Samba as a file server in a Windows 2000 Workgroup

Integrating Samba into a windows Workgroup is straightforward enough. About the only real decision you need to make is which machine will be acting as PDC (Primary Domain Controller), or as this is only a workgroup which machine will be validating passwords for user access. Obviously the first step has to be the installation of Samba.

The system that this setup is on:
RedHat 9 with:
2.4.20-8 Kernel - unchanged from the install
Samba Version 2.2.7a
and Cups-1.1.17-13.

Once everything's installed, the only thing to do before you start samba is the configuration.
Personally I'd recommend that the best way to handle this is to copy the /etc/samba/smb.conf (or whatever your path is) to smb.conf.original as it has a lot of explanatory text. A quick and dirty smb.conf is shown below.
I'm not going to go through explaining all the setting's I've used -


    man
    smb.conf

will do that for you.

A basic smb.conf


    [global]

    netbios name = SERVER # the name of your server

    workgroup = WORKGROUP # your workgroup

    server string = Samba Server # the comment field in Computers near me

    hosts allow = 127. 192.168.0. # Loopback and local network 

    printcap name = cups # If you need a print server

    load printers = yes # If you need a print server

    printing = cups # If you need a print server

    log file = /var/log/samba/%U.log 

    max log size = 0 

    security = user # Validations are dome against the Samba server

    encrypt passwords = yes

    smb passwd file = /etc/samba/smbpasswd

    unix password sync = Yes

    passwd program = /usr/bin/passwd %u

    passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*

    pam password change = yes

    obey pam restrictions = yes

    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

    remote announce = 192.168.0.255 

    local master = yes

    os level = 99

    domain master = yes

    preferred master = yes

    domain logons = yes

    dns proxy = no

I'd recommend using the above as the first attempt to get things up and running to make sure everything works.
Obviously, if you're going to test that it's working you're going to need a share to test it with.


    [Test]

    comment = Test Share

    path = /home/shared

    public = yes

    only guest = yes

    writable = yes

    printable = no

If you start Samba now (service smb start) you should be able to connect to \\SERVER\Test\ and write files to the folder (If you're asked for a username and password to connect just leave them both blank and hit enter). The Samba server is doing the authentication and the share's been set up to allow anyone access. Now you can start thinking about you're required authentication. If you want to use a different machine as PDC for verifying logons you need to replace security = user with security = server and then add one of


password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]

password server = * # to auto-locate the domain controller/s

password server = <NT-Server-Name>

If you're going to use the Samba server for the validations, then the next things to do are to sort out the usernames for validations. I prefer to manually add any machine accounts rather than allowing them to be created on the fly. It's straightforward enough at the command line:


    useradd -s /bin/false -d /dev/null machine1\$ 

    passwd -l machine1\$

    smbpasswd -a -m machine1

Where machine1 is the name of a pc to be added. If you don't want to give you users access to anything other than the Samba shares, then you can use:
useradd -s /bin/false -d /dev/null user1

where user1 is the username. You can then lock the password and add the user to the Samba password list with:
smbpasswd -a user1

If you want to see how to modify who has access to which shares have a look at Samba and Winbind
Other than that the only other thing to do is:
chkconfig --level 3 smb on

to make sure Samba runs whenever the machine is rebooted and possibly set up a printer...