If you have a Solaris 10 system, the Samba software is likely already on the
system and you will likely just need to configure it. If you type
/usr/sfw/bin/smb* and see smblicent, smbstatus, etc.
then you already have it on the system. If not, try
find / -name
smbclient to look for it.
If you have an account already on the Solaris system from which you wish to share files or folders you can use it and can skip to Configuring Samba support for account. But supposing you wish to create a new account specifically for sharing files to a Windows system, then follow the steps below. This explanation was written specifically for sharing files from a Xerox DocuSP system, but is generally applicable to setting up Samba on any Sun Solaris 10 system.
Adding a New Account
su - root.
# useradd -u 40022 -g staff -c "DocuSP folder sharing" -m -s /usr/bin/bash docusp01
-uspecifies the userid. It should be one not already used on the system. You can type
cat /etc/passwdto see all of the accounts on the system. The UID value is the number after the second colon in each line.
-gspecifies the group the account belongs to and can be
staff, if you don't have another group you wish to use.
-callows you to put a comment in the entry.
-mspecifies that a home directory be created for the new user. In this case it will be /export/home/docusp01. It is in the form base_dir/account_name where base_dir is the base directory for the new home directories and account_name is the name for the new account.
-sspecifies the shell to use for the new account, which in this case the BASH shell, which is located in /usr/bin.
# passwd docusp01
If you need to later change any parameters for the account, you can use
Now that you have created the account you wish to use, you can configure Samba support for that account.
Configuring Samba support for account
You need to edit /etc/sfw/smb.conf (You may wish to create a
backup copy first), e.g.
cp -p /etc/sfw/smb.conf
Change the line
workgroup = WORKGROUP to match whatever
workgroup or domain you use for your Windows systems, e.g.
workgroup = SOMECOMPANY.
You can also change
server string to be whatever you wish.
I changed it from the default of
server string = XXP240250
to the following:
server string = Xerox DocuColor 250
Choose which systems should have access to shared folders on the Solaris system
by adding a
hosts allow line. There is one in the smb.conf
file to show you how to configure this line, but it is commented out.
If my systems are on a 192.168.0.0/24 subnet, i.e. systems have an address of 192.168.0.x and use a subnet mask of 255.255.255.0, I could allow access from any system on the subnet by using
# hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1
192.168.0. If I only want to allow access from two specific systems, say 192.168.0.25 and 192.168.0.36, plus the Solaris system itself for testing using the loopback address 127.0.0.1, I would add the following line:
hosts allow = 192.168.0.25 192.168.0.36 127.0.0.1
If you wish to set a maximum size for the log file that records information
about Samba connections, find
#max log size = 50, remove
the comment character,
# and change the number to whaterver
you wish to use, e.g.
16384 for 16 MB.
I also uncommented the line that specifies where the log file is located, but changed the line from:
To the following line instead:
#log file = /usr/local/samba/var/log.%m
log file = /var/log/samba/log.%m
I also created a samba directory under /var/log to hold the Samba logs and then changed its protection so only root can view the logs.
# mkdir /var/log/samba # chmod 700 /var/log/samba
At the end of the smb.conf file, you can add information about the folder you wish to share. In this case for the DocuSP system, I want to share the folder /var/spool/XRXnps/saved. I want to make it browseable from the Windows systems to which I am granting access, but I don't want them to be able to add files or modify files in the directory. And I only want to grant acces to the new account, docusp01, that I created, so I added the following lines:
# DocuSP folder shared read-only to Windows systems [DocuSP] comment = DocuSP XRXnps saved path = /var/spool/XRXnps/saved valid users = docusp01 browseable = yes public = yes writable = no printable = no
valid users = docusp01 will limit access to only the
docusp01 account I created.
I need to grant access to the /var/spool/XRXnps/saved directory. Xerox recommends granting read, write, execute access to everyone for this directory using the command below:
I issued that command, though I am still restricting access through /etc/smb.conf. The default permission on the directory prior to issuing that command is shown below:
# chmod 777 /var/spool/XRXnps/saved
# ls -ld /var/spool/XRXnps/saved drwxr-xr-x 43 root other 2048 Mar 23 12:55 /var/spool/XRXnps/saved
When I checked while setting up the system, Samba appeared to be running, i.e., I saw smbd running and when I checkd the services on the system, I saw Samba listed:
# ps -ef | grep smb | grep -v grep root 1005 1 0 Mar 23 ? 0:00 /usr/sfw/sbin/smbd -D root 1007 1005 0 Mar 23 ? 0:00 /usr/sfw/sbin/smbd -D # svcs | grep samba legacy_run Mar_23 lrc:/etc/rc3_d/S90samba
So I stopped and restarted it.
# /etc/init.d/samba stop # /etc/init.d/samba start
Once I did that, I saw the system appear as SIP-8 in the workgroup used by the company for whom I was setting it up, when I checked on what systems were in the workgroup. But you may not always see the system show up immediately.
C:\>net view /domain:frostinc Server Name Remark ------------------------------------------------------------------------------- \\FROSTINC26 Cindy's Dell Dimension 3000 \\PCWORKSTATION Gateway Profile 4 \\SIP-8 Xerox DocuColor 250 The command completed successfully.
But to allow access from a Windows PC using the account I created,
I needed to set a Samba password for the docusp01 account I created on the
Solaris system. You can
smbpasswd command to create a Samba password for the
account that can be used to access the shared folder from a Windows system.
This can be the same as the one you use for logging into the account under
Solaris, but doesn't necessarily have to be the same as the password for
# /usr/sfw/bin/smbpasswd -a docusp01
New SMB: password:
-a specifies that you are adding a new account password rather
than changing an existing one. When I first ran the command I received the
error message shown below.
# /usr/sfw/bin/smbpasswd docusp01 New SMB password: Retype new SMB password: startsmbfilepwent_internal: file /opt/XRXnps/XRXsamba/private/smbpasswd did not exist. Couldn't create new one. Error was: No such file or directoryUnable to open passdb database. Failed to find entry for user docusp01. Failed to modify password entry for user docusp01
In the /etc/sfw/smb.conf file, the lines below appeared:
# You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /opt/XRXnps/XRXsamba/private/smbpasswd
Once I realized that the directory XRXsamba did not exist, I created it and the private subdirectory beneath it.
# ls /opt/XRXnps/XRXsamba /opt/XRXnps/XRXsamba: No such file or directory # mkdir /opt/XRXnps/XRXsamba # mkdir /opt/XRXnps/XRXsamba/private
I was then able to use the
smbpasswd command without the
prior error occurring.
# /usr/sfw/bin/smbpasswd -a docusp01 New SMB password: Retype new SMB password: startsmbfilepwent_internal: file /opt/XRXnps/XRXsamba/private/smbpasswd did not exist. File successfully created. Added user docusp01.
And when I looked in the smbd.log file, I saw an entry indicating the encrypted password file had been created.
# cat /var/log/samba/log.smbd [2007/03/25 22:27:58, 0] passdb/pdb_smbpasswd.c:(195) startsmbfilepwent_internal: file /opt/XRXnps/XRXsamba/private/smbpasswd did not exist. File successfully created.
I was then able to access the shared folder from one of the Windows PCs to which I had granted access to the shared folder by listing its IP address in /etc/smb.conf. To access the shared folder on the Solaris system from the PC, I used the username of SIP-8\docusp01 and the password for that account.
C:\>net view \\sip-8 Shared resources at \\sip-8 Xerox DocuColor 250 Share name Type Used as Comment ------------------------------------------------------------------------------- DocuSP Disk (UNC) DocuSP XRXnps saved The command completed successfully.
And from the Solaris system, I could issue the
command and see the access from the Windows PC.
# /usr/sfw/bin/smbstatus creating lame upcase table creating lame lowcase table Samba version 3.0.11 PID Username Group Machine ------------------------------------------------------------------- 8446 docusp01 staff pcworkstation (192.168.0.26) Service pid machine Connected at ------------------------------------------------------- DocuSP 8446 pcworkstation Sun Mar 25 22:43:58 2007 No locked files
And I saw entries appear in /var/log/samba/log.pcworkstation for the connection from the PC.
I could also issue the
smbclient command from the Solaris system
to view shared directories on the Windows PC.
# /usr/sfw/bin/smbclient -L 192.168.0.25 -U Smith
smbclient command, the
specified the address of the PC and the
-U parameter specified
an account on that Windows PC, for which I received a password prompt
I also set up Samba on a second DocuSP system, SIP-3. When I created a
shortcut on the Windows PC's desktop, I had to specify the IP address of
the Solaris DocuSP system instead of SIP-3, e.g. I had to use
\\192.168.0.36\docusp as the location. When prompted for the
userid and password, I entered
\\SIP-3\docusp-1 as the username and the password for that
account set up through
smbpasswd on the Solaris system. It
was accepted and I was able to access files on the DocuSP system through
the shortcut. But the system wasn't showing up when I entered the
net view /domain:somecompany
Created: Monday March 26, 2007 9:16 PM