Using Samba to share files with Windows (part 2)
Previously, in Using Samba to share files with Windows (part 1), the LDAP configuration that were required specifically for Samba were completed. All that’s left to do is to create the Samba setup, add some users, and test the result.
This configuration is a good basic starting point for implementing Samba, which is on CentoS 6.2 with openLDAP 2.4.23 using the cn=config RTC, and Samba 3.5.10. It looks like this is turning into more of a series because these posts are turning out a lot longer than originally intended.
The goal of this post is to install and set up Samba using LDAP authentication and log in using Windows 7 Home Premium. We’re going to use the Webmin 1.580 LDAP Users and Groups module to create the user and group accounts.
Installing Samba
The same version of Samba was previously installed on our test server but was set up without LDAP, so I elected to un-installand then re-install. Make sure things are stopped first.
]# service smb stop
]# service nmb stop
Find out what we have:
]# rpm -qa|grep samba
samba-swat-3.5.10-114.el6.i686
samba-client-3.5.10-114.el6.i686
samba-winbind-clients-3.5.10-114.el6.i686
samba-3.5.10-114.el6.i686
samba-common-3.5.10-114.el6.i686
samba-doc-3.5.10-114.el6.i686
]# rpm -e samba-swat-3.5.10 samba-client-3.5.10 samba-3.5.10 samba-common-3.5.10 samba-doc-3.5.10 samba-winbind-clients-3.5.10
Before starting the re-install, there’s some files left over that should be cleaned up.
]# rm -rf /var/lib/samba
]# rm -rf /etc/samba
]#rm -rf /var/log/samba
Ok, so install the same packages:
]# yum install samba.i686 samba-client.i686 samba-common.i686 samba-doc.i686 samba-winbind-clients.i686 samba-client-3.5.10
smb.conf
Since XP Home, Vista Home ans Windows 7 Home versions cannot join a domain, and Samba 3.5 doesn’t provide active directory, this configuration will be for user level shares for a stand alone file server. We can paste this configuration into the /etc/samba/smb.conf file.
]# cd /etc/samba
]# vi smb.conf
# start smb.conf
[global]
workgroup = OFFICE
server string = Samba Server Version %v
interfaces = 192.168.5.10
passdb backend = ldapsam:ldap://centos6.tecs-company.net
log level = 0 passdb:0 auth:0
log file = /var/log/samba/log.%m
max log size = 50
os level = 65
wins support = Yes
ldap admin dn = cn=samba,dc=example,dc=com
ldap group suffix = ou=groups
ldap passwd sync = yes
ldap suffix = dc=example,dc=com
ldap user suffix = ou=people
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
#end smb.conf
Once the file is saved, run:
]# testparm
Load smb config files from /etc/samba/smb.conf
Processing section “[homes]”
Processing section “[printers]”
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
This file needs to there first because smbpasswd will get LDAP login information from it.
]# smbpasswd -w <ldap admin dn password>
Setting stored password for “cn=samba,dc=example,dc=com” in secrets.tdb
And now to start the Samba smb and nmb services:
]# service smb start
]# service smb start
]# chkconfig smb on
]# chkconfig nmb on
Next, we need the Samba Server SID before we can create new users and groups:
]# net getlocalsid
SID for domain CENTOS6 is: S-1-5-21-2172506164-2847018837-3068445438
Paste the SID into the Domain SID for Samba3 field on the Webmin LDAP Users and Groups module configuration page. Also, be sure the other fields are set as shown below, otherwise you’ll get errors when trying to create new accounts.
You can now create users and groups to login to your Samba file server.
Hint: Use the same user name and password as your desktop or laptop. Windows will automatically send your current login when you try to access the server. Only after that does not authenticate you, will it ask for a user name and password.
Leave a Reply
