OReilly using samba 2nd edition feb 2003 ISBN 0596002564

support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients.... You are reading a

2000, ME, and XP, the book also explores

Samba's new role as a primary domain

controller and domain member server, its

support for the use of Windows NT/2000/XP authentication and filesystem security on the host Unix system, and accessing shared files and printers from Unix clients.

Permission is granted to copy, distribute, and/or modify thisdocument under the terms of the GNU Free Documentation

License, Version 1.2 or any later version published by the FreeSoftware Foundation; with no Invariant Sections, with the

Front-Cover Texts being "Using Samba, by Jay Ts, Robert

Eckstein, and David Collier-Brown, published by O'Reilly &

Associates," and with no Back-Cover Texts A copy of the license

is included in the Appendix entitled GNU Free Documentation License.

Printed in the United States of America

Published by O'Reilly & Associates, Inc., 1005 Gravenstein

Highway North, Sebastopol, CA 95472

O'Reilly & Associates books may be purchased for educational,business, or sales promotional use Online editions are also

available for most titles (http://safari.oreilly.com) For moreinformation, contact our corporate/institutional sales

department: (800) 998-9938 or corporate@oreilly.com

Nutshell Handbook, the Nutshell Handbook logo, and the

O'Reilly logo are registered trademarks of O'Reilly & Associates,Inc Many of the designations used by manufacturers and

sellers to distinguish their products are claimed as trademarks.Where those designations appear in this book, and O'Reilly &Associates, Inc was aware of a trademark claim, the

designations have been printed in caps or initial caps The

association between the image of an African ground hornbill andthe topic of Samba is a trademark of O'Reilly & Associates, Inc

While every precaution has been taken in the preparation of thisbook, the publisher and authors assume no responsibility forerrors or omissions, or for damages resulting from the use ofthe information contained herein

You are reading a book about Samba, a software suite that

networks Windows, Unix, and other operating systems usingWindows' native networking protocol Samba allows Unix

servers to offer Windows networking services by matching thefilesystem and networking models of Unix to those of Windows.Samba acts as a bridge between the two systems, connectingthe corresponding parts of their architectures and providing atranslation wherever necessary

Bridging the gap between systems as dissimilar as Windows andUnix is a complex task, which Samba handles surprisingly well

To be a good Samba administrator, your abilities must parallelSamba's For starters, you need to know basic Unix system andnetwork administration and have a good understanding of

Windows filesystems and networking fundamentals In addition,you need to learn how Samba fills in the "gray area" betweenUnix and Windows Once you know how everything fits

Windows networking in Chapter 1

, followed by tutorially-oriented Chapter 2 and Chapter 3, which tell you how to set up

a minimal Samba server and configure Windows clients to workwith it Most likely, you will be surprised how quickly you cancomplete the required tasks

We believe that a hands-on approach is the most effective, andyou can use the Samba server you build in Chapter 2 and

show and describe throughout the book You can jump aroundfrom chapter to chapter if you like, but if you continue

feature

This book is primarily intended for Unix administrators whoneed to support Windows clients on their network, as well asanyone who needs to access the resources of a Windows

network environment from a Unix client While we assume you

are familiar with basic Unix system administration, we do not

assume you are a networking expert We do our best along theway to help out with unusual definitions and terms

Furthermore, we don't assume that you are an expert in

Microsoft Windows We carefully explain all the essential

concepts related to Windows networking, and we go throughthe Windows side of the installation task in considerable detail,providing examples for both Windows 95/98/Me and WindowsNT/2000/XP, which are significantly different For the Unix side,

we give examples that work with common Unix operating

systems, such as Linux, Solaris, FreeBSD, and Mac OS X

network from Unix client systems

sharing services

NetBIOS computer names into IP addresses, and browsing, themethod used in SMB networking to find what resources arebeing shared on the network

covers more advanced functions such as permissions, accesscontrol lists, opportunistic locks, and setting up a Distributedfilesystem tree

to Samba security, and shows you how to work with encryptedand nonencrypted passwords

the SMB network, and allowing Unix workstations to access SMBshared printers

Samba configuration options, computer names, user andgroup names, hostnames, domain names, other code thatappears in the text, and command-line information thatshould be typed verbatim on the screen

We have tested and verified the information in this book to thebest of our ability, but you might find that features have

changed (or even that we have made mistakes!) Please let usknow about any errors you find, as well as your suggestions forfuture editions, by writing to:

bookquestions@oreilly.com

We have a web page for this book where we list examples andany plans for future editions You can access this informationat:

http://www.oreilly.com/catalog/samba2

You can also contact Jay Ts, the lead author of this edition,

through his web site at:

http://www.jayts.com

We thank Leon Towns-von Stauber for thoroughly researchingthe use of Samba on Mac OS X and writing material that

appears in Chapter 2, Chapter 5, and Chapter 10, as well as theentire Appendix F We also thank our technical reviewers SamJohnston, Matthew Temple, Marty Leisner, and Don McCall

