Linux Samba Server Administration Roderick W. Smith San Francisco Paris Düsseldorf Soest London Associate Publisher: Neil Edde Contracts and Licensing Manager: Kristine O’Callaghan Acquisitions Editor: Maureen Adams Developmental Editor: Thomas Cirtin Editors: Carol Henry, Pete Gaughan Production Editor: Shannon Murphy Technical Editor: Elizabeth Zinkann Book Designer: Bill Gibson Graphic Illustrator: Tony Jonick Electronic Publishing Specialist: Nila Nichols Proofreaders: Jennifer Campbell, Erika Donald, Nanette Duffy, Laurie O’Connell, Nancy Riddiough, Nathan Whiteside Indexer: Nancy Guenther Cover Designer: Ingalls & Associates Cover Illustrator: Ingalls & Associates Copyright © 2001 SYBEX Inc., 1151 Marina Village Parkway, Alameda, CA 94501. World rights reserved. No part of this publication may be stored in a retrieval system, transmitted, or reproduced in any way, includ- ing but not limited to photocopy, photograph, magnetic, or other record, without the prior agreement and written permission of the publisher. Library of Congress Card Number: 00-107350 ISBN: 0-7821-2740-1 SYBEX and the SYBEX logo are either registered trademarks or trademarks of SYBEX Inc. in the United States and/or other countries. Screen reproductions produced with FullShot 99 and xv. FullShot 99 © 1991-1999 Inbit Incorporated. FullShot is a trademark of Inbit Incorporated. xv © 1994 John Bradley. All rights reserved. Netscape Communications, the Netscape Communications logo, Netscape, and Netscape Navigator are trademarks of Netscape Communications Corporation. Netscape Communications Corporation has not authorized, sponsored, endorsed, or approved this publication and is not responsible for its content. Netscape and the Netscape Communications Corporate Logos are trademarks and trade names of Netscape Communi- cations Corporation. All other product names and/or logos are trademarks of their respective owners. TRADEMARKS: SYBEX has attempted throughout this book to distinguish proprietary trademarks from descriptive terms by following the capitalization style used by the manufacturer. The author and publisher have made their best efforts to prepare this book, and the content is based upon final release software whenever possible. Portions of the manuscript may be based upon pre-release versions supplied by software manufacturer(s). The author and the publisher make no representation or warranties of any kind with regard to the completeness or accuracy of the contents herein and accept no liability of any kind including but not limited to performance, merchantability, fitness for any particular purpose, or any losses or damages of any kind caused or alleged to be caused directly or indirectly from this book. Manufactured in the United States of America 10 9 8 7 6 5 4 3 2 1 Foreword Microsoft Windows holds the lion’s share of the desktop operating system market. The majority of clients connecting to a Linux server are Microsoft Windows clients. Effec- tively serving those clients is a major task for every Linux system administrator. Samba is an important tool for tackling that task. Most of the network services provided by a Linux server are standard Internet services. Apache, DHCP, DNS, and sendmail are all topics covered in the Craig Hunt Linux Library and are all services built on standard Internet protocols. Samba is different. It implements the NetBIOS and Server Message Block (SMB) protocols that Microsoft uses for its proprietary networking. Samba integrates a Linux server into a Microsoft network almost seamlessly. This makes Samba an extremely important component of the Linux system administrator’s toolkit. In 1999, I attended two talks given by Andrew Tridgell at the Open Source Software Con- vention. Because I already knew I wanted to include a book about Samba in the Craig Hunt Linux Library, I was struck by something he said. Andrew, a leader of the Samba devel- opment team, said that people were always asking him to write a book about Samba but that he thought the best book about Samba would be written by a system administrator, not a software developer. I had to agree with