Samba-the First Step
Yiorgos Adamopoulos
Communications and resource sharing are traditional and well-known strengths of UNIX. The methods for sharing resources in UNIX networks (even when employing different architectures), and the underlying communications processes, are documented and understood by UNIX administrators. Although Windows NT has numerous facilities for sharing resources with systems running other Microsoft operating systems, traditional UNIX-based protocols are not included. Windows NT and other Microsoft operating systems use the Server Message Block (SMB) protocol as the basis for file sharing. Thus, additional software is required when an NT machine is added to a UNIX network. Both commercial and non-commercial solutions for this problem exist. This article deals with two non-commercial solutions: Samba, written by Andrew Tridgell, and the SOSSNT NFS server, developed by Seemung Tan, Richard Braun and Tim Thompson.
What is Samba?
Samba is a free SMB implementation that runs on most (if not all) UNIX systems. By using Samba on a UNIX machine and SMB over IP on an NT machine, it is possible to share resources (in particular files and printers) between these machines. Samba is available at: ftp://samba.anu.edu.au/pub/samba/samba-latest.tar.gz and also through a big list of mirror servers. This document was written using samba-1.9.16p9.
Installing Samba
After extracting the archive, resist the temptation to simply type make at your keyboard. First, read the documentation that comes with the Samba distribution. A thorough understanding of Samba will make configuring the software much easier. You may also want to monitor the comp.protocols.smb newsgroup for information about the SMB protocol.
After reading the documentation, edit the Makefile and decide which C compiler you want to use (I used gcc-2.7.2). Then, uncomment the flags that correspond to your operating system. Samba executables should build without any problem. The decisions I made were:
BASEDIR = /usr/local/samba
BINDIR = /usr/local/bin
SBINDIR = /usr/local/bin
LIBDIR = $(BASEDIR)/lib
VARDIR = $(BASEDIR)/var
You might want to use LanManager encryption to avoid having plaintext passwords travel across the network. If you don't want to use LanManager encryption, then you have to use the libdes library. libdes is available at: ftp://samba.anu.edu.au/pub/libdes/. Read docs/ENCRYPTION.txt that comes with the Samba distribution for detailed information on how to use it.
Configuring and Running smbd and nmbd
The Samba server daemons (smbd and nmbd) are configured by the file smb.conf. Assuming you use the directory hierarchy shown above, this file should be located at /usr/local/samba/lib/smb.conf.
smb.conf primarily consists of three sections (services). Any other share that you want to add to your smb services should have its own section in this file. The main three sections are named global, homes, and printers. The global section defines the defaults you specify (although Samba comes with reasonable ones). The homes section is used to define the permissions you wish to set for the users' home directories when mounted from the NT machine, and the printers section is used to define the permissions for the printers shared by the UNIX workstation. A sample smb.conf is shown in Listing 1.
Through the global section of the configuration file, I set the workgroup to which the servers will belong and set the range of IPs that will be accepted for service. Normally, Samba servers broadcast only to the local network, so if there is need to make them browseable to other LANs inside the campus, they must be instructed to do so via the remote announce directive. It is usually a good idea to keep different logs for different machines trying to access the services, hence the %m cookie in the log file directive. Samba supports plenty of other cookies as well. Note that even if your machine does not have a printer attached, the printers section is still needed, and in such a case the above settings are reasonable. If you do not have an entry for the IPC$ service, you will notice that the log files will contain lines complaining that it is missing. IPC$ is not browseable though, like any service that ends in a dollar ($) sign.
In our lab, users wanted to have a common workspace where they could "drag'n'drop" files. This lead to the creation of a common account. Instead of making the password publically known, via Samba a user can authenticate as himself. When using this service ([common] section in the example smb.conf), files are created as user "common."
To have smbd and nmbd start automatically upon reboot, add these lines to your equivalent rc script (I have created a separate one named /etc/samba.rc):
#!/bin/sh
# start Samba servers, adamo
# start nmbd
if [ -f /usr/local/bin/nmbd ]
then
/usr/local/bin/nmbd -D
fi
# start smbd
if [ -f /usr/local/bin/smbd ]
then
/usr/local/bin/smbd -D
fi
Viewing UNIX Filesystems from an NT Machine
If the Samba servers are running, you should now be able to see your UNIX machine at the browse list in Network Neighborhood of your NT machine. Double-clicking on the UNIX machine's icon should pop up a window requesting a user name and a password. The next thing you should see is a window listing three folders: one named after your UNIX login account (which is your home directory), one named common (anything you do there is done as user common), and one named printers. Do the mappings you wish and continue with your job.
Viewing NT Filesystems Using smbclient
Assume you are working on the UNIX workstation and you want to get a file from the NT machine. Samba provides (among others) a tool named smbclient. Issue a command like:
$ smbclient "\\hawk\c" -U george
Added interface ip=10.0.12.10 bcast=10.0.12.255 nmask=255.255.255.0
Server time is Sun Feb 2 20:15:07 1997
Timezone is UTC+2.0
Password:
Domain=[DBNET] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0]
smb:>
You are now in a command line ftp-like utility, and you can retrieve any file you are allowed to read from share \\hawk\c. To get a complete list of shares at this machine, use the command:
$ smbclient -L hawk -I 10.0.12.1
Using SOSSNT to NFS Mount NT Filesystems
SOSS (Son of Stan's Own Server) is a public NFS server for PCs. SOSSNT is a port of SOSS to the NT environment. SOSSNT can be found at any Simtelnet mirror site. Unfortunately, it cannot be run as a service and you (the administrator) must manually invoke it after a reboot. The whole configuration of SOSSNT is managed by the file EXPORT.US, which has the same format as an /etc/exports file. Once you run SOSSNT, you are ready to mount not only local file systems and shares of the NT machine, but also any other file system that the NT machine has mounted.
SOSSNT is available from many archives, for example the Winsite collection at:
ftp://ftp.ntua.gr/pub/pc/winsite \
/winnt/netutil/sossntr4.zip
Security Considerations
Security is always a matter for concern when dealing with flexibility in use. The file docs/ENCRYPTION.txt, which comes with the Samba distribution explains most of the quirks. I chose not to use the libdes library, because we have a controlled physical access LAN and sniffing the Ethernet is highly unlikely - I take my risks. Using libdes would require one more password file on the UNIX machine.
Most (if not all) users use the same password for both the NT and the UNIX sign-ons. Using this and the local password caching feature could lead to interesting results when profiles are misconfigured (I had users that mounted other user's directories and such). You might consider disabling local password caching.
Conclusion
Using Samba has greatly helped make the lives of our non-technical staff easier. Because we do all our work on UNIX machines (except documentation, which is done on PCs), users who mainly do word processing and not development do not have to go through an ftp-like procedure. Instead, they can use a familiar drag 'n' drop interface.
About the Author
Yiorgos Adamopoulos is an Electrical and Computer Engineer. He is currently a network manager at both the NTUA Network Operations Center and the NTUA Knowledge and Data Base Systems Laboratory. He can be reached at: adamo@cs.ntua.gr.
|