Linux In a Windows Network with SAMBA
by Mark Rais, Senior Editor ReallyLinux.com
Integrating Fedora Linux into a Windows
network is reasonable and easy as long as you use the SAMBA
utilities. I share the main steps necessary to implement such a
SAMBA server within most Windows environments.
Once integrated a Linux
server looks and acts exactly like any other server on a Windows
intranet. You will have the ability to drag and drop files,
view server contents and directories using Windows File Manager, and
even edit files on a Linux server from any Windows desktop.
This article is a guide to setting up a
full fledged FEDORA LINUX/SAMBA server. If you need basic steps for
connecting Linux with Windows please read my article
Windows to Linux: Basic Networking. If you're a system administrator
and are planning to integrate the Linux server into your AD server
environment, I'm sorry I do not go into details how to configure
smb.conf for ADS usernames, although it can be done. I will walk you
through the main steps for installing a SAMBA Server. This, in my
opinion, is the first part to any future more advanced integration.
First, you must allow the Linux server
full rights and access to the Windows workgroup and local domain.
That means that either in your Active Server environment you need to
reserve an IP address for the Linux server, or you simply need to
ensure a hard coded IP address is given to the Linux server. The
server must have a reserved IP address whether you deliver it via
DHCP or statically assign it in the DNS. This also means that you
need to ALLOW SMB DAEMON to operate. You can ensure your system security
does this by editing your Firewall setup or using system-config-securitylevel
Second, you must ensure that SAMBA
(SAMBA tools and the SMB protocol) is installed and running on the
Linux server. Most versions of Fedora come with the necessary
packages. You should also be sure to update your SAMBA security levels properly
if you are having trouble accessing a shared directory. This is found under
Samba Server Configuration tool, main menu Properties, option Server Settings, and then the tab: Security.
Now you are
ready to configure your Fedora Linux/SAMBA machine... aka. SAMBA
For further troubleshooting these two
webpages may be helpful as well:
Samba Tech Doc
Samba Troubleshooting: Unknown User
EDITING THE SMB.CONF FILE
If you must edit the smb.conf file here
are a few pointers:
1. Find your smb.conf file
The smb.conf file contains the key
elements for configuring your SAMBA server. It is almost always
located in the directory /etc/samba and so you get to it with the
command: cd /etc/samba
2. Edit the smb.conf file
First use this command to make a backup
of your file: cp smb.conf smb.conf.backup
3. Now edit the smb.conf file using
your favorite text editor.
One of the most important lines is
# workgroup = NT-Domain-Name or
workgroup = workgroup
Be sure that the workgroup matches the
Windows workgroup you want this server in. In the example it is set
If you're editing this file to allow
for WindowsNT or ADS usernames, be sure next to wins server you
specify the correct LINUX server IP address:
wins server = 10.1.2.20
The Share Definitions section is MOST
VITAL. Under this section you must at least ensure that the username
file is mapped correctly. In the basic example I am writing about
you will map to the standard SAMBA username file.
username map =
Notice that I've removed the ; so this
parameter is actually used.
Now test that every change you've made
at least passes the parameter test. At the command prompt type:
You should see zero errors.
4. Don't forget once you edit the
smb.conf file you either need to run the command:
or you can simply reboot the server.
But please do one of these or your changes will not get picked up!
If you run into problems or this part
fails, download this example smb.conf file or
restore your .backup file and try again.
INTEGRATING WITH MICROSOFT ADS OR NT
Maybe at this point you're in dire need
to figure out how to use the SAME exact logins/password for users on
the LINUX/SAMBA server as in the rest of your ADS environment. I
promised I would avoid the details of this but here are some helpful
tips. In the smb.conf file you will need to add the obvious
configuration lines for ADS, but also be sure to change this line:
unix password sync = yes
This is vital!
You may benefit from reviewing these
two articles regarding username logins:
Samba Guide on ADS
Samba HOW-TO ADS Membership
Mark Rais has written several books and numerous articles on integrating Linux and Windows for a number of magazines. Besides serving as managing editor for reallylinux.com, Rais dedicates his time to helping solve the technology issues for government and businesses.
UPDATED version 4.34
Linux is a registered trademark of Linus Torvalds. Microsoft, Microsoft Windows, Active Directory Server, WindowsNT and WindowsXP are trademarks or registered trademarks of Microsoft Corporation both in the United States and Internationally. All other trademarks or registered trademarks in this article belong to their respective owners.