________________________________________
Follow us on Facebook
Follow us on Google+
________________________________________
Introduction:
Samba is a popular open-source program, which provides file and print services to Microsoft® Windows® clients. With users, groups, resources are created and managed on a Samba server. As a Linux client, you can use Calculate Linux Desktop or another gentoo-based distribution with the installed calculate-client package. As a Windows client various Windows OSes can be used. To configure the server and the client see Migration to Linux. Any program configured with calculate-server is named "service".
The samba service configures Samba.
This service must be explicitly specified for calculate-server.
Example of adding the test user:
cl-useradd test sambaFor users, access rights for server's file resources are the same for Linux and Windows systems.
Samba is included in Directory Server. If you use another gentoo system, Samba can be installed with portage: just run emerge net-fs/samba.
Configuring the server
To configure your server, you should use the calculate-server utilities. Begin by making sure that you have configured the LDAP and the Unix servers.
To configure the Samba server execute:
cl-setup [parameters] samba
Possible parameters are netbios and workgroup.- "-n name" sets the NetBIOS name, that will be used by the Samba server. It defaults to the first component of the DNS host name.
- "-w workgroup" is the domain name or the NT workgroup name, for computers that will access the server.
cl-passwd --smb admin sambaIf you need domain administrator for windows computers, add new user which will be included into domain group "Domain Admins", or include in this group existing user.
The admin user only connects the client Windows machine to the domain and has no home directory.
If you need a domain administrator to manage Windows computers, add a new user that will be added in the domain group "Domain Admins"; an existing user might as well be added to this group.
Example of creating the domain administrator:
cl-useradd -p --gid "Domain Admins" -c "Domain administrator" d_admin sambaIf you want to connect Unix clients, set the password for the client service user.
cl-passwd --smb client samba
Add and remove users
To manage users, the following commands are used: cl-useradd, cl-userdel, cl-usermod, cl-passwd, cl-groupadd, cl-groupdel, cl-groupmod. Their syntax is the same as for the analagous Unix commands.
Instead of smbpasswd, use cl-passwd for changing users' passwords, including the one for the administrator of Windows computers.
Example of adding the test user:
cl-useradd test sambaExample of changing password for the test user:
cl-passwd test sambaExample of adding a user to the primary group Domain Admins:
cl-useradd -g 'Domain Admins' test sambaNote that the samba option is appended to the command.
Set permissions
Setting access rights to the filesystem
To set file permissions on the server, use the ACL (Access Control List). By changing files permissions, you can restrict access to them; this applies both to Windows and Linux clients.
Access rights apply to files as well as to directories. You can specify the permissions on the file's owner or the group. While the Windows client will only recognize the Samba group, the Linux system will display the names of both Unix and Samba groups. Therefore, is preferable to use the Samba group to set access rights.
To create a Samba group, named "manager", type:
cl-groupadd manager sambaTo create a Unix group, named "job", execute:
cl-groupadd job unixDetailed configuration of access rights using ACL is described in "Setting filesystem ACL"
Configuring access rights for Windows users
How to change access rights to shared files on the server is described above.
To configure additional rights on Windows machines, such as: the ability to install programs, to exit the domain, etc., use the Samba group.
Example of granting the test user with the domain administrator rights:
cl-groupmod -a test 'Domain Admins' samba
Structure of Samba groups
Samba groups can be of the following types:- Domain Groups (type 2)
- Local groups (type 4)
- Built-in groups (type 5)
Groups created default
Domain groups
Domain groups are Global groups that operate in the domain.
- Domain Admins have full access to the domain computers.
- Domain Guests have minimal rights.
- Domain Users
- Domain Computers
Local groups
Local groups are used locally on the computer.
There are no local groups.
Built-in groups
Built-in groups are groups built into the system.
- Administrators have full rights.
- Account Operators create and manage user account information, create and manage groups, backup files and directories.
- Backup Operators backup, restore from a backup, halt the system.
- Print Operators manage printers and make backups.
- Replicators. This group is used by FRS File Replication on domain controllers.
- System Operators change the system time, halt the system, shutdown from a remote system, backup, restore from backup, lock the server or override the server lock, format the hard disk when needed, manage network directories, handle printers.
Creating a Samba group
Creating the domain group test. By default, a domain group is created, group type 2.
cl-groupadd test sambaCreating a built-in group Power Users for users with additional rights:
cl-groupadd -g 547 --rid 547 -t 5 'Power Users' sambaWhere:
- g is the identifier of group 547 (Group ID)
- rid is the unique identifier 547 (RID)
- t is the group type 5 (built-in group)
Viewing information
To view information about users and groups on the server, use the cl-info command:
Listing all unix users:
cl-info -u unixListing all samba users:
cl-info -u sambaGetting info about a unix service user:
cl-info -U <user name> unixGetting info about a samba service user:
cl-info -U <user name> sambaListing all existing groups for the unix service:
cl-info -g unixListing all existing groups for the samba service
cl-info -g sambaGetting info about the unix service group:
cl-info -G <group name> unixGetting info about the samba service group:
cl-info -G <group name> samba
