&author.tridge; &author.jelmer; KarlAuer Binary packages of samba are included in almost any Linux or Unix distribution. There are also some packages available at the samba homepage. If you need to compile samba from source, check the appropriate appendix chapter. Samba's configuration is stored in the smb.conf file, that usually resides in /etc/samba/smb.conf or /usr/local/samba/lib/smb.conf. You can either edit this file yourself or do it using one of the many graphical tools that are available, such as the web-based interface swat, that is included with samba. There are sample configuration files in the examples subdirectory in the distribution. I suggest you read them carefully so you can see how the options go together in practice. See the man page for all the options. The simplest useful configuration file would be something like this: [global] workgroup = MYGROUP [homes] guest ok = no read only = no which would allow connections by anyone with an account on the server, using either their login name or "homes" as the service name. (Note that I also set the workgroup that Samba is part of. See BROWSING.txt for details) Make sure you put the smb.conf file in the same place you specified in theMakefile (the default is to look for it in /usr/local/samba/lib/). For more information about security settings for the [homes] share please refer to the chapter Securing Samba. It's important that you test the validity of your smb.conf file using the testparm program. If testparm runs OK then it will list the loaded services. If not it will give an error message. Make sure it runs OK and that the services look reasonable before proceeding. Always run testparm again when you change smb.conf! SWAT is a web-based interface that helps you configure samba. SWAT might not be available in the samba package on your platform, but in a seperate package. Please read the swat manpage on compiling, installing and configuring swat from source. To launch SWAT just run your favorite web browser and point it at "http://localhost:901/". Replace localhost with the name of the computer you are running samba on if you are running samba on a different computer then your browser. Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent in the clear over the wire. $ smbclient -L yourhostname You should get back a list of shares available on your server. If you don't then something is incorrectly setup. Note that this method can also be used to see what shares are available on other LanManager clients (such as WfWg). If you choose user level security then you may find that Samba requests a password before it will list the shares. See the smbclient man page for details. (you can force it to list the shares without a password by adding the option -U% to the command line. This will not work with non-Samba servers) $ smbclient //yourhostname/aservice Typically the yourhostname would be the name of the host where you installed &smbd;. The aservice is any service you have defined in the &smb.conf; file. Try your user name if you just have a [homes] section in &smb.conf;. For example if your unix host is bambi and your login name is fred you would type: $ smbclient //bambi/fred Try mounting disks. eg: C:\WINDOWS\> net use d: \\servername\service Try printing. eg: C:\WINDOWS\> net use lpt1: \\servername\spoolservice C:\WINDOWS\> print filename Then you might read the file chapter Diagnosis and the FAQ. If you are still stuck then try to follow the Analysing and Solving Problems chapter Samba has been successfully installed at thousands of sites worldwide, so maybe someone else has hit your problem and has overcome it. By default Samba uses a blank scope ID. This means all your windows boxes must also have a blank scope ID. If you really want to use a non-blank scope ID then you will need to use the 'netbios scope' smb.conf option. All your PCs will need to have the same setting for this to work. I do not recommend scope IDs. One area which sometimes causes trouble is locking. There are two types of locking which need to be performed by a SMB server. The first is "record locking" which allows a client to lock a range of bytes in a open file. The second is the "deny modes" that are specified when a file is open. Record locking semantics under Unix is very different from record locking under Windows. Versions of Samba before 2.2 have tried to use the native fcntl() unix system call to implement proper record locking between different Samba clients. This can not be fully correct due to several reasons. The simplest is the fact that a Windows client is allowed to lock a byte range up to 2^32 or 2^64, depending on the client OS. The unix locking only supports byte ranges up to 2^31. So it is not possible to correctly satisfy a lock request above 2^31. There are many more differences, too many to be listed here. Samba 2.2 and above implements record locking completely independent of the underlying unix system. If a byte range lock that the client requests happens to fall into the range 0-2^31, Samba hands this request down to the Unix system. All other locks can not be seen by unix anyway. Strictly a SMB server should check for locks before every read and write call on a file. Unfortunately with the way fcntl() works this can be slow and may overstress the rpc.lockd. It is also almost always unnecessary as clients are supposed to independently make locking calls before reads and writes anyway if locking is important to them. By default Samba only makes locking calls when explicitly asked to by a client, but if you set "strict locking = yes" then it will make lock checking calls on every read and write. You can also disable by range locking completely using "locking = no". This is useful for those shares that don't support locking or don't need it (such as cdroms). In this case Samba fakes the return codes of locking calls to tell clients that everything is OK. The second class of locking is the "deny modes". These are set by an application when it opens a file to determine what types of access should be allowed simultaneously with its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE or DENY_ALL. There are also special compatibility modes called DENY_FCB and DENY_DOS.