The most typical use of Samba is to make Unix home directories or shared files available on Windows. Being most comfortable on the command line, I generally do this by opening a Command Prompt and entering NET USE commands. The command NET USE O: \\boson\mapdata, for example, that I might use to make files available on a Windows laptop, is the same form of the command that I would use to map shares from other Windows systems. To see a list of what is mapped, I only need to type NET USE. When I want to map a drive, I can also add the username and password on the same line, ending up with a command such as NET USE O: \\boson\mapdata /USER:sbob look@that or I can let the system prompt me to enter this information.
C:\Users\shs>net use New connections will be remembered. Status Local Remote Network ------------------------------------------------------------------------------- OK Z: \\192.168.1.148\homes Microsoft Windows Network The command completed successfully.
In a NET USE command, the string that follows \\ is the name or address of the server that is sharing files and the name that follows the next \ is the share name. Were we to look at the /etc/samba/smb.conf file, we might notice that mapdata is actually something like /opt/apps/mapdata. If we're looking at a Windows share, the same thing might be true. We might be looking at C:\Program Files\maps\mapdata while the share name is just mapdata.
To map a Windows drive on a Unix system, we need to use a mount command and specify the file system type as "cifs". For example:
# mkdir /mnt/winhome # mount -t cifs //win7/users/sbob /mnt/winhome -o username=sbob,password=look@that
CIFS is really just another name for SMB, the protocol that Windows uses to share files and printers and that Samba was named after. It's a more recent implementation of the SMB protocol with some significant enhancements.
Once a Windows share is mounted on a Unix system, you will see it when you use the mount command, though with a lot more information than you see for a mounted Unix file system.
# mount ... //win7/users/sbob on /mnt/winhome type cifs (rw,relatime,vers=1.0,sec=ntlm,cache=loose, unc=\\win7\users,username=sbob,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.123, file_mode=0755,nounix,serverino,rsize=61440,wsize=65536,actimeo=1)
You unmount the share with the typical umount command:
For files that need to move between Unix and Windows, this means that the files can be shared from whichever end of the connection makes the most sense.
To install Samba on a Linux system, you need at least the samba package. If you want to administer it with a desktop tool, you can add system-config-samba. For mounting Windows shares on Linux, you also need cifs-utils package.
Once the packages are installed, you need to adjust your firewall settings, assuming iptables is running. This means opening up the ports that Samba requires -- UDP ports 137 and 138, and TCP ports 139 and 445. These ports will respectivly support netbios-ns, netbios-dgm, netbios-ssn and microsoft-ds. You can open these ports for everyone by adding commands like these to your /etc/sysconfig/iptables file:
-A INPUT -m state --state NEW -p UDP --dport 137 -j ACCEPT -A INPUT -m state --state NEW -p UDP --dport 138 -j ACCEPT -A INPUT -m state --state NEW -p TCP --dport 139 -j ACCEPT -A INPUT -m state --state NEW -p TCP --dport 445 -j ACCEPT
Alternately, you can restrict access to a particular subnet by adding the subnet to the commands like this:
-A INPUT -m state --state NEW -p UDP -s 192.168.0.0/24 --dport 137 -j ACCEPT -A INPUT -m state --state NEW -p UDP -s 192.168.0.0/24 --dport 138 -j ACCEPT -A INPUT -m state --state NEW -p TCP -s 192.168.0.0/24 --dport 139 -j ACCEPT -A INPUT -m state --state NEW -p TCP -s 192.168.0.0/24 --dport 445 -j ACCEPT
Once these commands are added to your iptables configuration file (/etc/sysconfig/iptables), you need to restart iptables. On Fedora and RedHat systems, this is done with the command systemctl restart iptables.service.
You will also need to establish passwords for your samba users. There are actually several ways to do that these days, but the default is to use tdbsam. Look for the passdb backend setting in your /etc/samba/smb.conf file to see your setting. Keep in mind that lines starting with # or ; are inactive.
# grep passdb /etc/samba/smb.conf passdb backend = tdbsam
You can add each user who needs access to Samba shares on their Windows system with the smbpasswd command (e.g., smbpasswd -a sbob). The password will be added to passdb.tdb (/var/lib/samba/private/passdb.tdb) on some Linux systems.
Of course, you need to decide what you're doing to be sharing from the Linux side and make the needed changes to /etc/samba/smb.conf. For home directories, you'll use something like this:
[homes] comment = Home Directories browseable = no read only = no create mode = 0750
You can add other directories as needed. If you include a username setting, you can restrict the sharing to one or more specific users:
[managers] path = /home/manager/reports guest ok = no writable = yes username = john, don, juan
Whenever you make changes to your configuration file, you have to restart your smbd service.
# systemctl restart smb.service
To view what is currently shared on your Windows system, use the NET SHARE command.
C:\Users\shs>net share Share name Resource Remark ------------------------------------------------------------------------------- C$ C:\ Default share print$ C:\Windows\system32\spool\drivers Printer Drivers IPC$ Remote IPC ADMIN$ C:\Windows Remote Admin Users C:\Users
You can see that in this example, the C:\Users folder is shared. Therefore, we were able to mount sbob's home on our Linux box.