Creating a home network using Samba for devices running Windows, Linux, Android OS. Samba - first steps Installing the Samba server part

Sometimes you need to very quickly set up a file share on the server and open access to it. In this case, there is no need to fence any complex configurations, access rights or something else. You just need quick access to information without unnecessary questions.

For example, I recently needed something like this to open access to backup copies that were stored on the server. I didn’t want to figure it out and look for information myself; I needed to quickly give the person reading access so that he could find everything he needed.

I will not specifically deal with operating system versions. Samba's configs are the same almost everywhere I've worked with them, especially in the simplest configurations.

So, install samba with any in a suitable way for your operating system. The configurations are valid for version 3 of samba. Next we decide what we need:

• access by user and password,
• access by IP address,
• access to everyone without restrictions.

Depending on this, the settings will be slightly different.

For password access draw the following config:

Security = user passdb backend = tdbsam workgroup = MYGROUP server string = Samba path = /mnt/shara valid users = @users force group = users create mask = 0660 directory mask = 0771 writable = yes browseable = yes

# useradd share-user -M -G users -s /sbin/nologin

We import this user into Samba and set the password:

# smbpasswd -a share-user

And we try to go to the ball at the address:

\\server ip\share

To organize access depending on IP address, make the following settings in smb.conf:

Security = share workgroup = MYGROUP server string = Samba map to guest = bad user path = /mnt/files browsable = yes writable = yes guest ok = yes read only = no hosts allow = 192.168.0.171

In this case full access will be at the address 192.168.0.171. To add the entire subnet, you need to specify the following:

Hosts allow = 192.168.0.

You can combine different subnets and addresses, separating them with spaces. In order to disable access to some individual addresses from an allowed subnet, you can do this:

Hosts allow = 192.168.0. except 192.168.0.15

Access will be allowed to the entire subnet 192.168.0.0/24, except for the address 192.168.0.15.

We restart samba and check.

If you have samba 4 installed, then this configuration will not work and you will receive an error:

WARNING: Ignoring invalid value "share" for parameter "security" !}

For IP access to work properly, you need to make the following changes to the above config:

Security = user map to guest = Bad Password

Leave the rest of the parameters the same. After this, access via IP will work on version 4 of Samba.

If access will be provided to everyone without restrictions, then the simplest samba configuration will be like this:

Security = user workgroup = MYGROUP server string = Samba guest account = nobody map to guest = Bad User path = /mnt/files browseable = Yes guest ok = Yes writeable = Yes public = yes

Don't forget to give everyone rights to the folder:

# chmod 0777 /mnt/files

We restart Samba and try to log in. They should let you in without any questions asked.

This is how you can organize a simple file server using samba in just 5 minutes. And often it’s more difficult and it’s not necessary. For some kind of file dump, the latest option is suitable.

For more complex configurations I have separate articles:

Online course on Linux

If you have a desire to learn how to build and maintain highly available and reliable systems, I recommend that you get acquainted with online course “Linux Administrator” in OTUS. The course is not for beginners; to enroll you need basic knowledge of networks and installing Linux on a virtual machine. The training lasts 5 months, after which successful course graduates will be able to undergo interviews with partners. What this course will give you:

• Knowledge of Linux architecture.
• Development modern methods and data analysis and processing tools.
• Ability to select a configuration for the required tasks, manage processes and ensure system security.
• Proficient in the basic working tools of a system administrator.
• Understanding of the specifics of deploying, configuring and maintaining networks built on Linux.
• The ability to quickly solve emerging problems and ensure stable and uninterrupted operation of the system.

Test yourself on the entrance test and see the program for more details.

Nowadays, it is quite common to find computers running Linux and Windows on the same local network. The reasons for this symbiosis can be different: for example, the owners of an Internet cafe did not have enough funds to purchase a licensed OS for all computers, or the system administrator was simply attracted by the positive aspects of Linux. The popularity of Microsoft operating systems is largely determined by client software for Windows. It's no secret that this software sector is very developed. Many companies have made serious efforts to this and have created really good, and most importantly, easy-to-use programs that even an ordinary user can easily master. But as a server, Windows' position is no longer so clear. A server running Unix is ​​traditionally characterized by reliability, stable operation, security and often lower requirements for system resources. But in any case, simply connecting computers with different software platforms to the network will not get the expected result. The problem is that these two systems use different principles for organizing network resources that are incompatible with each other.
Since there is no need to wait for Microsoft's mercy, and Windows is unlikely to learn to work with the Unix network file system (NFS) using standard means, and, to be honest, I don't know third-party programs, the most popular way is to try to teach Unix to “pretend” that if it were Windows NT.

Interaction in a network of computers running Windows is based on the use of the protocol SMB (Server Message Block)- blocks of server messages. It ensures that all the tasks necessary in these cases are performed: opening and closing, reading and writing, searching for files, creating and deleting directories, setting a print job and deleting it from there. All actions necessary for this are implemented in Unix-like operating systems using the package SAMBA. Its capabilities can be divided into two categories: provision of resources (by which we mean access to the printer system and files) for Windows clients and access to client resources. That is, a computer running Linux can act as both a server and a client. First, let's consider the SAMBA server option.

