Do-It-Yourself: How To Do The Samba

Apr 26, 2004 (10:04 AM EDT)

Read the Original Article at

Here's a fun, useless Samba fact to get this article going: Samba was not named for the dance. Rather, Andrew Tridgell, who currently heads up the Samba development team, named the software in 1991 for the first three letters of Server Message Block, which is the underlying network technology that Samba is based on.

Tridgell ran a dictionary search and found there are only four actual words that include the letters S-M-B in sequence: "salmonberry," "samba," "sawtimber" and "scramble."

And so Samba was born.

It could have been named "salmonberry."

What is Samba, Anyway?
SMB is the file sharing protocol of choice for most operating systems, including Linux and Windows. SMB was created about 20 years ago.

Samba is an open source project, designed to facilitate networking data between compliant systems, that is, systems that can communicate by the SMB protocol, usually over TCP/IP.

SMB networking is mostly a request-response system: a client application sends out a request across the net to a server. The server ponders and operates on that request, then sends the resulting response (which often contains data and request status) back to the requesting client, and so on.

On Linux systems Samba is comprised of two processes, usually started up when the system starts, named smbd  and nmbd.  These are background processes, known in Linux as daemons. When started, smbd  reads a file called smb.conf , usually found in the /etc/samba  directory. This is a straight text file, describing file shares, printers, and other network devices, their resident systems and other esoteric networky stuff. Intrinsically, it provides for excellent security, both on the corporate intranet and public internet. It's easy to configure either, through dedicated GUI front-ends or simple text editors.

The configuration file is comprised of a few sections, named global , homes  and printers.  Each section name is delimited by square brackets. Blank lines are ignored; non-blank lines are considered parameters and are each generally of the form of varname=value  (example: public=yes )

You can find a detailed explanation of Samba parameters in the Samba documentation.

The simplest functioning configuration file is likely:

workgroup = MYWORKGROUP


guest ok = yes
read only = no

Now, this doesn't provide any security. Therefore, you shouldn't use it. It provides for an area called MYWORKGROUP  on the server running Samba to anyone logged onto the server, and lets them modify or delete any file.

Samba is usually installed by default on most Linux systems. You need only put your devices and shares in smb.conf,  tweak security until satisfied, and restart the smbd  daemon.

Assuming the configuration files had no errors, you're done and able to transfer files between networked machines easily.

The smb.conf  File
Every smb.conf  must have a [global]  section and should have at least one section defining common directories, such as /tmp . The file can optionally include a [homes]  section, defining directories by easily accessible names, along with their parameters for commonly accessed directories, such as spool directories for printers and the intermediate work files they require.

For example, all users should be able to print to allowed printers, but only administrative users should be allowed to manipulate printer work files.

The [global]  section routinely defines common security settings, such as whether to use encrypted passwords for Samba access, where to find these passwords (typically in the /etc/smbpasswd  directory) and what the default access permissions should be for all newly created Samba files. The smb.conf  file also defines the relationships between workstations, servers, domains, and even such things as interfaces between the local server and the Internet itself.

A rudimentary smb.conf  file can be found, along with a more in-depth look and explanation of some important parameters, at

The [homes]  section can define many attributes for shares, including their common names, comments that the user sees when they browse the directory, and permissions. A handy [homes]  entry is:

comment=Home directory for %S
valid users = %u
force user=%u
writeable = yes
browseable = yes

%S = is the actual name of the share and is the user name
%u = is the name of the user

which automatically assigns the logged-in user permissions to a home directory, assigns comments, makes this directory browesable (its content and content attributes listable), defines allowed users and so forth. Set this once in the smb.conf  file and forget it. The smb.conf  sections are read each time the Samba daemons are started or upon demand. A quick test of the syntax of this file, to see if it's valid and legal, can be done by entering the testparms  command at a shell prompt. (Note: this command only checks the syntax of smb.conf,  not the validity of its contents.)

Samba allows for a number of automatic substitutions to be made upon login and access. These include:

Useful variable substitutions

%$(envvar) The value of the environment variable envar.
%T The current date and time
%I The IP address of the client machine
%a The architecture of the remote machine. Only some are recognized, and those may not be 100% reliable. Samba currently recognizes Samba, Windows for Workgroups, Windows 95, Windows NT and Windows 2000
%d The process id of the current server process.
%S The name of the current service, if any.
%P The root directory of the current service, if any.
%R The selected protocol level after protocol negotiation. It can be one of CORE , COREPLUS , LANMAN1 , LANMAN2  or NT1 .
%p the path of the service's home directory, obtained from your NIS  entry.
%N The name of your NIS home directory server. This is obtained from your NIS  entry. If you have not compiled Samba with the --with- automount option then this value will be the same as %L.
%M The Internet name of the client machine.
%L The NetBIOS name of the server. This allows you to change your config based on what the client calls you.
%m The NetBIOS name of the client machine.
%h The Internet hostname that Samba is running on.
%v The Samba version.
%H The home directory of the user given by %u.
%u User name of the current service, if any.
%U Session user name (the user name that the client wanted, not necessarily the same as the one they got).
%G Primary group name of %U.
%g Primary group name of %u.

The most important option to set in smb.conf  initially is probably the logging level. Inserting the following two lines into global section of the configuration file will tell you a great deal about your network and access (and attempted access!) to it based upon the logging level:

log level = 1
log file = /usr/local/samba/lib/log.%m

variable substitution will cause each uniquely named machine to have its own uniquely named logfile, making it easy to diagnose and repair networking problems.

logging levels can be between 0, the default, which provides only minimal information and 3. Setting the logging level to 3 causes voluminous amounts of information to be output not just for each connection, but each data access either attempted or made: real overkill once the network is up and operational.

To keep an eye on what Samba (and the whole local network) is doing in near real-time, use the tcpdump program, part of all Linux distributions, and readily available at ub/samba/tcpdump-smb. Again, this code will provide you with an overabundance of information but is invaluable in exploring exactly what is taking place on your network.

Moving Forward
This should be enough information to get a rudimentary Samba installation up and operational. Getting Samba to function exactly as desired will take a decent amount of continued tweaking.

Since Samba is probably one of the most widely used Linux tools, chances are very good that your installation and usage of Samba will be problem-free and immediately useful.

For GUI installation, see for the Webmin tool or /GUI/l, for a full list of GUI interfaces for easier smb.conf configuration.

Ross M. Greenberg is a programmer, writer, consultant, and web page designer with experience in Linux, Unix and Windows. He started working on Unix-based systems in the early 1980s. Lately, he's been concentrating on PHP and ASP database programming.