Getting Started With Samba

The whole process described below consists of the following steps:

1. Installing Samba
2. Installing xinetd
3. Installing swat
4. Samples:
   • sample Samba configuration file
   • sample Samba Domain Controller configuration file
   • sample Samba user and group configuration for the domain

Installing Samba

Installing Samba is pretty straightforward:

1. ipkg update
2. ipkg install samba

If you receive:
ERROR: Cannot satisfy the following dependencies for samba:

   openldap-libs

Nothing to be done An error ocurred, return value: 1.

Do the following:

1. ipkg install unslung-feeds
2. ipkg update
3. ipkg install openldap-libs
4. ipkg install samba

Configuring Samba

All configuration data resides in /etc/samba/smb.conf. If you are good in Samba you might be able to edit the default file by yourself. If not you might want to start with the configuration file that is given in the last section. You can just move away the existing smb.conf file and replace it with the content as specified below.

The configuration file below assumes you want to share /usr/public for everyone to read from and write to, and that your share is named public. If you want to use a different directory or sharename modify the last few lines.
Also you might want to change the line
workgroup = YourWorkgroupNameGoesHere
and enter the name of your workgroup.

Next you should create the directory /var/log/samba.

Users must be added to the smbpasswd file in order to get access to SMB shares, but only users that exist in your system file may be used by Samba (users are listed in /etc/passwd). If the user guest does not exist, create it with:
adduser guest
The password used here will only be used to allow the user to log into the system, not to access SMB shares.

The corresponding samba user can now be created using
smbpasswd -a guest
Choose any password (it may remain blank). This adds a line to the /etc/samba/private/smbpasswd file.

Also note that /var/lock needs to have its permissions changed to 0755, use the following command
chmod 0755 /var/lock

Installing xinetd

Xinetd is needed to allow swat to run properly. Just run ipkg install xinetd. No additional configuration needed.

Installing swat

NOTE: Swat is no longer available in ipkg, and it appears to be installed by default in Samba 3+ anyway. It doesn't just work out of the box. It may only need the xinetd edits below.

Especially if you are not familiar with configuring Samba you want to install swat. Swat is a web based interface to the myriad of Samba configuration parameters. Again ipkg install swat does the job. The web based interface of swat can be accessed on port 901 of your slug (e.g. http://192.168.1.77:901).

In order to launch swat you'll need to create a file called /etc/xinetd.d/swat. (the /etc/xinetd.d directory should have been created when you installed xinetd). The contents of the file should be:<<

 
service swat
{
  disable = no
  port = 901
  socket_type = stream
  protocol = tcp
  wait = no
  user = root
  server = /usr/sbin/swat
  log_on_failure += USERID
}

After doing this you should restart xinetd with /etc/init.d/xinetd restart and then be able to surf to port 901 and get the swat web interface.

Sample Samba configuration file

NOTE: This is a Samba 2 config file. Won't work with Samba 3. See http://www.nslu2-linux.org/wiki/Optware/Samba?from=Unslung.Samba

 
# Samba config file created using SWAT
# from 192.168.123.4 (192.168.123.4)
# Date: 2005/09/04 22:12:53

# Global parameters
[global]
	workgroup = YourWorkgroupNameGoesHere
	server string = 
	map to guest = Bad User
	null passwords = Yes
	smb passwd file = /etc/samba/smbpasswd
	guest account = guest
	log file = /var/log/samba/%M
	max log size = 10
	name resolve order = wins bcast
	socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=16384 SO_RCVBUF=16384
	printcap name = /etc/cups/printcap
	os level = 8
	preferred master = Yes
	dns proxy = No
	ldap ssl = no
	config file = /etc/samba/smb.conf
	create mask = 0771
	force create mode = 0660
	force directory mode = 0771
	default case = upper
	case sensitive = No
	veto files = /.ShareConfFile/quota.user/quota.user~/lost+found/
	map system = Yes

[public]
	comment = "For everyone"
	path = /usr/public
	read only = No
	guest ok = Yes

Transfer Speeds

I found that I got a MUCH better transfer speed when I had the following settings in /etc/samba/smb.conf

[global]

   socket options = TCP_NODELAY  IPTOS_LOWDELAY SO_SNDBUF=65535 SO_RCVBUF=65535

There is something similar in the example file above, but its easily missed.

Transfer Speeds with Many Files in the Same Directory

(Well, not really transfer speeds, but file lookup speeds.)

If you have 100,000 files in a directory, Samba is very slow... and that's on a regular server. On the NSLU2, with its embedded processor, it can choke on as few as several thousand files in a directory.

There is a way to speed things up: turn off case sensitivity in Samba, and rename all your files to be upper- or lower-case. For instructions and more info, see http://www.samba.org/samba/docs/man/Samba-Guide/HA.html#id403899

(An advanced hack: if your program expects a file with a certain name, and can't find the equivalent upper- or lower-case file, just create a zero-size file with the expected name. For example, if your program is looking for "Info.plist" and you only have "info.plist", run a command like "touch Info.plist". Your program will see the zero-size file, try to access it, and Samba will give it the "real" file instead. The same trick works for directories; just create an empty directory instead of a zero-size file.)

