[Samba] Samba File Sharing- Some Doubts?

Sadanapalli, Pradeep Kumar (MED, TCS) Pradeep.Sadanapalli at med.ge.com
Fri Jan 31 15:52:02 GMT 2003 

Thank you very much John,
your response really cleared many of my doubts. But I am still unable to
share my files using Samba.
I configured samba on my Linux box, but the linux system is not visible
from the windows machine in the particular
domain I want it to appear. I donot know where I made mistake. I am
sending u the smb.conf below, please 
tell me how to get it work. 

"My smb.conf FILE"
         *************************************
[global]
	log file = /var/log/samba/%m.log
	smb passwd file = /etc/samba/smbpasswd
	load printers = yes
	socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
	obey pam restrictions = yes
	encrypt passwords = yes
	dns proxy = no
	server string = Pradeep's Samba
	writeable = yes
	printing = lprng
	default = printers
	unix password sync = Yes
	workgroup = AMERICA           ### This is my Windows Domain
	security = user
	preferred master = no
	max log size = 0
	pam password change = yes

[Linux Pradeep]

path = /home/pradeep
comment = Pradeep Home Dir Samba Share
valid users = %S
public = yes
create mode = 0664
directory mode = 0775

# This one is useful for people to share files

[tmp]

 comment = Temporary file space
 path = /tmp
 read only = no
 public = yes

                  ***************************

Thanks,
Pradeep



-----Original Message-----
From: john.nelson at teradyne.com [mailto:john.nelson at teradyne.com]
Sent: Thursday, January 30, 2003 3:06 PM
To: Sadanapalli, Pradeep Kumar (MED, TCS)
Subject: Re: [Samba] Samba File Sharing- Some Doubts?


>My issues are :

Before addressing the specifics of your questions:  you need to decide 
what approach to security you want to use.  This is one of the most 
complex parts of Samba, primarily because Samba acts as a bridge between

two very dissimilar systems.  Samba provides a wide variety of choices, 
because there is no "one size fits all" solution that will satisfy 
everyone.

>1. Do I need to join the domain for sharing my files with them?

No.  The primary reason for having a Samba server join an Windows domain

is to allow the Windows domain controller to do user authentication, 
rather than maintaining a separate password file on the Samba server.
It's 
your choice.

>2. Do I need to have a login account for my linux machine on windows
>domain?

While this is not normally visible to users, this is just how domain 
membership works.  The domain member computer has a special "machine 
account" on the domain controller - during authentication, the domain 
member system presents it's account password to prove to the domain 
controller that it really is the computer that it's name suggests that
it 
is.

This is not normally visible when using the Microsoft domain tools, but
it 
IS how it works underneath.  When using Samba as a domain controller,
the 
underlying mechanisms of implementing domain membership are more
visible, 
which is why the "machine account" stuff appears in the Samba 
documentation.

>3. If a windows domain member needs to view my files, does he/she need
>to have 
>   account on my machine or his domain account is enough?

You have some more choices here.

You need to decide what Unix userid will be used for accessing files on 
the Samba server.  If you want all connections to use the same Unix 
userid, then you should use the "guest" facility of Samba to specify the

account that will be used by all windows users connecting to Samba.

If you want to use different Unix userids for different Windows users, 
then you need to define how the accounts map to each other.  The default

is to map accounts by name:  in other words, you need a Unix account to 
match each Windows account name.  When the Windows user connects, all 
operations done on his behalf will be done using the matching Unix 
account.  Note that this is independent of how you've configured 
passwords/authentication.

You can have Samba automatically create a unix account on the fly for
each 
Windows account that successfully authenticates by using the "add user 
script" facility.

Alternatively, you can explicitly define a mapping of Windows account 
names to Unix account names using the samba "username map" facility.

On systems that support it, you can use winbindd (which isn't strictly 
part of Samba) to map Windows domain accounts and groups onto your 
Unix/Linux system.  This approach tightly binds your Unix/Samba 
environment to a Windows domain.

>4. Who will authenticate the users for file sharing, my linux box or
>windows domain controller? If so, how should
>   I configure samba?

Again, you can choose to configure it either way.  If you have your
linux 
system join the domain (or use the domain controller as a password 
server), then it will be the windows domain controller doing 
authentication.  If not, it will be the linux system (probably).  There 
are other possible authentication approaches involving LDAP et. al.

>If anyone has already explored these issues , pls share with me. Thanks
>in advance.

This, in my humble opinion, is the biggest flaw in the Samba 
documentation.  A new administrator of Samba MUST understand the choices

he needs to make, and the ramifications of those choices.  There's
plenty 
of detailed information about how to set up one configuration or
another, 
and not enough information about what the decisions ARE, and how to 
evaluate the trade-offs involved.

Good Luck.

More information about the samba mailing list