

On Ubuntu, and probably other Debian-based systems:

sudo restart smbd

Prior to Ubuntu 10.04 or so (maybe 9?), this was:

sudo /etc/init.d/samba restart

On SuSE 10.0 and Fedora Core 4:

sudo /etc/init.d/smb restart

This will ask for a password; type in your password (not root's) unless you have reconfigured your sudo setup. (This assumes you have sudo privileges; if not, su to get root access and then type the rest of the command without the "sudo".)

On Red Hat, I'm told the command would be:

/sbin/samba restart

(Possibly substituting "smb" for "samba"; ls the directory in question to find a list of services.) This is the same general technique used for restarting services, which should itself probably be documented somewhere. (The Samba share configuration GUI program really ought to have a "restart Samba server" button, though, even if it does this automatically when you change parameters -- because there is no way to know if it is doing this otherwise.)

Configure Samba for "guest" logins

As most home operating systems are now moving towards requiring users to have login accounts, this is becoming less necessary -- but it is still useful under some circumstances (such as wanting to give access to Win9x machines with the login dialogue bypassed).

Step 1 – adjust the configuration for smb.conf:

In the [global] section:

guest account = guestuser
guest ok = yes
security = share

...where guestuser should be a standard Linux user (typically "sambaguest") who has the necessary permissions on the target system for whatever sort of access you want to grant through the share. If the user doesn't have the correct permissions, client machines will probably be able to see the share but not to access anything inside it. Check /var/log/samba/ for log files which may help trace problems (the actual log filespecs are defined by the "log file =" parameter in smb.conf).

The following settings have not been tested successfully and aren't actually necessary, but can apparently be helpful if there are permissions conflicts (e.g. files created by guestuser can't be written or deleted by anyone else):

force group = browsegroup
force create mode = 0060
create mask = 0775

...where browsegroup is the groupname for users who should have access to shared stuff; I usually use "lanusers". "force group" may be unnecessary if guestuser is created as a member of browsegroup instead of its own private group:

sudo adduser --ingroup browsegroup --no-create-home guestuser

After editing and saving smb.conf. restart the Samba daemon for changes to take effect. Note for the future: it may actually be a better idea to leave off the --no-create-home option, because the guestuser's home directory actually makes a very sensible place for folders to be shared from.

Step 2 – make sure the smbusers file exists, and has the guestuser account (typically "sambaguest") in it. The smbusers file lets you map {whatever login names remote systems (including Windows systems) might send} to the guestuser account, so such connections can be recognized as valid guest connections.

Step 3 – make sure the Linux system has a user account for guestuser, and give that account any necessary access privileges.

A bit of explanation: The "guest account" setting is the filesystem user which the Samba server uses for accessing files on its host system, regardless of what username is sent by remote systems. Files created on the Samba server using a "guest" connection will be owned by guestuser and guestuser's primary group. If the "force group" setting is used, then the group ownership for those files will instead be browsegroup.

The actual names for guestuser and browsegroup are arbitrary; "sambaguest" and "lanusers" seem to work fine.

Mount Remote Samba Shares on Local Filesystem

Where the share to be mounted is "//beaker/My Documents", and assuming beaker is a Win98 machine using share-mode security with no password:

  • Short version --
mount -t cifs //BEAKER/MY\ DOCUMENTS /mnt/machines/beaker/My\ Documents -o sec=lanman,servername=BEAKER
  • Long version, which will let you know if mount.cifs is not installed:
mount.cifs //beaker/MY\ DOCUMENTS /mnt/machines/beaker/My\ Documents --verbose -o sec=lanman,servername=BEAKER,guest

Automatic resolution of Network Neighborhood names

Some explanation, for technical purists:

  • Problem: How can we add Network Neighborhood machine names to the search space used by Linux's domain name resolver?
  • Justification: This is needed so that commands which accept a domain name as input (e.g. ftp, ssh, mysql) can accept a machine name instead, removing the necessity to manually look up the machine's IP address. For example, I should be able to type ssh machinename instead of having to first look up machinename's IP address via other methods, and then paste or retype that address (both methods prone to error) after the ssh command.

Note: Under some circumstances, Samba appears to set itself up this way automatically, but results have been inconsistent.

I researched this extensively for many months and found many hideously complicated or otherwise inadequate solutions. It turns out, however, that there is quite a simple solution (which is probably trivially obvious to anyone with a solid understanding of how Linux networking is structured, and hence not worth mentioning):

  • install winbind
    • usually available in standard repositories; Ubuntu 6.06 and up have it
    • this may not be necessary on some systems, e.g. Fedora 6 doesn't show winbind in its package repository, but the next step makes things work anyway
  • edit /etc/nsswitch.conf
    • change the "hosts" line to include "wins" before "dns" (see the examples)

This tells Linux's domain name resolver to check WINS before it checks DNS when resolving domain names. No further action should be required (you don't even have to restart the networking daemon); test the change by trying to ping a local machine by name.

related useful information

The command nmblookup machinename returns an IP address, as will net lookup machinename. nmblookup apparently sends out a broadcast request ("anyone here named machinename?"), while net lookup checks a central list (presumably on the Samba master browser).

explanations

WINS is a method of domain name resolution, as is DNS. WINS (a protocol) originally used NetBIOS (another, lower-level protocol), but more recently has switched to using TCP.

Links

Official

Reference

Articles