Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

The Samba Server

Published in: Technology
  • Be the first to comment


  1. 1. Connecting Windows to Linux March 4,2001 Professor Tom Mavroidis
  2. 2. Integrating Linux with Windows <ul><li>There are two methods for integrating Linux into Windows </li></ul><ul><li>You can: </li></ul><ul><ul><li>Load SMB on Linux or </li></ul></ul><ul><ul><li>Load NFS on Windows </li></ul></ul>
  3. 3. What is Samba? <ul><li>Samba is a suite of Linux applications that speak the SMB (Server Message Block) protocol. Many operating systems, including Windows and OS/2, use SMB to perform client-server networking. </li></ul>
  4. 4. Why use SAMBA? <ul><li>Samba allows Linux servers to communicate with the same networking protocol as Microsoft Windows products. </li></ul>
  5. 5. What does SAMBA do? <ul><li>A Samba-enabled Unix machine can masquerade as a server on your Microsoft network and offer windows services. </li></ul>
  6. 6. How does Samba look? <ul><li>It shows up on the Network Neighborhood or My Network Places same as any Microsoft winxx server that has file sharing enabled </li></ul>
  7. 7. Mapping a Linux network drive to Windows <ul><li>Drives are mapped using My Computer icon in Windows </li></ul>
  8. 8. Where can I get SAMBA? <ul><li>The latest product can be downloaded from </li></ul><ul><li>You should learn to download and compile the latest version of Samba since it changes regularly </li></ul>
  9. 9. Two parts to Samba <ul><li>The client and the server </li></ul><ul><li>Linux can access an NT or 2000 share (client) </li></ul><ul><li>A Microsoft Machine can see your Linux box as a file server </li></ul>
  10. 10. SMB - Server Message Block <ul><li>Many server products are built around SMB ’s </li></ul><ul><li>SMB is not a documented protocol, it is Microsoft proprietary </li></ul><ul><li>Samba was constructed by two main architects Andrew Tridgell and Jeremy Allison </li></ul>
  11. 11. SMB Clients & Servers <ul><li>All windows networked computers communicate with each other via Server Message Blocks ( SMB ) </li></ul><ul><li>SMB looks at nodes as both client and server simultaneously making them peer to peer networks </li></ul>
  12. 12. Workgroup Names <ul><li>Windows machines know each other by a unique workgroup and name combination </li></ul><ul><li>A workgroup is a collection of SMB computers that all reside on a subnet and subscribe to the same SMB group </li></ul>
  13. 13. NetBios <ul><li>Named pairs must resolve to a unique hardware address </li></ul><ul><li>This scheme is known as NetBios or Network Basic Input/Output System </li></ul>
  14. 14. Netbios <ul><li>Designed primarily for local networks </li></ul><ul><li>No routing information is carried in the packet headers </li></ul><ul><li>To communicate across lan segments packets must be encapsulated within a routable protocol I.e. TCP/IP </li></ul>
  15. 15. NetBT or TCPBEUI <ul><li>Are the network protocols that supports the encapsulation </li></ul><ul><li>You must have TCP/IP installed to use SAMBA </li></ul><ul><li>Samba also supports WINS (Windows Internet Name Service) with DNS to provide IP to Hardware address resolution </li></ul>
  16. 16. Daemons <ul><li>Two server daemons nmbd and smdb make up SAMBA </li></ul><ul><li>smbd handles resource sharing and user authentication </li></ul><ul><li>nmbd is responsible for resource advertising and communicating with other SMB machines </li></ul>
  17. 17. Samba Components <ul><li>Smbclient - client side tool </li></ul><ul><li>smbmount - for mounting shares </li></ul><ul><li>smbprint - for printing </li></ul><ul><li>sbmstatus - displays connections </li></ul><ul><li>smbpasswd - authenticates users </li></ul><ul><li>nmblookup - handles NetBios name queries </li></ul><ul><li>testparms - verify SAMBA configuration file </li></ul><ul><li>testprns - tests printer shares </li></ul><ul><li>swat - inetd service which allows web based admin of SAMBA </li></ul>
