If you’ve never installed and configured a network server, Samba is a good place to begin; its installation and configuration are generally simple and straightforward.

The Samba server includes the nmbd and smbd programs (which run as daemons), several utility programs, manpages and other documentation, and three configuration files: /etc/samba/smbusers, /etc/samba/smb.conf, and /etc/samba/lmhosts. The smbusers file associates several user accounts that are special to Samba with Linux user accounts; for example, it associates the Samba user IDs, administrator and admin, with root. Generally, you don’t need to change smbusers. Likewise, you don’t generally need to revise lmhosts. You’ll learn how to configure the smb.conf file shortly.

The simplest way to install Samba is to select it during system installation. However, if you failed to do so, you can install Samba by using GnoRPM to install the following packages:

The /etc/samba/smb.conf file lets you specify a variety of options that control Samba’s operation. You can edit the file by using your favorite text editor; however, the Samba Web Administration Tool (SWAT) lets you view and change options using your web browser, which is generally much easier than using a text editor. The SWAT tool verifies the values of parameters you enter and provides online help.

To use SWAT, you must first configure xinetd to launch SWAT when you request it. To do so, issue the commands:

               chkconfig xinetd on
               chkconfig swat on

Then signal the xinetd process that you’ve modified one of its configuration files, by issuing the following command:

               service xinetd reload

To access SWAT, point your browser to port 901; for example, you can use the URL http://localhost:901.

only_from = 127.0.0.1

Your web browser will prompt you for a user account and password; specify root as the user account and give the appropriate password. Figure 11-10 shows SWAT’s main menu, accessed by using the system’s IP address in place of its hostname.

Figure 11-10. SWAT’s main menu

To configure your Samba server, click the following toolbar icons:

Configuring global variables

To configure global options, click the Globals button on the toolbar. Figure 11-11 shows the Global Variables page, and Table 11-1 describes the most important options. You can access additional options by clicking Advanced View. To change an option, select or type the desired value. When you’ve changed all the options you want to change, click Commit Changes, and the changes take effect.

Figure 11-11. SWAT’s Global Variables screen

Tip

Samba’s main configuration file, /etc/samba/smb.conf, is overwritten by SWAT. The specifications contained in the file are retained and shown as initial values; however, any comments in the file are deleted.

Table 11-1. Samba’s Global Variables

Option group	Option	Description
Base	workgroup	The workgroup name displayed when the server is queried by a client.
	netbios name	The NetBIOS name by which the server is known.
	server string	The text string displayed to describe the server.
	interfaces	The IP address(es) of the interface(s) through which Samba should listen. Each IP address is followed by a forward slash and a number that specifies the number of bits that pertain to the network portion of the IP address (usually 24), for example, 192.168.1.0/24. If this option is not set, Samba attempts to locate and automatically configure a primary interface. Samba lets you specify the interface name, rather than an IP address, if you prefer.
Security	security	Specifies how Samba authenticates requests for access to shared resources. The default value, user, is helpful when the Samba server and its clients have many common user accounts. The value share can be useful when few common user accounts exist, because it allows users to access shared resources without first logging in to the server. The value server lets another SMB server perform authentication on behalf of the server. The value domain specifies that the host is integrated within a Windows NT domain; it behaves similarly to the value user. You should generally use the default value.
	encrypt passwords	Specifies whether Samba will negotiate encrypted passwords, which are expected by Windows NT 4.0 SP3 and later, 98, Me, and 2000.
	update encrypted	Allows automatic updating of an encrypted password when a user logs on using a nonencrypted password. This option is useful when migrating to encrypted passwords and should otherwise be set to No. It requires that Encrypt Passwords be set to No.
	guest account	The Linux user account used to provide services for guest users.
	hosts allow	A list of hosts that can access the server. If not specified, all hosts are permitted access.
	hosts deny	A list of hosts that cannot access the server.
Logging	log file	Specifies the name of Samba’s log file.
	max log size	The maximum size of the log file in kilobytes (KB). When the specified size is exceeded, Samba begins a new log file. A value of 0 lets the log file grow indefinitely.
Tuning	socket options	Specifies TCP options that can improve performance. The default options are generally acceptable.
Printing	printing	Specifies how Samba interprets printer status information. Generally, lprng is an appropriate choice for a Linux system.
Browse	os level	Specifies the level at which Samba advertises itself for browse elections. A high number makes it more likely that Samba will be selected as the browser. The value 65 causes clients to prefer Samba to a Windows NT server. The default value is generally acceptable; unintentionally high values may cause browsing problems and may cause NT/2000 servers to become unstable.
	preferred master	Specifies whether Samba is the preferred master browser for its workgroup. Used with domain master = yes to force acceptance of the host as the master browser for its workgroup.
	local master	Specifies whether Samba will bid to become the local master browser on a subnet. Generally, the default value is acceptable.
	domain master	Specifies collation of browse lists across a Wide-Area Network (WAN). May result in strange behavior when a workgroup includes a Windows NT Primary Domain Controller (PDC). Generally, the default value is acceptable.
WINS	dns proxy	Specifies that Samba will use DNS to attempt to resolve unknown NetBIOS hostnames. Generally, the default value is acceptable.
	wins server	Specifies the IP address of the WINS server with which Samba should register itself, if any. This item should be specified whenever a network includes a WINS server.
	wins support	Specifies that Samba should act as a WINS server. Useful when the network includes several subnets. Do not specify this option for multiple systems of a single network. Generally, the default value is acceptable.