What should SAMBA provide for normal operation of Windows machines on a network? First, access control, which can be implemented either at the resource level (share level), when a password and corresponding usage rules are assigned to any resource on the network (for example, “read only”), while the user name has absolutely no no meaning; or a more advanced and flexible organization at the user level, when an account is created for each user, which, in addition to the name and password, contains all the necessary information about access rights to the resource. Before gaining access to the required resource, each user is authenticated, after which he is granted rights according to his accounts. Secondly, emulation of access rights determined by the file system is necessary. The thing is that the systems in question have access rights to files and directories on the disk differently. Unix traditionally has three categories of file users: owner, group And the rest (other). Each of these entities may be provided read permissions, write And execution. In Windows NT, the access system is somewhat more flexible; access is granted to several groups or users, and the corresponding access rights are determined separately for each subject. Therefore, it is impossible to fully emulate the access rights inherent in NTFS using SAMBA.

With clients running Windows 9x, the situation is different. Since the time of the grandfather of DOS, due to the fact that the system is single-user and there could be no talk of any users, much less groups, only four attributes have been defined for the FAT file system - read only, system, archive and hidden. Plus, in Windows, unlike Unix, the file extension has a special meaning - those that are intended to be executed have the extensions .exe, .com or .bat. When copying files from Unix machines to computers running Windows control attributes are set like this:

read-only- reading, writing for the owner;

archival- execution for the owner;

systemic- execution for the group;

hidden - execution for the group.

A network of Windows machines can be organized as a workgroup, when the computers are independent of each other and each has its own database of passwords and logins with its own security policy, and also as an NT domain. The entire basis for user and computer authentication is managed primary domain controller (PDC, Primary Domain Controller), i.e. centralized. Samba allows you to restrict access at all of these levels and acts as a "master browser" in the context of a workgroup or domain controller.

We have sorted out the general organizational issues. Let's now look specifically at the implementation and configuration of a SAMBA server in Linux. For the Samba server to work, two daemons must be running: smbd, which provides a print and file sharing service for Samba clients (such as Windows of all stripes), and nmbd, which powers the NetBIOS name service (it can also be used to query other name service daemons). The protocol is used to access clients TCP/IP. Typically, Samba is installed with a Linux distribution. How to check? Just give the command:

and you should get something like this:

Samba: /usr/sbin/samba /etc/samba /usr/share/man/man7/samba.7.gz

If it is not included in the standard distribution, then welcome to ftp://ftp.samba.org/pub/samba/samba-latest.tar.gz or almost any server with programs for Linux. The package is easy to install, so in order not to take up space, we will assume that you have it installed. Now let's check if the daemon is running:

$ ps -aux | grep smbd root 1122 0.0 0.6 4440 380 ? S 16:36 0:00 smbd -D

As you can see, I already have it running. If you don’t have it, and you want it to start when the system boots, then in Linux Mandrake, for example, check the desired box in DrakConf- starting services or in Red Hat Control-panel- Service Configuration, usually this is enough. Or start manually: ./etc/rc.d/init.d/smb start. The only Samba configuration file is called smb.conf and is usually located in the /etc directory (although in AltLinux, for example, it is in the /etc/samba directory). The SAMBA service reads it every 60 seconds, so changes made to the configuration take effect without rebooting, but do not apply to already established connections.

This is why I love Linux, because the configuration files are plain text (and well commented inside), and in order to use most of the parameters, you just need to uncomment the corresponding line. The smb.conf file is no exception. It consists of named sections starting with the section name enclosed in square brackets. Inside each section there are a number of parameters in the form key=value. The configuration file contains four special sections: , and separate resources (shares). As the name suggests, the section contains the most general characteristics that will apply everywhere, but which, however, can then be overridden in sections for individual resources. Some parameters in this section are also relevant to configuring the Samba client part.

Values ​​of typical section parameters global:

Workgroup = group_name # name of the workgroup on the Windows network netbios name = name of the server on the network server string = comment that is visible in the network browsing properties window guest ok = yes # allowing guest login (guest ok = no - guest login is prohibited) guest account = nobody # name under which guest login is allowed security = user # Access level. user - at the user level, security = share - authentication based on username and password. When storing the password database on another SMB server, the values ​​security = server and password server = name_server_NT are used. If the server is a member of a domain, the value security = domain is used, the access password is specified in the file defined using the smb passwd file = /path/to/file option.

In addition, during registration you can use encrypted and unencrypted (plain-text) passwords. The latter are used in older Windows (Windows for Workgroups, Windows 95 (OSR2), all versions of Windows NT 3.x, Windows NT 4 (up to Service Pack 3)). To enable the option to use an encrypted password, use the encrypt password = yes option. Please pay special attention to this option. On older Linux distributions that were built during the Windows 95 era (and with an older version of Samba), password encryption is disabled by default, and samba before version 2.0 does not support this mode at all (by the way, this option and similar ones - those that do not relate to access to specific resources - are also used in the client).