him, and I was lucky enough to find an author with system administration skills who really knows how to write. That author is Rod Smith. Rod is the author of several books, all of which focus on Linux. He has written about Linux hardware, Linux networking, and Linux applications, and all of his books are highly rated. I was pleased to find an author of his skill who also understands the impor- tance of producing top-quality books for the Linux system administrator—which is the entire reason the Craig Hunt Linux Library was created. By the time I had finished his first chapter, I knew we had found the right person to write Linux Samba Server Admin- istration. I hope you enjoy reading Rod’s book as much as I did. Craig Hunt October 2000 Acknowledgments A book doesn’t just happen. At every point along the way from project beginning to fin- ished product, many people other than the author have their influence. This book began with Craig Hunt’s conception for a series of Linux system administration titles, and his influence on this book has continued through his comments and suggestions on each chapter. Maureen Adams, acquisitions editor, helped set the book on course at its incep- tion. Tom Cirtin, development editor, guided the book’s development, especially for the critical first few chapters. As production editor, Shannon Murphy coordinated the work of the many others who contributed their thoughts to the book. Editors Carol Henry and Pete Gaughan and proofreaders Jennifer Campbell, Erika Donald, Nanette Duffy, Laurie O’Connell, Nancy Riddiough, and Nathan Whiteside helped keep my grammar and spell- ing on track. Elizabeth Zinkann, the technical editor, scrutinized the text for technical errors and to be sure it was complete. Nila Nichols, electronic publishing specialist, trans- formed my plain manuscript into the beautiful book you are now holding. I am grateful to them all. Roderick Smith October 2000 Contents at a Glance Introduction . . . . . . . . . . . . . . . . . . . . . . . xx Part 1 How Things Work 1 Chapter 1 An Introduction to SMB/CIFS . . . . . . . . . . . . . . . . . . . . 3 Chapter 2 Integrating SMB/CIFS into Linux . . . . . . . . . . . . . . . . . . .33 Part 2 Essential Configuration 59 Chapter 3 Installing Samba . . . . . . . . . . . . . . . . . . . . . . . .61 Chapter 4 GUI Configuration Tools and the smb.conf File. . . . . . . . . . . . . .87 Chapter 5 Configuring File Sharing . . . . . . . . . . . . . . . . . . . . 125 Chapter 6 Configuring Printer Sharing . . . . . . . . . . . . . . . . . . . 157 Chapter 7 Using Linux as an SMB/CIFS Client . . . . . . . . . . . . . . . . . 195 Part 3 Advanced Configurations 225 Chapter 8 Automation. . . . . . . . . . . . . . . . . . . . . . . . . 227 Chapter 9 Samba as an NBNS Server. . . . . . . . . . . . . . . . . . . . 247 Chapter 10 Configuring Domains . . . . . . . . . . . . . . . . . . . . . 263 Chapter 11 Local and Routed Browsing . . . . . . . . . . . . . . . . . . . 285 Chapter 12 Tuning Samba for Optimum Performance . . . . . . . . . . . . . . 315 Chapter 13 Integrating Samba into a Broader Network . . . . . . . . . . . . . . 349 Part 4 Maintaining a Healthy System 377 Chapter 14 Samba Security Considerations . . . . . . . . . . . . . . . . . . 379 Chapter 15 Managing Accounts . . . . . . . . . . . . . . . . . . . . . . 425 Chapter 16 Backups . . . . . . . . . . . . . . . . . . . . . . . . . . 443 Chapter 17 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . 491 Appendices 523 Appendix A Configuration Reference Guide . . . . . . . . . . . . . . . . . . 525 Appendix B OS-Specific Issues . . . . . . . . . . . . . . . . . . . . . . 557 Appendix C The GNU GPL . . . . . . . . . . . . . . . . . . . . . . . . 593 Index. . . . . . . . . . . . . . . . . . . . . . . . . . 601 Contents Introduction . . . . . . . . . . . . . . . . . . . . . . . . xx Part 1 How Things Work 1 Chapter 1 An Introduction to SMB/CIFS . . . . . . . . . . . . 3 Windows Networking and the Development of Samba . . . . 4 The Basic Protocols: NetBIOS, NetBEUI, and SMB . . . . 4 The Evolution of SMB Protocols . . . . . . . . . . 