Samba server installation

  1. Follow How to Create a Network Share ... setting up a basic SMB service.

    Where is the physical representation (user meta information database) of Samba passwords?

  2. After creating a local tdbsam user entry smbtester (or similar) test your share definitions using smbclient:

    root@sdi4a:~# smbclient  -L localhost --user smbtester
    Enter smbtester's password:
    Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
    
    	Sharename       Type      Comment
    	---------       ----      -------
    	print$          Disk      Printer Drivers
    	IPC$            IPC       IPC Service (sdi4a server (Samba, Ubuntu))
    	smbtester       Disk      Home Directories
    Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]
    
    	Server               Comment
    	---------            -------
    	SDI4A                sdi4a server (Samba, Ubuntu)
    
    	Workgroup            Master
    	---------            -------
    	WORKGROUP            SDI4A

    Create a test file within your shared directory having some textual content.

  3. Try to mount a share from a remote client (either Windows, Mac-OS or Linux):

    root@mi-ESPRIMO-P910:~# mount -t cifs  //sdi4a.mi.hdm-stuttgart.de/smbtester /mnt/test/ -ouser=smbtester
    Password for smbtester@//sdi4a.mi.hdm-stuttgart.de/smbtester:
    root@mi-ESPRIMO-P910:~# cat /mnt/test/
    .bash_history  q.txt          .viminfo
    root@mi-ESPRIMO-P910:~# cat /mnt/test/q.txt
    Mal sehen ...
    root@mi-ESPRIMO-P910:~# df /mnt/test/
    Filesystem                            1K-blocks   Used Available Use% Mounted on
    //sdi4a.mi.hdm-stuttgart.de/smbtester   4048548 783608   3264940  20% /mnt/test

    Tip

    • Mounting from a Linux client machine may require installation of the cifs-utils package.

    • You may want to alter the samba server's debug level using the smbcontrol command.

  4. Follow the Samba and LDAP documentation to enable LDAP support in favour of your local tdbsam database.

    Tip

    Prerequisite: Before you start make sure your OS does indeed have LDAP user and group support as being described in the section called “LDAP based user login”.

    Tip

    As being mentioned in https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172 the smbldap-config.pl command my be missing. Following comment no. 7 from the same bug report the following steps create a replacement:

    • As being mentioned in https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/997172 the smbldap-config.pl command my be missing. Following comment no. 7 from the same bug report the following steps create a replacement:

      1. Activate source packages by create a new file /etc/apt/sources.list.d/src-packages.list containing:

        deb-src http://ftp.debian.org/debian jessie main contrib
        deb-src http://ftp.debian.org/debian jessie-updates main contrib
      2. Update package lists and install a required helper package:

        aptitude update
        aptitude install dpkg-dev
      3. Follow all but one step from comment no. 7:

        apt-get source smbldap-tools
        cd smbldap-tools-0.9.7/
        ./configure
        make

        This creates an executable smbldap-config.cmd replacing smbldap-config.pl.

    • Operating locally you may want to disable TLS support.

    • As with local Samba users each LDAP user must be visible by the OS. As being mentioned in the documentation configuring /etc/nsswitch.conf to resolve i.e. id hans is an essential precondition.

    • For security reasons you may want to use LDAPS in favour of unencrypted LDAP.

  5. Test your Samba/LDAP installation by mounting a user's share via LDAP.

    Tip

    Debugging may require setting the LDAP server's olcLogLevel accordingly.

    If you want to see all log messages you may issue (prior removal of *.gz *.1 and other archive files is recommended):

    root@sdi4a:/var/log# cd /var/log/
    root@sdi4a:/var/log# tail -n0 -f `find . -type f`
    ==> ./alternatives.log <==
    ...

    This will browse all (possibly unrelated) log statements.