Linux for Newbies, Part 13:
Home Networking, Part 2:
Samba

by Gene Wilburn

(The Computer Paper, Aug 2000. Copyright © Wilburn Communications Ltd. All rights reserved)

---

In last month's installment, we set up a basic home network with NICs, hub and cable, and assigned a private IP address range (192.168.0.0-255) to our network. We then named our machines and added the host names and corresponding IP addresses to the hosts tables in Linux and Windows. We tested that everything worked using ping to check for connectivity and name resolution.

This month we'll set up Linux as a server on our shared Linux/Windows network. We'll implement a solution called Samba, a versatile open-source product that allows us to integrate our Linux and Windows computers into a single, seamless network.

Using Samba, Linux directories can appear in the Network Neighborhood window of all your Windows machines. Samba is based on SMB/CIFS (Server Message Block/Common Internet File System) protocol, a Microsoft networking protocol that goes back to the early Microsoft LAN Manager days and is still the foundation for Windows NT/2000 networking.

Samba allows Linux to provide file and print services, mapping Linux directories to Windows drive letters by creating "shares" for directories and printing devices. With Samba, Windows users can share a printer attached to a Linux box, and Linux users can share a printer on a Windows box.

Samba can be used peer-to-peer style, as with a Windows 95/98 peer network, or Samba can become an authenticating server for the network, in the manner of NT or Windows 2000. In the business world, Samba on Linux is frequently used as an NT server replacement, acting as a Primary or Backup Domain Controller.

On a home network, Samba provides a way for you to set up a central Linux server for file storage, backup, printing, and, as we'll see next month, a central gateway to the Internet.

Installing Samba

Installing Samba is remarkably easy. Samba comes as a standard part of most Linux distributions and is usually installed by default on Red Hat Linux. The main thing to be aware of with Samba is that you should always use a very current release, especially if you intend to include any Windows 2000 machines on your network.

The Samba packaged with Red Hat consists of three main RPM's: samba, samba-common, and samba-client. At the time of this writing, the most recent version of Samba on the Red Hat site is 2.0.6-9. You can discover which version you have installed by typing rpm -q samba at the command line.

If you don't have Samba already installed, obtain the latest RPM's from the Red Hat site (www.redhat.com) or a mirror site and install them either using a graphical RPM utility or from the command line as root:

# rpm -Uhv samba*.rpm

Basic Samba Settings

The key to configuring Samba, after it is installed, is the file /etc/smb.conf. As with most Linux configuration files, smb.conf is a text file that you normally configure using a text editor. You are also able to configure Samba using the Linuxconf utility, or, as we shall see later, with SWAT, a web-based admin tool.

The smb.conf file resembles the .ini files that were common in Windows 3.1. The file consists of sections, or stanzas, with section names surrounded by brackets, e.g. [global], [homes], [printers] and configuration information underneath each section. The configuration parameters use the format parameter name = some value, e.g.:

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 50

White space is unimportant, and comments are allowed. There are dozens of parameters that can be adjusted and set in this file, but for a home network, a basic setup is all that is required.

First, if you're going to run a simple peer-to-peer network, you need a Workgroup name. If your family name is Smith, for example, you may want to name your workgroup SMITH. This is set in the [global] section as workgroup = SMITH. You then need to define this group under Start, Control Panel, Networks in all your Windows machines.

Users on a home network normally authenticate to Samba by their Linux login name (or ident) and password. This means that you need to keep your Windows ident and password in sync with your Linux ident and password. The default setup is to give a Windows user access to his or her Linux home directory. This is set in the [global] section as security = user.

For backup purposes, or for sharing a common download area, you may also want to create a Public share on your Linux box that all users may access by creating a [public] section, e.g.:

# A publicly accessible directory, but read only, except for people in
# the "techie" group

[public]
   comment = Public Stuff
   path = /home/samba/common
   public = yes
   writable = yes
   printable = no
   write list = @techie

You may personally have more than one Linux ident on your machine, but for convenience you might like all your variant names to have access to a single home directory, defined by the login name you use in Windows. Or you may want your home directory to be shareable by another member of the family. To do this, you create a special section for your directory, e.g.:

[fred]
   comment = Fred's home directory
   path = /home/fred/
   valid users = fred fsmith janet
   public = no
   writable = yes
   printable = no
   create mask = 0765

Assuming you've already configured a printer or two to work under Linux, you can make printers sharable to Windows clients by setting load printers = yes under [global]:

# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   printcap name = /etc/printcap
   load printers = yes

That's it! That's all the basic configuration you need to do to have a working Samba-based home network. This setup would be insufficient for a larger, business environment but it works fine for a home setup.

