Difference between revisions of "Samba"
m (→Commands: moved future article) |
m (→Commands: manpage links) |
||
Line 9: | Line 9: | ||
*** DMB = [[Domain Master Browser]] | *** DMB = [[Domain Master Browser]] | ||
*** LMB = [[Local Master Browser]] | *** LMB = [[Local Master Browser]] | ||
− | ** [[smbtree]] ({{link/manpage|smbtree}}): shows Samba servers and their shares in a hierarchical format | + | ** [[smbtree]] ({{link/manpage|smbtree|manpage}}): shows Samba servers and their shares in a hierarchical format |
− | ** {{ | + | ** {{link/manpage|net}} |
** [[nmblookup]] ({{link/manpage|nmblookup|manpage}}) | ** [[nmblookup]] ({{link/manpage|nmblookup|manpage}}) | ||
** [[smbclient]] ({{link/manpage|smbclient|manpage}}) | ** [[smbclient]] ({{link/manpage|smbclient|manpage}}) |
Revision as of 23:39, 9 October 2015
Overview
Samba is a program which allows "Network Neighborhood"-style communication between Windows and other platforms such as Linux. It is named after the SMB protocol, which is what Windows uses for "Network Neighborhood" communication.
Commands
- User commands
- findsmb: lists Samba-connected machines by name, IP address, workgroup; also shows master browser status
- DMB = Domain Master Browser
- LMB = Local Master Browser
- smbtree (manpagem): shows Samba servers and their shares in a hierarchical format
- netm
- nmblookup (manpagem)
- smbclient (manpagem)
- smbcontrol (manpagem)
- smbpasswd (manpagem)
- smbstatus (manpagem)
- testparm (manpagem)
- findsmb: lists Samba-connected machines by name, IP address, workgroup; also shows master browser status
- System commands (not usually run by the user)
Related Articles
- /browser: debugging master/domain browser issues
- /printing: using Samba to serve shared printers
- files
Notes
as explained by user adaptr on #samba on freenode:
Each machine that participates in a netbios/smb network (or workgroup) is both client and server - it takes services and advertises them. Any machine at least advertises the MACHINE service – just its own netbios machine name with a specific SMB service type – so even if it's only trying to browse or auth to an SMB server, that client offers its own service data to what is known as the master browser.
user kukks adds:
To get more debug info from the cifs kernel module, use the following as root:
echo 7 > /proc/fs/cifs/cifsFYI
This will instruct cifs vfs to write more debug stuff to the kernel log.
can't browse into folders
The following lines in smb.conf fix a common problem where you can see folders underneath a share but can't browse into them (this may only be a problem if they are symbolic links):
# 2010-04-20 makes wide links work again # allows samba to show/include symbolic-linked folders and files: follow symlinks = yes # allows links to targets not within the shared folder wide links = yes # disable option incompatible with wide links unix extensions = no
How To
Debug connection/access issues
Samba maintains activity logs in /var/log/samba/. There seem to be two logs, log.nmbd and log.smbd; log.smbd generally has information about connections and access, while log.nmbd has more to to with network-name resolution. The nature of the log files is configurable somewhat through smb.conf (see log level, among others). Use tail -f /var/log/samba/log.smbd (for example) to monitor a logfile in real-time.
Restart the Samba Server
If you have Fedora Core, there's a convenient little "services" application you can use to restart Samba and several dozen other services. For the rest of us, however, there's a command you have to execute from a root terminal.
On Ubuntu, and probably other Debian-based systems:
sudo restart smbd
Prior to Ubuntu 10.04 or so (maybe 9?), this was:
sudo /etc/init.d/samba restart
On SuSE 10.0 and Fedora Core 4:
sudo /etc/init.d/smb restart
This will ask for a password; type in your password (not root's) unless you have reconfigured your sudo setup. (This assumes you have sudo privileges; if not, su to get root access and then type the rest of the command without the "sudo".)
On Red Hat, I'm told the command would be:
/sbin/samba restart
(Possibly substituting "smb" for "samba"; ls the directory in question to find a list of services.) This is the same general technique used for restarting services, which should itself probably be documented somewhere. (The Samba share configuration GUI program really ought to have a "restart Samba server" button, though, even if it does this automatically when you change parameters -- because there is no way to know if it is doing this otherwise.)
Configure Samba for "guest" logins
As most home operating systems are now moving towards requiring users to have login accounts, this is becoming less necessary -- but it is still useful under some circumstances (such as wanting to give access to Win9x machines with the login dialogue bypassed).
