SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2012-07-21 07:27:20

sqlpython
#! Die Hard
From: New England
Registered: 2011-11-28
Posts: 928

SAMBA Basic: Quick and Easy

I keep this How to of mine as a Template to get my Network up quickly and have posted it on the Debian forums as well as others. I hope it is useful to some. Simple, imperfect but it works.

** Disclaimer ** The Below Quick Samba Set will work but it is just that quick and easy and not aimed to be Corporate Secure. If you are in a Volitile environment use at your own risk**
  However you can learn from the settings..

I have been using SAMBA in Win networks since the 1990s and have had good luck with it's connectivity features. I can help you here. SAMBA becomes progressively more difficult to Administrate as you progressively make it more Secure. PAM passwords, winbind and Active Win Directories will do that.
In a friendly environment you can eliminate the above. I am able to in most circumstances. However it will be necessary for testing in a new setup to go Open without security just for Testing. Then you can immediately if you are required to harden you SAMBA install with One or more Security features.

Thunar 1.0.xx versions  come with Debian 6 Squeeze (crunchbang) and does not automatically see networks. So, Gigolo or Pyneighborhood is needed.. I prefer Gigolo as it carries less baggage with it..
Once you are using Debian 7 (Wheezy) Thunar 1.2.xx version is used and this will see networks when configured allowing you to go without Pyneighborhood or Gigolo. I believe #!Waldorf uses the higher Thunar version.

Once you install Pyneighborhood you get winbind as well as smbfs, cifs-utils, libpam-winbind to name a few...
Unless you are syncing logons with Win machines in most simple circumstances and networks you won't need winbind.

Here is a reminder I keep to Remember Winbind needs...
Winbind is ideal for admins who wish to add Linux workstations or servers to an existing Windows domain
You should also use winbind when you have hosts that are not members of the domain accessing a Samba or Windows domain.
what winbind does:
Authenticates users
Manages passwords
Allows Linux users to use Windows domain resources as though they were native Linux resources
User and group ID allocation

How I would initially set up a SAMBA user Network..(to be hardened later)
..Get it working first. Secure it second..Makes Debugging Easier.
This is not the minimum install but a useful one.
EDIT: Jul 20,2012  Keep in mind this Protocol is about Sharing...
..........So, sharing indicates cooperation. There must be Files, Directories and hopefully Printers set to Share on at least the Windows Side and as I do on both the Windows and Linux sides of this Protocol.
IF Not then nothing happens. So, see to setting Shares first. via the items Properties on both Win and Linux systems ****

The files you should install to allow you the use of your Networks with Thunar and #! are

||/ Name           Version        Description
+++-==============-==============-============================================
ii  fusesmb        0.8.7-1.1      filesystem client based on the SMB file tran
ii  libpam-smbpass 2:3.6.5-1~bpo6 pluggable authentication module for Samba
ii  libsmbclient   2:3.6.5-1~bpo6 shared library for communication with SMB/CI
ii  samba          2:3.6.5-1~bpo6 SMB/CIFS file, print, and login server for U
un  samba-client   <none>         (no description available)
ii  samba-common   2:3.6.5-1~bpo6 common files used by both the Samba server a
ii  samba-common-b 2:3.6.5-1~bpo6 common files used by both the Samba server a
ii  samba-doc      2:3.6.5-1~bpo6 Samba documentation
ii  samba-tools    2:3.6.5-1~bpo6 Samba testing utilities
ii  smbclient      2:3.6.5-1~bpo6 command-line SMB/CIFS clients for Unix
un  smbfs          <none>         (no description available)
un  smbget         <none>         (no description available)
un  smbldap-tools  <none>         (no description available)

The Gvfs virtual file system below was used by Gigolo but I also believe that Thunar 1.2.xx uses them for display of Networks..
ii  gvfs           1.6.4-3        userspace virtual filesystem - server
ii  gvfs-backends  1.6.4-3        userspace virtual filesystem - backends
ii  gvfs-bin       1.6.4-3        userspace virtual filesystem - binaries
ii  gvfs-fuse      1.6.4-3        userspace virtual filesystem - fuse server

 sudo geany /etc/samba/smb.conf

Some Defaults I have set which should generically work.
The workgroup below is a common Windows default but check your own
Remember these are generic and not aimed toward Security but Testing and Immediate Use. A quick and easy way to get a Samba Network connection up and running.
So look for the lines below and modify similar to my examples..

  workgroup = WORKGROUP
   server string = %h server
   #wins support = no
   include = /etc/samba/dhcp.conf
   dns proxy = no
   netbios name = bobs1501
   name resolve order = lmhosts host wins bcast

and set interfaces to lo and your local network interface. In my case: eth0.

interfaces = lo eth0 wlan0
bind interfaces only = true

A bit more secure alternative would be to your particular interfaces

interfaces = 192.168.0/200 192.168.1/200 192.168.2/200 127.0.0.0/8 eth0

Now, it is time to smooth out samba default security by changing the security variable: security and make sure it is set to share instead of user and that guest account is enabled:

security = share

...
...

guest account = nobody

Now, we can create a share to be accessible to guest users:
Mine refers to a dir I have called Public
You can place in the /home dir but more secure would be outside that dir.
This is a Public share so read write to all if you choose.