Advanced Samba Settings

As you might expect, there are quite a few additional, optional configuration parameters that go beyond the basics. Because Samba is integrating two disparate worlds, Unix and Windows, including the new wrinkles in Windows 2000, it includes a number of advanced options.

There are, for instance, several methods of implementing security. In the basic, simple environment we have created for home use, passwords are sent in the clear, as they are for telnet and ftp sessions. In a tighter NT-style environment, passwords are encrypted. You can set up Samba to either accept NT-authenticated logins, or to use NT-compatible encrypted passwords. Here are the pertinent parameters in the [global] section of the standard Samba smb.conf file:

# Security mode. Most people will want user level security. See
# security_level.txt for details.
   security = user
# Use password server option only with security = server
;   password server = 

# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
;  password level = 8
;  username level = 8

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = yes
  smb passwd file = /etc/smbpasswd

The Samba documentation referred to in the preceding section resides in /usr/doc/samba-[version]. If you elect to turn on encrypted passwords (A Good Thing™), it is very important to read and understand how to create the special Samba password file that is required.

Security can be further enforced with the "hosts allow" parameter in the [global] section:

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
   hosts allow =  192.168.0. 127.

Note that the preceding parameter only allows IP addresses from our home network to participate.

To participate fully in a Windows-oriented environment, Samba also has settings for WINS, WINS proxies, and DNS proxies for resolving Windows machine names. There are even ways to set up Samba to supply Windows 9X "roving profiles."

Most of the advanced settings pertain to larger, corporate environments where Samba is frequently deployed as a surrogate NT server, or to use authentication from an NT Primary Domain Controller.

One useful advanced feature that can even benefit a home network is to let Samba be the time server for the network. If your Linux box uses a utility such as rdate to update its clock regularly against an atomic time standard, Windows boxes can use Samba to set their local time. This requires a one-liner in the [global] section time server = yes plus a small script on each Windows workstation with NET TIME \\SERVERNAME /YES /SET as an executable command.

A question that often arises with a home network is what possibilities exist if I have both Windows and Macintosh workstations? One solution for Macs is a product called DAVE from Thursby (http://www.thursby.com/). DAVE allows Macs to participate in a Windows SMB/CIFS network, and is reported to work successfully with Samba.

Graphical Samba Management

To make Samba management easier, the Samba development team now includes SWAT, a browser-based GUI management tool for managing Samba. With SWAT, you can stop/start Samba, drop connections, check status, re-set passwords, and set all the smb.conf parameters. (sample screenshot)

Other Samba Utilities

One thing to remember about Samba is that it works both ways. You can map Linux directories to Windows, but you can also map Windows shares and printers to Linux. In my home, for instance, I have my son's PC attached to the HP3P printer in the office because he uses it frequently for homework assignments and other printouts. I only use a printer occasionally, so I use Samba to send my print jobs to the printer through his Windows 95 printer share.

One of the Samba utilities, smbclient, allows you to attach to Windows shares to do things like transfer files straight to a PC directly from the Linux command line. Another utility, smbtar, allows you to create tar backups of Windows shared directories or files across the network. You can use this utility to back up your children's homework or spouse's directories to a standard Linux tape archive.

Further Reading

Samba is a feature-rich product that can be deployed simply, as in a home network, or deployed with sophistication, in a corporate environment. If you need to delve into its advanced offerings, there are several helpful sources of information. The Samba website is www.samba.org and the site contains many online documents, in addition to latest versions of the program and source code.

The Samba documentation is normally installed by Red Hat Linux in /usr/doc/samba-[version]. This should be your first documentation stop.

There are now several excellent Samba books on the market. They include Samba Administrator's Handbook, by Edward G. Brooksbank, IDG Books, 1999 (ISBN: 0764546368, $37.99); Samba Black Book, by Dominic Baines, Coriolis, 1999 (ISBN: 1576104559, $74.99); and Using Samba, by Kelly, Collier-Brown and Donham, O'Reilly & Associates, 1999 (ISBN: 1565924495, $51.95).

Next time: Connecting your home network to the Internet

Gene Wilburn (gene@wilburn.ca) is a Toronto-based IT specialist, musician and writer who operates a small farm of Linux servers.

-30-