Wiki Home

File Serving With Linux


Namespace: VB
[Irrelevant material has been removed.]

Session Start: Wed Oct 11 21:08:28 2000
[21:08] *** Now talking in #Linux
[21:08] *** Topic is 'File Serving With Samba'
[21:10] {Evan Delay} Jason is there anything else you want to say before starting?
[21:11] {Jason Nance} You can email me with any questions that don't get answered here.
[21:11] {Jason Nance} jbnance@tresgeek.net
[21:11] {Jason Nance} Alright.
[21:11] {Jason Nance} Tonight we are going to install and configure Samba.
[21:12] {Jason Nance} Samba is the Linux application for the "network neighborhood"
[21:12] {Jason Nance} Technically: SMB and NMB
[21:12] {Jason Nance} Samba can be as simple as a file/printer server to complicated as a WINS server or Domain controller.
[21:13] {Jason Nance} It is completely transparent to Windows machines. They think that they are connecting to an NT box.
[21:13] {Jason Nance} if you don't have a Linux box up, that's no big deal.
[21:13] {Jason Nance} Samba has an English like config, so everything is easily understood.
[21:14] {Jason Nance} There are 3 main ways to install Samba.
[21:14] {Jason Nance} If you are running Redhat linux or Mandrake, the most popular way is an RPM
[21:14] {Evan Delay} What is an RPM?
[21:14] {Jason Nance} If you are using Debian, you can use dselect and a deb package
[21:15] {Jason Nance} RPM stands for Redhat Package Manager.
[21:15] {Jason Nance} It is Red Hat's way of simplifying installs.
[21:15] {Evan Delay} Thanks.
[21:15] {Jason Nance} RPM keeps a database of what is installed so that packages can be removed cleanly.
[21:15] {Jason Nance} Any source code can be made into an RPM.
[21:16] {Jason Nance} The 3rd way to install is from the source code.
[21:16] {Jason Nance} RPM's and the source code are available on Samba's website.
[21:16] {Jason Nance} www.samba.org
[21:16] {Jason Nance} There are SEVERAL mirrors, so you shouldn't have any problem.
[21:16] {Jason Nance} The latest version is 2.0.7
[21:17] {Jason Nance} Now, Red Hat 7 users....
[21:17] {Jason Nance} The default version of samba with RH7 has SSL extenstions included.
[21:17] {Jason Nance} This means that all Samba to Samba transactions are encrypted.
[21:17] {JerryWinegarden} installation syntax for rpm: rpm -Uvh packagename where package name will be smb*
[21:17] {Jason Nance} This doens't effect the Windows side... but...
[21:18] {JerryWinegarden} Just about everything has ssl in 7.0 now!
[21:18] {Jason Nance} Right.
[21:18] {Jason Nance} but...
[21:18] {Jason Nance} if you are using something like Gnomba
[21:18] {Jason Nance} Which is the Network Neighnorhood for X Windows
[21:18] {Jason Nance} You will probably have troubles.
[21:19] {Jason Nance} So we won't talk about SSL right now.
[21:19] {Jason Nance} If you have an rpm... Just say "rpm -Uvh samba*"
[21:19] {JerryWinegarden} Yeah, because MS's stuff would handle ssl (in fact, 95 boxen won't handle encrypted passwords at all!
[21:19] {Jason Nance} The U stands for Upgrade
[21:20] {Jason Nance} If it isn't already installed, it installs new, otherwise, it upgrades (preserving config files)
[21:20] {Jason Nance} the v stands for verbose
[21:20] {Jason Nance} It tells you if soemthing goes wrong
[21:20] {Jason Nance} the h is for hash marks.
[21:20] {Jason Nance} it makes a hash mark progress bar on install
[21:20] {Jason Nance} Remember that linux commands are case sensitive!
[21:21] {Jason Nance} And that you ahve to be root to install this package.
[21:21] {Jason Nance} The reason I said "samba*" (focus on the *)
[21:21] {Jason Nance} is because there are a couple RPM's that need to be installed
[21:21] {Jason Nance} The common
[21:21] {Jason Nance} The client
[21:21] {Jason Nance} The server (if you wish)
[21:22] {Jason Nance} okay?
[21:22] {JerryWinegarden} Samba appears to have 3 packages (common, server, and client pieces): samba samba-common samba-client
[21:22] {Jason Nance} (so far)
[21:22] {Evan Delay} okay.
