4. Configuring a Samba Server

Introduction

Samba is a popular open-source program, which provides file and print services to Microsoft® Windows® clients. With calculate-server users, groups, resources are created and managed on a Samba server. As a Linux client, you can use Calculate Linux Desktop or another gentoo-based distribution with the installed calculate-client package. As a Windows client various Windows OSes can be used. To configure the server and the client see Migration to Linux. Any program configured with calculate-server is named "service".

The samba service configures Samba.

This service must be explicitly specified for calculate-server.
Example of adding the test user:

cl-useradd test samba

For users, access rights for server's file resources are the same for Linux and Windows systems.

Samba is included in Calculate Directory Server. If you use another gentoo system, Samba can be installed with portage: just run emerge net-fs/samba.

Configuring the server

To configure your server, you should use the calculate-server utilities. Begin by making sure that you have configured the LDAP and the Unix servers.

To configure the Samba server execute:

cl-setup [parameters] samba

Possible parameters are netbios and workgroup.

  • "-n name" sets the NetBIOS name, that will be used by the Samba server. It defaults to the first component of the DNS host name.
  • "-w workgroup" is the domain name or the NT workgroup name, for computers that will access the server.

If the Samba server is a PDC (Primary Domen Controller), you should set the administrator's password, i.e. the password for the admin user.

cl-passwd --smb admin  samba

If you need domain administrator for windows computers, add new user which will be included into domain group "Domain Admins", or include in this group existing user.

The admin user only connects the client Windows machine to the domain and has no home directory.

If you need a domain administrator to manage Windows computers, add a new user that will be added in the domain group "Domain Admins"; an existing user might as well be added to this group.

Example of creating the domain administrator:

cl-useradd -p --gid "Domain Admins" -c "Domain administrator" d_admin samba

If you want to connect Unix clients, set the password for the client service user.

cl-passwd --smb client samba

Add and remove users

To manage users, the following commands are used: cl-useradd, cl-userdel, cl-usermod, cl-passwd, cl-groupadd, cl-groupdel, cl-groupmod. Their syntax is the same as for the analagous Unix commands.

Instead of smbpasswd, use cl-passwd for changing users' passwords, including the one for the administrator of Windows computers.

Example of adding the test user:

cl-useradd test samba

Example of changing password for the test user:

cl-passwd test samba

Example of adding a user to the primary group Domain Admins:

cl-useradd -g 'Domain Admins' test samba

Note that the samba option is appended to the command.

Set permissions

Setting access rights to the filesystem

To set file permissions on the server, use the ACL (Access Control List). By changing files permissions, you can restrict access to them; this applies both to Windows and Linux clients.

Access rights apply to files as well as to directories. You can specify the permissions on the file's owner or the group. While the Windows client will only recognize the Samba group, the Linux system will display the names of both Unix and Samba groups. Therefore, is preferable to use the Samba group to set access rights.

To create a Samba group, named "manager", type:

cl-groupadd manager samba

To create a Unix group, named "job", execute:

cl-groupadd job unix

Detailed configuration of access rights using ACL is described in "Setting filesystem ACL".

Configuring access rights for Windows users

How to change access rights to shared files on the server is described above.

To configure additional rights on Windows machines, such as: the ability to install programs, to exit the domain, etc., use the Samba group.

Example of granting the test user with the domain administrator rights:

cl-groupmod -a test 'Domain Admins' samba

Structure of Samba groups

Samba groups can be of the following types:
  • Domain Groups (type 2)
  • Local groups (type 4)
  • Built-in groups (type 5)
Groups created by default

Domain groups

Domain groups are Global groups that operate in the domain.
  • Domain Admins have full access to the domain computers.
  • Domain Guests have minimal rights.
  • Domain Users
  • Domain Computers

Local groups

Local groups are used locally on the computer.
There are no local groups.

Built-in groups

Built-in groups are groups built into the system.

  • Administrators have full rights.
  • Account Operators create and manage user account information, create and manage groups, backup files and directories.
  • Backup Operators backup, restore from a backup, halt the system.
  • Print Operators manage printers and make backups.
  • Replicators. This group is used by FRS File Replication on domain controllers.
  • System Operators change the system time, halt the system, shutdown from a remote system, backup, restore from backup, lock the server or override the server lock, format the hard disk when needed, manage network directories, handle printers.

Creating a Samba group

Creating the domain group test. By default, a domain group is created, group type 2.

cl-groupadd test samba

Creating a built-in group Power Users for users with additional rights:

cl-groupadd -g 547 --rid 547 -t 5 'Power Users' samba

Where:
  • g is the identifier of group 547 (Group ID)
  • rid is the unique identifier 547 (RID)
  • t is the group type 5 (built-in group)

Viewing information

To view information about users and groups on the server, use the cl-info command:

Listing all unix users:

cl-info -u unix

Listing all samba users:

cl-info -u samba

Getting info about a unix service user:

cl-info -U <user name> unix

Getting info about a samba service user:

cl-info -U <user name> samba

Listing all existing groups for the unix service:

cl-info -g unix

Listing all existing groups for the samba service

cl-info -g samba

Getting info about the unix service group:

cl-info -G <group name> unix

Getting info about the samba service group:

cl-info -G <group name> samba

Thank you!