[global] workgroup = ABLAB server string = %h server (Samba, Ubuntu) #name resolve order = host log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = yes passdb backend = smbpasswd username map = /etc/samba/smbusers [xedhome] comment = Home directory of Chris read only = no valid users = xed path = /home/xed
|Use $ testparm to check the validity of a Samba configuration file.|
Starting on Centos
/etc/init.d/smb start sudo chkconfig smb on
Notes on Samba Authentication Issues
After a lot of research here’s what I think. Samba is doing two things. 1. It is a file transfer protocol, it moves files. And, 2. it decides who can do this, it authenticates. As an authentication mechanism, it’s very flexible. Too flexible. It can keep it’s own users, groups, etc, or it can pass along authentication requests to the underlying system (to PAM, for example). The problem is that when you let Samba use it’s own user database, the records for the passwords are stored in hashes that are different from that which PAM uses. This means that if you want to use PAM (the Linux accounts) you have to enable Samba to pass the passwords in clear text to PAM so that PAM can hash them and compare with what’s in PAM’s database. This works fine in a trusted environment where the chances of someone sniffing passwords off the wire is small, but it is a terrible idea on the wild internet.
There is another way. One possibility is getting an LDAP server set up. With that working, both PAM and Samba can be configured to use the same "directory" of users and hashes (securely).
Perhaps the simplest way to set up is to use smbpasswd, Samba’s own special way of what amounts to keeping an /etc/passwd file. This involves setting up a temporary "directory" (i.e. list) of users in the Samba style (on the Samba server, there will essentially be a separate "password file"). This will require people to have/set a different password (which could be the same).
In smb.conf you need this:
passdb backend = smbpasswd
To add Samba users (totally different from Linux PAM users):
:-< [nike][/etc/samba]$ sudo smbpasswd -a xed New SMB password: Retype new SMB password: startsmbfilepwent_internal: file /etc/samba/smbpasswd did not exist. File successfully created. Added user xed.
Looks like you must have a corresponding Unix account to set the smbpasswd or you get "Failed to modify password entry for user …" So much for the independent authentication mechanisms.
Also you may want to map Samba users to Linux users with whatever was specified here:
username map = /etc/samba/smbusers
Usually contains something like
xed = "xed" jack = "jack"
This works fine for testing:
smbclient -U xed //xablab.ucsd.edu/xedhome -c ls
If there are no passwords:
smbclient //pelican/pelicanc -N
where "pelican" is the name of the host and "pelicanc" is the name of the share as set in W95.
If you want to use backslashes for some reason, double them up -
smbclient \\\\pelican\\pelicanc -N
The "-N" option bypasses the password prompt.
When in smbclient, FTP commands often work. To exit, "q" works.
|I had big big problems for too long because I was screwing up the syntax. Don’t put a trailing slash on the end of the share name!!!!!!|
THIS IS WRONG
This is correct:
[~]$ smbclient //parrot/parrotc
To list what Samba thinks it’s offering:
$ smbclient -L localhost
(Password here seems optional.)
smbmount //pelican/pelicanc/ /mnt/pelican -n
This will mount the share "pelicanc" to path /mnt/pelican -n should be used to mount shares that do not need a password
I had trouble mounting a smb share as non-root. I used su and then had to explicitly call out where smbmount was:
smbumount seems to be for non-root users who use smbmount. To unmount the smb file system as root, use ordinary umount:
If you have trouble mounting because of a host name too long error, "my hostname name too long as a netbios name: cardinal.windmills" try this:
smbmount //canary/canaryc /mnt/pelican -n -c cardinal
I don’t understand what the deal is, but this makes it work out.