LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   LinuxAnswers Discussion (http://www.linuxquestions.org/questions/linuxanswers-discussion-27/)
-   -   Samba SWAT Setup HOWTO for SuSE 10.2 (http://www.linuxquestions.org/questions/linuxanswers-discussion-27/samba-swat-setup-howto-for-suse-10-2-a-568176/)

jdmcdaniel3 07-10-2007 02:43 PM

Samba SWAT Setup HOWTO for SuSE 10.2
 
A new la entry has been added:

Samba SWAT Setup HOWTO for SuSE 10.2

Quote:

Date: July 7, 2007
By: James D. McDaniel

jdmcdaniel3 03-23-2010 09:56 PM

Samba SMB file sharing in openSUSE 11.2 (Update)
 
Date: 3-23-2010

Samba SMB file sharing in openSUSE 11.2

The intent of this document is to provide all of the required information to manually edit, start and maintain Samba (also called SMB in many places) on your Linux computer under openSUSE. This is for the purpose of sharing files and folders to other Linux machines running Samba and to work with other machines running Windows XP, Windows Vista or Windows 7. Instead of using built-in KDE or YaST Samba configuration tools, we will be using SWAT (Samba Web Administration Tool) which you run in a Web browser like Firefox. SWAT provides much more help on Samba configuration settings and is in general SUPERIOR to anything you get from the KDE desktop or YaST.

Some examples I use and talk about are based on my opinion which you may not agree with it and that is fine. I have spent several years working with openSUSE so I feel that some consideration on your part is still required. I normally share only NTFS partitions which are mounted into the Linux file system. I generally do not suggest sharing any other folders within the root Linux file system except for the home folder and only then if you are following the suggested installation by openSUSE to place the home folder on another drive partition separate from the root Linux file system. NTFS partitions will be handled correctly when used in most cases by the client Windows computers trying to write to your Linux server sharing designated files and folders.

I also like creating at least one local NTFS partition mounted in Linux under openSUSE where I place all of my important files. All of my media files and any other important data I do not wish to lose should I decide or need to reload Linux. After a while of working with Linux, you will discover that distributions change every six months or so which you may want to load. Also, when making certain changes in Linux, you could blow up the whole thing, requiring a need to reload Linux. By maintaining these important files in a separate partition, your data loses will be minimized when you decide to reload Linux. You need to heed my suggestion on this point.

Samba has many capabilities such as joining or being a Windows Domain controller. This documents is only working with Workgroups and not for Windows Domains. Samba has the ability to share printers connected to your openSUSE computer. I do not show in this example how to do that. Further, I highly recommend you use printers that have their own built-in network connections. Do this so that your printers are available to all computers on your network without having to leave any one computer turned on all of the time. Finally, Samba does allow specific user access, validated again through your Linus user set. However, since I only recommend sharing NTFS partitions, I am not showing how to share user folder spaces such as /home/username. None the less, I feel your will find the following document useful in your file sharing endeavor using openSUSE.

Samba and Your Firewall Settings:

During this example, I am running with the openSUSE Firewall Enabled. You may optionally Disable the Firewall or you can add three External Services to your Firewall so that all of the Samba functions will work properly with the Firewall Enabled. To add these services and start your Firewall, follow this procedure:

Menu > System > YaST > enter root password to start YaST Control Center

In YaST Select: Security and Users > Firewall

If the Firewall is not enabled, then on the “Firewall Configuration: Startup” tab, select the “Enable Firewall Automatic Starting” bullet. Next, press the “Start Firewall Now” button. When/If the Firewall is enabled, proceed to the next step.

On the top Left of the Firewall Configuration select “Allowed Services”. The “Allowed Services for Selected Zone” option should be set to “External Zone”. Under “Service to Allow” pick “Netbios Server” and press the Add button on the right. Next pick “Samba Client” and press the Add button on the right and finally pick “Samba Server” and press the Add button on the right. In the Window for “Allowed Service” you should three items, Netbios Server, Samba Client and Samba Server. If so, then press the Next button and then the Finish button in sequence, both on the bottom right of the screen. Samba should now be able run properly with the Firewall Enabled.

Program Versions Used in this Example Setup:

Overall, Samba setup and operation has not changed a lot since I started using it under SuSE 10.0. Even so, many changes have been made to Samba to work with ever changing Windows and Linux versions, So, while I feel this documents will still be useful in may versions of openSUSE to come, I would be remiss if I did not specify the program versions that I am using for this example setup.

