LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-31-2014, 10:37 AM   #1
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 561

Rep: Reputation: Disabled
Networking samba server


I am trying to configure samba per http://www.sanitarium.co.za/how-to-i...ternal-drives/.

Quote:
Step 8: Edit the lines in /etc/samba/smb.conf as below. This will allow network to reach samba server. Change the value of 192.168.137.0/24 with your subnet. Change the ethernet value to that in use by your system and which you want to allow for traffic. In second line, 192.168.137. is for the subnet. Same rule applies to 127. which is for loopback.
My server has a static IP of 192.168.0.215. My router is 192.168.0.1. I used a NETMASK of 255.255.255.0. I just finished reading http://www.techopedia.com/6/28587/in...-subnetting/10, and feel better, but still am not certain (extra note. Anyone know a good tutorial on networking basics, please advise).

Okay, since I my given netmask, I have no subnets, correct? That would be "/24", right? Would that mean I want to use the following?
Code:
interfaces = lo eth0 192.168.0.1/24
hosts allow = 127. 192.168.0.
I've also include the output of ifconfig below in case I didn't provide all the necessary information.

Thanks

Code:
[Michael@michaels ~]$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:24:E8:A6:1B:C3
          inet addr:192.168.0.215  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::224:e8ff:fea6:1bc3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:642312 errors:0 dropped:0 overruns:0 frame:0
          TX packets:550448 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:114256844 (108.9 MiB)  TX bytes:141567185 (135.0 MiB)
          Interrupt:22 Memory:f6ae0000-f6b00000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:504923 errors:0 dropped:0 overruns:0 frame:0
          TX packets:504923 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:72866032 (69.4 MiB)  TX bytes:72866032 (69.4 MiB)

[Michael@michaels ~]$
 
Old 03-31-2014, 11:06 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,412

Rep: Reputation: Disabled
Quote:
Originally Posted by NotionCommotion View Post
Okay, since I my given netmask, I have no subnets, correct? That would be "/24", right?
The terms "network" and "subnet" are used almost interchangeably these days as the class definitions have been deprecated for ages, but yes, you are correct.

Quote:
Originally Posted by NotionCommotion View Post
Would that mean I want to use the following?
Code:
interfaces = lo eth0 192.168.0.1/24
hosts allow = 127. 192.168.0.
The IP address specified as an "interfaces" parameter should be that of the Samba server itself, which according to the information you posted is 192.168.0.215/24.

Also, the Samba documentation suggests using an IP address instead of an interface name, not in addition to it (although I suspect using both would not cause any problems).
 
Old 03-31-2014, 11:10 AM   #3
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 561

Original Poster
Rep: Reputation: Disabled
Thanks Ser Olmy,

Would the following be correct? Do I read this correct as allow connection from 127.xxx.xxx.xxx and 192.168.0.xxx where x is any value?

Code:
hosts allow = 127. 192.168.0.
 
Old 03-31-2014, 11:35 AM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,412

Rep: Reputation: Disabled
Yes, that is correct. Missing octets are interpreted as wildcards.
 
Old 03-31-2014, 12:43 PM   #5
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 561

Original Poster
Rep: Reputation: Disabled
Thanks again Ser Olmy,

I actually got it running

A couple of last questions regarding /etc/samba/smb.conf (below were the changes).

#hostname returns "desktop.mysite.com" Windows Explore shows a computer called "DESKTOP". Within it are two directories called "test" and "sharedrepo", and the two point to the same directory. Why are there two identical directories?

I was able to log on using username "test". I added group "WORKGROUP" to another user, but was not able to log on. Should I have been able to?

If I wanted to add another directory to share, do I just add another [whatever_name_i_choose] similar to [sharedrepo]?


Code:
[sharedrepo]
comment = shared-directory
path = /home/test
public = no
valid users = test, @WORKGROUP
writable = yes
browseable = yes
create mask = 0777
create mode = 0777
directory mode = 0777
share modes = yes
 
Old 03-31-2014, 01:42 PM   #6
michaelk
Moderator
 
Registered: Aug 2002
Posts: 15,254

Rep: Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624
Windows Explorer displays the netbios name which may or may not be the same as the hostname but is limited to 15 characters.
If you have a [homes] section in smb.conf samba will automatically create a share for each user.

Did you add a smb password for your other user? I would not recommend using a users home as a shared directory.
 
Old 03-31-2014, 02:03 PM   #7
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,412

Rep: Reputation: Disabled
Quote:
Originally Posted by NotionCommotion View Post
#hostname returns "desktop.mysite.com" Windows Explore shows a computer called "DESKTOP".
The latter would be the NetBIOS name. Prior to Windows 2000 and Active Directory, Windows networking identified hosts by NetBIOS name only. The names and assiciated network services still exist for compatibility reasons.

Quote:
Originally Posted by NotionCommotion View Post
Within it are two directories called "test" and "sharedrepo", and the two point to the same directory. Why are there two identical directories?
You must have shared the same directory twice with different share names.

Unlike NFS, The share name is not in any way related to the name of the directory in the underlying file system, so sharing the directory "test" as "sharedrepro" will NOT result in the directory being accessible as "test" as well.

Quote:
Originally Posted by NotionCommotion View Post
I was able to log on using username "test". I added group "WORKGROUP" to another user, but was not able to log on. Should I have been able to?
Perhaps. How did you try to access the share? Did you add the user password to the Samba database with smbpasswd?

Quote:
Originally Posted by NotionCommotion View Post
If I wanted to add another directory to share, do I just add another [whatever_name_i_choose] similar to [sharedrepo]?
Yes.
 
Old 03-31-2014, 02:38 PM   #8
NotionCommotion
Member
 
Registered: Aug 2012
Posts: 561

Original Poster
Rep: Reputation: Disabled
Thanks MichaelK and Ser Olmy,

No, I did not add the password to the new user. But that brings up another question. The blog that I was following went to great lengths to add a group called WORKGROUP. Within /etc/samba/smb.conf, they include the following line:
Code:
valid users = test, @WORKGROUP
I assumed that test was a Linux user, and not an application specific Samba user, correct? Also, I assumed that @ was to indicate that a group was being added to valid users, and all members of that group would be able to log on. In hindsight, I guess this didn't make sense since I never added a password to the group using smbpasswd (or something similar). What is the whole point of adding group WORKGROUP?



In regards to having accidentally shared the same directory twice with different share names, I don't know how I could have done so. Again, in /etc/samba/smb.conf, I have the following:
Code:
[sharedrepo]
comment = shared-directory
path = /home/test
public = no
valid users = test, @WORKGROUP
writable = yes
browseable = yes
create mask = 0777
create mode = 0777
directory mode = 0777
share modes = yes
Should the tag name I put in the top brackets (i.e. "sharedrepo") have the same name as the directory I am sharing (i.e. "test")?

Lastly, sharing the user's home was just for testing. My intention is to share /var/www.

Thank you
 
Old 03-31-2014, 03:54 PM   #9
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,412

Rep: Reputation: Disabled
Quote:
Originally Posted by NotionCommotion View Post
No, I did not add the password to the new user.
During SMB/CIFS authentication, the server receives a username and an encrypted (hashed) password from the client. In order for Samba to authenticate an incoming request against the built-in Linux user database, it needs to compare that hash against the hashed password in the user database. The problem is that the SMB/CIFS hash algorithm is not compatible with the algorithm used by Linux to store user passwords, hence the need for a separate database containing SMB/CIFS hashes (of the same password).

Quote:
Originally Posted by NotionCommotion View Post
But that brings up another question. The blog that I was following went to great lengths to add a group called WORKGROUP. Within /etc/samba/smb.conf, they include the following line:
Code:
valid users = test, @WORKGROUP
I assumed that test was a Linux user, and not an application specific Samba user, correct? Also, I assumed that @ was to indicate that a group was being added to valid users, and all members of that group would be able to log on. In hindsight, I guess this didn't make sense since I never added a password to the group using smbpasswd (or something similar).
Your initial assumption was correct. The @ sign indicates a group rather than a user, so "@WORKGROUP" means "any member of the (local) group WORKGROUP". Groups don't need passwords, as you're not actually authenticating as a group, but as a user. It's up to Samba to first check your password (authentication) and then see if you're a member of the group (authorization).

There's nothing special about the group, but the choice of name in the example is most unfortunate. First of all, using ALL CAPS is not a common convention in either Unix or Windows environments when it comes to group names, and is bound to cause confusion for the reader.

Second, the term "WORKGROUP" has special meaning when it comes to Windows networks. It refers to a set of connected computers that don't share a common user account database, but use a common "workgroup" name to appear as a virtual group in Windows Explorer when you browse the network. The "group" is entirely fictitious, as one cannot create members in such a "workgroup", nor can the group name be used for authentication or authorization purposes.

In my opinion, the blog author couldn't possibly have chosen a worse or more ambiguous group name.

Quote:
Originally Posted by NotionCommotion View Post
In regards to having accidentally shared the same directory twice with different share names, I don't know how I could have done so. Again, in /etc/samba/smb.conf, I have the following:
Code:
[sharedrepo]
comment = shared-directory
path = /home/test
public = no
valid users = test, @WORKGROUP
writable = yes
browseable = yes
create mask = 0777
create mode = 0777
directory mode = 0777
share modes = yes
Should the tag name I put in the top brackets (i.e. "sharedrepo") have the same name as the directory I am sharing (i.e. "test")?
No, the share name acts as a layer of abstraction. It does not have to match the directory name (unless you want it to).

smb.conf can contain a number of bracketed headers, but only a few of them have any special meaning:
  • The [global] header marks the start of the section with global server settings
  • The settings under the [printers] header control sharing of local printers defined in the printcap file, and the share name for each printer is that which appear in this file
  • The [homes] section contain settings that cause Samba to automatically create shared home directories for users
Any other header is interpreted as the name of a file or printer share. If you see a share called "test", there should be a [test] header somewhere in your smb.conf.

(See this page for more in-depth information about the various sections and settings in smb.conf.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
generating tmp file in samba server while saving file from win7 in samba server centos123 Linux - Server 15 11-05-2011 06:05 AM
Move user files from Samba server to new samba server TheB2B Linux - Server 3 11-10-2007 09:30 PM


All times are GMT -5. The time now is 03:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration