Troubleshooters.Com presents

November 1998 Troubleshooting Professional Magazine

Samba

Copyright (C) 1998 by Steve Litt, All rights reserved. Material provided as-is, use at your own risk.


Note: If your windows machine obtains its IP automatically through WINS using DHCP for WINS resolution, you must make your Linux machine a DHCP server.
Note: There is a document for renumbering and configuring the server.

Hello World

By Steve Litt, Steve Litt's email address
The Hello World exercise allows you to see your Linux computer in Windows 95/98 Windows explorer, and nothing more. It involves merely creating a 3 line configuration file for Samba which maps Samba to your Windows machine's workgroup.
  1. Back up existing /etc/smb.conf.
  2. Create this ultra-simple /etc/smb.conf, which does nothing but allow Windows to see it:
  3. Restart Samba on the Linux box with this command:
  4. In Windows Explorer, doubleclick on Network Neighborhood, then on Entire Network, then on your workgroup, and see if you see your Linux computer. If not, Startbutton:find: and then type in the name of your Linux computer (linuxhost in this example), and if it finds it, double-click on it. It should now be visible in Explorer.
  5. Note that doubleclicking the linuxhost icon produces a blank screen on the right, in which you cannot create, copy or modify files. That's because you have not yet defined directories.
  6. When you can see the linuxhost icon in Windows Explorer, you know Samba is running correctly on your Linux machine, and you've completed the Hello World.
  7. [global]
       guest account = pcguest
       workgroup = MYWGRP

    [homes]
       comment = Home Directories
       browseable = no
       read only = no
       create mode = 0750
     

    Global Section
    Define guest account
    Define MS Win workgroup. Replace MYWGRP with the windows workgroup defined in Windows ControlPanel:Network:Identification_Tab:Workgroup_field. Note that for best results, the workgroup field should be 8 or less characters, and upper case.
Steve Litt can be reached at Steve Litt's email address.

Incriment: Create and Access a Free-to-All Directory

The purpose of this incriment is to create a directory which anyone can read or write, without supplying a password. This is important,because in order to use passwords with Samba and Win98 or Win95 SR2, other modifications need to be made. It consists primarily of creating the directory, with the proper permissions, on the Linux box, then adding a few lines to /etc/smb.conf.
  1. As root, create directory /scratch off the root.
  2. chmod 777 /scratch        #all rights to everyone
  3. Add the [scratchdisk] section to /etc/smb.conf as shown below:
  4. Restart Samba on the Linux box with this command:
  5. In Windows Explorer, doubleclick on Network Neighborhood, then on Entire Network, then on your workgroup, and see if you see your Linux computer. If not, Startbutton:find: and then type in the name of your Linux computer (linuxhost in this example), and if it finds it, double-click on it. It should now be visible in Explorer.
  6. Doubleclick the Linux computer to see the scratchdisk directory. If you can't see it, you may need to refresh Explorer with the F4 key.
  7. Navigate to the scratchdisk directory.
  8. Create directory mydir inside the scratchdisk directory, and navigate into mydir. If you get error messages, make sure directory /scratch exists on the Linux box, and that it has all permissions for all parties (drwxrwxrwx).
  9. In directory mydir, create text file mytext.txt, type in a couple lines with notepad, save it, exit notepad, and pull it up again, exit notepad again.
  10. On your linux box, do this command:
  11. You'll see the text you typed in. However, you might notice aberrations in the linefeeding, due to the different newline definitions in Windows and Linux.
  12. On your Linux box, do this command:
  13. You'll notice the file permissions to be -rwxr--r--, and the owner to be your guest account, pcguest. Since all persons accessing this directory will access it as user pcguest, this means anyone accessing the file through Samba will be able to modify the file. Note also that as of now, we've implemented no sharing, which means two users can't reliably modify the file at the same time.
With the completion of this increment, you've used your Samba-enabled Linux machine as a file server accessible from your Windows computer, although you've implemented no security.

Increment: Map a Network Drive to Scratchdisk

This short increment maps a drive to the scratchdisk directory, and allows you to copy files back and forth in a DOS box.
  1. In Windows Explorer, navigate through Network Neighborhood to the scratchdisk directory.
  2. Right-click the scratchdisk directory, choose Map network drive off the popup menu, and choose drive V. If V isn't available, pick another, and work the exercises with that drive instead. Make sure the Reconnect at login checkbox is checked. Click OK.
  3. Note that drive V now appears on your Windows Explorer tree, as if it's a local drive.
  4. Get to a DOS prompt.
  5. Type V: then press Enter, and note the prompt.
  6. Type dir to get a directory, and note that you see directory mydir, which you created earlier.
  7. Navigate to the mydir directory using command cd \mydir
  8. Type C: then press Enter, to get to the C drive.
  9. Create c:\junk on your Windows computer, then navigate to that directory.
  10. Do this command in DOS:
  11. Edit c:\junk\mytext.txt, add one more line of text, then save it.
  12. copy c:\junk\mytext.txt v:\mydir\mytext.txt
  13. type v:\mydir\mytext.txt
  14. Note that when you typed the text on V, the line you added showed up.
  15. Reboot your Windows computer, and note that your V: drive still appears in Windows explorer, and still contain \mydir\mytext.txt. Note that you really have created a fileserver.
With the completion of this increment, you've mapped a drive to your Samba system, stored and modified a file on that system, and had it persist through a reboot. It's absolutely a fileserver.

