Working with Samba and NFS - Administration - Linux All-in-One For Dummies, 5th Edition (2014)

Linux All-in-One For Dummies, 5th Edition (2014)

Book V. Administration

Chapter 4. Working with Samba and NFS

In This Chapter

arrow Sharing files with Network File System

arrow Installing and configuring Samba

arrow Setting up a Windows server using Samba

If your local area network is like many others, it needs the capability to share files between systems that run Linux and other systems that don’t. Thus, Linux includes two prominent file-sharing services:

· Network File System (NFS): For sharing files with other Unix systems (or PCs with NFS client software)

· Samba: For file sharing and print sharing with Windows systems

This chapter describes how to share files using both NFS and Samba.

Sharing Files with NFS

Sharing files through NFS is simple and involves two basic steps:

· On the Linux system that runs the NFS server, you export (share) one or more directories by listing them in the /etc/exports file and by running the exportfs command. In addition, you must start the NFS server.

· On each client system, you use the mount command to mount the directories that your server has exported.

The only problem in using NFS is that each client system must support it. Microsoft Windows doesn’t come with NFS, so you have to buy NFS software separately if you want to share files by using NFS. However, using NFS if all systems on your LAN run Linux (or other variants of Unix with built-in NFS support) makes sense.

warning.eps NFS has security vulnerabilities. Therefore you should not set up NFS on systems directly connected to the Internet without using the RPCSEC_GSS security that comes with NFS version 4 (NFSv4).

technicalstuff.eps The Linux 2.6 kernel includes support for NFSv4, which is built on earlier versions of NFS. But unlike earlier versions, NFSv4 has stronger security and was designed to operate in an Internet environment. (RFC 3510 describes NFSv4; seewww.ietf.org/rfc/rfc3530.txt.) NFSv4 uses the RPCSEC_GSS (GSS stands for Generic Security Services) protocol for security. You can continue to use the older user ID- and group ID-based authentication with NFSv4, but if you want to use RPCSEC_GSS you have to run three additional services: rpcsvcgassd on the server, rpsgssd on the client, and rpcidmapd on both the client and the server. For more information about NFSv4 implementation in Linux, visit www.citi.umich.edu/projects/nfsv4/linux.

The next few sections walk you through NFS setup, using an example of two Linux PCs on a LAN.

Exporting a file system with NFS

Start with the server system that exports — makes available to the client systems — the contents of a directory. On the server, you must run the NFS service and also designate one or more file systems to export.

To export a file system, you have to add an appropriate entry to the /etc/exports file. For example, suppose that you want to export the /home directory and you want to enable the host named LNBP75 to mount this file system for read and write operations. You can do so by adding the following entry to the /etc/exports file:

/home LNBP75(rw,sync)

If you want to give access to all hosts on a LAN such as 192.168.0.0, you could change this line to

/home 192.168.0.0/24(rw,sync)

Every line in the /etc/exports file has this general format:

directory host1(options) host2(options) …

The first field is the directory being shared via NFS, followed by one or more fields that specify which hosts can mount that directory remotely and a number of options in parentheses. You can specify the hosts with names or IP addresses, including ranges of addresses.

The options in parentheses denote the kind of access each host is granted and how user and group IDs from the server are mapped to ID the client. (For example, if a file is owned by root on the server, what owner is that on the client?) Within the parentheses, commas separate the options. For example, if a host is allowed both read and write access — and all IDs are to be mapped to the anonymous user (by default, the anonymous user is named nobody) — the options look like this:

(rw,all_squash)

Table 4-1 shows the options you can use in the /etc/exports file. You find two types of options: general options and user ID mapping options.

Table 4-1 Options in /etc/exports

Option

Description

General Options

secure

Allows connections only from ports 1024 or lower (default)

insecure

Allows connections from ports 1024 or higher

ro

Allows read-only access (default)

rw

Allows both read and write access

sync

Performs write operations (writing information to the disk) when requested (by default)

async

Performs write operations when the server is ready

no_wdelay

Performs write operations immediately

wdelay

Waits a bit to see whether related write requests arrive and then performs them together (by default)

hide

Hides an exported directory that’s a subdirectory of another exported directory (by default)

no_hide

Causes a directory to not be hidden (opposite of hide)

subtree_check

Performs subtree checking, which involves checking parent directories of an exported subdirectory whenever a file is accessed (by default)

no_subtree_check

Turns off subtree checking (opposite of subtree_check)

insecure_locks

Allows insecure file locking

User ID Mapping Options

all_squash

Maps all user IDs and group IDs to the anonymous user on the client

no_all_squash

Maps remote user and group IDs to similar IDs on the client (by default)

root_squash

Maps remote root user to the anonymous user on the client (by default)

no_root_squash

Maps remote root user to the local root user

anonuid=UID

Sets the user ID of anonymous user to be used for the all_squash and root_squash options

anongid=GID

Sets the group ID of anonymous user to be used for the all_squash and root_squash options

After adding the entry in the /etc/exports file, manually export the file system by typing the following command in a terminal window:

exportfs -a

This command exports all file systems defined in the /etc/exports file.

