How to Configure Samba Server in Linux

Introduction to Samba

Verify installed version
To see the version of samba installed on RedHat, use rpm -qa. Looks like Samba 3 in the screenshot
here, version 3.0.10.
[paul@RHEL4b ~]$ rpm -qa grep samba
samba-common-3.0.10-1.4E.9
samba-client-3.0.10-1.4E.9
system-config-samba-1.2.21-1
samba-swat-3.0.10-1.4E.9
samba-3.0.10-1.4E.9
[paul@RHEL4b ~]$
Use dpkg -l on Debian or Ubuntu. Our Feisty Fawn here uses Samba 3.0.24
paul@laika:~$ dpkg -l grep samba
ii samba-common 3.0.24-2ubuntu1.2 Samba common files used by both the...
paul@laika:~$


Installing Samba
Samba is installed by default on Red Hat Enterprise Linux. If Samba is not yet installed, then the
easiest way is to use the graphical menu (Applications -- System Settings -- Add/Remove
Applications) and select "Windows File Server" in the Server section. The non-graphical way is to
either use rpm -i followed by the samba-version.rpm file.
[paul@RHEL4b ~]$ rpm -i samba-3.0.10-1.4E.9.rpm
Or if you have a subscription to RHN, then up2date is the tool to use.
[paul@RHEL4b ~]$ up2date -i samba
Ubuntu and Debian users can use the aptitude program.
paul@laika:~$ aptitude install samba-server


Documentation
Obviously there are manual pages for Samba. Don’t forget man smb.conf.
[root@RHEL4b samba]# apropos samba
cupsaddsmb (8) - export printers to samba for windows clients
lmhosts (5) - The Samba NetBIOS hosts file
net (8) - Tool for administration of Samba and remote CIFS servers
pdbedit (8) - manage the SAM database (Database of Samba Users)
samba (7) - A Windows SMB/CIFS fileserver for UNIX
smb.conf [smb] (5) - The configuration file for the Samba suite
smbpasswd (5) - The Samba encrypted password file
smbstatus (1) - report on current Samba connections
swat (8) - Samba Web Administration Tool
tdbbackup (8) - tool for backing up and ... of samba .tdb files
[root@RHEL4b samba]#
Samba comes with excellent documentation in html and pdf format (and also as a free download
from Samba.org and are for sale as a printed book). Red Hat Enterprise Linux installs the html and
pdf version in /usr/share/doc by default.
[paul@RHEL4b ~]$ locate Samba-HOWTO-Collection.pdf
/usr/share/doc/samba-3.0.10/Samba-HOWTO-Collection.pdf
Ubuntu packages the docs as a seperate package from Samba.
root@laika:~# aptitude search samba grep -i documentation
i samba-doc - Samba documentation
i samba-doc-pdf - Samba documentation (PDF format)
root@laika:~# find /usr/share/doc/samba-doc-pdf grep -i howto
/usr/share/doc/samba-doc-pdf/Samba3-HOWTO.pdf.gz
Besides the howto, there is also an excellent book called Samba by example (again available as
book in shops, and as a free pdf and html).


smb.conf
Samba configuration is done in the smb.conf file. The file can be edited manually, or you can use a
web based interface like webmin or swat to manage it. The file is usually located in /etc/samba. You
can find the exact location with smbd -b.
[root@RHEL4b ~]# smbd -b grep CONFIGFILE
CONFIGFILE: /etc/samba/smb.conf
[root@RHEL4b ~]#
The default smb.conf file contains a lot of examples with explanations.
[paul@RHEL4b ~]$ ls -l /etc/samba/smb.conf
-rw-r--r-- 1 root root 10836 May 30 23:08 /etc/samba/smb.conf
(...)
paul@laika:~$ ls -l /etc/samba/smb.conf
-rw-r--r-- 1 root root 10515 2007-05-24 00:21 /etc/samba/smb.conf

Below is an example of a very minimalistic smb.conf. It allows samba to start, and to be visible to
other computers (Microsoft shows computers in Network Neighborhood or My Network Places).
[paul@RHEL4b ~]$ cat /etc/samba/smb.conf
[global]
workgroup = WORKGROUP
[firstshare]
path = /srv/samba/public
[paul@RHEL4b ~]$
Below is a screenshot of the net view command on Microsoft Windows XP sp2. It shows how the
Samba server with the minimalistic smb.conf is visible to Microsoft computers nearby.
C:\Documents and Settings\paul>net view
Server Name Remark
-------------------------------------------------------------------------------
\\RHEL4B Samba 3.0.10-1.4E.9
\\W2000
\\WINXP
The command completed successfully.
Some parameters in smb.conf can get a long list of values behind them. You can continue a line (for
clarity) on the next by ending the line with a backslash.
valid users = Serena, Venus, Lindsay \
Kim, Justine, Sabine \
Amelie, Marie, Suzanne
Curious but true, smb.conf accepts synonyms like create mode and create mask, and sometimes
minor spelling errors like browsable and browseable. And on occasion you can even switch words,
the guest only parameter is identical to only guest.


testparm
To verify the syntax of the smb.conf file, you can use testparm.
[paul@RHEL4b ~]$ testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[firstshare]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[paul@RHEL4b ~]$
An interesting option is testparm -v, which will output all the global options with their default
value. The remark seen by the net view command is the default value for the "server string" option.
Simply adding this value to the global section in smb.conf and restarting samba will change the
option. After a while, the changed option is visible on the Microsoft computers

C:\Documents and Settings\paul>net view
Server Name Remark
-------------------------------------------------------------------------------
\\RHEL4B Public File Server
\\W2000
\\WINXP
The command completed successfully.
The samba daemons are constantly (once every 60 seconds) checking the smb.conf file, so it is good
practice to keep this file small. But it is also good practice to document your samba configuration,
and to explicitly set options that have the same default values. The testparm -s option allows you to
do both. It will output the smallest possible samba configuration file, while retaining all your
settings. The idea is to have your samba configuration in another file (like smb.conf.full) and let
testparm parse this for you. The screenshot below shows you how. First the smb.conf.full file with
the explicitly set option workgroup to WORKGROUP.
[root@RHEL4b samba]# cat smb.conf.full
[global]
workgroup = WORKGROUP
# This is a demo of a documented smb.conf
# These two lines are removed by testparm -s
server string = Public Test Server
[firstshare]
path = /srv/samba/public
Next, we execute testparm with the -s option, and redirect stdout to the real smb.conf file.
[root@RHEL4b samba]# testparm -s smb.conf.full > smb.conf
Load smb config files from smb.conf.full
Processing section "[firstshare]"
Loaded services file OK.
And below is the end result. The two comment lines and the default option are no longer there.
[root@RHEL4b samba]# cat smb.conf
# Global parameters
[global]
server string = Public Test Server
[firstshare]
path = /srv/samba/public
[root@RHEL4b samba]#


Samba daemons
Samba 3 consists of three daemons, they are named nmbd, smbd and winbindd. The nmbd daemon
takes care of all the names and naming. It registers and resolves names, and handles browsing. It
should be the first daemon to start. The smbd daemon manages file transfers and authentication. It
should be started after nmbd. The winbindd daemon is only started to handle Microsoft Windows
domain membership.
You can start the daemons by invoking /etc/init.d/smb start (some systems use /etc/init.d/samba)
on any linux. Red Hat derived systems are happy with service smb start.
[root@RHEL4b ~]# /etc/init.d/smb start
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@RHEL4b ~]# service smb restart
Shutting down SMB services: [ OK ]
Shutting down NMB services: [ OK ]
Starting SMB services: [ OK ]
Starting NMB services: [ OK ]
[root@RHEL4b ~]#


