Samba swings both ways

The most typical use of Samba is to make Unix home directories or shared files available on Windows. Being most comfortable on the command line, I generally do this by opening a Command Prompt and entering NET USE commands. The command NET USE O: \\boson\mapdata, for example, that I might use to make files available on a Windows laptop, is the same form of the command that I would use to map shares from other Windows systems. To see a list of what is mapped, I only need to type NET USE. When I want to map a drive, I can also add the username and password on the same line, ending up with a command such as NET USE O: \\boson\mapdata /USER:sbob look@that or I can let the system prompt me to enter this information.

C:\Users\shs>net use
New connections will be remembered.


Status       Local     Remote                    Network

-------------------------------------------------------------------------------
OK           Z:        \\192.168.1.148\homes     Microsoft Windows Network
The command completed successfully.

In a NET USE command, the string that follows \\ is the name or address of the server that is sharing files and the name that follows the next \ is the share name. Were we to look at the /etc/samba/smb.conf file, we might notice that mapdata is actually something like /opt/apps/mapdata. If we're looking at a Windows share, the same thing might be true. We might be looking at C:\Program Files\maps\mapdata while the share name is just mapdata.

To map a Windows drive on a Unix system, we need to use a mount command and specify the file system type as "cifs". For example:

# mkdir /mnt/winhome
# mount -t cifs //win7/users/sbob /mnt/winhome -o username=sbob,password=look@that

CIFS is really just another name for SMB, the protocol that Windows uses to share files and printers and that Samba was named after. It's a more recent implementation of the SMB protocol with some significant enhancements.

Once a Windows share is mounted on a Unix system, you will see it when you use the mount command, though with a lot more information than you see for a mounted Unix file system.

# mount
...
//win7/users/sbob on /mnt/winhome type cifs (rw,relatime,vers=1.0,sec=ntlm,cache=loose,
unc=\\win7\users,username=sbob,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.1.123,
file_mode=0755,nounix,serverino,rsize=61440,wsize=65536,actimeo=1)

You unmount the share with the typical umount command:

umount /mnt/winhome

For files that need to move between Unix and Windows, this means that the files can be shared from whichever end of the connection makes the most sense.

To install Samba on a Linux system, you need at least the samba package. If you want to administer it with a desktop tool, you can add system-config-samba. For mounting Windows shares on Linux, you also need cifs-utils package.

Once the packages are installed, you need to adjust your firewall settings, assuming iptables is running. This means opening up the ports that Samba requires -- UDP ports 137 and 138, and TCP ports 139 and 445. These ports will respectivly support netbios-ns, netbios-dgm, netbios-ssn and microsoft-ds. You can open these ports for everyone by adding commands like these to your /etc/sysconfig/iptables file:

-A INPUT -m state --state NEW -p UDP --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -p UDP --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -p TCP --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -p TCP --dport 445 -j ACCEPT

Alternately, you can restrict access to a particular subnet by adding the subnet to the commands like this:

-A INPUT -m state --state NEW -p UDP -s 192.168.0.0/24 --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -p UDP -s 192.168.0.0/24 --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -p TCP -s 192.168.0.0/24 --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -p TCP -s 192.168.0.0/24 --dport 445 -j ACCEPT

Once these commands are added to your iptables configuration file (/etc/sysconfig/iptables), you need to restart iptables. On Fedora and RedHat systems, this is done with the command systemctl restart iptables.service.

You will also need to establish passwords for your samba users. There are actually several ways to do that these days, but the default is to use tdbsam. Look for the passdb backend setting in your /etc/samba/smb.conf file to see your setting. Keep in mind that lines starting with # or ; are inactive.

# grep passdb /etc/samba/smb.conf
	passdb backend = tdbsam

You can add each user who needs access to Samba shares on their Windows system with the smbpasswd command (e.g., smbpasswd -a sbob). The password will be added to passdb.tdb (/var/lib/samba/private/passdb.tdb) on some Linux systems.

Of course, you need to decide what you're doing to be sharing from the Linux side and make the needed changes to /etc/samba/smb.conf. For home directories, you'll use something like this:

[homes]
   comment = Home Directories
   browseable = no
   read only = no
   create mode = 0750

You can add other directories as needed. If you include a username setting, you can restrict the sharing to one or more specific users:

[managers]
    path = /home/manager/reports
    guest ok = no
    writable = yes
    username = john, don, juan

Whenever you make changes to your configuration file, you have to restart your smbd service.

# systemctl restart smb.service

To view what is currently shared on your Windows system, use the NET SHARE command.

C:\Users\shs>net share

Share name   Resource                        Remark

-------------------------------------------------------------------------------
C$           C:\                             Default share
print$       C:\Windows\system32\spool\drivers
                                             Printer Drivers
IPC$                                         Remote IPC
ADMIN$       C:\Windows                      Remote Admin
Users        C:\Users

You can see that in this example, the C:\Users folder is shared. Therefore, we were able to mount sbob's home on our Linux box.

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies