7.4. Windows-style File and Print Services with Samba

Linux can provide SMB services (eg. WfW, Win95, and NT-style network file & printer sharing), using the Samba package. This section will describe how to configure shares, and how to access them from client machines.

The Samba package is included with the Red Hat distribution, you can check if it is installed and what version you have by typing:

rpm -q samba

If it isn't installed, you will need to install it using the RPM utility. See Section 10.1 for details on how to do this.

The most important Samba files you should concern yourself with are:

/etc/smb.conf

Samba configuration file where shares and other configuration parameters are set up (see below)

/var/log/samba/

Location of Samba log files

/home/samba/

Suggested location where file shares should be set up. However, you should choose a location where you have enough space on the file system to accomodate the files you will store. Personally, I usually set up a large partition mounted on /archive/ and place my shares here.

The file ``/etc/smb.conf'' contains configuration information on file & print shares. The first few lines of the file contain global configuration directives, which are common to all shares (unless they are over-ridden on a per-share basis), followed by share sections.

The Samba installation includes a default smb.conf file which in many cases should be adequate for your needs and require only a few changes.

Here is an example of this file (which I have heavily customized to show you some of the more important and interesting options):

# Items common to all shares (unless over-ridden on a per-share basis)
[global]
   # Number of minutes of inactivity before client is disconnected
   # to avoid consuming resources.  Most clients will automatically
   # reconnect so this is a good idea to enable.
   dead time = 10

   # Don't let users connect as "root", just-in-case.  :-)
   invalid users = root

   # Specify the account for guest shares (shares that don't require
   # a password to connect to.  This username must be a valid user
   # in the /etc/passwd file.
   guest account = guest

   # Specify where log files should be written to.  The "%m" suffix
   # means that log files will be created in the format
   # log.machine-name (eg. "log.twixel")
   log file = /usr/local/samba/logs/log.%m

   # Maximum size of log file, in Kilobytes.
   max log size = 1000

   # Password level 3 means that case is not an issue when entering
   # passwords.  A little less secure than level 1 or 2 would be,
   # but seems to be a fair compromise for user convenience.
   password level = 3

   # Specify that all shares should appear in the browse list
   # (override any you don't want on a per-share basis).
   browseable = yes

   # If this is enabled, you can see active connections using the
   # "smbstatus" command.
   status = yes

   # The level of debugging information that is recorded in the log
   # files.  Higher values generate more information (which is
   # probably not very useful, most of the time).
   debug level = 2

   # This will send any Windows-style "POPUP" messages received on
   # the server to the postmaster by e-mail.  Not very useful, but
   # an interesting demonstration of what can be accomplished.
   message command = /bin/mail -s 'Message from %f on %m' postmaster < %s; rm %s &

   # This is a form of caching that, when enabled, may improve
   # performance when reading files.
   read prediction = true

   # A list of services that should be added automatically to the
   # browse-list.
   auto services = cdrom

   # The location of your "printcap" file, a text file containing
   # definitions for your printers.
   printcap name = /etc/printcap

   # If enabled all printers in the /etc/printcap file will be
   # loaded into the browse-list.
   load printers = yes

   # The print command by which data is spooled to a printer under Linux.
   print command = lpr -r -P%p %s

   # The print command by which job queue information (printer status)
   # can be obtained.
   lpq command = lpq -P%p

   # The print command by which unwanted print jobs can be deleted
   # from the queue.
   lprm command = lprm -P%p %j

   # The level at which Samba advertises itself for browse elections.
   # Currently set to a high value to give it an even "foot-hold" with
   # any swarmy NT servers on the network.  :-)
   os level = 34

# These are user's personal shares.  If the client's username matches on the
# server, they can access their home directory (provided they enter the
# correct password).
[homes]
   # The comments appear in the browse list.
   comment = Home Directories

   # This matches the username of the client to that of the share.
   # If they do not match, no share will be displayed in the browse
   # list, or available to connect to.
   user = %S

   # The path to the share.  For example, "smithj" would map to
   # "/home/smithj"
   path = /home/%S

   # If enabled, allow read/write access to the shares.
   writeable = yes

   # Just an inverted synonym for "writeable".  We don't *really* need
   # to use both.  :-)
   read only = no

   # Keep this disabled so that a password is required to access these 
   # shares.
   public = no

   # We don't want this share (after all, it is private) to appear in
   # the browse-list of other users.
   browseable = no

# This is a publicly available print share, called "hp_laser".  It appears
# on the browse lists and can be accessed without a password by any client.
[hp_laser]
   # The comment that appears in the browse-list.
   comment = Main office printer (HP Laserjet 400)

   # The username that this share is accessed as (guest means all users).
   user = guest

   # All generated print files will first be created in the /tmp
   # directory.
   path = /tmp

   # Do not allow file creation except through print spooling.
   writeable = no

   # Set permissions accordingly -- root access to print jobs only.
   create mode = 0700

   # If this is enabled a password is not required to access the share.
   public = yes

   # This should be enabled to indicate that this is a printer share.
   printable = yes

# Here is a service providing access to the CD-ROM device.
[cdrom]
   comment = Shared CD-ROM drive on Linux
   user = guest
   path = /cdrom
   writeable = no
   read only = true
   browseable = yes
   public = yes
   guest ok = yes

Tip: Tip: Recent versions of Samba, from 2.0 onwards, provide a very slick web-based configuration utility called ``swat'', which makes the process much more user-friendly. The utility listens on TCP port 901 of your server, so to use the utility just point your favourite web browser as follows:

mydomain.name:901

(Of course, in order to use the SWAT utility you will need to have a web server running, such as Apache. See Section 7.1 for details.)

The latest Samba versions also add considerable features in comparison with versions prior to 2.0. It is worth taking the time to upgrade this package.

A client must have a TCP/IP network stack running in order to connect to shares. Further, for browsing to work, the TCP/IP protocol must be bound to NETBEUI. Under Windows 95 this can be configured from the "Network" icon from within the Control Panel.

Assuming the client has been configured properly, you should see the server shares appear in their "Network Neighborhood" (or equivalent browsing scheme if you are not using Windows 95/NT). You can then map network drives from the network neighborhood, or type in an absolute path to the share (eg. "\\mail\cdrom"). If the shared service requires a password to be entered, you will be prompted for one.

More information on Samba can be obtained from the Samba Home Page at http://samba.anu.edu.au/samba/.