Page 1 of 106 1231151101 ... LastLast
Results 1 to 10 of 1059

Thread: HOWTO: Setup Samba peer-to-peer with Windows

  1. #1
    Join Date
    Dec 2005
    Location
    Vienna, Austria
    Beans
    155
    Distro
    Ubuntu

    HOWTO: Setup Samba peer-to-peer with Windows

    HOWTO: Setup Samba peer-to-peer with Windows

    As many fellow Ubuntu users seem to have trouble setting up samba peer-to-peer with Windows I decided to write a small howto on this matter.

    NOTE: I am aware that there's a wiki-page as well as several other howto's around - but by looking at the constant "how do I setup samba" posts that are floating around in the forum I simply see the need for a more thourough guide on this matter.

    Feel free to contribute and suggest - it'll only help to make this howto a better guide.

    The goal of this howto is to have samba act like a Windows Workstation in the LAN. As a "value added bonus" we will use samba to do netbios name resolution so that you can use the names of the workstations for network drive mapping instead of their ip-addresses (i.e.: \MY_WINDOWS_BOX\SHARE) - but only for as long as your Linux box has an static ip-address and is up and running.

    This guide is based on Ubuntu 6.06 LTS and intended for all architectures (i386, AMD64, ...) - if you are still using Breezy it's safe to follow this guide as there should be no differencies.

    A second guide on how to setup samba as Primary Domain Controller along with several other services such as DHCP, DNS and NTP will follow later on as this topic will be a little more thourough.


    1. Prerequisites

    - Your Linux box should have an static ip-address.
    In case you're getting your ip from a router/server via DHCP make sure it's configured to provide a fixed dhcp-lease. If that's no valid option you cannot use WINS ... more on this way down.

    - You need to have samba installed.
    If you haven't done so already open a terminal and type:

    Code:
    sudo apt-get install samba
    Don't close the terminal upon installation - we still need the commandline to get several tasks done!


    2. Getting samba configured

    First, let us make sure samba isn't running:

    Code:
    sudo /etc/init.d/samba stop
    As a starting point I included an smb.conf below, and there are only a few simple things you may need to tweak.

    Since the installation of samba just installed a rather useless template file we're going to rename it - we keep the file just in case.

    Code:
    sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.template
    Next we create a new empty file

    Code:
    sudo touch /etc/samba/smb.conf
    And finally we need to open the file inside an editor

    Code:
    sudo gedit /etc/samba/smb.conf
    NOTE: If you're on KDE replace "gedit" with "kate"

    Copy / Paste the contents of the code-section below into your editor and read on ...

    Code:
    [global]
        ; General server settings
        netbios name = YOUR_HOSTNAME
        server string =
        workgroup = YOUR_WORKGROUP
        announce version = 5.0
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
    
        passdb backend = tdbsam
        security = user
        null passwords = true
        username map = /etc/samba/smbusers
        name resolve order = hosts wins bcast
    
        wins support = yes
    
        printing = CUPS
        printcap name = CUPS
    
        syslog = 1
        syslog only = yes
    
    ; NOTE: If you need access to the user home directories uncomment the
    ; lines below and adjust the settings to your hearts content.
    ;[homes]
        ;valid users = %S
        ;create mode = 0600
        ;directory mode = 0755
        ;browseable = no
        ;read only = no
        ;veto files = /*.{*}/.*/mail/bin/
    
    ; NOTE: Only needed if you run samba as a primary domain controller.
    ; Not needed as this config doesn't cover that matter.
    ;[netlogon]
        ;path = /var/lib/samba/netlogon
        ;admin users = Administrator
        ;valid users = %U
        ;read only = no
    
    ; NOTE: Again - only needed if you're running a primary domain controller.
    ;[Profiles]
        ;path = /var/lib/samba/profiles
        ;valid users = %U
        ;create mode = 0600
        ;directory mode = 0700
        ;writeable = yes
        ;browseable = no
    
    ; NOTE: Inside this place you may build a printer driver repository for
    ; Windows - I'll cover this topic in another HOWTO.
    [print$]
        path = /var/lib/samba/printers
        browseable = yes
        guest ok = yes
        read only = yes
        write list = root
        create mask = 0664
        directory mask = 0775
    
    [printers]
        path = /tmp
        printable = yes
        guest ok = yes
        browseable = no
    
