[Samba] Samba File Sharing- Some Doubts?
Sadanapalli, Pradeep Kumar (MED, TCS)
Pradeep.Sadanapalli at med.ge.com
Fri Jan 31 15:52:02 GMT 2003
Thank you very much John,
your response really cleared many of my doubts. But I am still unable to
share my files using Samba.
I configured samba on my Linux box, but the linux system is not visible
from the windows machine in the particular
domain I want it to appear. I donot know where I made mistake. I am
sending u the smb.conf below, please
tell me how to get it work.
"My smb.conf FILE"
log file = /var/log/samba/%m.log
smb passwd file = /etc/samba/smbpasswd
load printers = yes
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
obey pam restrictions = yes
encrypt passwords = yes
dns proxy = no
server string = Pradeep's Samba
writeable = yes
printing = lprng
default = printers
unix password sync = Yes
workgroup = AMERICA ### This is my Windows Domain
security = user
preferred master = no
max log size = 0
pam password change = yes
path = /home/pradeep
comment = Pradeep Home Dir Samba Share
valid users = %S
public = yes
create mode = 0664
directory mode = 0775
# This one is useful for people to share files
comment = Temporary file space
path = /tmp
read only = no
public = yes
From: john.nelson at teradyne.com [mailto:john.nelson at teradyne.com]
Sent: Thursday, January 30, 2003 3:06 PM
To: Sadanapalli, Pradeep Kumar (MED, TCS)
Subject: Re: [Samba] Samba File Sharing- Some Doubts?
>My issues are :
Before addressing the specifics of your questions: you need to decide
what approach to security you want to use. This is one of the most
complex parts of Samba, primarily because Samba acts as a bridge between
two very dissimilar systems. Samba provides a wide variety of choices,
because there is no "one size fits all" solution that will satisfy
>1. Do I need to join the domain for sharing my files with them?
No. The primary reason for having a Samba server join an Windows domain
is to allow the Windows domain controller to do user authentication,
rather than maintaining a separate password file on the Samba server.
>2. Do I need to have a login account for my linux machine on windows
While this is not normally visible to users, this is just how domain
membership works. The domain member computer has a special "machine
account" on the domain controller - during authentication, the domain
member system presents it's account password to prove to the domain
controller that it really is the computer that it's name suggests that
This is not normally visible when using the Microsoft domain tools, but
IS how it works underneath. When using Samba as a domain controller,
underlying mechanisms of implementing domain membership are more
which is why the "machine account" stuff appears in the Samba
>3. If a windows domain member needs to view my files, does he/she need
> account on my machine or his domain account is enough?
You have some more choices here.
You need to decide what Unix userid will be used for accessing files on
the Samba server. If you want all connections to use the same Unix
userid, then you should use the "guest" facility of Samba to specify the
account that will be used by all windows users connecting to Samba.
If you want to use different Unix userids for different Windows users,
then you need to define how the accounts map to each other. The default
is to map accounts by name: in other words, you need a Unix account to
match each Windows account name. When the Windows user connects, all
operations done on his behalf will be done using the matching Unix
account. Note that this is independent of how you've configured
You can have Samba automatically create a unix account on the fly for
Windows account that successfully authenticates by using the "add user
Alternatively, you can explicitly define a mapping of Windows account
names to Unix account names using the samba "username map" facility.
On systems that support it, you can use winbindd (which isn't strictly
part of Samba) to map Windows domain accounts and groups onto your
Unix/Linux system. This approach tightly binds your Unix/Samba
environment to a Windows domain.
>4. Who will authenticate the users for file sharing, my linux box or
>windows domain controller? If so, how should
> I configure samba?
Again, you can choose to configure it either way. If you have your
system join the domain (or use the domain controller as a password
server), then it will be the windows domain controller doing
authentication. If not, it will be the linux system (probably). There
are other possible authentication approaches involving LDAP et. al.
>If anyone has already explored these issues , pls share with me. Thanks
This, in my humble opinion, is the biggest flaw in the Samba
documentation. A new administrator of Samba MUST understand the choices
he needs to make, and the ramifications of those choices. There's
of detailed information about how to set up one configuration or
and not enough information about what the decisions ARE, and how to
evaluate the trade-offs involved.
More information about the samba