Archive

Posts Tagged ‘samba’

Samba

June 28, 2008 Leave a comment

Samba is an Open Source/Free Software suite that provides seamless file and print services to CiFS [1] clients.

It can completely replace whatever CiFS server, as well as authentication services. It can be member or server of so-called «NT Domains» or «Active Directories».

It features tons of optimization and customization options and tools, as well as a web interface to configure and consult documentation, named SWAT [2].

It is known as performing faster than the original Microsoft implementation.

[1] also known as SMB

[2] Samba Web Administration Tool

This article was first written in October 2003 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/81)
Categories: OSS Solutions Tags:

HOWTO share a directory with SAMBA in Ubuntu 7+ and access it from Windows

November 20, 2007 Leave a comment 
This article was first written in November 2007 for the BeezNest
technical website (http://glasnost.beeznest.org/articles/365).

The easy part is to right-click the directory in GNOME and select “Shared directory…”, enter the sudo password, then select “SMB (Windows client)”  [1] and possibly unselect the “Read only” checkbox.

This will enable the SAMBA sharing of the directory.

Now when connecting from Windows, you will be asked to enter a login and a password, but even if you use correct a login/password pair, you won’t be authorized, because you need to enable the access from the Ubuntu computer, by running smbpasswd username. Once you have done this, you can try accessing the share from Windows again. This time, you have a login and a password that will work.

[1] This makes the asumption that you have the samba server installed on your computer, otherwise you need to install it from the System > Administration > Synaptic packages manager

Categories: Tech Crunch Tags: , ,

HOWTO Activate kernel oplocks in Samba on Debian GNU/Linux (up to Sarge)

February 24, 2006 Leave a comment 
This article was first written in February 2006 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/327).

Starting from kernel 2.4, Linux has got the kernel oplocks feature. Kernel oplocks would permit Samba to share locks with the UNIX filesystem, to allow local Linux applications or applications accessing the files through NFS for example to be notified of files already opened for writing by a client using SMB.

Sadly, the Samba package in Debian GNU/Linux up to Sarge disable this feature to keep compatibility with kernels strictly inferior to 2.4.

To activate it, you then have to rebuild the package, after commenting the lines disabling this feature in the file debian/config.cache of the package sources. Those following lines are the ones to comment:

samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=${samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no}
samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=${samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=no}
samba_cv_HAVE_KERNEL_SHARE_MODES=${samba_cv_HAVE_KERNEL_SHARE_MODES=no}

Commenting the next lines would probably allow you to enable even more features.

Categories: Tech Crunch Tags: , ,

Pourquoi mettre un veto sur les fichiers *.eml dans Samba?

October 12, 2005 Leave a comment 
This article was first written in October 2005 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/294).

Tout simplement parce que cela fait partie des types de fichiers que le virus NIMDA (et bon nombre des ses dérivés et/ou successeurs) utilise pour se propager. En effet, quand un utilisateur de Windows double-clique sur un fichier dont l’extension est .eml, cela ouvre directement Outlook (Express) et exécute éventuellement du code (malicieux) qui y serait contenu.

Il est donc intelligent, pour se prémunir à la fois efficacement (en terme de réussite et de performances) d’empêcher à Samba de sauver ou lire ce genre de fichiers.

Ça peut toutefois se désactiver très simplement.

Categories: Tech Crunch Tags: ,

HOWTO Use Samba as PDC using LDAP on Debian

October 15, 2004 Leave a comment 
This article was first written in October 2004 for the BeezNest technical
website (http://glasnost.beeznest.org/articles/180).

Starting from Debian Sarge, the Samba version which ship with Debian is 3.0.x. This is the first real version to support well being a PDC while using LDAP as backend.

Here is how to use Samba as PDC with LDAP backend for authentication on Debian.

Install the following packages, which are all part of Samba

  • samba: The server itself
  • samba-doc: The documentation (very complete)
  • smbclient: FTP-like client for SMB/CiFS
  • swat: Samba Web Administration Tool (web interface to configure Samba and access the full documentation through a browser, if installed)

Aside, we will install LDAP

  • slapd: the server itself

Some companies provide useful tools to help in the setting up of a Samba server with LDAP as PDC:

  • smbldap-tools: IDEALX tools for Samba use to ease installation and migration when using together with LDAP

Configure the Name Service Switch to use LDAP

Install package libnss-ldap and configure it according to the LDAP configuration [1].