  18. 18. SWAT <ul><li>A web based configuration tool </li></ul>
  19. 19. History <ul><li>May 1985 IBM Publishes a specification for a local network based on NetBios </li></ul><ul><li>Late 1980’s IBM & Microsoft develop a peer networking program, LAN Manager 1.0 released as LAN Manager for DOS </li></ul>
  20. 20. History continued <ul><li>Microsoft & IBM part ways </li></ul><ul><li>Microsoft becomes bearer of of SMB protocol </li></ul><ul><li>IBM develops OS2 with limited DOS compatibility </li></ul><ul><li>Microsoft continues enhancing SMB </li></ul>
  21. 21. Precautions <ul><li>You should have administration rights in the Windows NT domain </li></ul><ul><li>Misconfigured SAMBA can cause problems for everyone in the domain </li></ul>
  22. 22. Parameters needed <ul><li>Name of the Windows NT domain or the name of the local workgroup if peer to peer </li></ul><ul><li>IP addresses of any WINS servers on this domain </li></ul><ul><li>Names of users and groups in the Windows NT domain that will access services in SAMBA </li></ul>
  23. 23. Enable the swat service <ul><li>Find the service listed in the /etc/inetd.conf file </li></ul><ul><li>Uncomment the line for swat </li></ul><ul><li>Restart inetd </li></ul><ul><ul><li>$ killall _HUP inetd </li></ul></ul><ul><ul><li>swat runs on port 901 </li></ul></ul>
  24. 24. Configuration File <ul><li>/etc/smb.conf </li></ul><ul><li>Two overall sections </li></ul><ul><ul><li>global parameters </li></ul></ul><ul><ul><li>share definitions </li></ul></ul>
  25. 25. Assumptions <ul><li>Windows will handle browsing </li></ul><ul><li>Windows will handle name resolution issues </li></ul>
  26. 26. Browsing <ul><li>Unless specified the computer name is assumed to be the same as the TCP/IP host name </li></ul><ul><li>Explicitly specify the domain or workgroup name in the smb.conf file </li></ul><ul><li>[global] </li></ul><ul><ul><li>netbios name = SENECANODE </li></ul></ul><ul><ul><li>workgroup = SENECADOMAIN </li></ul></ul><ul><ul><li>comment = Seneca SAMBA share 750 </li></ul></ul>
  27. 27. Master Browser <ul><li>Only one node is elected as the master browser </li></ul><ul><li>In NT it is usually the Primary domain controller </li></ul>
  28. 28. Nodes <ul><li>The first node on line is deemed the master browser </li></ul><ul><li>Subsequent nodes look for the master browser </li></ul>
  29. 29. Agreeing on the master browser <ul><li>NetBios nodes agree on who should be handling browsing issues </li></ul><ul><li>Any NetBios machine may act as the master browser </li></ul><ul><li>If the master goes off line another master browser is elected </li></ul>
  30. 30. Source of Problems <ul><li>During an election every node announces its NetBios name and hardware address </li></ul><ul><li>A thousand node network can generate tremendous network traffic called a packet storm </li></ul>
  31. 31. Losing Browser Election <ul><li>We want SAMBA to always lose browser election </li></ul><ul><li>Set the OS level parameter in /etc.smb.conf to 1 </li></ul><ul><ul><li>os level = 1 </li></ul></ul><ul><ul><li>local master = no </li></ul></ul><ul><ul><li>domain master = no </li></ul></ul><ul><ul><li>preferred master = no </li></ul></ul>
  32. 32. Do not attempt browser synchronization <ul><li>Do not announce to the network </li></ul><ul><li>Comment or delete the following lines </li></ul><ul><ul><li>; remote browse sync = </li></ul></ul><ul><ul><li>; remote announce = </li></ul></ul>
  33. 33. WINS information <ul><li>Tell SAMBA where the WINS server is and not to act as a WINS server </li></ul><ul><ul><li>wins server = (sub) </li></ul></ul><ul><ul><li>win support = no </li></ul></ul>
  34. 34. Setup name resolution order <ul><li>Modify dns or /etc/hosts </li></ul><ul><ul><li>name resolv order = wins host </li></ul></ul><ul><ul><li>Checks wins first, host second </li></ul></ul>
  35. 35. User authentication <ul><li>Windows NT 4 SP3 changed to encrypted passwords </li></ul><ul><li>We will assume encrypted passwords </li></ul><ul><li>Use user level authentication not share level, it is more secure </li></ul>
