David Wood, firstname.lastname@example.org, 20 April 2000
This is the SMB HOWTO. This document describes how to use the Server Message Block (SMB) protocol, also called the Session Message Block, NetBIOS or LanManager protocol, with Linux using Samba.
Copyright (c) 2000 David Wood.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections , with no Front-Cover Texts and with no Back-Cover Texts. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html.
This is the SMB HOWTO. This document describes how to use the Server Message Block (SMB) protocol, also called the Session Message Block, NetBIOS or LanManager protocol, with Linux using Samba. Although this document is Linux-centric, Samba runs on most Unix-like operating systems.
This document is maintained by David Wood ( email@example.com). Additions, modifications or corrections may be mailed there for inclusion in the next release.
Much more Samba documentation is available at the Samba Web site, located at http://www.samba.org/. There is a tremendous amount of information there; please have a look before asking for help! You also might try the comp.protocols.smb newsgroup.
The SMB protocol is used by Microsoft Windows 3.11, NT and 95/98 to share disks and printers. Using the Samba suite of tools by Andrew Tridgell ( Andrew.Tridgell@anu.edu.au), UNIX (including Linux) machines can share disk and printers with Windows hosts. The smbfs tools by Paal-Kr. Engstad ( firstname.lastname@example.org) and Volker Lendecke ( email@example.com) enable Unix machines to mount SMB shares from Windows or Samba hosts.
There are four basic things that one can do with Samba:
All of these are covered in this document, plus a few other odds and ends.
Disclaimer: The procedures and scripts either work for the author or have been reported to work by the people that provided them. Different configurations may not work with the information given here. If you encounter such a situation, please e-mail the author with suggestions for improvement in this document.
Please note that for Windows 3.x machines to access SMB shares, they must have a TCP/IP stack and the Win32s DLLs. Both of these are available on Microsoft's Web site ( http://www.microsoft.com). As of the writing of this version of the HOWTO, Microsoft are reportedly requiring a subscription to the Microsoft Software Developers Network (MSDN) to download the TCP/IP-32 stack for Windows 3.x from their Web site. Since this software used to be free, many older copies are in existance and may be acquired from friends and user group contacts.
This HOWTO attempts to explain how to configure basic SMB file and print services on a Linux machine. Samba is a very complex and complete package. There would be no point in attempting to duplicate all of the documentation for Samba here.
For further information, please see the following documents:
First, in order to use Samba your machines must be on a single ethernet LAN segment using the TCP/IP protocol. Samba will not work using other network protocols. This is generally easy since Linux and Windows 95/98/NT ship with TCP/IP support. However, if you are using Windows 3.X machines TCP/IP support will need to be added. One of the most common questions that I get asked is why Samba "isn't working" when Windows machines are not using TCP/IP.
In order to setup Windows 95/98 to use TCP/IP, select Control Panel | Network, then add and configure Microsoft TCP/IP. Under Windows NT, select Control Panel | Network | Protocols.
To get the latest source version of Samba, go to this URL and pick the closest mirror site to you: ftp://ftp.samba.org/.
In most cases, though, your Linux distribution will already come with an installable package containing a recent version of Samba.
The following two daemons are required for the Samba package. They are typically installed in /usr/sbin and run either on boot from the systems startup scripts or from inetd. Example scripts are shown in Running the Daemons.
smbd (The SMB daemon) nmbd (Provides NetBIOS nameserver support to clients)
Please note that the name service provided by the nmbd daemon is different from the name service provided by the Domain Name Service (DNS). NetBIOS name service is a 'Windows-style' name service used for SMB. In other words, having DNS name service tells you nothing about the state of the ability for Samba to resolve host names.
Typically, the following Samba binaries are installed in /usr/bin or /usr/local/samba/bin, although the location is optional.
smbclient (An SMB client for UNIX machines) smbprint (A script to print to a printer on an SMB host) smbprint.sysv (As above, but for SVR4 UNIX machines) smbstatus (Lists the cuurent SMB connections for the local host) smbrun (A 'glue' script to facilitate runnning applciations on SMB hosts)
The binaries for smbfs file system support are discussed later in this document.
