Notes for Week 9

1. Sample /etc/samba/smb.conf:

   [global]
   guest account = guest
   log file = /var/log/samba/log.%m
   vfs objects = audit
   log level = 0 vfs:2
   max log size = 0
   netbios name = c142
   null passwords = yes
   printing = lprng
   workgroup = RWC
   [ken]
   path = /home/ken
   valid users = ken
   writeable = yes
   [public]
   hosts allow = 127.0.0.1 192.168.1.150
   hosts deny = 0.0.0.0/0
   path = /home/samba/%U
   writeable = yes
   [laserjet]
   guest ok = yes
   printable = yes
   printer = lp
   writeable = no
   

   This establishes three shares supplied by the server C142:
   1. a private share called ken for ken's (and only ken's) access to his home directory.
   2. a share called public, where each user gets their own directory in /home/samba/username. Access to this share is restricted to the server and one other host.

   For each user to log in, you need to create a UNIX user (using useradd) and add that user to the samba passwd file using

   smbpasswd -a user

   The username and password used in the smbpasswd command must be those used to connect to the share from the client. The user's directory must be created manually.

   3. a printer share.

   The guest user must be added manually. And the UNIX guest user must be created before Samba will start!

   Logging is to a separate file for each host, and includes audit information on file access. You must create the log directory before logging will take place.

2. Test the validity of your smb.conf file with testparm before starting samba.
3. Use

   smbclient -L yournetbiosname -U test

   to list shares available from your samba server.
4. A share is mounted as if it were a local device, using

   smbmount //host/share mount-point -o username=test

   The "mount-point" is an empty directory; one must be created for each user, and if a user must have more than one share mounted at a time, they will need one mount point directory for every simultaneous mount. These mount point directories should be created under each user's home directory.

   After the smbmount command is executed, the share is accessible in the mount point directory. After the smbumount command is executed, the mount point directory is again empty.

   In practice, it should not be necessary for a UNIX user to mount their own home directory through a private Samba share. But if they do, the mount point must not be in their home directory! Doing so results in circular file system references which can cause no end of troubles.

   When problems occur, it is sometimes tempting to kill the smbmount process and start over. In such a situation, the use of "kill -9" will provide you with an excellent reason not to ever do this again. smbmount is a user program which makes use of the smbfs kernel module to interact with Samba, either locally or on a remote server. It does not like to be killed, and when you use "kill-9", its messes are not cleaned up. In all likelihood you will be unable to reload the smbfs module, and you will have to reboot Linux. To avoid this,
   1. learn how to use smbmount properly, and
   2. use smbumount to unmount a share which seems to be causing problems; if that doesn't work, "umount -f" as root.
5. A file is printed using

   smbclient //host/printer -U guest -c "print local.file"

6. All authorization information is kept in /etc/samba/private.
7. EXERCISES for Week 9:
   1. Modify the smb.conf file above as follows:

      1. Change the netbios name to "cnnn" (where nnn is your PC number).
      2. Change the workgroup to "islandn" (where n = 1, 2, 3 or 4).
      3. Change the private (old ken) share to correspond to a non-root user on your system.

      Copy it into /etc/samba. Check it with testparm and start samba. Check the tail of the system log file, as well as the samba log files.
   2. List your shares from both your PC and another. Mount the user (old ken) share using smbmount, both from your PC and another. Do a "df" and a "ps aux" while the share is mounted, both on the client PC and on the server. Be sure to smbumount the share when you have finished examining it. Re-examine the samba log files.
   3. Add UNIX users tom, dick and harry. Make them samba users as well. Create directories for them in /home/samba (and set their ownership and permissions correctly!). Put a different file in each (so you can tell them apart). Mount each of their directories using the public share, both from your PC and another. Be sure to smbumount all shares when you have finished examining them.
   4. Start another PC up using Windows. Add a UNIX user to your samba server with the same name as the one you used to login to Windows, and make that user a Samba user with the same password you used in Windows. Create a directory for that user in /home/samba. Open the public share from the Windows PC and examine it. Try to open the private share (old ken).
   5. Share a directory on the Windows system. Open it from your PC using linux and smbmount.
   6. Modify your smb.conf to allow only the PCs on your island, and the instructor's PC (192.168.1.150) to access the public share. Restart samba and test it from both your island and another.

©2008, Kenneth R. Koehler. All Rights Reserved. This document may be freely reproduced provided that this copyright notice is included.

Please send comments or suggestions to the author.