Your support is needed and is appreciated as Amigaworld.net is primarily dependent upon the support of its users.
[ home ][ about us ][ privacy ]
[ forums ][ classifieds ]
[ links ][ news archive ]
[ link to us ][ user account ]
FeaturesMain »» Tutorials
|YAHTSSG - Yet Another How To Setup Samba Guide (including User level security) |
(Read 9861 times)
|How to Setup Samba for OS4|
A few notes before we begin...
This is based, more or less on the INSTALL.AMIGA text from the Samba archives listed below, but with additional steps from my experiences and other details not covered elsewhere (that I've found anyway). You may also want to look at http://samba.amigaworld.net - however, I have tried to make this much more comprehensive.
For this guide I will be using "RAM:" as my extraction destination and "Work:Network/Samba" for my installation destination, however, you can use whatever path you want, just remember that you will need to substitute your path for my path.
In a number of places (mostly in the smb.conf) you will see paths referred to like "/Samba/something" or "/Work/something". The leading "/" is not native to the AmigaOS, it is an artefact from the *nix world and basically means "the root of all your file systems and directories. The concept is still valid in AmigaOS and the best way to visualise it is to think of it as a drawer that
contains all of your volumes and devices, thus if you have a volume "Work:" it would be referred to as "/Work". Notice that you drop the ":". This also is the case for assigns. Thus if you have an assign for "Samba:" (and you will by the end of this document) then it would be referred to as "/Samba".
In this guide I will be doing most of the setup using the shell. You can use whatever tool you prefer to create the drawers and copy files around.
Lets get started...
Firstly, you will need to get yourself a copy of Samba for OS4. I grabbed my copy from http://www.os4depot.net (just search for "samba"). You need these two files:
samba-base.lha - v2.2.5 - approx 2Mb - Common/base files needed for Samba 2.2.5
samba-bin.lha - v2.2.5 - approx 7Mb - Binary OS4 files needed for Samba 2.2.5
Extract samba-base.lha to RAM: - you should see the following:
6.RAM Disk:> dir
6.RAM Disk:> dir samba-2.2.5/
6.RAM Disk:> dir samba-2.2.5/install/
Extract samba-bin.lha to RAM:samba-2.2.5 - you should see the following:
6.RAM Disk:> dir samba-2.2.5/install/
So, we now have the "bin" directory in our "samba-2.2.5/install" drawer and we are now ready to install samba.
We need to create our drawer to house samba on one of our volumes. In this example, I'm going to use my Work: volume and put Samba in my Network drawer.
6.RAM Disk:> makedir Work:Network/Samba
6.RAM Disk:> copy samba_2.2.5/install Work:Network/Samba all clone
... lots of copied files ...
You should then see:
6.RAM Disk:> dir Work:Network/Samba/
This next bit is quite important! You *need* to ensure that the "log" drawer exists and that the "locks" drawer exists inside the log drawer. If either of these drawers do not exist, create them! If you do not, you are likely to have all sorts of problems with Samba. If you have been following what I have done so far, the locks drawer will be missing.
6.RAM Disk:> makedir Work:Network/Samba/log/locks
So you should now see and entire tree like:
6.RAM Disk:> dir Work:Network/Samba dirs all
If you don't see a drawer tree like this, go back and double check what you have done.
The last step in installation is creating some entries in your S:User-Startup. Using your editor of choice, add the following lines to the end of your S:User-Startup file:
if exists Work:Network/Samba
assign Samba: Work:Network/Samba
path Samba:bin add
At this point, the easiest thing to do is to reboot your Amiga to enable the assign and changes to the path.
Installation is done! This was the easy part... now comes...
Hopefully you have rebooted and your assign is now in place and Samba:bin is in the path. You can test this from a shell if you have a suitably configured Windows, Linux or other box about by using smbclient thus:
6.RAM Disk:> smbclient //cerberus/media -U myuser
added interface ip=192.168.1.7 bcast=192.168.1.255 nmask=255.255.255.0
Domain=[AU-DOM-NT] OS=[Unix] Server=[Samba 3.0.23d-6-1083-SUSE-SL10.2]
smb: \> dir
. D 0 Tue Dec 19 08:58:41 2006
.. D 0 Sun Dec 17 16:10:10 2006
Audio D 0 Wed Dec 13 20:00:49 2006
Video D 0 Sat Dec 16 12:05:57 2006
Incoming D 0 Sun Dec 17 18:07:19 2006
Image D 0 Sun Dec 17 18:07:08 2006
Games D 0 Sat Dec 16 10:53:45 2006
47678 blocks of size 8388608. 947 blocks available
smb: \> quit
In this example, I've connected to a share called "media" on a linux box with the netbios name of "cerberus" and I have specified that I want to connect using the user name (the -U option) of "myuser". I have supplied the valid
password for myuser and then preformed a directory listing and quit.
This just tells us that we can connect to other machines as Samba clients and really does not reflect anything about the state of the samba server on our Amiga, but I digress.
We now need to make some changes to the smb.conf file. The one that comes with the samba archive is missing a few bits and pieces. Below is a stripped smb.conf file with my comments. For a basic starting point, make a backup copy of your existing smb.conf and replace it with this one... after you make some changes of course. Once you get Samba up and running, you can reconfigure however you like (I recommend using SWAT for this - see below), this is just to get us started quickly.
;-- Start of smb.conf --
# Samba config file created using SWAT
# from localhost (127.0.0.1)
# Date: 2007/01/13 13:15:02
# Global parameters
; The workgroup you want your Samba server to appear in.
; If you have an existing group from linux or windows, use that here.
workgroup = MyGroup
; The name this server will be known as in the workgroup.
; This name should be unique, my A1 is know as "theseus", so...
netbios name = THESEUS
; This string is made available as the server description and will be
; visible to samba clients.
server string = AmigaOne XE Samba Server
; If you have a static IP address set it here (and uncomment the line)
; along with your subnet mask.
; If this is server is going to be a "full time" server, a static address
; would be a good idea. My A1 has a static address of 192.168.1.7
; If you have dynamic IP address or have no idea what I'm talking about,
; remove or comment out this line.
; interfaces = 192.168.1.7/255.255.255.0
; The log files are a cause of many Samba issues on the Amiga, remember
; those drawers we created earlier? If you want to, you can log to RAM:
; by usng /RAM/log.%m, but if your Amiga stays on for a long time, you may
; end up using a quite a bit of RAM for these log files.
; The %m will create a separate log file for each client that connects to
; your Samba server.
log file = /Samba/log/log.%m
; Restrict the log file size to 50k. I've not seen this affect the
; nmbd.log though...
max log size = 50
; This is our default/quick start security level. For serious use it is
; not really good enough, however, if you are only talking to Windows98 or
; earlier versions, then this is what you need.
security = user
; Not sure if the Amiga port supports printers so...
load printers = No
; These next few are a safe default for getting started. See the help in
; SWAT if you want to know what they are all about.
preferred master = False
domain master = False
dns proxy = No
; Having the locks in RAM should be just a bit faster...
lock dir = /T/samba-locks
; This is the guest account (i.e. non-named user) for browsing the server.
guest account = pcguest
; This restricts the IP addresses that this server will talk to. If your
; Amiga is directly on the internet running Samba, this would be a
; *minimum* security feature to enable. The best thing is to not have
; Samba running if your amiga is directly on the internet.
; This restricts my samba server to talk only to the 192.168.1.x subnet,
; but it is commented out for your convenience.
; hosts allow = 192.168.1.0/255.255.255.0
; --- Share definitions ---
comment = Home Directories
valid users = %S
read only = No
browsable = No
; We don't load printers... so this could be removed.
comment = All Printers
path = /usr/spool/samba
printable = Yes
browsable = No
; This is an extremely dangerous share for an "open" network!
; This gives read-write access to every part of your Amiga to ANYONE!
; You have been warned!
comment = All Amiga volumes
path = /
public = yes
only guest = yes
writeable = yes
printable = no
map archive = no
map hidden = no
map system = no
;-- End of smb.conf --
While this smb.conf file is far from optimal, it should get you started. After we have samba up and running, we will look at making thigs a bit more secure.
The next few changes are performed on the assumption that you are running OS4 Final.
Edit your DEVS:Internet/users file and add a line like:
NAME=pcguest UID=200 GID=500 pcguest /Temp NewShell
If UID=200 is already used, change the number to something unused e.g. 201, 300, 500 etc. This adds the user "pcguest" to the users "database". The pcguest user is used to allow "guest" browsing of shares on your Samba server. If you don't want to allow guest browsing, you could leave this line out, however there will be more about users and security later. Also note that /Temp is my Temp: volume... just a temporary area for files and such.
The file should then look something like:
NAME=root UID=0 GID=0
NAME=nobody UID=65534 GID=65534
NAME=pcguest UID=200 GID=500 pcguest Temp: NewShell
Save the users file and edit your DEVS:Internet/groups file and add a line like:
NAME=users ID=500 USERS=pcguest
If the ID=500 is already used, change the number to something unused. This adds a group called "users" to the groups "database". While I don't think this is strictly required, I tend to do it for completeness.
Save the groups file and edit your DEVS:Internet/services file and add a line like:
The services file is listed in port order, so you can place it "in order" or just put it at the end.
While we are in the services file, locate the lines:
netbios-ns 137/tcp # NETBIOS Name Service
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-ssn 139/tcp # NETBIOS session service
And change them to:
#netbios-ns 137/tcp # NETBIOS Name Service
#netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-ssn 139/tcp # NETBIOS session service
What we have done here is to comment them out some of the services entries by placing a "#" at the front of the line. I don't know why, but I was getting DSI errors from nmbd with the other entries defined... may be it was another
change I made, but regardless, they are not required.
Note 1: You could just as easily have done this through the Internet prefs program, but you would be removing the entries with the delete button.
Note 2: The first time this file is rewritten by the prefs program, all the comments will be removed. You can always recover this file from your install CD.
Save the services file.
You now need to add the protocol servers that will provide the samba server. I will attempt to describe how to do this with the Internet prefs program without the aid of screenshots.
Open Internet prefs program, choose Servers from the list on the left and click the "New" button. From the list of services at the top, select the "netbios-ns" service, set its type to "Datagram", I bump the stack to 100000
but thats just me and for the program enter "Samba:bin/nmbd". Check "Active", "Wait for completion" but leave "Use socket I/O streams" unchecked. Click "Use".
Click the "New" button again. Choose the "netbios-ssn" service, set its type to "Stream", bump the stack to 100000 and for the program enter "Samba:bin/smbd". Check "Active", but leave "Wait for completion" and "Use socket
I/O streams" unchecked. Click "Use".
Click the "New" button again. Choose the "swat" service, set its type to "Stream", bump the stack to 100000 and for the program enter "Samba:bin/swat" and for arguments enter "-a". Check "Active", but leave "Wait for completion"
and "Use socket I/O streams" unchecked. Click "Use".
Note: SWAT is the Samba Web Administration Tool that, when running, is accessible on "http://localhost:901". When you have Samba configured how you want, or you don't ever want to use it, it would be a good idea to disable SWAT and then is done by unchecking "Active" and saving.
Once you click "Save", Samba should be active.
To check, jump on another machine that will be a client to your Amiga Samba server and try to browse your Samba server.
For Windows, try, clicking the Start button, choosing run and entering "\\yourservername" and then clicking Ok. In my example above, "yoursevername" would be theseus, so Start, run, "\\theseus". Hopefully a window should open
showing you the available shares (i.e. "All").
For linux, try smbclient.
If all is well, then that is it! A simple Samba set up. However, if you want a few more features, you may want to turn the share level to "User", if so, read on.
Note: You should be able to access SWAT by accessing http://localhost:901 using IBrowse/AWeb/whatever. Take a look around and read the help, there is a lot there. If you are going to experiment, I recommend taking a backup of
your smb.conf before... it is REALLY easy to break a working Samba server.
User Level Security...
A security level of User in Samba allows you to restrict who gets access to what and what they can then do (i.e. read-only or read-write). Setting up User security isn't that difficult, but if you have never done it before, it
can be difficult to know where to start.
For this example, we will modify the "All" share created in my previous examples to only be accessible by named users.
Firstly we need to create a new user in the users "database". Edit your "DEVS:Internet/users" file and add a line for your new user. To add a new user called "myuser", add a line something like this:
NAME=myuser UID=500 GID=500 myuser /Home/myuser NewShell
As before, if UID=500 is already used, change the number to something unused. If you have looked a the template at the top of the users file, you might have noticed a couple of things. For one, we have not supplied a PASSWORD; we do
not need to supply a password in this file as, by default, Samba does not read passwords from this file. However, Samba does require an entry in this file before you can create a Samba user and password. The other thing you may
have noticed is that we are specifying a DIR. In my example DIR is specified as "/Home/myuser". In my case here, I have an assign "Home:" in which I create drawers for all the named users. When used in combination with the
"homes" share in the smb.conf file, it means that whenever you connect to the Samba server as a named user, you will see a share named the same as the user name... this share is mapped to this DIR entry. Thus, if I connect as
"myuser", I will see a share called "myuser" and it will map to my assign and drawer of "Home:myuser". This can be quite useful. Anyway, moving on...
Now that we have our user added to the user database, we need to add them to the Samba password file (Samba:private/smbpasswd). If you have not seen this file around, don't panic, it doesn't exist yet. In "Samba:bin" there is a program called "smbpasswd" (yes, the same name as the password file). As "Samba:bin" should
be in our path, you should be able to do the following:
6.RAM Disk:> smbpasswd -a myuser
New SMB password:
Retype new SMB password:
Added user myuser.
Where the "-a" option specified "add user" and you type in the password to use for this new user. That is about it, you have created a new Samba user. If you look in "Samba:private" you should see some new files, one of which is a smbpasswd file. You can open this file in a text editor if you want to see what it looks like.
Now that we have created a named user for use with Samba, we now need to modify the smb.conf. We will use SWAT for this. Open a browser (on the Amiga you are trying to set Samba up on) and access the URL http://localhost:901 - you should be presented with a welcome screen with lots of links to documentation. Click on the "Globals" link/image at the top of the page. You should be able to see "Security Options" and "Security" which should have a value of "Share". Change this to "User" and click on "Commit Changes". Now click on the "Shares" link/image at the top of the page. Choose "All" from the drop list and click on "Choose Share". You should now see the settings for the "All" share. Change "Guest only" to "No" and "Guest ok" to "No". Click on "Commit Changes".
That should be it. Now only named users that you create can access the "All" share. Try it from your Windows, linux or other Amiga using smbclient. You should now be required to supply a user name and password (-U with smbclient) to access the "All" share.
I hope someone finds this guide useful.
Feedback and comments - please PM me (Reaps) at http://amigaworld.net