Thursday, February 4, 2010

Samba Tutorial


If you use Samba you certainly want to create shares which provide
users with private shares. This tutorial will show you how to create
a share that is accessible to one user to store their information.

Security Mode
The typical security mode that you will use for a simple user share is
security = user.

Choosing a Database Type for Passwords
smbpasswd–A text-mode flat database. You can use this on a stand-
alone Samba server, but you don’t want to use it in a domain.
tdbsam–This is a regular database file, which can store a richer set
of attributes than what the smbpasswd file can. You can use it for
either stand-alone Samba servers, or in a domain that’s running a
single domain controller.
ldapsam–This type of database is set up with an ldap directory for its
backend. You can use this in a domain with multiple domain
controllers. You don’t want to use it for either stand-alone Samba
servers, or for domains with single domain controllers.

Home Directories
This will create home directories on your Samba server that users can
access from their Windows clients. That way, everyone can have one
central directory that they can access regardless of which client
station they use to log on. As a security precaution for the Linux
server, users when created will not have access to login to the Linux
server and get a shell, they will only be able to access their shares,
typically from Windows.

Edit the /etc/smb.conf file.

[global]
netbios name = linuxserver
workgroup = WORKGROUP
server string = Public File Server
security = user
map to guest = bad user
guest account = smbguest
encrypt passwords = yes
passdb backend = tdbsam

[tom]
comment = Home Directory
path = /home/tom
valid users = tom
browsable = no
guest ok = no
read only = no

[public]
path = /share/public
guest ok = yes
read only = no

In the [global] section, encrypted passwords are used and stored in
a “tdbsam”-type file. You could get by with using an “smbpasswd”-type
file for this example.

The [tom] share is a simple share for a user on the samba server. In
the [tom] section, a comment line was added , which specifies what
shows up in the comment column of a Windows Explorer detail display.
The “valid users = tom” line is what keeps people out of other
people’s home directories. And, you don’t want users’ home
directories to show up in a Network Neighborhood display, so the
“browsable = no” line is added.

Next, create a Linux-type user account for tom.

# useradd -c “tom” -m -s /bin/false tom

The “-s” option switch, followed by the “/bin/false”, is what prevents
tom from logging on to the Linux system. The “-m” switch is what
creates tom’s home directory. There’s no need to give tom a password
for this account as the password that is used will be with smnpasswd.

Next, create tom’s Samba account and give it a password.

smbpasswd -a tom
New SMB password:
Retype new SMB password:
Added user tom.

This command will add tom’s account information to the “passdb.tdb”
file that’s found in the /var/lib/samba directory.

Restart Samba to reload the new configuration.

# service samba restart
* Stopping Samba
daemons…
[ OK ]
* Starting Samba
daemons…
[ OK ]

That should do it, tom now should be able to login to a user share
just set up for him.

Login From Windows
Right click your My Computer and select “Map Network Drive”. Select a
drive letter, like “L” and then enter your Samba server IP and the
share name.

\\192.168.5.89\tom

Connect and it should ask for user and password.

No comments: