Samba

2,248
-1

Published on

The Samba Server

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
2,248
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
80
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Samba

  1. 1. Connecting Windows to Linux March 4,2001 Professor Tom Mavroidis
  2. 2. Integrating Linux with Windows <ul><li>There are two methods for integrating Linux into Windows </li></ul><ul><li>You can: </li></ul><ul><ul><li>Load SMB on Linux or </li></ul></ul><ul><ul><li>Load NFS on Windows </li></ul></ul>
  3. 3. What is Samba? <ul><li>Samba is a suite of Linux applications that speak the SMB (Server Message Block) protocol. Many operating systems, including Windows and OS/2, use SMB to perform client-server networking. </li></ul>
  4. 4. Why use SAMBA? <ul><li>Samba allows Linux servers to communicate with the same networking protocol as Microsoft Windows products. </li></ul>
  5. 5. What does SAMBA do? <ul><li>A Samba-enabled Unix machine can masquerade as a server on your Microsoft network and offer windows services. </li></ul>
  6. 6. How does Samba look? <ul><li>It shows up on the Network Neighborhood or My Network Places same as any Microsoft winxx server that has file sharing enabled </li></ul>
  7. 7. Mapping a Linux network drive to Windows <ul><li>Drives are mapped using My Computer icon in Windows </li></ul>
  8. 8. Where can I get SAMBA? <ul><li>The latest product can be downloaded from www.samba.org </li></ul><ul><li>You should learn to download and compile the latest version of Samba since it changes regularly </li></ul>
  9. 9. Two parts to Samba <ul><li>The client and the server </li></ul><ul><li>Linux can access an NT or 2000 share (client) </li></ul><ul><li>A Microsoft Machine can see your Linux box as a file server </li></ul>
  10. 10. SMB - Server Message Block <ul><li>Many server products are built around SMB ’s </li></ul><ul><li>SMB is not a documented protocol, it is Microsoft proprietary </li></ul><ul><li>Samba was constructed by two main architects Andrew Tridgell and Jeremy Allison </li></ul>
  11. 11. SMB Clients & Servers <ul><li>All windows networked computers communicate with each other via Server Message Blocks ( SMB ) </li></ul><ul><li>SMB looks at nodes as both client and server simultaneously making them peer to peer networks </li></ul>
  12. 12. Workgroup Names <ul><li>Windows machines know each other by a unique workgroup and name combination </li></ul><ul><li>A workgroup is a collection of SMB computers that all reside on a subnet and subscribe to the same SMB group </li></ul>
  13. 13. NetBios <ul><li>Named pairs must resolve to a unique hardware address </li></ul><ul><li>This scheme is known as NetBios or Network Basic Input/Output System </li></ul>
  14. 14. Netbios <ul><li>Designed primarily for local networks </li></ul><ul><li>No routing information is carried in the packet headers </li></ul><ul><li>To communicate across lan segments packets must be encapsulated within a routable protocol I.e. TCP/IP </li></ul>
  15. 15. NetBT or TCPBEUI <ul><li>Are the network protocols that supports the encapsulation </li></ul><ul><li>You must have TCP/IP installed to use SAMBA </li></ul><ul><li>Samba also supports WINS (Windows Internet Name Service) with DNS to provide IP to Hardware address resolution </li></ul>
  16. 16. Daemons <ul><li>Two server daemons nmbd and smdb make up SAMBA </li></ul><ul><li>smbd handles resource sharing and user authentication </li></ul><ul><li>nmbd is responsible for resource advertising and communicating with other SMB machines </li></ul>
  17. 17. Samba Components <ul><li>Smbclient - client side tool </li></ul><ul><li>smbmount - for mounting shares </li></ul><ul><li>smbprint - for printing </li></ul><ul><li>sbmstatus - displays connections </li></ul><ul><li>smbpasswd - authenticates users </li></ul><ul><li>nmblookup - handles NetBios name queries </li></ul><ul><li>testparms - verify SAMBA configuration file </li></ul><ul><li>testprns - tests printer shares </li></ul><ul><li>swat - inetd service which allows web based admin of SAMBA </li></ul>
  18. 18. SWAT <ul><li>A web based configuration tool </li></ul>
  19. 19. History <ul><li>May 1985 IBM Publishes a specification for a local network based on NetBios </li></ul><ul><li>Late 1980’s IBM & Microsoft develop a peer networking program, LAN Manager 1.0 released as LAN Manager for DOS </li></ul>
  20. 20. History continued <ul><li>Microsoft & IBM part ways </li></ul><ul><li>Microsoft becomes bearer of of SMB protocol </li></ul><ul><li>IBM develops OS2 with limited DOS compatibility </li></ul><ul><li>Microsoft continues enhancing SMB </li></ul>
  21. 21. Precautions <ul><li>You should have administration rights in the Windows NT domain </li></ul><ul><li>Misconfigured SAMBA can cause problems for everyone in the domain </li></ul>
  22. 22. Parameters needed <ul><li>Name of the Windows NT domain or the name of the local workgroup if peer to peer </li></ul><ul><li>IP addresses of any WINS servers on this domain </li></ul><ul><li>Names of users and groups in the Windows NT domain that will access services in SAMBA </li></ul>
  23. 23. Enable the swat service <ul><li>Find the service listed in the /etc/inetd.conf file </li></ul><ul><li>Uncomment the line for swat </li></ul><ul><li>Restart inetd </li></ul><ul><ul><li>$ killall _HUP inetd </li></ul></ul><ul><ul><li>swat runs on port 901 </li></ul></ul>
  24. 24. Configuration File <ul><li>/etc/smb.conf </li></ul><ul><li>Two overall sections </li></ul><ul><ul><li>global parameters </li></ul></ul><ul><ul><li>share definitions </li></ul></ul>
  25. 25. Assumptions <ul><li>Windows will handle browsing </li></ul><ul><li>Windows will handle name resolution issues </li></ul>
  26. 26. Browsing <ul><li>Unless specified the computer name is assumed to be the same as the TCP/IP host name </li></ul><ul><li>Explicitly specify the domain or workgroup name in the smb.conf file </li></ul><ul><li>[global] </li></ul><ul><ul><li>netbios name = SENECANODE </li></ul></ul><ul><ul><li>workgroup = SENECADOMAIN </li></ul></ul><ul><ul><li>comment = Seneca SAMBA share 750 </li></ul></ul>
  27. 27. Master Browser <ul><li>Only one node is elected as the master browser </li></ul><ul><li>In NT it is usually the Primary domain controller </li></ul>
  28. 28. Nodes <ul><li>The first node on line is deemed the master browser </li></ul><ul><li>Subsequent nodes look for the master browser </li></ul>
  29. 29. Agreeing on the master browser <ul><li>NetBios nodes agree on who should be handling browsing issues </li></ul><ul><li>Any NetBios machine may act as the master browser </li></ul><ul><li>If the master goes off line another master browser is elected </li></ul>
  30. 30. Source of Problems <ul><li>During an election every node announces its NetBios name and hardware address </li></ul><ul><li>A thousand node network can generate tremendous network traffic called a packet storm </li></ul>
  31. 31. Losing Browser Election <ul><li>We want SAMBA to always lose browser election </li></ul><ul><li>Set the OS level parameter in /etc.smb.conf to 1 </li></ul><ul><ul><li>os level = 1 </li></ul></ul><ul><ul><li>local master = no </li></ul></ul><ul><ul><li>domain master = no </li></ul></ul><ul><ul><li>preferred master = no </li></ul></ul>
  32. 32. Do not attempt browser synchronization <ul><li>Do not announce to the network </li></ul><ul><li>Comment or delete the following lines </li></ul><ul><ul><li>; remote browse sync = </li></ul></ul><ul><ul><li>; remote announce = </li></ul></ul>
  33. 33. WINS information <ul><li>Tell SAMBA where the WINS server is and not to act as a WINS server </li></ul><ul><ul><li>wins server = 192.168.1.1 (sub) </li></ul></ul><ul><ul><li>win support = no </li></ul></ul>
  34. 34. Setup name resolution order <ul><li>Modify dns or /etc/hosts </li></ul><ul><ul><li>name resolv order = wins host </li></ul></ul><ul><ul><li>Checks wins first, host second </li></ul></ul>
  35. 35. User authentication <ul><li>Windows NT 4 SP3 changed to encrypted passwords </li></ul><ul><li>We will assume encrypted passwords </li></ul><ul><li>Use user level authentication not share level, it is more secure </li></ul>
