10 ways to make your Samba life easier: "
Samba allows Linux, Windows, and Mac to communicate with one another, but it has a reputation for being tricky to configure and administer. Here are some ways to reduce Samba headaches.
Samba is essential for many SMBs. Not only does it work like a champ as a file server, it does so at zero software cost. The biggest hurdle to adoption is what most people consider to be complicated setup and administration. Like many assumptions about the Linux operating system, that’s a myth. Samba does not have to be a challenge to configure or administer. In fact, it can be downright simple. Here are some tips to make your Samba life is as painless as possible.
Note: This article is also available as a PDF download.
The two main desktops, GNOME and KDE, now have easy tools to facilitate sharing folders with the help of Samba. If Samba is installed (as well as kdenetwork-filesharing, nautilus-share, and libpam-smbpass) on the machine, all you have to do is right-click a folder, select Share Options (in GNOME) or Properties | Share tab (in KDE 4). When you set sharing up this way, you won’t have to configure Samba by hand.
If you don’t use GNOME or KDE (or would rather have a GUI tool that has more options and security), you can easily install a tool like Gadmin-Samba to take care of your Samba configuration/management needs. This tool doesn’t help with GUI-less Samba servers, but it will certainly help anyone needing an easier means of configuring Samba than cracking open that smb.conf file.
One of the biggest mistakes I see with setting up Samba is forgetting to add users to the smbpasswd file. This is easily done using the smbpasswd command like so: smbpasswd -L -a USERNAME (Where USERNAME is the name of the user you want to add) and smbpasswd -L -e USERNAME (again, where USERNAME is the name you want to add). If you don’t add users to the smbpasswd, they’re going to have a lot of trouble connecting.
When you (or your users) want or need to create files and folders on the Samba share you’re connected to, the parent folders must have been created with the right permissions. To ensure this happens, you must add the create mask = 0777, create mode = 0777, and (if your share is being particularly stubborn) force create mode = 0777. These will ensure that all directories/folders created within the parent have read/write permissions. NOTE: Use this with caution, as it does make those directories/files fully read/writable.
Some people are tempted to create one big share that all users can access. This can cause a problem because all users will be able to access the entire contents of the folder. Instead of this approach, create smaller shares allowing only specific users to access them. This will give you better control over security and a better file system structure.
This one trips up a lot of people. If you make a change to your Samba configuration, make sure you restart Samba. You do this with a command similar to sudo /etc/init.d/samba restart. It’s an easy step to overlook.
This is a hotbed of contention. Most want to go the route of uber paranoia (and I do not blame them). The only problem is that it does make your Samba setup much more complicated. My preferred method (and this is ONLY on a secure internal network) is to use security = user, which means anyone that has an account on the server serving up Samba shares has access to the shares. There are actually five modes of security: User, Share, Domain, ADS, and Server. Check out this page for a detailed description of each.
When you install Samba, the /etc/samba/smb.conf file can be rather confusing to the uninitiated. This confusion, ironically enough, is generally due to the amount of comments in the file (comments meant to make understanding the file much easier). The configuration file really only needs (at minimum) a [Global] and a [Share] section. The cleaner and more minimal you keep this file, the easier it is to set up. I always just make a backup of the initial file and create my own smb.conf file that looks similar to this:
Configure this to suit your needs and you’re good to go.
A lot of people don’t know that you can use /etc/fstab to automount your Samba shares. By doing this, you won’t have to manually mount those shares every time you reboot (which is rare anyway, right?). A typical /etc/fstab entry for automounting a Samba share will look like this:
Because Samba is so friendly to most every operating system, why not learn how to connect to a Samba server from Linux, Windows, and Mac? Each OS has a different method. Let’s take a look.
Don’t forget: Always consider security first. Make sure your network is safe from unwanted users and traffic before opening up Samba to anyone and/or everyone.
These tips will make your life with Samba much simpler. Do you have other tips to add to this list? If so, share them with your fellow TechRepublic members.
"
Samba allows Linux, Windows, and Mac to communicate with one another, but it has a reputation for being tricky to configure and administer. Here are some ways to reduce Samba headaches.
Samba is essential for many SMBs. Not only does it work like a champ as a file server, it does so at zero software cost. The biggest hurdle to adoption is what most people consider to be complicated setup and administration. Like many assumptions about the Linux operating system, that’s a myth. Samba does not have to be a challenge to configure or administer. In fact, it can be downright simple. Here are some tips to make your Samba life is as painless as possible.
Note: This article is also available as a PDF download.
