Sharing files and printers over a home network (Samba)

Created on 30 September 1998
Last updated on 15 April 1999
Development stage: ver 1.1

This guide was written to be part of Josh's Linux Guide

Introduction

This guide was written while I was setting up my own home network as a means of remember the steps involved, but I trust it may prove useful to others too.  It assumes a TCP/IP ethernet connection has been established (ping works, /etc/hosts has been completed), although it is not necessary that all the computers run the same operating system (OS) - OS/2 and Windows 95/8 can easily be configured to share with Linux (as I suspect can NT but this is not covered below). My experience in this area is based on RedHat 5.1, but I think the guide is applicable for other distributions.

Warning: I should emphasise that the following is for a home network, where I presume security issues are not pre-eminent.   But if you also connect to the net, you will want to stop any unwelcome atempts to access your shares.  A few tips I've found are mentioned below, but if security is crucial, please check the Samba documentation more extensively.

As the ultimate network OS, Linux can act as the server in a client/server network but, for home purposes, it is simpler to aim for a 'peer' network, where each computer is a server and client simultaneously.  Although the computers can talk to each other quite straightforwardly, there appears to be no harmonisation of the terminology: we shall be using Samba (and the SMB protocol) on Linux, and connecting to other Linux machines or peers running other OSs with NETBIOS, NETBEUI, LAN Manager or (ports of ) Samba.

I am no expert in these matters, and would welcome comments and suggestions from those more knowledgeable.

Installing Samba

The Samba rpm is included with RH5.x, but you may need to install it manually - the latest version is available from here.  Samba includes both the server and a client program.  Alternatively collect the latest version in tgz format, and install it by hand.

Next you wil wish to ensure that the daemons (smbd, the Samba server, and nmbd, the NETBIOS server) are started at bootup by inetd (this can be cofigured in RedHat using /usr/sbin/ntsysv)

Warning:   If smbd is started every time you boot up and this may (I'm not sure exactly what the risk is) expose parts of your system when you are on the net.  Be warned!

Samba server: the /etc/smb.conf file

The directories and files available to peer computers are configured in the file /etc/samba.conf.  The man pages for smb.conf run to 66 pages, but the following should be enough to edit the smb.conf installed by the rpm and enable your peers the simplest, relatively unfettered access to the samba server.

Note: the smb.conf file is case insensitive, is regularly checked for changes (useful while setting things up) and that, if it is not obvious, lines beginning with ; are ignored.

The [global] section

This section sets certain general parameters.  If you want to enable browsing of your shares (e.g. using Windows Network Neighbourhood), you will need use the following and ensure that you set the same workgroup for all computers on your network - this is done differently in each operating system - and that an account "pcguest" (you may be able to use the nobody account set up by some distributions, but I don't undertsand this concept yet) has been created (with no password):
workgroup = MYGROUP
guest account = pcguest
For a home network, a couple of parameters can be put in the config file which help shut off any unintended access.
hosts allow = 10.2.1.2/255.0.0.0
; hosts allow = 10.2.1.
security = USER
Note: with version 2.0 of samba you can use the syntax in the commented line instead, and without the "/subnet mask" part too.

The [user] sections

In contrast with the global settings which affect all shares, the user settings are specific to each share. Consider the following extract from my smb.conf. The section name (line 1) is the name of the share that will be reported to the client - comment (line 2) adds more detail if necessary. Line 3 identifies the directory to be served.  For the security conscious, line 4 specifies exactly which users (which will need to have already been set up) are allowed to access to this service (note that you may need to check with your client program what userid it passes to Samba, and its treatment of capital letters etc), and line 5 confirms (rather superfluously) that this is not a public service.  Line 6 permits the user to write to this directory (and its subdirectories).  Line 7 would stop users following symlinks outside of this specific part of the directory tree.

The [printers] section

The following is what I use successfully in my smb.conf. Many of the parameters are discussed in the [users] section, but this section must be set to "printable".  If included, users are able to connect to any printer specified in the server's /etc/printcap file.

