Welcome to the new location of Alien's Wiki, sharing a single dokuwiki install with the SlackDocs Wiki.

Welcome to Eric Hameleers (Alien BOB)'s Wiki pages.

If you want to support my work, please consider a small donation:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
slackware:samba [2006/03/29 18:22]
alien
slackware:samba [2018/11/21 21:07] (current)
alien CIFS is used nowadays by smbmount
Line 1: Line 1:
- 
-FIXME  ** This article is being worked on **  FIXME 
---------------------------------------------------- 
- 
 ===== File- and printersharing on the local network ===== ===== File- and printersharing on the local network =====
  
Line 38: Line 34:
  
   * This should be in ''/etc/samba/smb.conf'', it defines the password backend Sabma will use (I will not discuss the alternative LDAP backend here, I hope to write another article on that all of it's own): <code>   * This should be in ''/etc/samba/smb.conf'', it defines the password backend Sabma will use (I will not discuss the alternative LDAP backend here, I hope to write another article on that all of it's own): <code>
-    passdb backend = tdbsam guest +    passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb 
-</code> //NOTE//: when you enable //tdbsam// on an already configured and running Samba server, and run ''killall -HUP smbd'' to let it re-load the configuration files, you might have to re-add the 'smbguest' user to Samba, since the default to use is the //smbpasswd// file and not the tdbsam database.\\ So, again run: <code>+</code> //NOTE//: when you enable //tdbsam// on an already configured and running Samba server, and run ''killall -HUP smbd'' to let it re-load the configuration files, you might have to re-add the 'smbguest' user to Samba. \\ In the past, the default to use was the //smbpasswd// file but since Sa,ba 3.4 the tdbsam database became the default.\\ So, again run: <code>
 smbpasswd -a smbguest -d smbpasswd -a smbguest -d
 </code> </code>
Line 61: Line 57:
   - In the file ''/etc/cups/mime.convs'' uncomment ''application/octet-stream  application/vnd.cups-raw 0 - '' And then restart CUPS daemon using <code>/etc/rc.d/rc.cups restart</code>   - In the file ''/etc/cups/mime.convs'' uncomment ''application/octet-stream  application/vnd.cups-raw 0 - '' And then restart CUPS daemon using <code>/etc/rc.d/rc.cups restart</code>
  
-  * It is now time to fire up our Samba server. But we will test the configuration first by running the command ''testparm''IT will show us if anything went wrong while editing the ''smb.conf'' file. If everything seems allright, we will procede with making the  Samba start script executable (so that it will still start when we boot our server) and then running the script: <code>+  * It is now time to fire up our Samba server. But we will test the configuration first by running the command ''testparm''It will show us if anything went wrong while editing the ''smb.conf'' file. If everything seems allright, we will procede with making the  Samba start script executable (so that it will still start when we boot our server) and then running the script: <code>
 chmod +x /etc/rc.d/rc.samba chmod +x /etc/rc.d/rc.samba
 /etc/rc.d/rc.samba start /etc/rc.d/rc.samba start
Line 110: Line 106:
 </code> A Windows user can use the ''<CTRL><ALT><DEL>'' sequence to change the password! </code> A Windows user can use the ''<CTRL><ALT><DEL>'' sequence to change the password!
  
 +
 +=== Samba printers ===
 +
 +If you have a configured and running CUPS server that has at least one queue setup for //RAW// printing, we can now proceed with integrating this CUPS printer queue with our Samba server, so that Windows clients can automatically download their printer drivers from the Samba server. This is of course more convenient than accessing each and every Windows PC with a printer driver CD and manually configuring the printer.
 +
 +Using the directions of the previous sections and the [[#a_sample_smb.conf|smb.conf example]] of the last section, you have everything in place already, server-side. You will now have to take a Windows XP workstation, and logon to a Samba share using an account that is known to Samba as a //printer admin//. In our setup, that means: everyone who is a member of the Linux group [[linux:admin#wheel]].
 +
 +FIXME //to be completed// FIXME
  