    ; Uncomment if you need to share your CD-/DVD-ROM Drive
    ;[DVD-ROM Drive]
        ;path = /media/cdrom
        ;browseable = yes
        ;read only = yes
        ;guest ok = yes
    
    [MyFiles]
        path = /media/samba/
        browseable = yes
        read only = no
        guest ok = no
        create mask = 0644
        directory mask = 0755
        force user = YOUR_USERNAME
        force group = YOUR_USERGROUP
    Ok, I already mentioned that there are a few simple things you may need to tweak; so here they are:

    -> netbios name = YOUR_HOSTNAME

    Replace "YOUR_HOSTNAME" with your desired hostname (don't use spaces!). Best pratice would be to use the same name you configured upon installation.

    Example:

    netbios name = DAPPER

    -> workgroup = YOUR_WORKGROUP

    Replace "YOUR_WORKGROUP" with the name of your workgroup, but make sure you're using the same as configured in Windows.

    To find out the Workgroup name in Windows follow these steps:

    - Click "START"
    - Click "Control Panel"
    - Click "System"
    - Click the 2nd Tab entitled "Computername" and find the name of the Workgroup there.

    Example:

    workgroup = MSHOME

    -> wins support = yes

    If your box doesn't have a static ip-address, or you cannot configure your router/server to provide you with a fixed dhcp-lease, change this configuration parameter to "no".

    In this case you cannot use the benefits of WINS.

    -> [MyFiles]

    This is the name of the share. Leave it as it is or adjust it to whatever you prefer. Don't use more than 31 characters and try to avoid spaces!

    -> path = /media/samba/

    This suggests that you've mounted an hard drive or partition on /media/samba where all the shared files will be stored.

    In case you don't have an extra hard drive/partition you may also create folder.

    I assume you've been wise enough to put /home onto a separate partition having an reasonable amount of storage space.

    To create the folder type (inside a new terminal) ...

    Code:
    sudo mkdir /home/samba
    ... and adjust "path =" to read ...

    path = /home/samba/

    Remember that this is just an example - you are free to put things wherever you like.

    -> force user = YOUR_USERNAME
    -> force group = YOUR_USERNAME

    Well, this should say it all. Replace "YOUR_USERNAME" with the name you use for login (no spaces!).

    Example:

    force user = stormbringer
    force group = stormbringer

    Now we completed the part of editing smb.conf

    Save the file and close gedit.

    Since we are going to share the folder with other users we should now make sure that the permissions are set. Type:

    Code:
    sudo chmod 0777 /media/samba
    NOTE: Don't forget to correct the path to the location you chose above!

    That's it - now we need to start samba ...


    1.1 Starting samba and setting up user accounts

    Let us fire up samba for the first time. Type:

    Code:
    sudo /etc/init.d/samba start
    There shouldn't be any errors - if you are presented with an error message make sure everything is correct (search for typos and/or invalid paths).

    Time to add yourself as an samba user.

    NOTE: You will be asked for a password - make sure you use the same as you use for login!

    Code:
    sudo smbpasswd -L -a your_username
    sudo smbpasswd -L -e your_username
    In case you need other users to be able to access the share you need to add them to your system AND samba as well. Make sure you use the very same Windows usernames and passwords!

    NOTE: Windows XP doesn't set passwords for its useraccount per default. If you haven't set a password on your XP box just press enter when prompted to enter a password for the user account you're about to create!

    In the following example we will add an user called "mark" ...

    Example:

    Code:
    sudo useradd -s /bin/true mark
    sudo smbpasswd -L -a mark
    sudo smbpasswd -L -e mark
    The "-s /bin/true" in the first line prevents the users from being able to access the commandline of your linux box ("-s" stands for "shell"). I strongly advise you to follow this recommendation! Don't change that setting to a valid login-shell unless you really know what you are doing!

    Repeat this step until you configured all user accounts!

    Now that we configured samba and created the user accounts we are done with the Linux-part - there's one more thing to do in Windows.


    2. Changing network settings in Windows

    Now we should let Windows know that there's a WINS server active in the network.

    If you had to change "wins support" to "no" above skip this step!