[21:22] {Jason Nance} Now... The source code.
[21:22] {Jason Nance} The most simple way is to just untar the code, change to that directory.. then"
[21:23] {Jason Nance} ./configure
[21:23] {Jason Nance} make
[21:23] {Jason Nance} make install
[21:23] {Jason Nance} (as root)
[21:23] {Jason Nance} If you want to see all the configure options... you type:
[21:23] {Jason Nance} ./configure --help
[21:24] {Jason Nance} You will notice that samba has support for SSL, NIS, LDAP
[21:24] {Jason Nance} PAM
[21:24] {Jason Nance} Kerebos
[21:24] {Jason Nance} This list goes on and on...
[21:24] {Jason Nance} One thing you will want to do for sure is
[21:25] {Jason Nance} ./configure --with-smbmount
[21:25] {Jason Nance} That compiles smbmount as well (the SMB mounter... hehe)
[21:25] {Jason Nance} smbmount is a frontend to the mount command
[21:26] {Jason Nance} it automatically selects the type as smbfs, and passes whatever options you want.
[21:26] {Jason Nance} Okay... Everyone got it installed now? =)
[21:26] {Jason Nance} The configuration file is very simple.
[21:26] {Jason Nance} It reads very straightforward.
[21:27] {Jason Nance} For RH 7, the config file is in /etc/samba/smb.conf
[21:27] {Jason Nance} For all others, /etc/smb.conf
[21:27] {Jason Nance} So using your favorite editor (vi, pico, emacs) open up smb.conf
[21:28] {Jason Nance} If you used the source, the file may not exist yet.
[21:28] {Jason Nance} You can find a sample in the samba-latest/examples
[21:29] {Jason Nance} RPM's automagically stick one in etc.
[21:29] {Jason Nance} The first thing we will do is configure the global options.
[21:29] {Jason Nance} The global options effect the entire client and server.
[21:30] {Jason Nance} They are in the section marked [global]
[21:31] {Jason Nance} Everything after that is considered a global option, unless a share is defined.
[21:31] {Jason Nance} Wait.. I should say UNTIL a share is defined.
[21:31] {Jason Nance} # and ; denote comments in smb.conf
[21:31] {Jason Nance} The very first thing you do is name your machine.
[21:31] {Jason Nance} If you don't name it, it uses the hostname.
[21:32] {Jason Nance} So here we go:
[21:32] {Jason Nance} netbios name = < my machine's name >
[21:32] {Jason Nance} With Samba, your machine can have serveral names (aliases)
[21:32] {JerryWinegarden} BTW, I've got an example of the default smb.conf file at: http://152.16.66.122/smb_conf.html
[21:32] {Jason Nance} nice.
[21:33] {Jason Nance} We will talk about aliases later.
[21:33] {Jason Nance} The next thing you want to define is your workgroup
[21:34] {Jason Nance} so:
[21:34] {Jason Nance} workgroup = MyWorkGroup
[21:34] {Jason Nance} This is the same as right clicking on the network neighborhood
[21:35] {Jason Nance} going to identification
[21:35] {AHilton} Which is the Win NT Server Domain, right?
[21:35] {Jason Nance} and setting the Computer name and Workgroup.
[21:35] {Jason Nance} NO.
[21:35] {Jason Nance} Workgroups and Domains are different.
[21:35] {Jason Nance} Here's some diff's:
[21:35] {Jason Nance} Workgroups cannot cross subnets.
[21:36] {Jason Nance} There are no permissions assigned with workgroups.
[21:36] {Jason Nance} You can't log into them.
[21:36] {Jason Nance} They are merely a grouping of users.
[21:36] {AHilton} So, if I have one subnet and it's domain name is HILTON what do I set the Samba workgroup to?
[21:36] {Jason Nance} Anythign you want.
[21:36] {AHilton} OK
[21:36] {Jason Nance} The workgroup is not dependent on the domain.
[21:36] {Jason Nance} But:
[21:37] {Jason Nance} Computers only show up in one workgroup.
[21:37] {Jason Nance} So...
[21:37] {JerryWinegarden} workgroups are also peer to peer - no domain head honcho involved - all created equal
[21:37] {Jason Nance} If you go to look for a computer, you will have to "Browse entire network"
[21:37] {Jason Nance} Then select a different workgroup
[21:37] {Jason Nance} So, for small networks, put everyone in the same workgroup.
