` Samba

Samba

Remote sites
  • WSSG site that reccommends Samba
  • Samba site at Canberra - ftp://samba.anu.edu.au/pub/samba/ Mirrors: ftp://sunsite.unc.edu/pub/packages/samba/sources/ - ftp://ftp.micro.caltech.edu/pub/samba/ - ftp://ftp.cs.ucr.edu/pub/software/samba/
  • NT4.0 setup instructions
  • Local Samba Setup (Local users only)
  • The Samba faq says:
    Samba is a suite of programs which work together to allow clients to access to a server's filespace and printers via the SMB (Server Message Block) protocol. Initially written for Unix, Samba now also runs on Netware, OS/2 and VMS.

    Local Installation

    1. Download sources from one of the above ftp sites
    2. Read docs/textdocs/UNIX_INSTALL.txt
    3. Run configure
      ./configure --prefix=/usr/local/samba --with-lockdir=/var/log/samba --with-privatedir=/var/log/samba/private
      
    4. Since I installed Samba on the server in /usr/local/samba, which is not writable by the Unix clients, I set /var/log/samba so that the log files for each Unix machine go into /var/log/samba.
    5. I ran make as myself, then, as root on the server, make install
    6. I decided to used inetd to start up the samba daemons, though it is possible to use examples/svr4-startup/samba.server to start samba on each machine at boot time.
      1. On the NIS server, I added the following to /etc/services
        # Samba PC connectivity services
        netbios-ssn     139/tcp
        netbios-ns      137/udp
        
      2. On the NIS server, I pushed the maps with (cd /var/yp; make)
      3. Our cluster shares /etc/inetd.conf via nfs, so I edited the copy on the server and added:
        #
        # samba
        #
        netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
        netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd
        
    7. On each client, I did
      mkdir /var/log/samba
      kill -1 `ps -auxgww | grep inetd | grep -v grep | awk '{print $2}'`
      

    Setting up Samba securely

    Using server security

    If you are running NT4, and apply sp3, then you will need to either set up server level security, use a smbpasswd file or modify your registry so that NT will pass your passwds over then net in clear text. Using a smbpasswd file or having NT pass your passwds in clear text is not acceptable, so we setup server level security. (See the Samba FAQ and security_level.txt for more information).

    Local users can look over the smb.conf file we are using.

    Unix Client Setup

    Once Samba with smbpasswd worked for one machine, I did the following for each:
    mkdir /var/log/samba
    mkdir /var/log/samba/private
    cd /etc/init.d
    ln -s /usr/cluster/etc/init.d/samba.server .
    cd /etc/rc3.d
    ln -s ../init.d/samba.server S20samba.server
    cd /etc/rc2.d
    ln -s ../init.d/samba.server K61samba.server
    mkdir /var/log/samba/private
    chown root /var/log/samba/private
    chmod 700 /var/log/samba/private
    

    Samba nits

    1. I've heard rumours about security concerns in the passing of passwords In October 1997, there was a Cert bulletin about Samba.
    2. I configured samba by uncommenting the kerberos section in sources/Makefile. Unfortunately, if start smbd and nmbd on host hostA, and then on hostB, do
      /usr/local/samba/bin/smbclient '\\hostA\homes'
      
      my kerberos passwd is passed in cleartext between hostB and hostA
    3. I was unable to mount a Unix file from NT, the error was:
      [1999/08/03 17:29:32, 0] lib/util_sock.c:read_socket_data(507)
        read_socket_data: recv failure for 4. Error = Invalid argument
      
      The fix was to edit lib/util_sock.c and change recv to read
    4. Below is a sample run of smbclient
      /usr/local/samba/bin/smbclient //gigavault/wwwroot -U cxh -d 100
      

    Back to my NT pages
    Last updated: 10/09/05
    Send comments to cxh at eecs.