Configuring Samba

Samba uses /etc/samba/smb.conf as its configuration file. If you change this configuration file, the changes will not take effect until you restart the Samba daemon with the command service smb restart.

The default configuration file (smb.conf) in Red Hat Linux 7.3 allows users to view their Linux home directories as a Samba share on the Windows machine after they log in using the same username and password. It also shares any printers configured for the Red Hat Linux system as Samba shared printers. In other words, you can attach a printer to your Red Hat Linux system and print to it from the Windows machines on your network.

To specify the Windows workgroup and description string, edit the following lines in your smb.conf file:
Replace WORKGROUPNAME with the name of the Windows workgroup to which this machine should belong. The BRIEF COMMENT ABOUT SERVER is optional and will be the Windows comment about the Samba system.

To create a Samba share directory on your Linux system, add the following section to your smb.conf file (after modifying it to reflect your needs and your system):
comment = Insert a comment here
path = /home/share/
valid users = tfox carole
public = no
writable = yes
printable = no
create mask = 0765
The above example allows the users tfox and carole to read and write to the directory /home/share, on the Samba server, from a Samba client.

Samba Passwords

In Red Hat Linux 7.3 encrypted passwords are enabled by default because it is more secure. If encrypted passwords are not used, plain text passwords are used, which can be intercepted by someone using a network packet sniffer. It is recommended that encrypted passwords be used.

The Microsoft SMB Protocol originally used plaintext passwords. However, Windows 2000 and Windows NT 4.0 with Service Pack 3 or higher require encrypted Samba passwords. To use Samba between a Red Hat Linux system and a system with Windows 2000 or Windows NT 4.0 Service Pack 3 or higher, you can either edit your Windows registry to use plaintext passwords or configure Samba on your Linux system to use encrypted passwords. If you choose to modify your registry, you must do so for all your Windows NT or 2000 machines — this is risky and may cause further conflicts.

To configure Samba on your Red Hat Linux system to use encrypted passwords, follow these steps:

  1. Create a separate password file for Samba. To create one based on your existing /etc/passwd file, at a shell prompt, type the following command:

    cat /etc/passwd | > /etc/samba/smbpasswd

    If the system uses NIS, type the following command:

    ypcat passwd | > /etc/samba/smbpasswd

    The script is installed in your /usr/bin directory with the samba package.

  2. Use the command chmod 600 /etc/samba/smbpasswd to change permissions on the Samba password file so that only root has read and write permissions.

  3. The script does not copy user passwords to the new file. To set each Samba user's password, use the command smbpasswd username (replace username with each user's username). A Samba user account will not be active until a Samba password is set for it.

  4. Encrypted passwords must be enabled in the Samba configuration file. In the file smb.conf, verify that the following lines are not commented out:

    encrypt password = yes
    smb passwd file = /etc/samba/smbpasswd
  5. Make sure the smb service is started by typing the command service smb restart at a shell prompt.

  6. If you want the smb service to start automatically, use ntsysv, chkconfig, or serviceconf to enable it at runtime. Refer to Chapter 8 for details.


To learn more about encrypted passwords read /usr/share/doc/samba-<version>/docs/htmldocs/ENCRYPTION.html (replace <version> with the version number of Samba that you have installed).

The pam_smbpass PAM module can be used to sync users' Samba passwords with their system passwords when the passwd command is used. If a user invokes the passwd command, the password he uses to log in to the Red Hat Linux system as well as the password he must provide to connect to a Samba share are changed.

To enable this feature, add the following line to /etc/pam.d/system-auth below the invocation:

password required /lib/security/ nullok use_authtok try_first_pass