[21:38] {Jason Nance} Anyone can go into any workgroup. There is no security.
[21:38] {Jason Nance} Domains have security.
[21:38] {Jason Nance} Clear so far?
[21:38] {AHilton} OK. I'm making my lone Linux machine on my home network (Domain of HILTON) a workgroup of "FREDSWORKGROUP".
[21:38] {Jason Nance} Stop me if I'm going too fast.
[21:39] {Jason Nance} =)
[21:39] {Jason Nance} Next we have the server string
[21:39] {Jason Nance} optional.
[21:39] {Jason Nance} It is the same as the computer description.
[21:40] {Jason Nance} Don't say "A pentium II 300 running RH 6.1 wiht samba 2.06a"
[21:40] {Jason Nance} If you have mean people on your network, this is a good way to get info to exploit you.
[21:41] {Jason Nance} Next we will talk about the "hosts allow" option.
[21:41] {JerryWinegarden} well, that's why you put your little world behind a firewall, to keep those mean people away from your samba!
[21:41] {Jason Nance} This is similar to /etc/hosts.allow
[21:41] {Jason Nance} Jerry, right, plus, most ISP don't route SMB traffic
[21:41] {Evan Delay} WHat is SMB?
[21:42] {Jason Nance} It stands for:
[21:42] {Jason Nance} Server Message Block
[21:42] {Jason Nance} It is the protocol of the Network Neighborhood, designed by MS.
[21:42] {Evan Delay} Cool, thanks.
[21:42] {Jason Nance} your hosts allow should always say at least
[21:42] {JerryWinegarden} Reverse engineered (black box stuff) by the samba authors!
[21:42] {Jason Nance} hosts allow = 127.
[21:43] {Jason Nance} 127. is the local loopback interface
[21:43] {Jason Nance} (your machine)
[21:43] {Jason Nance} If you want to share files, you should also say 192.168. or something like that.
[21:43] {Jason Nance} If you want to allow everyone, just comment it out.
[21:44] {Jason Nance} We will talk about print sharing later.
[21:44] {Jason Nance} (for those of you following the sample smb.conf)
[21:45] {Jason Nance} It is always a good idea to log what a daemon is doing...
[21:45] {Jason Nance} So you will want to include:
[21:45] {Jason Nance} log file = /var/log/samba/log.%m
[21:45] {Jason Nance} The %m is the netbios name of the person connecting.
[21:46] {JerryWinegarden} Note the trailing "." in the hosts allow statements - stands for 127.*.*.*
[21:46] {AHilton} Good point Jerry.
[21:46] {Jason Nance} If you want to limit the size of your log:
[21:47] {Jason Nance} max log size = 50
[21:47] {Jason Nance} that number is in kilobytes.
[21:47] {Jason Nance} Now we start to get into the actual file serving options.
[21:47] {Jason Nance} The security option.
[21:48] {Jason Nance} If you are going to use Samba as your domain controller, set this to user
[21:48] {Jason Nance} security = user
[21:48] {Jason Nance} If you have an NT domain controller, set this to server
[21:48] {Jason Nance} security = server
[21:49] {Jason Nance} That way, it will query the NT machine for username / password matches.
[21:49] {Jason Nance} The other option is 'share'
[21:50] {Jason Nance} With that option, the client authenticates itself everytime it tries to access a share.
[21:50] {Jason Nance} The username doesn't matter in this case.
[21:50] {Jason Nance} For example:
[21:50] {Jason Nance} You have a 'dev' share.
[21:51] {Jason Nance} You can assign that specific share a password.
[21:51] {Jason Nance} Then give that password to all of your programmers.
[21:51] {Jason Nance} This is kinda lame.
[21:51] {JerryWinegarden} that's what you do with simple workgroup (from WFW)type file sharing
[21:51] {Jason Nance} If you are going to use Linux, you might as well take advantage of unix file permissions.
[21:52] {JerryWinegarden} it's what most people do on a small simple Win9x LAN, peer to peer sharing folders
[21:52] {Jason Nance} Yes and no.
[21:52] {Jason Nance} It is the only way to password protect Win9x shares.
[21:52] {Jason Nance} NT can assign user names with passwords as long as you have NTFS installed.
[21:52] {JerryWinegarden} well it depends on what the users want. if they get more than a few people using the machines, they start wanting passwords so that stuff stays there!
[21:53] {Jason Nance} (err... running... whatever)
[21:53] {Jason Nance} If you have multiple people using the same machine, you need to use a domain.