For correct display Russian file names require the following options: client code page = 866 and character set = koi8-r. In distributions with good localization, for example, derivatives from Mandrake and Russian ones, this line is already there; sometimes it’s enough just to uncomment it, but in most others you have to add it yourself.

The option interfaces = 192.168.0.1/24 specifies which network (interface) the program should run on if the server is connected to several networks at once. When setting the bind interfaces only = yes parameter, the server will only respond to requests from these networks.

hosts allow = 192.168.1. 192.168.2. 127. - defines clients for whom access to the service is allowed.

In the global section, you can use various variables for more flexible configuration of the server. After the connection is established, real values ​​are substituted instead. For example, in the log file = /var/log/samba/%m.log directive, the %m parameter helps define a separate log file for each client machine. Here are the most common variables used in the global section:

%a - OS architecture on the client machine (possible values ​​- Win95, Win NT, UNKNOWN, etc.);

%m - NetBIOS name of the client computer;

%L - NetBIOS name of the SAMBA server;

%v - SAMBA version;

%I - IP address of the client computer;

%T - date and time;

%u - name of the user working with the service;

%H is the home directory of user %u.

Also, for more flexible configuration, the include directive is used, using the above variables. For example: include = /etc/samba/smb.conf.%m - now when you request sales from a computer and there is a file /etc/samba/smb.conf.sales, the configuration will be taken from this file. If separate file for some machine will not be, then a common file will be used to work with it.

# sudo vim /etc/samba/sambacreds username=proft password=1 username=noboy password=

Set the access rights to 0600

Sudo chmod 0600 /etc/samba/sambacreds

New mount line

Mount -t cifs //192.168.24.101/public /home/proft/shares/public -o user=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101

And an example for /etc/fstab

//192.168.24.101/public /home/proft/shares/public cifs noauto,username=proft,credentials=/etc/samba/sambacreds,workgroup=WORKGROUP,ip=192.168.24.101 0 0

You can open the resource in the Nautilus/Nemo/etc file manager using this path smb://192.268.24.101.

If Nemo writes Nemo cannot handle "smb" locations. it means the package is missing gvfs-smb.

Access to the server with Windows and Android client

Under Windows, you can find out the workgroup from the console using

Net config workstation

You can open resources on a remote machine by typing in the Explorer line or in Run (Start - Run) the UNC address: \192.168.24.101 .

On Android you can connect to the server using ES File Explorer, on the Network tab, add a server, simply by IP (without specifying the scheme, smb). After which you can open the shared resources. For statistics: an HDRIP movie runs without any slowdown.

Additional reading

Or maybe it’s just interest and curiosity that push users to search for various suitable software. Samba is one such software. You need to know how to set up Samba on Ubuntu Server if you want to turn your computer into a database or file storage.

Installing Samba on Ubuntu Server allows you to create a database.

If you thought that the page was dedicated to learning dance, you were slightly mistaken. Samba is free software. It provides access to printers and files. And it does this on various operating systems.

What is it for?

In comparison with other software packages for similar purposes, Samba has several advantages and features.

• Allows you to connect a Unix-like system, i.e., any Linux and Windows system, to each other. And not only Windows. The program is very “omnivorous”: MacOS, Solaris and other operating systems of varying degrees of popularity.
• Samba makes it possible Windows users use Ubuntu computers as a server. That is, use the files to which access has been established, as well as some of the connected devices.
• Supports the NT Domain domain structure, manages NT users, supports member and primary controller functions.

Probably, for many, the main thing from this is communication with Windows machines. In this case, they act as a client, and the Ubuntu computer acts as a server. On the other hand, an Ubuntu user can also access Windows network folders.

Samba has been produced since 1992. And, most importantly, new versions are still being released. The latter was released on March 7, 2017. Every year, developers try to establish compatibility with a large number of different versions of operating systems, but the main feature remains the connection of Linux systems with Microsoft. Compared to Windows Server, Samba may be inferior to it due to the lack of support for some protocols and host infrastructure. However, many argue that the speed of Samba is much higher.

Setting up Samba

Before setting up, the program must be installed. Installing Samba is done in the same way as with other programs - by entering the command into the terminal:

sudo apt-get install samba

Please note right away: all the steps that will be described, including installing the program, can be performed both on simple Ubuntu and on Ubuntu Server. Only the latter has an exclusively text interface available.

After installation you should do backup file configurations:

$ sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

$ sudo vi /etc/samba/smb.conf

Or we edit an existing one. This file contains the basic settings of the Samba server. To figure out what we'll do next, we need to understand what the different lines mean.

• Workgroup - working group. The value of this parameter will also often be Workgroup, since in Windows the default workgroup domain looks like this.
• Netbios name - the name of the Ubuntu computer that is seen Windows users. Here you can enter the value at your discretion.
• Security - user authorization mode. The default is User, that is, authentication at the user level. For now it's better to leave it that way.
• Os level - indicates the priority that Samba has over other clients (PCs) on the local or Internet network.
• Name resolve order - order of IP address resolution by NetBIOS name.
• Read only - the privilege to read or write a directory. The value can be “yes” - read only, “no” - write.

