<?xml version="1.0" encoding="UTF-8"?>
<chapter version="5.0" xml:id="sdiSamba" xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns:m="http://www.w3.org/1998/Math/MathML"
xmlns:html="http://www.w3.org/1999/xhtml"
xmlns:db="http://docbook.org/ns/docbook">
<title>Network file systems served by Samba</title>
<section xml:id="sdiSectSambaPrerequisites">
<title>Prerequisites</title>
<para>Suggested readings:</para>
<itemizedlist>
<listitem>
<para><link
xlink:href="https://help.ubuntu.com/community/Samba">Ubuntu official
Samba</link></para>
</listitem>
</itemizedlist>
</section>
<section xml:id="sdiSectSambaInstall">
<title>Samba server installation</title>
<orderedlist>
<listitem>
<para>Follow <link
xlink:href="https://help.ubuntu.com/community/How%20to%20Create%20a%20Network%20Share%20Via%20Samba%20Via%20CLI%20%28Command-line%20interface/Linux%20Terminal%29%20-%20Uncomplicated%2C%20Simple%20and%20Brief%20Way%21">How
to Create a Network Share ...</link> setting up a basic <xref
linkend="glo_SMB"/> service.</para>
<para>Where is the physical representation (user meta information
database) of Samba passwords?</para>
</listitem>
<listitem>
<para>After creating a local <code>tdbsam</code> user entry
<code>smbtester</code> (or similar) test your share definitions using
<command
xlink:href="http://linux.die.net/man/1/smbclient">smbclient</command>:</para>
<programlisting language="none">root@sdi4a:~# smbclient -L localhost --user smbtester
Enter smbtester's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
Sharename Type Comment
--------- ---- -------
print$ Disk Printer Drivers
IPC$ IPC IPC Service (sdi4a server (Samba, Ubuntu))
smbtester Disk Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
Server Comment
--------- -------
SDI4A sdi4a server (Samba, Ubuntu)
Workgroup Master
--------- -------
WORKGROUP SDI4A</programlisting>
<para>Create a test file within your shared directory having some
textual content.</para>
</listitem>
<listitem>
<para>Try to mount a share from a remote client (either Windows,
Mac-OS or Linux):</para>
<programlisting language="none">root@mi-ESPRIMO-P910:~# mount -t cifs //sdi4a.mi.hdm-stuttgart.de/smbtester /mnt/test/ -ouser=smbtester
Password for smbtester@//sdi4a.mi.hdm-stuttgart.de/smbtester:
root@mi-ESPRIMO-P910:~# cat /mnt/test/
.bash_history q.txt .viminfo
root@mi-ESPRIMO-P910:~# cat /mnt/test/q.txt
Mal sehen ...
root@mi-ESPRIMO-P910:~# df /mnt/test/
Filesystem 1K-blocks Used Available Use% Mounted on
//sdi4a.mi.hdm-stuttgart.de/smbtester 4048548 783608 3264940 20% /mnt/test</programlisting>
<tip>
<itemizedlist>
<listitem>
<para>Mounting from a Linux client machine may require
installation of the <code
xlink:href="https://packages.debian.org/stable/otherosfs/cifs-utils">cifs-utils</code>
package.</para>
</listitem>
<listitem>
<para>You may want to alter the samba server's debug level using
the <command
xlink:href="http://linux.die.net/man/1/smbcontrol">smbcontrol</command>
command.</para>
</listitem>
</itemizedlist>
</tip>
</listitem>
<listitem>
<para>Follow the <link
xlink:href="https://help.ubuntu.com/lts/serverguide/samba-ldap.html">Samba
and LDAP</link> documentation to enable <xref linkend="glo_LDAP"/>
support in favour of your local <productname>tdbsam</productname>
database.</para>
<tip>
<para>Prerequisite: Before you start make sure your OS does indeed
have <xref linkend="glo_LDAP"/> user and group support as being
described in <xref linkend="sdiSectLdapOsSupport"/>.</para>
</tip>
<tip>
<para>As being mentioned in <uri
xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172">https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172</uri>
the <command>smbldap-config.pl</command> command my be missing.
Following <link
xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172/comments/7">comment
no. 7</link> from the same bug report the following steps create a
replacement:</para>
<itemizedlist>
<listitem xml:id="sdiHintBugMissingSmbldapPackage">
<para>As being mentioned in <uri
xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172">https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172</uri>
the <command>smbldap-config.pl</command> command my be missing.
Following <link
xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172/comments/7">comment
no. 7</link> from the same bug report the following steps create
a replacement:</para>
<orderedlist>
<listitem>
<para>Activate source packages by create a new file
<filename>/etc/apt/sources.list.d/src-packages.list</filename>
containing:</para>
<programlisting language="none">deb-src http://ftp.debian.org/debian jessie main contrib
deb-src http://ftp.debian.org/debian jessie-updates main contrib</programlisting>
</listitem>
<listitem>
<para>Update package lists and install a required helper
package:</para>
<programlisting language="none">aptitude update
aptitude install dpkg-dev</programlisting>
</listitem>
<listitem>
<para>Follow all but one step from <link
xlink:href="https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172/comments/7">comment
no. 7</link>:</para>
<programlisting language="none">apt-get source smbldap-tools
cd smbldap-tools-0.9.7/
./configure
make</programlisting>
<para>This creates an executable
<command>smbldap-config.cmd</command> replacing
<command>smbldap-config.pl</command>.</para>
</listitem>
</orderedlist>
</listitem>
<listitem>
<para>Operating locally you may want to disable <xref
linkend="glo_TLS"/> support.</para>
</listitem>
<listitem>
<para>As with local Samba users each <xref linkend="glo_LDAP"/>
user must be visible by the OS. As being mentioned in the
documentation configuring <filename
xlink:href="http://linux.die.net/man/5/nsswitch.conf">/etc/nsswitch.conf</filename>
to resolve i.e. <command
xlink:href="http://linux.die.net/man/1/id">id</command>
<parameter>hans</parameter> is an essential precondition.</para>
</listitem>
<listitem>
<para>For security reasons you may want to use
<acronym>LDAPS</acronym> in favour of unencrypted <xref
linkend="glo_LDAP"/>.</para>
</listitem>
</itemizedlist>
</tip>
</listitem>
<listitem>
<para>Test your Samba/LDAP installation by mounting a user's share via
<xref linkend="glo_LDAP"/>.</para>
<tip>
<para>Debugging may require setting the <xref linkend="glo_LDAP"/>
server's <parameter
xlink:href="http://www.zytrax.com/books/ldap/ch6/#loglevel">olcLogLevel</parameter>
accordingly.</para>
<para>If you want to see all log messages you may issue (prior
removal of <code>*.gz</code> <code>*.1</code> and other archive
files is recommended):</para>
<programlisting language="none">root@sdi4a:/var/log# cd /var/log/
root@sdi4a:/var/log# tail -n0 -f `find . -type f`
==> ./alternatives.log <==
...</programlisting>
<para>This will browse all (possibly unrelated) log
statements.</para>
</tip>
</listitem>
</orderedlist>
</section>
</chapter>