[21:53] {Jason Nance} share security is kinda weird.
[21:54] {Jason Nance} You should always use either user or server security.
[21:54] {Jason Nance} If you are using user, then setup users and groups.
[21:54] {Jason Nance} They are easier to manage, and more secure.
[21:54] {Jason Nance} Plus, you will probably use them somewhere else.
[21:55] {Jason Nance} so:
[21:55] {Jason Nance} security = user
[21:55] {Jason Nance} if security = server, then you need password server = [21:56] {Jason Nance} If you want to restrict the length of usernames and passwords (end characters get discarded) use:
[21:56] {Jason Nance} password level = < # >
[21:56] {Jason Nance} username level = < # >
[21:57] {Jason Nance} Now this next part is very very important.
[21:57] {Jason Nance} This is where 90% of errors happen.
[21:57] {Jason Nance} If you can't connect to a share on the linux machine once you create it, this is probably why.
[21:57] {Jason Nance} So any questions before we go on?
[21:57] {Jason Nance} ok.
[21:58] {AHilton} waiting with anticipation... I've had this problem..... encryption?
[21:58] {Jason Nance} Right.
[21:58] {Jason Nance} Password encryption.
[21:58] {Jason Nance} Who here is running NT 4 with less than service pack 3?
[21:58] {Jason Nance} (is that even possible anymore?)
[21:58] {Evan Delay} SP5 here.
[21:59] {AHilton} Yes. It was .. upgraded to sp6 2 weeks ago.
[21:59] {Jason Nance} Good.
[21:59] {MarkusVoellmy} It is but not recommended :)
[21:59] {Jason Nance} More than SP3 is good.
[21:59] {Jason Nance} Starting with Win95 OSR2
[22:00] {Jason Nance} All passwords must be encrypted by default.
[22:00] {Jason Nance} You can disable this if you want in the registry.
[22:00] {Jason Nance} But why?
[22:01] {Jason Nance} smbpasswd is your friend.
[22:01] {AHilton} Well, .... there's 1. < g >
[22:01] {Jason Nance} first, say:
[22:01] {Jason Nance} encrypt passwords = yes
[22:01] {Jason Nance} smb passwd file = /etc/smbpasswd
[22:02] {Jason Nance} Now you MUST add users to this.
[22:02] {Jason Nance} the command to add users is:
[22:02] {Jason Nance} smbpasswd -a < username >
[22:02] {Jason Nance} (as root)
[22:02] {Jason Nance} you will then be prompted for a password.
[22:02] {Jason Nance} Plaintext passwords are bad. Just do this. =)
[22:03] {JerryWinegarden} Note: Old Win95 boxen mixed in with 98 --} you have no choice but to NOT ENCRYPT!
[22:03] {Jason Nance} Right... Pre- OSR 2
[22:03] {JerryWinegarden} On a small LAN, plain text pw's -- who cares ;-)
[22:03] {Jason Nance} You would be suprised.
[22:04] {AHilton} "do this" what?
[22:04] {Jason Nance} Do the encrypt passwords
[22:04] {Jason Nance} encrypt passwords = yes
[22:04] {Jason Nance} smb passwd file = /etc/smbpasswd
[22:04] {Jason Nance} smbpasswd -a < username >
[22:04] {Jason Nance} (as root)
[22:04] {AHilton} oh, I thought something else. hehe
[22:04] {JerryWinegarden} Tell samba to use encrypted passwords (because the NT or 98 boxen are using them)
[22:05] {AHilton} I was following along and added a user and had the 'enter password' up. thought he was going to say to put something in there. lol
[22:05] {Jason Nance} hehe
[22:05] {Jason Nance} 'zebra'
[22:06] {AHilton} LOL OK. I'm with ya now...
[22:06] {Jason Nance} Now we will fine tune the server a bit.
[22:06] {JerryWinegarden} anyone want the registry hack to disable 98 pw encryption?
[22:06] {JerryWinegarden} .inf file on the 98 CD!
[22:06] {Jason Nance} The Socket Options in the example file are good.
[22:06] {Jason Nance} hehehe.
[22:07] {Jason Nance} I won't go over them, cause they dont' make sense to mere mortals.
[22:07] {JerryWinegarden} That's why .inf files, so you don't have to look!
[22:07] {Jason Nance} Does anyone here have multiple NIC's in their machine?
