Configuring a Samba Server

If you deploy a Linux-based machine to serve up files in a Windows network, you’re not going to get very far without the help of Samba. Samba is an Open source software suite that offers seamless file and print services to SMB/CIFS clients.

Basically, Samba can fool a Windows machine into thinking a Linux machine is a Windows machine. A bit of trickery yes, but it gets the job done.

Before YaST, the real trick was getting Samba to actually work. Configuring Samba required hand-editing the smb.conf file; this could be a nightmare. Now you can point-andclick your way to getting Samba running, because the good people at Novell and SuSE have worked hard to bring the Linux administrator the YaST (Yet another Setup Tool) to help. This tool makes setting up a plethora of system settings as simple as it gets. Here’s how it works.

What does Samba do?
Before we move on, let’s make sure we all know what Samba does. Samba’s magic happens thanks to a protocol suite known as the Common Internet File Sharing (or CIFS) at port 3020. At the heart of this protocol suite is the Server Message Block (SMB) protocol.

Samba is simply the open source implementation of the CIFS protocol suite. Samba allows Linux servers and workstations to talk to any Windows workstation, all the way
back to Windows 95.

Configuring Samba
To configure a Samba Server in SuSe Linux, you’ll use the YaST tool. To do so, go to the Control Center. Select Administrator Settings from the Common Tasks section to open the YaST Admin Tool. Next, select Network Services to reveal a listing of the various Network Services that can be configured from within YaST. Press the Samba Server button and you’ll see YaST’s Samba GUI.

The first thing you have to do is enter the domain to be configured. The drop-down is a bit misleading. The default, TUX-NET, is the only option available. Simply erase that option and enter your domain. Once you have applied this, press Next to take care of the final phase of initial setup.

If your server is to house all of the Samba log-in information, set it as the PDC.

This final phase requires you to decide if your Samba server will act as a Primary Domain Controller. Make your selection and press Next.

Once you press Next, you can’t come back to this portion of the setup without aborting the installation altogether. So make your choices wisely.

After you press Next, you are in the primary Samba configuration.

If you click Abort, the Samba GUI will go away.

The first configuration is the Samba startup status. You can either configure Samba to start at boot or to be manually started. I highly recommend you have Samba start at boot. It will slow your boot time down a fraction of a second, but it will lessen the tasks you must handle once the server is up and running.

Once you have Samba’s boot configuration taken care of, open up the firewall for Samba. Select the Open Port In Firewall check box. If your machine has more than one network interface, press the Firewall details button to apply the firewall changes to the correct interface.

The next step is to configure the proper Samba shares. Press the Shares tab, to reveal this configuration.

You can enable or disable a feature simply by clicking the Toggle Status button.

The Shares tab allows you to configure every aspect of the Samba shares. You can go beyond just enabling or disabling each share, of course. By highlighting a share and pressing the Edit button, you can further customize each share configuration.

Let’s take a look at configuring the users share. Highlight that share and press Edit. A new window reveals five pre-configured options.

Obviously, the default settings will not work for most, and there are a lot of possible options to add. Let’s take a look at the default options and what they are:

• Read Only: Tells Samba if the configured shares are read only. The default is set to No. If users need only to be able to read data from the shares, highlight the option,press Edit, select the read only check box, and press OK. The share is now set to read only.
• Comment: What users see after logging in. This could be a description of the server serving the shares.
• Path: The directory that Samba will share out to the users.
• Inherit ACLS: Means that all files within a parent folder will inherit the ACL(Access Control List) of the parent folder. That’s it for the default users options.

Obviously, there are quite a few more options to be added.

If you press the Add button, a small window will appear with a drop-down list. That drop down list contains 124 other options to add and configure. Once you find the option you want to add, select it and press OK. Some of the new options will have another configuration window to edit before the option is added. Say, for instance, you want to add admin users. Click the drop-down and highlight admin users.

124 options to choose from.

Press OK and the second window will open to enter the admin username.

When you press OK, you’ll be taken back to the initial shares screen, but the admin user will be listed among the options. After you have completed the configuration of this section, press OK to move on.

Another option in the Shares tab is to enable to users to share their home directory. This is important: If you enable this feature, every user’s home directory will be made available. If this server is used frequently by users, then privacy can become an issue. If you decide to use this feature, make sure your users are made aware of it.

Finally, the Identity tab, shown in Figure E on page 14, allows you to further specify the identity and role of the Samba server.

Your Workgroup or Domain name should already be correct from the initial configuration.

Two of the three configuration options should be familiar from earlier configurations. The final of the three, NetBIOS name is just the name the machine will be seen as on the shared network. If you want the server to be seen as “Department X” then enter Department X in this option.
You may also undertake some advanced settings from this tab. From the Advanced Settings drop-down, you can select either Expert Global Settings or User Authentication Settings. The Expert Global Settings, allow you to fine-tune settings for printing, security, and log-in.

When you press the Edit button, the majority of the options in the Global Settings configurations are text-field entries.

If you’re familiar with hand-editing smb.conf files, you’ll recognize a number of the configurations. One of the most important configurations you’ll make here is the security option. This is how your users will authenticate to your Samba server. There are five possible settings:

• ADS: Where Samba acts as a Domain member of an Active Directory.
• Domain: Where Samba relies on a Windows NT Primary (or Backup) Domain Controller to authenticate users.
• Server: Where the Samba server passes the buck of authentication to another
• Samba server.
• Share: Where users only have to enter password if they try to enter a specific shared directory.
• User: Where users are required to enter their username/password on a per Samba server basis.

The other Advanced Settings tab, User Authentication Sources, is simply a way for you to define where Samba finds the resource file to authenticate users. There are four different types:

• smbpasswd File
• LDAP
• TDB Database
• MySQL Database

Obviously, this configuration will depend completely on your network setup. The default option is smbpasswd File. If you press the Edit button (with that option highlighted), you can then enter the location of the password file used.

Make the connection
With all of these options complete, you are ready to complete the configuration by pressing the Finish button. This will save all of your configurations and start the Samba services. If your configuration is successful, you can now log into your Samba server from your Windows machines. Just connect to the Linux server from the Windows workstation in Explorer using the standard \\servername syntax.