OS Version: openSUSE 11.2 64 bit (x86_64) ← 64 Bit is not required to use Samba!
Kernel Version: Linux 2.6.31.12-0.1-desktop x86_64
Samba Version: 3.4.2-1.1.3.1-2229-SUSE-SL11.2
KDE Version: 4.3.5 (KDE 4.3.5) "release 0"
KWrite Version: 4.3.5 (KDE 4.3.5) "release 0"

In KDE 4.3.5 my “Desktop Settings – Plasma Workspace – Appearance – Desktop Activity: Type” is set for “Folder View”. This does make a difference in creating icons on your desktop as suggested further into this document. Some suggested icon settings will not work as I propose if you are not using this desktop setup, through this will not prevent Samba from working as suggested.

Loading Samba into openSUSE 11.2:

By default I think you will get most of Samba program files already loaded for you, but we will want to add to the list and verify that you have everything your need to get Samba up and running. Even though I am using 64 bit software, I am still loading the 32 bit versions to ensure all 64 and 32 bit program will work properly with Samba. If you are running 32 bit openSUSE, you just need to leave out the 64 bit version, if they are ever a choice for you. I assume you have the default “Software Repositories” installed for you when openSUSE is installed connected to a network that had access to the INTERNET.

Menu > System > YaST > enter root password to start YaST Control Center

In YaST Select: Software > Software Management

In YaST2, pick the “Search” tab and enter “samba” and press the search button. You want to have installed the following applications so check any programs that are missing to be installed for you:

samba
samba-32bit
samba-client
samba-client-32bit
samba-doc
samba-winbind
samba-windind-32bit


Other files may be installed for you after you make your selections. The samba-doc file is not loaded by default and is imported when we use the SWAT browser configuration program. After making your selections press the “Select” button on the bottom right and allow the missing applications to be loaded into openSUSE for you.

Editing Text Files using Root Permissions:

You will need to manually edit several plain text files to get Samba configured properly and you must do so with root permissions. Now you have a couple of choices to do this. Just login into openSUSE using the root usename and password. Or, you can make the following suggested change to KWrite in your KDE menu system and make the changes as your normal user self.

In KDE version 4, there seems to be some sort of odd problem with using root permissions from any file manager, such as Dolphin or even from an icon placed on your folder view desktop. This problem can create one or two error messages, even as the requested task still seems to work. None the less, if you make your edits as I outline, you will get no error messages and everything will work as intended. First, we want to modify your menu entry for KWrite so that you will run the application as root and will be required to enter the root password when you start the editor. Once the root password is entered correctly, you will be able to view and edit any text file on your computer as root.

Right Click your mouse over the Menu Icon on the bottom left of your desktop and Select “Menu Editor”. Navigate on your left of the menu editor to: Utilities > Editor > KWrite. Select the advanced Tab on the right and check “Run as different user”. Next to Username enter “root”. Now press the save button on the top left corner of the menu editor. Your changes have now been made and saved.

To use the KWrite application without any error messages select: Menu > Utilities > Editor > KWrite (Text Editor) and the text editor will ask for your root password (the first time, but not all of the time) then start if the password is correct. Your default save folder will be listed as Root > home > username > Documents. You will need to select the up arrow until you get to the root folders were you will see the etc folder. This is where most of the changes we will be making are located. After each successful text file modification, do a File/Save, File/Close and then a File/Open for the next file until all files have been modified as I suggest.

SWAT, SERVERS and SERVICES file Modifications:

The following text files located in the folder “/etc/xinetd.d” should already exist. The two lines in each file that you are modifying are shown in bold letters. Basically you are changing “disable=yes” to “disable=no” in each file and you are adding a comment “#” in front of each line “only_from= 127.0.01” which changes this entry to a comment and is thus not used in the setup file. Names do not and should not be in bold face when you save these files.

Three files located in folder “/etc/xinetd.d”

Plane Text Filename: servers

# default: off
# description: An internal xinetd service, listing active servers.

service servers
{
type = INTERNAL UNLISTED
port = 9099
socket_type = stream
protocol = tcp
wait = no
disable = no
# only_from = 127.0.0.1

FLAGS = IPv6 IPv4
}

Plane Text Filename: services

# default: off
# description: An internal xinetd service, listing active services.

service services
{
type = INTERNAL UNLISTED
port = 9098
socket_type = stream
protocol = tcp
wait = no
disable = no
# only_from = 127.0.0.1

FLAGS = IPv6 IPv4
}

Plane Text Filename: swat

# SWAT is the Samba Web Administration Tool.
service swat
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/swat
# only_from = 127.0.0.1
log_on_failure += USERID
disable = no
}

Samba SMB.CONF file Modifications:

Next you need to modify the smb.conf file located in the “/etc/samba” folder. Items shown in bold should be changed to match your network setup. Specifically, you need to insert the name of your work group in the line starting with “workgroup=”. Next, you need to insert the name of your computer in the line starting with “netbios name =”. You can optionally make the “server string=” anything you want which shows up like a comment next your nextbios name on Windows computers. You need to modify the “hosts allow=” to the first three IP address numbers you are using for all of your home computers.

The next portion of the Samba configuration file shows the folders you are sharing on your computer. The name shown on brackets such as [Software] will be the share name for the folder or drive you are sharing. The “path = /Software” tells Samba the path in the the Linux folder riser to be shared. In my example I am sharing three folders, all of which are NTFS hard drive partitions mounted per fstab entries into the Linux file system. You will make changes to the example shown below based on your actual drive partition setup you wish to share. You could copy and past the following file and then make the required modifications before you save it. Names do not and should not be in bold face when you save this file.

One file located in folder “/etc/samba”

Plane Text Filename: smb.conf

# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2010-3-15
[global]
workgroup = WINDOWSNT
netbios name = LINUXMASTER
server string = Master of the Universe
security = SHARE
map to guest = Bad Password
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
printcap name = cups
logon path = \\%25L\profiles\.msprofile
logon drive = P:
logon home = \\%25L\%25U\.9xprofile
local master = No
domain master = No
ldap ssl = no
usershare allow guests = Yes
usershare max shares = 100
hosts allow = 192.168.0.0/255.255.255.0, 127.0.0.1
hosts deny = ALL
cups options = raw
posix locking = No

[Software]
path = /Software
read only = No
acl check permissions = No
inherit acls = Yes
guest ok = Yes
profile acls = Yes

[Win_HDC]
path = /Windows/HDC
read only = No
acl check permissions = No
inherit acls = Yes
guest ok = Yes
profile acls = Yes

[Win_HDD]
path = /Windows/HDD
read only = No
acl check permissions = No
inherit acls = Yes
guest ok = Yes
profile acls = Yes

Activation of services required to use Samba:

In order for Samba and Samba SWAT to function, we need to start several run services to be loaded each time we start or reboot our openSUSE Linux computer. Once the following steps are performed, you will not need to do this again unless your reload your copy of SuSE.

Menu > System > YaST > enter root password to start YaST Control Center

In Yast Select: System > System Services (Runlevel)

Select the Expert bullet at the top and then scroll to the bottom entries. For each of the following services highlight the service with your mouse, select the Set/Reset button on the bottom right and pick “Enable the service”. Next, select the Start/Stop/Refresh button on the bottom left and pick “Start now”. A windows should pop up for each service indicating success with a result of “0”.

Services to Enable/Start:

xinetd
winbind
smb
nmb


Select OK on the bottom right to save your selections. This will start all of the required Samba services for you.

All of the requires services to use Samba should now be running and ready to be used.

Suggested NTFS Partitions settings in fstab:

If you will be sharing any NTFS partitions using Samba please consider using these suggested settings in fstab for these partitions. If you make any changes to fstab, you must restart your computer for them to take affect. Making these changes shown in bold will allow full read and write control of your shared NTFS partitions through Samba.

One file located in folder “/etc”

Plane Text Filename: fstab

This is only a portion of fstab shown. The rw,defaults provides full read/write ability locally and through Samba file shearing. The folder where the drive is mounted such as “/Software” will be different in your fstab copy as will the disk uid. You are only changing the portion shown in bold for drives already being mounted by fstab when you start up your computer.

/dev/disk/by-id/<disk uid name and partition number> /Software ntfs-3g rw,defaults 0 0
/dev/disk/by-id/<disk uid name and partition number> /Windows/HDC ntfs-3g rw,defaults 0 0
/dev/disk/by-id/<disk uid name and partition number> /Windows/HDD ntfs-3g rw,defaults 0 0

Any Windows hard drive that is mounted with fstab using rw,defaults option can have any file or folder deleted. Please be careful that you do not delete any important Windows files that might keep Windows from booting or loading properly. On the positive side, you will have access to all user files and the ability to remove unwanted files which may be locked out while Windows is running.

Create SWAT and Network Access Icon on Your Desktop:

If everything has gone correctly for you, it is now time to see the results of your efforts. While SWAT will allow you to see if Samba is running and to make future modifications to your smb.conf file, all should be working after starting the four required services.

To create a SWAT desktop icon go to your desktop and right click your mouse and pick “Create New” and then “Link to Application”. Select the Application Tab and enter the Name “SWAT”. In the Command line enter “firefox localhost:901” and then select the General Tab. Press the icon button on the top left (which defaults to a page with a question mark). System icons will be selected by default. In the search line type in “samba” and pick the monitor icon with the Windows symbol on the bottom left. You can use any icon you want in the future for the SWAT browser function. Pick OK and then pick OK one more time and your changes will be saved. You should now have a SWAT icon on your desktop. Press the icon and see what happens. Firefox should start and an Authentication Window should appear. Enter “root” for the User Name and the root password for Password. Press the OK button and the main Samba screen should appear. Select the the Status Tab and see if smbd, nmbd and winbindd all show to be running. If so, so far so good.

Now we want to create a network Workgroup access icon on your desktop. On your desktop, right click your mouse and pick “Create New” and then “Link to Location (URL)”. A two line window pops up that says “Plasma Workspace”. On the “File Name:” line type in “SMB” and on the “Enter link location (URL):” enter the name of your Workgroup as “smb://workgroup/” were you substitute the name of your for “workgroup” and you do not enter the quotes. In my case I am entering “smb://windowsnt/” for my home Workgroup name. Press the OK button when done and you should now have an icon that will open up all of the computers on your network that are in your selected Workgroup. I get an Earth like icon with a network connection on the bottom. When I press the icon it starts up Dolphin which says “smb – Dolphin” in the top left hand corner and all of my fellow computers at home show up in the list. You can then select any computer sharing icon to see what you can browse through on that computer.

Windows Computer file Sharing:

The intent of this document is to not go over how to share files from a Windows computer. In general file sharing in Windows XP just seems to work with Samba, however you may need to check a few things in Windows Vista and in Windows 7. On the Windows Vista or Windows 7 machine go to:

Start > Control Panel > Administrative Tools > Local Security Policy

In the application “Local Security Policy” open up “Local Polices” on the Left Tree options and select “Security Options”. On the right look for the setting called “Network Security: LAN Manager Authentication Level” and double click this setting with your mouse. On the first tab called “Local Security Setting” select the pull down option that says “Send LM and NTLM – use NTLMv2 session security if negotiated”. Hit the Apply button and then the OK button.

On the same “Security Options” page find the options called “Network Security: Minimum session security for NTLM SSP based (including secure RPC) clients” and “Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers". Both should say next to them “No minimum” as its setting. If either security option does not say “No minimum” then double click that option and on the first tab labeled “Local Security Setting” uncheck the options for “Require NTLMv2 session security” and “Require 128-bit encryption” then press Apply and then OK to set the required options

After the above changes I still had an issue with a computer running Windows 7. When I entered my login name and password, it would not be accepted, even though it was correct. After searching the Internet I found the suggestion to uninstall the “Windows Live Sign in Assistant” on the windows 7 system. To do this on the Windows 7 machine select:

Start > Control Panel > Programs and Features

Allow the loaded application Window to populate with all of your applications then find the “Windows Live Sign in Assistant”, highlight it with your mouse and select to “Uninstall” the application. Reboot your computer when done and see if you can now log into your Windows 7 computer. I also found suggestions that a bogus entry in the Credentials Manager, also located in the control panel might show a bad entry coming from your Linux machine that you need to delete. This was not true in my case, but it might be worth a look if you are still having login issues with your Windows 7 computer from Samba.

Samba Setup Summery:

I hope you found this Samba configuration and setup document useful. I have provided all of the details I use to setup Samba which works very well for me. If you find any errors, have any suggestions or any problems over using this document, I want to hear from you so that I can make it better and more useful for a wider audience.

Thank You,

James D. McDaniel – Austin

jmcdaniel3@austin.rr.com


All times are GMT -5. The time now is 04:49 PM.