1: Share folders from your desktop
The two main desktops, GNOME and KDE, now have easy tools to facilitate sharing folders with the help of Samba. If Samba is installed (as well as kdenetwork-filesharing, nautilus-share, and libpam-smbpass) on the machine, all you have to do is right-click a folder, select Share Options (in GNOME) or Properties | Share tab (in KDE 4). When you set sharing up this way, you won’t have to configure Samba by hand.
2: Use a GUI tool, such as Gadmin-Samba
If you don’t use GNOME or KDE (or would rather have a GUI tool that has more options and security), you can easily install a tool like Gadmin-Samba to take care of your Samba configuration/management needs. This tool doesn’t help with GUI-less Samba servers, but it will certainly help anyone needing an easier means of configuring Samba than cracking open that smb.conf file.
3: Don’t forget to add users with smbpasswd
One of the biggest mistakes I see with setting up Samba is forgetting to add users to the smbpasswd file. This is easily done using the smbpasswd command like so: smbpasswd -L -a USERNAME (Where USERNAME is the name of the user you want to add) and smbpasswd -L -e USERNAME (again, where USERNAME is the name you want to add). If you don’t add users to the smbpasswd, they’re going to have a lot of trouble connecting.
4: Use the mode/mask options
When you (or your users) want or need to create files and folders on the Samba share you’re connected to, the parent folders must have been created with the right permissions. To ensure this happens, you must add the create mask = 0777, create mode = 0777, and (if your share is being particularly stubborn) force create mode = 0777. These will ensure that all directories/folders created within the parent have read/write permissions. NOTE: Use this with caution, as it does make those directories/files fully read/writable.
5: Create smaller shares instead of one big share
Some people are tempted to create one big share that all users can access. This can cause a problem because all users will be able to access the entire contents of the folder. Instead of this approach, create smaller shares allowing only specific users to access them. This will give you better control over security and a better file system structure.
6: Don’t forget to restart Samba
This one trips up a lot of people. If you make a change to your Samba configuration, make sure you restart Samba. You do this with a command similar to sudo /etc/init.d/samba restart. It’s an easy step to overlook.
7: Use the right security mode
This is a hotbed of contention. Most want to go the route of uber paranoia (and I do not blame them). The only problem is that it does make your Samba setup much more complicated. My preferred method (and this is ONLY on a secure internal network) is to use security = user, which means anyone that has an account on the server serving up Samba shares has access to the shares. There are actually five modes of security: User, Share, Domain, ADS, and Server. Check out this page for a detailed description of each.
8: Keep the smb.conf file simple
When you install Samba, the /etc/samba/smb.conf file can be rather confusing to the uninitiated. This confusion, ironically enough, is generally due to the amount of comments in the file (comments meant to make understanding the file much easier). The configuration file really only needs (at minimum) a [Global] and a [Share] section. The cleaner and more minimal you keep this file, the easier it is to set up. I always just make a backup of the initial file and create my own smb.conf file that looks similar to this:
[global] netbios name = NETBIOS_NAME workgroup = WORKGROUP security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd interfaces = 192.168.1.1/8
[SHARE]
comment = COMMENT path = /PATH/TO/SHARE writeable = yes create mode = 0750 locking = yes
Configure this to suit your needs and you’re good to go.
9: Automount using /etc/fstab
A lot of people don’t know that you can use /etc/fstab to automount your Samba shares. By doing this, you won’t have to manually mount those shares every time you reboot (which is rare anyway, right?). A typical /etc/fstab entry for automounting a Samba share will look like this:
//SAMBA_SERVER_ADDRESS/SHARE /PATH/TO/MOUNT/POINT cifs credentials=/etc/samba/user.cred 0 0
10: Learn how to “cross-platform connect”
Because Samba is so friendly to most every operating system, why not learn how to connect to a Samba server from Linux, Windows, and Mac? Each OS has a different method. Let’s take a look.
- Linux: The best method is in GNOME. Click on Places | Connect to Server. You will want to select Windows Share.
- Mac: From the Finder click <Apple>k and enter the address of the server in the form smb://ADDRESS_TO_SERVER.
- Windows: Open up Explorer and enter \\ADDRESS_TO_SERVER.
Use caution
Don’t forget: Always consider security first. Make sure your network is safe from unwanted users and traffic before opening up Samba to anyone and/or everyone.
Your turn…
These tips will make your life with Samba much simpler. Do you have other tips to add to this list? If so, share them with your fellow TechRepublic members.
Comentários
Postar um comentário