[22:08] {Jason Nance} ok.
[22:08] {AHilton} Not the Linux one.
[22:08] {MarkusVoellmy} Yep
[22:08] {Jason Nance} Then I'll skip the interfaces command.
[22:08] {Jason Nance} MARKUS!
[22:08] {Jason Nance} hehe.
[22:08] {Jason Nance} Okay...
[22:08] {Jason Nance} If you have multiple NICs in this machine.
[22:08] {Jason Nance} (ie the machine is multihomed, a firewall, proxy, router, etc)
[22:09] {Jason Nance} You will want to use the interfaces option.
[22:09] {Jason Nance} interfaces = 192.168.0.1/24
[22:09] {Jason Nance} (or whatever your local network is)
[22:09] {Jason Nance} That way, SMB traffic doesn't try to go out onto the internet. (or come in from the internet)
[22:10] {Jason Nance} Which is good.
[22:10] {Jason Nance} But a good firewall ruleset will deny that anyway.
[22:10] {Jason Nance} remote announce and remote browse sync
[22:10] {Jason Nance} These two are fine tuners.
[22:10] {Jason Nance} If you have more than one subnet.
[22:10] {Jason Nance} use remote announce.
[22:11] {Jason Nance} You can announce to a single machine (WINS server)
[22:11] {Jason Nance} (or local browse master)
[22:11] {Jason Nance} or to and entire network
[22:11] {Jason Nance} (if there is no defined browse master or WINS)
[22:11] {Jason Nance} Otherwise, don't worry about them.
[22:12] {Jason Nance} The syntax is:
[22:12] {Jason Nance} remote browse sync = 192.168.1.1 192.168.2.255
[22:12] {Jason Nance} (multiple IP's or networks separated by spaces)
[22:12] {Jason Nance} and
[22:13] {Jason Nance} remote announce = 192.168.1.255 192.168.2.69
[22:13] {Jason Nance} The .255 means the entire network.
[22:13] {Jason Nance} Does everyone here understand the concept of Browse Masters?
[22:14] {AHilton} Yes.
[22:14] {Jason Nance} is that a no from some?
[22:14] {JerryWinegarden} yes
[22:14] {Jason Nance} Okay.
[22:14] {Jason Nance} yes that's a no?
[22:14] {JerryWinegarden} yes
[22:15] {JerryWinegarden} nmbd announces. I thought smb stuff was just a blast away broadcast
[22:15] {Jason Nance} Part of the SMB protocol involves master browsers (MB's) and segmented master browsers (SMB's)
[22:16] {Jason Nance} Yes, I know... SMB != SMB
[22:16] {Jason Nance} What a dumb choice of acronym.
[22:16] {Jason Nance} We won't talk about SMB's cause that involves multiple subnets and stuff...
[22:16] {Jason Nance} If you are that advanced, I would gladly discuss this with you later.
[22:17] {JerryWinegarden} k
[22:17] {Jason Nance} Basically, the master browser keeps a list of ip address and netbios names.
[22:17] {Jason Nance} If you don't define a master browser, some random machine will become one.
[22:17] {Jason Nance} Everytime a machine joins the network, there is an election.
[22:18] {Jason Nance} The machine with the highest os level (we will discuss later) wins.
[22:19] {Jason Nance} If you want samba to try and become a master browser, just say:
[22:19] {Jason Nance} local master = yes
[22:19] {JerryWinegarden} why because you are a "local master"? :-)
[22:20] {Jason Nance} If you want samba to have a better chance of becoming the local master, say:
[22:20] {Jason Nance} preferred master = yes
[22:20] {AHilton} Well, THAT and I dumped my SMB's. [22:20] {Jason Nance} If you want to talk about why this is good, we will talk later. There are security issues involved.
[22:21] {Jason Nance} If you want to guarantee that this machine is always the master browser, say:
[22:21] {Jason Nance} os level = 255
[22:21] {Jason Nance} The OS level (on windows machines) is derived from the version of Windows, and what services it is running (if it is NT)
[22:22] {Jason Nance} But, the highest OS level that NT can obtain is 64
[22:22] {Jason Nance} That too is something to discuss later.
[22:22] {Jason Nance} If you want Samba to handle domain logins for Win9x/NT clients, just say:
[22:22] {Jason Nance} domain master = yes
[22:23] {Jason Nance} domain logons = yes
[22:23] {Jason Nance} both of those together make samba your domain.