Additionally, a script called 'print' is included with this HOWTO, which serves as a useful front end to the smbprint script.
The Samba package is simple to install. Simply retrieve the source from the location mentioned above, and read the file README in the distribution. There is also a file called docs/INSTALL.txt in the distribution that provides a simple step-by-step set of instructions.
Following installation, place the daemons in /usr/sbin and the binaries in /usr/bin. Install the man pages in /usr/local/man.
When you made the Samba package, you would have specified in the Makefile the location for the configuration file, smb.conf. This is generally in /etc, but you can put it anywhere you like. For these directions, we will presume that you specified the location of the configuration file as /etc/smb.conf, the log file location as log file = /var/log/samba-log.%m and the lock directory as lock directory = /var/lock/samba.
Install the configuration file, smb.conf. Go to the directory where Samba was built. Look in the subdirectory examples/simple and read the file README. Copy the file smb.conf found in that directory to /etc. BE CAREFUL! If you have a Linux distribution that already has Samba installed, you may already have a Samba configuration file in /etc. You should probably start with that one.
If you don't want to have your configuration file in /etc, put it wherever you want to, then put a symlink in /etc:
ln -s /path/to/smb.conf /etc/smb.conf
The two SMB daemons are /usr/sbin/smbd and /usr/sbin/nmbd. Under most Linux distributions, these are started, stoped and restarted via the startup script located in /etc/rc.d/init.d/smb and symlinked to the appropriate runlevels.
If you choose not to use the standard startup script, you can run the Samba daemons from inetd or as stand-alone processes. Samba will respond slightly faster as a standalone daemon than running from inetd.
In either case, you should check the file /etc/services for lines that look like this:
Make sure they are all uncommented. Depending on your distribution, you may even need to add them. Samba will not be able to bind to the appropriate ports unless /etc/services has these entries.
To run the daemons from inetd, place the following lines in the inetd configuration file, /etc/inetd.conf:
Then restart the inetd daemon by running the command:
kill -HUP `cat /var/run/inetd.pid`
To run the daemons from the system startup scripts, put the following script in file called /etc/rc.d/init.d/smb (for most distributions) and symbolically link it to the files specified in the comments:
If when starting Samba you get an error that says something about the daemon failing to bind to port 139, then you probably have another Samba process already running that hasn't yet shut down. Check a process list (with 'ps auxww | grep mbd') to determine if another Samba service is running.
Samba configuration on a Linux (or other UNIX machine) is controlled by a single file, /etc/smb.conf. This file determines which system resources you want to share with the outside world and what restrictions you wish to place on them.
Since the following sections will address sharing Linux drives and printers with Windows machines, the smb.conf file shown in this section is as simple as you can get, just for introductory purposes.
Don't worry about the details, yet. Later sections will introduce the major concepts.
Each section of the file starts with a section header such as [global], [homes], [printers], etc.
The [global] section defines a few variables that Samba will use to define sharing for all resources.
The [homes] section allows a remote users to access their (and only their) home directory on the local (Linux) machine). That is, users trying to connect to this share from Windows machines, will be connected to their personal home directories. Note that to do this, they must have an account on the Linux box.
The sample smb.conf file below allows remote users to get to their home directories on the local machine and to write to a temporary directory. For a Windows user to see these shares, the Linux box has to be on the local network. Then the user simply connects a network drive from the Windows File Manager or Windows Explorer.
Note that in the following sections, additional entries for this file will be given to allow more resources to be shared.
Having written a new smb.conf, it is useful to test it to verify its correctness. You can test the correctness of a smb.conf file , using the 'testparm' utility (man page: testparm); if testparm reports no problems, smbd will correctly load the configuration file.
Here's a good trick: If your Samba server has more than one ethernet interface, the smbd may bind to the wrong one. If so, you can force it to bind to the intended one by adding a line that looks like this to the [global] section of /etc/smb.conf:
where you replace the IP address above with the one that is assigned to the correct ethernet interface. The "24" is correct for a Class C network, but may have to be recalculated if you have subnetted the network. The number relates to the netmask. Numbers for other classes of networks are given in the IP-Masquerade mini-HOWTO.