smbclient
With smbclient you can see browsing and share information from your smb server. It will display all
your shares, your workgroup, and the name of the Master Browser. The -N switch is added to avoid
having to enter an empty password. The -L switch is followed by the name of the host to check.
[root@RHEL4b init.d]# smbclient -NL rhel4b
Anonymous login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]
Sharename Type Comment
--------- ---- -------
firstshare Disk
IPC$ IPC IPC Service (Public Test Server)
ADMIN$ IPC IPC Service (Public Test Server)
Anonymous login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]
Server Comment
--------- -------
RHEL4B Public Test Server
WINXP
Workgroup Master
--------- -------
WORKGROUP WINXP
The screenshot below uses smbclient to display information about a remote smb server (in this case a
Windows XP machine).
[root@RHEL4b init.d]# smbclient -NL winxp
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Sharename Type Comment
--------- ---- -------
Error returning browse list: NT_STATUS_ACCESS_DENIED
Anonymous login successful
Domain=[WORKGROUP] OS=[Windows 5.1] Server=[Windows 2000 LAN Manager]
Server Comment
--------- -------
RHEL4B Public Test Server
W2000
WINXP
Workgroup Master
--------- -------
WORKGROUP WINXP


smbtree
Another useful tool to troubleshoot Samba or simply to browse the SMB network is smbtree. In its
simplest form, smbtree will do an anonymous browsing on the local subnet. displaying all SMB
computers and (if authorized) their shares.
Let’s take a look at two screenshots of smbtree in action (with blank password). The first one is taken
immediately after booting four different computers (one MS Windows 2000, one MS Windows XP,
one MS Windows 2003 and one RHEL 4 with Samba 3.0.10).
[paul@RHEL4b ~]$ smbtree
Password:
WORKGROUP
PEGASUS
\\WINXP
\\RHEL4B Pegasus Domain Member Server
Error connecting to 127.0.0.1 (Connection refused)
cli_full_connection: failed to connect to RHEL4B<20> (127.0.0.1)
\\HM2003
[paul@RHEL4b ~]$
The information displayed in the previous screenshot looks incomplete. The browsing elections are
still ongoing, the browse list is not yet distributed to all clients by the (to be elected) browser master.
The next screenshot was taken about one minute later. And it shows even less.
[paul@RHEL4b ~]$ smbtree
Password:
WORKGROUP
\\W2000
[paul@RHEL4b ~]$

So we wait a while, and then run smbtree again, this time it looks a lot nicer.
[paul@RHEL4b ~]$ smbtree
Password:
WORKGROUP
\\W2000
PEGASUS
\\WINXP
\\RHEL4B Pegasus Domain Member Server
\\RHEL4B\ADMIN$ IPC Service (Pegasus Domain Member Server)
\\RHEL4B\IPC$ IPC Service (Pegasus Domain Member Server)
\\RHEL4B\domaindata Active Directory users only
\\HM2003
[paul@RHEL4b ~]$ smbtree --version
Version 3.0.10-1.4E.9
[paul@RHEL4b ~]$
I added the version number of smbtree in the previous screenshot, to show you the difference when
using the latest version of smbtree (below a screenshot taken from Ubuntu Feisty Fawn). The latest
version shows a more complete overview of machines and shares.
paul@laika:~$ smbtree --version
Version 3.0.24
paul@laika:~$ smbtree
Password:
WORKGROUP
\\W2000
\\W2000\firstshare
\\W2000\C$ Default share
\\W2000\ADMIN$ Remote Admin
\\W2000\IPC$ Remote IPC
PEGASUS
\\WINXP
cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine WINXP.
Error was NT_STATUS_ACCESS_DENIED
\\RHEL4B Pegasus Domain Member Server
\\RHEL4B\ADMIN$ IPC Service (Pegasus Domain Member Server)
\\RHEL4B\IPC$ IPC Service (Pegasus Domain Member Server)
\\RHEL4B\domaindata Active Directory users only
\\HM2003
cli_rpc_pipe_open: cli_nt_create failed on pipe \srvsvc to machine HM2003.
Error was NT_STATUS_ACCESS_DENIED
paul@laika:~$
The previous screenshot also provides useful errors on why we cannot see shared info on computers
winxp and w2003. Let us try the old smbtree version on our RHEL server, but this time with
Administrator credentials (which are the same on all computers).
[paul@RHEL4b ~]$ smbtree -UAdministrator%Stargate1
WORKGROUP
\\W2000
PEGASUS
\\WINXP
\\WINXP\C$ Default share
\\WINXP\ADMIN$ Remote Admin
\\WINXP\share55
\\WINXP\IPC$ Remote IPC
\\RHEL4B Pegasus Domain Member Server
\\RHEL4B\ADMIN$ IPC Service (Pegasus Domain Member Server)
\\RHEL4B\IPC$ IPC Service (Pegasus Domain Member Server)
\\RHEL4B\domaindata Active Directory users only
\\HM2003
\\HM2003\NETLOGON Logon server share
\\HM2003\SYSVOL Logon server share
\\HM2003\WSUSTemp A network share used by Local Publishing ...
\\HM2003\ADMIN$ Remote Admin
\\HM2003\tools
\\HM2003\IPC$ Remote IPC
\\HM2003\WsusContent A network share to be used by Local ...
\\HM2003\C$ Default share
[paul@RHEL4b ~]$
As you can see, this gives a very nice overview of all SMB computers and their shares.