[22:24] {Jason Nance} Now, in Samba, the workgroup and domain are the same. But not on a Windows client.
[22:24] {Jason Nance} You also need to create a logon script share, we will talk about that later.
[22:24] {Jason Nance} If you already ahve a domain controller, just say:
[22:25] {Jason Nance} domain controller = [22:25] {Jason Nance} In order to run logon scripts, you need to say either:
[22:25] {Jason Nance} logon script = %m.bat (for machine based logons)
[22:25] {Jason Nance} or
[22:26] {Jason Nance} logon script = %U.bat (for user-based logons)
[22:26] {Jason Nance} notice the case.
[22:26] {Jason Nance} You can also do roaming profiles, but that's for a different nite.
[22:26] {Jason Nance} Man is this going on for a long time....
[22:27] {Jason Nance} Is everyone still alive?
[22:27] {MarkusVoellmy} Is the NETLOGON share created by samba as well?
[22:27] {AHilton} Refreshed and ready for more.
[22:27] {Jason Nance} You have to define the NetLogon share, but it knows what to do with it.
[22:27] {MarkusVoellmy} OK Thx
[22:28] {Jason Nance} Okay...
[22:28] {Jason Nance} WINS is easy.
[22:28] {Jason Nance} Either:
[22:28] {Jason Nance} wins support = yes
[22:28] {Jason Nance} or
[22:29] {Jason Nance} wins server = < server IP >
[22:29] {Jason Nance} NOT BOTH
[22:29] {Jason Nance} You can't start Samba with both enabled.
[22:30] {Jason Nance} Well... You can start samba... just not NMB (the netbios daemon)
[22:30] {AHilton} But they can both be disabled if not running WINS, right?
[22:30] {Jason Nance} Right.
[22:30] {Jason Nance} The last thing before shares is case.
[22:30] {Jason Nance} Don't preserve case.
[22:30] {Jason Nance} Linux/Unix knows what to do.
[22:31] {Jason Nance} Win9x/NT doesnt/
[22:31] {Jason Nance} If you want to store everything as lowercase. Fine.
[22:31] {Jason Nance} default case = lower
[22:31] {Jason Nance} If you specifically need this for something (like a html source share) you can define it on a per-share basis.
[22:32] {Jason Nance} Woo hoo! We made it out of the global config!
[22:32] {Jason Nance} Any questions?
[22:32] {MarkusVoellmy} What about DNS?
[22:32] {Jason Nance} What would you like to know?
[22:32] {Jason Nance} DNS is TCP/IP based.
[22:33] {Jason Nance} SMB uses WINS}
[22:33] {MarkusVoellmy} So no DNS support in Samba ?
[22:33] {Jason Nance} yes... there is DNS support...
[22:33] {Jason Nance} But...
[22:33] {Jason Nance} it is a DNS proxy
[22:34] {Jason Nance} What that means is that is attempts to resolve NetBIOS names via DNS lookup.
[22:34] {Jason Nance} On a local net, that will probably work.
[22:34] {Jason Nance} But I doubt it will get that far.
[22:35] {MarkusVoellmy} uhmm ... at least one reason I spent the money for my NT server then ;)
[22:35] {Jason Nance} Nope. BIND.
[22:35] {Jason Nance} =)
[22:35] {MarkusVoellmy} hehe
[22:35] {Jason Nance} BIND is a DNS server.
[22:35] {Jason Nance} hehe.
[22:35] {Jason Nance} The DNS options in NT are not SMB related (though they might appear)
[22:36] {Jason Nance} okay.. now we start defining shares.
[22:36] {Jason Nance} Remember before when [global] was the denotation for the global config options?
[22:36] {Jason Nance} well, anything else is a share definition
[22:36] {Jason Nance} the most common one is:
[22:37] {Jason Nance} [homes]
[22:37] {Jason Nance} [homes] is also a special case.
[22:37] {Jason Nance} it already knows to look for a user's home directory.
[22:37] {Jason Nance} you don't have to define a path.
[22:37] {Jason Nance} so lets start with soemthing that you actually have to configure.
[22:37] {Jason Nance} a public folder!
[22:38] {Jason Nance} start by saying:
[22:38] {Jason Nance} [public]
[22:38] {Jason Nance} if you want the share to have a comment:
[22:38] {Jason Nance} comment = Public Stuff
[22:38] {Jason Nance} where is the directory located on the linux box?
