|
|
|
How To Set Up Debian Linux
File and Print Servers
The material on this page was prepared using Sarge or Etch
configured using our Installation and Packages pages.
If you did not use our pages to set up your system, what you
encounter on your system may be different than what is given here.
Linux servers can be used in many different roles on a LAN. File and print servers are the most common. And as you'll see below, the file and print server rolls can be customized depending on the types of client workstations the servers must support. You'll also see how you can automate things so that someone gets paged or e-mailed in the event some network device or server starts having problems.
Your Debian system can act as a Linux LAN server in one of two possible file and print server configurations. The first is as a Linux/UNIX server which can offer file serving via NFS (Network File System) and printer serving via the lpd (Line Printer Daemon) service. While this configuration is primarily used when you have Linux/UNIX systems as workstations, most other operating systems can support NFS with 3rd-party tools as well.
The other configuration uses Samba which is a Linux/UNIX server application that makes a Linux or UNIX server appear as a Windows NT server to Windows clients. It can even serve as a domain controller. Samba is so comprehensive you can have what, for all intents and purposes, appears to be a totally-Windows network without having a single Windows server. Given the cost of Windows server software and the per-seat licensing costs associated with having Windows servers, Samba can save you a lot of money.
Note: Samba 3.0 incorporates many new features for interoperability with Windows 2000/2003 servers and Active Directory. You'll even be able to join your Linux database, mail, etc. servers to Active Directory for seamless authentication. The good news is that Sarge (3.1) includes Samba 3.07.
To put it plainly, NFS and Samba are a lot alike from a functionality point of view. Which one you use just depends on which OS will be running on the workstations that will be accessing the server. In addition, there's no reason you can't set up both on the same server to support both types of clients if you have that type of networking environment. We'll cover setting up both on this page, starting with straight Linux/UNIX server.
Back on the Networking page we showed you how to set up a hosts file on each system so the other systems on your LAN could be accessed by name. Back on the DNS page we showed you how to set up a DNS server for a LAN (that also resolved Internet host/domain names) so you wouldn't have to manually maintain a hosts file on each system. As you will see, the ability to reference systems by name is required when setting up LAN servers.
Setting Up A Linux File Server
If you followed our Installation page you already have everything necessary to set up NFS file sharing. Naturally, some file sharing configuration has to be done on both the NFS server and each client. Setting up printer sharing will require a few additional packages and some setup work but we'll cover that in detail.
File Serving with NFS
The nfs-common package is installed by default. This package contains files needed by both NFS servers and NFS clients. To set up an NFS server you have to install the server package with the command:
apt-get install nfs-kernel-server
When the package is finished installing you'll see the line:
Not starting NFS kernel daemon: No exports.
Installing this package creates the /etc/exports file. You have to enter at least one line in the file for each directory that is to be "exported" (shared), specifying who has permission to access it and what those levels of permission are. If there are no lines in this file the NFS server will not start because there is nothing to export.
As an example using your NFS server as a file server storing user files, suppose a user with the username 'bgates' uses a workstation with the hostname 'woody5' and you want to set up the server so they can store their files on it. You'd need to create a home directory for them on the NFS server and then enter a line in the /etc/exports file to make it available to them.
/home/bgates woody5(rw,sync)
Once you enter one or more lines in this file you have to either reboot the system or manually start the NFS server with the commands in the order listed:
The /etc/exports file follows the format:
/directory-to-share client(permissions,sync-type)
Note that there is no space between the client and the permissions/sync values. The client can be specified using one of the following:
- a resolvable host name (i.e. there is an entry in the server's /etc/hosts file for the client or you used our DNS page to set up a LAN DNS server)
- the IP address of a client
- a network or subnet address (with the subnet mask provided) to specify all the clients on the network or subnet
- an internal domain name with the wildcard character * to specify all the computers in the domain (*.yourdomain.com)
The three most common permission specifications (there are others) can be:
- ro - Read Only (this is the default if none is specified)
- rw - Read/Write
- no_access - blocks inheritance
If you're not familier with "inheritance" it just means that if you give someone certain permissions to a directory, those same permissions "flow down" to apply to any subdirectories under it. So if you want to give someone permissions to a directory, but don't want them to have permissions to the subdirectories, you'd have to add entries to the /etc/exports file for each subdirectory specifying the no_access permission.
The sync-type can either be sync or async and sync is recommended as it flushes writes to the disk more often. If you omit this you will get messages with the NFS server starts that it's defaulting to sync operation. If you get a "<hostname> has non-inet address" when the NFS server starts it usually means the hostname you specified in the /etc/exports file isn't resolvable (no entry in the /etc/hosts file).
For example:
/export/docs 172.16.0.0/255.255.0.0(ro,sync)
would give all users with machines on the 172.16.0.0 network read-only access to a shared documents directory.
If you have a second Linux or UNIX system on your network, you can use it to test drive NFS. Do the following on your Debian server:
Naturally you would replace the bgates with the name of the user account you created on the server during the OS installation.
- Edit the /etc/exports file as follows:
- Recall that during the Debian OS installation you created a user account. This user's home directory is the one you should specify to share.
- Enter the hostname of your other Linux or UNIX system for the client.
- Specify rw permissions and sync operation.
- Exit the editor saving the file.
- If necessary, edit the /etc/hosts file on your Debian server so that it contains the hostname and IP address for your second Linux or UNIX system.
- If necessary, start the NFS server processes by entering the following commands in the order shown:
/etc/init.d/nfs-common start(The nfs-common script is so named because it's run on both NFS clients and servers.)
/etc/init.d/nfs-kernel-server start
- Go to your second Linux or UNIX system and try and mount the shared directory on the Debian server. The steps to do this will vary depending on which Linux distribution or flavor of UNIX is on the second system. If your "second Linux or UNIX system" is also a Debian system, do the following:
- Make sure your Debian server (which we're assuming is named "sarge") is in the second system's /etc/hosts file
- Enter the following commands to enable client NFS, create a local "mount point", and mount the remote server's share to the local mount point:
/etc/init.d/nfs-common start
mkdir /mnt/private
mount sarge:/home/bgates /mnt/private
Note the syntax of the mount command above. It's:
mount server-name:/path-to-share-on-server /path-to-local-mount-point
As a result, you should be able to access the remote shared directory on the server by going to it's mount point on the local system like so:
cd /mnt/private
To unmount the share you use the local mount point like so:
umount /mnt/private
There is a lot more to NFS. Seeing what shares are available, show what shares you have mounted, auto-mounting when a client boots up, etc. What's presented here is just enough to get it working so you can play around with it and research it further if you so desire.
Keep in mind that an NFS server does keep ports open. If a system is going to be connected to the Internet, NFS functionality should be disabled to close those ports.
Setting Up A Linux Print Server
Note: Same deal here as with modems, DON'T use a "win-printer"! If you printer doesn't support DOS don't use it with Linux. Also, the utilities we'll use in this procedure don't support USB printers (yet).Setting up printing on a Linux system is actually one of the more complicated setups you'll encounter. It's easier to set up a Linux system to be a Web server than a print server. It's not that setting up a print server is technically complicated. You just have to install a few packages and run through some configurations. To make matters worse, each flavor of Linux and UNIX have their own set of utilities for doing the job. Debian uses apsfilter which we'll cover here. The steps below are also necessary if you simply want to set up a local printer for use on your system.
The daemon that handles sending print jobs to a printer is called lpd and it starts automatically when you boot your system. You should see it if you list running processes:
ps -ef
Because it's running you can print text files to your printer with a simple command. However, it's unlikely it'll print correctly. For that you'll need to do a little setting up. If you want to see what I'm talking about, connect your printer to your PC, turn it on, load in the paper, and copy the motd text file to the printer using the following command:
lpr /etc/motd
lpr is kind of a client for the lpd server daemon. If your printer prints the file OK, and all you're ever going to print are text files, you don't really need to do anything else. On a lot of printers (including most HP models) the file will print but there'll just be one long line running off the right side of the single sheet paper. That's because the printer didn't interpret any carriage returns.
If nothing at all prints or you get the error:
lp: driver loaded but no devices found
try going into your systems BIOS' peripheral configuration and take the parallel port out of AUTO mode so that it's set to the 378h base I/O address andIRQ 7. As mentioned on the Modems page, you'll want to do this for the serial ports also.
If your printer printed but didn't print the file correctly you've got some work to do. When Linux/UNIX prints to anything other than a simple dot-matrix printer it sends the print stream in Postscript. Most lower-end printers don't support Postscript. But as most other things with Linux, free software to the rescue! We can install a free package called Ghostscript that will translate the Postscript to a language our lower-end lasers and inkjets can understand.
Before we get into the printer setup, lets look at how this printing thing works. For matters of simplicity, we'll look at an example of a single printer connected "locally" (to the printer port). Since most PCs only have one hardware printer port, this is the most common configuration.
Here's an overview of the setup:
- You connect printers to physical ports on your PC.
- You can define as many logical printers as you want by creating a print queue for each logical printer. A queue is nothing more than a directory on the hard-drive. Print jobs are stored in these directories before being sent to a physical printer. This is called "spooling".
- You use the /etc/printcap configuration file to tie a physical port to a print queue (a logical printer). You'll see an example of this in a minute. Since you'd typically only specify physical ports that have printers attached to them, in effect you assign a logical printer to a physical printer.
As mentioned, most PCs only have one printer port, but they can have up to three. Here's a DOS/Linux comparison of the three physical port designations. As with serial ports, DOS started the numbering scheme with 1 and Linux starts with 0.
I/O Port DOS Linux 03BC LPT1 /dev/lp0 0378 LPT2 /dev/lp1 0278 LPT3 /dev/lp2
Now for the logical printers. As mentioned, you can create as many of these as you want simply by creating a print queue for them. There are two print queues created when you install Debian. One is:
/var/spool/lpd/lp
The actual queue directory is the lp on the end of the path. They can be given descriptive names also, as in the case of the second queue that is created when you install Debian, and that is the:
/var/spool/lpd/remote
Now you see why there's a need to create separate logical printers. Since you can connect to printers over a network, you have to be able to go beyond the three-printer limit imposed by the technicalities of the PC architecture. The ability to use descriptive names is also helpful.
Now the good stuff. The thing that ties the logical printers to the physical printers, the /etc/printcap file. Here is the /etc/printcap file (minus the comments) that you have after you've installed Debian:Note that the red line specifies the "device" (printer port) and the blue line specifies the queue. This is what ties them together. The other lines are for log files, page size parameters (page length of 66 lines and a page width of 80 columns), etc. Note also that a generic dot-matrix printer is defined by default.lp|Generic dot-matrix printer entry:\ :lp=/dev/lp0:\ :sd=/var/spool/lpd/lp:\ :af=/var/log/lp-acct:\ :lf=/var/log/lp-errs:\ :pl#66:\ :pw#80:\ :pc#150:\ :mx#0:\ :sh: # rlp|Remote printer entry:\ # :lp=:\ # :rm=remotehost:\ # :rp=remoteprinter:\ # :sd=/var/spool/lpd/remote:\ # :mx#0:\ # :sh:
One important point is the "name" of the printer. This is at the beginning of the first line:
lp|Generic dot-matrix printer entry:\
The lp name is special to Linux, indicating that it is the default printer (i.e. if no other printer is explicitly listed in a command, use the default printer). This name is what is displayed in browse windows on Windows clients if you plan to support them using Samba.
There's a utility that will help us get the right printer defined (instead of the generic dot-matrix printer defined in the file above) called apsfilter. It's a package that has to be installed. But first we need to install a Ghostscript package for printing to non-Postscript printers. Enter the following command at the shell prompt:
apt-get install gs
Select the "letter" paper size and press Enter.
If you've worked with DOS you can recall the days when DOS didn't directly support advanced functions of printers. You could copy a text file to lpt1 or prn and it would print, but each DOS application (WordPerfect,Lotus 123 , etc.) supplied it's own set of printer drivers for printing fancier things that plain text. Kind of the same thing with Linux. You'll need a Ghostscript printer driver and there are also application-specific drivers for programs like gimp (an X program for editing graphics). There's a site that has a massive collection of Linux printer drivers available. You can use their search page to find any drivers for your printer. It's at:
www.linuxprinting.org/printer_list.cgi
Try using the procedure below before you go hunting for a printer driver though. Ghostscript has native support for a lot of printers so chances are you won't need to get an additional driver.
If you do need a driver, go to the above site and select your printer's manufacturer from the "Show all printers made by" drop-down list, the various printer models will be displayed in four columns with the headings:
- Perfectly - most if not all functions supported including faxing, etc. on multifunction units
- Mostly - works great but some advanced features may not be supported
- Partially - some headaches ahead - you may want to find another printer
- Paperweight - don't even bother
Hopefully your printer will come up in one of the first two columns. Clicking on the printer's model name in the list will display a page of information about it and have download links for any available drivers. Note which Ghostscript driver is recommended for your printer under the "Driver Information" heading. Also note (a little higher up on the page) what the supported resolution is in the "Type/Resolution" box.
Don't download anything yet. Ghostscript comes with a bunch of drivers so you may not have to download yours - but you will want to know the name of driver (which you got above). Installing apsfilter will tell you if you already have the necessary driver. Install apsfilter and the psutils packages with the command:
apt-get install apsfilter psutils
After it's installed you'll want to run apsfilterconfig and answer the prompts as follows:
- Answer Yes to accept the license
- Answer No to requesting a snail-mail address
- Answer Yes to owner and group settings for the spooldir
- Enter o to overwrite existing entries
- Select 1 (Printer Driver Selection)
The selections shown are like categories of printer drivers. Try using number 3 so see if your printer is listed because Ghostscript natively supports a lot of printer models.
- Press the number that corresponds to your printer to select it
- Back at the menu press 2 to set up the interface
- Press the number that corresponds to your printer connection (typically number 1)
- When prompted for the path of the device enter:
/dev/lp0 (provided it's connected to the parallel port)
- Use menu selection 3 to select the default (US letter) paper size
- At this point you can press T to print a test page if you want
- Press I to Install the printer to create a new printcap file
- Enter a name for the print queue that relates to the printer (such as lj4)
- Press q to quit the menu and press Enter at the informational screens until you're returned to the shell prompt.
If you use your text editor to look at your printcap file now:
nano /etc/printcap
you'll see that apsfilter created your printer. Note that the entry for the default (lp) printer is still a generic dot-matrix but most printers should be able to handle generic text output. You have to print to the queue name you specified when you created the printer to take advantage of the printer driver. When using lpr you can specify a printer with the -P command-line option.
Now try printing that text file we printed above and see if it looks any better:
lpr -Pyour-printer-queue-name /etc/motd
It should have printed out normally now. Notice that this is the Message Of The Day text you see every time you log in. You can use a text editor to edit this file to contain any text you want.
If you're having problems there are some things you can check. In the /etc/printcap file note the device line and which hardware port it's set to. It'll look something like this:
:lp=/dev/lp0:\
with the part in blue above being the specific hardware port designation. This is what you entered inStep 2 of the apsfilter configuration. You can verify that your printer is properly connected to this port and can receive data using a simple copy command:
cp /etc/motd /dev/lp0
This bypasses any spooling and copies the file directly to the hardware port. You may not be able to read what's on the page but the printer should do something. You may also have to hit the form-feed button to get the page out. If nothing happens, check your printer and the connection.
You can also try re-running the apsfilter configuration with the command:
apsfilterconfig
If you go through all the menu selections again, when you select C you'll be prompted if you want to add additional printers or replace your existing /etc/printcap file. Choose replace.
You can also use a text editor to have a look at the /etc/apsfilterrc configuration file which allows you to set various options. The file is heavily commented. You'll probably want to reboot your system after making any changes to this file.
Besides the lpr command there's a few other commands that you can use with the printer:
lpq - shows you what jobs are in the queueThe man pages for these commands can give you more information.
lprm - is used to remove jobs from the queue
a2ps - will print the specified file to the printer as Postscript
If you have a long text file to print you can use the a2ps command because it'll put two "pages" side-by-side on a single sheet of paper in a landscape orientation.
If you ever run into a situation where you have a bunch of garbage coming out of your printer issue the the command:
lprm -
and all jobs will be deleted. (You can then turn your printer off and back on to empty it's internal queue.)
If you want to share a printer (i.e. use the system as a print server) you have to:
- set up the printer locally (in the /etc/printcap file) on the print server system
- create a /etc/hosts.lpd on the print server system and list other machines that can use the printer (one hostname per line)
- make sure the systems listed in the /etc/hosts.lpd file are listed in the print server's /etc/hosts file
- set up the remote printer in the /etc/printcap file on each client system
- make sure the print server system is listed in the client systems /etc/hosts files
If using Samba to support Windows clients, which we'll look at next, you may also have to set up user accounts on the print server system.
The /etc/hosts.lpd file is nothing more than a text file that contains the hostnames of the client systems (one per line) on your network that can use the server's printers. (It's the hosts file that has both the hostnames and IP addresses.) Note that a "client" in this context can also be a server system. It's just that any computers using the server's printers are considered clients of the print server. It's a relative thing.
Setting Up A Samba Server
Running Samba on your Linux system will allow you to set it up with simple file and printer sharing as you'd typically find on small "peer" networks based on a Windows workgroup (such as you might have on a home network). It will also allow you to set it up to act like a Windows NT/2000 server which can include file serving, print serving, and even act as a WINS server or domain controller (i.e. having your Windows clients authenticate to the network by logging into the Samba server).
There are other scenarios also. You can set up Samba so that your Linux system acts like just another Windows client on a network that has Windows servers. This is most often useful if you plan to run your Debian system as a workstation using a GUI. You can also use Samba to set up Debian systems to act as dedicated print servers on a Windows network.
Note that while Samba allows for file sharing, NFS is not required to enable the sharing. Samba takes care of it.
The first step is to install Samba. If you were to check to see which Samba-related packages where available with the:
apt-cache search samba
command you'd see quite a list. However, due to apt handing dependencies, we only need to install one of them and the rest (in this case only one other) will be taken care of. The one we need to install is simply named "samba" and it will also result in the "samba-common" package being installed. If necessary, use the pon command to connect to the Internet. Then enter the command:
apt-get install samba
After the packages have been obtained a short set up routine will automatically start. Answer the prompts as follows:
- Enter your Workgroup or Domain name
- Answer Yes to encrypted passwords
- Answer No to "get WINS settings from DHCP"
- Choose to run Samba as daemons
- Anser Yes to create the Samba passwords file
Notice that the nmbd and smbd daemons were both started. The nmbd daemon acts as a WINS server service providing DNS-like name-to-IP address translations. In the case of WINS however, the names are NETBIOS names. The smbd daemon is the core Samba server service which enables file and printer sharing, network browsing, etc.
Because we chose to run Samba as a daemon, the installation created the appropriate startup shell script:
/etc/init.d/samba
which starts both daemons and the package installation did set it up to run when you boot your system, even in runlevel 2. The Samba configuration files were installed in the following directory:
/etc/samba
The main Samba configuration file called smb.conf and it is located in this directory. Whether our Samba system acts as a simple file and print sharing device or a Windows WINS or domain controller server is all determined by the options we enter in the smb.conf file.
The file seems quite large but that's because it contains many helpful comments (the lines which start with # and ; characters).
Where to learn more - The best of our bookshelves:
More info...Integrate Linux Solutions Into Your Windows Network is more than a Samba how-to. It only has three chapters on Samba. However, it is featured here because this is a good introductory book if you don't have a lot of experience with Linux or Windows servers. The first three chapters cover the basics of Linux administration that one needs to be familier with when working with Samba. There are also detailed explanations of the SMB protocol and the Windows authentication processes which even experienced Windows admins will appreciate. And it's not all about the server. Examples, including screen-shots, show you how to set up Windows clients to access a Samba server, and how to set up Linux Samba clients to access Windows servers. It's not even all about Samba. Setting up a database server using MySQL and LDAP directory services are also covered. For a good book that gets deep into the details of Samba, see Samba Essetials for Windows Administrators below.
There is a browser-based utility called SWAT (Samba Web Administration Tool) that you can use over a network to configure and monitor Samba. We won't be covering that here mainly because unless you've had some experience with working with the configuration file manually, you won't know what SWAT is asking you for. In addition, when you use SWAT, it wipes out any existing smb.conf file (found that out the hard way). So you may want to rename any existing smb.conf file using the mv (move) command before you try using SWAT.
The smb.conf File
The smb.conf file supplied with Debian has six sections:
- [global] - contains many subsections for network-related things such as the domain/workgroup name, WINS, some printing settings, authentication, logging and accounting, etc.
- [homes] - for file sharing of user home directories
- [netlogon] - commented out by default, for setting the server to act as a domain controller
- [printers] - for printer sharing of locally-attached printers
- [print$] - to set up a share for Windows printer drivers
- [cdrom] - commented out by default, to optionally share the server's CD-ROM drive
Each section has a series of statements that follow the:
option = value
format and these statements are typically unique to each section (i.e. you have to put the right statements in the right section). The following shows the sections and their related options statements as found in the smb.conf file provided with the Debian package installation (minus all of the comments). Those which are commented out by default are shown commented out here as well.
[global] workgroup = MYHOMENET server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d ; security = user encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes ; guest account = nobody invalid users = root ; unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; printing = bsd ; printcap name = /etc/printcap ; printing = cups ; printcap name = cups ; printer admin = @ntadmin ; preserve case = yes ; short preserve case = yes ; include = /home/samba/etc/smb.conf.%m socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & ; domain master = auto ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; template shell = /bin/bash [homes] comment = Home Directories browseable = no writable = no create mask = 0700 directory mask = 0700 ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no [printers] comment = All Printers browseable = no path = /tmp printable = yes public = no writable = no create mode = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no ; write list = root, @ntadmin ;[cdrom] ; comment = Samba server's CD-ROM ; writable = no ; locking = no ; path = /cdrom ; public = yes ; preexec = /bin/mount /cdrom ; postexec = /bin/umount /cdromAs you can see, there are a myriad of options that can be used to customize the way Samba performs on a network but the above is nowhere near a complete list. There are more sections and more options for those sections. One of the key options is the security option under the [global] section. There are several different possible values here and they affect how a user authenticates to shared resources and whether duplicate accounts must be set up on the Linux system and any authenticating Windows servers.
Simple Sharing
In order to allow simple file and printer sharing we only need to change a few existing options and add an additional small section. This setup can be used on a simple network where security is not an issue and if you just want to play around with Samba they'll make it easy. As always, use the cp command to make a backup copy of the smb.conf file before you edit it so you can easily start over if the need arises.