There is now a GUI configuration tool for Samba: GtkSamba. See http://www.open-systems.com/gtksamba.html.
As shown in the simple smb.conf above, sharing Linux drives with Windows users is easy. However, like everything else with Samba, you can control things to a large degree. Here are some examples:
To share a directory with the public, create a clone of the [tmp] section above by adding something like this to smb.conf:
To make the above directory readable by the public, but only writable by people in group staff, modify the entry like this:
It used to be that easy; you would now be able to start Samba and browse the shares from a Windows PC. However, Microsoft has recently made life slightly more difficult for those using Samba. Windows 98, Windows NT (service pack 3 or higher) and later builds of Windows 95 now use encrypted passwords by default. Samba uses unencrypted passwords by default. You can't browse servers when either the client or server is using encrypted passwords, because a connection cannot be made anonymously.
You can tell if you have a password type mismatch between client and server if when you try to connect to a share you see a dialog box which reads something like "You are not authorized to access that account from this machine".
You can either configure your Samba server to use encrypted passwords, or configure the Windows machines to use unencrypted passwords.
To get Windows to work with encrypted SMB passwords:
Windows 95/98 =============
Using the registry editor (regedit), create the registry setting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP Add a new DWORD value: Value Name: EnablePlainTextPassword Data: 0x01.
Windows NT ==========
Using the registry editor (regedit), create the registry setting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rdr\Parameters Add a new DWORD value: Value Name: EnablePlainTextPassword Data: 0x01
Windows 2000 ============
Using the registry editor (regedit), create the registry setting HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters Add a new DWORD value: Value Name: EnablePlainTextPassword Data: 0x01
Once these registry changes have been made, reboot the Windows machine and try to map a network drive on the Samba server again. It should work as long as the Samba server is using plain text passwords.
To configure Samba to use encrypted passwords:
In the [global] section of /etc/smb.conf, add the following lines:
You are highly encouraged to read the files ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation before doing this!
If your clients and server are using encrypted passwords, you will not be able to browse the available shares on the server until an initial connection has been made with the appropriate authentication. To get the initial connection, enter the share name manually in the Windows File Manager or Explorer dialog box, in the form '\\<hostname>\<sharename>'. Log onto the server with a username and password that is valid on the server!
If you suspect that your NetBIOS name service is not correctly configured (perhaps because you get 'host not found' errors when trying to connect), try using just the IP address of the server: '\\<host ip address>\<sharename>'.
In order to get filenames to appear correctly, you may also need to set some options in the appropriate share section. These work for Windows 95/98/NT clients, but may need to be modified if you have Windows 3.X clients:
For other tricks to play with drive shares, see the Samba documentation or man pages.
Note: The bit after the / is a reference to the subnet mask. "24" is the value to use for an unsegmented Class C network. For more information on subnet calculations, you might want to see http://www.ralphb.net/IPSubnet/.
There is a lot more to Samba configuration than this, but this will get you started. If you want to do something more advanced, I refer you to the Samba Web site mentioned above.
Linux (UNIX) machines can also browse and mount SMB shares. Note that this can be done whether the server is a Windows machine or a Samba server!
An SMB client program for UNIX machines is included with the Samba distribution. It provides an ftp-like interface on the command line. You can use this utility to transfer files between a Windows 'server' and a Linux client.
Most Linux distributions also now include the useful smbfs package, which allows one to mount and umount SMB shares. More on smbfs below.
To see which shares are available on a given host, run:
/usr/bin/smbclient -L host
where 'host' is the name of the machine that you wish to view. this will return a list of 'service' names - that is, names of drives or printers that it can share with you. Unless the SMB server has no security configured, it will ask you for a password. Get it the password for the 'guest' account or for your personal account on that machine.
smbclient -L zimmerman
The output of this command should look something like this:
The browse list shows other SMB servers with resources to share on the network.
To use the client, run:
/usr/bin/smbclient service <password>
where 'service' is a machine and share name. For example, if you are trying to reach a directory that has been shared as 'public' on a machine called zimmerman, the service would be called \\zimmerman\public. However, due to shell restrictions, you will need to escape the backslashes, so you end up with something like this:
/usr/bin/smbclient \\\\zimmerman\\public mypasswd
where 'mypasswd' is the literal string of your password.
You will get the smbclient prompt:
Type 'h' to get help using smbclient:
If you can use ftp, you shouldn't need the man pages for smbclient.
Although you can use smbclient for testing, you will soon tire of it for real work. For that you will probably want to use the smbfs package. Smbfs comes with two simple utilties, smbmount and smbumount. They work just like mount and umount for SMB shares.
One important thing to note: You must have smbfs support compiled into your kernel to use these utilities!
The following shows a typical use of smbmount to mount an SMB share called "customers" from a machine called "samba1":
Issuing a mount command will now show the share mounted, just as if it were an NFS export:
Please see the manual pages for smbmount and smbumount for details on the above operation.
To share a Linux printer with Windows machines, you need to make certain that your printer is set up to work under Linux. If you can print from Linux, setting up an SMB share of the printer is stright forward.
Note that Windows users must have an account on the Linux/Samba server in order to print. Windows 95/98 will attempt to authenticate to the print server using the username and password used on login to the Windows box.This means that if you clicked 'Cancel' when logging onto Windows, you can't print (or connect to other SMB services)! Windows NT allows one to explicitely provide a username and password when connecting to a printer.
See the Printing HOWTO to set up local printing.
Add printing configuration to your smb.conf:
Make certain that the printer path (in this case under [ljet]) matches the spool directory in /etc/printcap!
printcap name = /etc/printcap load printers = yes
controls whether all the printers in /etc/printcap should be loaded by default. If you do this, there is no reason to set up printers individually. The section [printers] specifies options for the printers that you wish to explicitly difine. If the printing subsystem you are using doesn't work this way (BSD), you need to set up a fake printcap file (or to use the 'print command' technique, see below). For more information on the printcap system see the Printing HOWTO.
A useful technique to test the network connection is to change the print command to:
print command = cp %S /tmp/print.%P.%S
The resulting file can then be analyzed.
NOTE: There are some problems sharing printers on UNIX boxes with Windows NT machines using Samba. One problem is with NT seeing the shared printer properly. To fix this, see the notes in the Samba distribution in the file docs/WinNT.txt. The other deals with password problems. See the comments in the same file for an annoying gain of understanding and failure to fix the problem.
Oleg L. Machulskiy ( firstname.lastname@example.org) suggests that a better print command to use in the above example would be:
where 'smb2ps' is a script which transforms the spool file received from Windows into usual a usable Postscript file. It must cut off first 3 lines and last 2 lines, because these lines contain some PJL or PCL codes.
That approach is only needed if your Windows machine is printing PCL and not real Postscript. I have found that Windows 95/98/NT don't have a generic Postscript driver per se, but the "Digital turbo Printserver 20" driver acts as a good general Postscript driver for most setups. I have also heard that the "Apple LaserWriter II NTX" driver works for this purpose.
If you are creating a printer spool directory instead of using one created by a Linux distribution's installation utility, be careful of permissions! Neil Fraser ( email@example.com) suggested setting the permissions of the spool directory (in his case, /var/spool/lpd/lpr) to 4755 (note the suid bit). This worked for him when the owner of the directory was 'root' and the group was 'lp'.
Jeff Stern ( firstname.lastname@example.org) reported that he had to set the permissions on his spool directory to 777 in order for non-priviledged users to print, although he notes that he could have also added users to the 'lp' group. This is a decision for local systems administrators; if printing security is an issue, then lock it down. In home environments, you will probably want everyone to be able to print.
Dr. Michael Langner ( email@example.com) points out that write permission problems on the /var/spool/lpd/ tree could be avoided by use something like "path = /tmp" and "print command = lpr -r -P%p %s" instead.
Sometimes, a Postscript parsing error will occur with Postscript printing from Windows machines that causes an extra page to be printed at the end of every print job. The last page will always have "%%[ Lastpage ]%%" at the top of it. This seems to happen with Windows 95 and 98 only and is because the Postscript is malformed.
One way to handle that is to use a script to remove that bit of bad Postscript from the spooled jobs. Another way is to try to find a better Windows Postscript driver. Probably the best way is to us LPRng instead of Postscript to print to a Samba server.
Erik Ratcliffe ( firstname.lastname@example.org) Caldera tells me that using LPRng means that any printer driver can be used from Windows machines. On the Samba server, they used an /etc/printcap entry that looked like this:
LPRng doesn't require :\ at the end of every line. A printer entry will still need to be made in /etc/smb.conf for the physical printer. The print command line needs to use the "raw" entry in /etc/printcap and data must be sent to the printer in binary form. Try a print command line like this:
You may also need to set the spooling on the Windows95 end to print directly to the printer instead of spooling.
If you constantly get a extra page printing at the end of print jobs from Windows clients, try adding an "sf" directive in /etc/printcap. This will suppress form feeds separating jobs, but will not effect form feeds within documents.
To share a printer on a Windows machine, you must do the following:
The /etc/printcap entry below is for an HP 5MP printer on a Windows NT host. The entries are as follows:
cm - comment lp - device name to open for output sd - the printer's spool directory (on the local machine) af - the accounting file mx - the maximum file size (zero is unlimited) if - name of the input filter (script)
For more information, see the Printing HOWTO or the man page for printcap.
Make certain that the spool and accounting directories exist and are writable. Ensure that the 'if' line holds the proper path to the smbprint script (given below) and make sure that the proper device is pointed to (the /dev special file).
Next is the smbprint script itself. It is usually placed in /usr/bin and is attributable to Andrew Tridgell, the person who created Samba as far as I know. It comes with the Samba source distribution, but is absent from some binary distributions, so I have recreated it here.
You may wish to look at this carefully. There are some minor alterations that have shown themselves to be useful.
Most Linux distributions come with nenscript for converting ASCII documents to Postscript. The following perl script makes life easier be providing a simple interface to Linux printing via smbprint.
Usage: print [-a|c|p] <filename> -a prints <filename> as ASCII -c prints <filename> formatted as source code -p prints <filename> as Postscript If no switch is given, print attempts to guess the file type and print appropriately.
Using smbprint to print ASCII files tends to truncate long lines. This script breaks long lines on whitespace (instead of in the middle of a word), if possible.
The source code formatting is done with nenscript. It takes an ASCII file and foramts it in 2 columns with a fancy header (date, filename, etc). It also numbers the lines. Using this as an example, other types of formatting can be accomplished.
Postscript documents are already properly formatted, so they pass through directly.
Now the MagicFilter way. Thanks to Alberto Menegazzi ( email@example.com) for this information.
-------------------------------------------------------------- 1) Install MagicFilter with the filter for the printers you need in /usr/bin/local but DON'T fill /etc/printcap with the suggestion given by the documentation from MagicFilter.
2) Write the /etc/printcap like this way (it's done for my LaserJet 4L):
lp|ljet4l:\ :cm=HP LaserJet 4L:\ :lp=/dev/null:\ # or /dev/lp1 :sd=/var/spool/lpd/ljet4l:\ :af=/var/spool/lpd/ljet4l/acct:\ :sh:mx#0:\ :if=/usr/local/bin/main-filter:
You should explain that the lp=/dev/... is opened for locking so "virtual" devices one for every remote printer should be used.
Example creating with : touch /dev/ljet4l
3) Write the filter /usr/local/bin/main-filter the same you suggest using the ljet4l-filter instead of cat.
#! /bin/sh logfile=/var/log/smb-print.log spool_dir=/var/spool/lpd/ljet4l ( echo "print -" /usr/local/bin/ljet4l-filter ) | /usr/bin/smbclient "\\\\SHIR\\HPLJ4" -N -P >> $logfile
P.S. : here is the quote from the Print2Win mini-Howto about locking and why creating virtual printers
Hint from Rick Bressler :
Good tip sheet. I use something very similar. One helpful tip, this is not a particularly good idea:
lpr does an 'exclusive' open on the file you specify as lp=. It does this in order to prevent multiple processes from trying to print to the dame printer at the same time.
The side effect of this is that in your case, eng and colour can't print at the same time, (usually more or less transparent since they probably print quickly and since they queue you probably don't notice) but any other process that tries to write to /dev/null will break!
On a single user system, probably not a big problem. I have a system with over 50 printers. It would be a problem there.
The solution is to create a dummy printer for each. Eg: touch /dev/eng.
I have modified the lp entries in the printcap file above to take into account Rick's suggestion. I did the following:
#touch /dev/eng #touch /dev/colour
Adam Neat ( firstname.lastname@example.org) kindly contributed the following script to back up Windows machines to a Linux host, using the smbclient utility. Adam says that it is used to backup Windows 3.x and NT machines to a Linux based DAT SCSI Drive.
Adam is not proud of the coding style used here, but it works. As I like to say, "If it works and its stupid, then it is not stupid".
Another Windows backup script, contributed by Dan Tager ( email@example.com), is provided below. Dan's script also backs up Unix machines via rsh, although that could be modified to use ssh rather easily.
In this script, the string 'agnea1' is the username on the Linux machine that does the backups.
Here's Dan's backup script:
Andrew Tridgell states that SMB host browsing across routers is problematic. Here are his suggestions to allow this:
-------------------------------------------------------------- For cross-subnet (ie. routed) browsing you should do the following. There are other methods but they are much more complex are error prone:
1) all computers that you want visible should use a single WINS server (Samba or NT can do this)
2) the master browser for each subnet must be either NT or Samba. (Win9X doesn't communicate cross-subnet browse info correctly)
3) You should use the same workgroup name on all subnets. This is not strictly necessary but it is the simplest way to guarantee success. If you can't arrange this then you must organise for a way for browse info to propogate between subnets. (It does *not* propogate via WINS). It propogates via two mechanisms: i) each browse master notices workgroup announcements from other browse masters on the same broadcast domain ii) each non-Win9X browse master contacts the global DMB for the workgroup (typically the domain controller or a Samba box marked as the domain master) and swaps full browse info periodically. --------------------------------------------------------------
Also, Rakesh Bharania points out that Cisco routers can be configured to forward SMB traffic in a way that allows browsing. His suggestion is to configure the router interface which hosts SMB clients with a command like this:
where x.x.x.x is the IP address of the SMB server.
Special thanks to Andrew Tridgell ( firstname.lastname@example.org) for starting and directing the Samba project and for keeping this document honest.
Matthew Flint () told me about the use of the 'interfaces' option in smb.conf.
Oleg L. Machulskiy ( email@example.com), Jeff Stern ( firstname.lastname@example.org), Dr. Michael Langner ( email@example.com and Erik Ratcliffe ( firstname.lastname@example.org) suggested modifications to the section on Sharing A Linux Printer With Windows Machines.
Alberto Menegazzi ( email@example.com) contributed the MagicFilter setup to enable a Linux machine to share a Windows printer.
Rakesh Bharania ( firstname.lastname@example.org) contributed the suggestion for Cisco router configuration.
Rich Gregory ( email@example.com) and others suggested that this document show some details about the smbfs package and its use.
Andrea Girotto ( firstname.lastname@example.org) contributed a number of valuable suggestions throughout the document.
Thanks, also, to all of the international translators that have brought this HOWTO to the non-English speaking world: Takeo Nakano ( email@example.com), Klaus-Dieter Schumacher ( Klaus-Dieter.Schumacher@fernuni-hagen.de), Andrea Girotto ( firstname.lastname@example.org), Mathieu Arnold ( email@example.com), Stein Oddvar Rasmussen ( Stein@kongsberg-energi.no) Nilo Menezes ( firstname.lastname@example.org) and many others for whom I don't have contact details.