The [homes] section

Completing this section will allow the Samba server to create user accounts on-the-fly - in a workplace environment, Samba may need to be configured to provide flexibility for a large, and potentially changing, set of clients.  That is to say, it will open a default service for anyone using a known userid in the /etc/passwd file.

Smbclient

smbclient has been developed, and is distributed, with the samba package.  It provides a command-line, ftp-like interface to shared resources.  To quickly check whether the connection is basically working, try: Note: the extra backslashes (\) are needed because this is a reserved character under Linux.

You can use the -N flag if you are connecting to a public share and don't want to be prompted for a password.

In order to resolve names, smbclient looks in /etc/lmhosts first and then /etc/hosts.

Mounting remote services

In order to ensure seamless (meaning GUI) access to remote services, you will want to mount them in just the same way as local hard disk partitions.  The two programs available which do this are not part of the Samba project, although smbmount is currently part of the Samba rpm (but see section 16 of the Current samba-bugs FAQ, which claims that the code is reported not to work well). To make things more complicated they use similar, but nonetheless different, command syntax to smbclient.

Note: I understand, and this is certainly my experience, that neither of these two solutions currently work with 2.1.x kernels.

smbmount (part of the SMBFS package)

In my own own experience, smbmount was not straight forward.  I did, however, mount a simple, anonymous Win98 remote filesystem to the /mnt/samba:
smbmount //NETBIOS_Name/ServiceName /mnt/samba -[n]I TCP/IP_address
Notes: In order to login to a samba linux machine, I needed to use the -U parameter:
smbmount //NETBIOS_Name/ServiceName /mnt/samba -U login_name
as I have not found a way of passing on the login name used to login to the client machine.  Subsequently, I am prompted for the password - in other words, I need to login twice, whereas for other OS once is enough but perhaps I've missed something?

Sharity and Sharity-light (formally rumba)

Sharity is commercial product (although free for academic use) and may well represent the future for Linux clients, but I have not tried it yet.

Sharity-light, however, is a workable product and does the same thing as smbmount (indeed both have their roots in smbfs).  However, as it runs as a user level program, the the author admits that it is slower (although not noticeably).  Nonetheless, sharity-light is what I now use to mount remote file systems and I am perfectly satisfied.  The command syntax is the same as for smbmount, but here I find I need to force it pass the password:

shlight //NETBIOS_Name/ServiceName /mnt/samba -P <password>

LinNeigborhood

A really superb little app in the making that gives a Windows like network neighbourhood.

Samba and KDE

Two KDE aware programs are available to help ease smb.conf configuration:

OS/2 setup

Since this is a Linux guide, I'll be brief when talking about other OSs.  For OS/2 Warp 4 you will want to install TCP/IP, File/Print Services, and NETBIOS over TCP/IP.  Robert Thomas and Frank R. Field have written excellent guides in English about setting up these services (although they had NT in mind as the server/peer), while Thomas Baumann covers similar ground in German.

Note: to use the OS/2 client software, it is important that you do not have lm announce = false in smb.conf (the default, auto, is fine).

There is also an OS/2 port of Samba available, Samba/2, which I presume would work easily although I have not tried it.

Windows setup

I'll say even less about BillyBoy's Win 9X - try this guide for basic TCPIP configuration, and see here for handling encrypted passwords.

As for NT, I receviced the following from Jerry Sternesky.

"I had to enable password encryption and can not log in as administrator.  Linux equates this with root and if you have remote login for root turned off it will not happen. Enabling this encryption for the password did not knock the win 98 box out, other than those 2 caveats NT appears to work the same as Win 9X."

Apple

This is really not my domain, but try this

Things "To do"

As and when time permits, I plan to add:

Links

An(other) excellent guide can be found at: http://www.sfu.ca/~yzhang/linux/samba/toc.html

Copyright © 1998 Simon Hampton. All rights reserved. Permission to use, distribute, and copy this document is hereby granted. You may modify this document as long as credit to me is given and I am informed of the changes.