A samba server in SUSE Linux can be configured in two different ways: with YaST or manually. Manual configuration offers a higher level of detail, but lacks the convenience of the YaST GUI.
To configure a Samba server, start YaST and select+ . When starting the module for the first time, the dialog starts, prompting you to make just a few basic decisions concerning administration of the server then at the end of the configuration prompts for the password of Samba root. For later starts, the dialog appears.
Thedialog consists of two steps:
Select an existing name fromor enter a new one and click .
In the next step, specify whether your server should act as PDC and click.
You can change all settings fromlater in the dialog with the tab.
During first start of Samba server module thedialog appears directly after dialog. It consists of three tabs:
In this tab, you can also open ports in your firewall. To do so, select. If you have multiple network interfaces, select the network interface for Samba services by clicking , selecting the interfaces, and clicking .
In this tab, determine the Samba shares to activate. There are some predefined shares, like homes and printers. Useto switch between and . Click to add new shares and to delete the selected share.
In thetab, you can determine the domain with which the host is associated ( ) and whether to use an alternative hostname in the network ( ). To set expert global settings or set user authentication, click .
Clickto close the configuration.
An alterative tool for Samba server administration is SWAT (Samba Web
It provides a simple Web interface with which to configure the
Samba server. To use SWAT,
open http://localhost:901 in a Web browser and log in as
If you do not have a special Samba root account, use the system
After Samba server installation, SWAT is not activated. To activate it, open+ in YaST, enable the network services configuration, select from the table, and click .
If you intend to use Samba as a server,
The main configuration file of Samba is
/etc/samba/smb.conf. This file can be divided into two
logical parts. The
[global] section contains the central
and global settings. The
[share] sections contain the
individual file and printer shares. By means of this approach, details
regarding the shares can be set differently or globally in the
[global] section, which enhances the structural
transparency of the configuration file.
The following parameters of the
need some adjustment to match the requirements of your network setup so
other machines can access your Samba server via
SMB in a Windows environment.
This line assigns the Samba server to a
TUX-NET with an
appropriate workgroup of your networking environment. Your
Samba server appears under its DNS name
unless this name has been assigned to any other machine in the
network. If the DNS name is not available, set the server name using
smb.conf for more details about
This parameter triggers whether your
Samba server tries to become LMB (local
master browser) for its workgroup. Choose a very low value to
spare the existing Windows network from any disturbances caused by a
misconfigured Samba server. More information
about this important topic can be found in the files
BROWSING-Config.txt under the
textdocs subdirectory of the package
If no other SMB server is present in your network (such as a Windows NT
or 2000 server) and you want the Samba
server to keep a list of all systems present in the local environment,
os level to a higher value (for example,
65). Your Samba server
is then chosen as LMB for your local network.
When changing this setting, consider carefully how this could affect an existing Windows network environment. First test the changes in an isolated network or at a noncritical time of day.
To integrate your Samba
server into an existing Windows network with an active WINS server,
wins server option and set its value
to the IP address of that WINS server.
If your Windows machines are connected to separate subnets and
should still be aware of each other, you need to set up a WINS server.
To turn a Samba server into such a WINS
server, set the option
wins support = Yes. Make sure
that only one Samba server of the network has
this setting enabled.
wins server and
support must never be enabled at the same time in your
The following examples illustrate how a CD-ROM drive and the user
homes) are made available to
the SMB clients.
To avoid having the CD-ROM drive accidentally made available, these lines are deactivated with comment marks (semicolons in this case). Remove the semicolons in the first column to share the CD-ROM drive with Samba.
[cdrom] is the name of the share
that can be seen by all SMB clients on the network. An additional
comment can be added to further describe the
path = /media/cdrom
path exports the directory
By means of a very restrictive default configuration, this kind of
share is only made available to the users present on this system. If
this share should be made available to everybody, add a line
guest ok = yes to the configuration. This setting
gives read permissions to anyone on the network. It is recommended to
handle this parameter with great care. This applies even more to the use
of this parameter in the
[home] share is of special
importance here. If the user has a valid account and password for the
Linux file server and his own home directory, he can be connected to
Example 28.2. homes Share
[homes] comment = Home Directories valid users = %S browseable = No read only = No create mask = 0640 directory mask = 0750
As long as there is no other share using the share name of the
user connecting to the SMB server, a share is dynamically generated
[homes] share directives. The resulting
name of the share is the username.
valid users = %S
%S is replaced with the concrete name of the
share as soon as a connection has been successfully established. For
[homes] share, this is always the
username. As a consequence, access rights to a user's share
are restricted exclusively to the user.
browseable = No
This setting makes the share invisible in the network environment.
read only = No
By default, Samba prohibits write
access to any exported share by means of the
read only =
Yes parameter. To make a share writable, set the value
read only = No, which is synonymous with
writable = Yes.
create mask = 0640
Systems that are not based on MS Windows NT do not understand
the concept of UNIX permissions, so they cannot assign permissions
when creating a file. The parameter
defines the access permissions assigned to newly created files. This
only applies to writable shares. In effect, this setting means the
owner has read and write permissions and the members of the owner's
primary group have read permissions.
valid users =
%S prevents read access even if the group has read
permissions. For the group to have read or write
access, deactivate the line
valid users = %S.
To improve security, each share access can be protected with a password. SMB has three possible ways of checking the permissions:
A password is firmly assigned to a share. Everyone who knows this password has access to that share.
This variation introduces the concept of the user to SMB. Each user must register with the server with his own password. After registration, the server can grant access to individual exported shares dependent on usernames.
To its clients, Samba pretends to be
working in user level mode. However, it passes all password queries to
another user level mode server, which takes care of authentication. This
setting expects an additional parameter (
The selection of share, user, or server level security applies to the entire server. It is not possible to offer individual shares of a server configuration with share level security and others with user level security. However, you can run a separate Samba server for each configured IP address on a system.
More information about this subject can be found in the Samba HOWTO
Collection. For multiple servers on one system, pay attention to