Introduction
Configure FreeBSD unix as an SMB file server allows it's resources
to be accessed by machines running the Microsoft File Sharing Client
over a TCP/IP network. Offering SMB file serving requires the
installing and configuring of a third party software package called
Samba.
Read the
Software Installation Overview and
Samba installation and Configuration to prepare for this lab. For
more information about samba try this
web site.
Lecture Outline
Often organizations will use a unix server to provide file and
printer services to other hosts of various operating systems across
their networks. To allow hosts running the Microsoft File and Printer
Sharing Client we must implement the SMB (Server Message Block)
protocols and we can do this over TCP/IP with Samba. We saw with the
SMB client we could load a kernel module on demand by using mount_smbfs
command. On the server side we will need a third party software package
called Samba which enables us to interface with clients in a Microsoft
environments. Samba is a collection of software components that allows
a unix server to act as a File or Print server, but also as a WINS
server, or a Windows NT style Domain Controller. Samba can also act as
an Active Directory client, allowing unix machines to be members
servers of a domain or to authenticate their local users against the
domain user database. As with most software packages in FreeBSD, Samba
can be found in the ports collection, and is also available as a
precompiled package which is gow we will install it for our lab.
On the FreeBSD server
The inetd daemon or "Internet Super Server" is so called
because it manages connections for several different network services.
We will be using this to enable SWAT (a web interface) for managing
samba. See configuring SWAT later in this lab.
As we have seen with adding other services, we can use the sysinstall
utility to enable new services or we can edit the /etc/rc.conf file
with the appropriate entries.
- Ensure your networking is setup properly
- Enable inetd by adding inetd_enable="YES" to /etc/rc.conf
or use sysinstall as described below
- Run System Install (only if you didn't do this step manually,
else skip to restarting inetd)
- Goto the configure menu
- Select networking
- Enable INETd (and confirm that you want to enable it)
- Edit the inetd.conf when prompted, make sure swat is enabled
(very bottom--already done!)
- Before we can start using SWAT we need to install it and the rest
of Samba
- The package can be found on disk 3 in the "net" category, or
retrieved from the internet (pkg_add /cdrom/packages/net/samba3
or pkg_add -r samba3
- *****The default configuration
file smb.conf.default has already been copied to smb.conf
in /usr/local/etc*****
- Configure samba to start on the next boot (manually, by adding it
to /etc/rc.conf
- Restart samba so that it is running /usr/local/etc/rc.d/samba
restart
- restart inetd for the config file change to take effect /etc/rc.d/inetd
restart
- INETd is now running, and this allows you to access SWAT on port
901
- Access SWAT via http://localhost:901/ in the Virtual Machine, or
http://ip.of.virtual.machine:901/ from the host
- Now we need to configure samba, from the global tab, change the
following settings:
- workgroup - set this to WORKGROUP so that it is part
of the same group as the XP host machines
- netbios name - this is the unique windows "Computer Name" for
your FreeBSD machine, make sure it is unique
- server string - this is the comment that will appear beside
your server in the network neighbourhood
- security setting - user level - this uses usernames/passwords
to control access. Share level has a seperate password for each share
(like windows 95)
- encrypt password - enable this
- commit changes - then goto the status
tab and restart all
daemons
- Now we need to share something. Goto the shares tab and enter the
name of a new share, and click create
- Now you can enter the specifics of the share (the directory that
is to be shared, etc) and commit the changes
- Call the share "packages" and point it to the /cdrom/packages
directory
- Disable guest access, and make the share read only
- Because we have disabled guest access, now we need to create some
users that can access this share
- Samba maintains its own seperate password database, to be
compatible with the windows password system, and to allow you to
control which users have access
- For a user to be able to access a share, they must exist as a
real unix user, and be in the samba password database. The unix
password is not used, only the samba one
- Go to the password tab, and enter fbuser and a new
password, then click add user
- Enable the fbuser account
- Now restart samba again to ensure all of our new settings are
applied
On the XP Host
- goto Computer Management / Local Users and Groups
- add a user called fbuser
- set the password
- set a password for CSAIT
Enabling Home Directory Access
- Samba allows us to automatically allow users to access the
contents of their home directory, without having to create specific
shares
- enable home directory share access through the [homes] share -
accounts on the unix server will be allowed to get to their home
directories from a windows host
- create a user account on unix
- create an account (using the same username) and password on the
XP host machine
- define a separate share on the SMB server (create a directory and
copy files to it)
- create a share that points to your /tmp
- restrict access through user level access - check the help in
SWAT
- create samba passwords for your users, using the smbpasswd
command line tool this time
- change the configuration to display dot files (or hidden files)
- copy files from MSWindows to your samba server to ensure write
access is enabled
- the shares should show up in the network neighbourhood but you
could mount them using: net use m: \\servername\sharename
Testing unix samba server
It is very useful to be able to test out your configurations from
the unix samba server before going to the client machine:
To list shares that are available from the configured Samba server,
execute the following command:
smbclient –N -L yourhostname (-N will not prompt you for a
password)
To connect to the shares that you have configured you can use a unix
client:
smbclient //hostname/your-service
smbd –v will show status of the smbd daemon
testparm /usr/local/etc/smb.conf
is very useful especially if you configure samba directly by modifying
smb.conf instead of using SWAT
smbpasswd –a username (rather than changing the password
through the SWAT menu, you can modify passwords from the shell prompt