Step 1 – adjust the configuration for smb.conf:
In the [global] section:
guest account = guestuser guest ok = yes security = share
...where guestuser should be a standard Linux user (typically "sambaguest") who has the necessary permissions on the target system for whatever sort of access you want to grant through the share. If the user doesn't have the correct permissions, client machines will probably be able to see the share but not to access anything inside it. Check /var/log/samba/ for log files which may help trace problems (the actual log filespecs are defined by the "log file =" parameter in smb.conf).
The following settings have not been tested successfully and aren't actually necessary, but can apparently be helpful if there are permissions conflicts (e.g. files created by guestuser can't be written or deleted by anyone else):
force group = browsegroup force create mode = 0060 create mask = 0775
...where browsegroup is the groupname for users who should have access to shared stuff; I usually use "lanusers". "force group" may be unnecessary if guestuser is created as a member of browsegroup instead of its own private group:
sudo adduser --ingroup browsegroup --no-create-home guestuser
After editing and saving smb.conf. restart the Samba daemon for changes to take effect. Note for the future: it may actually be a better idea to leave off the --no-create-home option, because the guestuser's home directory actually makes a very sensible place for folders to be shared from.
Step 2 – make sure the smbusers file exists, and has the guestuser account (typically "sambaguest") in it. The smbusers file lets you map {whatever login names remote systems (including Windows systems) might send} to the guestuser account, so such connections can be recognized as valid guest connections.
Step 3 – make sure the Linux system has a user account for guestuser, and give that account any necessary access privileges.
A bit of explanation: The "guest account" setting is the filesystem user which the Samba server uses for accessing files on its host system, regardless of what username is sent by remote systems. Files created on the Samba server using a "guest" connection will be owned by guestuser and guestuser's primary group. If the "force group" setting is used, then the group ownership for those files will instead be browsegroup.
The actual names for guestuser and browsegroup are arbitrary; "sambaguest" and "lanusers" seem to work fine.
Where the share to be mounted is "//beaker/My Documents", and assuming beaker is a Win98 machine using share-mode security with no password:
- Short version --
mount -t cifs //BEAKER/MY\ DOCUMENTS /mnt/machines/beaker/My\ Documents -o sec=lanman,servername=BEAKER
- Long version, which will let you know if mount.cifs is not installed:
mount.cifs //beaker/MY\ DOCUMENTS /mnt/machines/beaker/My\ Documents --verbose -o sec=lanman,servername=BEAKER,guest
Automatic resolution of Network Neighborhood names
Some explanation, for technical purists:
- Problem: How can we add Network Neighborhood machine names to the search space used by Linux's domain name resolver?
- Justification: This is needed so that commands which accept a domain name as input (e.g. ftp, ssh, mysql) can accept a machine name instead, removing the necessity to manually look up the machine's IP address. For example, I should be able to type ssh machinename instead of having to first look up machinename's IP address via other methods, and then paste or retype that address (both methods prone to error) after the ssh command.
Note: Under some circumstances, Samba appears to set itself up this way automatically, but results have been inconsistent.
I researched this extensively for many months and found many hideously complicated or otherwise inadequate solutions. It turns out, however, that there is quite a simple solution (which is probably trivially obvious to anyone with a solid understanding of how Linux networking is structured, and hence not worth mentioning):
- install winbind
- usually available in standard repositories; Ubuntu 6.06 and up have it
- this may not be necessary on some systems, e.g. Fedora 6 doesn't show winbind in its package repository, but the next step makes things work anyway
- edit /etc/nsswitch.conf
- change the "hosts" line to include "wins" before "dns" (see the examples)
This tells Linux's domain name resolver to check WINS before it checks DNS when resolving domain names. No further action should be required (you don't even have to restart the networking daemon); test the change by trying to ping a local machine by name.
The command nmblookup machinename returns an IP address, as will net lookup machinename. nmblookup apparently sends out a broadcast request ("anyone here named machinename?"), while net lookup checks a central list (presumably on the Samba master browser).
explanations
WINS is a method of domain name resolution, as is DNS. WINS (a protocol) originally used NetBIOS (another, lower-level protocol), but more recently has switched to using TCP.
Links
Official
Reference
- Wikipedia:Samba software
- Wikipedia:Server Message Block: SMB protocol
Articles
- 1999-11 Chapter 3: Configuring Windows Clients from the book Using Samba by Robert Eckstein, David Collier-Brown, Peter Kelly (this shows how to set up Win9x machines for non-anonymous connection to Samba)
- Managing Samba: Choose your weapon – Windows network ID basics: seems to cover some useful concepts