Samba Administrator's Handbook

chromatic returns with a book tuned for anyone whose answer to heterogeneous networks is SAMBA, and wants 500 pages of practical advice (and answers to common problems) distilled from the fountain of SAMBA knowlege.

Samba Administrator's Handbook
author	Ed Booksbank, George Haberberger, Lisa Doyle
pages	518
publisher	M&T Books
rating	7.5
reviewer	chromatic
ISBN	0-7645-4636-8
summary	Know the theory? Here's the nuts and bolts of administrating a heterogenous network with Samba.

The Scoop

Imagine you're the administrator for a diverse network. A couple of engineers have Unix boxes, while some programmers work on NT machines. Managers have Windows laptops, and you've talked them into letting you install Samba domain and print servers. You've read the documentation and understand how it works. Now what?

That's the scenario Samba Administrator's Handbook wants to address. Designed for the busy administrator who needs quick answers in a convenient package, it takes the pragmatic approach, and gets most things right. Need to set up a print queue on Solaris? Turn to the detailed table of contents to find a complete walkthrough. It's not the kind of book you'd sit down and read from cover to cover (Trust me on this), but at least you'll know what kinds of things pop up more than once in smb.conf.

What's to Like?

Samba is designed to work with a variety of operating systems and platforms, and the authors cover quite a few: Solaris, RedHat and Caldera Linux distributions, and Free and Net BSD. These are good choices, because they represent a cross section of Unix land. Clients include the Windows family, as well as DOS and Unix (where applicable). Also included are task options (different utilities or command line switches). For example, the Samba installation section describes compilation, package selection during installation, and RPM installs. Samaba's rapid development receives due mention, with advanced users pointed to anonymous CVS and the excellent mailing lists.

SWAT receives the best coverage, reinforcing the notion that this book is meant to be used by administrators who don't have the luxury of looking up many pages on the server (or those who prefer to read printed versions). Additional configuration resources are also covered. These include SMBEdit, webmin and Linuxconf.

The handbook covers client-side issues very thoroughly, including a detailed section on troubleshooting under various operating systems. (The breadth of coverage surprised me, as there were commands I did not know even existed.) Also, the Best Practices chapter takes a server-level approach, with sections on backups and security.

What's to Consider?

My one large gripe may only bother a few readers: The editing really seems half-hearted. This is annoying, as the layout is inconsistent in places and numerous typos mar the text. I did not notice any factual errors resulting from this, however.

Occasionally, options are mentioned but not explained. Most of the time, these are the smb.conf options included for debugging purposes, deprecated in newer versions, or options which should never be changed. Some additional information would be interesting, if not immediately useful. Likewise, the benchmarking chapter suffers from a skimpy treatment, mentioning tools but not what to do with them.

In some spots, more information than necessary is presented. For example, the generous SWAT chapter repeats some information verbatim, as certain sections of the smb.conf file take similar options. Erring on the side of caution fits the organizational goal, though reprinting tar man pages may be a bit extreme.

The Summary

Short on theory but long on facts, until you have your smb.conf memorized and can keep six different versions of the same command straight in your head, you can find quick and correct information here.

Buy this book at ThinkGeek.

Table of Contents

1. Installation and Basic Configuration
2. 1. Server Installation
   2. Client Installation
   3. Basic Configuration Using SWAT
   4. Basic Operating System Configuration
   5. Other GUI Configuration Tools
3. Advanced Configuration
4. 1. Naming Services
   2. Best Practices, Browsing, and Domains
   3. Performance Tuning
5. Troubleshooting
6. 1. Basic Network Connectivity
   2. Testing the Samba Configuration
   3. Accessing Samba
   4. Using Net Commands to Diagnose Problems
7. Appendices
8. 1. Error Codes
   2. GNU General Public License
   3. Online Resources

Why not just use the native filesystem ?

[Anonymous Coward]

All this extra complexity is not good. Why not simply use unix filesystem for the unix machines, and NTFS for the Windows ones ? Any sharing can be done via NFS. There is no reason to use SAMBA. Also you are at the mercy of Microsoft changing the spec on you.

