Quote:
Originally Posted by vigdavies
3) I've been having a tough time with getting the samba prgm to work and do file sharing with my Windows computer. This has got to get going.
Any suggestions ?
|
Can you be more specific about the kind of problems you are having with SAMBA and Windows file sharing?
Here are some general things to check. Many of them may be handled automatically by Ubuntu or done in a slightly different way that I am used to. I use Slackware but it should be quite similar.
In order for SAMBA to work you need to make sure that it is being started. On my Slackware distro, I had to set the script file for SAMBA to be executable so that it is started during initialization.
sudo chmod +x /etc/rc.d/rc.samba
You need to create a valid "/etc/samba/smb.conf" file. You can start with a default file for editing by copying the example.
sudo cp -u /etc/samba/smb.conf-sample /etc/samba/smb.conf
After you make changes in "smb.conf" you have to restart the SMB server in order for them to take effect.
sudo /etc/rc.d/rc.samba restart
If you want to enter a number of commands as root it's simpler to start a new shell as root.
sudo su -
Enter your password and then continue typing commands as root. The prompt will change indicating that you are now using the root account.
In order for individual accounts to access shares rather than just guests, you have to add the accounts into the normal Linux user file called "passwd" and also add them using "smbpasswd".
To add a new user do this
sudo smbpasswd -add vince
or to change a user's password do this
sudo smbpasswd vince
or to change your password for the account you are logged into
smbpasswd
The rest of the important things happen in the "smb.conf" file. You can find help on it using "man smb.conf".
People often have trouble getting Windows Filesharing to work because they don't understand it. It is complicated and can be frustrating.
There are three main parts to Windows Filesharing and only the first one is absolutely necessary.
- Server Message Block (access shared folder/printers)
- Name service (convert computer names to IP addresses)
- Network browser (list detected servers in a workgroup)
SMB (Server Message Block) uses IP addresses and communicates through TCP/IP port 445 or TCP/IP port 139 (NetBios session). It allows you to access shared folders or printers on a server. A server is any computer that has File and Printer Sharing for Microsoft Networks or the Linux SMB server daemon "smbd". You can access folders and files using this syntax in Windows.
\\nnn.nnn.nnn.nnn\sharename\file-path
You can use this syntax in a Linux folder window.
smb://nnn.nnn.nnn.nnn/sharename/file-path
Replace "nnn.nnn.nnn.nnn" with the IP address of the server sharing the folder, or if name service is working you can use a computer name instead of the IP address. If you have problems it's a good idea to try using the IP address. If that works then the problem is due to name service not being able to convert a computer name into an IP address.
\\computername\sharename\file-path
smb://computername/sharename/file-path
Name service is used to convert a computer name into an IP address. Windows and SAMBA can use a number of different methods to do that and they try them until they can resolve a name.
- NetBIOS Name Service (broadcast on UDP port 137)
- Domain Name Service (a local server, not Internet)
- The "/etc/hosts" file
- The "LMHOSTS" file
- A Windows Internet Name Service (WINS) server
If none of those can obtain an IP address corresponding to the name then you must use an IP address rather than a name. I will briefly describe the different methods for resolving names.
NetBIOS Name Service is the usual way names are resolved because it requires no special configuration. It only works between computers that are in the same IP sub-network connected to the same Ethernet LAN. It can't resolve names for computers on other sub-networks or across routers. To resolve a name, a computer broadcasts a message on UDP port 137 with the name of a desired computer. The other computer receives the broadcast, notices its name, and responds directly to the requesting computer on UDP port 137. Names and IP addresses are cached. If you change names or IP addresses you may have to clear the cache or reboot the computers.
When there is a local server computer acting as a DNS server then computers can register their names and IP addresses, or a system administrator can configure the DNS database. Computer names can be resolved using DNS. Since computers on a LAN can't register their names with an Internet Service Provider's DNS server that is unsuitable for resolving computer names on the LAN.
Names can be resolved by entries in the "hosts" file. That only works well if the IP addresses are static and don't change often. If the IP addresses or names change, then someone (or something) must edit the "hosts" file.
The "LMHOSTS" file can be used to resolve computer names and also configure other settings related to network browsing (described later). For resolving computer names, "LMHOSTS" works a lot like "hosts" but it is intended only for SMB and not general IP name resolution.
A Windows Server or Linux can be configured as a Windows Internet Name Service server. Computers communicate to a WINS server to resolve names for other computers. To use a WINS server, a computer has to be told the IP addresses of the available WINS servers, much in the same way it has to know about a DNS server to resolve names with that. WINS is designed only for resolving SMB computer names and not general IP name resolution.