  36. 36. Authentication Parameters <ul><ul><li>Security = user </li></ul></ul><ul><ul><li>encrypt passwords = yes </li></ul></ul><ul><ul><li>null passwords = no </li></ul></ul><ul><ul><li>smb passwd file = /etc/smbpasswd </li></ul></ul><ul><ul><li>unix password sync = no </li></ul></ul><ul><ul><li>;do not restrict host access , comment out </li></ul></ul><ul><ul><li>; allow hosts = </li></ul></ul><ul><ul><li>; deny hosts = </li></ul></ul>
  37. 37. Explicitly state interfaces <ul><li>Only needed if more than 1 interface is installed </li></ul><ul><li>Interfaces = eth0 </li></ul><ul><li>Tell SAMBA how to handle TCP transmissions </li></ul><ul><li>socket options = TCP_NODELAY SO_RECVBUF=8192 SO_SNDBUF=8192 </li></ul>
  38. 38. Case Sensitivity <ul><li>Use the windows NT way </li></ul><ul><ul><li>default case = lower </li></ul></ul><ul><ul><li>case sensitive = no </li></ul></ul><ul><ul><li>preserve case = yes </li></ul></ul><ul><ul><li>password level = 0 </li></ul></ul>
  39. 39. Testing the config <ul><li>Testparm tests the configuration and reports any syntax errors </li></ul><ul><li>Only syntax is tested not context </li></ul>
  40. 40. Starting the server <ul><li>Both smbd and nmbd need to be started </li></ul><ul><li>$ /etc/rc.d/init.d/smb start </li></ul><ul><li>Check the log files /var/log/samba/ log.smb and log.nmb for errors </li></ul>
  41. 41. Adding Samba users <ul><li>Use the perl script smbadduser </li></ul><ul><li>$smbadduser linuxid:ntid </li></ul><ul><li>The linux and NT user must already exist </li></ul>
  42. 42. Defining File Shares <ul><li>[sharename] </li></ul><ul><ul><li>comment = Seneca Share </li></ul></ul><ul><ul><li>path = /senecadir </li></ul></ul><ul><ul><li>guest ok = yes </li></ul></ul><ul><ul><li>browseable = yes </li></ul></ul><ul><ul><li>writable = yes </li></ul></ul><ul><ul><li>read list = usernames </li></ul></ul><ul><ul><li>write list = usernames </li></ul></ul><ul><ul><li>admin list = usernames </li></ul></ul>
  43. 43. Defining Printer Shares <ul><li>[global] </li></ul><ul><ul><li>Printing - bsd </li></ul></ul><ul><ul><li>printcap name = /etc/printcap </li></ul></ul><ul><ul><li>load printers = yes </li></ul></ul><ul><li>Printcap is the printer config file </li></ul>
  44. 44. Printer definitions <ul><li>[printers] </li></ul><ul><ul><li>comment = All Printers </li></ul></ul><ul><ul><li>browseable = no </li></ul></ul><ul><ul><li>printable = yes </li></ul></ul><ul><ul><li>public = no </li></ul></ul><ul><ul><li>read only = yes </li></ul></ul><ul><ul><li>create mode = 0700 </li></ul></ul><ul><ul><li>directory = /tmp </li></ul></ul>
  45. 45. Regarding Printing <ul><li>SAMBA routes printing by default through LPD specified using printing = bsd </li></ul><ul><li>Printers can be directly configured with printtool </li></ul>
  46. 46. Client Setup <ul><li>Three main client programs </li></ul><ul><ul><li>smbclient </li></ul></ul><ul><ul><li>smbmount </li></ul></ul><ul><ul><li>smbprint </li></ul></ul><ul><ul><li>Print requests must be sent through the local print filters </li></ul></ul>
  47. 47. Connecting to an SMB share <ul><li>Mounting </li></ul><ul><ul><li>$ smbmount //servername/sharename /localpath -o options username= ?user? password= ?password? </li></ul></ul>
  48. 48. SAMBA 2.0 <ul><li>Has more concrete support for NT Domains </li></ul><ul><li>a user can log in to a Windows NT domain and use all the computers in the domain without logging into them individually </li></ul>
  49. 49. Performance <ul><li>Name/browsing service now supports 35,000 simultaneous clients </li></ul><ul><li>File and print services support many concurrent users without noticeable performance degradation. </li></ul>
  50. 50. Performance <ul><li>Linux/Samba on identical hardware now consistently performs better than NT Server </li></ul><ul><li>Improved locking allows client machines to cache entire files locally, improving speed </li></ul><ul><li>and many more </li></ul>
  51. 51. End of Presentation