Jay Ts

This book would have been extremely difficult to write if it

hadn't been for the copy of VMware Workstation graciously

provided by VMware, Inc I want to thank Rik Farrow for hisclarifying comments on security topics related to Samba andWindows, and both him and Rose Moon for their supportive

friendship Thanks also go to Mark Watson for his

encouragement and advice on the topic of authoring technicalbooks Additionally, I'd like to express my appreciation to AndyOram at O'Reilly for being a supportive, friendly, and easygoingeditor, and for offering me terms that I could say yes

tosomething that a few other publishers didn't even approach.SuSE, Inc generously provided a copy of SuSE Linux 8.1

Professional

Robert Eckstein

I'd first like to recognize Dave Collier-Brown and Peter Kelly forall their help in the creation of this book I'd also like to thankeach technical reviewer who helped polish this book into shape

on such short notice: Matthew Temple, Jeremy Allison, and ofcourse Andrew Tridgell Andrew and Jeremy deserve specialrecognition, not only for creating such a wonderful product, but

of this bookhats off to you, guys! A warm hug goes out to mywife Michelle, who once again put up with a husband loadeddown with too much caffeine and a tight schedule Thanks toDave Sifry and the people at LinuxCare, San Francisco, for

hosting me on such short notice for Andrew Tridgell's visit Andfinally, a huge amount of thanks to our editor, Andy Oram, who(very) patiently helped guide this book through its many stagesuntil we got it right

David Collier-Brown

I'd particularly like to thank Joyce, who put up with me duringthe sometimes exciting development of the book My thanks toAndy Oram, who was kind enough to provide the criticism thatallowed me to contribute; the crew at ACE (Opcom) who

humored the obvious madman in their midst; and Ian

MacMillan, who voluntarily translated several of my early draftsfrom nerd to English I would also like to give special thanks toPerry Donham, Drew Sullivan, and Jerry DeRoo for starting andsustaining this mad project Finally, I'd like to thank Bob

Eckstein for a final, sustained, and professional effort that liftedthe whole book up to the level that Andy needed

All

We would especially like to give thanks to Perry Donham andPeter Kelly for helping mold the first draft of this book AlthoughPerry was unable to contribute to subsequent drafts, his

material was essential to getting this book off on the right foot

In addition, some of the browsing material came from text

originally written by Dan Shearer for O'Reilly

Samba is an extremely useful networking tool for anyone whohas both Windows and Unix systems on his network Running

under heavy loads, outperforming Windows 2000 Server by afactor of 2 to 1 on identical PC hardware, according to publishedthird-party benchmarks When common, inexpensive PC

hardware fails to meet the demands of a huge client load, theSamba server can easily be moved to a proprietary "big iron"Unix mainframe, which can outperform Windows running on a

PC many times If all that weren't enough, Samba has a verynice cost advantage: it's free Not only is the software itself

freely available, but also no client licenses are required, and itruns on high-quality, free operating systems such as Linux andFreeBSD

After reading the previous paragraph, you might come to theconclusion that Samba is commonly used by large organizationswith thousands of users on their networksand you'd be right!But Samba's user base includes organizations all over the

planet, of all types and sizes: from international corporations, tomedium and small businesses, to individuals who run Samba ontheir Linux laptops In the last case, a tool such as VMware isused to run Windows on the same computer, with Samba

enabling the two operating systems to share files

corporations, banks and other financial institutions, governmentand military organizations, schools, public libraries, art

galleries, families, and even authors! This book was developed

on a Linux system running VMware and Windows 2000, withAdobe FrameMaker running on Windows and the document filesserved by Samba from the Linux filesystem

Does all this whet your technological appetite? If so, we

encourage you to keep reading, learn about Samba, and followour examples to set up a Samba server of your own In this andupcoming chapters, we will tell you exactly how to get started

Samba is a suite of Unix applications that speak the Server

Message Block (SMB) protocol Microsoft Windows operatingsystems and the OS/2 operating system use SMB to performclient-server networking for file and printer sharing and

associated operations By supporting this protocol, Samba

enables computers running Unix to get in on the action,

communicating with the same networking protocol as MicrosoftWindows and appearing as another Windows system on the

network from the perspective of a Windows client A Sambaserver offers the following services:

systems and Samba servers offer on the network

Samba is the brainchild of Andrew Tridgell, who currently headsthe Samba development team Andrew started the project in

1991, while working with a Digital Equipment Corporation (DEC)

Without knowing the significance of what he was doing, Andrewcreated a file-server program for an odd protocol that was part

of Pathworks That protocol later turned out to be SMB A fewyears later, he expanded upon his custom-made SMB serverand began distributing it as a product on the Internet under thename "SMB Server." However, Andrew couldn't keep that nameitalready belonged to another company's productso he tried thefollowing Unix renaming approach:

nmbd

A daemon that supports NetBIOS Name Service and WINS,which is Microsoft's implementation of a NetBIOS Name

Server (NBNS) It also assists with network browsing

source software (http://opensource.org) by its authors and isdistributed under the GNU General Public License (GPL) Sinceits inception, development of Samba has been sponsored inpart by the Australian National University, where Andrew