[22:39] {Jason Nance} path = /home/public
[22:39] {Jason Nance} remember that file permissions matter.
[22:39] {Jason Nance} so you can't say:
[22:39] {Jason Nance} path = /root
[22:39] {Jason Nance} and expect everyone to be able to write to it.
[22:39] {Jason Nance} Samba is too smart (thank God) for that.
[22:40] {JerryWinegarden} Note: the web reference for a sample smb.conf file (which we're looking at) now works
[22:40] {Jason Nance} Now, can anyone access the share?
[22:40] {Jason Nance} public = yes
[22:40] {Jason Nance} That means, can someone without a valid username/password access the share.
[22:41] {Jason Nance} Can anyone see it?
[22:41] {Jason Nance} browseable = yes
[22:41] {Jason Nance} can anyone write to it?
[22:41] {Jason Nance} writable = yes
[22:41] {Jason Nance} but wait, i didn't mean just anyone, only those in a specific group!
[22:41] {Jason Nance} write list = @staff
[22:41] {Jason Nance} the @ means group
[22:42] {JerryWinegarden} warning, dr smith, warning, warning...
[22:42] {Jason Nance} eh?
[22:42] {Jason Nance} it gets the group list from /etc/group
[22:42] {JerryWinegarden} Lost in Space, the robot senses danger approaches (public access ... is danger!)
[22:42] {Jason Nance} so you have to use filesystem users for that
[22:43] {Jason Nance} meaning, they have to exist in /etc/passwd and /etc/smbpasswd
[22:43] {JerryWinegarden} I find it easier to manage access via unix permissions at this point, personally
[22:43] {Jason Nance} if you just want specific users to have write access... then...
[22:44] {Jason Nance} write list = me you him her da
[22:44] {JerryWinegarden} add them to a group, make the directory or file owned by the group... easier managed by unix command IMHO
[22:44] {Jason Nance} I totally agree.
[22:44] {Jason Nance} But they still have to be in /etc/smbpasswd
[22:45] {MarkusVoellmy} hmm Is there a tool to synchronize this with a real PDC?
[22:45] {Jason Nance} Alright... I think that is enough for tonite. I'm sure some questions should have been spawned from that... Assuming your brains still work.
[22:45] {Evan Delay} Thanks for presenting!
[22:45] {AHilton} Yes, thanks Jason
[22:46] {AHilton} I'm going to give a whirl in a few...
[22:46] {Jason Nance} markus... jsut a sec...
[22:46] {JerryWinegarden} it can be automagically synced!
[22:47] {Evan Delay} < applause >
[22:47] {JerryWinegarden} yeah!
[22:48] {Jason Nance} I don't think so right now... Because SMB is a MS protocol, and they haven't released it.
[22:48] {Jason Nance} But I will search.
[22:48] {AHilton} testparm gives me a 'Unknown parameter encountered: "domain controller" ???
[22:48] {Jason Nance} yes
[22:48] {Jason Nance} it always will
[22:48] {Jason Nance} When you use smbmount, you will get the same thing.
[22:49] {Jason Nance} It is used to tell Windows clients what the Domain Controller is.
[22:49] {JerryWinegarden} the parameter: unix password sync = yes does it - just uncomment it from the default file!
[22:49] {Jason Nance} And maybe eventually there will be a linux login client.
[22:49] {Jason Nance} umm... no
[22:50] {Jason Nance} That sync's /etc/passwd with /etc/smbpasswd
[22:50] {Jason Nance} That doesn't establish trusts for PDC propagation.
[22:50] {JerryWinegarden} well, just recreate your smbpasswd file from passwd each time! :-)
[22:51] {Jason Nance} NT doesn't have an /etc/passwd. =)
[22:51] {Jason Nance} In large networks, there are multiple domains.
[22:51] {Jason Nance} That is what PDC password synching is for.
[22:51] {Jason Nance} Also, in case you want to have a backup DC (BDC)
[22:53] {Jason Nance} If anyone wants to talk about anything further, you can always email me or find me on here.
[22:53] {Jason Nance} jbnance@tresgeek.net
[22:53] {AHilton} So, how do we test our config out?
[22:54] {Jason Nance} /etc/rc.d/smb start
[22:54] {Jason Nance} on RH7 machines, /etc/init.d/smb start
[22:54] {AHilton} hmmm can't find smb in /etc/rc.d/
[22:55] {Evan Delay} Linux Question.