Edit /etc/nsswitch.conf by adding a mention ldap to the end of the three following lines: passwd:, group:, shadow: and a mention wins to the end of the line hosts:.

Configure PAM to also use LDAP

Install package libpam-ldap and configure it according to the LDAP configuration.

Edit /etc/pam.d/common-account and add the following line before the existing second line:

account  sufficient     pam_ldap.so
account required        pam_unix.so

Edit /etc/pam.d/common-auth and add the following line before the existing second line:

auth    sufficient      pam_ldap.so
auth    required        pam_unix.so nullok_secure

Edit /etc/pam.d/common-password and add the following line before the existing second line:

password   sufficient pam_ldap.so
password   required   pam_unix.so nullok obscure min=4 max=8 md5

Set the LDAP password in Samba

Samba stores its passwords in /var/lib/samba/secrets.tdb, and also stores there the LDAP admin password to use to connect to OpenLDAP. To set/change the password:

smbpasswd -w MySecretPassword

where MySecretPassword is LDAP’s admin password.

WARNING: with that configuration, it asks twice to type password to authenticate anyone! TODO

Add the Samba schema to OpenLDAP’s list of schemas

An example that you can copy “as is” (well, you just need to unzip it first) is available in /usr/share/doc/samba-doc/examples/LDAP/samba.schema.gz in /etc/ldap/schemas and edit /etc/ldap/slapd.conf to use it.

Configure /etc/ldap/ldap.conf and /etc/ldap/slapd.conf.

Tools to manage it afterwards

LDAP Account Manager (LAM) (web-based frontend to Samba accounts for machines, users and groups in LDAP) or phpLDAPadmin (which is not specific for managing Samba, but can also manage addressbooks, UNIX authentication, …).

Create your machines in the Domain

To be continued…

[1] it will configure /etc/libnss-ldap.conf

Categories: OSS Solutions, Tech Crunch Tags: , , ,

Cross-platform file and print server running GNU/Linux

October 25, 2003 Leave a comment

GNU/Linux is particularly adapted as file server for Microsoft Windows, MacOS (any version) and UNIX workstations. It is adapted to serving printers to them as well and, as every UNIX, is well-suited as application server (mail, web, DHCP, …).

Users and groups are stored on the server for centralized and common access from all the client types.

For the management of all that, we use Webmin, a web interface that allows a lot of things, even remote and shared management between several administrators.

To achieve this, some well-known free softwares are used: Samba, Netatalk, FTP (File Transfer Protocol), CUPS, NFS (or yet other means, Linux is able to use many).

Samba is a free CiFS (also known as SMB, a file and print server and client for UNIX) implementation, known as performing faster than the original Microsoft implementation. It can integrate into an existing Windows-based network, or completely replace it for every service the Windows version can provide. By integration, I mean be client or server or both at the same time.

Netatalk is a free Appletalk implementation for UNIX. It allows Mac users to access the files created by the users of the other systems.

A FTP server is sometimes the best way to transfer files betweens computers, for example from the outside of the local network. It must be secured, however, to only allow access to people who need it.

CUPS is a free implementation of the widely supported (Microsoft, HP, …) IPP (Internet Printing Protocol) which removes most of the burden associated to networked printers. It allows, with various interfaces (web, GTK+, …), to install and configure all kinds of printers. It also allows printers autodiscovery on your network.

To manage users and groups accross the network, various solutions exist, depending on the existing infrastructure. If you do not already run an NT Domain (or Active Directory) or do not want to use it, we use NIS or LDAP to store, retrieve and manage users, passwords and groups. Otherwise, Samba is also able to integrate your GNU/Linux to the existing Domain or replace it completely.

This article was first written in October 2003 for
the BeezNest technical website (http://glasnost.beeznest.org/articles/74)
Categories: OSS Solutions Tags: , , , , ,
Follow

Get every new post delivered to your Inbox.

Join 34 other followers

%d bloggers like this: