Administrasi dan Manajemen Jaringan

2. Samba ServerM. Udin Harun Al Rasyid, Ph.Dhttp://lecturer.eepis-its.edu/[email protected] Lab Jaringan Komputer (C-307)

Administrasi dan Manajemen Jaringan

M. Udin Harun Al Rasyid 2

Table of Contents

What is Samba

Server Message Block (SMB)

Ubuntu Server

Samba Server Configuration in terminal

File Sharing

Samba Server Configuration by GUI

Configuring Samba Clients

Securing Samba


What is Samba

Samba is an implementation of the Server Message Block (SMB)/Common Internet File System (CIFS) protocol for Unix systems,

Providing support for cross-platform file and printer sharing with Microsoft Windows, OS X, and other Unix systems.


Server Message Block (SMB)

Server Message Block (SMB), also known as Common Internet File System (CIFS), operates as an application-layer network protocol.

Mainly used for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network.

It also provides an authenticated inter-process communication mechanism.

Most usage of SMB involves computers running Microsoft Windows, where it was known as "Microsoft Windows Network“.


Samba can be used to:

Act as a server for SMB clients: share folders and printers, including PDF pseudo-printers so all the computers in your network may write PDF files

Act as a domain controller in a Windows network (authenticating users, etc.)

Do some more complex things, such as using a Windows domain controller to authenticate the users of a Linux/UNIX machine


Samba Server Configuration

For Ubuntu 8.04 (Hardy) and later, shared directories are created directly from the directory. Browse to the location of the directory you would like to share, right-click the directory, and choose Sharing Options. Click the "Share this folder".

The shares are defined in the background using the "net usershare" command and the definitions are saved in /var/lib/samba/usershares/ . Therefore, shares defined with this method are not visible in smb.conf.


allow you to "quick start" SMB shares between Ubuntu and either Ubuntu or Windows servers. The gui method is easier to work with, because:

Shares are Public (browsable in Network Places)

A password is not set for shares (they can be mounted by anyone).


Ubuntu

ServerSharing a directory

To share a directory you must have permission to access the directory. Go to your home directory ( Places -> Home directory). Right click on the "Documents" directory and in the pop up menu select "Share Folder".

If samba is not installed you will get a pop up menu "Sharing services are not installed". Select "Install Windows networks support (SMB)" and deselect "Install Unix networks support (NFS)" -> then click "Install services".

If you get an error message that the samba .deb could not be found, open a terminal and update apt-get. sudo apt-get update


Samba Server Configuration in terminal

Configuration is performed by reading and editing /etc/samba/smb.conf, the configuration file for the samba server.

First open a terminal: Applications > System Tools > Terminal and open the file smb.confsudo gedit /etc/samba/smb.conf


File Sharing (Basics)

The important part for us is File sharing. Samba shares are named in brackets, [ ], and configured by adding options in the lines that follow. Most options are boolean (yes / no).

We need to change:

This describes your /home directory. Usually you want to share this directory in a home environment, because these are the files you want to share. To do so, make the following changes:


User

Add users who can access your shares with the 'smbpasswd' command. sudo smbpasswd -a usernameNew SMB password:Retype new SMB password:Added user username.

sudo smbpasswd -e usernameEnabled user username.

NOTE: the username used here should be a real user setup on your PC/Server. Reload Samba for every change to users/passwords or 'smb.conf' sudo /etc/init.d/samba reload

NOTE: If the above command doesn't work for you, try: sudo smbd reload


File Sharing (Advanced)If you have more than one network card

If you have more than one network card (or interface) then you have to define where you want Samba to run. In smb.conf under the [global] section, add: interfaces = 127.0.0.1, 192.168.0.31/24bind interfaces only = yes

The first address (127.0.0.1), is a loopback network connection (it's your own machine).

The second address (192.168.0.31), is the address of the card you want Samba to run on, the second number (24) is the subnet default for a CLASS-C network.

With "bind interfaces only" you limit which interfaces on a machine will serve SMB requests.


limit which IP address can connect to your Samba server adding these lines: hosts allow = 127.0.0.1, 192.168.0.31, 192.168.0.32hosts deny = 0.0.0.0/0

The loopback address must be present in the first line. The second line deny access from all IP address not in the first line.


Private and public shares in same config

First you'll want to set this up in the [global] section of your smb.conf

security = user restricts logins to users on your server.

encrypt passwords = true is necessary for most modern versions of Windows to login to your shares.

map to guest = bad user will map login attempts with bad user names to the guest account you specify with

guest account = nobody. That is, if you attempt to login to the share with a user name not set up with smbpasswd the you will be logged in as the user nobody.


private share

If browsable is set to no the share will not show up on graphical browsers such a "My Network Places" on Windows or Places -> Network on Ubuntu.

path is the path to the directory that you want to share out.

browseable = no will have the share not show up when users browse the network.

read only = no will let you, as an authenticated user, write to the share.


public share

path is the path to the directory that you want to share out.

read only = no will allow users to write to this share.

guest only = yes and guest ok = yes will allow guest logins and also force users to login as guests.

The user you specified with guest account in the [global] section must have write permissions on /path/to/share/point in order to write files to the share.


Setting permissions

To set permissions of newly created documents / files edit /etc/samba/smb.conf and in the [global] section add : create mask = 0644directory mask = 0755


Samba Server Configuration by GUI

Samba Web Admin Tool (SWAT) is a web-based interface used for configuring Samba.


Installing Swat


Running swat


Configuring Samba Clients

Ubuntu Clients

Ubuntu and Gnome make it easy to access files on a Windows network share. Open the Places Menu, then click on Network.

You will see a Windows network icon. Double-click to open it. The next window shows all the domains/workgroups found on your network.

Inside each domain/workgroup you will see all the computers on the domain/workgroup with sharing enabled. Double-click on a computer icon to access its shares and files.


If you want to be able to share folders with nautilus (the file browser), install the nautilus-share package (installed by default in Ubuntu 9.10 Desktop edition): sudo apt-get install nautilus-share


Windows Clients (XP,Server,Vista, Win7)

Microsoft Windows clients connect and browse through their corresponding network interface.

Example: XP clients can open Windows Network Neighborhood or My Network Places to browse available SMB shares.


Samba Client -

Manual Configuration

smbclient is a command line tool similar to a ftp connection.

smbfs allows you to mount a SMB file share.

Once a SMB share is mounted, it acts similar to a local hard drive (you can access the SMB share with your file browser (nautilus, konqueror, thunar, other).


Connecting to a Samba File Server from the command line

Connecting from the command line is similar to a ftp connection.

List public SMB shares with smbclient -L //server -U user

Connect to a SMB share with smbclient //server/share -U userEnter you user password.

You can connect directly with smbclient //server/share -U user%password

but your password will show on the screen (less secure).

Once connected you will get a prompt that looks like this : smb: \>

Type "help" , without quotes, at the prompt for a list of available commands.


Securing Samba


Firewall

Configure your firewall (iptables) to limit access to your server. Samba uses ports

UDP ports 137 and 138

TCP ports 139 and 445


References - Credit

http://www.samba.org/

http://www.samba.org/samba/docs/man/Sam ba-HOWTO-Collection/

http://www.samba.org/samba/docs/using_sa mba/toc.html

http://ubuntuguide.org/wiki/Ubuntu_Precise

http://www.samba.org/

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/

http://www.samba.org/samba/docs/using_samba/toc.html

http://www.samba.org/samba/docs/using_samba/toc.html

http://ubuntuguide.org/wiki/Ubuntu_Precise


Finish