Previously, in Using Samba to share files with Windows (part 1), the LDAP configuration that was specifically required for Samba were completed. All that’s left to do is to create the Samba setup, add some users, and test the result.
This configuration is a good basic starting point for implementing Samba, which is on CentoS 6.3 with openLDAP 2.4.23 using the cn=config RTC, and Samba 3.5.10. It looks like this is turning into more of a series because these posts are turning out a lot longer than originally intended.
The goal of this post is to install and set up Samba using LDAP authentication and log in using Windows 7 Home Premium. We’re going to use the Webmin 1.580 LDAP Users and Groups module to create the user and group accounts.
Installing Samba
Since XP Home, Vista Home ans Windows 7 Home versions cannot join a domain, and Samba 3.5 doesn’t provide active directory, this configuration will be for user level shares for a stand alone file server. We can paste this configuration into the /etc/samba/smb.conf file.
cd /etc/samba mv smb.conf smb.conf.original vi smb.conf
smb.conf
[global] workgroup = OFFICE server string = Server passdb backend = ldapsam:ldap://server.myplace.local log level = 0 passdb:0 auth:0 log file = /var/log/samba/log.%m max log size = 50 os level = 65 wins support = Yes ldap admin dn = cn=samba,dc=myplace,dc=local ldap group suffix = ou=groups ldap passwd sync = yes ldap suffix = dc=myplace,dc=local ldap user suffix = ou=people cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No
Once the file is saved, run:
testparm
Load smb config files from /etc/samba/smb.conf
Processing section “[homes]”
Processing section “[printers]”
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
This file needs to there first because smbpasswd will get LDAP login information from it.
smbpasswd -w <ldap admin dn password>
Setting stored password for “cn=samba,dc=myplace,dc=local” in secrets.tdb
And now to start the Samba smb and nmb services:
service smb start service nmb start chkconfig smb on chkconfig nmb on
Next, we need the Samba Server SID before we can create new users and groups:
net getlocalsid
SID for domain SERVER is: S-1-5-21-1583510749-1128939052-3197564050
Paste the SID into the Domain SID for Samba3 field on the Webmin LDAP Users and Groups module configuration page. Also, be sure the other fields are set as shown below, otherwise you’ll get errors when trying to create new accounts.
Firewall Settings for Samba Server
Samba needs the following ports to work properly.
- UDP/137 - used by nmbd
- UDP/138 - used by nmbd
- TCP/139 - used by smbd
- TCP/445 - used by smbd
This is what it looks like in webmin.
You can now create users and groups to login to your Samba file server.
Hint: Use the same user name and password as your desktop or laptop. Windows will automatically send your current login when you try to access the server. Only after that does not authenticate you, will it ask for a user name and password.