Samba is the name of an open source software project that aims to bring SMB/CIFS networking to Unix systems. The original goal of Samba was to provide Unix systems the ability to act as a Windows server, but this has expanded in to client capabilities as well (though this varies by Unix operating system).

The acronym SMB stands for Server Message Block and CIFS stands for Common Internet Filesystem. SMB was originally created at IBM for the LanManager networking system. It provides file and print sharing protocols, naming protocols, and automatic routing and discovery protocols. Microsoft, the major adopter of SMB, has moved existing standards for most of what SMB did. This move brought a name change to CIFS. The main function of CIFS is file and print sharing.

There are two main parts to a Samba installation. The first is the server component. Samba's main goal was to let Unix systems provide Windows network services. The second part are client services. This varies by host operating system, but the goal is to allow a Unix system to act as a Windows network client. Linux has the most client functionality in Samba, but other operating systems are gaining support.

There are two daemons necessary for a Samba server: nmbd and smbd . If you are running a Samba server, you will need to be familiar with these two programs.

nmbd : The NetBIOS name server. SMB name resolution and discovery ("Network Neighborhood") consist of many broadcast packets sent over UDP. The nmbd program handles this traffic. If you are running Samba as a domain controller, you can also use nmbd as a WINS server. This is necessary for some older Windows clients, but everything post Win2k can deal with networks without WINS servers.

smbd : SMB/CIFS file and print sharing services. In a SMB/CIFS network, file and print services are TCP. The smbd program handles all of this traffic between the Samba server and the requesting client. The smbd program also handles authentication for shares.

Both daemons listen for SIGTERM to exit. If the daemons are hosed, use SIGTERM as a last resort. Most distributions provide a wrapper script to handle sending the right signals to the daemons. The nmbd daemon must be started before the smbd daemon.

Configuration of Samba is contained in the smb.conf . The actual location of this file varies by installation. Some distributions put it in /etc, some in /etc/samba, some in /etc/smb, and if you install by hand it might be in /usr/local/etc. Wherever it is, the syntax is the same. Much like the old WIN.INI and SYSTEM.INI files, the smb.conf file is divided in to stanzas with a series of setting = value entries. The man page for smb.conf is very descriptive and the HOWTO also contains a lot documentation for this file. Most people are able to use the default file and modify it for their needs.

Click here to see an example smb.conf file.

Make sure you set the workgroup to your workgroup or domain name. The server string is cosmetic only. You can restrict the allowed network hosts with the hosts allow setting. The security setting should be left as user unless you are using Samba for a domain controller.

I always recommend setting local master to yes, domain master to yes, and preferred master to yes. I also jack the os level to 250 just to mess with NetBIOS elections.

The [global] section contains Samba-wide settings. The workgroup or domain name, network settings, and log file settings are what you will find in the global section.

The [homes] section is a special share that will automatically make a user's home directory available when they log in to the Samba server. This is useful for mixed environments where users are likely to be moving between Windows and Unix systems frequently.

The [netlogon] and [Profiles] sections are useful for Samba servers acting as primary domain controllers. The Windows roaming profiles and network logon service is handled by these shares.

The other stanzas in the smb.conf file are file shares. The name inside the brackets is the name of the share that the client would see. An example share would be:

[music]
comment = Ripped Music
path = /srv/music
public = yes
writable = no

This share allows anyone on my network to read my music directory.

In the early years of Samba, authentication was a crude hack to link Unix accounts to Windows accounts. This involved creating duplicate entries in a special smbpasswd file. You can still do this and it's usually sufficient for most small sites, but if you have to manage a lot of accounts -or- need to have Windows-only and Unix-only accounts, you may want to explore other authentication options in Samba.

The most complex system I've set up uses LDAP to contain account data for Windows and Unix accounts. NSS and PAM modules allow Unix services to authenticate users and Samba can speak directly to the LDAP server.

Password sychronization between Windows and Unix account entries is a fine art. In the most difficult cases, you can write a chat script so when a user changes their password from Windows, it updates their Unix password. If you go with the LDAP/NSS/PAM solution, this is handled automatically.

The included command line tools are usually sufficient for me to find what I'm looking for. Using smbtree and smbclient , I am able to browse the Network Neighborhood and find shares to mount. The smbmount command on Linux lets you mount SMB/CIFS shares directly on your system.

The larger the network, the less useful these commands become. You may prefer a graphical Network Neighborhood browser. There are many available, so I can't really recommend a good one. The built in browsers in GNOME and KDE are good ones to try first and then start looking at alternatives. The Samba Home Page maintains a list of currently compatible NetHood browsers.

I've found no better system that using LDAP to manage the account information. The smbldap-tools software makes managing these accounts a lot easier. Setting up LDAP can be challenging, but it's not impossible.

Recent versions of Samba are introducing more interoperability with Active Directory Service. As of now, Samba cannot act as an ADS server, but it can do share authentication from an ADS master server. This requires setting up Kerberos on the Samba server and some tweaks in the smb.conf file.

No one said Samba had to be restricted to sharing Unix resources with Windows clients. It also works well between two Linux hosts.