Create a user

This is the simplest action with which you can start working with Samba.

Add a user in the OS itself:

$ useradd -M -l -s /sbin/nologin username

Let's create a password for it:

Let's add our user to the Samba database:

$ smbpasswd -a username

You can perform various other actions using the $ smbpasswd command:

• $ smbpasswd username - change password
• $ smbpasswd -x username - delete a user
• $ smbpasswd -d username - ban user

The server must be rebooted if you make changes to the configuration file. This is done using the command:

$ systemctl restart smb

These are the basic Samba settings. Now you can try to put the program into practice.

Folder access

First, let's try to create a folder that will be accessible to all users, even those who are not authorized in Samba.

We create a folder with which we will then work on two computers:

$ sudo mkdir -p /samba/access

Now we are making extended access for this folder so that any client of ours can open it local network:

$cd/samba
$ sudo chmod -R 0755 access
$ sudo chown -R nobody:nogroup access/

The owner according to the code is nobody.

Now in the server configuration file you need to make two sections: the first one containing basic information:

Workgroup = WORKGROUP
server string = Samba Server %v
netbios name = srvr1
security = user
map to guest = bad user
name resolve order = bcast host
dns proxy = no
#==============
And the second one, containing data about the access folder:

Path = /samba/access
browsable =yes
writable = yes
guest ok = yes
read only = no

The sections follow one after another in the same order.

Update server changes:

$ sudo service smbd restart

Actions with a Windows computer

On Windows, you also need to perform some steps so that you can easily open a new shared folder and edit it.

1. Open the command line. It is advisable to do this with extended rights, i.e. as an administrator.
2. We execute the command:
3. notepad C:\Windows\System32\drivers\etc\hosts
4. A file opens in which we enter the following line:
5. 168.0.1 srvr1.domain.com srvr1
   Thanks to it, the folder will become accessible.
6. You can open it using the “Run” line. Press Win + R, enter: After this, a folder will open for us.

Closed folder

A configured Samba server can also be used to create network folders with limited access. Such a folder must also be created first and then added to the Samba configuration.

Let's make a folder called "Closed":

$ sudo mkdir -p /samba/allaccess/closed

Let's create a special group that can have access to this folder:

$ sudo addgroup securedgroup

We create special rights for different groups:

$ cd /samba/access
$ sudo chown -R richard:securedgroup closed
$ sudo chmod -R 0770 closed/

Just as in the case of an open folder, we add information to the configuration:

Path = /samba/access/closed
valid users = @securegroup
guest ok = no
writable = yes
browsable = yes

We restart the server.

As you can understand, we created a Closed folder inside Access. Thus, Access can be opened by every user on the local network, but in order to view and edit Closed, you need to have special rights.

To make sure that everything works exactly as we specified in the batch file, you can perform a few simple steps.

This article will discuss creating a wireless local network for devices running various operating systems Windows, Linux, Android using Samba.

Nowadays, almost every apartment has Wi-Fi network, and there is also a large number of different devices (laptops, smartphones, tablets, Android TV Box). In this regard, sooner or later there will be a need to combine all devices available for use into one home network in order to easily access all kinds of files from any gadget.

This is actually what will be discussed in this opus. So let's get started.

For network construction, we will use a ready-made solution called Samba. This is the package free programs open source, allowing you to connect to network drives, printers and other equipment on various operating systems using its own SMB/CIFS protocol.

The software consists of two parts - server and client. We will install the Samba server on one of the devices, which by definition will be the main one, and the Samba client on all the others.

Installing the Samba server

In my case, for the server device I chose a laptop on which Windows 7 and Ubuntu Mate 16.04 were installed in parallel. Below we will look in detail at the process of installing and configuring Samba for both operating systems.

Setting up samba server under Linux

By default, Samba is not installed in Ubuntu, so you need to do so before moving on. As an option, in order not to subsequently edit the Samba configuration file through the terminal, we will install the Gadmin-Samba program, which includes, in addition to the Samba server packages and GUI.

To install, type in the terminal:

Sudo apt install gadmin-samba

Once the installation is complete, launch Gadmin Samba. The application interface is not Russified, but understanding the settings is quite simple.

There are a lot of settings in the program, but by and large, in our case we are interested in the “users” tab. Go to it and add a new user.

Click the “New user” button, in the updated window, enter the user name, come up with a password, add it to the group (in order not to “invent the wheel”, indicate the existing one, namely “sambausers”) and set the home directory for the files. After that, click "Apply".

HD Videobox - new user

To apply the changes, restart the server using the “deactivate” and “activate” buttons, respectively, located in the upper left corner of the application window.

Don't forget to also set access rights to "shared" for sharing folders. This can be done either through the terminal or through the graphical interface of the Nautilus file explorer.

