diff --git a/LDP/guide/docbook/Linux-Networking/PLIP.xml b/LDP/guide/docbook/Linux-Networking/PLIP.xml
index ac7fa464..d81f8e51 100644
--- a/LDP/guide/docbook/Linux-Networking/PLIP.xml
+++ b/LDP/guide/docbook/Linux-Networking/PLIP.xml
@@ -3,7 +3,7 @@
PLIP
-plip (Parallel Line IP), is like SLIP, in that it is used for
+PLIP (Parallel Line IP), is like SLIP, in that it is used for
providing a point to point network connection between two machines,
except that it is designed to use the parallel printer ports on your
machine instead of the serial ports (a cabling diagram in included in
@@ -182,4 +182,11 @@ Complete information about parallel port management is available in
the file Documentation/parport.txt, part of your kernel sources.
+· PLIP information can be found in The Network Administrator Guide
+
+
+PLIP allows the cheap connection of two machines.
+It uses a parallel port and a special cable, achieving speeds of
+10kBps to 20kBps.
+
diff --git a/LDP/guide/docbook/Linux-Networking/PPP-and-SLIP.xml b/LDP/guide/docbook/Linux-Networking/PPP-and-SLIP.xml
new file mode 100644
index 00000000..9c99ec31
--- /dev/null
+++ b/LDP/guide/docbook/Linux-Networking/PPP-and-SLIP.xml
@@ -0,0 +1,16 @@
+
+
+PPP and SLIP
+
+
+The Linux kernel has built-in support for PPP (Point-to-Point-
+Protocol) and SLIP (Serial Line IP). PPP is the most popular
+way individual users access their ISPs (Internet Service
+Providers).
+
+· Linux PPP HOWTO
+
+· PPP/SLIP emulator
+
+
diff --git a/LDP/guide/docbook/Linux-Networking/Samba.xml b/LDP/guide/docbook/Linux-Networking/Samba.xml
index f260bc40..2e71a944 100644
--- a/LDP/guide/docbook/Linux-Networking/Samba.xml
+++ b/LDP/guide/docbook/Linux-Networking/Samba.xml
@@ -21,8 +21,6 @@
According to the SAMBA Meta-FAQ:
-
-
"Many users report that compared to other SMB implementations Samba is more stable,
faster, and compatible with more clients. Administrators of some large installations say
that Samba is the only SMB server available which will scale to many tens of thousands
@@ -35,18 +33,6 @@
· Printing HOWTO
-
-
-Samba
-
-
-
-A free software implementation of the server message block (SMB) network file sharing protocol. Samba is usually implemented on networks that have a mixture of UNIX, Linux, and Windows computers and is designed for interoperable file sharing. From Redhat-9-Glossary
-http://www.tldp.org/LDP/Linux-Dictionary/html/index.html
-
-
-
-
samba
@@ -71,18 +57,6 @@ A lot of emphasis has been placed on peaceful coexistence between UNIX and Windo
-
-
-Samba
-
-
-
-a suite of programs which work together to allow clients to access to a server's filespace and printers via the SMB (Session Message Block) protocol. This means that you can redirect disks and printers to Unix disks and printers from Lan Manager clients, Windows for Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 clients. From Linux Guide @FirstLinux
-http://www.tldp.org/LDP/Linux-Dictionary/html/index.html
-
-
-
-
Samba
@@ -95,2749 +69,8 @@ Samba adds Windows-networking support to UNIX. Whereas NFS is the most popular p
-
-
-samba-client
-
-
-
-Samba-client provides some SMB clients, which complement the built-in SMB filesystem in Linux. These allow the accessing of SMB shares, and printing to SMB printers. From Mandrake 9.0 RPM
-http://www.tldp.org/LDP/Linux-Dictionary/html/index.html
-
-
-
-
-
-
-samba-server
-
-
-
-Samba-server provides a SMB server which can be used to provide network services to SMB (sometimes called "Lan Manager") clients. Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) protocol. Samba-2.2 features working NT Domain Control capability andincludes the SWAT (Samba Web Administration Tool) that allows samba's smb.conf file to be remotely managed using your favourite web browser. For the time being this is being enabled on TCP port 901 via xinetd. SWAT is now included init's own subpackage, samba-swat. Users are advised to use Samba-2.2 as a Windows NT4 Domain Controller only on networks that do NOT have a WindowsNT Domain Controller. This release does NOT as yet have Backup Domain control ability. Please refer to the WHATSNEW.txt document for fixup information. This binary release includes encrypted password support. Please read the smb.conf file and ENCRYPTION.txt in the docs directory for implementation details. From Mandrake 9.0 RPM
-http://www.tldp.org/LDP/Linux-Dictionary/html/index.html
-
-
-
-
-
-> From Samba Authenticated Gateway HOWTO
Samba Authenticated Gateway HOWTO
Ricardo Alexandre Mattar
v1.2, 2004-05-21
- This documents intends to show how to build a Firewall/Gateway with
- rules set on user basis having the users authenticated by a Samba Pri
- mary Domain Controller
-
- 1. Introduction
-
- As you can see by the poorness of my language, English is not my
- native language. I am writing this document in English for the sake of
- the Linux community. So, please, excuse me for my poor English. And,
- please, if you speak Portuguese, address me in this language.
-
-
- This document intends to enlighten you (and myself) in the process of
- building a Linux Gateway or Firewall, which modify rules on demand
- when users log in or out from their Windows workstations.
-
-
- I should be writing an application, but I am too lazy. Hopefully when
- the idea is out there, people will build a few intelligently
- integrated packages. Meanwhile...
-
-
- In this document, I will try to show how to build a gateway to NAT or
- MASQUERADE Windows workstations. Use your imagination to modify it to
- get any level of network management. You may use it to grant or deny
- access to services, servers or entire subnetworks on your network.
-
-
- Imagine that you have to build a gateway to let Windows workstation
- access the Internet and that you need to authenticate each user before
- letting them access the external networks. The first solution you
- think about is Squid. It's indeed a great solution, when http and ftp
- access is enough for your users. When it comes to let them access
- other services like pop, smtp, ssh, a database server or whatever
- else, you immediately think about NAT or MASQUERADE. But what happens
- to the user authentication?
-
-
- Well, this is my solution. It gives you user authentication and fine
- grain control over their access to the external networks.
-
-
- 1.1. Overview
-
- We know that SAMBA can act as a Domain Controller and so it can
- authenticate users on Windows boxes. As a PDC, SAMBA can push netlogon
- scripts to the Windows workstations. We can use this netlogon scripts
- to force the Windows workstations mounting a given share from our
- Linux PDC. This "forced" share shall have preexec and postexec scripts
- which shall be triggered when the user logs in or out. There is a
- program named smbstatus which lists the shares being used, giving us
- also the username and ip address of the workstation. We just need to
- grep this information from smbstatus output and update our firewall
- rules.
-
-
- 1.2. Disclaimer
-
- No liability for the contents of this document can be accepted. Use
- the concepts, examples and other content at your own risk. As this is
- a new edition of this document, there may be errors and inaccuracies,
- that may of course be damaging to your system. Proceed with caution,
- and although this is highly unlikely, the author(s) do not take any
- responsibility for that.
-
-
- All copyrights are held by their respective owners, unless
- specifically noted otherwise. Use of a term in this document should
- not be regarded as affecting the validity of any trademark or service
- mark.
-
-
- Naming of particular products or brands should not be seen as
- endorsements.
-
-
- 1.3. New versions
-
- The newest release of this document can be found at http://ram.eti.br
- or at http://www.tldp.org
-
-
- Related HOWTOs can be found at the Linux Documentation Project
- homepage at http://tldp.org .
-
-
- 1.4. Translations
-
- A Portuguese version is available.
-
-
- A French translation by Guillaume Lelarge is available
- athttp://www.traduc.org
-
-
-
- A Hungarian translation is available at http://tldp.fsf.hu
-
-
-
- If you want to contribute with a translation, please do.
-
-
- 1.5. Feedback
-
- Contributions and criticism are both welcome.
-
-
- Corrections to my English are also very welcome!
-
-
- If you find any bugs in the scripts included, please tell me.
-
-
- You can find me at ricardo@ram.eti.br or at ricardo.mattar@bol.com.br
-
-
- 1.6. Copyright and trademarks
-
- Copyright (c) 2002-2003 Ricardo Alexandre Mattar
-
-
- Permission is granted to copy, distribute and/or modify this document
- under the terms of the GNU Free Documentation License, Version 1.2 or
- any later version published by the Free Software Foundation; with no
- Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
- copy of the license is included in the section entitled "GNU Free
- Documentation License".
-
-
- 1.7. Acknowledgments and Thanks
-
- Thanks to Carlos Alberto Reis Ribeiro for introducing me to Linux.
-
-
- Thanks to Cesar Bremer Pinheiro for motivating me to write this
- document.
-
-
- Thanks to Guillaume Lelarge for the (continuous) help with the
- revision.
-
-
- Thanks to Erik Esplund for further language corrections.
-
-
- Thanks to Albert Teixidó for code improvements.
-
-
- Thanks to Felipe Cordeiro Caetano for helping on my main testing site.
-
-
- Thanks to the secure communications company RASEAC
- for sponsoring my work.
-
-
- 2. Requirements
-
- 2.1. Knowledge
-
- This document is target at the seasoned systems administrator.
-
-
- You must have a fair knowledge about (at least know what these are):
-
-
-
- · TCP/IP;
-
- · Linux netfilter;
-
- · A scripting language (bash?);
-
- · SAMBA and Windows networking and domain controllers;
-
- Fortunately, there is plenty of documentation on these topics on the
- Internet.
-
-
- 2.2. Software
-
- Installed on your server, you will need at least:
-
-
-
- · Samba;
-
- · Iptables;
-
- · A scripting language;
-
-
- 3. Linux box setup
-
- This Howto assumes you have a kernel from the 2.4 series as it uses
- iptables. Other than that, there are no known issues why this should
- not work on a 2.2 kernel box with the scripts adapted to ipchains.
-
-
- Of course, you need to install the iptables userland tools, an apache
- http server if you want to run a CGI tool to change passwords and
- SAMBA. And you will need a kernel compiled with iptables modules.
-
-
- You may wish to use DHCP. If so, it is easy to set up. Remember to
- configure the dhcp server to give the nameserver IP address and the
- gateway IP address as well. The Windows machines will make good use of
- this information.
-
-
- 3.1. Basic system setup
-
- Generally any basic system setup from the common Linux distributions
- will fit in this gateway example. Just check if you have Samba and
- IPTABLES.
-
-
- 3.2. Additional directory hierarchy
-
- The additional directory hierarchy will be required to accomplish the
- example of this howto:
-
-
- This is used to keep track of the users and IP addresses:
-
-
-
- /var/run/smbgate/
-
-
-
- This is where I place user specific scripts:
-
-
-
- /etc/smbgate/users/
-
-
-
- And group specific scripts:
-
-
-
- /etc/smbgate/groups/
-
-
-
- Directory for the netlogon share:
-
-
-
- /home/samba/netlogon/
-
-
-
- Directory for the tracking share:
-
-
- /home/samba/samba/
-
-
-
- These hierarchies are required by some of the scripts and daemons of
- the example.
-
-
- 3.3. Firewall setup
-
- Its very unlikely that your distribution's kernel won't be compiled
- with Iptables and the userland tools won't be installed either.
- Anyway, if you don't have it, refer to http://www.netfilter.org
- or http://www.iptables.org
- to get the software and the documentation.
-
-
- You will need a basic firewall setup in order to get the gateway
- working. Take a look at the iptables tutorial at IPTABLES TUTORIAL
- . It's an interesting reading. Anyway, if you have no
- time to spend, the following code is somewhat (very) loose but it may
- fit your needs:
-
-
-
- #!/bin/sh
- IPTABLES=/usr/sbin/iptables
- /sbin/depmod -a
- /sbin/insmod ip_tables
- /sbin/insmod ip_conntrack
- /sbin/insmod ip_conntrack_ftp
- /sbin/insmod ip_conntrack_irc
- /sbin/insmod iptable_nat
- /sbin/insmod ip_nat_ftp
- echo "1" > /proc/sys/net/ipv4/ip_forward
- echo "1" > /proc/sys/net/ipv4/ip_dynaddr
- $IPTABLES -P INPUT ACCEPT
- $IPTABLES -F INPUT
- $IPTABLES -P OUTPUT ACCEPT
- $IPTABLES -F OUTPUT
- $IPTABLES -P FORWARD ACCEPT
- $IPTABLES -F FORWARD
- $IPTABLES -t nat -F
-
-
-
- You will notice that this code actually does nothing, but load the
- kernel modules related to nat and firewalling and turns the packet
- routing on. You can (and should) place any rules there to give your
- gateway a standard behavior, but the big magic will be done by scripts
- called by the SAMBA daemon.
-
-
- Please, remember that this code doesn't have the least bit of
- security! Don't use these examples in production environments. This
- example intends only to be educational. You have to add a firewall
- configuration that suits your systems.
-
-
- You have been warned!
-
-
-
- 3.4. SAMBA setup
-
- Check if you have Samba installed. If your distribution doesn't come
- with Samba pre-packaged then refer to http://www.samba.org
- to get the packages and for documentation on
- how to install Samba. Brows around their web site and learn about it.
- The site has plenty of documentation and maybe your LINUX distribution
- also has plenty of SAMBA documentation.
-
-
- We will need to setup SAMBA as a Primary Domain Controller. I will
- give an example configuration file here, but you should read the Samba
- HOWTO Collection and learn all you can about a PDC.
-
-
- 3.4.1. Basic SAMBA setup.
-
- Since I do not intend to rewrite the SAMBA documentation, here goes a
- sample smb.conf file:
-
-
-
- # Global parameters
- [global]
- workgroup = DOMAIN
- netbios name = LINUX
- server string = Linux PDC
- encrypt passwords = Yes
- map to guest = Bad Password
- passwd program = /usr/bin/passwd
- unix password sync = Yes
- max log size = 50
- time server = Yes
- socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
- add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
- logon script = netlogon.bat
- domain logons = Yes
- os level = 64
- lm announce = True
- preferred master = True
- domain master = True
- dns proxy = No
- printing = lprng
- [homes]
- comment = Home Directories
- path = /home/%u
- read only = No
- [printers]
- comment = All Printers
- path = /var/spool/samba
- printable = Yes
- browseable = No
- available = No
- [netlogon]
- comment = NetLogon ShARE
- path = /home/samba/netlogon
- guest account =
- [samba]
- comment = login tracking share
- path = /home/samba/samba
- browseable = No
- root preexec = /usr/local/bin/netlogon.sh %u %I
- root postexec = /usr/local/bin/netlogoff.sh %u
-
-
- You will have to do with it or read the SAMBA documentation if you
- really want to control your server and network.
-
-
- 3.4.2. The netlogon and the tracking shares
-
- The netlogon share is where the Windows workstations download the
- logon script from. We need this share in order to place there a logon
- script, which will tell the workstation to mount a share that will be
- used to track the users ip addresses.
-
-
- As you can see, there must be a line like the following in your
- smb.conf
-
-
-
- logon script = netlogon.bat
-
-
-
- This line will tell your Windows client to download and execute the
- script named netlogon.bat. This script must be placed at the netlogon
- share. So, we will also need a netlogon.bat script to your Windows
- workstations. You can use the following example and place it at the
- netlogon share, in this case: /home/samba/netlogon/NETLOGON.BAT.
-
-
-
- REM NETLOGON.BAT
- net use z: \\linux\samba /yes
-
-
-
- This script will tell the Windows workstation to mount the specified
- share, and so we will be able to keep track of the user and
- workstation through the output of the smbstatus program.
-
-
- Quite simple! But not enough...
-
-
- As you could see, we will need also a tracking share which, in this
- example, I named samba. You can see the tracking share configuration
- in smb.conf:
-
-
-
- [samba]
- comment = login tracking share
- path = /home/samba/samba
- browseable = No
- root preexec = /usr/local/bin/netlogon.sh %u %I
- root postexec = /usr/local/bin/netlogoff.sh %u
-
-
-
- As you can guess or know if you read the SAMBA documentation, the root
- preexec and the root postexec lines tell SAMBA to run the indicated
- scripts when a user mounts or unmounts the share. In this case, we are
- passing the username to the script as a parameter. Note the %u at the
- end of the lines. These scripts are the beasts which will call a
- script or program to modify our gateway's packet filtering rules.
-
-
-
- Note that the netlogon.sh script must check if the refered workstation
- has already mounted the tracking share.
-
-
- Take a look at the netlogon.sh and netlogoff.sh scripts:
-
-
-
- #!/bin/sh
- #
- # netlogon.sh
- #
- # usage:
- # netlogon.sh
- #
- if [ -f /var/run/smbgate/$1 ] ; then
- exit 0
- fi
- echo $2 > /var/run/smbgate/$1
- IPTABLES='/usr/sbin/iptables'
- EXTIF='eth0'
- COMMAND='-A'
- ADDRESS=`cat /var/run/smbgate/$1`
- GROUP=`groups $1 | gawk '// { print $3 }'`
- if [ -f /etc/smbgate/users/$1 ] ; then
- /etc/smbgate/users/$1 $COMMAND $ADDRESS $EXTIF
- else
- if [ -f /etc/smbgate/groups/$GROUP ] ; then
- /etc/smbgate/groups/$GROUP $COMMAND $ADDRESS $EXTIF
- else
- /etc/smbgate/users/default.sh $COMMAND $ADDRESS $EXTIF
- fi
- fi
-
-
-
- This script (netlogon.sh) is intended to run when the user logs in and
- will select the which scripts will be executed based on the user name
- and to which group the user belongs. The user's ip address will be
- written to a file at /var/run/smbgate for tracking purposes. The file
- will take the user's name and will be later used when the user log
- off. The IP address will be passed as an argument to a script with the
- users' name which will finally update the firewall.
-
-
- Notice that this netlogon.sh script tries a user script, then if it
- can't find the user script it tries a group script, and finally if it
- can't find the group script it tries the default.sh script. You can
- modify this logic and behavior as you wish and need, just remember to
- modify the others accordingly.
-
-
- Chances are if the user belong to more than one that these scripts
- will fail. I did not have time to write a better code.
-
-
-
- #!/bin/sh
- #
- # netlogoff.sh
- #
- # usage:
- # netlogoff.sh
- #
- IPTABLES='/usr/sbin/iptables'
- EXTIF='ppp0'
- COMMAND='-D'
- ADDRESS=`cat /var/run/smbgate/$1`
- GROUP=`groups $1 | gawk '// { print $3 }'`
- if [ -f /etc/smbgate/users/$1 ] ; then
- /etc/smbgate/users/$1 $COMMAND $ADDRESS $EXTIF
- else
- if [ -f /etc/smbgate/groups/$GROUP ] ; then
- /etc/smbgate/groups/$GROUP $COMMAND $ADDRESS $EXTIF
- else
- /etc/smbgate/users/default.sh $COMMAND $ADDRESS $EXTIF
- fi
- fi
- rm -f /var/run/smbgate/$1
-
-
-
- This script (netlogoff.sh) is intended to run when the user logs off
- and will get the address from the /var/run/smbgate/user file which
- will be passed as an argument to the /etc/smbgate/users/user script
- which will update the firewall to the state desired when the user is
- not logged in.
-
-
- Some versions of Windows, such as Windows 2000, mount the tracking
- share more than once per login. This may cause problems with the
- netlogon.sh and netlogoff.sh, triggering the scripts more the once.
- This can make a real mess. So, you may prefer to use a logout checking
- script at cron instead of a netlogoff.sh script triggered by SAMBA.
- Here is an example:
-
-
-
- #!/bin/sh
- # checklogout.sh
- #
- # usage:
- # intended to run at cron (maybe each 10 minutes)
-
- TRACKDIR="/var/run/smbgate"
- DIRLENGTH=${#TRACKDIR}
- TRACKSHARE="samba"
- EXTIF='eth0'
- COMMAND='-D'
- if [ -d $TRACKDIR ]; then
- for n in $TRACKDIR/*; do
- [ -d $n ] && continue;
- if [ -f $n ] ; then
- IPADDRESS=`cat $n`
- USERNAME=${n:$DIRLENGTH+1}
- NMS=`smbstatus -u $USERNAME | grep $TRACKSHARE | grep $IPADDRESS | grep -v grep | wc -l`
- if [ $NMS == 0 ] ; then
- rm -f $n
- GROUP=`groups $USERNAME | gawk '// { print $3 }'`
- if [ -f /etc/smbgate/users/$USERNAME ] ; then
- /etc/smbgate/users/$USERNAME $COMMAND $IPADDRESS $EXTIF
- else
- if [ -f /etc/smbgate/groups/$GROUP ] ; then
- /etc/smbgate/groups/$GROUP $COMMAND $IPADDRESS $EXTIF
- else
- /etc/smbgate/users/default.sh $COMMAND $IPADDRESS $EXTIF
- fi
- fi
- fi
- else
- exit 0
- fi
- done
- fi
-
-
-
- In that case you should remove the root postexec clause from the
- tracking share on smb.conf:
-
-
-
- root postexec = /usr/local/bin/netlogoff.sh %u
-
-
-
- The following is a standard /etc/smbgate/users/user script. This is
- the one which will actually modify the firewall rules.
-
-
-
- #!/bin/sh
- #
- COMMAND=$1
- ADDRESS=$2
- EXTIF=$3
- IPTABLES='/usr/sbin/iptables'
- $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
-
-
-
- We should also hase a default.sh script at /etc/smbgate/users/ to give
- the gateway a default behavior.
-
- #!/bin/sh
- #
- # default.sh
- COMMAND=$1
- ADDRESS=$2
- EXTIF=$3
- IPTABLES='/usr/sbin/iptables'
- #$IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
- exit 0
-
-
-
- 4. SSH setup
-
- You may want to run your PDC on one box and have another box as a
- managed gateway for any reason. If so you must setup your gateway to
- accept rsa authenticated logins without passwords from the PDC.
-
-
- Take a look at www.openssh.org
- for information on how to properly setup your ssh server and client
- for this.
-
-
- 4.1. Important
-
- You should read the ssh documentation and make shure that you fully
- understand what you are doing when you setup rsa or any other kind of
- cryptographic authentication.
-
-
- If security isn't an issue, just use my example and go on.
-
-
- 4.2. Key pair generation
-
- To create a key pair issue the following commands on the manchine
- meant to be the PDC:
-
-
-
- pdc:~# ssh-keygen -t rsa
-
-
-
- Answer the questions and copy the resulting public key to the gateway
- it self. Usually the public key goes to "~.ssh/id_rsa.pub"
-
-
-
- pdc:~# cd .ssh
- pdc:~# scp id_rsa.pub root@gateway:/root/.ssh/authorized_keys2
-
-
-
- 4.3. SSH enabled logon script
-
- The following is a standard /etc/smbgate/users/user script modified to
- use the ssh cryptographic authentication.
-
-
-
- #!/bin/sh
- #
- COMMAND=$1
- ADDRESS=$2
- EXTIF=$3
- IPTABLES='/sbin/iptables'
- ssh root@gateway $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
-
-
-
- Note that the iptables binary in called through ssh at the "gateway".
- Again, make sure that you read the ssh server documentation.
-
-
- 5. Windows workstation setup
-
- 5.1. Introduction
-
- We will stick to setting up the network, user management and policies
- on the Windows workstations.
-
-
- I will not go through all those steps, naming each dialog box. I will
- presume that if you can read and understand this document you can find
- your way through that mess.
-
-
- 5.2. Network protocols
-
- First, unless you really need, remove all network protocols but
- TCP/IP. Even without their own protocol, Windows machines like to
- broadcast a lot, and this doesn't please anyone. Anyway, with TCP/IP
- who needs anything else?
-
-
- 5.3. DHCP setup
-
- If you setup a DHCP server on your Linux box, remember that Windows
- workstations can get the nameservers and gateway's address besides its
- own IP address from it. So, you don't need to set all these items on
- each workstation.
-
-
- 5.4. Join your Linux server domain
-
- Configure the Windows workstation to log in a Domain, and give the
- domain name of your Linux server. This is essential to the gateway
- work.
-
-
- You must know that in order to join some versions of Windows to a
- SAMBA domain controller, you must create machine accounts in your
- Linux PDC. Check the SAMBA documentation on how to setup your PDC to
- the specific version of Windows which you have.
-
-
- 5.4.1. Windows 95/98
-
- These versions seems to need no special configuration to join the
- Linux PDC domain.
-
-
- 5.4.2. Windows NT and 2000
-
- These versions require machine accounts at the Linux box. Again, check
- the SAMBA documentation.
- 5.4.3. Windows XP
-
- This version needs a machine account at the Linux box and a tweak at
- the registry, as follows.
-
-
- Locate the key
- "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal".
- The default value is 1. Set it to 0 and it will no more complain about
- joining the domain.
-
-
- If you have many workstation to configure create a file named
- anything.reg with the following content and use it to modify the
- "faulty" registry.
-
-
-
- Windows Registry Editor Version 5.00
-
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
- "requiresignorseal"=dword:00000000
-
-
-
- This version also needs an adjust at the NETLOGON.BAT script.
- Sometimes it insists on making the mounting persistent.
-
-
-
- REM NETLOGON.BAT
- net use z: \\linux\samba /yes /persistent:no
-
-
-
- 5.5. Policy editor
-
- There is a utility named policy editor bundled on the Windows CD. The
- file name is poledit.exe. This tool, as the name suggest, allows to
- create a user and system policy file.
-
-
- Unfortunately, this tool does not generate a plain text configuration
- file, so I can't place an example here.
-
-
- Use the policy editor to create a policy to your workstations and
- users. You should disable the local password cache and domain cache in
- order to get some security. Save the policy file as config.pol and
- place it at the netlogon share of your Linux server. In this way, your
- Windows workstations will download and use the config.pol file to set
- their policy. Of course this task must be done on a Windows machine.
-
-
- If you don't use a config.pol file, your Windows workstations will
- annoy you asking for a Windows password and you will become nuts
- trying to synchronize and manage your Domain and Windows passwords.
- It seems that the OS doesn't know that it joined a domain. You must
- tell it and then you have to slap it in the face so it will believe
- you.
-
-
- 6. User management
-
-
-
- 6.1. Adding users
-
- Adding a Linux user by usual means and setting a samba password using
- smbpasswd will work. If you have any doubt, just refer to the SAMBA
- documentation. This is not a difficult issue.
-
-
- 6.2. Password management
-
- I am issuing this a major topic because I couldn't learn yet how to
- manage users and users' passwords from a Windows workstation without
- using a web interface. I couldn't find and didn't know how to build
- integrated tools to solve this problem. So, I am using a CGI program
- to get it done.
-
-
- Try the package at http://changepassword.sourceforge.net
- , it seems to be a good choice.
-
-
- 6.3. Granting or denying access to users
-
- As you could see in a previous section of this howto, the SAMBA daemon
- will call a netlogon.sh script every time the tracking share is
- mounted. This netlogon.sh script will call a script with the user's
- name giving this script the ip address of the refered workstation as a
- parameter. This user script will apply the desired rules.
-
-
- For example if you want to give the user full access to internet:
-
-
-
- #!/bin/sh
- #
- COMMAND=$1
- ADDRESS=$2
- EXTIF=$3
- IPTABLES='/usr/sbin/iptables'
- $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF -j MASQUERADE
-
-
-
- If you don't want to change anything to a particular user, just give
- him an empty script:
-
-
-
- #/bin/sh
- #
- exit 0
-
-
-
- Or just don't create any script for the less privileged users, letting
- them have the default.sh script, which would be empty as the previous
- or just give limited access as follows:
-
-
-
- #!/bin/sh
- #
- COMMAND=$1
- ADDRESS=$2
- EXTIF=$3
- EXTIFADDRESS=$4
- IPTABLES='/usr/sbin/iptables'
- $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF --dport 25 -j SNAT --to-source $EXTIFADDRESS
- $IPTABLES $COMMAND POSTROUTING -t nat -s $ADDRESS -o $EXTIF --dport 110 -j SNAT --to-source $EXTIFADDRESS
-
-
-
- Remember that this script requires you to modify all the previous
- scripts to include the extra parameter ou just modify the script
- script. And remember that you will go nowhere whis this howto if you
- don't understand iptables.
-
-
- 7. Group management
-
- 7.1. Creating groups
-
- Just create your user groups in the Linux PDC and add the users to the
- groups. This is it.
-
-
- Remember that the example scripts in this howto will probably fail if
- you have users belonging to more than one group. If you need this,
- remember to adjust the scripts.
-
-
- 7.2. Group policy
-
- You will need to define group specific scripts and place them in the
- directory "/etc/smbgate/groups/". Remember that the script must be
- named as the group, at least if you want to follow the examples in
- this howto.
-
-
- The default scheme of this howto is to check for a user script, then
- for a group script and finally for the default script. If you want to
- modify this behavior remember to adapt the netlogon.sh, netlogoff.sh
- (or the checklogout.sh) scripts. The whole logic is in these scripts.
-
-
- 8. Bibliography
-
- IPTABLES TUTORIAL
- by Oskar Andreasson
-
-
- Samba HOWTO Collection by the SAMBA Team
-
-> From Samba Authenticated Gateway HOWTO
-
- SMB HOWTO
- David Wood, dwood@plugged.net.au
- v1.3, 20 April 2000
-
- This is the SMB HOWTO. This document describes how to use the Server
- Message Block (SMB) protocol, also called the Session Message Block,
- NetBIOS or LanManager protocol, with Linux using Samba.
- ______________________________________________________________________
-
- Table of Contents
-
-
- 1. License
-
- 2. Introduction
-
- 3. Further Information
-
- 4. Installation
-
- 5. Running The Daemons
-
- 6. General Configuration (/etc/smb.conf)
-
- 7. Sharing A Linux Drive With Windows Machines
-
- 8. Accessing an SMB Share With Linux Machines
-
- 9. Sharing A Linux Printer With Windows Machines
-
- 10. Sharing A Windows Printer With Linux Machines
-
- 11. Backing Up Windows Machines to a Linux Host
-
- 12. Using Samba Across Routed Networks
-
- 13. Acknowledgements
-
-
-
- ______________________________________________________________________
-
- 1. License
-
- Copyright (c) 2000 David Wood.
-
- Permission is granted to copy, distribute and/or modify this document
- under the terms of the GNU Free Documentation License, Version 1.1 or
- any later version published by the Free Software Foundation; with no
- Invariant Sections , with no Front-Cover Texts and with no Back-Cover
- Texts. A copy of the license is available at
- http://www.gnu.org/copyleft/fdl.html
- .
-
-
- 2. Introduction
-
- This is the SMB HOWTO. This document describes how to use the Server
- Message Block (SMB) protocol, also called the Session Message Block,
- NetBIOS or LanManager protocol, with Linux using Samba. Although this
- document is Linux-centric, Samba runs on most Unix-like operating
- systems.
-
- This document is maintained by David Wood (dwood@plugged.net.au).
- Additions, modifications or corrections may be mailed there for
- inclusion in the next release.
- Much more Samba documentation is available at the Samba Web site,
- located at http://www.samba.org/ . There is a
- tremendous amount of information there; please have a look before
- asking for help! You also might try the comp.protocols.smb newsgroup.
-
- The SMB protocol is used by Microsoft Windows 3.11, NT and 95/98 to
- share disks and printers. Using the Samba suite of tools by Andrew
- Tridgell (Andrew.Tridgell@anu.edu.au), UNIX (including Linux) machines
- can share disk and printers with Windows hosts. The smbfs tools by
- Paal-Kr. Engstad (engstad@intermetrics.com) and Volker Lendecke
- (lendecke@namu01.gwdg.de) enable Unix machines to mount SMB shares
- from Windows or Samba hosts.
-
- There are four basic things that one can do with Samba:
-
-
- 1. Share a Linux drive with Windows machines.
-
- 2. Access an SMB share with Linux machines.
-
- 3. Share a Linux printer with Windows machines.
-
- 4. Share a Windows printer with Linux machines.
-
- All of these are covered in this document, plus a few other odds and
- ends.
-
- Disclaimer: The procedures and scripts either work for the author or
- have been reported to work by the people that provided them.
- Different configurations may not work with the information given here.
- If you encounter such a situation, please e-mail the author with
- suggestions for improvement in this document.
-
- Please note that for Windows 3.x machines to access SMB shares, they
- must have a TCP/IP stack and the Win32s DLLs. Both of these are
- available on Microsoft's Web site (http://www.microsoft.com
- ). As of the writing of this version of the
- HOWTO, Microsoft are reportedly requiring a subscription to the
- Microsoft Software Developers Network (MSDN) to download the TCP/IP-32
- stack for Windows 3.x from their Web site. Since this software used
- to be free, many older copies are in existance and may be acquired
- from friends and user group contacts.
-
-
- 3. Further Information
-
- This HOWTO attempts to explain how to configure basic SMB file and
- print services on a Linux machine. Samba is a very complex and
- complete package. There would be no point in attempting to duplicate
- all of the documentation for Samba here.
-
- For further information, please see the following documents:
-
- · The Samba documentation, available as part of the Samba
- distribution. The distribution is available at:
- ftp://ftp.samba.org/
-
- · The Linux Printing HOWTO.
-
- · Protocol Standard For A NetBIOS Service On A TCP/UDP Transport.
-
- RFC 1001
- > RFC 1001 - Concepts and Methods.
-
- RFC 1002
- > RFC 1002 - Detailed Specifications.
- 4. Installation
-
- First, in order to use Samba your machines must be on a single
- ethernet LAN segment using the TCP/IP protocol. Samba will not work
- using other network protocols. This is generally easy since Linux and
- Windows 95/98/NT ship with TCP/IP support. However, if you are using
- Windows 3.X machines TCP/IP support will need to be added. One of the
- most common questions that I get asked is why Samba "isn't working"
- when Windows machines are not using TCP/IP.
-
- In order to setup Windows 95/98 to use TCP/IP, select Control Panel |
- Network, then add and configure Microsoft TCP/IP. Under Windows NT,
- select Control Panel | Network | Protocols.
-
- To get the latest source version of Samba, go to this URL and pick the
- closest mirror site to you: ftp://ftp.samba.org/
- .
-
- In most cases, though, your Linux distribution will already come with
- an installable package containing a recent version of Samba.
-
- The following two daemons are required for the Samba package. They
- are typically installed in /usr/sbin and run either on boot from the
- systems startup scripts or from inetd. Example scripts are shown in
- ``Running the Daemons''.
-
-
- ______________________________________________________________________
- smbd (The SMB daemon)
- nmbd (Provides NetBIOS nameserver support to clients)
- ______________________________________________________________________
-
-
-
- Please note that the name service provided by the nmbd daemon is
- different from the name service provided by the Domain Name Service
- (DNS). NetBIOS name service is a 'Windows-style' name service used
- for SMB. In other words, having DNS name service tells you nothing
- about the state of the ability for Samba to resolve host names.
-
- Typically, the following Samba binaries are installed in /usr/bin or
- /usr/local/samba/bin, although the location is optional.
-
-
- ______________________________________________________________________
- smbclient (An SMB client for UNIX machines)
- smbprint (A script to print to a printer on an SMB host)
- smbprint.sysv (As above, but for SVR4 UNIX machines)
- smbstatus (Lists the cuurent SMB connections for the local host)
- smbrun (A 'glue' script to facilitate runnning applciations
- on SMB hosts)
- ______________________________________________________________________
-
-
-
- The binaries for smbfs file system support are discussed later in this
- document.
-
- Additionally, a script called 'print' is included with this HOWTO,
- which serves as a useful front end to the smbprint script.
-
- The Samba package is simple to install. Simply retrieve the source
- from the location mentioned above, and read the file README in the
- distribution. There is also a file called docs/INSTALL.txt in the
- distribution that provides a simple step-by-step set of instructions.
-
- Following installation, place the daemons in /usr/sbin and the
- binaries in /usr/bin. Install the man pages in /usr/local/man.
-
- When you made the Samba package, you would have specified in the
- Makefile the location for the configuration file, smb.conf. This is
- generally in /etc, but you can put it anywhere you like. For these
- directions, we will presume that you specified the location of the
- configuration file as /etc/smb.conf, the log file location as log file
- = /var/log/samba-log.%m and the lock directory as lock directory =
- /var/lock/samba.
-
- Install the configuration file, smb.conf. Go to the directory where
- Samba was built. Look in the subdirectory examples/simple and read
- the file README. Copy the file smb.conf found in that directory to
- /etc. BE CAREFUL! If you have a Linux distribution that already has
- Samba installed, you may already have a Samba configuration file in
- /etc. You should probably start with that one.
-
- If you don't want to have your configuration file in /etc, put it
- wherever you want to, then put a symlink in /etc:
-
-
- ______________________________________________________________________
- ln -s /path/to/smb.conf /etc/smb.conf
- ______________________________________________________________________
-
-
-
- 5. Running The Daemons
-
- The two SMB daemons are /usr/sbin/smbd and /usr/sbin/nmbd. Under most
- Linux distributions, these are started, stoped and restarted via the
- startup script located in /etc/rc.d/init.d/smb and symlinked to the
- appropriate runlevels.
-
- If you choose not to use the standard startup script, you can run the
- Samba daemons from inetd or as stand-alone processes. Samba will
- respond slightly faster as a standalone daemon than running from
- inetd.
-
- In either case, you should check the file /etc/services for lines that
- look like this:
-
-
-
- ______________________________________________________________________
- netbios-ns 137/tcp nbns
- netbios-ns 137/udp nbns
- netbios-dgm 138/tcp nbdgm
- netbios-dgm 138/udp nbdgm
- netbios-ssn 139/tcp nbssn
- ______________________________________________________________________
-
-
-
- Make sure they are all uncommented. Depending on your distribution,
- you may even need to add them. Samba will not be able to bind to the
- appropriate ports unless /etc/services has these entries.
-
- To run the daemons from inetd, place the following lines in the inetd
- configuration file, /etc/inetd.conf:
-
-
-
- ______________________________________________________________________
- # SAMBA NetBIOS services (for PC file and print sharing)
- netbios-ssn stream tcp nowait root /usr/sbin/smbd smbd
- netbios-ns dgram udp wait root /usr/sbin/nmbd nmbd
- ______________________________________________________________________
-
-
-
- Then restart the inetd daemon by running the command:
-
-
- ______________________________________________________________________
- kill -HUP `cat /var/run/inetd.pid`
- ______________________________________________________________________
-
-
-
- To run the daemons from the system startup scripts, put the following
- script in file called /etc/rc.d/init.d/smb (for most distributions)
- and symbolically link it to the files specified in the comments:
-
-
-
- ______________________________________________________________________
- #!/bin/sh
-
- #
- # /etc/rc.d/init.d/smb - starts and stops SMB services.
- #
- # The following files should be synbolic links to this file:
- # symlinks: /etc/rc.d/rc1.d/K35smb (Kills SMB services on shutdown)
- # /etc/rc.d/rc3.d/S91smb (Starts SMB services in multiuser mode)
- # /etc/rc.d/rc6.d/K35smb (Kills SMB services on reboot)
- #
-
- # Source function library.
- . /etc/rc.d/init.d/functions
-
- # Source networking configuration.
- . /etc/sysconfig/network
-
- # Check that networking is up.
- [ ${NETWORKING} = "no" ] && exit 0
-
- # See how we were called.
- case "$1" in
- start)
- echo -n "Starting SMB services: "
- daemon smbd -D
- daemon nmbd -D
- echo
- touch /var/lock/subsys/smb
- ;;
- stop)
- echo -n "Shutting down SMB services: "
- killproc smbd
- killproc nmbd
- rm -f /var/lock/subsys/smb
- echo ""
- ;;
- *)
- echo "Usage: smb {start|stop}"
- exit 1
- esac
- ______________________________________________________________________
-
-
-
- If when starting Samba you get an error that says something about the
- daemon failing to bind to port 139, then you probably have another
- Samba process already running that hasn't yet shut down. Check a
- process list (with 'ps auxww | grep mbd') to determine if another
- Samba service is running.
-
-
-
- 6. General Configuration (/etc/smb.conf)
-
- Samba configuration on a Linux (or other UNIX machine) is controlled
- by a single file, /etc/smb.conf. This file determines which system
- resources you want to share with the outside world and what
- restrictions you wish to place on them.
-
- Since the following sections will address sharing Linux drives and
- printers with Windows machines, the smb.conf file shown in this
- section is as simple as you can get, just for introductory purposes.
-
-
- Don't worry about the details, yet. Later sections will introduce the
- major concepts.
-
- Each section of the file starts with a section header such as
- [global], [homes], [printers], etc.
-
- The [global] section defines a few variables that Samba will use to
- define sharing for all resources.
-
- The [homes] section allows a remote users to access their (and only
- their) home directory on the local (Linux) machine). That is, users
- trying to connect to this share from Windows machines, will be
- connected to their personal home directories. Note that to do this,
- they must have an account on the Linux box.
-
- The sample smb.conf file below allows remote users to get to their
- home directories on the local machine and to write to a temporary
- directory. For a Windows user to see these shares, the Linux box has
- to be on the local network. Then the user simply connects a network
- drive from the Windows File Manager or Windows Explorer.
-
- Note that in the following sections, additional entries for this file
- will be given to allow more resources to be shared.
-
-
-
- ______________________________________________________________________
- ; /etc/smb.conf
- ;
- ; Make sure and restart the server after making changes to this file, ex:
- ; /etc/rc.d/init.d/smb stop
- ; /etc/rc.d/init.d/smb start
-
- [global]
- ; Uncomment this if you want a guest account
- ; guest account = nobody
- log file = /var/log/samba-log.%m
- lock directory = /var/lock/samba
- share modes = yes
-
- [homes]
- comment = Home Directories
- browseable = no
- read only = no
- create mode = 0750
-
- [tmp]
- comment = Temporary file space
- path = /tmp
- read only = no
- public = yes
- ______________________________________________________________________
-
-
-
- Having written a new smb.conf, it is useful to test it to verify its
- correctness. You can test the correctness of a smb.conf file , using
- the 'testparm' utility (man page: testparm); if testparm reports no
- problems, smbd will correctly load the configuration file.
-
- Here's a good trick: If your Samba server has more than one ethernet
- interface, the smbd may bind to the wrong one. If so, you can force
- it to bind to the intended one by adding a line that looks like this
- to the [global] section of /etc/smb.conf:
-
- ______________________________________________________________________
- interfaces = 192.168.1.1/24
- ______________________________________________________________________
-
-
-
- where you replace the IP address above with the one that is assigned
- to the correct ethernet interface. The "24" is correct for a Class C
- network, but may have to be recalculated if you have subnetted the
- network. The number relates to the netmask. Numbers for other
- classes of networks are given in the IP-Masquerade mini-HOWTO.
-
- There is now a GUI configuration tool for Samba: GtkSamba. See
- http://www.open-systems.com/gtksamba.html .
-
-
-
- 7. Sharing A Linux Drive With Windows Machines
-
- As shown in the simple smb.conf above, sharing Linux drives with
- Windows users is easy. However, like everything else with Samba, you
- can control things to a large degree. Here are some examples:
-
- To share a directory with the public, create a clone of the [tmp]
- section above by adding something like this to smb.conf:
-
-
-
- ______________________________________________________________________
- [public]
- comment = Public Stuff
- path = /home/public
- public = yes
- writable = yes
- printable = no
- ______________________________________________________________________
-
-
-
- To make the above directory readable by the public, but only writable
- by people in group staff, modify the entry like this:
-
-
-
- ______________________________________________________________________
- [public]
- comment = Public Stuff
- path = /home/public
- public = yes
- writable = yes
- printable = no
- write list = @staff
- ______________________________________________________________________
-
-
-
- It used to be that easy; you would now be able to start Samba and
- browse the shares from a Windows PC. However, Microsoft has recently
- made life slightly more difficult for those using Samba. Windows 98,
- Windows NT (service pack 3 or higher) and later builds of Windows 95
- now use encrypted passwords by default. Samba uses unencrypted
- passwords by default. You can't browse servers when either the client
- or server is using encrypted passwords, because a connection cannot be
- made anonymously.
-
- You can tell if you have a password type mismatch between client and
- server if when you try to connect to a share you see a dialog box
- which reads something like "You are not authorized to access that
- account from this machine".
-
- You can either configure your Samba server to use encrypted passwords,
- or configure the Windows machines to use unencrypted passwords.
-
- To get Windows to work with encrypted SMB passwords:
-
- Windows 95/98 =============
-
- Using the registry editor (regedit), create the registry setting
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP Add a
- new DWORD value: Value Name: EnablePlainTextPassword Data:
- 0x01.
-
- Windows NT ==========
-
- Using the registry editor (regedit), create the registry setting
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rdr\Parameters
- Add a new DWORD value: Value Name: EnablePlainTextPassword Data:
- 0x01
-
- Windows 2000 ============
-
- Using the registry editor (regedit), create the registry setting
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters
- Add a new DWORD value: Value Name: EnablePlainTextPassword Data: 0x01
-
- Once these registry changes have been made, reboot the Windows machine
- and try to map a network drive on the Samba server again. It should
- work as long as the Samba server is using plain text passwords.
-
- To configure Samba to use encrypted passwords:
-
- In the [global] section of /etc/smb.conf, add the following lines:
-
-
-
- ______________________________________________________________________
- encrypt passwords = yes
- smb passwd file = /etc/smbpasswd
- ______________________________________________________________________
-
-
-
- You are highly encouraged to read the files ENCRYPTION.txt, Win95.txt
- and WinNT.txt in the Samba documentation before doing this!
-
- If your clients and server are using encrypted passwords, you will not
- be able to browse the available shares on the server until an initial
- connection has been made with the appropriate authentication. To get
- the initial connection, enter the share name manually in the Windows
- File Manager or Explorer dialog box, in the form
- '\\\'. Log onto the server with a username and
- password that is valid on the server!
-
- If you suspect that your NetBIOS name service is not correctly
- configured (perhaps because you get 'host not found' errors when
- trying to connect), try using just the IP address of the server:
- '\\\'.
- In order to get filenames to appear correctly, you may also need to
- set some options in the appropriate share section. These work for
- Windows 95/98/NT clients, but may need to be modified if you have
- Windows 3.X clients:
-
-
-
- ______________________________________________________________________
- ; Mangle case = yes seems to give the correct filenames
- ; for Win95/98/NT.
- mangle case = yes
-
- ; If samba is case sensitive when looking for files
- case sensitive = no
-
- ; Default case of files that are created
- default case = lower
-
- ; Preserve case for all filenames
- preserve case = yes
-
- ; Preserve case for dos (8.3) filenames
- short preserve case = no
- ______________________________________________________________________
-
-
-
- For other tricks to play with drive shares, see the Samba
- documentation or man pages.
-
-
-
- ______________________________________________________________________
- interfaces = 192.168.1.1/24
- ______________________________________________________________________
-
-
-
- Note: The bit after the / is a reference to the subnet mask. "24" is
- the value to use for an unsegmented Class C network. For more
- information on subnet calculations, you might want to see
- http://www.ralphb.net/IPSubnet/ .
-
- There is a lot more to Samba configuration than this, but this will
- get you started. If you want to do something more advanced, I refer
- you to the Samba Web site mentioned above.
-
-
-
- 8. Accessing an SMB Share With Linux Machines
-
- Linux (UNIX) machines can also browse and mount SMB shares. Note that
- this can be done whether the server is a Windows machine or a Samba
- server!
-
- An SMB client program for UNIX machines is included with the Samba
- distribution. It provides an ftp-like interface on the command line.
- You can use this utility to transfer files between a Windows 'server'
- and a Linux client.
-
- Most Linux distributions also now include the useful smbfs package,
- which allows one to mount and umount SMB shares. More on smbfs below.
-
- To see which shares are available on a given host, run:
-
-
- ______________________________________________________________________
- /usr/bin/smbclient -L host
- ______________________________________________________________________
-
-
-
- where 'host' is the name of the machine that you wish to view. this
- will return a list of 'service' names - that is, names of drives or
- printers that it can share with you. Unless the SMB server has no
- security configured, it will ask you for a password. Get it the
- password for the 'guest' account or for your personal account on that
- machine.
-
- For example:
-
-
- ______________________________________________________________________
- smbclient -L zimmerman
- ______________________________________________________________________
-
-
-
- The output of this command should look something like this:
-
-
-
- ______________________________________________________________________
- Server time is Sat Aug 10 15:58:27 1996
- Timezone is UTC+10.0
- Password:
- Domain=[WORKGROUP] OS=[Windows NT 3.51] Server=[NT LAN Manager 3.51]
-
- Server=[ZIMMERMAN] User=[] Workgroup=[WORKGROUP] Domain=[]
-
- Sharename Type Comment
- --------- ---- -------
- ADMIN$ Disk Remote Admin
- public Disk Public
- C$ Disk Default share
- IPC$ IPC Remote IPC
- OReilly Printer OReilly
- print$ Disk Printer Drivers
-
-
- This machine has a browse list:
-
- Server Comment
- --------- -------
- HOPPER Samba 1.9.15p8
- KERNIGAN Samba 1.9.15p8
- LOVELACE Samba 1.9.15p8
- RITCHIE Samba 1.9.15p8
- ZIMMERMAN
- ______________________________________________________________________
-
-
-
- The browse list shows other SMB servers with resources to share on the
- network.
-
- To use the client, run:
-
- ______________________________________________________________________
- /usr/bin/smbclient service
- ______________________________________________________________________
-
-
-
- where 'service' is a machine and share name. For example, if you are
- trying to reach a directory that has been shared as 'public' on a
- machine called zimmerman, the service would be called
- \\zimmerman\public. However, due to shell restrictions, you will need
- to escape the backslashes, so you end up with something like this:
-
-
- ______________________________________________________________________
- /usr/bin/smbclient \\\\zimmerman\\public mypasswd
- ______________________________________________________________________
-
-
-
- where 'mypasswd' is the literal string of your password.
-
- You will get the smbclient prompt:
-
-
-
- ______________________________________________________________________
- Server time is Sat Aug 10 15:58:44 1996
- Timezone is UTC+10.0
- Domain=[WORKGROUP] OS=[Windows NT 3.51] Server=[NT LAN Manager 3.51]
- smb: \>
- ______________________________________________________________________
-
-
-
- Type 'h' to get help using smbclient:
-
-
-
- ______________________________________________________________________
- smb: \> h
- ls dir lcd cd pwd
- get mget put mput rename
- more mask del rm mkdir
- md rmdir rd prompt recurse
- translate lowercase print printmode queue
- cancel stat quit q exit
- newer archive tar blocksize tarmode
- setmode help ? !
- smb: \>
- ______________________________________________________________________
-
-
-
- If you can use ftp, you shouldn't need the man pages for smbclient.
-
- Although you can use smbclient for testing, you will soon tire of it
- for real work. For that you will probably want to use the smbfs
- package. Smbfs comes with two simple utilties, smbmount and
- smbumount. They work just like mount and umount for SMB shares.
-
- One important thing to note: You must have smbfs support compiled
- into your kernel to use these utilities!
-
-
- The following shows a typical use of smbmount to mount an SMB share
- called "customers" from a machine called "samba1":
-
-
-
- ______________________________________________________________________
- [root@postel]# smbmount "\\\\samba1\\customers" -U rtg2t -c 'mount /customers -u 500 -g 100'
- Added interface ip=192.168.35.84 bcast=192.168.255.255 nmask=255.255.0.0
- Got a positive name query response from 192.168.168.158 ( 192.168.168.158 )
- Server time is Tue Oct 5 10:27:36 1999
- Timezone is UTC-4.0
- Password:
- Domain=[IPM] OS=[Unix] Server=[Samba 2.0.3]
- security=user
- ______________________________________________________________________
-
-
-
- Issuing a mount command will now show the share mounted, just as if it
- were an NFS export:
-
-
-
- ______________________________________________________________________
- [root@postel]# mount
- /dev/hda2 on / type ext2 (rw)
- none on /proc type proc (rw)
- none on /dev/pts type devpts (rw,mode=622)
- //SAMBA1/CUSTOMERS on /customers type smbfs (0)
- ______________________________________________________________________
-
-
-
- Please see the manual pages for smbmount and smbumount for details on
- the above operation.
-
-
-
- 9. Sharing A Linux Printer With Windows Machines
-
- To share a Linux printer with Windows machines, you need to make
- certain that your printer is set up to work under Linux. If you can
- print from Linux, setting up an SMB share of the printer is stright
- forward.
-
- Note that Windows users must have an account on the Linux/Samba server
- in order to print. Windows 95/98 will attempt to authenticate to the
- print server using the username and password used on login to the
- Windows box.This means that if you clicked 'Cancel' when logging onto
- Windows, you can't print (or connect to other SMB services)! Windows
- NT allows one to explicitely provide a username and password when
- connecting to a printer.
-
- See the Printing HOWTO to set up local printing.
-
- Add printing configuration to your smb.conf:
-
-
-
- ______________________________________________________________________
- [global]
- printing = bsd
- printcap name = /etc/printcap
- load printers = yes
- log file = /var/log/samba-log.%m
- lock directory = /var/lock/samba
-
- [printers]
- comment = All Printers
- security = server
- path = /var/spool/lpd/lp
- browseable = no
- printable = yes
- public = yes
- writable = no
- create mode = 0700
-
- [ljet]
- security = server
- path = /var/spool/lpd/lp
- printer name = lp
- writable = yes
- public = yes
- printable = yes
- print command = lpr -r -h -P %p %s
- ______________________________________________________________________
-
-
-
- Make certain that the printer path (in this case under [ljet]) matches
- the spool directory in /etc/printcap!
-
- The lines:
-
-
- ______________________________________________________________________
- printcap name = /etc/printcap
- load printers = yes
- ______________________________________________________________________
-
-
-
- controls whether all the printers in /etc/printcap should be loaded by
- default. If you do this, there is no reason to set up printers
- individually. The section [printers] specifies options for the
- printers that you wish to explicitly difine. If the printing
- subsystem you are using doesn't work this way (BSD), you need to set
- up a fake printcap file (or to use the 'print command' technique, see
- below). For more information on the printcap system see the Printing
- HOWTO.
-
- A useful technique to test the network connection is to change the
- print command to:
-
-
- ______________________________________________________________________
- print command = cp %S /tmp/print.%P.%S
- ______________________________________________________________________
-
-
-
- The resulting file can then be analyzed.
-
-
- NOTE: There are some problems sharing printers on UNIX boxes with
- Windows NT machines using Samba. One problem is with NT seeing the
- shared printer properly. To fix this, see the notes in the Samba
- distribution in the file docs/WinNT.txt. The other deals with
- password problems. See the comments in the same file for an annoying
- gain of understanding and failure to fix the problem.
-
- Oleg L. Machulskiy (machulsk@shade.msu.ru) suggests that a better
- print command to use in the above example would be:
-
-
-
- ______________________________________________________________________
- print command = smb2ps %s | lpr -r -h -P %p
- ______________________________________________________________________
-
-
-
- where 'smb2ps' is a script which transforms the spool file received
- from Windows into usual a usable Postscript file. It must cut off
- first 3 lines and last 2 lines, because these lines contain some PJL
- or PCL codes.
-
- That approach is only needed if your Windows machine is printing PCL
- and not real Postscript. I have found that Windows 95/98/NT don't
- have a generic Postscript driver per se, but the "Digital turbo
- Printserver 20" driver acts as a good general Postscript driver for
- most setups. I have also heard that the "Apple LaserWriter II NTX"
- driver works for this purpose.
-
- If you are creating a printer spool directory instead of using one
- created by a Linux distribution's installation utility, be careful of
- permissions! Neil Fraser (neilf@necon.co.za) suggested setting the
- permissions of the spool directory (in his case, /var/spool/lpd/lpr)
- to 4755 (note the suid bit). This worked for him when the owner of
- the directory was 'root' and the group was 'lp'.
-
- Jeff Stern (jstern@eclectic.ss.uci.edu) reported that he had to set
- the permissions on his spool directory to 777 in order for non-
- priviledged users to print, although he notes that he could have also
- added users to the 'lp' group. This is a decision for local systems
- administrators; if printing security is an issue, then lock it down.
- In home environments, you will probably want everyone to be able to
- print.
-
- Dr. Michael Langner (langner@fiz-chemie.de) points out that write
- permission problems on the /var/spool/lpd/ tree could be avoided by
- use something like "path = /tmp" and "print command = lpr -r -P%p %s"
- instead.
-
- Sometimes, a Postscript parsing error will occur with Postscript
- printing from Windows machines that causes an extra page to be printed
- at the end of every print job. The last page will always have "%%[
- Lastpage ]%%" at the top of it. This seems to happen with Windows 95
- and 98 only and is because the Postscript is malformed.
-
- One way to handle that is to use a script to remove that bit of bad
- Postscript from the spooled jobs. Another way is to try to find a
- better Windows Postscript driver. Probably the best way is to us
- LPRng instead of Postscript to print to a Samba server.
-
- Erik Ratcliffe (erik@caldera.com) Caldera tells me that using LPRng
- means that any printer driver can be used from Windows machines. On
- the Samba server, they used an /etc/printcap entry that looked like
- this:
- ______________________________________________________________________
- raw:\
- :rw:sh:
- :lp=/dev/lp1
- :sd=/var/spool/lpd/raw
- :fx=flp
- ______________________________________________________________________
-
-
-
- LPRng doesn't require :\ at the end of every line. A printer entry
- will still need to be made in /etc/smb.conf for the physical printer.
- The print command line needs to use the "raw" entry in /etc/printcap
- and data must be sent to the printer in binary form. Try a print
- command line like this:
-
-
-
- ______________________________________________________________________
- print command = lpr -b -Praw %s
- ______________________________________________________________________
-
-
-
- You may also need to set the spooling on the Windows95 end to print
- directly to the printer instead of spooling.
-
- If you constantly get a extra page printing at the end of print jobs
- from Windows clients, try adding an "sf" directive in /etc/printcap.
- This will suppress form feeds separating jobs, but will not effect
- form feeds within documents.
-
-
-
- 10. Sharing A Windows Printer With Linux Machines
-
- To share a printer on a Windows machine, you must do the following:
-
-
- 1. You must have the proper entries in /etc/printcap and they must
- correspond to the local directory structure (for the spool
- directory, etc).
-
- 2. You must have the script /usr/bin/smbprint. This comes with the
- Samba source, but not with all Samba binary distributions. A
- slightly modifed copy is discussed below.
-
- 3. If you want to convert ASCII files to Postscript, you must have
- nenscript, or its equivalent. nenscript is a Postscript converter
- and is generally installed in /usr/bin.
-
- 4. You may wish to make Samba printing easier by having an easy-to-use
- front end. A simple perl script to handle ASCII, Postscript or
- created Postscript is given below.
-
- 5. You could also use MagicFilter to do the above. The details on
- setting up MagicFilter are given below the perl script.
- MagicFilter has advantages because it knows how to automatically
- convert a lot of file formats.
-
- The /etc/printcap entry below is for an HP 5MP printer on a Windows NT
- host. The entries are as follows:
-
-
- ______________________________________________________________________
- cm - comment
- lp - device name to open for output
- sd - the printer's spool directory (on the local machine)
- af - the accounting file
- mx - the maximum file size (zero is unlimited)
- if - name of the input filter (script)
- ______________________________________________________________________
-
-
-
- For more information, see the Printing HOWTO or the man page for
- printcap.
-
-
-
- ______________________________________________________________________
- # /etc/printcap
- #
- # //zimmerman/oreilly via smbprint
- #
- lp:\
- :cm=HP 5MP Postscript OReilly on zimmerman:\
- :lp=/dev/lp1:\
- :sd=/var/spool/lpd/lp:\
- :af=/var/spool/lpd/lp/acct:\
- :mx#0:\
- :if=/usr/bin/smbprint:
- ______________________________________________________________________
-
-
-
- Make certain that the spool and accounting directories exist and are
- writable. Ensure that the 'if' line holds the proper path to the
- smbprint script (given below) and make sure that the proper device is
- pointed to (the /dev special file).
-
- Next is the smbprint script itself. It is usually placed in /usr/bin
- and is attributable to Andrew Tridgell, the person who created Samba
- as far as I know. It comes with the Samba source distribution, but is
- absent from some binary distributions, so I have recreated it here.
-
- You may wish to look at this carefully. There are some minor
- alterations that have shown themselves to be useful.
-
-
-
- ______________________________________________________________________
- #!/bin/sh -x
-
- # This script is an input filter for printcap printing on a unix machine. It
- # uses the smbclient program to print the file to the specified smb-based
- # server and service.
- # For example you could have a printcap entry like this
- #
- # smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint
- #
- # which would create a unix printer called "smb" that will print via this
- # script. You will need to create the spool directory /usr/spool/smb with
- # appropriate permissions and ownerships for your system.
-
- # Set these to the server and service you wish to print to
- # In this example I have a WfWg PC called "lapland" that has a printer
- # exported called "printer" with no password.
-
- #
- # Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton)
- # so that the server, service, and password can be read from
- # a /usr/var/spool/lpd/PRINTNAME/.config file.
- #
- # In order for this to work the /etc/printcap entry must include an
- # accounting file (af=...):
- #
- # cdcolour:\
- # :cm=CD IBM Colorjet on 6th:\
- # :sd=/var/spool/lpd/cdcolour:\
- # :af=/var/spool/lpd/cdcolour/acct:\
- # :if=/usr/local/etc/smbprint:\
- # :mx=0:\
- # :lp=/dev/null:
- #
- # The /usr/var/spool/lpd/PRINTNAME/.config file should contain:
- # server=PC_SERVER
- # service=PR_SHARENAME
- # password="password"
- #
- # E.g.
- # server=PAULS_PC
- # service=CJET_371
- # password=""
-
- #
- # Debugging log file, change to /dev/null if you like.
- #
- logfile=/tmp/smb-print.log
- # logfile=/dev/null
-
-
- #
- # The last parameter to the filter is the accounting file name.
- #
- spool_dir=/var/spool/lpd/lp
- config_file=$spool_dir/.config
-
- # Should read the following variables set in the config file:
- # server
- # service
- # password
- # user
- eval `cat $config_file`
-
- #
- # Some debugging help, change the >> to > if you want to same space.
- #
- echo "server $server, service $service" >> $logfile
-
- (
- # NOTE You may wish to add the line `echo translate' if you want automatic
- # CR/LF translation when printing.
- echo translate
- echo "print -"
- cat
- ) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $user -N -P >> $logfile
- ______________________________________________________________________
-
-
-
- Most Linux distributions come with nenscript for converting ASCII
- documents to Postscript. The following perl script makes life easier
- be providing a simple interface to Linux printing via smbprint.
-
-
- ______________________________________________________________________
- Usage: print [-a|c|p]
- -a prints as ASCII
- -c prints formatted as source code
- -p prints as Postscript
- If no switch is given, print attempts to
- guess the file type and print appropriately.
- ______________________________________________________________________
-
-
-
- Using smbprint to print ASCII files tends to truncate long lines.
- This script breaks long lines on whitespace (instead of in the middle
- of a word), if possible.
-
- The source code formatting is done with nenscript. It takes an ASCII
- file and foramts it in 2 columns with a fancy header (date, filename,
- etc). It also numbers the lines. Using this as an example, other
- types of formatting can be accomplished.
-
- Postscript documents are already properly formatted, so they pass
- through directly.
-
-
-
- ______________________________________________________________________
- #!/usr/bin/perl
-
- # Script: print
- # Authors: Brad Marshall, David Wood
- # Plugged In Communications
- # Date: 960808
- #
- # Script to print to a Postscript printer via Samba.
- # Purpose: Takes files of various types as arguments and
- # processes them appropriately for piping to a Samba print script.
- #
- # Currently supported file types:
- #
- # ASCII - ensures that lines longer than $line_length characters wrap on
- # whitespace.
- # Postscript - Takes no action.
- # Code - Formats in Postscript (using nenscript) to display
- # properly (landscape, font, etc).
- #
-
- # Set the maximum allowable length for each line of ASCII text.
- $line_length = 76;
-
- # Set the path and name of the Samba print script
- $print_prog = "/usr/bin/smbprint";
-
- # Set the path and name to nenscript (the ASCII-->Postscript converter)
- $nenscript = "/usr/bin/nenscript";
-
- unless ( -f $print_prog ) {
- die "Can't find $print_prog!";
- }
- unless ( -f $nenscript ) {
- die "Can't find $nenscript!";
- }
-
- &ParseCmdLine(@ARGV);
-
- # DBG
- print "filetype is $filetype\n";
-
- if ($filetype eq "ASCII") {
- &wrap($line_length);
- } elsif ($filetype eq "code") {
- &codeformat;
- } elsif ($filetype eq "ps") {
- &createarray;
- } else {
- print "Sorry..no known file type.\n";
- exit 0;
- }
- # Pipe the array to smbprint
- open(PRINTER, "|$print_prog") || die "Can't open $print_prog: $!\n";
- foreach $line (@newlines) {
- print PRINTER $line;
- }
- # Send an extra linefeed in case a file has an incomplete last line.
- print PRINTER "\n";
- close(PRINTER);
- print "Completed\n";
- exit 0;
-
- # --------------------------------------------------- #
- # Everything below here is a subroutine #
- # --------------------------------------------------- #
- sub ParseCmdLine {
- # Parses the command line, finding out what file type the file is
-
- # Gets $arg and $file to be the arguments (if the exists)
- # and the filename
- if ($#_ < 0) {
- &usage;
- }
- # DBG
- # foreach $element (@_) {
- # print "*$element* \n";
- # }
-
- $arg = shift(@_);
- if ($arg =~ /\-./) {
- $cmd = $arg;
- # DBG
- # print "\$cmd found.\n";
-
- $file = shift(@_);
- } else {
- $file = $arg;
- }
-
- # Defining the file type
- unless ($cmd) {
- # We have no arguments
-
- if ($file =~ /\.ps$/) {
- $filetype = "ps";
- } elsif ($file =~ /\.java$|\.c$|\.h$|\.pl$|\.sh$|\.csh$|\.m4$|\.inc$|\.html$|\.htm$/) {
- $filetype = "code";
- } else {
- $filetype = "ASCII";
- }
-
- # Process $file for what type is it and return $filetype
- } else {
- # We have what type it is in $arg
- if ($cmd =~ /^-p$/) {
- $filetype = "ps";
- } elsif ($cmd =~ /^-c$/) {
- $filetype = "code";
- } elsif ($cmd =~ /^-a$/) {
- $filetype = "ASCII"
- }
- }
- }
-
- sub usage {
- print "
- Usage: print [-a|c|p]
- -a prints as ASCII
- -c prints formatted as source code
- -p prints as Postscript
- If no switch is given, print attempts to
- guess the file type and print appropriately.\n
- ";
- exit(0);
- }
-
- sub wrap {
- # Create an array of file lines, where each line is < the
- # number of characters specified, and wrapped only on whitespace
-
- # Get the number of characters to limit the line to.
- $limit = pop(@_);
-
- # DBG
- #print "Entering subroutine wrap\n";
- #print "The line length limit is $limit\n";
-
- # Read in the file, parse and put into an array.
- open(FILE, "<$file") || die "Can't open $file: $!\n";
- while() {
- $line = $_;
-
- # DBG
- #print "The line is:\n$line\n";
-
- # Wrap the line if it is over the limit.
- while ( length($line) > $limit ) {
-
- # DBG
- #print "Wrapping...";
-
- # Get the first $limit +1 characters.
- $part = substr($line,0,$limit +1);
-
- # DBG
- #print "The partial line is:\n$part\n";
-
- # Check to see if the last character is a space.
- $last_char = substr($part,-1, 1);
- if ( " " eq $last_char ) {
- # If it is, print the rest.
-
- # DBG
- #print "The last character was a space\n";
-
- substr($line,0,$limit + 1) = "";
- substr($part,-1,1) = "";
- push(@newlines,"$part\n");
- } else {
- # If it is not, find the last space in the
- # sub-line and print up to there.
-
- # DBG
- #print "The last character was not a space\n";
-
- # Remove the character past $limit
- substr($part,-1,1) = "";
- # Reverse the line to make it easy to find
- # the last space.
- $revpart = reverse($part);
- $index = index($revpart," ");
- if ( $index > 0 ) {
- substr($line,0,$limit-$index) = "";
- push(@newlines,substr($part,0,$limit-$index)
- . "\n");
- } else {
- # There was no space in the line, so
- # print it up to $limit.
- substr($line,0,$limit) = "";
- push(@newlines,substr($part,0,$limit)
- . "\n");
- }
- }
- }
- push(@newlines,$line);
- }
- close(FILE);
- }
-
- sub codeformat {
- # Call subroutine wrap then filter through nenscript
- &wrap($line_length);
-
- # Pipe the results through nenscript to create a Postscript
- # file that adheres to some decent format for printing
- # source code (landscape, Courier font, line numbers).
- # Print this to a temporary file first.
- $tmpfile = "/tmp/nenscript$$";
- open(FILE, "|$nenscript -2G -i$file -N -p$tmpfile -r") ||
- die "Can't open nenscript: $!\n";
- foreach $line (@newlines) {
- print FILE $line;
- }
- close(FILE);
-
- # Read the temporary file back into an array so it can be
- # passed to the Samba print script.
- @newlines = ("");
- open(FILE, "<$tmpfile") || die "Can't open $file: $!\n";
- while() {
- push(@newlines,$_);
- }
- close(FILE);
- system("rm $tmpfile");
- }
-
- sub createarray {
- # Create the array for postscript
- open(FILE, "<$file") || die "Can't open $file: $!\n";
- while() {
- push(@newlines,$_);
- }
- close(FILE);
- }
- ______________________________________________________________________
-
-
-
- Now the MagicFilter way. Thanks to Alberto Menegazzi
- (flash.egon@iol.it) for this information.
-
- Alberto says:
-
- -------------------------------------------------------------- 1)
- Install MagicFilter with the filter for the printers you need in
- /usr/bin/local but DON'T fill /etc/printcap with the suggestion given
- by the documentation from MagicFilter.
-
- 2) Write the /etc/printcap like this way (it's done for my LaserJet
- 4L):
-
- lp|ljet4l:\ :cm=HP LaserJet 4L:\ :lp=/dev/null:\
- # or /dev/lp1 :sd=/var/spool/lpd/ljet4l:\
- :af=/var/spool/lpd/ljet4l/acct:\ :sh:mx#0:\ :if=/usr/local/bin/main-
- filter:
-
- You should explain that the lp=/dev/... is opened for locking so
- "virtual" devices one for every remote printer should be used.
-
- Example creating with : touch /dev/ljet4l
-
-
- 3) Write the filter /usr/local/bin/main-filter the same you suggest
- using the ljet4l-filter instead of cat.
-
- Here's mine.
-
- #! /bin/sh logfile=/var/log/smb-print.log
- spool_dir=/var/spool/lpd/ljet4l ( echo "print -"
- /usr/local/bin/ljet4l-filter ) | /usr/bin/smbclient "\\\\SHIR\\HPLJ4"
- -N -P >> $logfile
-
- P.S. : here is the quote from the Print2Win mini-Howto about locking
- and why creating virtual printers
-
- ---Starts here
-
- Hint from Rick Bressler :
-
- Good tip sheet. I use something very similar. One helpful tip, this
- is not a particularly good idea:
-
- :lp=/dev/null:\
-
- lpr does an 'exclusive' open on the file you specify as lp=. It does
- this in order to prevent multiple processes from trying to print to
- the dame printer at the same time.
-
- The side effect of this is that in your case, eng and colour can't
- print at the same time, (usually more or less transparent since they
- probably print quickly and since they queue you probably don't notice)
- but any other process that tries to write to /dev/null will break!
-
- On a single user system, probably not a big problem. I have a system
- with over 50 printers. It would be a problem there.
-
- The solution is to create a dummy printer for each. Eg: touch
- /dev/eng.
-
- I have modified the lp entries in the printcap file above to take into
- account Rick's suggestion. I did the following:
-
-
- #touch /dev/eng #touch /dev/colour
-
- ---Ends here
-
- --------------------------------------------------------------
-
-
-
- 11. Backing Up Windows Machines to a Linux Host
-
- Adam Neat (adamneat@ipax.com.au) kindly contributed the following
- script to back up Windows machines to a Linux host, using the
- smbclient utility. Adam says that it is used to backup Windows 3.x
- and NT machines to a Linux based DAT SCSI Drive.
-
- Adam is not proud of the coding style used here, but it works. As I
- like to say, "If it works and its stupid, then it is not stupid".
-
- Another Windows backup script, contributed by Dan Tager
- (dtager@marsala.com), is provided below. Dan's script also backs up
- Unix machines via rsh, although that could be modified to use ssh
- rather easily.
-
- In this script, the string 'agnea1' is the username on the Linux
- machine that does the backups.
- ______________________________________________________________________
- #!/bin/bash
-
- clear
- echo Initialising ...
- checkdate=`date | awk '{print $1}'`
-
- if [ -f "~agnea1/backup-dir/backup-data" ]; then
-
- echo "ERROR: No config file for today!"
- echo "FATAL!"
- exit 1
- fi
-
- if [ -d "~agnea1/backup-dir/temp" ]; then
-
- echo "ERROR: No tempoary directory found!"
- echo
- echo "Attempting to create"
- cd ~agnea1
- cd backup-dir
- mkdir temp
- echo "Directory Made - temp"
- fi
-
- if [ "$1" = "" ]; then
-
- echo "ERROR: enter in a machine name (ie: cdwriter)"
- exit 1
- fi
-
- if [ "$2" = "" ]; then
-
- echo "ERROR: enter in a SMB (Lan Manager) Resource (ie: work)"
- exit 1
- fi
-
- if [ "$3" = "" ]; then
-
- echo "ERROR: enter in an IP address for $1 (ie:
- 130.xxx.xxx.52)" exit 1
- fi
-
-
- #############################################################################
- # Main Section
- #
- #############################################################################
-
- cd ~agnea1/backup-dir/temp
- rm -r ~agnea1/backup-dir/temp/*
- cd ~agnea1/backup-dir/
-
- case "$checkdate"
- in
- Mon)
- echo "Backuping for Monday"
- cat backup-data | /usr/local/samba/bin/smbclient
- \\\\$1\\$2 -I$3 -N echo "Complete"
-
- if [ -d "~agnea1/backup-dir/Monday" ]; then
- echo "Directory Monday Not found ...
- making" mkdir
- ~agnea1/backup-dir/Monday
- fi
-
- echo "Archiving ..."
- cd ~agnea1/backup-dir/temp
- tar -cf monday.tar * echo "done ..."
- rm ~agnea1/backup-dir/Monday/monday.tar
- mv monday.tar ~agnea1/backup-dir/Monday
- ;;
-
-
- Tue)
- echo "Backuping for Tuesday"
- cat backup-data | /usr/local/samba/bin/smbclient
- \\\\$1\\$2 -I$3 -N echo "Complete"
-
- if [ -d "~agnea1/backup-dir/Tuesday" ]; then
- echo "Directory Tuesday Not found ...
- making" mkdir
- ~agnea1/backup-dir/Tuesday
- fi
- echo "Archiving ..."
- cd ~agnea1/backup-dir/temp
- tar -cf tuesday.tar *
- echo "done ..."
- rm ~agnea1/backup-dir/Tuesday/tuesday.tar
- mv tuesday.tar ~agnea1/backup-dir/Tuesday
- ;;
-
- Wed)
- echo "Backuping for Wednesday"
- cat backup-data | /usr/local/samba/bin/smbclient
- \\\\$1\\$2 -I$3 -N echo "Complete"
-
- if [ -d "~agnea1/backup-dir/Wednesday" ]; then
- echo "Directory Wednesday Not found
- ... making" mkdir
- ~agnea1/backup-dir/Wednesday
- fi
- echo "Archiving ..."
- cd ~agnea1/backup-dir/temp
- tar -cf wednesday.tar *
- echo "done ..."
- rm ~agnea1/backup-dir/Wednesday/wednesday.tar
- mv wednesday.tar ~agnea1/backup-dir/Wednesday
- ;;
-
- Thu)
- echo "Backuping for Thrusday"
- cat backup-data | /usr/local/samba/bin/smbclient
- \\\\$1\\$2 -I$3 -N echo "Complete"
-
- if [ -d "~agnea1/backup-dir/Thursday" ]; then
- echo "Directory Thrusday Not found ...
- making" mkdir
- ~agnea1/backup-dir/Thursday
- fi
- echo "Archiving ..."
- cd ~agnea1/backup-dir/temp
- tar -cf thursday.tar *
- echo "done ..."
- rm ~agnea1/backup-dir/Thursday/thursday.tar
- mv thursday.tar ~agnea1/backup-dir/Thursday
- ;;
-
-
- Fri)
- echo "Backuping for Friday"
- cat backup-data | /usr/local/samba/bin/smbclient
- \\\\$1\\$2 -I$3 -N echo "Complete"
-
- if [ -d "~agnea1/backup-dir/Friday" ]; then
- echo "Directory Friday Not found ...
- making" mkdir
- ~agnea1/backup-dir/Friday
- fi
- echo "Archiving ..."
- cd ~agnea1/backup-dir/temp
- tar -cf friday.tar *
- echo "done ..."
- rm ~agnea1/backup-dir/Friday/friday.tar
- mv friday.tar ~agnea1/backup-dir/Friday
- ;;
-
- *)
- echo "FATAL ERROR: Unknown variable passed for day"
- exit 1;;
-
- esac
- ###########
- ______________________________________________________________________
-
-
-
- Here's Dan's backup script:
-
-
-
- ______________________________________________________________________
- #!/bin/bash
-
- BACKDIR=3D/backup
- WINCMD=3D/usr/bin/smbclient
-
- function CopyWinHost(){
-
- # tars and gzips "windows shares" to a local directory using samba's
- # smbclient
- # argument 1 is the remote host window's host name
- # argument 2 is the share name to be backed up
-
- echo $1,$2,$3
- REMOTE=3D$1
- SHARE=3D$2
- DEST=3D$3
-
- # create a tarred gzip file using samba to copy direct from a
- # windows pc
- # 12345 is a password. Needs some password even if not defined on
- # remote system
- $WINCMD \\\\$REMOTE\\$SHARE 12345 -Tc -|gzip > $DEST
- echo `date`": Done backing up "$REMOTE" to "$DEST
- echo
- }
-
- function CopyUnixHost(){
-
- # tars and gzips a directory using rsh
- # argument 1 is the name of the remote source host
- # argument 2 is the full path to the remote source directory
- # argument 3 is the name of the local tar-gzip file. day of week
- # plus .tgz will be appended to argument 3
-
- REMOTE=3D$1
- SRC=3D$2
- DEST=3D$3
-
-
- if rsh $REMOTE tar -cf - $SRC |gzip > $DEST; then
- echo `date`": Done backing up "$REMOTE":"$SRC" to "$DEST
- else
- echo `date`": Error backing up "$REMOTE":"$SRC" to "$DEST
- fi
-
- }
-
- # $1: win=3Dbackup windows machine, unix=3Dbackup unix machine
- case $1 in
- win)
- # $2=3D remote windows name, $3=3Dremote share name,
- # $4=3Dlocal destination directory
- CopyWinHost $2 $3 $4;;
- unix)
- # $2 =3D remote host, $3 =3D remote directory,
- # $4 =3D destination name
- CopyUnixHost $2 $3 $4;;
- esac
- ______________________________________________________________________
-
-
-
- 12. Using Samba Across Routed Networks
-
- Andrew Tridgell states that SMB host browsing across routers is
- problematic. Here are his suggestions to allow this:
-
- -------------------------------------------------------------- For
- cross-subnet (ie. routed) browsing you should do the following. There
- are other methods but they are much more complex are error prone:
-
- 1) all computers that you want visible should use a single WINS server
- (Samba or NT can do this)
-
- 2) the master browser for each subnet must be either NT or Samba.
- (Win9X doesn't communicate cross-subnet browse info correctly)
-
- 3) You should use the same workgroup name on all subnets. This is not
- strictly necessary but it is the simplest way to guarantee success. If
- you can't arrange this then you must organise for a way for browse
- info to propogate between subnets. (It does *not* propogate via WINS).
- It propogates via two mechanisms: i) each browse master notices
- workgroup announcements from other browse masters on the same
- broadcast domain ii) each non-Win9X browse master contacts the global
- DMB for the workgroup (typically the domain controller or a Samba box
- marked as the domain master) and swaps full browse info periodically.
- --------------------------------------------------------------
-
- Also, Rakesh Bharania points out that Cisco routers can be configured
- to forward SMB traffic in a way that allows browsing. His suggestion
- is to configure the router interface which hosts SMB clients with a
- command like this:
-
-
-
- ______________________________________________________________________
- ip helper-address x.x.x.x
- ______________________________________________________________________
-
-
-
- where x.x.x.x is the IP address of the SMB server.
-
-
-
- 13. Acknowledgements
-
- Special thanks to Andrew Tridgell (tridge@linuxcare.com) for starting
- and directing the Samba project and for keeping this document honest.
-
- Brad Marshall (bmarshall@plugged.net.au) and Jason Parker
- (jparker@plugged.net.au) contributed time, patience, scripting and
- research.
-
- Adam Neat (adamneat@ipax.com.au) and Dan Tager (dtager@marsala.com)
- contributed the bash scripts used to back up Windows machines to a
- Linux host.
-
- Matthew Flint () told me about the use of the 'interfaces' option in
- smb.conf.
-
- Oleg L. Machulskiy (machulsk@shade.msu.ru), Jeff Stern
- (jstern@eclectic.ss.uci.edu), Dr. Michael Langner (langner@fiz-
- chemie.de and Erik Ratcliffe (erik@caldera.com) suggested
- modifications to the section on Sharing A Linux Printer With Windows
- Machines.
-
- Alberto Menegazzi (flash.egon@iol.it) contributed the MagicFilter
- setup to enable a Linux machine to share a Windows printer.
-
- Rakesh Bharania (rbharani@cisco.com) contributed the suggestion for
- Cisco router configuration.
-
- Rich Gregory (rtg2t@virginia.edu) and others suggested that this
- document show some details about the smbfs package and its use.
-
- Andrea Girotto (icarus@inca.dei.unipd.it) contributed a number of
- valuable suggestions throughout the document.
-
- Thanks, also, to all of the international translators that have
- brought this HOWTO to the non-English speaking world: Takeo Nakano
- (nakano@apm.seikei.ac.jp), Klaus-Dieter Schumacher (Klaus-
- Dieter.Schumacher@fernuni-hagen.de), Andrea Girotto
- (icarus@inca.dei.unipd.it), Mathieu Arnold (arn_mat@club-internet.fr),
- Stein Oddvar Rasmussen (Stein@kongsberg-energi.no) Nilo Menezes
- (nmenezes@n3.com.br) and many others for whom I don't have contact
- details.
-