|
|
Configuring Windows to use your new Samba server is really quite simple. SMB is Microsoft's native language for resource sharing on a local area network, so much of the installation and setup on the Windows client side have been taken care of already.
Windows is different from Unix in many ways, including how it supports networking. Before we get into the hands-on task of clicking our way through the dialog boxes to configure each version of Windows, we need to provide you with a common foundation of networking technologies and concepts that apply to the entire family of Windows operating systems.
For each Windows version, these are the main issues we will be dealing with:
Making sure required networking components are installed and bound to the network adapter
Configuring networking with a valid IP address, netmask and gateway, and WINS and DNS name servers
Assigning workgroup and computer names
Setting the username(s) and password(s)
In addition, some minor issues involving communication and coordination between Windows and Unix are different among Windows versions.
One can go crazy thinking about the ways in which Unix is different from Windows, or the ways in which members of the Windows family are different from each other in underlying technology, behavior, or appearance. For now let's just focus on their similarities and see if we can find some common ground.
Unix systems historically have been monolithic in nature, requiring recompilation or relinking to create a kernel with a customized feature set. However, modern versions have the ability to load or unload device drivers or various other operating-system features as modules while the system is running, without even needing to reboot.
Windows allows for configuration by installing or uninstalling components. As far as networking goes, components can be one of three things:[1]
Protocols
Clients
Services
Since Samba works using the TCP/IP protocol, of course we'll want to have that installed. In some cases, we also will want to find protocols to uninstall. For example, if Netware protocol (IPX/SPX) is not required on the network, it might as well be removed.
NetBEUI protocol should be removed if possible. Having NetBEUI running at the same time as NetBIOS over TCP/IP causes the system to look for services under two different protocols, only one of which is likely to be in use. When Windows is configured with one or more unused protocols, 30-second delays will result when Windows tries to communicate with the unused protocol. Eventually, it times out and tries another one, until it finds one that works. This fruitless searching results in terrible performance.
The other two items in the list, client and service components, are pretty much what you'd expect. Client components perform tasks related to connecting with network servers, and service components are for making the local system into a server of resources on the network. In Chapter 1 we told you that SMB systems can act as both clients and servers, offering resources on the network at the same time they request resources. In accordance with that, it is possible to install a component for SMB client services and, separately, a service component that allows file and printer shares on the local system to be accessible from other systems on the network.
Once a networking component is installed, it must be bound to a hardware interface, or adapter, to be used on the network. At first this might seem like an odd complication; however, it is a conceptual model that allows the associations between hardware and software to be clearly displayed and easily modified through a graphical interface.
We will want to make sure that your Windows client has both TCP/IP and the client component for SMB networking installed and also that it is bound to the network adapter that connects to our Samba network, which in most cases will be an Ethernet adapter.
Just like any Unix system (or any other system that is using TCP/IP), your Windows systems will need an IP address. If you are using DHCP on your network, you can configure Windows to obtain its IP address automatically by using a DHCP server. Otherwise, you will need to assign a static IP address manually along with a netmask.[2]
If you are on a private network where you have the authority to assign your own IP addresses, you can select from addresses in one of three ranges:[3]
10.0.0.1 through 10.255.255.254
172.16.0.1 through 172.31.255.254
192.168.0.1 through 192.168.255.254
These address ranges are reserved for private networks not directly connected to the Internet. For more information on using these private network addresses, see RFC 1918.
If you're not maintaining your own separate network, see your system administrator for some available addresses on your network, as well as for the proper netmask to use.
You should also be prepared to enter the IP address of the default gateway for the network. In some networks, the default gateway is the system or router that connects the LAN to the Internet. In other cases, the default gateway connects a subnet into a larger departmental or enterprise network.
Name resolution is the function of translating human-friendly hostnames, such as hopi, or fully qualified domain names (FQDNs), such as mixtec.metran.cx, into IP addresses, such as 172.16.1.11 or 172.16.1.7.