You probably won’t need to make many changes to Samba’s global variables. Setting the workgroup and netbios name is sufficient for most users. If your system has more than one network adapter card, you’ll also need to set the interfaces variable. If your network includes Windows 98/NT/2000 clients, you’ll need to set encrypt passwords.

Warning

If your system is attached to a cable modem or other interface that makes it available to other network users, you should specify security options that prevent unauthorized users from accessing your files or printer. For example, use the hosts allow option to restrict the hosts allowed to access your Samba server.

Configuring file share parameters

To establish and maintain file shares, use the Shares button on the toolbar. Figure 11-12 shows the Share Parameters page.

Figure 11-12. SWAT’s Share Parameters screen

Red Hat Linux configures a default share, homes, which lets Linux users access their Linux /home directory as a Samba share. You can create a new share by typing its name and clicking Create Share. To delete a share, choose the share name from the drop-down list and click Delete Share. To work with an existing share, choose it from the drop-down list and click Choose Share. When you click Choose Share, the page shown in Figure 11-13 appears. This page lets you view and change a variety of share options. Table 11-2 describes the available share options. You can access additional options by clicking Advanced View. As with the global options, you may not need to change many share options. Likely candidates for change are the comment, path, and read only options.

Figure 11-13. SWAT’s expanded Share Parameters screen

Table 11-2. Samba File Share Options

Option group	Option	Description
Base	comment	The description displayed when the file share is queried by a client.
	path	The path that is shared by the server.
Security	guest account	The Linux user account used to provide services for guest users.
	valid users	Specifies users allowed to access the share.
	read only	Specifies whether the share can be written or is read-only.
	create mask	Specifies the permissions associated with created files, as an inverse value.
	directory mask	Specifies the permissions associated with created directories, as an inverse value.
	guest ok	Specifies whether guest access (access without a password) is allowed.
	hosts allow	A list of hosts that can access the file share. If not specified, all hosts are permitted access.
	hosts deny	A list of hosts that cannot access the file share.
Browse	browseable	Specifies whether the file share is visible in the list of shares made available by the server.
Miscellaneous	available	Specifies whether the share is available; by setting this option to No you can prevent access to the share.

Configuring printer share parameters

You configure printer share parameters in much the same way you configure shares. Begin by clicking the Printers toolbar button. You can use the page shown in Figure 11-14 to create a new printer share, delete a printer share, or modify an existing printer share.

Figure 11-14. SWAT’s Printer Parameters screen

If you select a printer from the drop-down list and click Choose Printer, the page shown in Figure 11-15 appears. Table 11-3 describes the available print share options. You can access additional options by clicking Advanced View. As with the global options and file share options, you may not need to change many printer share options. The comment option is the most likely to be changed.