Now you can start the NFS server processes.

width= In Debian, start the NFS server by logging in as root and typing /etc/init.d/nfs-kernel-server start in a terminal window. In Fedora, type /etc/init.d/nfs start. In SUSE, type /etc/init.d/nfsserver start. If you want the NFS server to start when the system boots, type update-rc.d nfs-kernel-server defaults in Debian. In Fedora, type chkconfig - -level 35 nfs on. In SUSE, type chkconfig - -level 35 nfsserver on. In Xandros, type update-rc.d nfs-user-server defaults.

When the NFS service is up, the server side of NFS is ready. Now you can try to mount the exported file system from a client system and then access the exported file system as needed.

tip.eps If you ever make any changes to the exported file systems listed in the /etc/exports file, remember to restart the NFS service. To restart a service, invoke the script in the /etc/init.d directory with restart as the argument (instead of the start argument that you use to start the service).

Mounting an NFS file system

To access an exported NFS file system on a client system, you have to mount that file system on a mount point. The mount point is nothing more than a local directory. For example, suppose that you want to access the /home directory exported from the server named LNBP200 at the local directory /mnt/lnbp200 on the client system. To do so, follow these steps:

1. Log in as root and create the directory with this command:

mkdir /mnt/lnbp200

2. Type the following command to mount the directory from the remote system (LNBP200) on the local directory /mnt/lnbp200:

mount lnbp200:/home /mnt/lnbp200

After completing these steps, you can then view and access exported files from the local directory /mnt/lnbp200.

To confirm that the NFS file system is indeed mounted, log in as root on the client system and type mount in a terminal window. You see a line similar to the following about the NFS file system:

lnbp200:/home/public on /mnt/lnbp200 type nfs (rw,addr=192.168.0.4)

technicalstuff.eps NFS supports two types of mount operations — hard and soft. By default, a mount is hard, which means that if the NFS server does not respond, the client keeps trying to access the server indefinitely until the server responds. You can soft mount an NFS volume by adding the -o soft option to the mount command. For a soft mount, the client returns an error if the NFS server fails to respond.

Setting Up a Windows Server Using Samba

If you rely on Windows for file sharing and print sharing, you probably use Windows in your servers and clients. If so, you can still move to a Linux PC as your server without losing Windows file-sharing and print-sharing capabilities; you can set up Linux as a Windows server. When you install Linux from this book’s companion DVD-ROM, you also get a chance to install the Samba software package, which performs that setup. All you have to do is select the Windows File Server package group during installation.

remember.eps After you install and configure Samba on your Linux PC, your client PCs — even if they’re running an old Windows operating system or one of the more recent Windows versions — can access shared disks and printers on the Linux PC. To do so, they use the Common Internet File System (CIFS) protocol, the underlying protocol in Windows file and print sharing.

With the Samba package installed, you can make your Linux PC a Windows client, which means that the Linux PC can access the disks and printers that a Windows server manages. At the same time, your Linux PC can be a client to other Windows systems on the network.

The Samba software package has these major components:

· /etc/samba/smb.conf: The Samba configuration file that the SMB server uses.

· /etc/samba/smbusers: A Samba configuration file that shows the Samba usernames corresponding to usernames on the local Linux PC.

· nmbd: The NetBIOS name server, which clients use to look up servers. (NetBIOS stands for Network Basic Input/Output System — an interface that applications use to communicate with network transports, such as TCP/IP.)

· nmblookup: A command that returns the IP address of a Windows PC identified by its NetBIOS name.

· smbadduser: A program that adds users to the SMB (Server Message Block) password file.

· smbcacls: A program that manipulates Windows NT access control lists (ACLs) on shared files.

· smbclient: The Windows client, which runs on Linux and allows Linux to access the files and printer on any Windows server.

· smbcontrol: A program that sends messages to the smbd, nmbd, or winbindd processes.

· smbd: The SMB server, which accepts connections from Windows clients and provides file-sharing and print-sharing services.

· smbmount: A program that mounts a Samba share directory on a Linux PC.

· smbpasswd: A program that changes the password for an SMB user.

· smbprint: A script that enables printing on a printer on an SMB server.

· smbstatus: A command that lists the current SMB connections for the local host.

· smbtar: A program that backs up SMB shares directly to tape drives on the Linux system.

· smbumount: A program that unmounts a currently mounted Samba share directory.

· testparm: A program that ensures that the Samba configuration file is correct.

· winbindd: A server that resolves names from Windows NT servers.

The following sections describe how to configure and use Samba.

Installing Samba

You may have already installed Samba when you installed Linux. You can check first, and if you don’t find Samba on your system, you can easily install it.

width= To see whether Samba is installed, type dpkg -l samba* in Debian, Ubuntu, and Xandros or type rpm -q samba in Fedora and SUSE.

width= In Debian and Ubuntu, type apt-get install samba to install Samba. In Fedora, log in as root and type yum install samba samba-swat. This installs not only samba but also the web configuration interface, SWAT (Samba Web Administration Tool). In SUSE, click Software Management in the YaST Control Center’s Software category. Then use YaST’s search facility to look for samba, select the relevant packages, and install them. As for Xandros, you get Samba when you install Xandros.

After installing the Samba software, you have to configure Samba before you can use it.

Configuring Samba

To set up the Windows file-sharing and print-sharing services, you can either edit the configuration file manually or use a GUI tool. Using the GUI tool is much easier than editing a configuration file. Fedora and SUSE come with GUI tools for configuring the Samba server.

width= In Fedora, choose System Settings⇒Advanced⇒Samba from the KDE desktop to open the Samba Server Configuration window. Enter a valid username and password at the prompt, and the configuration interface that follows lets you create and edit entries in the configuration file /etc/samba/smb.conf.

width= In SUSE, you can configure Samba through the YaST Control Center — choose System⇒Control Center (YaST) from the main menu. Click Network Services on the left side of the window and then click Samba Server on the right side of the window. In the window that appears, select a workgroup name (YaST displays the name of any existing Windows workgroup on your LAN) and click Next. Then you can select the server type, enable the server, and select what you want to share. After you exit the Samba server configuration utility, YaST stores the Samba settings in configuration files in the /etc/samba directory.

After configuring Samba, type the following command in a terminal window to verify that the Samba configuration file is okay:

testparm

If the command says that it loaded the files okay, you’re all set to go. The testparm command also displays the contents of the Samba configuration file.

technicalstuff.eps Samba uses the /etc/samba/smb.conf file as its configuration file. This is a text file with a syntax similar to that of a Microsoft Windows 3.1 INI file. You can edit that file in any text editor on your Linux system. Like the old Windows INI files, the/etc/samba/smb.conf file consists of sections, with a list of parameters in each section. Each section of the smb.conf file begins with the name of the section in brackets. The section continues until the next section begins or until the file ends. Each line uses the name = value syntax to specify the value of a parameter. As in Windows INI files, comment lines begin with a semicolon (;). In the /etc/samba/smb.conf file, comments may also begin with a hash mark (#).

width= To start the Samba services automatically when the system reboots, type update-rc.d samba defaults in Debian, Ubuntu, and Xandros or type chkconfig - -level 35 smb on in Fedora and SUSE. To start Samba immediately, type /etc/init.d/smb start in Fedora and SUSE or type /etc/init.d/samba start in Debian, Ubuntu, and Xandros.

Trying out Samba

You can now access the Samba server on the Linux system from one of the Windows systems on the LAN. Double-click the Network Neighborhood icon on the Windows 95/98/ME desktop. On Windows XP, choose Start⇒My Network Places and then click View Workgroup Computers. All the computers on the same workgroup are shown. In Windows, choose Start⇒Computer⇒Network.

Discovering more about Samba

This chapter is only an introduction to Samba. To find out more about Samba, you can consult the following resources:

· To view Samba documentation online, visit www.samba.org/samba/docs/man/Samba-HOWTO-Collection.

· Using Samba, 3rd Edition, by Jay Ts, Robert Eckstein, and David Collier-Brown (O’Reilly & Associates, 2007)

You should also visit www.samba.org to keep up with the latest news on Samba development. This site also has links to resources for learning Samba.

When you see the Samba server, you can open it by double-clicking the icon. After you enter your Samba username and password, you can access the folders and printers (if any) on the Samba share.

You can use the smbclient program to access shared directories and printers on Windows systems on the LAN and to ensure that your Linux Samba server is working. One quick way to check is to type smbclient -L in a terminal window to view the list of services on the Linux Samba server itself.