This chapter introduces the structure of the Samba configuration file and shows you how to use these options to create and modify disk shares.. In a nutshell, this configuration file set
Trang 14 Disk Shares
In the previous three chapters, we showed you how to install Samba on a Unix server and set up Windows clients to use a simple disk share This chapter will show you how Samba can assume more productive roles on your network
Samba's daemons, smbd and nmbd, are controlled through a single ASCII file, smb.conf, that can contain over 200 unique options These options
define how Samba reacts to the network around it, including everything from simple permissions to encrypted connections and NT domains The next five chapters are designed to help you get familiar with this file and its options Some of these options you will use and change frequently; others you may never use - it all depends on how much functionality you want Samba to offer its clients
This chapter introduces the structure of the Samba configuration file and shows you how to use these options to create and modify disk shares
Subsequent chapters will discuss browsing, how to configure users, security, domains, and printers, and a host of other myriad topics that you can
implement with Samba on your network
4.1 Learning the Samba Configuration File
Here is an example of a Samba configuration file If you have worked with a
Windows INI file, the structure of the smb.conf file should look very
familiar:
Trang 2[global]
log level = 1
max log size = 1000
socket options = TCP_NODELAY IPTOS_LOWDELAY
Trang 3guest ok = yes
path = /export/samba/test
Although you may not understand the contents yet, this is a good
configuration file to grab if you're in a hurry (If you're not, we'll create a new one from scratch shortly.) In a nutshell, this configuration file sets up basic debug logging in a default log file not to exceed 1MB, optimizes
TCP/IP socket connections between the Samba server and any SMB clients, and allows Samba to create a disk share for each user that has a standard Unix account on the server In addition, each of the printers registered on the server will be publicly available, as will a single read-only share that maps
to the /export/samba/test directory The last part of this file is similar to the
disk share you used to test Samba in Chapter 2, Installing Samba on a Unix System
4.1.1 Configuration File Structure
Let's take another look at this configuration file, this time from a higher level:
[global]
[homes]
Trang 4
[printers]
[test]
The names inside the square brackets delineate unique sections of the
smb.conf file; each section names the share (or service) that the section
refers to For example, the [test] and [homes] sections are each unique disk shares; they contain options that map to specific directories on the
Samba server The [printers] share contains options that map to various
printers on the server All the sections defined in the smb.conf file, with the
exception of the [global] section, will be available as a disk or printer share to clients connecting to the Samba server
The remaining lines are individual configuration options unique to that
share These options will continue until a new bracketed section is
encountered, or until the end of the file is reached Each configuration option follows a simple format:
option =
Trang 5value
Options in the smb.conf file are set by assigning a value to them We should
warn you up front that some of the option names in Samba are poorly
chosen For example, read only is self-explanatory, and is typical of many recent Samba options public is an older option, and is vague; it now has a less-confusing synonym guest ok (may be accessed by guests)
We describe some of the more common historical names in this chapter in
sections that highlight each major task In addition, Appendix C, Samba Configuration Option Quick Reference, contains an alphabetical index of
all the configuration options and their meanings
4.1.1.1 Whitespaces, quotes, and commas
An important item to remember about configuration options is that all
whitespaces in the value are significant For example, consider the
following option:
volume = The Big Bad Hard Drive Number 3543
Samba strips away the spaces between the final e in volume and the first T
in The These whitespaces are insignificant The rest of the whitespaces are significant and will be recognized and preserved by Samba when reading in the file Space is not significant in option names (such as guest ok), but
we recommend you follow convention and keep spaces between the words
of options
Trang 6If you feel safer including quotation marks at the beginning and ending of a configuration option's value, you may do so Samba will ignore these
quotation marks when it encounters them Never use quotation marks around
an option itself; Samba will treat this as an error
Finally, you can use whitespaces to separate a series of values in a list, or you can use commas These two options are equivalent:
netbios aliases = sales, accounting, payroll
netbios aliases = sales accounting payroll
In some values, however, you must use one form of separation - spaces in some cases, commas in others
Samba would have no problem with the path configuration option
appearing entirely in capital letters However, when it tries to connect to the given directory, it would be unsuccessful because the Unix filesystem in the
Trang 7underlying operating system is case sensitive Consequently, the path listed
would not be found and clients would be unable to connect to the share
of the new Teamworks software product
Because of the backslash, these two lines will be treated as one line by
Samba The second line begins at the first non-whitespace character that Samba encounters; in this case, the o in of
4.1.1.4 Comments
You can insert comments in the smb.conf configuration file by preceding a
line with either a hash mark (#) or a semicolon ( ; ) Both characters are equivalent For example, the first three lines in the following example would
be considered comments:
# This is the printers section We have given a minimum print
Trang 8; space of 2000 to prevent some errors that we've seen when
; the spooler runs out of space
[printers]
public = yes
min print space = 2000
Samba will ignore all comment lines in its configuration file; there are no limitations to what can be placed on a comment line after the initial hash
mark or semicolon Note that the line continuation character ( \) will not be
honored on a commented line Like the rest of the line, it is ignored
4.1.1.5 Changes at runtime
You can modify the smb.conf configuration file and any of its options at any
time while the Samba daemons are running By default, Samba checks the configuration file every 60 seconds for changes If it finds any, the changes are immediately put into effect If you don't wish to wait that long, you can
force a reload by either sending a SIGHUP signal to the smbd and nmbd
processes, or simply restarting the daemons
For example, if the smbd process was 893, you could force it to reread the
configuration file with the following command:
Trang 9# kill -SIGHUP 893
Not all changes will be immediately recognized by clients For example, changes to a share that is currently in use will not be registered until the client disconnects and reconnects to that share In addition, server-specific parameters such as the workgroup or NetBIOS name of the server will not register immediately either This keeps active clients from being suddenly disconnected or encountering unexpected access problems while a session is
open
4.1.2 Variables
Samba includes a complete set of variables for determining characteristics of the Samba server and the clients to which it connects Each of these
variables begins with a percent sign, followed by a single uppercase or
lowercase letter, and can be used only on the right side of a configuration option (e.g., after the equal sign):
[pub]
path = /home/ftp/pub/%a
The %a stands for the client machine's architecture (e.g., WinNT for
Windows NT, Win95 for Windows 95 or 98, or WfWg for Windows for
Trang 10Workgroups) Because of this, Samba will assign a unique path for the
[pub] share to client machines running Windows NT, a different path for client machines running Windows 95, and another path for Windows for Workgroups In other words, the paths that each client would see as its share differ according to the client's architecture, as follows:
Table 4.1: Samba Variables
Variable Definition
Client variables
Trang 11Table 4.1: Samba Variables
Variable Definition
%a Client's architecture (e.g., Samba, WfWg, WinNT,
Win95, or UNKNOWN)
%I Client's IP address (e.g., 192.168.220.100)
%m Client's NetBIOS name
Trang 12Table 4.1: Samba Variables
Variable Definition
%u Current Unix username
%U Requested client username (not always used by
Samba)
Share variables
%p Automounter's path to the share's root directory, if
different from %P
%P Current share's root directory
%S Current share's name
Server variables
Trang 13Table 4.1: Samba Variables
Variable Definition
%d Current server process ID
%h Samba server's DNS hostname
%L Samba server's NetBIOS name
%N Home directory server, from the automount map
Miscellaneous
variables
%R The SMB protocol level that was negotiated
%T The current date and time
Trang 14Here's another example of using variables: let's say that there are five clients
on your network, but one client, fred, requires a slightly different
[homes] configuration loaded when it connects to the Samba server With Samba, it's simple to attack such a problem:
smb.conf.fred, those values will override any options previously encountered
in that share Note that we say "previously." If any options are restated in the main configuration file after the include option, Samba will honor those restated values for the share in which they are defined
Here's the important part: if there is no such file, Samba will not generate an error In fact, it won't do anything at all This allows you to create only one
Trang 15extra configuration file for fred when using this strategy, instead of one for each NetBIOS machine that is on the network
Machine-specific configuration files can be used both to customize
particular clients and to make debugging Samba easier Consider the latter;
if we have one client with a problem, we can use this approach to give it a private log file with a more verbose logging level This allows us to see what Samba is doing without slowing down all the other clients or overflowing the disk with useless logs Remember, with large networks you may not always have the option to restart the Samba server to perform debugging!