 === The Linux client setup === === The Linux client setup ===
  
 On a linux client computer, it is the ''smbmount'' command that lets you mount a Samba (or a Windows!) share on the local filesystem. You can run the command manually in a console like this: <code> On a linux client computer, it is the ''smbmount'' command that lets you mount a Samba (or a Windows!) share on the local filesystem. You can run the command manually in a console like this: <code>
-mount -t smbfs //192.168.0.1/public /mnt/samba/bob/public -o rw,uid=0,gid=10,fmask=664,dmask=775 -U <some_special_user>+mount -t cifs //192.168.0.1/public /mnt/samba/bob/public -o rw,uid=0,gid=10,fmask=664,dmask=775 -U <some_special_user>
 </code> which will mount the share called //public// on our server called //bob// which has the IP Address ''192.168.0.1'' in this example. The mountpoint ''/mnt/samba/bob/public'' must of course be created as a directory before. I chose ''/mnt/samba/bob/public'' arbitrarily, I like looking at the mount point's name and be able to guess what it is all about. You are of course free to take another mount point.\\ The command mounts the share as user //<some_special_user>// and it's up to you who that user account is, as long as it has the necessary access rights to the share. If the account has a password associated with it, you will be asked for it.\\ </code> which will mount the share called //public// on our server called //bob// which has the IP Address ''192.168.0.1'' in this example. The mountpoint ''/mnt/samba/bob/public'' must of course be created as a directory before. I chose ''/mnt/samba/bob/public'' arbitrarily, I like looking at the mount point's name and be able to guess what it is all about. You are of course free to take another mount point.\\ The command mounts the share as user //<some_special_user>// and it's up to you who that user account is, as long as it has the necessary access rights to the share. If the account has a password associated with it, you will be asked for it.\\
 The //-o rw,uid=0,gid=10,fmask=664,dmask=775// part means that the remote share will be mounted locally read/write, seemingly owned by user root:wheel (uid=0, gid=10) and with file- and directory masks that make the share's files and directories read/only for non-root, non-[[linux:security#wheel | wheel users]]. Having to type all this in order to mount the share is a tedious effort, so we take the easy way and add the following line to ''/etc/fstab'': <code> The //-o rw,uid=0,gid=10,fmask=664,dmask=775// part means that the remote share will be mounted locally read/write, seemingly owned by user root:wheel (uid=0, gid=10) and with file- and directory masks that make the share's files and directories read/only for non-root, non-[[linux:security#wheel | wheel users]]. Having to type all this in order to mount the share is a tedious effort, so we take the easy way and add the following line to ''/etc/fstab'': <code>
-//192.168.0.1/public /mnt/samba/bob/public  smbfs rw,uid=0,gid=10,fmask=664,dmask=775,credentials=/etc/bob.cred  0 0+//192.168.0.1/public /mnt/samba/bob/public  cifs rw,uid=0,gid=10,fmask=664,dmask=775,credentials=/etc/bob.cred  0 0
 </code> We store the username and password that we need for gaining access to the //public// share, in a file called ''/etc/bob.cred'' which we protect from prying eyes by removing read access for all but the root user: <code> </code> We store the username and password that we need for gaining access to the //public// share, in a file called ''/etc/bob.cred'' which we protect from prying eyes by removing read access for all but the root user: <code>
 chmod 600 /etc/bob.cred chmod 600 /etc/bob.cred
Line 124: Line 128:
 password = <the_secret_word> password = <the_secret_word>
 </code> Having this in our client computer's ''/etc/fstab'' will cause the samba share to be automatically mounted when the computer boots. </code> Having this in our client computer's ''/etc/fstab'' will cause the samba share to be automatically mounted when the computer boots.
 +
 +<note tip>The older "''smbfs''" kernel module is outdated while the "''cifs''" kernel driver is well-maintained and supports higher versions of the SMB protocol than ''smbfs''. Samba implements the CIFS protocol (a dialect of the SMB protocol) and it supports SMB2 and parts of the SMB3 protocol extensions.</note>
 +
 +<note tip>The default CIFS protocol changed from SMB 1.0 to SMB 3.0 in kernel 4.13. If you are running an older Samba server and try to mount its shares on a recent Linux computer this changed default breaks the mounts. In order to force the mount to use SMB 1.0 you need to add "''vers=1.0''" to the mount options</note>
  