cp /etc/samba/smb.conf /etc/samba/org-smb.conf
Then open the file using the nano text editor and make the following changes (in blue):
[global] workgroup = MYHOMENET server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d security = share encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes ; guest account = nobody invalid users = root ; unix password sync = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no load printers = yes printing = bsd printcap name = /etc/printcap ; printing = cups ; printcap name = cups ; printer admin = @ntadmin preserve case = yes short preserve case = yes ; include = /home/samba/etc/smb.conf.%m socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & ; domain master = auto ; idmap uid = 10000-20000 ; idmap gid = 10000-20000 ; template shell = /bin/bash [files] comment = Shared Files path = /home/ftp writable = yes guest ok = yes [homes] comment = Home Directories browseable = no writable = no create mask = 0700 directory mask = 0700 ;[netlogon] ; comment = Network Logon Service ; path = /home/samba/netlogon ; guest ok = yes ; writable = no ; share modes = no [printers] comment = All Printers browseable = yes path = /tmp printable = yes public = yes writable = yes create mode = 0777 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no ; write list = root, @ntadmin ;[cdrom] ; comment = Samba server's CD-ROM ; writable = no ; locking = no ; path = /cdrom ; public = yes ; preexec = /bin/mount /cdrom ; postexec = /bin/umount /cdromPres Ctrl-X and 'y' at the prompt to save the changes, and then press Enter to exit the editor saving the file. You can restart the Samba services but it's probably easier just to reboot your system.
You should now be able to go to a Windows system on the same network, open up Network Neighborhood, and browse to the files and printers shares on the Debian system.
Because the above sets you up with "guest" access, it will give you the access specified for "world" in the Unix file system permissions. (This is the third digit used with the chmod command.) For example, in the /home/ftp directory we see the following file entry:The "world" permissions are set to read (644) so guest access would be able to read the file. If we were to change the world permissions using the command:
-rw-r--r-- 1 root root 346 April 12 01:00 welcome.msg
chmod 646 /home/ftp/welcome.msg
the permission block for the file would then look like this:and the guest user could then also write to the file (or replace it).
-rw-r--rw- 1 root root 346 April 12 01:00 welcome.msg
The lp printer share will also be visible in the Network Neighborhood browse window even if you don't have a printer connected to the LPT port on your Samba system. This is because the lpd daemon is running. The 0777 value forcreate mode in the [printers] section isn't a setting you'd normally want to use. We just set it wide open to make working with printers easier while you're playing around.
If you double-click on a printer share, Windows will tell you it doesn't have a driver loaded for it and prompt you to add one. If you don't have a printer attached you can still do so by selecting Generic in the "Manufacturers" column andGeneric / Text Only in the "Printers" column. (Naturally, if you do have a printer connected you'd install it's specific driver.) This will allow you to open up the print queue window for the printer. The type of printer that's available is determined by the entries in the /etc/printcap file on the Samba server.
After opening the print queue window for the printer, Click on Printers on the menu bar, select Properties, and click on the Ports tab. You'll see that Windows has created a logical port which points to a remote system the same way it would if you were accessing a shared printer on another Windows system.
Where to learn more - The best of our bookshelves:
More info...Samba Essentials for Windows Administrators covers Samba in a very comprehensive manner. It's an indispensible reference for those who want to undertake a serious Samba implementation. While it doesn't get into the technical background of how things work like the "Integrate..." book, it is excellent from a practical applications perspective. It even covers things like setting up a Samba fax server using a fax/modem that can be accessed by Windows clients. A lot of coverage is given to using the Webmin tool in addition to SWAT. The chapter which covers setting up a Samba system as a domain controller spells out what Samba can't do when acting as a PDC, as well as what it can do. One chapter openly addresses the weaknesses of Samba which is essential information when deciding how and where to implement a Samba solution.
If you're using Debian 3.0 (Woody) note that you'll be using Samba 2.2. The above books cover Samba 2.2 so there may be some things mentioned in the books that don't look quite the same on your system. Debian 3.1 (Sarge) comes with Samba 3.07.
You can tell which version of Samba you're using by using the following command (note that the parameter is an upper-case V):
/usr/sbin/smbd -V
If you're wondering about Samba's performance, you may find thisPC Magazine article interesting. They benchmarked Windows 2000 and Samba on Linux on the same hardware and Samba won handily in both response time and throughput.