6 The Emergence of Samba . . . . . . . . . . . . 7 SMB/CIFS in Various Environments . . . . . . . . . 8 Integration of TCP/IP and SMB/CIFS . . . . . . . . . . 13 SMB/CIFS Terminology . . . . . . . . . . . . . . 16 Clients, Servers, and Shares . . . . . . . . . . . 16 Workgroups and Domains . . . . . . . . . . . . 17 Network Browsing. . . . . . . . . . . . . . . 20 The Structure of an SMB/CIFS Network . . . . . . . . . 21 Naming of NetBIOS Computers and Networks . . . . . 21 A Named Hierarchy in a Flat Space . . . . . . . . . 22 Resource Types. . . . . . . . . . . . . . . . 24 The Role of PDCs . . . . . . . . . . . . . . . 28 The Role of NBNS Servers . . . . . . . . . . . . 28 NetBIOS Browsing. . . . . . . . . . . . . . . 29 Samba’s Capabilities . . . . . . . . . . . . . . 30 Summary . . . . . . . . . . . . . . . . . . . 32 Chapter 2 Integrating SMB/CIFS into Linux . . . . . . . . . . . 33 SMB/CIFS over TCP/IP . . . . . . . . . . . . . . . 33 TCP/IP vs. NetBEUI as a Transport Protocol . . . . . . 34 Binding SMB/CIFS to TCP/IP in Windows . . . . . . . 36 Linux Features Required for Samba . . . . . . . . . 43 The Samba Daemons . . . . . . . . . . . . . . . 44 Samba 2.0.x . . . . . . . . . . . . . . . . . 45 Samba TNG . . . . . . . . . . . . . . . . . 48 x Contents Resolving Filesystem Feature Conflicts . . . . . . . . . 50 Filename Length and Case Retention . . . . . . . . 50 FAT-Style File Attributes . . . . . . . . . . . . 51 Ownership and Permission . . . . . . . . . . . 52 Partitions, Mount Points, and Shares . . . . . . . . 56 Summary. . . . . . . . . . . . . . . . . . . 58 Part 2 Essential Configuration 59 Chapter 3 Installing Samba . . . . . . . . . . . . . . . . 61 Obtaining Samba . . . . . . . . . . . . . . . . 61 Samba with Your Linux Distribution . . . . . . . . 62 Updates from Your Linux Distributor . . . . . . . . 64 Getting the Most Up-to-Date Samba . . . . . . . . 65 Installing a Binary Package . . . . . . . . . . . . . 66 Installing an RPM. . . . . . . . . . . . . . . 66 Installing a Debian Package . . . . . . . . . . . 69 Installing a Tarball . . . . . . . . . . . . . . 69 Compiling the Source Code. . . . . . . . . . . . . 70 Compiling a Source RPM . . . . . . . . . . . . 70 Compiling Source from a Tarball . . . . . . . . . 71 Locating Important Files . . . . . . . . . . . . . . 75 Common Installation Directories. . . . . . . . . . 75 Configuration Files . . . . . . . . . . . . . . 76 Running Samba. . . . . . . . . . . . . . . . . 77 Running Samba Manually. . . . . . . . . . . . 78 Common Distribution Startup Scripts . . . . . . . . 80 Running Samba from inetd . . . . . . . . . . . 84 Summary. . . . . . . . . . . . . . . . . . . 86 Chapter 4 GUI Configuration Tools and the smb.conf File . . . . . . 87 Editing smb.conf to Configure Samba . . . . . . . . . 87 Structure of the smb.conf File . . . . . . . . . . 88 Keeping Your Configuration File Readable . . . . . . 93 Testing Your Configuration File . . . . . . . . . . 93 Contents xi Using Red Hat’s linuxconf to Configure Samba . . . . . . 94 Using linuxconf Locally or Remotely . . . . . . . . 95 A Tour of linuxconf Samba Options . . . . . . . . . 98 Tips Concerning linuxconf Configuration . . . . . . .104 Using SWAT to Configure Samba . . . . . . . . . . .105 Initial SWAT Configuration . . . . . . . . . . . .106 Limiting SWAT Access . . . . . . . . . . . . .107 A Tour of SWAT Options. . . . . . . . . . . . .109 Recommendations for Working with SWAT . . . . . .114 Important General Configuration Options . . . . . . . .115 Server Identification . . . . . . . . . . . . . .115 Logging Options . . . . . . . . . . . . . . .118 An Overview of Security Issues . . . . . . . . . .120 Summary . . . . . . . . . . . . . . . . . . .123 Chapter 5 Configuring File Sharing . . . . . . . . . . . . . .125 Configuring File Shares . . . . . . . . . . . . . .125 A Basic File Share Example. . . . . . . . . . . .126 Home Directory Shares . . . . . . . . . . . . .127 Browsing Options . . . . . . . . . . . . . . .129 Filename Options . . . . . . . . . . . . . . .130 File Locking . . . . . . . . . . . . . . . . .134 Setting Ownership and