[22:55] {Jason Nance} err... on pre-rh7 that was supposed to be /etc/rc.d/init.d/smb start
[22:55] {Jason Nance} go for it.
[22:55] {AHilton} bingo.
[22:55] {MarkusVoellmy} ... and now login from a Win client ... ;)
[22:56] {AHilton} My Win2kPro can't find it in the Network Places.
[22:56] {Evan Delay} Has anyone seen good instructions for setting up Red Hat for @home cable
[22:57] {Jason Nance} Are network services running on your linux box?
[22:57] {Jason Nance} Are they in the same workgroup?
[22:58] {Jason Nance} Are they on the same subnet?
[22:58] {Jason Nance} Did you define a share?
[22:58] {Jason Nance} Are you logged in properly for that share?
[22:58] {AHilton} How do I check for network services on the linux box?
[22:58] {Jason Nance} Evan Delay: Just a sec...
[22:58] {AHilton} Share of public is defined
[22:58] {AHilton} Same subnet
[22:58] {Jason Nance} /etc/rc.d/init.d/network status
[22:59] {Jason Nance} or jsut run ifconfig as root.
[22:59] {Jason Nance} Evan Delay: metrak.com/OaH/OaH-Linux.html
[22:59] {MarkusVoellmy} Gotta go .... It's almost 5 am here ... Have a nice time together ... and Thx Jason for the presentation
[22:59] {Jason Nance} See you tomorrow Markus
[23:00] {AHilton} Nope. It's not running on my NIC. I guess I forgot to get that far with RedHat. I had it going off and on for the last year with Slackware but recently switched.
[23:00] {Jason Nance} Do you need help with that?
[23:00] {JerryWinegarden} what do you want to know about setting up for @home?
[23:01] {DenisChasse} Thanks Jason for that presentation.
[23:01] {AHilton} Nah, thanks anyway. I'll muck around with it. I found out how to get out of X though. Just Ctrl Alt Backspace. Go figure.
[23:02] {JerryWinegarden} @home setup - search the redhat-list archives: http://www.moongroup.com/redhat.phtml
[23:02] {AHilton} You've been a great help Jason. I'm sure I'll be back in the future to pick everybody's brain.
[23:02] {Jason Nance} Evan: members.hom.net/adaviel/Upgrade.html
[23:02] {Jason Nance} I'm alway around.
[23:02] {Jason Nance} Evan: It should work fine as long as you have a recent dhcp client.
[23:03] {Jason Nance} There are 2: pump and dhcp (dhcpcd is the server)
[23:03] {JerryWinegarden} dhcpd is the server. dhcpcd is a client that some use instead of pump.
[23:04] {JerryWinegarden} pump works great for me. redhat includes both now in 7.0. pump is the default. works great for me
[23:05] {Jason Nance} I'd rather use dhcpcd cause it supports better IP Chains stuff.
[23:05] {Jason Nance} But I just steal a static instead... heheh
[23:06] {JerryWinegarden} (I set up a /etc/pump.conf and increased the timeout and retries and now pump has now problems)
[23:06] {Jason Nance} pump doesn't auto reload the ruleset though.
[23:06] {JerryWinegarden} works until the men in black coats come to see you!
[23:06] {Jason Nance} my ISP is retarted.
[23:06] {Jason Nance} they ask ME for help... heheeh
[23:07] {Evan Delay} Thanks.
[23:07] {JerryWinegarden} doesn't need to - that's why ip-up.local calls the firewall script if using ppp!
[23:07] {Jason Nance} If you are using pump you aren't using ppp
[23:07] {JerryWinegarden} yeah, you prolly know their "reserved" range of numbers!!!
[23:08] {JerryWinegarden} stealing one of them always works!
[23:09] {JerryWinegarden} yes! if you have an ipchains box, and a dialup instead of dsl connection to outside, then you do ppp.
[23:09] {Evan Delay} Jason, I have to take off.
[23:09] {JerryWinegarden} heh, some people even have to do ppp (sort of with pppoe) with dsl these days!
[23:09] {Evan Delay} Thanks again for presenting at the last moment.
[23:11] {Jason Nance} Jerry: if people are combining pppd with dhcp, i'd say there is something they are missing.


Contributors: Jason Nance Evan Delay Cindy Winegarden

Category Wednesday Night Lectures
( Topic last updated: 2000.10.14 06:13:56 PM )