##############################################################
# Searchable Keywords: samba smb netbios CIFS



Configuring Samba on a small network.
<I guess I spent about the same amount of time foolin
with netatalk before I got it to work.>

The big fat smb.conf file on the default install of
Redhat is not all neccessary. It's nice that's it's 
there but it's very confusing.

Some difference might be that in win98 I believe you 
have to use the smbpasswd file.(At least I did in order
to get it to work.) I saw a note on a UV.edu page
that said there were difference between 95 and 98
behavior.


----------------------------------------------------------------------
--- Using mksmbpasswd.sh to create/generate the /etc/smbpaswd file ---
----------------------------------------------------------------------
In a small network, alot of folks are not using logon
names(such as my home network, I feel the less you have
to use Microshaft the better and fix it in Linux/unix.)
Without using a logon the PC defaults to the user of
, default . In order to map a drive to the SMB server
you have to have a "default" logon. So in the /etc/passwd
file you have to have an entry for a user default. Then 
you must convert the /etc/passwd file to /etc/smbpasswd 
file. To do this you need to use /usr/sbin/mksmbpasswd.sh
Type # cat /etc/passwd | /usr/sbin/mksmbpasswd.sh >>/etc/smbpasswd
I used the >> because you may already have a/etc/smbpasswd file.
Once you have your user (default) and the smbpasswd file.
You'll need to trim down the smb.conf file.
An example of what worked for me in a small network
without using MS network client or MS family login.

# /etc/smb.conf

# Global parameters
[global]
        workgroup = keen
        netbios name = apollos
        server string = SMB server on Apollos
        log file = /var/log/samba/log.%m
        max log size = 50
        dns proxy = no
        hosts allow = 192.168.1. 127.
#	Additions
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
  encrypt passwords = yes
  smb passwd file = /etc/smbpasswd


[homes]
        comment = Home Directories
        read only = No
	writable = yes

[printers]
        comment = All Printers
        path = /var/spool/samba
        read only = no
        print ok = Yes

[tmp]
        comment = Temporary file space
        path = /tmp
        read only = No
        guest ok = Yes

[public]
        comment = Public Stuff
        path = /usr/public
        write list = @staff @user
        read only = No
        guest ok = Yes

[cdrom]
        comment = cdrom drive
        path = /mnt/cdrom
        guest ok = Yes

As you can see it is alot less wordy than the default
/etc/smb.conf file. I will try different varitations
of this to simplify and make more effcient.


////// Building shares with specific permissions \\\\\\\

Creating shares that will follow unix permissions.
This is the part of the smb.conf that you  build the shares.

cat /etc/smb.conf
snip..............................................

[system_patching]
     comment = Patch data dump
     path=/data/system
     guest ok = no
     read only = no
     public = no
     writable = yes
     printable = no
     create mask = 0774  <----- create a mask for the PC user
     force create mode = 0774 <----- force the use of the above modes
     directory mode = 0774 <------ plus when they create a directory
     force directory mode = 0774 <--- force the use of modes on directories
     user = @staff <----- meaning they have to belong to the staff group
     force group = +staff <--the plus means use local unix group NOT nis

user = @.......
    and
force group = ........

can be used seprately. "force group =" can be used without the "+" it just
means to use local /etc/group file rather than NIS group file.

			----------------------

These two options let you enumerate the users and groups who are granted 
or denied access to a particular share. You can enter a list of user and/or
group names. If a name is prefixed by an at sign (@), it is interpreted as 
a group name?with NIS groups searched before Unix groups. If the name is 
prefixed by a plus sign (+), it is interpreted as the name of a Unix group, 
and NIS is not searched. If the name is prefixed by an ampersand (&), it is
interpreted as an NIS group name rather than as a Unix group name. The plus 
sign and ampersand can be used together to specify whether NIS or Unix groups 
are searched first. For example:

        [myshare]
            valid users = mary ellen sue &sales +marketing @dbadmin
            invalid users = gavin syd dana &techies +&helpdesk


<<<<<<<<<<<<<<< Name resolution >>>>>>>>>>>>>>>>>>
A note about resolving names to IP which samba must do.
I tried to use the host file rather than DNS which is
how my nsswitch.conf is setup to use dns but I could not.
So, having made a ppp connection changed my resolv.conf
and therefore would not resolv the samba server name.
If you make the connection to the samba server THEN 
make a ppp connection the smb connection stays. 
Kinda cheesy but I'm working on it.

 


files and scripts:
/etc/smbpasswd
/usr/bin/mksmbpasswd.sh
/etc/smbpasswd
/etc/smb.conf
/etc/passwd


Here are some useful URLs on samba. These helped me get it configured.

http://www.poulpetersen.dk/linux/uksmb.htm

http://www.people.virginia.edu/~rtg2t/samba/main.html

http://www.users.uswest.net/~mrblueeyes/samba.html