Permissions . . . . . . . . . .136 Samba Ownership and Permission Options . . . . . .137 Interactions with Other Services . . . . . . . . . .141 Storing FAT-Style File Attributes . . . . . . . . . .142 A Network Security Preview . . . . . . . . . . .144 Some Common File-Sharing Scenarios . . . . . . . . .148 Shared Program and File Server . . . . . . . . . .148 User Files on a High-Security Central Server . . . . . .150 Serving Files to Legacy DOS Systems . . . . . . . .152 Sharing Files Using Multiple Protocols . . . . . . . .154 Summary . . . . . . . . . . . . . . . . . . .156 xii Contents Chapter 6 Configuring Printer Sharing. . . . . . . . . . . . . 157 Creating Print Queues. . . . . . . . . . . . . . . 158 Ghostscript and PostScript Printing. . . . . . . . . 158 Raw Queues . . . . . . . . . . . . . . . . 166 Fax Queues. . . . . . . . . . . . . . . . . 167 Configuring Printer Shares . . . . . . . . . . . . . 170 A Basic Printer-Sharing Example . . . . . . . . . 170 Sharing All or Some Printers . . . . . . . . . . . 172 Samba Options for Printer Shares . . . . . . . . . 174 Windows Printer Driver Installation. . . . . . . . . 177 Controlling Access to Printers . . . . . . . . . . . . 184 Security Options and Printer Shares . . . . . . . . 185 Interaction of Samba Options with lpd Options . . . . . 186 Some Common Printer-Sharing Scenarios . . . . . . . . 187 Sharing All Local Printers with Variations. . . . . . . 187 Re-Exporting a Remote Printer . . . . . . . . . . 188 Using Samba as a PostScript Processor . . . . . . . 190 Summary. . . . . . . . . . . . . . . . . . . 193 Chapter 7 Using Linux as an SMB/CIFS Client . . . . . . . . . . 195 When to Use Samba as a Client . . . . . . . . . . . 196 Accessing Resources on a Windows Network . . . . . 196 Linux as a Translator . . . . . . . . . . . . . 197 Using Linux Programs on Windows Files. . . . . . . 199 Linux as a Backup Server . . . . . . . . . . . . 200 Using smbclient to Access Remote Files . . . . . . . . 201 Accessing Remote Computers . . . . . . . . . . 201 Transferring Files. . . . . . . . . . . . . . . 205 Manipulating Remote Files . . . . . . . . . . . 207 Mounting Remote Filesystems. . . . . . . . . . . . 208 The Evolution of smbmount . . . . . . . . . . . 209 Mounting Remote Shares . . . . . . . . . . . . 211 Access Quirks of a Mounted Share . . . . . . . . . 214 GUI Browsers . . . . . . . . . . . . . . . . 215 Contents xiii Printing Files on Remote Printers . . . . . . . . . . .219 Printing a File Using smbclient. . . . . . . . . . .219 Configuring a Linux Printer Queue to Use smbprint. . . .220 Security Implications of smbprint. . . . . . . . . .222 Summary . . . . . . . . . . . . . . . . . . .224 Part 3 Advanced Configurations 225 Chapter 8 Automation . . . . . . . . . . . . . . . . . .227 Uses for Automation . . . . . . . . . . . . . . .228 Dynamically Configuring Samba . . . . . . . . . .228 Dynamically Configuring Windows . . . . . . . . .228 Performing Linux Tasks from Windows. . . . . . . .229 Server-Side Automation . . . . . . . . . . . . . .229 A Review of Variables. . . . . . . . . . . . . .229 Using preexec and postexec . . . . . . . . . . .231 Using Pseudo-Printers . . . . . . . . . . . . .234 Using Magic Scripts . . . . . . . . . . . . . .238 Client Network Scripts . . . . . . . . . . . . . . .238 Basic Domain Controller Configuration . . . . . . . .239 Creating a Logon Script . . . . . . . . . . . . .240 Setting Up Roaming Profiles . . . . . . . . . . .241 Using Roaming Profiles from Windows Clients . . . . .243 Caveats about Logon Scripts and User Profiles . . . . .244 Summary . . . . . . . . . . . . . . . . . . .245 Chapter 9 Samba as an NBNS Server . . . . . . . . . . . . .247 Understanding NBNS . . . . . . . . . . . . . . .248 The Function of NBNS . . . . . . . . . . . . .248 NBNS and DNS. . . . . . . . . . . . . . . .251 NBNS and lmhosts . . . . . . . . . . . . . .252 Setting the Node Type . . . . . . . . . . . . .254 Samba NBNS Operations . . . . . . . . . . . . . .255 Configuring Samba as an NBNS Server. . . . . . . .255 Name Resolution Order . . . . . . . . . . . . .257
Description: