1. Compile kernel with CIFS option.
While this is entirely optional for the setup in this Howto, it is recommended. (It might fix some annoying little issues.) If you plan on mounting shares from a Windows box into your /mnt, this step is required. Alternatively, you could use SMB filesystem support; but CIFS, i hear, is much better to use. Don't use both.
Here we assume you know how to configure and compile your kernel. If you don't already you are probably using the wrong Linux Distribution
There is only one key setting we need to configure:
Code: Select all
File Systems -->
Network File Systems -->
<*> CIFS supportThe default use flags in the gentoo system are sufficient for the basic functionality we will need. But of course, you can emerge -pv to see what all use flags are availble for Samba, and then you can look up what they do. The emerge is pretty straight forward:
Code: Select all
# emerge sambaAre we security minded? We should be. It is recommended that you configure our network shares with the most restrictive permissions you can while still being able to do what you need (want?) to do. This means no public file, guest access, and one must authenticate in order to access shares. My own configuration is for one Gentoo box and one WinXP box, where the Gentoo box hosts the network share folder. Only a user on my network may authenticate and use the share. This is the config file for such a setup; of course, please change it for your needs.
#nano /etc/samba/smb.conf
Code: Select all
[global]
restrict anonymous = 2
# if you use Win9x, set "restrict anonymous" to 1 instead
log file = /var/log/samba.log
workgroup = home
# workgroup name needs to be the same as workgroup name on
# Windows computers.
security = user
encrypt passwords = yes
# "security" should be set to share or user, unless you have a domain network
# (if you don't know what a domain network is, you don't have one). and we want
# password encryption
interfaces = lo eth0
hosts allow = 127.0.0.1 192.168.0.0/24
# second number in "hosts allow" should be set to your network IP address.
# we also have loopback in there in case we need it for testing purposes
hosts deny = 0.0.0.0/0
# "no one can access me unless they are in 'hosts allow.'"
[smb]
# "smb" will be the share name. change this if you want it to be set
# differently
case sensitive = no
path = /home/smb/
browseable = yes
writeable = yes
# I need to be able to write to this share from my Windows computer, hence
# write permissions for owner
create mode = 0750
Let's sanity check that config file:
Code: Select all
# testparmCode: Select all
# mkdir /var/run/sambaCode: Select all
# mkdir /home/smbCode: Select all
# chmod 0750 /home/smb
# chown justin:users /home/smbCode: Select all
# chmod 0770 /home/smb
# chown justin:smbusers /home/smbFor more info on the file permission scheme in Linux, see here:
http://www.zzee.com/solutions/linux-permissions.shtml
this applies both to the chmod command and the "create mode" in smb.conf
5. Set up users.
Samba uses a different password database than the Gentoo system. Now, there might be a way to import passwords from one db to the other. but i haven't seen it and anyways, i like the idea of the samba password being a bit stronger than one's Linux password.
Set up the users on Gentoo, and then use SMB's password utility to have each person enter their password. E.g.:
Code: Select all
smbpasswd -a justin6. Start Samba.
Code: Select all
# /etc/init.d/samba start
#rc-update add samba default
7. Misc.
You should now be able to connect in. To do so, open Windows Explorer in Windows, and type in \\(computer name)\(share). Remember those are backslashes not forward slashes. so for my set up, it would be \\thebeast\smb
if it asks for a user name and password, supply it. Test it out by opening a file, and if you wanted write permissions try making a txt document.
In some cases (many? all?), if Windows does prompt you for a password, it will only allow you to login as "Guest." this is a known stupidity, and i honestly don't know why it does this. the workaround to this is to mount the share as a network drive. That is, on the Windows box, we set the share up with it's own drive letter... as if it was a local drive. Do this by right-clicking "My Network Places," and select "Map Network Drive." It'll ask for you to specify a drive letter, and and there is an option where you can have it "log on as different user." click on that and supply the needed credentials.
Check in My Computer to verify that you can access the network drive.
Update: Added password encryption for added security.
Also, it seems that this time around, Samba is authenticating "under the hood." Meaning, when samba and Windows XP are set with the same username and password, you access the share without having to supply your logon info. I'm not sure what is different this time around, but for reference here is my emerge info for samba:
Code: Select all
# emerge -pv samba
[...]
[ebuild R ] net-fs/samba-3.0.14a-r2 -acl -cups -doc -examples -kerberos -ldap -libclamav -mysql -oav +pam -postgres +python -quotas +readline (-selinux) -winbind -xml -xml2 0 kB
project.