  36. 36. Authentication Parameters <ul><ul><li>Security = user </li></ul></ul><ul><ul><li>encrypt passwords = yes </li></ul></ul><ul><ul><li>null passwords = no </li></ul></ul><ul><ul><li>smb passwd file = /etc/smbpasswd </li></ul></ul><ul><ul><li>unix password sync = no </li></ul></ul><ul><ul><li>;do not restrict host access , comment out </li></ul></ul><ul><ul><li>; allow hosts = </li></ul></ul><ul><ul><li>; deny hosts = </li></ul></ul>
  37. 37. Explicitly state interfaces <ul><li>Only needed if more than 1 interface is installed </li></ul><ul><li>Interfaces = eth0 </li></ul><ul><li>Tell SAMBA how to handle TCP transmissions </li></ul><ul><li>socket options = TCP_NODELAY SO_RECVBUF=8192 SO_SNDBUF=8192 </li></ul>
  38. 38. Case Sensitivity <ul><li>Use the windows NT way </li></ul><ul><ul><li>default case = lower </li></ul></ul><ul><ul><li>case sensitive = no </li></ul></ul><ul><ul><li>preserve case = yes </li></ul></ul><ul><ul><li>password level = 0 </li></ul></ul>
  39. 39. Testing the config <ul><li>Testparm tests the configuration and reports any syntax errors </li></ul><ul><li>Only syntax is tested not context </li></ul>
  40. 40. Starting the server <ul><li>Both smbd and nmbd need to be started </li></ul><ul><li>$ /etc/rc.d/init.d/smb start </li></ul><ul><li>Check the log files /var/log/samba/ log.smb and log.nmb for errors </li></ul>
  41. 41. Adding Samba users <ul><li>Use the perl script smbadduser </li></ul><ul><li>$smbadduser linuxid:ntid </li></ul><ul><li>The linux and NT user must already exist </li></ul>
  42. 42. Defining File Shares <ul><li>[sharename] </li></ul><ul><ul><li>comment = Seneca Share </li></ul></ul><ul><ul><li>path = /senecadir </li></ul></ul><ul><ul><li>guest ok = yes </li></ul></ul><ul><ul><li>browseable = yes </li></ul></ul><ul><ul><li>writable = yes </li></ul></ul><ul><ul><li>read list = usernames </li></ul></ul><ul><ul><li>write list = usernames </li></ul></ul><ul><ul><li>admin list = usernames </li></ul></ul>
  43. 43. Defining Printer Shares <ul><li>[global] </li></ul><ul><ul><li>Printing - bsd </li></ul></ul><ul><ul><li>printcap name = /etc/printcap </li></ul></ul><ul><ul><li>load printers = yes </li></ul></ul><ul><li>Printcap is the printer config file </li></ul>
  44. 44. Printer definitions <ul><li>[printers] </li></ul><ul><ul><li>comment = All Printers </li></ul></ul><ul><ul><li>browseable = no </li></ul></ul><ul><ul><li>printable = yes </li></ul></ul><ul><ul><li>public = no </li></ul></ul><ul><ul><li>read only = yes </li></ul></ul><ul><ul><li>create mode = 0700 </li></ul></ul><ul><ul><li>directory = /tmp </li></ul></ul>
  45. 45. Regarding Printing <ul><li>SAMBA routes printing by default through LPD specified using printing = bsd </li></ul><ul><li>Printers can be directly configured with printtool </li></ul>
  46. 46. Client Setup <ul><li>Three main client programs </li></ul><ul><ul><li>smbclient </li></ul></ul><ul><ul><li>smbmount </li></ul></ul><ul><ul><li>smbprint </li></ul></ul><ul><ul><li>Print requests must be sent through the local print filters </li></ul></ul>
  47. 47. Connecting to an SMB share <ul><li>Mounting </li></ul><ul><ul><li>$ smbmount //servername/sharename /localpath -o options username= ?user? password= ?password? </li></ul></ul>
  48. 48. SAMBA 2.0 <ul><li>Has more concrete support for NT Domains </li></ul><ul><li>a user can log in to a Windows NT domain and use all the computers in the domain without logging into them individually </li></ul>
  49. 49. Performance <ul><li>Name/browsing service now supports 35,000 simultaneous clients </li></ul><ul><li>File and print services support many concurrent users without noticeable performance degradation. </li></ul>
  50. 50. Performance <ul><li>Linux/Samba on identical hardware now consistently performs better than NT Server </li></ul><ul><li>Improved locking allows client machines to cache entire files locally, improving speed </li></ul><ul><li>and many more </li></ul>
  51. 51. End of Presentation
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×