Nautilus - changing permissions

Nautilus - File Write Permission

Setting up samba server on Windows

In the case of Windows, everything is much more prosaic, since Samba is used by default in this operating system.

In principle, you can use an existing account or enable guest access. Alternatively, you can create another account, the data of which will be used for network access

To create a new account you need to go to the "control panel", select "user account management" and create new account with a password.

Adding a new account

When creating a new user, you will need to select an account type, create a name and password.

At the last stage, you will need to set rights to view changes to “shared” folders. This can be done in standard Windows Explorer via point context menu"properties", in relation to the folder you need.

"Sharing" a folder

Adding a user and changing folder permissions

After creating a new user, be sure to re-login to the current session for the changes to take effect.

Installing the Samba client on Android

To access the Samba server and, accordingly, network drives on devices running Android control I recommend using the Root Explorer application (download link full version no advertising at the end of the article).

Samba is software for organizing file exchange and working with shared resources between computers running Linux/Unix and operating system Windows. Samba consists of a client and server part. The client part allows you to access network folders and Windows resources, and the server part, in turn, opens general access to the Ubuntu folder for other machines, including Windows.

This short tutorial will cover simplest setup Samba Ubuntu 18.04, and how to set up Ubuntu folder sharing with multiple privilege levels.

We will create three shared folders with different permission levels. A folder with anonymous access, with access for users belonging to a specific group and access only for a specific user.

Both Linux and Windows machines can access shared folders in Ubuntu, using any program running over the SMB protocol.

In order for everything to work correctly, all machines must be in the same workgroup specified on the Samba server. By default, for Windows, Linux, and MacOS, the workgroup is called Workgroup. To find out which workgroup is used in your Windows, open the command line (Win+R, then cmd) and run the following command:

net config workstation

We see the parameter we need in the line Domain workstation . This is the working group.

Now, if a computer with a Samba server on your network has a permanent IP address, it is advisable to enter it in hosts file. To do this, run the command line as an administrator:

And run the command:

notepad C:\Windows\System32\drivers\etc\hosts

In the file that opens, add a line with the IP address of the computer on which Samba will be installed:

192.168.0.1 srvr1.domain.com srvr1

Now you can move on to the question of how to share the Ubuntu folder.

Setting up Samba on Ubuntu 16.04

Let's start, as usual, with installation. Installing Samba Ubuntu along with all the necessary components is done with the command:

sudo apt-get install -y samba samba-common python-glade2 system-config-samba

Once everything is installed, you can proceed to configuration. First, create a backup of your original Samba configuration file:

sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.bak

After creation backup copy, create your configuration file with this command:

sudo vi /etc/samba/smb.conf

First, let's specify the global file server settings. To do this, insert the following lines into the file:

workgroup = WORKGROUP

netbios name = Ubuntu Share
dns proxy = no

max log size = 1000
passdb backend = tdbsam
unix password sync = yes

pam password change = yes
map to guest = bad user
usershare allow guests = yes

Let's take a closer look at what these lines mean.

• workgroup- the working group, as already mentioned, should be the same on all machines
• netbios name- computer name that will be displayed in Windows;
• log file- the address of the file where error messages and other information will be stored;
• security- Perform user-level authentication by default;
• name resolve order- order of resolution of IP addresses by NetBIOS name. bcast - means to send a broadcast request to the local network. If all the computers between which interaction is planned are on the same network, this option is optimal;
• passdb backend- method of storing user passwords;
• unix password sync- synchronization of samba user passwords with local Unix passwords;
• map to guest- indicates when the user will be granted guest access. Three values ​​are available - never- never, bad user- when such user does not exist, bad password- when the password is entered incorrectly,

When you complete creating the configuration file, we move on to the question of how to share the Ubuntu folder for Windows.

Ubuntu Folder Sharing

First, let's create a shared folder accessible to everyone. That is, with anonymous access, without samba authorization.

Create a folder to which we will share access, for example:

sudo mkdir -p /samba/allaccess

After the folder is created, you need to set the correct access rights for it. The following commands allow access to the folder to everyone and make the owner nobody:

cd /samba
sudo chmod -R 0755 allaccess
sudo chown -R nobody:nogroup allaccess/

The next step is to describe the allaccess folder in the samba configuration file:

path = /samba/allaccess
browsable = yes
writable = yes
guest ok = yes
read only = no

Your configuration file should now look like this:

workgroup = WORKGROUP
server string = %h server (Samba, Ubuntu)
netbios name = Ubuntu Share
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
passdb backend = tdbsam
unix password sync = yes
passwd program = /usr/bin/passwd %u
pam password change = yes
map to guest = bad user
usershare allow guests = yes
#==============
path = /samba/allaccess
browsable = yes
writable = yes
guest ok = yes
read only = no

Let's take a closer look at the options that were used here:

• path- path to the folder that needs to be shared;
• browsable- whether the folder will be displayed in the list of available shares;
• writable- whether the folder will be writable;
• read only- the folder is read-only;
• guest ok, public- whether guest access will be allowed;
• only guest- if set to yes, then the folder will be accessible only to guests;
• hosts allow- IP addresses from which you can access this server;
• valid users- by default, all users can log in; if you pass a list of users in this parameter, then only they can log in;
• create mask- rights mask for created files.

To apply the changes, restart the Samba server:

sudo systemctl restart samba

Setting up Samba Ubuntu 16.04 for anonymous access is complete. Now you can check the availability of the allaccess shared folder from Windows, to do this, press Win+R and run:

\\srvr1\allaccess

You will see our folder. If you don't see it, check your configuration again. The folder can be accessed without samba authorization. Setting up Samba shares with access without authorization is complete.

You can also connect to this server from Linux using Nautilus; just type the address smb://ip-server, in the section other places:

Secure Folder Sharing Ubuntu

To share a folder for Windows Ubuntu that only users from a certain group will have access to, we will create a separate folder and describe it in the Samba configuration file in Ubuntu.

First we create a folder:

sudo mkdir -p /samba/allaccess/secured

Create a group:

sudo addgroup securedgroup

Setting up rights:

cd /samba/allaccess
$ sudo chown -R richard:securedgroup secured
$ sudo chmod -R 0770 secured/

The last step is to add settings to the samba configuration file:

sudo vi /etc/samba/smb.conf

path = /samba/allaccess/secured
valid users = @securegroup
guest ok = no
writable = yes
browsable = yes

Restart the Samba server. Now access to shared folder In Ubuntu, only users of the securegroup can get it.

To check how this works, let's add the user richard to our group:

sudo usermod -a -G securedgroup richard

Samba is a program that allows UNIX/Linux computers to simulate Windows machines. Using Samba, computers can share files or manage print jobs as file servers or Windows print servers. Like the UNIX/Linux operating system on which it runs, Samba is open source software developed by many programmers.

SMB protocol is used Microsoft Windows 2000, NT and 95/98 for organizing access to disks and printers. Using the Samba suite of utilities from Andrew Tridgell ( [email protected]), UNIX machines (including Linux) can provide access to disks and printers for Windows machines. smbfs utilities written by Paal-Kr. Engstad ( [email protected]) and Volker Lendecke ( [email protected]), enable UNIX machines to mount SMB resources available on Windows or Samba machines.

Using Samba you can implement the following most common ones:

1. Give access to Linux disks to Windows machines.
2. Access Windows disks for Linux machines.
3. Provide access to Linux printers for Windows machines.
4. Access Windows printers from Linux systems.

Installing and testing Samba

Installation, as you know, should begin with a detailed study of the documentation. True, the majority system administrators they neglect this rule, guided by another: “If all else fails, read the documentation.” In general, we recommend starting the Samba installation with a simple command: $ man samba (Fig. 1).

And also from reading the documentation available on the website http://www.samba.org/. It should be noted that to use Samba, your machine must be on a single Ethernet segment of the local network, while using the TCP/IP protocol. Samba will not work when using others network protocols. This is basically easy since Linux and Windows 95/98/NT come with TCP/IP support. However, if you are using Windows 3.x machines, you will need to add TCP/IP support.

Where to get it

To get the source texts latest version Samba, contact http://www.samba.org/ and select the mirror server closest to you: ftp://ftp.samba.org/. The Samba package is included in the distribution kits of a number of UNIX/Linux systems, for example Rad Hat or Suse Linux. Carefully study the documentation of your Linux, and it is quite possible that you will only need to insert the CD and install the Samba packages. In this case, you can continue reading the article from the next chapter.

After receiving this package, extract everything that is labeled *.tar.gz, for example, into the /tmp directory (and you don’t have to be root for this:), that is:

$ tar -zxvf samba-latest.tar.gz

If you have no problems extracting this package, you will find a new directory, such as samba-latest, with the extracted files in it. Go to it, look at the “README” and “Manifest” files - installation instructions are in the last file and look something like this:

$ ./configure $ make $ su # make install

Now you need to pay attention to where your configuration files are located. Most Samba distributions by default place them in the /etc directory and themselves in the /usr/local/samba directory.

Samba configuration

Basic Samba configuration information is found in the smb.conf file. This file should be handled with care. If you plan to modify the running version in any way, be sure to make a copy.

In order to start the server for the first time, you must have a working version of the smb.conf file. Go to the directory where your configuration file should be located. Most likely it will be /etc or /usr/local/samba/lib. Make a copy this file, for example smb.old, - this is possible if you have root rights. Now that you have a “clean” file, you can enter the simplest configuration, that is, type the following lines:

#Basic Samba configuration file (smb.conf) workgroup = PTO netbios name = GALKA

We'll look at what these lines in the configuration file mean below, but first we'll take a break from that for a moment and move on to the SMB daemons.

Launching daemons

There are two SMB daemons: /usr/sbin/smbd and /usr/sbin/nmbd. You can run Samba daemons from inetd or as a standalone process. Samba will respond slightly faster if it is running as a standalone process.

Sometimes it is necessary to check for lines like this in the /etc/services file:

Netbios-ns 137/tcp nbns netbios-ns 137/udp nbns netbios-dgm 138/tcp nbdgm netbios-dgm 138/udp nbdgm netbios-ssn 139/tcp nbssn

Make sure they are all uncommented. Depending on your distribution, you may even need to add them to this file. Samba will not be able to bind to the appropriate ports unless these lines are in the /etc/services file.

To start daemons from inetd, place the following lines in the inetd configuration file, /etc/inetd.conf:

# SAMBA NetBIOS services (for PC file and print sharing) netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd

Then restart the inetd daemon by running the command:

Kill -HUP 1 `cat /var/run/inetd.pid`

To start daemons from system startup scripts, place the following script in the file /etc/rc.d/init.d/smb (for the RedHat distribution) or /etc/rc.d (for the Suse Linux distribution) and create symbolic links to it with names like /etc/rc.d/rcX.d/S91smb (starts SMB services in multi-user mode), /etc/rc.d/rcX.d/K91smb (kills SMB services when shutting down), /etc/rc.d/rc6 .d/K91smb (kills SMB services on reboot), where X is the number boot level systems, usually this is the number 2 or 3.

#! /bin/sh . /etc/rc.config # Determine the base and follow a runlevel link name. base=$(0##*/) link=$(base#*) # Force execution if not called by a runlevel directory. test $link = $base && START_SMB=yes test "$START_SMB" = "yes" || exit 0 # The echo return value for success (defined in /etc/rc.config). return=$rc_done case "$1" in start) echo -n "Starting SMB services:" startproc /usr/sbin/nmbd -D || return=$rc_failed startproc /usr/sbin/smbd -D || return=$rc_failed echo -e "$return" ;; startd) echo -n "Starting SMB services:" startproc /usr/sbin/nmbd -D -d 10 || return=$rc_failed startproc /usr/sbin/smbd -D -d 10 || return=$rc_failed echo -e "$return" ;; stop) echo -n "Shutting down SMB services:" killproc -TERM /usr/sbin/nmbd || return=$rc_failed killproc -TERM /usr/sbin/smbd || return=$rc_failed echo -e "$return" ;; restart|reload) $0 stop && $0 start || return=$rc_failed ;; status) echo -n "Checking for service smb: " checkproc /usr/sbin/nmbd && echo -n "OK " || echo -n "No process " checkproc /usr/sbin/smbd && echo "OK " || echo "No process" ;; *) echo "Usage: $0 (start|stop|restart|reload|status)" exit 1 esac # Inform the caller not only verbosely and set an exit status. test "$return" = "$rc_done" || exit 1 exit 0

If you receive a message when you start Samba saying that the daemon cannot connect to port 139, then most likely you already have Samba processes running that have not been terminated. Look at the list of processes (using the command "ps ax | grep mbd") to determine if there are any Samba services still running. If the daemons refuse to start for some other reason, then most likely this script does not fit your UNIX/Linux and you will have to dig into the documentation again, correct something in it, and maybe even rewrite it.

Basic smb.conf setting

Obviously, in the configuration described above, Samba can function, but practically nothing can be done. More useful and complex examples. But first you need to understand the smb.conf directives.

Each section of the file begins with a section header, such as , , etc.

Now go to the very first tab “Configuration” and click on the “File and print sharing” button. In the window that appears, you need to check the boxes “The files on this computer can be shared” (I want to be able to give others access to my files) and “The printers on this computer can be shared” (I want to be able to allow others to print to my printer(s)).

And finally, we indicate to Windows that Samba is a WINS server and it will be the browse master. To do this, go to the properties of the TCP/IP protocol (Fig. 4). In the window that appears, select “WINS Configuration”. Check the box “Enable WINS Resolution”. In the “Primary WINS Server Search Order” field that appears, enter the IP address of the server (Samba) - 192.168.0.1 and click “Add” or just go to the “Advanced” tab and click on “Browse Master” in the left window, and in the right window set the value to “Disabled” That’s all. Now all you have to do is click the “OK” button several times and restart Windows.

In Windows NT, the network properties screens are slightly different (shown in the pictures), but the basic concept remains the same.

After restarting Windows, feel free to click on “Network Neighborhood” and you will be able to see the Samba server, as well as your home directory on the Linux server. Now you can simply connect these resources like network drives and assign them drive letters.

Let's complicate the configuration a little: we will make the /home/public directory readable by everyone, but we will only allow people from the ADMINS group to place information in it. To do this, change the entry as follows:

Comment = Public Stuff path = /home/public public = yes writable = yes printable = no write list = @ADMINS

There are many more examples of Samba file server settings that can be given, but it would be better if you look at the Samba documentation or man pages and figure them out yourself.

Accessing Windows Disks from Linux

It is unlikely that novice Linux OS users will be able to quickly understand the system for accessing Linux files from Windows, and vice versa. But it's not all that complicated. Access to Linux resources from Windows was briefly described above, and we will now consider access to Windows resources from Linux.