 === Mixing protected and passwordless shares === === Mixing protected and passwordless shares ===
Line 389: Line 397:
 #   wide links = yes #   wide links = yes
 </code> </code>
 +
 +==== Setting up NFS on Slackware ====
 +-------------------------------------
 +
 +Actually, setting up a NFS for Slackware is even easier than Samba.
 +
 +
 +=== NFS Server ===
 +
 +You setup an NFS server by creating or editing the file ''/etc/exports''. That file has a man page (man exports) and I encourage you to read that if you want more than my simple example. But basically, this file can look like this: <code>
 +# See exports(5) for a description.
 +# This file contains a list of all directories exported to other computers.
 +# It is used by rpc.nfsd and rpc.mountd.
 +/home                192.168.0.0/24(rw,async,no_root_squash)
 +/var/www/htdocs      192.168.0.0/24(rw,all_squash,anonuid=99,anongid=99)
 +/home/ftp/pub        192.168.0.0/24(ro,sync,insecure,all_squash)
 +</code> This creates three exports, all accessible by any client with an IP address in the range ''192.168.0.0/24''. I'll discuss them in reverse order:
 +  - the ftp server's 'pub' directory aka the anonymous ftp area. This export will be available as read-only (the 'ro' parameter) with as safe as possible settings
 +  - your webserver's DocumentRoot (/var/www/htdocs) which will be available as writable, but on the server side, all writes will appear to originate from the user with the userid:groupid of ''99:99'' which is actually the "nobody" user. If you let the DocumentRoot tree be owned by this account (a configuration you often see), then the Web Server's CGI or PHP scripts can write files in these directories
 +  - the server's ''/home'' directory tree which can be mounted writable (the 'rw') using asynchronous transfers (faster but with a chance of data corruption in case of a server crash - 'sync' is safe but slower). User ID's (//uid//) and group ID's (//gid//) will be mapped 1-on-1 (even for user 'root' - the 'no_root_squash' option). This means, if the server knows a user 'alien' with a "uid:gid" pair of ''1001:100'', then alien's files in his homedirectory will appear with this uid:gid number pair on the NFS client side as well! So, if the NFS client PC also has an account 'alien' with the same "uid:gid" number pair ''1001:100'', this alien will be able to use the files on the server as they were his own.
 +<note important>You see why it is important to create users on your LAN with the same UID (and GID) on //all// computers if you ever intend to install a NFS server.</note>
 +
 +=== NFS client ===
 +
 +On a NFS client, you should enable the //portmapper//. To do so, activate the rc script and then run that script -once- manually (saves you a reboot to make it work) <code>
 +chmod +x /etc/rc.d/rc.portmap
 +/etc/rc.d/rc.portmap start
 +</code> Should you ever forget this, you will still be able to mount a NFS export, but it will take __//forever//__ for the mount command to return to the prompt (if you run the mount command in a console).
 +
 +Next, you should add a line to your ''/etc/fstab'' for the NFS export that you want to mount on your NFS client. Suppose your NFS server has IP Address ''192.168.0.1'' and it exports ''/home'' you could add this line to the fstab file: <code>
 +192.168.0.1:/home  /mnt/nfs/home  nfs  auto,rsize=8192,wsize=8192,hard,intr  0   0
 +</code> This NFS export will then automatically be mounted by Slackware when booting up. The manual mount command  would be: <code>
 +mount -t nfs -o rsize=8192,wsize=8192,hard,intr 192.168.0.1:/home  /mnt/nfs/home
 +</code> Note, that I expect you to create the mount point (''/mnt/nfs/home'' in the example, but you may pick your own of course) in advance...!
 +
 +I hear you thinking... how do I find out the export list of my NFS server? This is easy: run <code>showmount -e <NFS_servername></code> to obtain a list. This is what the output will look like: <code>
 +# showmount -e bob
 +Export list for bob:
 +/home                          192.168.0.0/24
 +/var/www/htdocs                192.168.0.0/24
 +/home/ftp/pub                  192.168.0.0/24
 +</code> Note that this specific NFS server also exports the webserver's DocumentRoot and the ftp server's 'pub' directory. What you //don't// see how those exports are configured (access restrictions and such, apart from the allowed IP address range). 
 +

QR Code
QR Code File- and printersharing on the local network (generated for current page)