Title: samba notes Subject: samba notes If you don't see processes listenting on a port: lsof -i tcp -nP|egrep 'smbd|winbindd' lsof -i udp -nP|egrep 'nmbd' and the init services are not started, /etc/init.d/samba stop /etc/init.d/winbind stop then find and kill any remaining processes (winbindd,smbd,nmbd) with 'ps' and 'kill -9', and start services. pkill -9 winbind pkill -9 smbd pkill -9 nmbd I have seen this once or twice. -------------------------- Testing the server -------------------------- smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. net time # Check time on kdc date # Check time on local host net ads join -Ujohns%passwd # Joined the domain Join is OK net ads testjoin # Shows join is ok getent passwd # Shows nsswitch is correct, to resolve ADSusers. getent group # Shows nsswitch is correct, to resolve ADS groups. net ads info # Show AD info winbindd -d 3 -i # Ran winbindd damon interactively in debug. wbinfo -u # Shows winbind is doing lookups from ADS wbinfo -g # Shows winbind is doing lookups from ADS wbinfo -a MS+johns%password # Test if winbind can authenticate kinit johns # Test if ??? can authenticate strace -e open getent passwd # Find files opened during execution of the getent passwd command ---------------------------------- If Things Get Crazy, leave and join domain ---------------------------------- # this will reset samba net ads leave /etc/init.d/samba stop /etc/init.d/winbind stop find / -name "*.tdb" |xargs rm -rf {} net ads join -W ms -U johns ----------------------------- A quick backup script ------------------------------ Files="/etc/nsswitch.conf /etc/samba /etc/krb5.conf /etc/pam.d/apache2" rsync -avz -e ssh $Files Samba_backup tar -czvpf Samba_backup.tar.gz Samba_backup -------------------------------------------------- Install -------------------------------------------------- aptitude install \ krb5-config krb5-client krb5-doc libkadm55 \ samba samba-common samba-client samba-dbg samba-doc smbfs \ winbind cp /etc/nsswitch.conf /etc/nsswitch.conf.orig cp /etc/samba/smbj.conf /etc/samba/smb.conf.orig cp /etc/krb5.conf /etc/krb5.conf.orig # Created the files listed in the 'Files' section below find / -name "*.tdb" |xargs rm -rf {} net ads join -W ms -U johns /etc/init.d/winbind start /etc/init.d/samba start -------------------------------------------------- Files: -------------------------------------------------- /etc/nsswitch.conf passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files wins dns -------------------------------------------------- -------------------------------------------------- TEST: samba auth using winbind -------------------------------------------------- #-------------------------------------------------- #List shares using my real password #-------------------------------------------------- smbclient -L localhost -U ms\\johns%password Domain=[MS] OS=[Unix] Server=[Samba 3.0.14a-Debian] Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers IPC$ IPC IPC Service (server1 server (Samba 3.0.14a-Debian)) ADMIN$ IPC IPC Service (server1 server (Samba 3.0.14a-Debian)) johns Disk Home Directories Domain=[MS] OS=[Unix] Server=[Samba 3.0.14a-Debian] Server Comment --------- ------- SUBVERSION01 server01 server (Samba 3.0.14a-Debian) Workgroup Master --------- ------- MS #-------------------------------------------------- #List shares suing no password: #-------------------------------------------------- smbclient -L localhost -U ms\\johns Password: Anonymous login successful Domain=[MS] OS=[Unix] Server=[Samba 3.0.14a-Debian] Sharename Type Comment --------- ---- ------- print$ Disk Printer Drivers IPC$ IPC IPC Service (server01 server (Samba 3.0.14a-Debian)) ADMIN$ IPC IPC Service (server01 server (Samba 3.0.14a-Debian)) Anonymous login successful Domain=[MS] OS=[Unix] Server=[Samba 3.0.14a-Debian] Server Comment --------- ------- SUBVERSION01 server01 server (Samba 3.0.14a-Debian) Workgroup Master --------- ------- MS #-------------------------------------------------- # List Shares with wrong password #-------------------------------------------------- smbclient -L localhost -U ms\\johns Password: session setup failed: NT_STATUS_LOGON_FAILURE samba ====== GUI tools: ksamba, gsmb, LinNeighborhood, SWAT, Webmin http://us1.samba.org/samba/GUI/ READ THIS FIRST: http://www.skippy.net/linux/smb-howto.html ================================ Samba daemons: smbd It handles the connection requests from clients nmbd Enables NetBIOS visibility with windows clients Samba commands: convert_smbpasswd - convert <=1.9.18 smbpasswd file to 2.0 version i.e. cat old_smbpasswd_file | convert_smbpasswd > new_smbpasswd_file smbclient - used to access samba/windows server shares smbpasswd - sets the /etc/smbpasswd file to support encrypted passwds -r server -U user Will change current user's passwd on a PDC. -U user -a user Change passwd for specified user -x user Deleted specified user -d user Disabled specified user -e user Enable specified user -D debuglevel user Root only, for debug -n user Null passwd for specified user -r remote_serv user Specify passw on a remote machine (like a PDC) -R lmhosts,hosts,wins,bcast Set name resolutions servie order. lmhosts : Lookup an IP address in the Samba lmhosts host : use /etc/nsswitch.conf hosts: search order wins : Query wins server named in the smb.conf file bcast : Do a broadcast -m machine Sets the machine passwd -j DOMAIN -Joins/adds a samba server into a NT Domain. -Before running this, the server must be added with Server Manager for Domains. -The PDC must be in smb.conf as the password server. -Creates a file named ..mac -Last step, modify smb.conf, adding security=domain -s -Silent mode, for scripting Samba Config files: /etc/smb.conf - sets shares and permissions /etc/smbpasswd - passwd file for encrypted passwds /tmp/samba/ - my config uses this directory for lock files (perms=755) (had to amke the dir /tmp/samba) /var/log/samba/log.%m -its log, its log, its a fun and wonderful toy. ( had to make the dir /var/log/samba) /etc/printcap /etc/group smbadm:x:70:soren,admin stash:x:71:soren friendly:x:72:soren,jason,jstile,cindy,sage,scout,asiu literate:x:73:soren,asiu,jason ================================ 1. Config SAMBA Server: The config file has 3 main areas. 1. the [global section, setting defaults, unless chagned for specific share. 2. All the [shares] 3. All the [priters] # 1. THE GLOBAL SECTION [global] # PASSWORD SECTION security = SERVER # options user|server|domain smb passwd file=/etc/smbpasswd encrypt passwords=yes *ReType*new*UNIX*password* %n *passwd:*all*authentication*tokens*updated*successfully* ; domain controller= ; password server= ; remote announce=192.168.1.255 192.168.2.44 ; interfaces=192.168.12.2/24 192.168.13.2/24 ; wins proxy=yes ; unix password sync=Yes # CASE SENSETIVITY default case = lower preserve case = yes short preserve case = yes # PRINTER SECTION printing = bsd # printing system printcap name = /etc/printcap # config file for printing load printers = yes # share printers # MISC. guest account = nobody # accout to use when passwd is null lock directory = /var/lock/samba # log file = /var/log/samba/log.%m max log size = 50 # NETWORKING server string=My Samba Fileserver dns proxy=no workgroup = MYGROUP interfaces=192.168.0.10 hosts allow = 192.168.0. 127. socket options=TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 lm announce=no # 2. THE SHARES SECTION [homes] # HOME DIRECTORIES comment = Home Directories service type=fileservice browseable = no writable = yes writable = yes service type = fileservice path = %H/smbtree create mode = 0750 [public] comment = Public service type=fileservice force group=+friendly write list=@literate admin users=admin public=yes comment=Public Cache writable=yes path=/home/pub/friendly [Uploads] comment = Public service type=fileservice force group=+friendly write list=@literate admin users=admin public=yes comment=Public Cache writable=yes path=/windows/C/Uploads [tmp] # GOOD EXAMPLES OF A PUBLIC ACCESSABLE comment = Temporary file space service type=fileservice path = /tmp read only = no public = yes # 3. THE PRINTERS SECTION [printers] # TYPICAL PRINTER SETUP comment = All Printers service type=printservice path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes ================================ Publish the config file: /etc/smb.conf ================================ 2. Test if they are running: ================================ 3. Start and stop NFS ================================ 4. Mounting a share: ================================ 5. Unmounting a share: ================================ 6. Automounting when system boots: ================================ 8. Enableing SWAT web interface: ================================ Swat will strip your all comments out of your config file, so Backup Your /etc/smb.conf BEFORE you run swat. vi /etc/services swat 901/tcp # XXX Samba Web Adminisration Tool vi /etc/inetd.conf # swat is the Samba Web Administration Tool swat stream tcp nowait.400 root /usr/sbin/swat swat Bibl: ------------ RedHat Linux 6 Unleashed, Chap 14, pg 391-420 Suse 7.1 Hanbook, chap 7.1, pg 223-230 Mastering Linux, pg 594-616 Lunux Network Admin Guide, zero Unix System Admin Handbook, 3rd ed, pg 770-773 -invented in 1992 by Andrew Tridgell, Australia using SMB protocal over TCP man -k samba make_smbcodepage (1) - Construct a codepage file for Samba smb.conf (5) - The configuration file for the Samba suite smbpasswd (5) - The Samba encrypted password file smbstatus (1) - report on current Samba connections swat (8) - Samba Web Administration Tool lmhosts (5) - The Samba NetBIOS hosts file samba (7) - A Windows SMB/CIFS fileserver for UNIX make_unicodemap (1) - Construct a unicode map file for Samba