You can use each of the variables in Table 4.1 to give custom values to a variety of Samba options We will highlight several of these options as we
move through the next few chapters
4.2 Special Sections
Now that we've gotten our feet wet with variables, there are a few special sections of the Samba configuration file that we should talk about Again, don't worry if you do not understand each and every configuration options listed below; we'll go over each of them over the course of the upcoming chapters
4.2.1 The [ globals] Section
The [globals] section appears in virtually every Samba configuration file, even though it is not mandatory to define one Any option set in this section of the file will apply to all the other shares, as if the contents of the section were copied into the share itself There is one catch: other sections
Trang 16can list the same option in their section with a new value; this has the effect
of overriding the value specified in the [globals] section
To illustrate this, let's again look at the opening example of the chapter:
[global]
log level = 1
max log size = 1000
socket options = TCP_NODELAY IPTOS_LOWDELAY
Trang 17Any option that appears outside of a section (before the first marked section)
is also assumed to be a global option
4.2.2 The [ homes] Section
If a client attempts to connect to a share that doesn't appear in the smb.conf
file, Samba will search for a [homes] share in the configuration file If one exists, the unidentified share name is assumed to be a Unix username, which
is queried in the password database of the Samba server If that username appears, Samba assumes the client is a Unix user trying to connect to his or her home directory on the server
Trang 18For example, assume a client machine is connecting to the Samba server hydra for the first time, and tries to connect to a share named [ alice]
There is no [alice] share defined in the smb.conf file, but there is a
[homes], so Samba searches the password database file and finds an
alice user account is present on the system Samba then checks the
password provided by the client against user alice's Unix password - either with the password database file if it's using non-encrypted passwords,
or Samba's smbpasswd file if encrypted passwords are in use If the
passwords match, then Samba knows it has guessed right: the user alice is trying to connect to her home directory Samba will then create a share called [alice] for her
The process of using the [homes] section to create users (and dealing with
their passwords) is discussed in more detail in the Chapter 6, Users,
Security, and Domains
4.2.3 The [printers] Section
The third special section is called [printers] and is similar to
[homes] If a client attempts to connect to a share that isn't in the smb.conf
file, and its name can't be found in the password file, Samba will check to see if it is a printer share Samba does this by reading the printer capabilities
file (usually /etc/printcap) to see if the share name appears there.[ 1] If it does, Samba creates a share named after the printer
[1] Depending on your system, this file may not be /etc/printcap You can use the testparm command that comes with Samba to determine the value of
Trang 19the printcap name configuration option; this was the default value
chosen when Samba was compiled
Like [homes], this means you don't have to maintain a share for each of
your system printers in the smb.conf file Instead, Samba honors the Unix
printer registry if you request it to, and provides the registered printers to the client machines There is, however, an obvious limitation: if you have an account named fred and a printer named fred, Samba will always find the user account first, even if the client really needed to connect to the
printer
The process of setting up the [printers] share is discussed in more
detail in Chapter 7, Printing and Name Resolution
4.2.4 Configuration Options
Options in the Samba configuration files fall into one of two categories:
global or share Each category dictates where an option can appear in the
configuration file
Global
Global options must appear in the [global] section and nowhere
else These are options that typically apply to the behavior of the Samba server itself, and not to any of its shares
Share
Share options can appear in specific shares, or they can appear in the [global] section If they appear in the [global] section, they