Increment: Access Your Home Directory on the Linux Box

This increment is the first to implement user level security. It simply allows the Windows user to access the home directory of the Linux user of that same name. Note, however, that because of changes to Windows in Service Release and later, this increment will succeed only with users of earlier Windows 95. The increment after this will address the Windows client problems.
  1. Make sure you have user myuid on the Linux box.
  2. Insert the [homes] section with its comment into /etc/smb.conf.
  3. Restart Samba on the Linux box with this command:
  4. In Windows, log out and log in as user myuid.
  5. In Windows Explorer, navigate network neighborhood down to the linuxhost computer and doubleclick it. You should now see your myuid directory.
  6. Doubleclick the myuid directory. You'll be asked for a password. Type in the password for myuid onthe Linux box. If you have early Windows 95, you'll see the contents of your home directory on the Linux box. If you have windows 95 Service Release 2 or later, or Win98, it will tell you the password was wrong.
  7. If you managed to see the myuid directory, you successfully finished this increment, whether or not you were able to navigate your home directory.
With the completion of this increment, you've implemented security. You'll see your home directory, but nobody elses home directory. You may not be able to navigate your home directory, but that isn't an error on your part, it's a change Microsoft implemented in Service Release 2 of Win95. The next increment will fix that problem. However, if you can already navigate your home directory, please skip the next increment.

Increment: Implement Samba Password Encryption

This increment changes Samba from "plain text" passwords to "encrypted" passwords. Before Service Release 2, Windows defaulted to plain text passwords. In SR2 and beyond, it defaulted to encrypted, thus clashing with Samba's default. We can fix the problem by re-defaulting Windows to plain text, or we can set up Samba to use encrypted. The latter is better, since only one machine needs modification. However, in certain cases changing Samba to accept encrypted passwords requires re-compilation of the Kernal. Since that action is clearly beyond the scope of this tutorial, if this increment doesn't work we'll walk you through a Windows registry change to re-enable plain text passwords.
 
  1. Add    encrypt passwords = yes and password level = 20 to the [global] section of /etc/smb.conf as shown below, and save.
  2. Type the following commands to make sure both myuid and MYUID users are in the system:
  3. For each id in the step above, do a passwd command to give it a password.
  4. Type the following command to put the password for user myuid into the smb password file:
  5. Restart Samba on the Linux box with this command:
  6. On your Windows machine, log out and log back in as user myuid, giving the same password as on the Linux machine. If your Windows machine already has a different password for myuid than the Linux machine, you'll be asked for a password when you try to access the myuid directory in Windows Explorer.
  7. When you can view create and change files on your myuid directory (please change only those you created from Windows, you've successfully completed this increment.

Troubleshooting

Make sure the smb password file is really being created. It's called smbpasswd, and in Red Hat 5.1 it's in the /etc directory. If there are problems, review the information in these pages (or their equivalents on your system) If there's still a problem, it's possible that your Linux must be recompiled to accept encrypted passwords, clearly beyond the scope of this tutorial. In that case, you may wish to fix it on the client end.

With the completion of this increment, you've implemented security on a user level, and allowed each user to access his or her Linux home directory from his or her Windows machine, based on the Windows login. Note especially, that the substantial obstacle of password compatibility has been addressed, making the rest of this tutorial much easier.

Increment: A Read-Write directory for certain users to share

This allows users myuid and clinton (you might need to create clinton) to share directory sharedir, identified to Windows as myshare.
  1. As root, create directory /sharedir
  2. As root, create user clinton if not created
  3. Add the myshare section, as shown in bold below.
  4. Restart Samba on the Linux box with this command:
  5. /etc/rc.d/init.d/smb restart
  6. In Windows Explorer, doubleclick on Network Neighborhood, then on Entire Network, then on your workgroup, and see if you see your Linux computer. If not, Startbutton:find: and then type in the name of your Linux computer (linuxhost in this example), and if it finds it, double-click on it. It should now be visible in Explorer.
  7. Doubleclick the Linux computer to see the scratchdisk directory. If you can't see it, you may need to refresh Explorer with the F4 key.
  8. Navigate to the scratchdisk directory.

 
 
 
 
 
 
Steve Litt can be reached at Steve Litt's email address.

Incriment: Access a Home Directory

The purpose of this incriment is to allow you to access a

[ Back to this month's Troubleshooting Professional Magazine ]

[ Back to Troubleshooters.Com ]