The SMB client program for UNIX/Linux machines is included in the Samba distribution. It provides an ftp-like interface command line. You can use this utility to transfer files between a Windows "server" and a Linux client.

To see what resources are available on a given machine, run the command:

/usr/sbin/smbclient -L host

where host is the name of the machine you want to see. This command will return a list of service names - that is, the names of drives or printers that can be accessed. Until the SMB server is configured without access control, it will prompt you for a password. When prompted, enter the password for the “guest” user or your personal password on this machine.

To use the client, run the following command:

/usr/sbin/smbclient service

where service is the name of the machine and service. For example, if you are trying to access a directory that is accessible as public on a machine called galka, then the service name should be \\galka\public.

You will receive a smbclient prompt:

Server time is Wen May 22 15:58:44 2001 Timezone is UTC+10.0 Domain= OS= Server= smb: \>

The commands for using Samba are the same as ftp, but if you don't know how to use either, type h for help.

Of course, you can use smbclient for testing, but very soon you will get tired of it. To work, you will most likely need the smbfs package. Smbfs comes with two simple utilities - smbmount and smbumount. They work similar to mount and umount for SMB resources. For example,

Smbmount//computer_name/catalog/Mountpoint -U user_name

As a result, you will receive a “mounted” resource with the ability to access it using the usual Explorer methods.

Print server for Linux

To access a Linux printer from Windows machines, you need to make sure that the printer runs on Linux. If you can print under Linux, then accessing the printer will be very simple.

Add the printer setting to your smb.conf file:

Printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba-log.%m lock directory = /var/lock/samba comment = All Printers security = server path = /var/spool /lpd/lp browseable = no printable = yes public = yes writable = no create mode = 0700 security = server path = /var/spool/lpd/lp printer name = lp writable = yes public = yes printable = yes print command = lpr -r -h -P %p %s

Make sure that the path to the printer (in our case for ) matches the spool directory specified in the /etc/printcap file, that is, check for the presence of the lines:

Printcap name = /etc/printcap load printers = yes

These lines control whether all printers listed in /etc/printcap should be loaded by default. In this case, there is no need to configure each printer separately. The section specifies settings for printers that you want to define explicitly. If the print subsystem you are using does not work this way (BSD), then you will need to set up a fake printcap file (or use the "print command", see below). To receive additional information For the printcap system, see Printing-HOWTO.

Access to Windows printer from machines running Linux

To access the printer on a Windows machine, the following conditions must be met:

1. You need to have the correct entries in the /etc/printcap file to match the local directory structure (for the spool directory, etc.)
2. You should have the script /usr/bin/smbprint. It comes with the Samba sources, but not all Samba binary distributions.
3. If you want to convert ASCII files to PostScript, you must have nenscript or its equivalent. The nenscript program is a PostScript converter that is usually installed in the /usr/bin directory.

The entry in the /etc/printcap file below is for an HP 5MP printer on Windows server N.T. The following fields in the /etc/printcap file are used:

Cm - comment; lp - name of the device to be opened for output; sd - printer spool directory (on the local machine); af - printer usage accounting file; mx- maximum size file (zero - no restrictions); if - name of the input filter (script).

Fragment of the /etc/printcap file:

# /etc/printcap # # //galka/oreilly via smbprint # lp:\ :cm=HP 5MP Postscript OReilly on galka:\ :lp=/dev/lp1:\ :sd=/var/spool/lpd/lp: \ :af=/var/spool/lpd/lp/acct:\ :mx#0:\ :if=/usr/bin/smbprint:

Make sure that the buffer directories and the directory used for usage tracking exist and have write permission. Make sure that the "if" line contains the correct path to the smbprint script (given below) and that the entries point to the correct output device (the /dev special file).

#!/bin/sh –x # # Debugging log file, change to /dev/null if you like. # logfile=/tmp/smb-print.log # logfile=/dev/null # # The last parameter to the filter is the accounting file name. # spool_dir=/var/spool/lpd/lp config_file=$spool_dir/.config # Should read the following variables set in the config file: # server # service # password # user eval `cat $config_file` # # Some debugging help, change the >> to > if you want to same space. # echo "server $server, service $service" >> $logfile (# NOTE You may wish to add the line `echo translate" if you want automatic # CR/LF translation when printing. echo translate echo "print -" cat) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $user -N -P >> $logfile

Most Linux distributions come with a program called nenscript to convert ASCII documents to PostScript.

Conclusion

Until recently, Samba's capabilities were limited to those listed above. However, we can say with confidence that the new version of Samba 2.2 catches up with Windows 2000 in functionality and contains additional improvements. One of Samba's lead developers, Jeremy Allison, calls it a "major update" that will help Samba systems integrate more easily into Microsoft networks. The software provides savings not only because you don't have to pay for a server OS, but also because you don't have to pay for "client" licenses for all the computers that use the server.

About new features of Samba 2.2. read our article “Samba 2.2 - what new » .

ComputerPress 10"2001