With Windows 2000 and 2003 servers calling for ever-increasing hardware requirements, and the licensing costs associated with the use of those servers continues to climb, Samba can offer large organizations large savings, and small ogranizations a network with all of the sophistication of a totally Windows-based network without actually incurring the costs of Windows server software and licensing. In addition to substantial savings associated with software, hardware costs can also be significantly lower due to the modest hardware requirements of Linux.
No matter the size of the organization, I've always found that management isn't as impressed with techie bells and whistles as they are with the bottom line. Implementing a network for pennies on the dollar will have you held in much higher esteem with management than any boat-load of certifications or fancy technical capabilities that no one ever uses.
SECURITY WARNING
Do NOT plan to use the system you will create using these guide pages as a "production" (real) server. It will NOT be secure!
There are many steps involved in creating a secure Internet or LAN server. While we do refer to some things you can do to make your system more secure, there are many other measures related to system security that also need to be taken into consideration and they are not covered on these pages.
These guide pages are meant as a learning tool only. The knowledge gained on these pages will help you understand the material covered in security-related publications when you are ready to consider setting up a production server.
Did you find this page helpful ?
If so, please help keep this site operating
by using our CD, gear, or book pages.
Site, content, documents, original images Copyright © 2003-2009 Keith Parkansky All rights reserved
Duplication of any portion of this site or the material contained herein without
the express written consent of Keith Parkansky, USA is strictly prohibited.
This site is in no way affiliated with the Debian Project, the debian.org Web site, or
Software In The Public Interest, Inc. No endorsement of this site by the Debian Project
or Software In the Public Interest is expressed or implied. Debian and the Debian logo
are registered trademarks of Software In The Public Interest, Inc. Linux is a registered
trademark of Linus Torvalds. The Tux penguin graphic is the creation of Larry Ewing.
LIABILITY
IN NO EVENT WILL KEITH PARKANSKY OR HOSTWAY INCORPORATED OR ANY OF ITS' SUBSIDIARIES BE LIABLE TO ANY PARTY (i) FOR ANY DIRECT, INDIRECT, SPECIAL, PUNITIVE OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, LOSS OF PROGRAMS OR INFORMATION, AND THE LIKE), OR ANY OTHER DAMAGES ARISING IN ANY WAY OUT OF THE AVAILABILITY, USE, RELIANCE ON, OR INABILITY TO USE THE INFORMATION, METHODS, HTML OR COMPUTER CODE, OR "KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE, COMMONLY REFERRED TO AS THE "ABOUT DEBIAN" WEBSITE, OR ANY OF ITS' ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS, COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED OR TRANSMITTED FILES OR GENERATED COMMUNICATIONS OR DATA EVEN IF KEITH PARKANSKY OR HOSTWAY INCORPORATED OR ANY OF ITS' SUBSIDIARIES SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND REGARDLESS OF THE FORM OF ACTION, WHETHER IN CONTRACT, TORT, OR OTHERWISE; OR (ii) FOR ANY CLAIM ATTRIBUTABLE TO ERRORS, OMISSIONS, OR OTHER INACCURACIES IN, OR DESTRUCTIVE PROPERTIES OF ANY INFORMATION, METHODS, HTML OR COMPUTER CODE, OR "KNOWLEDGE" PROVIDED ON OR THROUGH THIS WEBSITE, COMMONLY REFERRED TO AS THE "ABOUT DEBIAN" WEBSITE, OR ANY OF ITS' ASSOCIATED DOCUMENTS, DIAGRAMS, IMAGES, REPRODUCTIONS, COMPUTER EXECUTED CODE, OR ELECTRONICALLY STORED, TRANSMITTED, OR GENERATED FILES, COMMUNICATIONS, OR DATA. ALL INFORMATION, METHODS, HTML OR COMPUTER CODE IS PROVIDED STRICTLY "AS IS" WITH NO GUARANTY OF ACCURACY AND/OR COMPLETENESS. USE OF THIS SITE CONSTITUTES ACCEPTANCE OF ALL STATED TERMS AND CONDITIONS.
