File/Print - Samba Installation and Initial Configuration

Samba Installation and Initial Configuration

We will install from source and get Samba up and running with one user and one share. We will not delve deep into the security, so as always, be careful, check the documentation, and do this in a lab first.

We are assuming that Webmin is installed and running.

First, download the latest version of Samba. OK. Let's play electric guitar and boogie:

[root@ares /root]# cd /usr/local/src
[root@ares src]# ls
samba-latest.tar.gz
[root@ares src]# tar -xzf *.gz
[root@ares src]# ls
samba-2.2.1a  samba-latest.tar.gz
[root@ares src]# cd sam*
[root@ares samba-2.2.1a]#
[root@ares samba-2.2.1a]# cd source
[root@ares source]#
[root@ares source]# ./configure
creating cache ./config.cache
checking for gcc... gcc
checking whether the C compiler (gcc -O  ) works... yes
checking whether the C compiler (gcc -O  ) is a
.
.
.
configure OK
updating cache ./config.cache
creating ./config.status
creating include/stamp-h
creating Makefile
creating include/config.h
[root@ares source]#
[root@ares source]# make
Using FLAGS =  -O  -Iinclude -I./i...
.
.
.
[root@ares source]# make install
Using FLAGS =  -O  -Iinclude -I....
.
.
.
/usr/local/samba/swat/using_samba/gifs/txtpreva.gif
======================================================================
The SWAT files have been installed. Remember to read the swat/README
for information on enabling and using SWAT
======================================================================

We need to make sure that the service starts up, and create a startup script for webmin to use:

[root@ares swat]# vi /sbin/startsmb
[root@ares swat]# cat /sbin/startsmb
#!/bin/sh 
/usr/local/samba/bin/smbd -D
/usr/local/samba/bin/nmbd -D
[root@ares swat]#
[root@ares swat]# chmod +x /sbin/startsmb
[root@ares swat]# startsmb

We can just add /sbin/startsmb to the bottom of /etc/rc.local to start up the Samba server. We need to create a blank smb.conf file so webmin doesn't freak:

[root@ares lib]# cat /dev/null > /usr/local/samba/lib/smb.conf

Here is how we configured the Samba module in webmin.

Here is how we configured the networking options.

We can automatically create Samba accounts when we create a user account.

Now, let's make a user administrator with webmin (do this from the system/users and groups menu in webmin) and edit the user administrator. For a little test, let's create a file share and give administrator ownership:

[root@ares lib]# mkdir -p /windowsshares/accounting
[root@ares /windowsshares]# chown administrator accounting

Here is how we configured the file share. All of those GUI shenanigans created this /usr/local/samba/lib/smb.conf file:

[global]
path = /windowsshares/accounting
remote announce = 10.50.100.66/remote1
debug level = 2
security = user
encrypt passwords = yes
protocol = NT1
workgroup = remote1
comment = Accounting share
netbios name = ares
wins support = true
default = global
[accounting]
writable = yes
valid users = administrator
write list = administrator

Let's log on to an NT 4.0/SP6 box as administrator and create a text file in our new accounting share. Also notice how our Samba box looks in server manager.

Here is how this looks in the logs (/usr/local/samba/var/log.smbd):

[2001/07/16 16:52:42, 2] smbd/reply.c:reply_special(92)
netbios connect: name1=ARES             name2=CAESAR
[2001/07/16 16:52:42, 2] smbd/reply.c:reply_special(111)
netbios connect: local=ares remote=srv-49
[2001/07/16 16:52:44, 1] smbd/service.c:make_connection(606)
srv-49 (10.50.100.66) connect to service accounting as user administrator (uid=501, gid=501) (pid 2613)

OK. Now, we are going to log on to an NT 4.0/SP6 box as jsmith and try to access the share.

Doh! Here is what showed up in the logs:

[2001/07/16 16:50:45, 2] smbd/reply.c:reply_special(92)
netbios connect: name1=ARES             name2=CAESAR
[2001/07/16 16:50:45, 2] smbd/reply.c:reply_special(111)
netbios connect: local=ares remote=srv-49
[2001/07/16 16:50:45, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'jsmith' in UNIX password database.
[2001/07/16 16:50:45, 2] smbd/reply.c:reply_sesssetup_and_X(980)
NT Password did not match for user 'jsmith'!
[2001/07/16 16:50:45, 2] smbd/reply.c:reply_sesssetup_and_X(990)
Defaulting to Lanman password for jsmith
[2001/07/16 16:50:45, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'jsmith' in UNIX password database.
[2001/07/16 16:50:45, 1] smbd/reply.c:reply_sesssetup_and_X(1005)
Rejecting user 'jsmith': authentication failed
[2001/07/16 16:50:45, 2] smbd/server.c:exit_server(448)
Closing connections
[2001/07/16 16:50:45, 2] smbd/reply.c:reply_special(92)
netbios connect: name1=ARES             name2=CAESAR
[2001/07/16 16:50:45, 2] smbd/reply.c:reply_special(111)
netbios connect: local=ares remote=srv-49
[2001/07/16 16:50:45, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'jsmith' in UNIX password database.
[2001/07/16 16:50:45, 2] smbd/reply.c:reply_sesssetup_and_X(980)
NT Password did not match for user 'jsmith'!
[2001/07/16 16:50:45, 2] smbd/reply.c:reply_sesssetup_and_X(990)
Defaulting to Lanman password for jsmith
[2001/07/16 16:50:45, 1] smbd/password.c:pass_check_smb(546)
Couldn't find user 'jsmith' in UNIX password database.
[2001/07/16 16:50:45, 1] smbd/reply.c:reply_sesssetup_and_X(1005)
Rejecting user 'jsmith': authentication failed
[2001/07/16 16:50:45, 2] smbd/server.c:exit_server(448)

We have a file share that is running on GNU/Linux, but works with NT 4/SP6 with no changes!!! We have tested the file share for protection from an invalid user (jsmith). Keep an eye on the other sections for articles on automating migrations from NT 4, as well as integration with the other members of our Open IT section.

This article comes from NetAdminTools:
http://www.netadmintools.com/

The URL for this story is:
http://www.netadmintools.com/art29.html

Copyright 1997-2008 NetAdminTools.com. Read our Terms of Use.