Setting Up Samba on a Solaris 10 System

If you need to share files between a Windows and a Unix or Linux system, you can use Samba, which is free software that implements the same networking protocol that Microsoft Windows use to share files between systems. If you don't already have it on your system, you can download it from Samba - opening windows to a wider world.

If you have a Solaris 10 system, the Samba software is likely already on the system and you will likely just need to configure it. If you type ls /usr/sfw/bin/smb* and see smblicent, smbstatus, etc. then you already have it on the system. If not, try find / -name smbclient to look for it.

If you have an account already on the Solaris system from which you wish to share files or folders you can use it and can skip to Configuring Samba support for account. But supposing you wish to create a new account specifically for sharing files to a Windows system, then follow the steps below. This explanation was written specifically for sharing files from a Xerox DocuSP system, but is generally applicable to setting up Samba on any Sun Solaris 10 system.

Adding a New Account

  1. While logged into the system from another account, right-click somewhere on the desktop and choose Hosts then Terminal Console.
  2. Switch to the root account, if you aren't already logged into that account with su - root.
  3. Add a new user account with the useradd command.
    
    # useradd -u 40022 -g staff -c "DocuSP folder sharing" -m -s /usr/bin/bash docusp01
    
    -u specifies the userid. It should be one not already used on the system. You can type cat /etc/passwd to see all of the accounts on the system. The UID value is the number after the second colon in each line.

    -g specifies the group the account belongs to and can be staff, if you don't have another group you wish to use.

    -c allows you to put a comment in the entry.

    -m specifies that a home directory be created for the new user. In this case it will be /export/home/docusp01. It is in the form base_dir/account_name where base_dir is the base directory for the new home directories and account_name is the name for the new account.

    -s specifies the shell to use for the new account, which in this case the BASH shell, which is located in /usr/bin.

    The final parameter on the line is the account name to create, i.e. docusp01 in this case. It will need to be 8 characters or less in length.
  4. Set a password for the account.
    # passwd docusp01
    

If you need to later change any parameters for the account, you can use the usermod command.

Now that you have created the account you wish to use, you can configure Samba support for that account.

Configuring Samba support for account

You need to edit /etc/sfw/smb.conf (You may wish to create a backup copy first), e.g. cp -p /etc/sfw/smb.conf /etc/sfw/smb.conf.old.

Change the line workgroup = WORKGROUP to match whatever workgroup or domain you use for your Windows systems, e.g. workgroup = SOMECOMPANY.

You can also change server string to be whatever you wish. I changed it from the default of server string = XXP240250 to the following:


server string = Xerox DocuColor 250

Choose which systems should have access to shared folders on the Solaris system by adding a hosts allow line. There is one in the smb.conf file to show you how to configure this line, but it is commented out.


# hosts allow = 192.168.1. 192.168.2.0./24 192.168.3.0/255.255.255.0 127.0.0.1

If my systems are on a 192.168.0.0/24 subnet, i.e. systems have an address of 192.168.0.x and use a subnet mask of 255.255.255.0, I could allow access from any system on the subnet by using 192.168.0.0/24 or 192.168.0. If I only want to allow access from two specific systems, say 192.168.0.25 and 192.168.0.36, plus the Solaris system itself for testing using the loopback address 127.0.0.1, I would add the following line:

hosts allow = 192.168.0.25 192.168.0.36 127.0.0.1

If you wish to set a maximum size for the log file that records information about Samba connections, find #max log size = 50, remove the comment character, # and change the number to whaterver you wish to use, e.g. 16384 for 16 MB.

I also uncommented the line that specifies where the log file is located, but changed the line from:


#log file = /usr/local/samba/var/log.%m

To the following line instead:

log file = /var/log/samba/log.%m

I also created a samba directory under /var/log to hold the Samba logs and then changed its protection so only root can view the logs.


# mkdir /var/log/samba
# chmod 700 /var/log/samba

At the end of the smb.conf file, you can add information about the folder you wish to share. In this case for the DocuSP system, I want to share the folder /var/spool/XRXnps/saved. I want to make it browseable from the Windows systems to which I am granting access, but I don't want them to be able to add files or modify files in the directory. And I only want to grant acces to the new account, docusp01, that I created, so I added the following lines:


# DocuSP folder shared read-only to Windows systems
[DocuSP]
   comment = DocuSP XRXnps saved
   path = /var/spool/XRXnps/saved
   valid users = docusp01
   browseable = yes
   public = yes
   writable = no
   printable = no

The valid users = docusp01 will limit access to only the docusp01 account I created.

I need to grant access to the /var/spool/XRXnps/saved directory. Xerox recommends granting read, write, execute access to everyone for this directory using the command below:


# chmod 777 /var/spool/XRXnps/saved

I issued that command, though I am still restricting access through /etc/smb.conf. The default permission on the directory prior to issuing that command is shown below:

# ls -ld /var/spool/XRXnps/saved
drwxr-xr-x  43 root     other       2048 Mar 23 12:55 /var/spool/XRXnps/saved

When I checked while setting up the system, Samba appeared to be running, i.e., I saw smbd running and when I checkd the services on the system, I saw Samba listed:


# ps -ef | grep smb | grep -v grep
    root  1005     1   0   Mar 23 ?           0:00 /usr/sfw/sbin/smbd -D
    root  1007  1005   0   Mar 23 ?           0:00 /usr/sfw/sbin/smbd -D
# svcs | grep samba
legacy_run     Mar_23   lrc:/etc/rc3_d/S90samba

So I stopped and restarted it.


# /etc/init.d/samba stop
# /etc/init.d/samba start

Once I did that, I saw the system appear as SIP-8 in the workgroup used by the company for whom I was setting it up, when I checked on what systems were in the workgroup. But you may not always see the system show up immediately.

C:\>net view /domain:frostinc
Server Name            Remark

-------------------------------------------------------------------------------
\\FROSTINC26           Cindy's Dell Dimension 3000
\\PCWORKSTATION        Gateway Profile 4
\\SIP-8                Xerox DocuColor 250
The command completed successfully.

But to allow access from a Windows PC using the account I created, I needed to set a Samba password for the docusp01 account I created on the Solaris system. You can use the smbpasswd command to create a Samba password for the account that can be used to access the shared folder from a Windows system. This can be the same as the one you use for logging into the account under Solaris, but doesn't necessarily have to be the same as the password for the account.


# /usr/sfw/bin/smbpasswd -a docusp01
New SMB: password:

The -a specifies that you are adding a new account password rather than changing an existing one. When I first ran the command I received the error message shown below.


# /usr/sfw/bin/smbpasswd docusp01
New SMB password:

Retype new SMB password:

startsmbfilepwent_internal: file /opt/XRXnps/XRXsamba/private/smbpasswd did not exist. Couldn't create new one. Error was: No such file or directoryUnable to open passdb database.
Failed to find entry for user docusp01.
Failed to modify password entry for user docusp01

In the /etc/sfw/smb.conf file, the lines below appeared:


# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
encrypt passwords = yes

smb passwd file = /opt/XRXnps/XRXsamba/private/smbpasswd

Once I realized that the directory XRXsamba did not exist, I created it and the private subdirectory beneath it.


# ls /opt/XRXnps/XRXsamba
/opt/XRXnps/XRXsamba: No such file or directory
# mkdir /opt/XRXnps/XRXsamba
# mkdir /opt/XRXnps/XRXsamba/private

I was then able to use the smbpasswd command without the prior error occurring.


# /usr/sfw/bin/smbpasswd -a docusp01
New SMB password:

Retype new SMB password:

startsmbfilepwent_internal: file /opt/XRXnps/XRXsamba/private/smbpasswd did not
exist. File successfully created.
Added user docusp01.

And when I looked in the smbd.log file, I saw an entry indicating the encrypted password file had been created.


# cat /var/log/samba/log.smbd
[2007/03/25 22:27:58, 0] passdb/pdb_smbpasswd.c:(195)
  startsmbfilepwent_internal: file /opt/XRXnps/XRXsamba/private/smbpasswd did not exist. File successfully created.

I was then able to access the shared folder from one of the Windows PCs to which I had granted access to the shared folder by listing its IP address in /etc/smb.conf. To access the shared folder on the Solaris system from the PC, I used the username of SIP-8\docusp01 and the password for that account.

C:\>net view \\sip-8
Shared resources at \\sip-8

Xerox DocuColor 250

Share name  Type  Used as  Comment

-------------------------------------------------------------------------------
DocuSP      Disk  (UNC)    DocuSP XRXnps saved
The command completed successfully.

And from the Solaris system, I could issue the smbstatus command and see the access from the Windows PC.

# /usr/sfw/bin/smbstatus
creating lame upcase table
creating lame lowcase table

Samba version 3.0.11
PID     Username      Group         Machine
-------------------------------------------------------------------
 8446   docusp01      staff         pcworkstation (192.168.0.26)

Service      pid     machine       Connected at
-------------------------------------------------------
DocuSP        8446   pcworkstation  Sun Mar 25 22:43:58 2007

No locked files

And I saw entries appear in /var/log/samba/log.pcworkstation for the connection from the PC.

I could also issue the smbclient command from the Solaris system to view shared directories on the Windows PC.

# /usr/sfw/bin/smbclient -L 192.168.0.25 -U Smith

For the smbclient command, the -L parameter specified the address of the PC and the -U parameter specified an account on that Windows PC, for which I received a password prompt

I also set up Samba on a second DocuSP system, SIP-3. When I created a shortcut on the Windows PC's desktop, I had to specify the IP address of the Solaris DocuSP system instead of SIP-3, e.g. I had to use \\192.168.0.36\docusp as the location. When prompted for the userid and password, I entered \\SIP-3\docusp-1 as the username and the password for that account set up through smbpasswd on the Solaris system. It was accepted and I was able to access files on the DocuSP system through the shortcut. But the system wasn't showing up when I entered the command net view /domain:somecompany

References:

  1. Samba (software)
    Wikipedia, the free encyclopedia
  2. Samba - opening windows to a wider world
  3. Solaris Operating Sysem
    Wikipedia, the free encyclopedia

newegg.com

Name brand products, up to 97% off MSRP! See today's deals at 1Sale.com!1px

Valid HTML 4.01 Transitional

Created: Monday March 26, 2007 9:16 PM