Grabber Softwares : Enhance Your Computing

Linux File and Print Server

Setting one up for Win 9x users

linux.JPG (9333 bytes)Those above-average sys admins have traditionally sneaked Linux into company networks with a file and print server. And the software behind this, that allows Linux and most other Unix variants participate seamlessly and even outperform Windows-based machines on small networks, is called Samba.

Samba (from the Server Message Block protocol or SMB) is a suite of programs that implement the SMB protocol on Linux. The SMB protocol is the foundation of Windows networking, or as Microsoft now calls it, the Common Internet File System (CIFS). The latest version of Samba, 2.0.2, includes many new features to increase compatibility with NT domains and improve performance. We’ll take a quick look at how to set up your newly installed Linux server as a File and Print server that can be used by Win 9x users on LAN.

There are two kinds of server configurations you need to consider—the server is/isn’t on a network controlled by a Win NT server acting as primary domain server (PDS). The difference between the two is that a Win NT PDS needs to be in control of network access, that is, it does the user login validation, not the Linux server.

If your LAN doesn’t have a Win NT server, you need not worry. Here are the steps to set up your Linux server as a file and print server on your non-NT LAN. All of them must be done as the superuser (root).

  • Make a backup of the file /etc smb.conf
    cd/etc
    cp smb.conf smb.conf.backup
  • Make a few required directories.
    mkdir /home/netlogon
    mkdir /home/profiles
    mkdir /home/common
  • Edit the file /etc/smb.conf.
    joe /etc/smb.conf
  • Set your workgroup or domain.
    Change the setting "workgroup" from "MYGROUP" to whatever name you’ve assigned to your workgroup or domain. For example, we set it to PCQLABS.
  • Set your server description.
    Change the setting "server string" from "Samba Server" to whatever description you want to be broadcast as your server’s description. We set it to "PCQ Labs Linux Server".
  • Set the server type.
    Change the setting "security" to "user".
    Make the server the Local Master.
    Change the setting "local master" from "no" to "yes".
  • Make sure that the machine is in control no matter what.
    Enable the setting "OS level = 33" by removing the semicolon at the beginning of the line.
  • Make the machine the domain master.
    Enable the setting "domain master = yes" by removing the semicolon from the beginning of the line.
  • Make the machine the preferred master.
    Enable the setting "preferred master = yes" by removing the semicolon from the beginning of the line.
  • Enable domain logons.
    Enable the setting "domain logons= yes" by removing the semicolon from the beginning of the line.
  • Make the server a WINS server.
    Enable the setting "wins support = yes" by removing the semicolon from the beginning of the line.
  • Enable the required "netlogon" share (required for domain logons).
    Remove the semicolons from the following lines:
    [netlogon]
    comment = Network Logon Service
    path = /home/netlogon
    guest ok = yes
    writable = no
    share modes = no
  • Similarly, enable roaming user profiles.
    Remove the semicolons from the following lines:
    [Profiles]
    path = /home/profiles
    browseable = no
    guest ok = yes
  • Set up the guest account as "nobody".
  • Change the "guest account" setting to "nobody".
  • Give users some "scratch" space for temporary files.
    Remove the semicolons from the following lines:
    [tmp]
    comment = Temporary file space
    path = /tmp
    read only = no
    public = yes
  • Now let’s make your CD-ROM drive available for public access.
    Add the following lines to the bottom of the file:
    [cdrom]
    comment = Shared CD ROM Drive
    path = /mnt/cdrom
    public = yes
    only guest = no
    writable = no
    printable = no
  • Finally, a share through which you can make common files available.
    Add the following lines to the bottom of the file:
    [common]
    comment = Common file access area (read only)
    path = /home/common
    only guest = no
    writable = no
    printable = no

If you wish your Samba server to perform domain login authentication for your Win 95 and 98 clients, you’ll have to enable encrypted passwords in the configuration file. By default, Win 95 will use plain text passwords, but Win NT and 98 require encrypted passwords. To enable this, add the line "encrypt passwords= yes" to the configuration file.

Note: This is only one of many steps to get password encryption to work. The simplest way to get around this issue (if you don’t have a Win NT server in your network) is to disable the encrypted passwords option in Windows. To do this, insert a Windows or DOS formatted floppy disk into the A drive (OK, the /dev/fd0 drive), and run the following command:

mcopy /usr/doc/samba-2.0.2/docs/Win95_PlainPassword.reg a:

Now insert this disk in drive A of every Win 9x machine, open the drive through My Computer and double click on the .reg file. Then reboot the machine, and Windows will no longer use encrypted passwords by default (though it will use them if a server requests it).

  • Save the file by pressing Ctrl-KX.
    You will be returned to the shell prompt

And that’s it. Now all you need to do is restart the SMB services with the command:

/etc/rc.d/init.d/smb restart

Your server is now ready for business.

The setup outline above is suitable for LANs where you don’t have a Win NT machine acting as a PDC. If you already have a domain logon by a Win NT machine, you can set up your Samba server to participate in the network with full authentication being performed by the PDC. Adding support for this involves a few additional steps, which we’ll get to in a moment.

Using SWAT

SWAT is a Web-based, fully graphical interface to the Samba configuration file. It’s available only on Samba version 2 and above. Once you have Samba installed, you can access it at http://<yourmachinename>:901/.

Once you have SWAT running in front of you, spend some time reading the various articles that are available from the first (home) page. Pay attention to the article "Joining an NT Domain with Samba 2.0" appearing at the bottom of the list. It details the steps you need to take to make your Linux machine and Samba join the Win NT domain, so that users are validated not by the Linux box but by the Win NT server.

SWAT additionally allows you to perform tasks such as restarting the Samba daemons remotely each time you modify the configuration file.

SWAT provides two basic views to each set of entries it allows you to edit: default and advanced. In many cases, you’ll be able to make configuration changes from within the default view, but a new setup generally requires that you modify settings in the advanced view. Don’t feel intimidated by the sheer number of options available in the advanced view. The essential changes that you are required to make to a default configuration have been outlined above. Once you have made the necessary changes, click on the "commit changes" button, and restart the smb daemon.

Samba is an extremely complex piece of software, and it will take you time to learn the intricacies of it. What is described here is no more than a kick-start to get you going the first time. Extensive documentation is available, on the Web as well as with your Red Hat 5.2 installation in the /usr/doc directory.

 

arrowLtBG.gif (4889 bytes)