Figure 11-15. SWAT’s expanded Printer Parameters screen

Table 11-3. Samba Print Share Options

Option group	Option	Description
Base	comment	The description displayed when the printer share is queried by a client.
	path	The print spooling directory.
Security	guest account	The Linux user account used to provide services for guest users.
	guest ok	Specifies whether guest access (access without a password) is allowed.
	hosts allow	A list of hosts that can access the printer share. If not specified, all hosts are permitted access.
	hosts deny	A list of hosts that cannot access the printer share.
Printing	printable	Specifies whether printing is permitted. If this option is set to No, clients may still be able to browse the printer share.
	printing	Specifies the type of printer interface used, which determines what commands Samba issues to control the printer; lprng is generally a good choice.
Browse	browseable	Specifies whether the printer share is visible in the list of shares made available by the server.
Miscellaneous	available	Specifies whether the printer share is available; by setting this option to No, you can prevent access to the printer share.

The Status button on SWAT’s toolbar lets you view the status of the Samba server. The page shown in Figure 11-16 shows the following information about the status of your Samba server:

Using the controls on the page, you can refresh the contents, set the auto refresh interval (in seconds), start and stop either daemon, and kill an active connection.

Figure 11-16. Samba’s Server Status page

The View button on SWAT’s toolbar lets you view the Samba server’s main configuration file, /etc/samba/smb.conf (shown in Figure 11-17). By default, the page shows only the basic configuration options; clicking Full View causes SWAT to display every configuration option.

Figure 11-17. SWAT’s Current Config screen

You can specify user accounts authorized to access Samba resources by clicking SWAT’s Password toolbar button and accessing the page shown in Figure 11-18.

Figure 11-18. The Server Password Management page

This page lets you:

The user accounts that you specify on the Server Password Management page are those that your Samba server recognizes as authorized to access its resources.

The bottom part of the page, titled Client/Server Password Management, lets you change the password associated with a user account on a remote system running Samba or SMB. Changing a password by using Client/Server Password Management is often more convenient than logging in to the remote host and using its password change facility.

After you’ve configured Samba, start the smb service by issuing the command:

               service samba start

This command starts both the SMB and NMB (NetBIOS name server), services associated with Samba.

You can view the status of the smb service by issuing the command:

               service samba status

If the service is running, the command should report the process IDs of Samba’s snmd and nmbd processes.

To stop Samba, issue the command:

               service samba stop

If you’ve reconfigured Samba, you can restart the smb service with this command:

               service samba restart

If you want Samba to start automatically when you boot your system, issue this command:

               chkconfig --level 345 smb on

Alternatively, you can use Neat to specify that the smb service should start automatically.

To verify that Samba is working, use the Server Password Management screen to authorize a Linux user account to access Samba. For this purpose, choose a Linux user account that has the same username and password as an account on a Windows client. Log in to the Windows client using that username and password and use the Windows Explorer’s Network Neighborhood to locate and use the Samba share. You’ll find more information on using Samba shares in the next section.

If you can’t access the share, consider the following likely reasons:

If you’re unable to find the problem, consult the documentation that accompanies Samba. In particular, peruse the file DIAGNOSIS.txt, which resides in the /usr/share/doc/samba-*/docs/textdocs directory or its equivalent on your system. This file includes a step-by-step procedure for verifying the operation of your Samba server. When a step fails, you can consult the file to determine the likely causes and how to go about fixing the problem. Chances are, you’ll be able to administer Samba without outside help, but if not, you’ll find the participants in the comp.protocols.smb newsgroup to be helpful. Another resource is O’Reilly’s Using Samba, by Robert Eckstein, David Collier-Brown, and Peter Kelly. Since the book was published under the Open Publication License (OPL), Using Samba is also available online in electronic form at http://www.oreilly.com/catalog/samba/.

Like any network server, Samba provides a wealth of options and facilities. If you thoroughly explore these facilities, you’re likely to break your server. To avoid problems, you should keep a backup copy of your /etc/samba/smb.conf file. Doing so can be as easy as issuing the following command after Samba is up and running:

               cp /etc/samba/smb.conf /etc/samba/smb.conf.bak

Then, if your server ceases to work, you can restore your old configuration by issuing the command:

               cp /etc/samba/smb.conf.bak /etc/samba/smb.conf

You’ll also need to restart your system (or at least the Samba daemons).