Samba Web Administration Tool (SWAT)
Samba comes with a web based tool to manage your samba configuration file. The tool is accessible
with a web browser on port 901 of the host system. To enable the tool, first find out whether your
system is using the inetd or the xinetd superdaemon.
[root@RHEL4b samba]# ps fax grep inet
15026 pts/0 S+ 0:00 \_ grep inet
2771 ? Ss 0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
[root@RHEL4b samba]#
Then edit the inetd.conf or change the disable = yes line in /etc/xinetd.d/swat to disable = no.
[root@RHEL4b samba]# cat /etc/xinetd.d/swat
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
port = 901
socket_type = stream
wait = no
only_from = 127.0.0.1
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}
[root@RHEL4b samba]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]

How to Configure DNS Server on Linux Redhat

Full Linux / Unix DNS Server Configuration
Primary DNS Server:
Partition Table Informtion
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 3.0G 667M 2.2G 24% /
tmpfs 252M 0 252M 0% /dev/shm
/dev/sda5 102M 36M 67M 36% /boot
/dev/sda7 2.4G 33M 2.2G 2% /tmp
/dev/sda2 2.0G 96M 1.8G 5% /var
Packages used for DNS: bind-utils-9.3.1-3, bind-chrootenv-9.3.1-3, bind-9.3.1-3, bind-libs-9.3.1-3.2
Configuration file: /etc/named.conf
# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9. It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

options {

# The directory statement defines the name server's working directory

directory "/var/lib/named";

# Write dump and statistics file to the log subdirectory. The
# pathenames are relative to the chroot jail.

dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";

# The forwarders record contains a list of servers to which queries
# should be forwarded. Enable this line and modify the IP address to
# your provider's name server. Up to three servers may be listed.

#forwarders { 192.0.2.1; 192.0.2.2; };

# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.

#forward first;

# The listen-on record contains a list of local network interfaces to
# listen on. Optionally the port can be specified. Default is to
# listen on all interfaces found on your system. The default port is
# 53.

#listen-on port 53 { 127.0.0.1; };

# The listen-on-v6 record enables or disables listening on IPv6
# interfaces. Allowed values are 'any' and 'none' or a list of
# addresses.

listen-on-v6 { any; };

# The next three statements may be needed if a firewall stands between
# the local server and the internet.

#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;

# The allow-query record contains a list of networks or IP addresses
# to accept and deny queries from. The default is to allow queries
# from all hosts.

