I needed to upgrade my file server to support larger disks (1TB SATA) and at the same time I wanted to upgrade from Windows 2000 Server. Prior to my purchasing a TechNet subscription, I only had one viable option, to use Linux. I would say that the order of events (Linux then TechNet) was beneficial as I had to actually learn to use Linux. This started a whole interest in Linux/Unix (and Mac) that is still growing today.
As you may know, to make a Linux server replace a Windows file server you’ll need a common file sharing protocol between both server and client. Well, SAMBA is the answer. In reality I think that SAMBA is the only answer.
Installing SAMBA
To be honest, I just rebuilt my Linux machine this month and have already forgotten whether SAMBA came preinstalled on Ubuntu Server 9.10 or not. Even if it is already install, it doesn’t hurt to try installing it again:
aaron@server:/# sudo apt-get install samba
Among other files, the three files you will use the most in configuring SAMBA are the config file, /etc/samba/smb.conf, and the init script for the daemon, /etc/init.d/samba, and the SAMBA password tool, /usr/bin/smbpasswd.
Configuring Users and Groups for SAMBA
The first step is creating the users and groups that will be accessing the SAMBA share. In this example, we will use local Linux accounts and groups, then activate the user account in SAMBA. The group will be used to assign permissions to the directory in the Linux file system.
Because my set up is small, I have only a few accounts and one group that I use for SAMBA shares. The group has all SAMBA users in it and is named “dtusers”. Let’s work with my configuration as the example.
First, if you dare, switch to the root account (or best practice is to use sudo for every command):
root@server:/# sudo su
To create a new system group, use the following:
root@server:/# groupadd -r dtusers
Now that we have the group created, we should create some users as well. As we create the users, we will assign the group we just created as a supplemental group.
root@server:/# useradd -G dtusers -p P@ssW0rd aaron
Use the above command as many times as needed for your users. “aaron” is the username, by the way. Additional thought, “P@ssW0rd” is not a secure password, and even though SAMBA is configured to synchronize passwords (see “unix password sync” setting in the smb.conf file), we want to ensure a password is set prior to SAMBA configuration.
Finally, we need to enable these accounts using the SAMBA smbpasswd password tool.
root@server:/# smbpasswd -a aaron
When you are prompted for a password, use the same password as you did when you created the user. Use the above command as many times as needed for your users.
Configuring Directories for SAMBA Sharing
The next step is figuring out which directories you want to share through SAMBA. In my case, I created all of my shares under /datastore/. For the example, lets copy my configuration.
Create the /datastore/ root directory. Then create a directory named aaron, a directory named music, a directory named pictures and a directory named downloads.
root@server:/# mkdir /datastore
root@server:/# cd /datastore
root@server:/datastore# mkdir aaron
root@server:/datastore# mkdir music
root@server:/datastore# mkdir pictures
root@server:/datastore# mkdir downloads
Now that we have our directories created, we need to ensure owners and permissions are set correctly for each of the directories.
First, we need to change the user and group owners. I recommend root as the main user for any “shared” directories:
root@server:/datastore# chown aaron:dtusers aaron
root@server:/datastore# chown root:dtusers music
root@server:/datastore# chown root:dtusers pictures
root@server:/datastore# chown root:dtusers downloads
Last, we need to change the permissions. I recommend 775 (see Unix Permissions at the bottom of this article for more info on 775) for any of the “shared” directories and 750 or 700 for the user specific directories.
root@server:/datastore# chmod 700 aaron
root@server:/datastore# chmod 775 music
root@server:/datastore# chmod 775 pictures
root@server:/datastore# chmod 775 downloads
Now, have a look at your directories to make sure they have the appropriate permissions:
Configuring SAMBA
The final step in configuring SAMBA is, well, configuring SAMBA. The SAMBA configuration file, smb.conf, that comes with the SAMBA install is rather large. We’ll go through it and change only some of the settings and add some of our own.
Using your favorite text editor (mine is actually vi, but if you are new to Linux, you’ll like nano better) and open the SAMBA configuration file:
root@server:/# vi /etc/samba/smb.conf
Scroll through the configuration file and review the various options. Once you have looked around, start changing variables. First if you have a DNS domain defined, I would change the following:
workgroup = dt.local
Next, scroll to the bottom of the configuration file and add your SAMBA share definitions. In this example, I have also configured a “create mask” which forces certain permission types for all new files, “directory mask” which forces certain permission types for all new directories, and “force group” to ensure the group is always my dtusers group:
[aaron]
path = /datastore/aaron
valid users = aaron
writable = yes
browseable = yes
read only = no
create mask = 0700
directory mask = 0700
guest ok = no
force group = dtusers[music]
path = /datastore/music
valid users = @dtusers
writable = yes
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
guest ok = no
force group = dtusers[pictures]
path = /datastore/pictures
valid users = @dtusers
writable = yes
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
guest ok = no
force group = dtusers[downloads]
path = /datastore/downloads
valid users = @dtusers
writable = yes
browseable = yes
read only = no
create mask = 0775
directory mask = 0775
guest ok = no
force group = dtusers
You’ll notice that the [aaron] share contains “valid users” of only aaron, while the other “shared” shares contain “valid users” of @dtusers. The @ sign defines a group. If you have more than one group or users, separate them with a space.
Save the configuration file and then restart the SAMBA service:
root@server:/# /etc/init.d/samba restart
Using SAMBA
Now that you have SAMBA configured with some shares, give it a whirl from your Windows machine. If the user that you sign into on your Windows machine is the same, with the same password, as the Linux/SAMBA user you will not be prompted to authenticate.
Click Start > Run and then type in the UNC path to your Linux server. If you have a DNS host (A) record for your server it could be \\server\share_name, otherwise just use the IP address, \\192.168.0.1\share_name.
That’s it. Enjoy Linux!
Unix Permissions
764 defines the permissions for User (the 7)/Group (the 6)/Everyone (the 4). As another example, if you wanted only the User to have full permissions, assign 700, which is User (the 7)/Group (the 0)/Everyone (the 0).
The number represents the collective of permission types: 4 is Read, 2 is Write, 1 is Execute. So a 7 would be 4 + 2 + 1, which means that when assigned to the User, it will have all three permission types, or full control. A zero means no permission types, and therefore no permissions.
Links
http://www.samba.org/
http://support.quickbooks.intuit.com/support/Articles/HOW12300
-Aaron