Unix systems can perform name resolution using an /etc/hosts file at the minimum, and more commonly can also incorporate services such as DNS (Domain Name System) and NIS (Network Information Service). Thus, name resolution is not necessarily performed by one isolated part of the operating system or one daemon, but is a system that can have a number of dispersed parts (although the name service switch, with its /etc/nsswitch.conf configuration file, helps to tie them together).
Although the specific implementation is different, name resolution in Windows is also performed by querying a number of resources, some of which are similar (or even identical) to their Unix counterparts.
On the other hand, there is one way in which Windows is not at all similar to Unix. If a Windows workstation is set up with no WINS name server, it will use the broadcast method of name resolution, as described in Chapter 1,[4] probably resulting in a very busy network. And even if you provide name servers for your Windows system to use, it might still resort to broadcast name resolution if it is unsuccessful at querying the name servers. For this reason, we recommend that you provide multiple reliable name servers for your Windows computers on the network.
If that weren't enough to get you interested in setting up WINS and DNS servers, broadcast name resolution is usually limited to working on the local subnet because routers are usually configured not to forward broadcast packets to other networks.
We've already told you about WINS in Chapter 1, and we don't have much more to say about it here. WINS can translate simple NetBIOS computer names such as huastec or navajo into IP addresses, as required on an SMB network. Of course, the interesting thing here is that Samba can act as a WINS server if you include the line:
wins support = yes
in your Samba server's smb.conf file. This can be a good thing, to be sure, and we highly recommend it. Not only will you have a reliable WINS server to reduce the number of broadcast packets, but you won't need to run Windows NT/2000/XP to get it.
WARNING
One caveat about using Samba as a WINS server is that Samba (up to Version 2.2, at least) cannot synchronize with other WINS servers. So if you specify a Samba server as your Windows system's WINS server, you must be careful not to specify any additional (i.e., secondary) WINS servers. If you do, you are likely to run into problems because the servers will not be able to synchronize their databases with each other. In Samba's defense, if you are using a Samba WINS server (running on a typically reliable Unix host), you will probably have little need for a secondary WINS server anyway.
All Windows versions support a backup method of name resolution, in the form of a file called LMHOSTS [5] that contains a lookup table of computer names and IP addresses. This exists for "historical purposes," and is a rather awkward method of name resolution because it requires the administrator (i.e., you!) to keep copies of LMHOSTS up to date on every single Windows system on the network. To be fully effective, LMHOSTS would have to be updated every time a new system were added to (or removed from) the network. Of course, there might be ways to automate that process, but a better option would be simply to run a WINS name server that is intentionally designed to solve that specific problem.
There are perhaps a couple of reasons why you might want to bother with LMHOSTS files. In rare situations, there might be no WINS server on the network. Or maybe a WINS server exists, but it's unreliable. In both cases, if the Windows system has a valid LMHOSTS file, it can help to avoid your network bogging down from those dreaded broadcast name queries.
The format of the LMHOSTS file is simple and similar to the /etc/hosts file with which you might be familiar from running Unix systems. Here are the contents of a sample LMHOSTS file:
172.16.1.1 toltec 172.16.1.2 aztec 172.16.1.3 mixtec 172.16.1.4 zapotec 172.16.1.5 huastec 172.16.1.6 maya 172.16.1.7 olmec 172.16.1.8 chichimec 172.16.1.11 hopi 172.16.1.12 zuni 172.16.1.13 dine 172.16.1.14 pima 172.16.1.15 apache 172.16.1.21 inca 172.16.1.22 qero
As you can see, the format is like that of /etc/hosts, except that instead of an FQDN (e.g., toltec.metran.cx), only a NetBIOS computer name (toltec) is given. One way to create an LMHOSTS file for your Windows systems is to copy a /etc/hosts file and edit out the parts you don't need. This will work great if your network doesn't have a DNS (or NIS) name server and the Unix system is dependent on /etc/hosts for its own name service. But if your Unix system is querying a DNS server (which is the most frequent case on anything larger than the very smallest networks), you would be better advised to look in the DNS server's configuration files for your source of computer names and IP addresses.