#allow-query { 127.0.0.1; };

# If notify is set to yes (default), notify messages are sent to other
# name servers when the the zone data is changed. Instead of setting
# a global 'notify' statement in the 'options' section, a separate
# 'notify' can be added to each zone definition.

notify no;
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
# # Log queries to a file limited to a size of 100 MB.
# channel query_logging {
# file "/var/log/named_querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log entries
# };
# category queries {
# query_logging;
# };
#
# # Or log this kind alternatively to syslog.
# channel syslog_queries {
# syslog user;
# severity info;
# };
# category queries { syslog_queries; };
#
# # Log general name server errors to syslog.
# channel syslog_errors {
# syslog user;
# severity error;
# };
# category default { syslog_errors; };
#
# # Don't log lame server messages.
# category lame-servers { null; };
#};

# The following zone definitions don't need any modification. The first one
# is the definition of the root name servers. The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

zone "ns1" IN {
type master;
file "master/ns1.zone";
allow-transfer {202.125.142.117;};
};

zone "142.125.202.in-addr.arpa" IN {
type master;
file "master/rns1.zone";
};

zone "pucit.edu.pk" IN {
type master;
file "master/pucitedu.zone";
allow-transfer {202.125.142.117;};
};

zone "pucitonline.net" IN {
type master;
file "master/pucitnet.zone";
allow-transfer {202.125.142.117;};
};

zone "mapasha.com" IN {
type master;
file "master/mapasha.zone";
allow-transfer {202.125.142.117;};
};

zone "mtexperts.co.uk" IN {
type master;
file "master/mtexpert.zone";
allow-transfer {202.125.142.117;};
};

zone "agiletechnologies.org" IN {
type master;
file "master/agile.zone";
allow-transfer {202.125.142.117;};
};

zone "ktexperts.com" IN {
type master;
file "master/ktexperts.zone";
allow-transfer {202.125.142.117;};
};

zone "completeislam.com" IN {
type master;
file "master/cislam.zone";
allow-transfer {202.125.142.117;};
};

zone "peace.com.pk" IN {
type master;
file "master/peace.zone";

allow-transfer {202.125.142.117;};
};

zone "ghazisolutions.com" IN {
type master;
file "master/ghazi.zone";
allow-transfer {202.125.142.117;};
};

zone "puran.info" IN {
type master;
file "master/puran.zone";
allow-transfer {202.125.142.117;};
};

zone "nms.pucit" IN {
type master;
file "master/nms.zone";
allow-transfer {202.125.142.117;};
};

zone "pucitonline.com" IN {
type master;
file "master/pucitonline.zone";
Allow-transfer {202.125.142.117;};
};
zone "ngnexporters.com" IN {
type master;
file "master/ngnexporters.zone";
Allow-transfer {202.125.142.117;};
};

# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.
/var/lib/named/pucitnet
$TTL 2D
@ IN SOA ns1.pucitonline.net. root.pucitonline.net. (
200312121;
3600;
3600;
3600;
1h );
IN NS ns1
IN NS ns2
ns1 IN A 202.125.142.107
ns2 IN A 202.125.142.117
www IN A 202.125.142.121
pucitonline.net. IN MX 10 mail
mail IN A 202.125.142.115
ftp IN A 202.125.142.121
radius IN A 202.125.142.108
nms IN A 202.125.142.108

/var/lib/named/pucitedu
$TTL 2D
@ IN SOA ns1.pucitonline.net. root.pucitonline.net. (
200312121;
360;
3600;
3600;
1h );
IN NS ns1.pucitonline.net.
IN NS ns2.pucitonline.net.
ns1 IN A 202.125.142.107
ns2 IN A 202.125.142.117
www IN A 202.125.142.121
pucit.edu.pk. IN MX 10 mail
mail IN A 202.125.142.122
ftp IN A 202.125.146.174
flypucit IN A 202.125.142.109
moon IN A 202.125.142.97
library IN A 202.125.142.112
alumni IN A 202.125.142.112
lectures IN A 202.125.142.112