|
FreeBSD 4.0 HOWTO for help setting up SAMBA to share drives
SAMBA can be very easy to set up but is really hard to diagnose problems in should
a mistake be made. I recommend paying close attention.
First I will cover setting up SAMBA in a PEER-to-PEER network (all win98 machines
for example) and then in a DOMAIN model (where you have a NT Server PDC [Primary Domain
Controller]). Commands to type will be in yellow.
1) Peer2Peer
cd /usr/ports/net/samba;make install clean
There will be a "LINT" style config file now at /usr/local/etc/smb.conf.default
,however I will make a custom one without some of the fluff
that should be easy to use. After placing this smb.conf into /usr/local/etc, I go
in and set my Workgroup name and Machine name as well as give it a Description. This
base config will only allow me access to my home directory on the machine.
Now it's time to fire up the daemon processes. There are 2 associated with SAMBA:
smbd and nmbd. nmbd is the process that announces the machine to the rest of the network
basically so that it will show up in Network Neighborhood. smbd is the process that
actually does the filesharing. You can either have inetd call the 2 processes (lame and
slow) or just set them to run at boot-time (yea!). So to set them to run at boot, we
go over to /usr/local/etc/rc.d and create a file with a couple lines in it.
100.samba.sh
#!/bin/sh
if [ -x /usr/local/sbin/smbd -a -f /usr/local/etc/smb.conf ]; then
echo 'Starting SAMBA'
/usr/local/sbin/smbd -D
/usr/local/sbin/nmbd -D
fi
Basically what this will do is check to make sure smbd is executeable and that
smbd.conf exists and if so, start both programs in the (-D) Daemon mode.
Chmod 755 100.samba.sh and then try to ./100.samba.sh
After you've done this we need to test the config. so we will
smbclient //localhost/username -U username Of course replacing
"username" with your username. It should prompt you for a password, enter your
login password and then at the prompt, type ls. Did you get a directory listing? Yea!
Now we have to make it work for Windows machines. To do so, we have to add one line
to the [global] section of the smb.conf file. "encrypt passwords = yes". This will
do two things. One, prevent your password from hopping over the LAN in clear-text and secondly
will allow the windows machines to connect to the SMB server. Now once you start using
encrypted passwords, you will have to maintain the smbpasswd file (/usr/local/private)
because it keeps the encrypted passwords. Log in as your user and type smbpasswd. It will
let you set the password and do the hashing for you. To just convert all your users into
smb users, try cat /etc/passwd | mksmbpasswd.sh > /usr/local/private/smbpasswd
which will just set them all up as users with no password. It is possible to set up
syncronization between /etc/passwd (or the shadowed one,in fact) and the smbpasswd file
but I won't get into that, mainly because I just use the domain model. After you add this
configuration change, simply killall -9 smbd;killall -9 nmbd
and then /usr/local/etc/rc.d/100.samba.sh again. After that
you should be able to click on the machine name in Network Neighborhood and get prompted for
a username and password. Enter them in and you should have access to the drive now.
Lets say that you want to add another directory and make it so that it's accessable to
everyone in the group ACCOUNTING. Of course, we will have to create a group in /etc/group
called accounting and add all the appropriate users to it. Then we will add a few lines
to our new smb.conf to allow the extra directory to show up in
the Network Neighborhood and for it to be browseable by those users. Please remember, smb relies
on FreeBSD's file permissions so if you forget to make the directory 770 at least, then
those users will not be able to write to the directory.
2) Domain Model
Now if you need this to work over a DOMAIN model and want the username/password to by
syncronized with your NT User Manager for Domains, then we just have to use a slightly
different config file. This will get the FreeBSD machine to use
the usernames and passwords from the SAM in your NT domain. Keep in mind, though that for non-public
permissions to be set up for the directories, you will have to have a user/group of the same
name on the FreeBSD machine (How else will it know what files belong to whom?).
Last note, although usually a killall -HUP smbd would be
enough to reload the config file, but that's not always the case it would seem in my experience.
I highly recommend the killall then restart for your SAMBA debugging.
|