When will Samba allow win95 user level sharing?

[Anonymous Coward]

I've been waiting for this for a long time. With a samba server, win9x machines are always "unable to obtain the user list from server". GET IT FIXED!!!!

Moderation

[roystgnr]

Why not simply use unix filesystem for the unix machines, and NTFS for the Windows ones ?

It's a shame, when most moderators can't figure out the moderation choices already out there (hint: Insightful, Interesting, and Informative are orthogonal concepts), that we'd need to add even more options to make the system thorough.

The above post, for example, was not flamebait. It probably wasn't a troll, either. It is, however, annoying to read the authoritative-sounding opinion of someone who doesn't appear to understand the difference between a block filesystem and a network filesystem. I suppose Flamebait was used in lieu of "Clueless+arrogant"?

Re:NT Question??? -- RE:SMB Browsing; Loopback mou

[Asmodeus]

Re: NT vs Samba
Not really. I'd like to do both. I know it is possible (I've had it confirmed by someone who replied to another trawl I did, but he couldn't tell me how to do it as it is a company secret of his...)

How does clearclase add a new network type to the brower ? I've never seen a samba capability which does that.

Can you do this with CIFS ?

Asmodeus

Question on SMB Browsing & Loopback mounts

[Asmodeus]

Can anyone of you SMB gurus tell me how to do loopback mounts of SMB pseudo file systems ? Clearcase does this so it must be possible, but lots of trawling through the NBT and NetBT docs have just left me totally confused.

My issues are 1) *SMBSERVER is a unique name 2) ClearCase shows up as a different type of network in the browser - how do you do this ? 3) I want to have an NT box running an application share back to itself from that application as well as exporting normal shares

Disclaimer - although I work for Trilogy Development this question is for me and is not connected with work.

This is a real piece of cake with NFS, but seems to be soooo difficult under NT that I must be missing something ?

Asmodeus

How rude!!! -- RE: allow win95 user level sharing?

[BitMan]

What a rude post! If you want it, why don't you write it?!?!?! Contribute and they shall come.

Otherwise, be content with the massive, painstaking development that Samba is. I'd like to see a better example of reverse engineering a quite closed protocol that is 180 degrees from its open documentation.

Yell at Microsoft, not the Samba team.

-- Bryan "TheBS" Smith

NT Question??? -- RE:SMB Browsing; Loopback mounts

[BitMan]

I'm a bit confused here.

First off, I assume your SMB question is on NT's SMB services (not Samba's)?

If so, I'm afraid this is where your limitation lies. NT makes all kinds of design and assumption decisions that "simplify" its capabilities. Even if 9x/NT is a client of a UNIX/Samba server, Samba itself cannot make up for the limitations of the client (especially in the cases of 9x). Case in point: I personally love how people complain that Samba doesn't give them a permissions dialog box in Win9x so they can modify ACLs on the Samba server when they don't get one when they connect to a native NT server either (because the client doesn't support it stupid!)!!!

And as you said, NFS seems to handle your problem perfectly. Again, blame Microsoft and their far-from-spec SMB implemenation, a protocol that was NEVER designed for its current role.

-- Bryan "TheBS" Smith

Survey and reviews of all major Samba books?

[BitMan]

Although I like the Slashdot book reviews, with so many Samba books on the market (no less than 4 new ones this year alone!), a good survey of all the major books in one place would be nice. Same goes for Apache. Anyone got a good sample of the Samba (or Apache) collection(s)???

BIAS WARNING: I was a contributing author on Samba Unleashed and would like to see how we "stack up" against the "competition". ;-> The review at Amazon stated the buyer chose it over the highly acclaimed O'Reilly book. 1200 pages strong.

[and to answer someone else's question, I actually think we did NOT include the GPL. Not only because we didn't include the software itself, but because I don't think Samba is actually GPL licensed (please correct me I am wrong). ]

-- Bryan "TheBS" Smith

You missed my point -- Re:Good Think Geek category

[BitMan]

I think you missed my point.

I was hoping to find a resource that will point out the best Samba book for various users. There are so many books and users should be steered towards the best book for them. There never is a "single" best book for everyone -- e.g., Samba Unleashed isn't a newbie book, nor is any other book in the Unleashed series. I then injected my bias so everyone knows it, in the clear. My "how it stacks up" bit was, more or less, a joke -- although I haven't seen anything in any media outlet on Samba Unleashed (but I've never heard of a contributing author getting royalties, so don't think I'm going to benefit anyway ;-).

Anyhoo, my additional point was that I was also looking for a good Apache book. Just like Samba, there are so many out now, I don't know which one would be best for me.

I'd kinda like to see a whole series of comments on the various books of any topic where more than 3 books exist. Samba and Apache are two of the biggies when it comes to OSS, with the most books on them right now.

-- Bryan "TheBS" Smith

Re:I never have been able to get Samba working

[mIRCsloth]

Yah I had trouble with the Redhat install, untill i downloaded the orielly Samba Acrobat file and read up on it. I ended up renaming the smb.conf and writing my own, it was quite simple after that. The windows encrypted password took my the longest to figure out. Samba seems quite portable too, the smb.conf is the same on RS6000 AIX! Learn it at home and use it a work!

Re:Wow, a must have...

[ebradway]

Actually I would like to see a Samba port to NT. Samba provides much better control over Browse Master and PDC election than Windows SMB Server and it would be cool to be able to configure the thing with a text file.

Of course, I don't want to see it bad enough to do the code myself. ;)

Good Think Geek category

[gruntvald]

C'mon Dude - I worked on SAMBA UNLEASHED too, this is not the time to bring it up, it's the other guys moment of glory! I would like to see a bundle of SAMBA books on Think Geek....

Re:Why not just use the native filesystem ?

[MrCreosote]

Wow! I didn't know Microsoft now included NFS clients and servers with their operating systems. What were those Samba guys thinking???

Wow, a must have...

[thomasj]

Do you know if Samba has been ported to NT4? I run NT at work and would like have a Samba server... Never mind.

Re:OS/2 and Macintosh integration

[georgeha]

Yes, lm announce is a Samba thing, to help OS/2 clients access a Samba server, so that may be of little help to you, as I didn't understand your network topology.

Hmmm, I don't know, is there anyone associated with DAVE that would know?

Thanks,

George

Re:OS/2 and Macintosh integration

[jlrowe]

FWIW, I am learning and testing Samba. I currently have a Linux machine with DNS, DHCP, Samba and other stuff running.

The OS/2 Warp 4 machine is used for printing and internet access [hey, it is virus *proof*]

I have two linux machines running Samba. Each has the OS/2 printer connected so they can print. But as an experiment I *re-shared* that same printer connection from Samba on the Linux machine back out as if it were actually on the Linux machine.

Then with an NT laptop, connected to the printer share on Samba/linux [which is really the OS/2 printer] and successfully printed. Pretty cool, and could be used to get around some problems [like if the OS/2 machine is on Token ring (it is...) and other machines are on ethernet.]

I think drives can be re-shared like this too, and in fact think I did that too.

If you set the:
Domain = IBMPEERS

in \ibmlan\ibmlan.ini
on the OS/2 machine

instead to the domain used by the NT and Samba machines, then everyone can browse everything.

You also *must* set up the machine to use netbios over TCPIP.

Samba is pretty useful. I think Samba/Linux will make a great server.

Thanks for all the help everyone!

[Stalemate]

Just a blanket reply to everyone that helped. Especially that l33t d00d at the top!!

I'm going to give it another shot this weekend.



--

I never have been able to get Samba working

[Stalemate]

This is one of the most frustrating things for me because every once in a while I decide I'm going to figure it out. I end up spending a whole day messing with it and get frustrated and quit.

I've been through countless online tutorials, but I just can't get it. I tried SWAT, but the web interface never seemed to save my changes.

I might pick up this book if it is really good. Anyone have any experience with it?

Maybe my problem is that I'm running RedHat? I've heard its harder with RedHat if you install the out of the box Samba and I usually do because I do an install everything.


--

Re:Why do all of these books include the GPL?

[kperrier]

So they can be ~40 pages bigger than they would other wise be.

Re:Compare with O'Reilly

[kwsNI]

Good question. Personally, I'll always try to support O'Reilly whenever there is a choice. O'Reilly has been a big supporter of our Linux User's Group and they've done some really good things for the Open Source community. IDG, on the other hand, is in the book business for the money only.

kwsNI

They include GPL software

[rifter]

I would imagine that the main reason would be that they include GPL'd software with the book. Since they are required to display the GPL with the software, putting the GPL in the book fulfills this requirement nicely.

Re:Why do all of these books include the GPL?

[gmkeegan]

Probably because Samba, The Gimp, Emacs, and others are released under the GPL. Kinda makes sense to include it in the book if that's the license for the software...

some more thoughts...

[Pinball Wizard]

I probably don't have nearly as much Samba experience as the author but here are a few things I've run into that required me to look beyond the standard documentation.

1) Newer Windows clients probably won't work with the default Samba setup without some tweaking. This is because Win98/NT4 and newer clients send encrypted passwords over the network. You either have to set Samba up to accept encrypted passwords or get into the Windows registry and tell it to enable plain text passwords.

2) If you have an NT domain controller, the default Samba install will probably give you problems. If you don't want Samba to be the domain controller, handle domain logins, perform WINS services, become a browse master, etc., etc. you have to tell it not to do these things explicitly. If you don't, and you have an NT box doing these things, you will likely have problems.

Re:I never have been able to get Samba working

[Winblows]

I'm sure you probably have gotten several replies by now, just wondering if you still need help. I have been running Samba 2.05a on RH6.0 for almost a year now with no problems. If you need help email me back, and I'll help get you up and running in less than an hour! Let me know either way.

Re:OS/2 and Macintosh integration

[Jacco de Leeuw]

> You do have lm announce set to yes, for OS/2 support?

No, if you have OS/2 clients I would suggest setting it to yes but it's not required.

When set to yes, the Samba server should show up faster in the NET VIEW list.

Check out my homepage on this.

Re:Why not just use the native filesystem ?

[Stormgren]

Quoted:

"All this extra complexity is not good. Why not simply use unix filesystem for the unix machines, and NTFS for the Windows ones ? Any sharing can be done via NFS. There is no reason to use SAMBA. Also you are at the mercy of Microsoft changing the spec on you."

I guess then you've never had to interface multiple machines without a large budget. Or understand exactly what this product does. The native filesystems are the same, all it does is make a UNIX box look like SMB fileservers (a.k.a Win9X, NT).

Prime example of this is what I had to do a year ago to interface a new accounting system to the old one. The old system runs on SCO OSR5, and the new one is a client-server SQLserver based application. Problem was, some of the old system's modules were in use, and had to export to the new one. Dug around for usable tools, found samba, and *presto*, instant interface. Configuration took me all of twenty minutes (first time okay?) and I never have to monitor the thing.

I tend to be pretty cynical about software, and this is one of the few packages that I have respect for.

"All those tubes and wires and careful notes!"

Re:We need more books like this

[Rob-G]

I fully agree.
However, it is not new users I have in mind, but rather experienced users. I think they would benefit just as much, if not more, than beginners.

You see, if you know a lot about how things generally work, and how things are supposed to fit together, 1 example will make a whole lot clear.

It surprises me that there are so few examples in the man pages for Linux.
On other flavours of unix it is very common to see examples at the end of nearly every man page.
That is truly helpful. And not much work for the writer of the manpage, since he has just written in great detail how things work, and thus must know about every option anyway!

Re:OS/2 and Macintosh integration

[georgeha]

We talk about Dave for Macintosh in the book, but barely mention OS/2 as a client.

You do have lm announce set to yes, for OS/2 support?

George

Re:OS/2 and Macintosh integration

[LordNimon]

You do have lm announce set to yes, for OS/2 support?

I thought LM ANNOUNCE was a Windows thing - it was a setting you need to have enabled (it's disabled by default) because OS/2 doesn't support the "Master Browser" concept.

I don't have Linux installed anywhere, let alone Samba. Are you saying that LM ANNOUNCE is also a Samba thing? I didn't see anything about LM ANNOUNCE in the DAVE documentation.

(getting off-topic)
Specifically, my problem is that my Mac can't see my OS/2 drives, but it can see my OS/2 printers.

OS/2 and Macintosh integration

[LordNimon]

Is there any converage on intergrating OS/2 and Mactinosh clients (and servers) with machines running Samba? I'm trying to get my Mac (using DAVE) and my OS/2 machines to see each other, and it's not working well. I'm thinking I may need to set up a Linux box running Samba and use that as the primary shared resource.

Re:I never have been able to get Samba working

[Anomalous Canard]

I had difficulty the firt time as well. But there is a trouble shooting guide in the Samba documentation which takes you step by step through some simple tests that can pinpoint where the problem actually lies. In nmhy case it was misunderstanding one of the samba.conf option lines.

Anomalous: inconsistent with or deviating from what is usual, normal, or expected

PDC support

[rifter]

It seems that the drive to create PDC support was stalled by the desire to have Win2k compatable PDC support. They were almost there for NT4, but now you hear a lot about how Microsoft is maneuvering to cut off the Samba project from the ability to have Win2k PDC's.

Re:When will Samba allow win95 user level sharing?

[Jeremy Allison - Sam]

The current plan is that 2.0.8 will be the answer to your prayers :-). This functionality is being added for ACL support, but I'll test it works for Win9x as well.

Regards,

Jeremy Allison,
Samba Team.

Re:Why not just use the native filesystem ?

[irix]

Have you ever worked in a heterogeneous environment? Windows users want to open up their "Network Neighborhood" double click on the machine and then double click on the file share.

I maintain several servers (IRIX and Linux - SGI has been a big supporter of samba [sgi.com]) and I share the required directory or two on each box. It is easy - no NFS client software to worry about, easy for Windows users, and it works quickly and realiably. Samba also allows printer sharing.

I can see avoiding SMB and Samba if you are primarily a UNIX shop. However, we run about 70% NT and 30% UNIX so the interoperability that Samba provides is excellent.

Check your interfaces too

[georgeha]

One more annoyance I've noted is for Samba to try to communicate out the loopback port, 127.0.0.0.

Just add a line interfaces = 192.168.1.2 or whatever your network address in the global section of the smb.conf file.

Restart Samba /etc/rc.d/init.d/smb restart and you shoudl be golden.

George

some thoughts

[georgeha]

My usual Linux distro is RedHat, and I don't have problems getting Samba working.

A few things to try.

Use testparm to check the validity of your smb.conf file.

Is samba running, use ps to find it.

If not, what happens when you start Samba, on RedHat this is:

# /etc/rc.d/init.d/smb start

Try to log in locally with smbclient

smbclient -L hostname -U username

Also try

smbclient -U username //hostname/homes

I hope this helps,

George

Re:We need more books like this

[rifter]

I agree wholeheartedly. To be honest, these topics are not very well covered even w/r/t closed-source solutions. The open source projects, with few exceptions (mostly thanks to Oreilly) are fairly poorly documented, and most of the documentation that exists is in HOWTO's and such which rarely have much depth.

To get a full understanding, a person would have to read the HOWTO's, slashdot, newsgroups, FAQ's, and every text, PDF, and html file they could find, then experiment a lot. Even savvy users get sick of that.

The open source projects in general IMHO have grown to the point that they include feature sets comparable to or exceeding those of their closed source counterparts, mainly because there are a lot of people working on that stuff. Just think if even a small percentage of these coders worked on docs! And if they got published, they'd even get paid for their work, imagine that!

I guess the main problem is that programmers generally would rather program than write docs. Writing docs can be real boring for some people, and just as hard as writing efficient code.