*******Share Definitions************
[Public]
        comment = Guest access share
        path = /home/sqlpython/Public
        browseable = yes
        read only = yes
        guest ok = yes

In the Section regarding
####### Authentication #######
I put a # in front of anything that would give a password or an encryption.
You can revisit this area later once you decide if/what you want for a password  but for now just get it working.

########## Printing ##########
  load printers = yes
# cupsys-client package.
   printing = cups
   printcap name = cups

You can now test that your configuration is good using testparm:

$ testparm

If everything is fine, it is time to reload samba service to have your new configuration taken into account:

 sudo /etc/init.d/samba reload
or
 sudo /etc/init.d/samba restart
**********PRINTING*********

most of the files come with Squeeze
I think I only installed the very useful Gnome system-config-printers
.
With the system-config-printer you can Add and Modify printers.
All network printers added will be SAMBA like this example..

smb://Host_Computer_To_Access/hpLaser1302

All Should work fine now with Networking, SAMBA networking and Samba Printing ..
Now read the Samba.org Wiki regarding the Security flavor of you choice.

EDIT: Jul 20 2012  *Security*
  For Good reasons there are some Networks and Users that will make much of Security.
I say that Securing SAMBA SMB is the last protocol to worry about in a Secure System. Security should be handled at earlier stages at the FireWall. If a User has been allowed or cracked onto your side of the Firewall then SAMBA security is too little too late. So be SAMBA involved or not ...Too Late, don't blame SAMBA.
Instead to secure your LINUX network look to Router Hardware FireWalls, Hardened Passwords (simple but effective), PAM,  IPchaining and for Wifi MacAddressing etc. Working with a Win Network you may also be faced with Active Directory Protocol which is pretty secure. ADP will bring into play ssh, kerberos, nsswitch, PAM and a number of smb.conf Security modifications. Security protocols are out there to satisfy Governments and Corporate Institutions. They know and choose to take the risks presented as a trade-off for Speed and Storage capacities of that information......However read on...

   Remember, Electronic media is not the first means that comes to mind for Securing Sensitive Data. It is probably the Last. What ever is on a Shared or Non Shared file tree is Much less safe then on your Bedroom Night Stand. So, know the risks if you choose to store on you computer Passwords to where ever, ID/Social Security type numbers, Bank Acct numbers, personal Pictures,, Writings and other family information that could lead to Identity Theft. We probably all leave some sensitive data on our systems. (Sensitive to a Lesser or Greater degree.) However if that data is hacked we must also shoulder the responsibility....*******

Last edited by sqlpython (2012-07-21 17:25:49)


OHCG #!, Jessie,, Siduction-13.1,  Slackware 14,  Bridge,, Sabayon 13.4,

Offline

Be excellent to each other!

#2 2012-07-21 09:12:55

rhowaldt
#!*$%:)
Registered: 2011-03-09
Posts: 4,396

Re: SAMBA Basic: Quick and Easy

cool stuff Mr Python, thanks!

Offline

#3 2012-07-21 13:32:42

VastOne
#! Ranger
From: #! Fringe Division
Registered: 2011-04-26
Posts: 10,163
Website

Re: SAMBA Basic: Quick and Easy

Nice How To sqlpython, added it to Quick References


VSIDO | SolusOS

Words That Build Or Destroy

Offline

#4 2012-07-21 14:21:04

sqlpython
#! Die Hard
From: New England
Registered: 2011-11-28
Posts: 928

Re: SAMBA Basic: Quick and Easy

Thank You, albeit very Basic. Something I had to for a Work Win Server Network.
I am sure there are ways to improve this simple start up but I would suggest.... K.I.S.S.(Keep It Simple & Stupid)..
There are many ways you can make SAMBA better but for the purposes of this How To,  think Works with Fewest Changes..  and move forward from there.
  You will note a few Edits I am about to Do which I consider important to make Clearer to Readers who know little or nothing About Networking, SAMBA or Win/Linux Network Sharing.
I will mark those Sections with
Edit:

As I believe  it was WM that  mentioned SAMBA is word soup... so true. It can be.. I have taken the approach with SAMBA of Change only what it takes to get your Shares working. Above we only have to touch on Seven Sections.
  Also when I get an opportunity I will try to provide a Simple Active Directory How to for those that need it.
This will involve Kerberos, and changes to smb.conf, nsswitch, PAM as well as Adding an additional Group.

Last edited by sqlpython (2012-07-22 21:11:01)


OHCG #!, Jessie,, Siduction-13.1,  Slackware 14,  Bridge,, Sabayon 13.4,

Offline

#5 2012-08-01 09:45:52

Schroeder
Member
Registered: 2012-07-31
Posts: 17

Re: SAMBA Basic: Quick and Easy

I don't mean to dig up old threads, but thank you for this simple straight forward tutorial. But I have a question, how do I add more shares to this? I have a couple of directories I need to share. (more than a couple, actually)


sudo chown -R us:us /your/base/

Offline

#6 2012-08-01 09:52:46

Schroeder
Member
Registered: 2012-07-31
Posts: 17

Re: SAMBA Basic: Quick and Easy

Duh, how basic.
Just add:

[Music]
        comment = Guest access share
        path = /media/sdc8/Music
        browseable = yes
        read only = yes
        guest ok = yes

Sorry to bother you, lol

But thanks for this thread, it's great!!!

Okay, it will only allow me to do two shares. For now. I'll keep hacking away, but in the meantime, how do I set my shares to come up automatically? I just logged off and back on and the shares are gone.

Last edited by Schroeder (2012-08-01 10:16:42)


sudo chown -R us:us /your/base/

Offline

#7 2012-08-01 17:33:55

sqlpython
#! Die Hard
From: New England
Registered: 2011-11-28
Posts: 928

Re: SAMBA Basic: Quick and Easy

Hey! Happy it helped you.
Basic Samba is not that difficult.. smile


OHCG #!, Jessie,, Siduction-13.1,  Slackware 14,  Bridge,, Sabayon 13.4,

Offline

#8 2012-08-02 22:30:19

sqlpython
#! Die Hard
From: New England
Registered: 2011-11-28
Posts: 928

Re: SAMBA Basic: Quick and Easy

^

I just logged off and back on and the shares are gon

Strange...
in a terminal type

testparm

Do this twice and cut and past the results for each to a post here..
One as you Are freshly logged on.
2nd after your modifications and can see the Share..


OHCG #!, Jessie,, Siduction-13.1,  Slackware 14,  Bridge,, Sabayon 13.4,

Offline

#9 2012-09-22 20:51:05

lwfitz
#! Die Hard
From: Monrovia, CA
Registered: 2012-01-19
Posts: 886
Website

Re: SAMBA Basic: Quick and Easy

Great tutorial thank you

Last edited by lwfitz (2012-09-22 22:00:12)

Offline

#10 2012-09-27 19:45:00

ritsa
New Member
Registered: 2012-01-07
Posts: 8

Re: SAMBA Basic: Quick and Easy

What i do wrong?
Shares worked nice with this tutorial but..
then i restarted computer and no shares.

testparm command dont work?!

hmm

Offline

#11 2012-09-28 05:40:15

sqlpython
#! Die Hard
From: New England
Registered: 2011-11-28
Posts: 928

Re: SAMBA Basic: Quick and Easy

^^ Thank You

^ If you can not see shares and testparm is not returning info could be that samba is not starting at boot.
to see if if is running

sqlpython@debian7:~$ ps -a -U root | grep smb
 3252 ?        00:00:00 smbd
 3277 ?        00:00:00 smbd

if not restart

su
/etc/init.d/samba start

Check to see if system is starting daemon on boot

Last edited by sqlpython (2012-09-28 05:40:43)


OHCG #!, Jessie,, Siduction-13.1,  Slackware 14,  Bridge,, Sabayon 13.4,

Offline

#12 2012-09-28 05:56:20

lwfitz
#! Die Hard
From: Monrovia, CA
Registered: 2012-01-19
Posts: 886
Website

Re: SAMBA Basic: Quick and Easy

I had the same issue. After every reboot I had to run

sudo /etc/init.d/samba restart

I ended up fixing that issue by adding

client lanman auth = yes
client ntlmv2 auth = no

to my smb.conf

I then got had an issue with losing my shares every 24 hours and I got around that by changing

security = share

to

security = domain

Hope this helps.

Offline

#13 2012-09-28 13:01:28

sqlpython
#! Die Hard
From: New England
Registered: 2011-11-28
Posts: 928

Re: SAMBA Basic: Quick and Easy

^  I will note those changes myself.
Personally, I have not had those problems. But then my personal samba set up is within firewall and runs without password which I believe surfaces the need for your changes.

I will be gone for a few days so I will be unable to monitor the forum and threads for myself.... see ya.


OHCG #!, Jessie,, Siduction-13.1,  Slackware 14,  Bridge,, Sabayon 13.4,

Offline

#14 2012-11-14 22:25:46

rpgx_ender2003
New Member
Registered: 2012-11-14
Posts: 9
Website

Re: SAMBA Basic: Quick and Easy

Something else that we have on the Samba config at my work, might be similar to the "Interfaces" commands that are listed above. We use HOSTS ALLOW = and then the subnets of workstations allowed to connect.

On ours, we have the ntlm auth set to yes and lanman set to no, you can also add to the share config a "force user = xxxx" and "force group = xxxx" to make it always use specific credentials.


Look, the people you are after are the people you depend on: we set up your computers, we deliver your email, we connect your calls, we backup your files, we guard your networks while you sleep. Do not F*%^ with us.

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.

Debian Logo