Doing the Windows 2000 Samba

Thursday Dec 21st 2000 by Stew Benedict
Share:

A guide to setting up Linux and Samba to internetwork with Windows 2000.

Samba is the free SMB and CIFS client and server for Unix and other operating systems. SMB stands for Server Message Block and is the protocol used for file and printer sharing under most versions of Windows. CIFS stands for Common Internet File System, and is the newest SMB initiative. In this article I'm going to go over setting up Linux and Samba to internetwork with Windows 2000.

The home of the Samba Project is www.samba.org.

The latest stable release:

http://us1.samba.org/samba/ftp/samba-2.0.7.tar.gz

The latest alpha release (with NTDomain support):

http://us1.samba.org/samba/ftp/alpha/samba-2.2.0-alpha1.tar.gz

As far as Windows 2000 is concerned, Samba will play okay, with some caveats.

  • You will need to set up encrypted passwords on the Samba server or utilize a Windows 2000 registry hack. Setting up encrypted passwords at the Linux side is much better now, and I would recommend going this route. Windows users can now change their Linux passwords through Samba.
  • If you want to enable domain logins, you will need to use the more recent versions of Samba. I was unable to get this to work successfully for the Windows 2000 machine, although it did work for Windows 95, 98 and NT 4.0. From what I could tell from Google searches and notes from the Samba site, this portion is still under development.

Unless you need the primary domain controller functionality, I'd say stay with the stable version.

Setting Up Dhcpd

If you want to let the Linux server dynamically allocate IP addresses to the client machines, you need dhcpd, the Dynamic Host Configuration Protocol Daemon. To setup dhcpd, you will need to get an appropriate RPM (RedHat Package Manager) for your distribution or compile from source. Consult either your distribution CD or its Web site for a RPM, or check out www.rpmfind.net. You install the RPM as root with the "-i" option:
rpm -i dhcp-2.0b1pl6-7mdk
(I'm running Mandrake Linux distribution on this server.) You will then need to configure /etc/dhcpd.conf. You can issue IP addresses from a pool, or assign fixed address to the Mac address of the NIC on the client machine. I prefer the latter, with fixed IP/hostnames relationships. Here is a basic /etc/dhcpd.conf:
default-lease-time            21600;
max-lease-time                21600;

option subnet-mask            255.255.255.0;
option broadcast-address      192.168.192.255;
option routers                192.168.192.1;
option domain-name-servers    207.217.126.81, 207.217.120.83;
option domain-name            "ays.net";

shared-network WORKSTATIONS {
    subnet 192.168.192.0 netmask 255.255.255.0 {
    }
 }

group   {
    use-host-decl-names       on;

    host larry {
        hardware ethernet     00:50:DA:D6:7C:2A;
        fixed-address         192.168.192.2;
    }
}
"larry" is the Windows 2000 workstation. You'll note I've defined the server's IP address (192.168.192.1) as the router, and listed the name servers specified by my ISP. This allows me to use the server as an Internet gateway for the client machine. The hardware-ethernet address, or Mac address, is usually printed on the ethernet hardware somewhere, or you can look at /var/log/messages for requests for an address when the machine is brought up, and make the entry from there:
 	DHCPDISCOVER from 00:50:da:d6:7c:2a via eth0
To start the daemon, use this command:
	/etc/rc.d/init.d/dhcpd start

Setting up Samba

Either download a binary RPM for your distribution, or get a source tarball and build from source. I went with the source for version 2.2.0, and built it with the following configuration options:
	./configure --prefix=/usr --libdir=/etc \
	--with-lockdir=/var/lock/samba --with-privatedir=/etc \
	--with-swatdir=/usr/share/swat --with-smbmount  \
	--with-quotas --with-pam
This puts my binaries in /usr, and the configuration files in /etc. You may want to put the binaries in /usr/local or /opt. I created the "private" subdirectory in /etc for smbpasswd and the files created when Samba acts as a domain controller. Once configure finishes, do the following:
	make
	make install (as root)
Now you need to create /etc/smb.conf. The following is extracted from mine:
[global]

debuglevel = 1
netbios name = moe
workgroup = AYSWNET
server string = Samba Server - Moe
hosts allow = 192.168.192. 127.
printcap name = /etc/printcap
load printers = yes
print command = /usr/bin/lpr -r -P%p %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
guest account = ftp
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/log.%m
security = user
encrypt passwords = yes
smb passwd file = /etc/private/smbpasswd
Unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY 

[homes]
   comment = Home Directories
   browseable = yes
   writable = yes

[printers]
   comment = All Printers
   path = /var/spool/samba
   public = yes
   browseable = yes
   guest ok = yes
   writable = yes
   printable = yes

[xfers]
   path = /smbshares/xfers
   public = yes
   only guest = yes
   writable = yes
   printable = no
   browseable = yes 
   create mode = 0777
I'm not going to cover all the options. All printers configured on the Linux server will be available to Windows clients. The default config file smb.conf.default in your distribution has many comments for these options, and the man page discusses them in detail:
	man smb.conf
To start Samba, there are 2 daemons:
	smbd -D
	nmbd -D
smbd is the server to provide SMB/CIFS services to clients. nmbd is the NetBIOS name server to provide NetBIOS over IP naming services to clients.

Normally these will be started by an init script in /etc/rc.d/init.d.

Setting up Windows 2000 as a Client Machine

As with previous versions of Windows, you will need to enable TCP/IP in the networking configuration. These days, with the Internet a vital part of networking, TCP/IP is enabled by default. The default setup for Windows 2000 is dynamic IP addressing, so you either need to go with that and set up dhcpd on the Linux side, or set your IP address manually in Windows 2000. We're going to use the dynamic setup here.

Joining the Workgroup

During the Windows install, you are asked whether you want to join a domain or workgroup, but these options can also be changed after the install:
Start | Settings | Network and Dial-up Connections
Then click on:
Advanced | Network Identification | Properties
Enter your computer name (in my case, LARRY--the case doesn't seem to matter). Click on the Workgroup radio button and enter the workgroup name (in my case, AYSWNET). Click on OK, and you'll be welcomed to the workgroup and prompted to reboot the computer.

As an aside, I used to use AYSNET, but there is a bug in the 2.2.0 Samba PDC code that prevents you from using domain names with an even number of letters. Hopefully, the bug will have been resolved by the time you read this.

Users

Your life will be much easier if you use the same user names on Linux and Windows. Samba can remap the names from Windows to Unix by uncommenting the following line and building the file /etc/smbusers:
	username map = /etc/smbusers
The format of the file is as follows:
	# Unix_name = SMB_name1 SMB_name2 ...
	root = administrator admin
In my case, I'm setting up myself, as user "stew." If you just want to use shares on the Samba server, this does not necessarily even need to be a Windows 2000 user, because you will be prompted for a user name when you connect to the share. If you do want to try the Domain Controller mode, you will want to set up the user in Windows 2000:
Start | Settings | Control Panel | Users and Password

Accessing Shares

Once you are set up as part of the workgroup, accessing shares is the same as accessing them from other Windows machines. This can be done from My Network Places, or from Windows Explorer. Printers are the same; you set up the appropriate printer driver from the Windows 2000 machine and then queue it to the shared network printer.

Samba-PDC Setup

To use Samba as the primary domain controller, the following lines will need to be added to smb.conf:
   	domain master = yes
   	domain admin users = root stew
add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$
   	domain logons = yes
   	logon script = %U.bat

[netlogon]
   comment = Network Logon Service
   path = /home/netlogon
   guest ok = yes
   writable = no
   share modes = no
Substitute the user name for %U. You can create a batch file to mount a standard set of shares from whatever machine the user logs in at, or set the machine time from the server:

/home/netlogin/stew.bat:

	NET USE X: \\MOE\XFERS
	NET USE S: \\MOE\STEW
	NET TIME \\MOE /SET /YES
This file needs DOS-style CR/LF, rather than Unix, so it should be created on the Windows 2000 machine and then copied over to the server.

The add user script is still experimental. I opted for the manual addition of users. You will also need to add machines for Windows NT or 2000.

To add a user in Linux:

	adduser -g users -c 'Stew Benedict' -s /bin/false -n stew
And for Samba: smbpasswd -a stew You will be prompted for a password after the second command. The /bin/false entry prevents the user from logging on to the Linux machine. If you wanted a real shell account, you'd probably use /bin/bash. The -c parameter is just a comment.

To add a machine, you may want to create a "machines" group:

	groupadd machines

	adduser -g machines -c W2KMachine -d /dev/null -s /bin/false -n larry$

	smbpasswd -a -m larry$
A default password is created in this case. Note the '$' after the machine name; it's important.

Another thing to be aware of is that if you play with various versions of Samba, like I did, you can end up not being able to log in to the domain after switching versions. I found I needed to delete some files, and then delete and re-create the machine entries to get things to work:

	rm /etc/private/MACHINE.SID
	rm /etc/private/secrets.tdb

	smbpasswd -x larry$
	smbpasswd -a -m larry$

Windows 2000 Domain Login

I was unable to get this to work, but here is the process, per the Samba pages (it did work for Windows NT):
	Start | Settings | Network and Dial-up Connections
Then click on:
	Advanced | Network Identification | Properties
Enter your computer name (in my case, LARRY). Click on the Domain radio button and enter the domain name (in my case, AYSWNET). Enter a user name and password for a Domain Admin (who must be root until a pre-release bug is fixed). Click on OK, and you'll be welcomed to the domain and prompted to reboot the computer.

Access Windows 2000 shares from Linux

Shares enabled on the Windows 2000 machine can be accessed with either smbclient or smbmount.You should be aware that sharing is slightly different than in Windows 9X; you need to click on the New Share button and give the share a name, rather than the administrative name, ending with a $, that is the default. Windows 2000 also does not allow anonymous browsing; you must browse as a user, with a password.

To use smbmount as a normal user (not root), you'll need to set smbmnt and smbumount suid:
	chmod +s /usr/bin/smbmnt
	chmod +s /usr/bin/smbumount
To mount a share, create a mount point and mount it:
	mkdir win2k
	smbmount //larry/c
To unmount:
	smbumount win2k
Smbclient is an ftp type interface to the share. It is called like this:
smbclient //larry/win2k
You will then get a prompt, and you can use commands like ls, get, etc. Type ? to get a list of commands:
[stew@moe mount]$ smbclient //larry/CDrive
Password: 
Domain=[AYSWNET] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager]
smb: \> ?
There is also a GUI client for X, called LinNeighorhood, that gives you a Network Neighborhood-style browser. This can be downloaded from: http://www.bnro.de/~schmidjo/

Backing up client machines from Linux

Samba also has a nice feature I use at work to back up the client machines over the network. You make the client hard drive available as a share, then use smbtar to back up the whole drive to tape. To back up: smbtar -v -s computername -x drivename -t /dev/st0 Where st0 is your tape drive device. To restore: smbtar -v -r -s computername -x drivename or filename(s) -t /dev/st0 Hopefully you've got enough information at hand now to integrate Linux and Windows 2000 on your network. The Samba team intends to introduce additional functionality by release 3, to enhance integration with the new Windows networking protocols and capabilities. Until then, you can still service and access the core features of SMB and CIFS. For the most part, things work about the same from the Linux end as for previous versions of Windows, unless you choose to enable the Domain Master capability. If you have any questions, feel free to send me an e-mail at stewb@centurytel.net.

About Author

Stew Benedict is a systems administrator for an automotive manufacturer in Cleveland, Ohio. He also is a freelance consultant, and runs AYS Enterprises, which specializes in printed circuit design, Microsoft Access solutions for the Windows platforms, and utilizing Linux as a low-cost alternative to commercial operating systems and software. He has been using and promoting Linux since about 1994. When not basking in the glow of a CRT, Stew enjoys time with his wife, daughter, and two dogs at his future (not too much longer!) retirement home overlooking Norris Lake in the foothills of the Smoky Mountains in Tennessee.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved