The Smb page, for a small example for the Smb service.

---

For the average user, there are two main Network filesharing protocols nowdays. The NFS - Network Filesystem The SMB - Session Message Block NFS is classic in Unix and was developed by Sun Microsystems. SMB is Microsoft's File And Print Sharing. This page will give a small example for the second one. Paragraphs in this page are: A little theory A little practice Miscellaneus tasks A very interesting feature Ending A little theory. When a GNU/Linux or *BSD SMB server goes up, in reality two services start: The Smb that checks authentication and does the file and printer service and The Nmb that tunnels the Netbios host adressing protocol through TCP/IP. the daemons are called smbd & nmbd (the roles are obvious) It is recommended to start these servers as daemons, especially if the SMB service is continusly requested by the client hosts (but in general this is done automatically). The SMB server maintains an active list of all the shares that are available to the network and every shared directory - or printer - has also a share name and description. IN SMB, Every share is actively listed and when we request it from the network we do not have to know the actual location in the server's filesystem. This philosophy can produce very practical and easy to use networks, but in the other hand, it can be a dangerous hole. Considering security, obtaining the list of shares just by connecting to an SMB server isn't very secure, is it? So, if security is an issue, the SMB service must be brought up with full user authentication and protected from the wider network by a firewall. Both smbd & nmbd obtain their instructions by a configuration file: /etc/samba/smb.conf A little practice. Here is a small example with parts of my configuration file in host filer. To know more about my network, visit My System page. Parts of The /etc/samba/smb.conf in filer workgroup = MICROGROUP server string = Filer On Samba Server %v netbios name = Filer load printers = yes guest account = micro security = share [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes [micro] comment = Micro Documents on Filer path = /home/shared/home/micro public = yes browseable = no writable = yes guest ok = yes [pub] comment = Pub On Filer path = /home/shared/pub public = yes writable = yes guest ok = yes [documents] comment = Documents On Filer path = /home/shared/documents public = yes writable = no guest ok = yes Explanations The micro dir is not my home, but is used to store useful non crucial data. It is not secured, but at least it is not listed in the network shares of Filer. This option is more secure than the "hidden" micro$ share name as it would be in MS Windows. Documents is for read only. You can have useful information (templates, pictures, media, pdf documents etc.) Pub is for writing. If /home/shared/pub is a soft link to /home/ftp/pub, then the same folder that would be used by ftp clients would be used by network clients also, which is very unified and practical in my opinion. The reverse (/home/ftp/pub as a soft link to /home/shared/pub) is not recommended because the anonymous ftp user must NOT browse our filesystem tree. security = share means that no per user authentication takes place. There is just a common password for all the clients. guest ok = yes means that not even a password is required any more for the specific share. guest = micro means that all guests in this mode inherit the permissions and ownerships of user micro. I find it most practical to alter the files afterwards without having to relogon as user ftp for example or, worse, root. But if you are more fanatic for security, you can use ftp as guest and block the ftp user from having any access to the shell of your Linux server. This is easily done by editing /etc/passwd and giving a false path to a shell. The above configuration is the more easy and the least secure. The levels are 4: security = share, user, server, domain. I use the "user" level from time to time, but "share" level is the most easy to achieve. I chose /home instead of /var to store the shares, because in this way I have to worry only for one directory (/home), which in reality is a separate partition mounted on the filesystem. If printing services are configured to be up, then /etc/printcap is read by default, unless specified otherwise. Samba is very powerful and configurable but also complicated, but I would suggest to master the configuration file rather than use gui wizards to set it up for you. Miscellanious tasks. Creating the shares in the server Since the mentioned shares belong to the main user of filer "micro", a directory /home/shared must be created by root (because micro can't do this) and then the ownership of this dir can easily be given to micro: su password: <type root password> mkdir /home/shared chown micro:users /home/shared logout Then micro can create all the directories that would be needed. All this can easily be done through telnet or ssh, if host filer is remote. Configuring the client The SMB clients don't have to be MS Windows exclusively. Read the /etc/fstab to get an idea of configuring such a client mount in a GNU/Linux or *BSD client, remembering that this configuration is done with security=share in the server side. Browsing the SMB servers The Samba package has a lot of useful utilities. One is findsmb, which searches for SMB servers inside the local network: findsmb                                 *=DMB                                 +=LMB IP ADDR         NETBIOS NAME     WORKGROUP/OS/VERSION --------------------------------------------------------------------- 192.168.0.1     ATHLON         [MICROGROUP] [Unix] [Samba 3.0.4] 192.168.0.192   FILER         +[MICROGROUP] [Unix] [Samba 2.2.8a] Another is smbclient, which does more than the example below: smbclient -L filer passwd: <in sequrity=share, password is just [Enter] >         Sharename      Type      Comment         ---------      ----      -------         pub            Disk      Pub On Filer         documents      Disk      Documents On Filer         IPC$           IPC       IPC Service (Filer On Samba Server 2.2.8a)         ADMIN$         Disk      IPC Service (Filer On Samba Server 2.2.8a)         epson          Printer         Server               Comment         ---------            -------         FILER                Filer On Samba Server 2.2.8a         Workgroup            Master         ---------            -------         MICROGROUP           FILER Mounting by hand in GNU/Linux or *BSD This task is easy: su password: mount -t smbfs -o passwd= //filer/pub  /mnt/smb/filer/pub Including the mount in /etc/fstab Simply add a relevant line or more of this line example: //filer/documents /mnt/nfs/filer/documents smbfs passwd= The directories must be created before the mount. If no active nameserver is present in the LAN, filer has to be defined in /etc/hosts. We can also mount a directory from a Windows File and Print Server. A very interesting feature. A Samba server running in a Linux box can have a very interesting feature: If we include this: [homes]    comment = Home Directories    browseable = no    writable = yes and we assign the main documents folder of all users in all all MSWindows clients to be: \\filer\micro where micro is the username which has to be changed to the appropriate one, then every user can access his/her own documents while in reality they are located in the central Linux server. But it would be preferable to set the Samba server's security to user. If the Windows clients are from NT and above (2000, Xp) and we create all users in all the clients, then they would access their own documents nomatter which Windows client they would log into! But for security reasons, all users plus administrators would have to be assigned with passwords. Ending. MS Windows hosts as clients or servers can be configured very easily. Explanations in this issue would exceed the role of my Linux pages. That's it, I wish you all happy filesharing.