Tridgell earned his Ph.D Since then, many other organizationshave sponsored Samba developers, including LinuxCare, VALinux Systems, Hewlett-Packard, and IBM It is a true

testament to Samba that both commercial and noncommercialentities are prepared to spend money to support an open

source effort

Microsoft has also contributed by offering its definition of theSMB protocol to the Internet Engineering Task Force (IETF) in

1996 as the Common Internet File System (CIFS) Although weprefer to use the term "SMB" in this book, you will also oftenfind the protocol being referred to as "CIFS." This is especiallytrue on Microsoft's web site

As explained earlier, Samba can help Windows and Unix

computers coexist in the same network However, there aresome specific reasons why you might want to set up a Sambaserver on your network:

You don't want to pay foror can't afforda full-fledged

Windows server, yet you still need the functionality that oneprovides

The Client Access Licenses (CALs) that Microsoft requiresfor each Windows client to access a Windows server areunaffordable

You want to provide a common area for data or user

directories to transition from a Windows server to a Unixone, or vice versa

You want to share printers among Windows and Unix

workstations

You are supporting a group of computer users who have amixture of Windows and Unix computers

You want to integrate Unix and Windows authentication,maintaining a single database of user accounts that workswith both systems

You want to network Unix, Windows, Macintosh (OS X), andother systems using a single protocol

Let's take a quick tour of Samba in action Assume that we

have the following basic network configuration: a Samba-enabled Unix system, to which we will assign the name toltec,and a pair of Windows clients, to which we will assign the

names maya and aztec, all connected via a local area network(LAN) Let's also assume that toltec also has a local inkjet

printer connected to it, lp, and a disk share named spiritboth

of which it can offer to the other two computers A graphic ofthis network is shown in Figure 1-1

time, but for our basic network example, we'll have only one:the METRAN workgroup

1.2.1 Sharing a Disk Service

If everything is properly configured, we should be able to seethe Samba server, toltec, through the Network Neighborhood

of the maya Windows desktop In fact, Figure 1-2 shows theNetwork Neighborhood of the maya computer, including toltecand each computer that resides in the METRAN workgroup

network at any given time If a user clicks the Entire Networkicon, she will see a list of all the workgroups that currently exist

as shown in Figure 1-3 Note that the Windows display showshostnames in mixed case (Toltec) Case is irrelevant in

hostnames, so you might see toltec, Toltec, and TOLTEC in

various displays or command output, but they all refer to a

single system Thanks to Samba, Windows 98 sees the Unixserver as a valid SMB server and can access the spirit folder

as if it were just another system folder

Figure 1-3 Shares available on the Toltec server

as viewed from maya

Once you do so, your applications can access the folder acrossthe network using the drive letter You can store data on it,install and run programs from it, and even password-protect itagainst unwanted visitors See Figure 1-4 for an example ofmapping a drive letter to a network directory

[1] You can also right-click the shared resource in the Network Neighborhood and then select the Map Network Drive menu item.

\\network-computer\directory

This is known as the Universal Naming Convention (UNC) in theWindows world For example, the dialog box in Figure 1-4

confuse the two: URLs such as http://www.oreilly.com use

forward slashes instead of backslashes, and they precede theinitial slashes with the data transfer protocol (i.e., ftp, http) and

a colon (:) In reality, URLs and UNCs are two completely

separate things, although sometimes you can specify an SMBshare using a URL rather than a UNC As a URL, the

\\toltec\spirit share would be specified as smb://toltec/spirit.

Once the network drive is set up, Windows and its programsbehave as if the networked directory were a local disk If youhave any applications that support multiuser functionality on anetwork, you can install those programs on the network drive.[2]

with other storage devices in the Windows 98 client Note thepipeline attachment in the icon for the J: drive; this indicatesthat it is a network drive rather than a fixed drive

a few more icons, but eventually we can get to the view of thetoltec server as shown in Figure 1-6 This is from a Windows

2000 system Setting up the network drive using the Map

Network Drive option in Windows 2000 works similarly to otherWindows versions

Figure 1-6 Shares available on Toltec (viewed

from dine)

1.2.2 Sharing a Printer

Setting up a Samba-enabled printer on the Windows side is

even easier than setting up a disk share By double-clicking theprinter and identifying the manufacturer and model, you caninstall a driver for this printer on the Windows client Windowscan then properly format any information sent to the networkprinter and access it as if it were a local printer On Windows

98, double-clicking the Printers icon in the Control Panel opensthe Printers window shown in Figure 1-7 Again, note the

Pid DenyMode R/W Oplock Name

Now that you have had a brief tour of Samba, let's take sometime to get familiar with Samba's adopted environment: an SMBnetwork Networking with SMB is significantly different fromworking with common TCP/IP protocols such as FTP and Telnetbecause there are several new concepts to learn and a lot ofinformation to cover First, we will discuss the basic conceptsbehind an SMB network, followed by some Microsoft

from one computer to the next

In late 1985, IBM released one such protocol, which it merged

with the NetBIOS API to become the NetBIOS Extended User Interface (NetBEUI ) NetBEUI was designed for small LANs,

and it let each computer claim a name (up to 15 characters)that wasn't already in use on the network By a "small LAN," wemean fewer than 255 nodes on the networkwhich was