VLSI Group > Infrastructure > Computing > Samba

Samba

Samba is, it's a program that runs on a Unix box that allows you to mount directories on the Unix box and have them appear as "network drives" from you Win[95|98|NT|XP] box.

Here are some instructions on what to do if you want to mount your home directory (or somebody elses for that matter) from your PC: I have turned on password encryption. This means that before you can use our Samba server you have to tell the Samba server what your encrypted password is. Unfortunately, the hash technique that Wintel uses is not the same as Unix so Samba cannot decrypt your Unix password and re-crypt it for Wintel (duh!). Follow these steps to do it yourself:

  1. Login in to vlsi and become root
     
  2. Edit /usr/local/lib/samba/private/smbpasswd and add an entry for yourself (If you don't already have one that is). The format of the file is as follows:

    <username>:<uid>:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXX
    XXXXXXXXXXX:<Real Name>:<Home Directory>:<shell>

    Hopefully, you know all of these values. If not, you need to at least know your username (if you don't know that, god help you).

    ypcat passwd | grep <username>

    It will print out something like this:

    <username>:<encrpyted password>:<uid>:<gid>:<Real Name>:<Home Dir>:<shell>:::::

    Hopefully, you can match up the fields between the two and make the appropriate substitutions. Lastly, leave the XXX's in the file as they are. They'll be overwritten after you execute the next command.
     
  3. Type /usr/local/bin/smbpasswd <username>
    type in your password twice (it would be a good idea to make it the same as your unix pasword) . After you initially change your Samba password, you can change it  again without becoming root, by using the 'smbpasswd' command with no arguments. It will prompt you for your old password to  authenticate you.
     
  4. Connecting from a WinNT box
    - Choose 'map a network drive'
    - For the 'Path', type in '\\vlsi.stanford.edu\(login)'
    (login) is any valid vlsi login. It doesn't have to be yours!
    If you want to browse somebody elses vlsi directory, put their login in there. If you get an error that it can't find the path, it's probably your DNS setup on your box. I've seen the following all work:
    \\vlsi.stanford.edu\
    \\VLSI\
    \\vlsi\
    \\VLSI.STANFORD.EDU\
    If none of these work, your DNS needs some tweaking.
    - For 'Connect As', type in your vlsi login.
    - Press 'OK'. If it then says that you've entered an incorrect password, type in your vlsi password and it should connect you.
    - Done!
    - You can mount multiple directories for multiple users. For example, you could mount drive F: to your own home directory and drive G: to somebody elses. You'll just have to enter your password each time.
     
  5. Connecting from a Win9[58] box
    The steps for this is very similar except that Win9[58] doesn't have the same notion of a user as WinNT. Win9[58] doesn't have a place to specify 'Connect As'. If you have 'users' turned on for your box, then it will use the username of the person currently logged in.
    I've had this work and not work with various success. If you have a Win9[58] box at home, try turning 'users' on and make the
    username the same as your vlsi login.
     
  6. Permissions
    Samba uses the underlying Unix permission as much as possible. As long as you're connected as you, you can only write to files that you would have write permission to write on vlsi itself. The only gotcha that I can think of is if two people are sharing
    the same PC and user A first connects and then user B comes along and connects to user's A directory hoping to browse. I think user certain conditions, the PC will send user A's password and user B will be connected to user A's home directory as user A! If anybody knows more than me or sees any behavior to  support/contradict this please let me know.
     
  7. General notes
    Samba follows soft links across remote file systems happily. If I have a link in my home directory that goes to /tinderbox/tk5,
    Samba will happily follow that link and display the contents of /tinderbox/tk5. This is different than nfs and should be considered a feature.
    The part above about setting your encrypted password is only necessary if your Wintel box sends encrypted passwords. Any post WinNT SP3 box will only send encrypted passwords, unless that's been turned off in the registry. If your box doesn't send encrypted passwords (either because it's old or you turned it off), the Samba server will accept your cleartext password without checking against the encrypted version. This is a bug in my opinion. If there was a way to configure our server to reject all cleartext passwords, even if they are correct, I would turn it on.
  8. If you cannot connect to the server at all it is possible that your ip address is not in the range allowed by the samba server in the file /usr/local/lib/samba/lib/smb.conf


Last updated Monday, 05. December 2005