For any Mac users storing Time Machine backups on their NSLU2, take notice! Time Machine images contain many thousands of small files. Before this trick, backups took hours and the Samba process was taking 95%+ of the CPU. After, backups take minutes and Samba uses closer to 35%.

Windows Firewalls

I had a day of grief before getting samba working. My Windows XP box would see the samba share but be unable to connect to it, returning messages like "you don't have permission". I tried all kinds of smb.conf permutations. The culprit was the popular ZoneAlarm firewall software on the windows machine. Open up zonealarm, click on "firewall", then "add" your slug's IP address (usually 192.168.1.77) to the trusted zone. Voila, problem solved.

Host name

I’ve experienced that Windows (XP) refuses to connect to the samba server if your device name contains a “/”, in my case “Nslu2/Openslug”. If you have an unexplainable connection issue and Windows report “This parameter is incorrect”, try naming renaming your device. This can easily be done by using the ‘turnup init’ command. Don’t forget to ‘turnup preserve’ afterwards.

Sample Samba Domain Controller Configuration File

The following customisations to the above configuration file will set your Samba server up as an NT 4.0 Primary Domain Controller. Most home users will not need to do this, however if you want a Domain Controller then read on. The stuff you really need is the script mappings at the bottom, because adding and removing computers from the domain requires that Samba can add and delete user accounts in Linux. The default mappings provided in the example smb.conf file assume that you have the full user utilities - however, since OpenSlug uses BusyBox and TinyLogin, you don't get these unless you install them yourself. Note that the "delete user from group" script is inactive, because that task is not an available option in the aforementioned utilities in BusyBox and TinyLogin.

Also note that Windows XP SP2 clients can suffer a BSoD (Blue Screen of Death) every time you login if you configure Samba3 to use roaming profiles. The example shown ensures that there are no profile directories and no Home drives mapped. This configuration is known to stop XP SP2 systems from crashing.

 
[global]
   security = user
   passdb backend = tdbsam
   domain master = yes 
   preferred master = yes
   domain logons = yes
   logon home = 
   logon path = 
   wins support = yes
   dns proxy = no 

   add user script = /bin/adduser %u
   add group script = /bin/addgroup %g
   add machine script = /bin/adduser -g machines -s /bin/false %u
   delete user script = /bin/deluser %u
   ;  delete user from group script = /bin/deluser %u %g
  delete group script = /bin/delgroup %g

You also need to map UNIX user accounts to SMB accounts, and map the usual Windows groups into UNIX groups.

Add SMB users

 
smbpasswd -a <UNIX username>
adduser Administrator
smbpasswd -a Administrator

Assign an account to be the Domain Administrator

 
net getlocalsid
pdbedit -U <Your SID>-500 -u Administrator -r

Don't worry if you get any errors with "records" from the above command. It should still work.

Create the UNIX group "ntadmins" and then map this (and other groups) to SMB groups.

 
addgroup ntadmins
net groupmap modify ntgroup="Domain Admins" unixgroup=ntadmins
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody

Create your custom groups

 
addgroup mygroup
net groupmap add ntgroup="Mygroup" unixgroup=mygroup type=d

File size >= 2G and remote smbfs mount

When mounting smbfs some linux distro by default does not include large file support, which limits files to less than 2 gigs. Using the lfs option will include large file support. Google "smbfs lfs option", since it seems to be missing from most documentation.

A better option is to use cifs, if it's supported by your kernel/distribution/version. When mounting cifs, large files are supported by default.

So either:

 mount -t smbfs //server/share /mountpoint -o lfs other-options

or

 mount -t cifs //server/share /mountpoint -o options

Fixing access denied (especially when connecting to smbd via Windows)

If you think you have set up everything correctly in /opt/etc/smb.conf but fail to connect to your samba server, try the following: put a line like "hosts allow = 192.168.1" in your smb.conf under [global] (assuming that ip mask captures where both slug and Windows pc reside). Under individual shares, specify individual users not groups. Are all paths correct, did you use password encryption, do the paths of your shares exist, did you "useradd foo" and "smbpasswd -a foo"? Does "smbclient -L localhost -U foo" on your slug work? Does "smbclient //nsl/share -U foo" work, too? (Assuming you have a share named [share] im smb.conf and want a user foo.)

If all that works but connections from Windows fail: does "NET USE z: \\192.168.1.100\share /USER:foo" work (with your Windows workstation in the same workgroup as specified in smb.conf, assuming your slug is 192.168.1.100? (If it works with the IP address but not with \\nsl\share, check lmhosts settings). Then be very careful (!) and check the following registry entries in regedit:

No windows reboot needed, as far as I know. If all fails, try "ipkg remove samba" and "ipkg install samba2" or the other way round.

Errors accessing files with clients running linux kernel >=2.6.26

If you get errors like "no such file or directory", "not a directory" accessing (existing) files with a client running kernel >=2.6.26, try setting "host msdfs = no" in the global section of smb.conf.

Apparently there's a bug in samba 3.0.23 that's triggered by kernels >= 2.6.26. For background information visit https://bugs.launchpad.net/ubuntu/+source/samba/+bug/286828(approve sites).