The third and least important part of Microsoft Networking is the network browser. The network browser maintains a list of the server computers "seen" on the network in the same workgroup. Technically it is not required, since one can manually enter the computer name or IP address even if it isn't "seen". Some programs only allow selection of computer names from the browser list. The list of computers is maintained by broadcasting on UDP port 138. It only works within the same IP subnetwork on the same Ethernet LAN. Only computers in the same workgroup are kept in the list. It is possible to configure LMHOSTS and allow communication with other browse "domains" containing other computers. Since the browse list is separate from name resolution, the fact that a name does or does not appear in the list tells one very little about whether a computer name can actually be accessed.
Now, back to the "smb.conf" file. I'll mention some of the important entries.
The entries underneath "[global]" apply to the entire server.
workgroup = MYWORKGROUP
The "workgroup" entry specifies the name of the workgroup (browse domain). Mostly that's important for the network browser and it affects the list of computers "seen" on the network. Unlike most of Linux, workgroup and computer names are not case sensitive. Workgroup "abcd" and "ABCD" are the same name.
server string = My File Server
This is just a general description displayed along with the server name in browse lists.
security = user
This controls whether a client logs in to the whole server with a user name and password once, or logs in to each share with (possibly) a different user name and password. You can use "security = share" to allow the same client user to access different shares with different identities (for example as "vince" or as "bob"). With "security = user" then the first log on identity sent is used to access all shares for that client. Either way some kind of logon is require even if it ends up being a "guest" log on.
hosts allow = 192.168.1. 127.
You can control what host computers are allowed to access the server. The default is any computer. You can specify network addresses to restrict access to particular networks. Always include "127.".
The rest of these settings are done for each share, although you can specify defaults for some settings under "[global]".
To start a share definition, use the share name in square brackets. Then specify the settings for the share.
[homes]
comment = Home Directories
browseable = no
read only = no
valid users = %S
[root]
browseable = no
read only = no
valid users = root,vince
force user = root
path = /
You can specify a comment to be displayed next to the share name in the list of shares seen by other computers.
The "browsable" setting controls whether the share name is displayed in the list of available shares for the server. Windows clients hide shares based on whether they end with a "$" character. The Linux SMB server uses the "browseable" setting to make names invisible. A Linux client sees hidden Windows shares ending in "$". A Windows client CANNOT see invisible shares set to "browseable = no". Think of a "$" at the end of a name as meaning "hidden". Think of "browseable = no" as meaning invisible. One can always type in and access a share name even when "browseable = no" or the share ends in "$".
You can limit share access to be "read only" in addition to the normal filesystem permissions for the user. If a share is set "read only" then there is no way for a client to write to any files or folders through the share. Setting "read only = no" does not grant write permission unless the folder and file permissions grant write permission.
You can specify the users allowed to access the share with "valid users". SAMBA allows a number of substitution character strings like "%S". The "%S" replaces the string with the name of the service (share name) that was requested by the client. In essence the example says that only user "tom" is allowed to access the share name "tom". The "[homes]" share is unlike other shares because "homes" is replaced by the user name to allow access to a user's home directory.
The "[root]" share is an example of a rather insecure share that provides access to everything for a client logging in as "root" with the correct password. The user "vince" can also log in and access the share. Notice that one can specify the actual user account (for filesystem permissions checking) and the actual path used for access through the share. Even logging in as "vince" the "root" account will be used to access files, create files, etc. To be more secure one could take root out of the valid users.
valid users = vince
In some ways SAMBA is even more flexible than the file sharing implemented as a standard part of Windows.
Windows Vista has caused some headaches for users trying to access other computers. One can get around some of the problems by typing an IP address instead of a computer name to access other computers.
The other way to get around the problem is to make sure that "Network discovery" in the "Network and Sharing Center" is on. In order for "Network discovery" to be on, ALL currently connected networks must be marked as "private" networks. That can be annoying since some networks are "unidentified" and have to be set to "private" after every reboot. To avoid resetting network information after every reboot, you can set "Network discovery" to "custom" and leave it always enabled, or edit the firewall rules yourself.
Since Network discovery affects computer name resolution and not SMB, an IP address will always work in place of a computer name. Another solution is to add computer names to the hosts file or a local DNS server. Network discovery affects NetBIOS Name Service and the Browse service listing available server computers. Even though Vista doesn't "see" a computer you can still enter the computer name or IP address in order to access the shares on the computer.
If you leave Network discovery always enabled, then you can disable (un-check) "File and Printer Sharing for Microsoft Networks" or "Client for Microsoft Networks" on each network connection where they are not desired. Also disable NetBIOS over TCP/IP in the advanced TCP/IP settings. That has the same effect as disabling Network discovery and also prevents access to the computer using an IP address.
SAMBA in Linux has similar options to control what network interfaces allow access. On a laptop running Linux you may want to prevent access through the wireless LAN interface.