Compare with O'Reilly

[kbelton]

Can anybody compare this one to the O'Reilly one? I like the O'Reilly 'cause its searchable online; but it could be more detailed.

Re:Compare with O'Reilly

[Lando]

For those of you interested, O'Reilly literally gave it's book to the samba group, http://www.samba.org [samba.org].

Samba book online is located at http://us1.samba.org/samba/oreilly/ using_samba/ [samba.org] though you should probably log onto the closest mirror at the samba.org link about and go to the documentation from there.

The documentation should soon be available via cvs as well.

Lando

I apologize for your modding

[georgeha]

I have a small LAN that I support containing mostly NT and Win9x boxes, but I use Linux as the main server (DHCP, http, ftp, and of course Samba). As it is now, every user (in order to use shares off of the NT boxes and the Samba box) must have their username and password registered with both all the NT boxes and the Samba server. Then when they need to change their password, they must go to each box and change it many times. Is making the Samba box a Domain controller the only way to have all NT and Win9x boxes validate against the Samba password database, or is there a different password sync method? Thanks!
-Shawn

To being with, I don't know why your modded to -1, this seems like an abuse of moderator privileges.

Domains are one option, the other is to have the Samba server reference another server for password verification with the password server parameter.

I don't have a lot of experience with Domain controllers (ed checked that part of the book), but that's the way I think you need to go, either make Samba a Domain Controller, or make one of your NT boxes a Domain Controller, and have Samba join the NT Domain.

Otherwise, you can have Samba reference another server for password verification, using the password server prompt. This only cuts down some of the password changes, the other NT boxes probably need to be changed individually.

I hope this helps,

George

Re:Migration to encrypted passwords that works.

[georgeha]

Whats the best way to migrate to encrypted passwords? The way the samba docs tell you to do is fine... except in the real world where you have hundreds of users spread out over multiple servers that sync.

Does anyone have a pretty much fullproof way of doing it? I mean, all the way down to the H_KEY settings that needs to be changed via kix.

Are you running unencrypted passwords now? Then you could consider using the update encrypted parameter, to slowly build your encrypted password file.

Once all the users have encrypted passwords in the smbpassd file, you start encyrpting passwords.

Hope this helps,

George

As the author, I'll answer book question

[georgeha]

Wow, I'm jazzed, I never shared a Slashdot topic before.

If anyone has any questions about writing the book, I'd be glad to answer them to the best of my ability.

If anyone has Samba questions, I'll do my best to answer them too, though my turnaround time may be greater.

I agree on the skimpiness of the benchmarking, we ran out of time, and it's hard to simulate real workd performance on a Pentium and 486 home network.

As far as the duplication of pages wrt to the smb.conf section, and others sections, the publisher said to go a little overboard there, to avoid needless page flipping. We might have taken that a little too far.

As far as including the GPL, it seems to be the thing to do, every book has it, it may be a publisher's requirement, but we included it anyway.

Thanks,

George

We need more books like this

[Gurlia]

This is not intended as flamebait, but IMHO we need many more books like this for open source software. The problem is that the current open source / Linux documentation (manpages, the HOWTO's and mini-HOWTO's) require a LOT of time and reading on the part of the user, before they can even see any results. There aren't very many docs that guide you through, step-by-step, how to get some semblance of what you want up and running.

I'm not saying that that is a bad thing; after all, we do want to educate the masses and prevent (as much as possible) clueless people who wants to be spoon-fed and never RTFM, right? But we need to remember that people like to see results. Even a little result. Having to read through an entire HOWTO, and then perhaps still not quite understanding just what it is you have to do, is very discouraging for a new user.

We should have more walkthroughs -- pre-made "recipes", so to speak, that new users can follow and get at least some result. We need to at least get them started; then hopefully they will be more interested/inspired to actually tackle all the details in the HOWTO's or other docs that came with the software, and eventually learn what they should learn. You need to learn to walk before you can run. It's a bit harsh to stick to the "sink or swim" philosophy. Much better if we cater to those who want to learn but can't quite make it without extra help.

---