Figure out how to administer Samba shares on Linux
For administrators with a background in Windows networking, the configuration of services in Linux can initially be somewhat confusing. Often, one of the first services an administrator from a Windows environment needs to configure is Samba. In this article, we will learn how to obtain, configure, and administer the Samba Web-Based Administration Tool (SWAT). As you may have guessed, this is a GUI utility for configuring Samba, and it can be very helpful for new Linux administrators who need to get Samba up and running quickly.
What is Samba?
Samba is a file and print server for Linux (and many flavors of UNIX) that can emulate a Windows NT/2000 machine. The most recent version of Samba can even act as a stand-alone Primary Domain Controller. A Linux Samba server can also be an effective and inexpensive alternative to standard Windows file and print servers.
Installing and setting up Samba and SWAT
On many newer Linux distributions, SWAT installation is quite easy. Often, if you install Samba, SWAT is automatically installed as well. When you install some distributions, you need to opt to select packages and then make sure you choose to install the SWAT package.
If you do not have Samba and/or SWAT installed on your Linux machine, you can install both packages manually. If you install the latest version of Samba, SWAT is installed automatically as part of the package, as mentioned above. To get the latest Samba installation packages, go to Samba's Web site, download the latest binary version for your distribution, and then install it as you would any other package.
Once you have Samba correctly installed, there are only a few steps to get SWAT up and running. First, check to see whether SWAT is already running on your machine by opening an XWindows session (using the startx command) and pointing your Web browser to http://127.0.0.1:901. If successful, you will be presented with a dialog box asking for username and password. Use the username "root" and the root password to log in. If you see a screen that looks like Figure A, you’re in business. If you get an error message, you will need to do some configuration work.
|SWAT initial screen|
To configure SWAT, you will need to do the following on most Linux distributions. First, add the following line to your /etc/services file:
swat 901/tcp # SWAT Samba configuration
Next, add the following line to your /etc/inted.conf file:
swat stream tcp nowait.400 /usr/local/samba/bin/swat swat
[Note: The path to swat may be different, according to your distribution.]
Then, locate and restart inetd (or xinetd if you are using a newer distribution) or simply reboot. On your local machine, address your Web browser to http://127.0.0.1:901 or http://localhost:901 and enter the root username and password.
Read this if you are using Red Hat 7.x or another distribution with xinetd
If you are running a version of Red Hat Linux 7.x or above, you have xinetd and not inetd. If you have xinetd on Red Hat or another distribution, then you will disregard the step listed above for inetd and instead you will need to create a little script to work withxinetd. Check out this sample script. Also, if you are running Red Hat 7.0, you should patch your xinetd with this bug fix since the version of xinetd included with Red Hat 7.0 does not work properly with SWAT. This link has more information on the xinetdissue.
If you connect over the network through a remote machine, you should know that your password will be sent in the clear. I recommend administering locally or connecting to SWAT over an SSL connection if you decide to set it up for remote administration. Also, SWAT will overwrite your smb.conf file and remove all the valuable comments. As a result, I highly recommend backing up your smb.conf file before using SWAT. You can do this by issuing the following command from the directory where your smb.conf file is located:
cp smb.conf smb.conf.original
For any problems or questions you may run into, refer to the man pages located within your distribution. The man pages for your distribution will also point out any specific peculiarities that may exist for your distribution, as well.
Basic configuration with SWAT
When you log in to SWAT for the first time, you will see the documentation screen (see Figure A again). I strongly recommended looking at each section thoroughly. This will help you learn the basics, and it provides a great reference if you get stuck during your configuration. The documentation also includes the text of a great book called Using Samba.
Now that you have SWAT up and running, you are ready to configure Samba. Let’s take a look at how you can use SWAT to administer Samba settings. However, keep in mind that we’re only going to cover the basics. If you want information on more advanced Samba configuration, I would recommend taking a look at this HOWTO. For information on configuring Samba for integration into a Windows domain, check out "Save big by replacing NT file servers with Linux Samba."
First, we’ll take a look at the heart of any Samba configuration, the Global variables. In SWAT, you can set these options by clicking on the Globals tab. You can see an example of the Global variables GUI in Figure B.
|The Globals tab|
This provides you with options for setting the main Global variables. If you want to set additional variables, you can click Advanced View to access options for setting nearly every possible Samba variable. Let’s take a look at a few of the variables you will need to set in the main section.
The workgroup variable needs to be set to match the desired Windows Workgroup or Domain and should be in all caps. The NetBIOS variable is just that, the Linux machine’s NetBIOS name on the Windows network. It should also be in all caps. This is the name that will show up in the Network Neighborhood of Windows machines.
If you are running Windows 98 or above, Windows NT 4.0 with SP3 or above, or Windows 2000, you need to make sure to have the variable use encrypted passwords=yes. Until you learn more advanced configuration, you can safely leave everything else in the Global variables at the default settings.
Next, let's move to the Shares tab, shown in Figure C. Here, we make available files, drives, etc., to our Windows Workgroup or Domain or to individuals. The default share created is the "homes" share, and if you select that share and click Choose Share, you can then edit as needed. This is often used to set up Samba shares for individual user accounts since user directories are placed in /home by default. However, you can use the Shares section to share any directory on your Linux machine with the Windows network. You could also create a new folder such as /home/fileserver and share that.
|The Shares tab|
Now we’ll take a look at the Printers tab. Before you set up a printer share, make sure that you have already configured your printer on your Linux box. If are using Linux-Mandrake, try out Drakconf, which has an excellent utility for adding printers. Once you have your printer working and ready to be shared, you should see a drop-down list under the printer’s section with an entry like lp or lp0. This should be the active printer. Choose this and click the Choose Printer button to bring up the options for this share. Make sure the printer is accessible to those whom you intend to use it.
The Password tab, shown in Figure D, takes you to the smbpasswd utility, which is used to add Samba users and to set up or change Samba passwords. You can also disable or enable accounts as needed. To add a user, the user must already have a local Linux user account. The easiest way to add a new Linux user account is to go to the command line and use the adduser command. When you type adduser username and press [Enter], it will prompt for a password and ask you to confirm it. Once you finish adding the user locally, go back to the password section in SWAT, enter the username and password, and select Add. After you add the user, make sure to click the Enable button to enable the user.
|The Password tab|
When you’ve set up all your globals, shares, printers, and users, go to the Status tab and start or restart the smbd and nmbd services (these are the two services that run Samba). To test your configuration, go to one of the users' PCs and try to add a Samba printer or mount a Samba share just as if it were a Windows printer or file share. If you have problems accessing the printer or share, there is probably a problem with one of your security settings. Refer to the Samba documentation on the opening page of SWAT.
Coming up next
This article showed you how to set up SWAT to ease the administration of Samba. However, I would also suggest trying out a powerful Linux GUI utility called Webmin to access SWAT. Webmin automates the setup of SWAT and provides a Web-based GUI to other Linux administration tools. The current versions of Webmin also support 128-bit encryption, which is always a plus from a security standpoint. We will cover some of the many features of Webmin in my next article.
Will SWAT make your life easier?
What uses do you have for Samba in your organization? We look forward to getting your input and hearing about your experiences regarding this topic. Join the discussion below or send the editor an e-mail.