    - Click "START"
    - Click "Control Panel"
    - Click "Network Connections"
    - Find your "LAN Connection"
    - Right-click the icon and select "Properties"
    - Select the "TCP/IP" Protocol and click the "Properties" button
    - Click "Advanced"
    - Select the third Tab entitled "WINS"
    - Click "Add"
    - Type in the ip-address of your Linux box
    - Click "Add"
    - Select "Use NetBIOS over TCP/IP"
    - Click "OK"
    - Click "OK"
    - Click "OK"
    - Reboot Windows

    Upon reboot you may now map the network drive within Windows.

    With WINS enabled:
    - Click "START"
    - Right-click "My Computer"
    - Select "Map network drive"
    - Choose the drive letter
    - Type \\DAPPER\MyFiles
    NOTE: Adjust this to the hostname and sharename you chose above!
    - Click "Finish"

    With WINS disabled:
    - Click "START"
    - Right-click "My Computer"
    - Select "Map network drive"
    - Choose the drive letter
    - Type \\<ip-address>\MyFiles
    NOTE: To find out the ip-address of your Linux box type "ifconfig" inside a terminal and find the ip for the correct interface (i.e. eth0). Don't forget to adjust the sharename to the name you chose above.
    - Click "Finish"

    That's it - samba is up and running now.


    3. Security consideration

    This is the right time to think about security right away.

    In case your computer has more than one network connection (i.e. wired and wireless ethernet) you may want to restrict access to samba.

    If not especially configured samba will bind its service to all available network interfaces.

    So, let us assume you only want your wired network to have access and that the network card is called eth0.

    Add the following lines to the [general] section of your smb.conf to achieve that goal:

    Code:
    interfaces = lo, eth0
    bind interfaces only = true
    If you did it correctly it should look similar to this:

    Code:
    [global]
        ; General server settings
        netbios name = YOUR_HOSTNAME
        server string =
        workgroup = YOUR_WORKGROUP
        announce version = 5.0
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
        interfaces = lo, eth0
        bind interfaces only = true
    Now only the local loopback interface (dubbed "lo") and eth0 are able to access samba - there's no need to fear that someone might break into your system by wireless as the interface isn't bound to the service.


    4. Final words

    If you happen to have any questions feel free to ask - I'll try to help as soon as possible.

    If you find any mistakes in this howto please let me know so that I can fix them.

    Feel free to contribute and suggest - help to make this howto a better guide.


    5. Addendum: Useful links

    Here are some links you may find useful.

    The onsite links refer to other samba-guides and to ubuntu_daemon's "Important Links" thread.

    - Onsite
    Ubuntu Help: Windows Networkworking
    Ubuntu Documentation: Setting up Samba

    READ THIS FIRST prior to posting - IMPORTANT links (by ubuntu_daemon)


    The offsite links refer to the offical Samba homepage and to a selected choice of their official documentation; these links are useful if you like to dig yourself into the mysteries of samba's configuration and usage as well as troubleshooting problems.

    - Offsite
    Samba Homepage

    Practical Exercises in Successful Samba Deployment
    The Official Samba-3 HOWTO and Reference Guide
    Using Samba, 2nd Edition
    Last edited by Stormbringer; August 13th, 2006 at 03:26 PM.

  2. #2
    Join Date
    Mar 2006
    Beans
    2,423

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    stormbringer, wonderful guide you have created, I have a few questions though.

    you say that you will make this guide more thorough later to include DHCP with samba. is that going to happen any time soon or have you not planned it yet?

    also, please look at my attachment, it's a drawing of the way my network is physically setup. i just want to know if my network is safe. i use my windows desktop's shared folder as my backup folder, the folder where i backup all of my ubuntu stuff on it. my smb.conf is as generic as it can be, and i don't have a shared folder on my ubuntu desktop because i can browse, save, write to, and delete files on my windows desktop's shared folder. it never asks me for a password or anything on ubuntu. i just go to places, network servers, and go into my windows desktop's shared folder.

    is it me, or does that just not sound safe at all?!
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	setup.png 
Views:	7700 
Size:	25.4 KB 
ID:	11713  

  3. #3
    Join Date
    Dec 2005
    Location
    Vienna, Austria
    Beans
    155
    Distro
    Ubuntu

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    Quote Originally Posted by erik1397
    you say that you will make this guide more thorough later to include DHCP with samba. is that going to happen any time soon or have you not planned it yet?
    Well - this HOWTO was a piece of cake as it aims at simple home usage. but ...

    The "second part" of the guide (I guess I'll call it "HOWTO: Setup Samba as an PDC with additional services") is planned, in the early stage of becoming, but won't happen soon (read: within a couple of a few days) as it's even more complex to write.

    The aim will be professional usage of Ubuntu/Samba in Office-, School- or Corporate environments (as a replacement for Windows Servers) - therefore I will need to include basic guides on how to configure DHCP, DNS and NTP to play nice altogether.

    If you like to proof-read or contribute the one or another idea I'll PM you the "development draft" as it gets complete.

    Quote Originally Posted by erik1397
    also, please look at my attachment, it's a drawing of the way my network is physically setup. i just want to know if my network is safe.
    By looking at the drawing it looks good ... but ...

    In case you have neighbors within the reach of your wireless router I hope you at least enabled encryption (WEP, 128-Bit minimum) so that no one can abuse your internet connection or exploit your data.

    Quote Originally Posted by erik1397
    I can browse, save, write to, and delete files on my windows desktop's shared folder. it never asks me for a password or anything
    Do you need to enter a password upon bootup of Windows?

    If you need to enter a password to log into Windows then Ubuntu has saved your password in the keyring - you must not enter it anew upon connect to the shared folder.

    If Windows (XP?) doesn't ask you for a password you better set one right away (START -> Control Panel -> User Accounts).

    Running around without an password makes it easy to gain access to your system and data. Every scriptkiddy that's within the reach of your wireless router and able to use a wireless sniffer may gain access in a matter of minutes (that's no fiction but a fact unless you use WPA or WPAv2 encryption on your wireless link).

    Storm.

  4. #4
    Join Date
    Mar 2006
    Beans
    2,423

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    Quote Originally Posted by Stormbringer
    Well - this HOWTO was a piece of cake as it aims at simple home usage. but ...

    The "second part" of the guide (I guess I'll call it "HOWTO: Setup Samba as an PDC with additional services") is planned, in the early stage of becoming, but won't happen soon (read: within a couple of a few days) as it's even more complex to write.

    The aim will be professional usage of Ubuntu/Samba in Office-, School- or Corporate environments (as a replacement for Windows Servers) - therefore I will need to include basic guides on how to configure DHCP, DNS and NTP to play nice altogether.

    If you like to proof-read or contribute the one or another idea I'll PM you the "development draft" as it gets complete.
    thanks for that info, and no i don't need the develpoment draft, but thank you for the offer (as i'm extremely horrible when it comes to samba!)



    Quote Originally Posted by Stormbringer
    By looking at the drawing it looks good ... but ...

    In case you have neighbors within the reach of your wireless router I hope you at least enabled encryption (WEP, 128-Bit minimum) so that no one can abuse your internet connection or exploit your data.
    yes i do have 128-bit encryption on my router



    Quote Originally Posted by Stormbringer
    Do you need to enter a password upon bootup of Windows?
    no...

    Quote Originally Posted by Stormbringer
    If you need to enter a password to log into Windows then Ubuntu has saved your password in the keyring - you must not enter it anew upon connect to the shared folder.

    If Windows (XP?) doesn't ask you for a password you better set one right away (START -> Control Panel -> User Accounts).
    i just made one!

    Quote Originally Posted by Stormbringer
    Running around without an password makes it easy to gain access to your system and data. Every scriptkiddy that's within the reach of your wireless router and able to use a wireless sniffer may gain access in a matter of minutes (that's no fiction but a fact unless you use WPA or WPAv2 encryption on your wireless link).
    even if you have wep encryption on your router?

  5. #5
    Join Date
    Dec 2005
    Location
    Vienna, Austria
    Beans
    155
    Distro
    Ubuntu

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    Quote Originally Posted by erik1397
    even if you have wep encryption on your router?
    WEP has a known design flaw in the encryption algorithm - by capturing raw pakets with an wireless sniffer (AirSnort and other auditing tools like this) you are able to "sniff" the encryption key in use.

    Using 128-Bit WEP encryption will only make it a little more harder to sniff the key, but not impossible (in the end it's the software that's doing all the rocket-science for you).

    - If your wireless router has an option to allow only specific MAC addresses use this option to tighten your security (input the MAC addresses of all your wireless cards). It won't protect you if the MAC gets faked by an attacker, but it's an additional step to make your wireless radio a little more secure.

    - DISABLE the broadcast of your ESSID (that's the ID of the wireless router) - it'll be harder to find by using sniffers if it's "stealth" (not announcing itself to the rest of the world next to you). If you need to connect a new device you should know the name (ID) of your wireless router - so you're able to input it.

    Being a little paranoid when it comes to wireless ethernet is always a good idea.

    Storm.

  6. #6
    Join Date
    Jun 2006
    Beans
    237
    Distro
    Kubuntu 7.04 Feisty Fawn

    Smile Re: HOWTO: Setup Samba peer-to-peer with Windows

    Thanks for posting this, Stormbringer. Thank you also for your suggestion in the other Samba topic, although for the time being my network is made up of all trusted users (immediate family) and has no wireless access, so I do not see a security risk in allowing everyone on the LAN to see my (fairly unimportant) shared files. I should have been more specific before.

    Finally, I was curious what the security advantage would be in having the "hosts allow" parameter within the share definitions versus within the global section. I understand the utility of per-share usergroup permissions. Again, thank you for helping out people like me who are inexperienced with Samba.

  7. #7
    Join Date
    Mar 2006
    Beans
    2,423

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    Quote Originally Posted by Stormbringer
    WEP has a known design flaw in the encryption algorithm - by capturing raw pakets with an wireless sniffer (AirSnort and other auditing tools like this) you are able to "sniff" the encryption key in use.

    Using 128-Bit WEP encryption will only make it a little more harder to sniff the key, but not impossible (in the end it's the software that's doing all the rocket-science for you).

    - If your wireless router has an option to allow only specific MAC addresses use this option to tighten your security (input the MAC addresses of all your wireless cards). It won't protect you if the MAC gets faked by an attacker, but it's an additional step to make your wireless radio a little more secure.

    - DISABLE the broadcast of your ESSID (that's the ID of the wireless router) - it'll be harder to find by using sniffers if it's "stealth" (not announcing itself to the rest of the world next to you). If you need to connect a new device you should know the name (ID) of your wireless router - so you're able to input it.

    Being a little paranoid when it comes to wireless ethernet is always a good idea.

    Storm.
    okay, i did disable the ESSID, but the mac address thing is a little iffy. In my router settings, I found a "MAC Address Clone" tab, and in it, it says: "In this page, you can change the WAN MAC address of this router.
    User Defined WAN MAC Address: 00.00.00.00.00.00"
    how am i supposed to input all of my MAC addresses when I can only input one?!
    Also, how do I find my wireless devices' MAC addresses?

  8. #8
    Join Date
    Dec 2005
    Location
    Vienna, Austria
    Beans
    155
    Distro
    Ubuntu

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    Quote Originally Posted by Arisna
    Finally, I was curious what the security advantage would be in having the "hosts allow" parameter within the share definitions versus within the global section. I understand the utility of per-share usergroup permissions. Again, thank you for helping out people like me who are inexperienced with Samba.
    The advantage is that you can control which clients, or network, will be allowed to connect to the share in question. Hosts that don't fall into allowed-list are not able to log into the service - even if they provide valid user credentials.

    It may not be that important in a typical home-setup, but it makes some sense if you run samba on a multi-homed (server with several network-cards) system.

    Hope this clarifies your question.

  9. #9
    Join Date
    Dec 2005
    Location
    Vienna, Austria
    Beans
    155
    Distro
    Ubuntu

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    Quote Originally Posted by erik1397
    okay, i did disable the ESSID, but the mac address thing is a little iffy. In my router settings, I found a "MAC Address Clone" tab, and in it, it says: "In this page, you can change the WAN MAC address of this router.
    Don't touch this setting! It's related to the WAN interface (the interface that connects your router to the internet).

    BTW: What make (manufacturer) and model is your router?

    Quote Originally Posted by erik1397
    Also, how do I find my wireless devices' MAC addresses?
    In Windows (2000/XP) open the command prompt and type

    > ipconfig /all

    Find the Network Interface that represents your Wireless radio and write down the "Hardware address" (consists of 8 pairs of Hex-values).

  10. #10
    Join Date
    Mar 2006
    Beans
    2,423

    Re: HOWTO: Setup Samba peer-to-peer with Windows

    Quote Originally Posted by Stormbringer
    BTW: What make (manufacturer) and model is your router?
    it is a linksys
    BEFW11S4 wireless-B broadband router (it's one of the older kinds)

Page 1 of 106 1231151101 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •