Notes for Week 14

  1. Sample /etc/samba/smb.conf:
        workgroup = lab265
        dos charset = cp850
        unix charset = ISO-8859-1
        log file = /var/log/samba/log.%M
        vfs objects = audit
        log level = 0 vfs:2
        max log size = 0
        path = /srv/networking
        valid users = john,jack,jill
        writeable = yes
        comment = Home Directories
        browseable = no
        writable = yes
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        printable = yes
    This establishes three shares:

    1. a private share called networking, accessible by users john, jack and jill; private shares are defined separately for each shared directory or file.
      Your smb.conf file does not contain this share.
    2. a share called homes, where each user gets their own directory in /home/username. The public share is an easy way to share multiple directories under one share name (the directory is determined by the name of the user accessing the share).
      You could restrict access to this share to the server (both IP addresses) and the local network, as follows:
      hosts allow = 192.168.1.
      hosts deny =
      If restricting access by IP address, your IP address must be in the list for you to access the share.
      For each user to log in, you need to create a UNIX user (using useradd -m) and add that user to the samba passwd file using
      smbpasswd -a user
      The username and password used in the smbpasswd command must be those used to connect to the share from the client.
    3. a printer share (which would include all defined printers).

    Logging is to a separate file for each host; audit information on file access goes to the system log file (level 2 = directory operations plus file open and close).

  2. Test the validity of your smb.conf file with testparm before restarting samba (/etc/rc.d/init.d/samba restart).
  3. Use
    smbclient -L netbiosname -U test
    to list shares available from a samba server.
    This must be done slightly differently when accessing a Windows server:
    smbclient -L actual_netbiosname -I IP_address -U user_name
    However, it may not be possible to list available shares on a Windows 7 or Vista system using smbclient. Those versions use Link-local Multicast Name Resolution (llmnr) to the multicast address in order to implement network discovery. You can try turning off network discovery on the Windows side (to force it to use WINS), or you can try adding wins to /etc/nsswitch.conf after "dns" on the hosts line.
  4. To access a samba share:
    smbclient //actual_netbiosname/share name -U user_name
    You will then enter the smb shell; available commands include

  5. A file is printed using
    smbspool smb://host/printer local.file
    See /usr/doc/samba-4.0.9/swat/help/welcome.html for more details.
  6. All authorization information is kept in /var/lib/samba/private.
  7. EXERCISES for Week 14:

    1. Modify your smb.conf file as follows:
      1. Add the line
        netbios name = cnnn
        (where nnn is your PC number) to the global section.
      2. Change the workgroup to "islandn" (where n = 1, 2, 3 or 4).
      3. Add a private share for payroll users tom, dick and harry.
      Check it with testparm and restart samba. Check the tail of the system log file, as well as the samba log files.
    2. List your shares from both your PC and another.
    3. Add samba passwords for tom, dick and harry (make their passwords the same as their user names).

      echo name>name in each of their home directories. echo payroll>payroll in the /srv/payroll directory.

      Use smbclient, both from your PC and from another, to examine and modify the files in their shares.

    4. Access the payroll share using smbclient, both from your PC and another. Do a ps aux while the share is accessible, both on the client PC and on the server (look for new processes servicing the share). Re-examine the samba log files.
    5. Modify your smb.conf to allow only the PCs on your island, and the instructor's PC (, to access the homes share. Restart samba and test it from both your island and another.
    6. Start another PC up using Windows. From a command prompt,
      net use drive-letter: \\IP-address\homes
      Enter the appropriate user and password, and open the share (from My Computer). To un-mount, right click on the drive letter and choose "Disconnect".
    7. Share a directory on the Windows system (you may have to turn sharing on in the network control panel, as an administrator):

      1. Right-click on the directory, and choose "Properties"
      2. Click on the "Share" tab
      3. Click on "Advanced Sharing"
      4. Click the box to share the directory, then click "Apply"

      Open it from your PC using Linux and smbclient.

©2015, Kenneth R. Koehler. All Rights Reserved. This document may be freely reproduced provided that this copyright notice is included.

Please send comments or suggestions to the author.