Here is a letter that I sent to a person requesting help:
I'd be glad to help.
There are several issues of which you should be aware. First, in the early
days of Windows, passwords were passed "in the
clear." That is they were not encrypted. Even Windows 95 used unencrypted
password for a while. But in the later releases
of Windows 95 Microsoft began to encrypt passwords.
Samba can handle either encrypted or unencrypted passwords. However, if you
choose to use encrypted passwords,
maintenance is more difficult at the server because the encryption algorithm
that Microsoft uses is not the same as the one that
Linux uses so you must keep two password lists on the Linux box. It can be
a real hassle for users to change their passwords.
I would recommend that if the Linux box is going to be a home server that
you do not encrypt passwords but if your network is
going to be exposed to possible packet sniffing that you use encryption. I
only use Samba for my home server so I can't help
you much with the encryption thing.
If you choose not to encrypt and you use a very early version of Windows 95
then you're all set. But more likely you will be
using Windows 98 in which case you must edit the registry. If you use NT
there may be issues of which I am unaware so you'll
be on your own.
To set a Windows 95/98 box to send passwords in the clear you must use
regedit to add the following key:
Be very careful as changing the registry can render your system unusable.
I am assuming that you have correctly installed the Samba software. After
you install Samba, the only thing you need to do to
get the whole thing going is to configure the smb.conf file. Samba has LOTS
of settings but luckily most of them default to a
reasonable value. The smb.conf file looks a lot like the old Windows INI
files. It has sections that are bracked [section name].
You must have a global section. Below is an example. The workgroup would
be set to your domain name. So if your NT
domain was called "FISCAL" you would set workgroup = FISCAL.
The netbios name should be set to your server's name. The interfaces
parameter tells Samba the IP address of the LAN card
to which it should listen. I believe that by default it listens to all
cards. If you server is also being used as a firewall then you
probably don't want to accept smb connections from the outside world.
workgroup = Domain
netbios name = ComputerName
interfaces = 192.168.0.1
password level = 4
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
read only = No
locking = No
You need to create a directory on your Samba server called /export/smb
This directory is used by your Window's clients when a user logs on. (It's
a Window's thing.)
In your smb.conf file put the following:
comment = NETLOGON service
path = /export/smb/netlogon
read only = Yes
Next you define the home directories. Put the following in you smb.conf.
comment = Home directories
path = %H
valid users = %S
create mask = 0600
directory mask = 0700
browseable = No
When a user logs on they will see a share with their user name. User's can
only see their own home directories.
The next thing you want to do is to define the directories on the Linux box
that you wish to share. The Samba shares do to
take president over the Linux permissions so be sure that the directories
that you are sharing allow the users access or
strangeness will occur. The name inside the brackets is the name the users
will see when they browse. It has nothing to do
with the actual directory name. For example, lets say that you have a
directory on your Linux box called "/Data32" but you
want the user to see the name "Files" you could use the following:
comment = Data
path = /Data32
writable = yes
create mask = 0750
create directory = 0750
The "path" parameter tells Samba the path to the directory that you are
sharing. The "writable" parameter tells Samba that
users are allowed to write to the directory. The "create mask" and "create
directory" tells samba what permissions to put on
new files and directories that are created.
This should be enough to get you started. You should also read the doc
files and if necessary purchase a book on the subject.
Once you get things working you'll wonder why you ever thought is was
A user must log onto the DOMAIN to gain access to the shares.
>> I aways get a little queezy when I share directories. :-) I think that
>> sharing directories through SAMBA is more secure then NFS. Just my
>How do you mount SMB shares? As far as i know, one has to provide a
>username/password while doing the mount. How can this be automated on
>system start? And how about the user/group/other access rights?