Chapter

1

Chapter

Linux/Windows Internetworking

2

Chapter Objectives

• Samba• Practical Customization of Samba

on a Linux Server• Setting Up SWAT to Remotely

Configure Samba on a Windows Client

3

Origin of Samba

• Samba was originally developed in Australia

4

The Purpose of Samba

• Enable interoperability between Windows and Clients

• Example:– Enables a Unix/Linux file server to be

treated like a Windows NT file server by Windows clients

– Enables an NT file server to be treated like a Unix file server by Unix/Linux clients ???

5

Some More Uses for Samba

• A NetBIOS nameserver (1001/1002) • A FTP style SMB client to access PC shared

items (disks and printers) for Unix, Netware or other operating systems.

• A tar extension for the clients, in order to create remote backups.

• A command line, limited administration tool, that supports some features of Windows NT that may be used over Samba, Windows NT Workstation or Server.

6

Yet, More Uses for Samba

• Implementation of a password synchronization gateway, or printing gateway, between Unix and Windows NT.

• Give access to Windows NT files from Unix.

• Source:– http://www.linux-mandrake.com/guides71/

en/mdkrefguide/samba-capability.html

7

• Linux• Solaris• IRIX

– The main o/s for Silicon Graphics workstations and servers. It incorporates Unix System V functionality.

• HPUX• Almost all other versions of Unix

Operating Systems for Samba

8

Companies Using Samba

• Cisco• Bank of America• Hewlett Packard• Johnson and Johnson• British Petroleum• Solomon Smith Barney (Citibank’s

Investment Brokerage Division)

Source: http://www.valinux.com/software/samba.html

9

Samba and Windows

• Windows NT OS uses a layered architecture with partitioned user and kernel modes similar to those of UNIX.

• NETBIOS – over – TCP/IP (NetBT) is used by Samba to share UNIX resources with Windows clients

• SMB AND CIFS are NetBT based protocols for communication between clients and servers

10

SMB PROTOCOL

• Created in 1987 as a joint venture between Microsoft and Intel

• SMB is an acronym for Server Message Block

• Excellent source on SMB– http://samba.anu.edu.au/cifs/docs/

what-is-smb.html

11

Purpose of SMB

• SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers

http://samba.anu.edu.au/cifs/docs/what-is-smb.html

12

SMB Operation


13

SMB’s Place in the ISO-OSI Model


14

SMB Functions

• 1) Session commands: used to set up a virtual circuit and validate access.

• 2) File commands: permits an application to operate on files.

• 3) Printer commands: permits an application to spool jobs to remote printers.

• 4) Message commands: provide a means for passing alert, control, and informational messages between the consumer and server applications

15

CIFSCommon Internet File

System

• In 1997 Microsoft submitted CIFS specification to IETF

• It is a derivation of SMB offered as a public domain specification

16

Kerberos Ticket Exchange

Source: Samba Unix & NT Internetworking

17

End of Module

18

Module

Samba Installation and Usage

19

Obtaining Samba

• Samba can be downloaded from www.samba.org

• Samba is often supplied as part of the Linux package by vendors

20

Installing Samba

• Samba is installed as one of the packages when installing Linux

• Any RPM installation facility can be used for the installation of Samba

• An example would be to use KDE’s package installation feature to install Samba

21

Samba Installation and Configuration Example

• Source– http://www.linux-mandrake.com/

guides71/en/mdkrefguide/samba.html

22

Samba Installation and Configuration Overview

Install Sambafrom CD-ROM

Configure SambaServer (samba.conf)

Test configuration andlaunch Samba

Install Samba toolsas necessary

Install SWAT GUI toolif desired

23

Installing Samba

• If you already use Samba, run /etc/rc.d/init.d/smb stop. Otherwise, on the installation CDROM you will find the package named samba which you can install, as root, with command rpm -Uvh samba-*.

24

Smb.conf File

• During installation a /etc/smb.conf file is copies to the computer

• Entries in this file must be changed to configure Samba

25

Key Areas of Configuration

• Global• Printers • Homes

26

Sample samba.conf

• View– http://www.linux-mandrake.com/

guides71/en/mdkrefguide/samba-conf.html

27

Global[global] netbios name = Zeus netbios aliases = creation

# without these two entries, the first part of the # DNS name will be used instead.

workgroup = DESIGN # Samba can only belong to one work group

at a time

server string = File server [%v] # this indicates the name and the version

number to print

28

Global Cont.

deadtime = 15 # maximal inactivity time

auto services = john # this service, although present in the

exploration list, is not available until john connects to the server

security = user

29

Security Modes

• Share mode• User mode• Server mode• Domain mode

30

Share Mode

1. {share mode}: In this mode, the client sends a password while asking for a connection, but no username is required. This mode is the default security mode for files or printers under Windows 95. It may be changed, under Windows 95 in the Network section of the Configuration Panel, under Access Control.

31

User Mode

2. {user mode}: This security mode is recommended. You are asked for a valid username and its associated password.

32

Server and Domain Mode

3. {server mode}: This mode is derived from user mode. The Samba server sends a session opening request to the passwords server.

password server = NT_passerv #where NT_passerv is the name of the NT

passwords server. Various servers may be listed.

4. {domain mode}: Nearly the same as server mode

33

Adding Hosts to Access the Linux server

hosts allow = john.design.org 192.168.2.#Allows all users from john.design.org

and all hosts with the beginning TCP/IP address 192.168.2.

Deny 192.168.2.5#Deny access from host 192.168.2.5

34

Creating a Guest Account

guest account = pcguest # If you wish to add a guest user; to be

# added in /etc/passwd

35

Setting Up a Share

• First of all, create the shared directory with the command mkdir /home/shared and set owners and permissions with chmod and chown.– For example, chmod 0777 gives all

rights towards this folder on the Unix side. However, Samba has to allow this too.

36

Commands to Create a Share[share]

comment = share access granted to everyone path = /home/shared browsable = yes writable = yes create mask = 0750 # means that the creator of the file has rwx # rights on it, the group r-x and others r–

directory mask = 0750# same meaning but for directories

mangled names = yes # converts names in a DOS/Windows manner, with # eight characters for the name and three for the # extension.

preserve case = no # do not take case into account.

37

Another Share Example

[zip] comment = automatically mount/unmount the zip drive

browseable = yes path = /mnt/zip root preexec = /bin/mount /dev/sda4 /mnt/zip root postexec = /bin/unmount /mnt/zip

First of all, be sure to load the ppa module with command modprobe ppa.o.

38

Creating Home Directory for Users

[homes] comment = Home directories browseable = no writable = yes path = /export/homes/%U valid users = %S

39

Setting Up a Printer for Sharing

[printers] comment = shared printers path = /var/spool/samba load printers = yes # load all available printers browseable = no printable = yespublic = no writable = no create mode = 0700

40

Sample samba.conf File[global]

workgroup = MyWorkGroup server string = (Samba %v) #server string = Samba Server browseable = yes printing = bsd printcap name = /etc/printcap load printers = yes log file = /var/log/samba/log.%m max log size = 100 lock directory = /var/lock/samba locking = no strict locking = no share modes = yes

41

Sample samba.conf File Cont.

security = user null passwords = yes socket options = TCP_NODELAY

# Allows the Samba server to become a domain controller

#os level = 33 #domain master = yes # Facilitates the long names recognition

preserve case = no short preserve case = no character set = iso8859-1

42


[homes] comment = Home Directories preexec = /bin/sh -c 'echo /usr/bin/smbclient -

M %m -I %I'& browseable = yes readonfiltered= no writable = yes create mode = 0750public = yes

43


["public"]comment = "Public"

path = /public/ browseable = yeshide dot files = yes readonfiltered= no public = yes pritable = yes #create mode = 0775 printable = no

44


["printers"] comment = All Printers #path = /var/spool/samba path =

/var/spool/lpd/lpbrowseable = yes # Set public = yes to allow user 'guest

account' to printguest ok = yes writable = yes printable = yes

45

[tmp]comment = Temporary file spacepath = /tmpread only = nopublic = yes

Set Temporary File Space

46

Check for Changes Made

• Now save changes to smb.conf• Before launching smb and nmb

daemons, launch testparm. This command will read /etc/smb.conf and print which entries will be taken into account

47

Reload Samba

• No need to reboot the computer• Reload Samba using Unix

command to activate the new configuration– samba stop– samba start

48

Using the Command Mode to Reload Samba

• Then just type /etc/rc.d/init.d/smb start. The following messages should be printed: Starting SMB services: [OK] Starting NMB services: [OK] To check that the daemon is running, run ps aux | grep smbd or /etc/rc.d/init.d/smb status

49

End of Samba Configuration

• The Samba server is now ready for use

50

Accessing Linux File Server from a PC Client

• Login on a PC Client using a guest ID and password preset at Linux server

• Open Network Neighborhood• The Linux server should show up as

it were in a NT network• Shared Resources Shown

– Printer(s)– Public folder – [tmp]– Private folders [homes] [client-name]

51

Setting Up PC Clients on Linux Sever

• Open User Manager – System User Manger (at KDE)

• Add PC User(s)– Add names (first character must be upper

case to make it work, Linux is case sensitive)– Setup password– Primary Group: Guest

• Add New User(s) to Guest Group– Open Guest Group Properties– Add new user(s) to the guest group

• Save All Changes

52

smbclient Tool

• This is a utility close to ftp that enables you to connect to a PC running Windows.

• To know the list of shares accessible on PC win through SMB, launch smbclient -L win -N.

• Launch smbclient //win/work to connect to the share work on the PC called win. You may also use smbclient \\\\win\\work.

• To create a tar archive of the work share, launch smbclient //win/work -Tc work.tar.

53

Printing

• To print a file letter.txt to the printer my_printer connected to the PC win, type cat letter.txt | smbclient //win/printer_name my_password \ -N -c "put - john“

• For more information, run man smbclient

54

smbfs Tool

• For you to be able to mount/unmount some directories from Windows on your Linux box, your kernel needs to support the smbfs filesystem (which is the case for the Linux-Mandrake distribution). Then you can use the programs smbmount and/or smbumount. For example: smbmount "\\win\work" -c 'mount /mnt -u 123 -g 456'. Which will locally mount the share work with a local UID of 123 and a local GID of 456.

55

smbtar Tool

• Allows to create tar archives remotely. Read the manual page for more information on its numerous options.

56

GUI Tool: SWAT

• SWAT is a configuration GUI included with the Samba package

• SWAT – Samba Web Administration Tool

57

Setting Up SWAT at Linux File Server

• Open /etc/inetd.conf• Add or uncomment this line:

– Swat stream tcp nowait.400 root /usr/local/samba/sbin/swat swat

58

Configure Samba Using SWAT at a PC Client

• Logon to a PC Client • Open a web browser• Enter URL: http://localhost:901

(replace “localhost” with actual host name)

• Login as root on the popup Window• Make any changes or check status

of Samba using SWAT’s graphical interface

59

Logon Screen

60

SWAT Interfac

e

61

Module

Summary of Samba Tools and Resources

62

Whats are the Components of Samba?

• Smbd• smbclient• smbstatus• make_smbcodepage

• nmbd• testparm• testprns• nmblookup• smbpasswd

The Samba suite is made up of several components.

63

smbd

• smbd is the server daemon that provides filesharing and printing services to Windows clients. The server provides filespace and printer services to clients using the SMB (or CIFS) protocol. This is compatible with the LanManager protocol, and can service LanManager clients. These include MSCLIENT 3.0 for DOS, Windows for Workgroups, Windows 95, Windows NT, OS/2, DAVE for Macintosh, and smbfs for Linux.

64

nmbd

• nmbd is a server that understands and can reply to NetBIOS over IP name service requests, like those produced by SMBD/CIFS clients such as Windows 95/98, Windows NT and LanManager clients. It also participates in the browsing protocols which make up the Windows “Network Neighborhood” view.

65

nmbd

• nmbd can also be used as a WINS (Windows Internet Name Server) server. What this basically means is that it will act as a WINS database server, creating a database from name registration requests that it receives and replying to queries from clients for these names. In addition, nmbd can act as a WINS proxy, relaying broadcast queries from clients that do not understand how to talk the WINS protocol to a WIN server.

66

smbclient

• smbclient is a client that can ‘talk’ to an SMB/CIFS server. It offers an interface similar to that of the ftp program (see ftp (1)). Operations include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server and so on.

67

testparm

• testparm is a very simple test program to check an smbd configuration file for internal correctness. If this program reports no problems, you can use the configuration file with confidence that smbd will successfully load the configuration file. If testparm finds an error in the smb.conf file it returns an exit code of 1 to the calling program, else it returns an exit code of 0. This allows shell scripts to test the output from testparm

68

testprns

• testprns is a very simple test program to determine whether a given printer name is valid for use in a service to be provided by smbd

69

smbstatus

• smbstatus is a very simple program to list the current Samba connections

70

nmblookup

• nmblookup is used to query NetBIOS names and map them to IP addresses in a network using NetBIOS over TCP/IP queries. The options allow the name queries to be directed at a particular IP broadcast area or to a particular machine. All queries are done over UDP

71

make_smbcodepage

• make_smbcodepage compiles or de-compiles codepage files for use with the internationalization features of Samba 2.0

72

smbpasswd

• The smbpasswd utility allows you to change SMB encrypted passwords on Samba and Windows NT™ servers.

73

Resouces• Derosest, James W. “Samba - Unix & NT Internetworking”.

McGraw-Hill Companies, 2000.• Carter, Gernald & Sharpe, Richard. “Teach Yourself Samba in

24 Hours.” Sams, 1999.• Hertel, Christopher and Leighton, Luke. “The Story of Samba: Linux's

Stealth Weapon.” <http://www.linux-mag.com/1999-09/samba_01.html>• http://www.linux.org/ • http://www.samba.org • http://linuxtoday.com/ • http://www.andover.net/ • http://www.linux-2000.org • http://www.nwc.com/1104/1104f3.html • http://faq.oreillynet.com/linux/FAQ_7_40.shtm• http://www.linux.org/info/advocacy.html• http://www.geocities.com/SiliconValley/Haven/6087/• ttp://www.linuxlinks.com/local/why.shtml

74

End of Chapter

Chapter

Documents

Transcript of Chapter