If you do not have administrative access to your network's DNS server, you might be able to use tools such as nslookup, nmap, and dig to query the server and obtain the information you need.
The DNS is responsible for translating human-readable, Internet-style hostnames such as pima.metran.cx or sales.oreilly.com into IP addresses.
On your first reading of this section, you might be wondering what a section on DNS is doing in a book about NetBIOS and SMB networking. Remember, we told you that Windows can use more than WINS (NetBIOS Name Service) in its strategy for performing name resolution. Because DNS is also able to supply IP addresses for simple hostnames (which are usually the same as NetBIOS computer names), it can be helpful to configure Windows to know about a DNS server on your network. This is slightly more important for newer Windows versions than older ones, and more so for Windows NT/2000/XP than for Windows 95/98/Me, because nowadays Microsoft is focusing more on TCP/IP as the standard protocol and DNS as the primary name service.
To find the address of your DNS server, look at the file /etc/resolv.conf on your Samba server or any other Unix system on the local network that is using DNS. It looks like the following:
#resolv.conf domain metran.cx nameserver 127.0.0.1 nameserver 172.16.1.53
In this example, the first name server in the list is 127.0.0.1, which indicates that the Samba server is also a DNS server for this LAN.[6] In that case, you would use its network IP address (not 127.0.0.1, its localhost address) for your DNS server when configuring Windows. Otherwise, use the other addresses you find in the lines beginning with nameserver. Try to select ones on your own network. Any name servers listed in /etc/resolv.conf should work, but you'll get better performance by using a server nearby.
All versions of Windows can be configured to know of multiple domain name servers, and you might wish to take advantage of this for increased reliability. If the first domain name server does not respond, Windows can try others in its list.
Similar to how the LMHOSTS file can be added to supplement WINS, the HOSTS file on a Windows system can be optionally added to supplement DNS name resolution. Most of our comments regarding LMHOSTS also apply here.
This time the format of the file is not just similar to that of /etc/hosts found on Unix—the format is exactly the same. You can simply copy /etc/hosts from your Samba server or other Unix system to the proper directory on your Windows system.
On Windows 95/98/Me, the HOSTS file goes in the Windows installation directory, which is usually C:\Windows. Note that a file called hosts.sam is already there, which is a sample HOSTS file provided by Microsoft.
On Windows NT/2000/XP, the HOSTS file goes in the \system32\drivers\etc directory under the Windows installation directory, which is usually C:\WINNT.
Unix systems use username and password pairs to authenticate users either on a local system or in an NIS domain. Windows NT/2000/XP are very similar; a user supplies his username and password to log on to the local system or to a Windows domain.
When the SMB network is set up as a workgroup, things are different. There is no domain to log on to, although shares on the network can be password-protected. In this case, one password is associated with each password-protected share, rather than with individual users.
Samba's default user-level authentication in a workgroup is different from that of Windows. To access shares on the Samba host, users are required to supply a valid username and password for an account on the Samba host. This will be discussed in more detail in Chapter 9.
An unfortunate complication arises with passwords. In the first release of Windows 95 and in Windows NT 4.0 with Service Pack 2 (SP2) or less, as well as in all previous versions of Windows, passwords are allowed to be sent over the network in plain text. But in Windows 95 with the network redirector update,[7]
Windows NT 4.0 SP3 or later, and all subsequent releases of Windows, a registry setting must be modified to enable plain-text passwords. These more modern versions of Windows prefer to send encrypted passwords, and if you are working with one of them (and don't want to have to modify the registry), you must have the line:
encrypt passwords = yes
in the [global] section of your smb.conf file. In addition, you must run the command:
# smbpasswd -a username
for each user on the Samba host to add their passwords to Samba's collection of encrypted passwords. We showed you how to do this in Chapter 2.
If your first attempt to access a Samba share results in a dialog box asking for a password for IPC$, as shown in Figure 3-1, it is probably because you neglected either or both of these two steps, and the Samba server did not recognize the encrypted password that the Windows system sent to it. Another possible dialog box that might come up is the one shown in Figure 3-2, which was presented by a Windows 2000 client.
The rest of this chapter is divided into four sections. The first section covers setting up Windows 95/98/Me computers, and the rest of the sections cover Windows NT 4.0, Windows 2000, and Windows XP individually. Each section roughly parallels the order in which we've introduced networking concepts in this section. You need to read only the section that applies to the Windows version with which you are working, and once you have finished reading it, you can continue at the beginning of the next chapter where we will start covering more advanced Samba features and networking issues.
TIP
Keep in mind that we are continuing our example from Chapter 2, in which we are setting up a very simple prototype network using a workgroup that has very lax security. After you have the basics working, we recommend you continue with later chapters to learn how to implement both better security and a Samba domain.
The Windows 95/98/Me operating systems are very similar to each other, and as far as this chapter is concerned, it is possible to treat them with a common set of directions.
Samba uses TCP/IP to communicate with clients on the network, so you will need to make sure there is support for TCP/IP on each Windows client. Unlike Unix operating systems, Windows does not necessarily have support for TCP/IP installed. However, when Windows is installed on a computer with a network card or a network card is added to a system already running Windows, TCP/IP support is installed by default, along with the Client for Microsoft Networks, which supports SMB file and printer sharing.
To make sure both services are installed on your Windows system, double-click the Network icon in the Control Panel to open the Network dialog box, as shown in Figure 3-3.
You should see at least the Client for Microsoft Networks component installed on the system, and hopefully a networking device (preferably an Ethernet card) bound to the TCP/IP protocol. If there is only one networking hardware device, you'll see the TCP/IP protocol listed below the device to which it is bound, as shown in Figure 3-1.
You might also see "File and printer sharing for Microsoft Networks," which is used to make the system into a server. In addition, you might see NetBEUI or Novell Networking. Definitely remove NetBEUI unless you are sure you need it, and if you don't have any Novell servers on your network, you can remove Novell (IPX/SPX) as well. To remove a service, simply click its name and then click the Remove button.
If you don't see TCP/IP listed, you'll need to install the protocol.
You can add the protocol by inserting the Windows distribution CD-ROM in your CD-ROM drive and clicking the Add button below the component window. Indicate that you wish to add a protocol by selecting Protocol and clicking "Add..." on the following dialog box, which should look similar to Figure 3-4.
After that, select manufacturer Microsoft, then protocol TCP/IP, as shown in Figure 3-3, then click OK. After doing so, you will be returned to the network dialog. Click OK to close the dialog box, and Windows will install the necessary components from the CD-ROM and request that the system be rebooted. Go ahead and reboot the system, and you're set.
If Client for Microsoft Networks is not in the list, you can add it similarly. The only significant difference is that you are adding a client instead of a protocol, so make sure to select "Client" rather than "Protocol" when asked.
If you have more than one networking device (for example, both an Ethernet card and a modem for dial-up networking), the protocol to hardware bindings will be indicated by arrows, as shown in Figure 3-5.
Select the TCP/IP protocol linked to the networking device that will be accessing the Samba network. If you have only one networking device, simply click the TCP/IP item. Now click the Properties button to open the TCP/IP Properties dialog. You should see something similar to Figure 3-6.
The IP Address tab is shown in Figure 3-7.
If you use DHCP on your network to provide IP addresses automatically to Windows systems, select the "Obtain an IP address automatically" radio button. Otherwise, click the "Specify an IP address" radio button and enter the client's address and subnet mask in the space provided. You or your network manager should have selected an address for the client on the same subnet (LAN) as the Samba server.
If you've enabled WINS on Samba or are choosing to make use of another WINS server on your network, you must tell Windows the server's address. After selecting the WINS Configuration tab, you will see the dialog box shown in Figure 3-8.
This is for Windows 98/Me; Windows 95 is just a little different, having separate spaces for the primary and backup WINS server IP addresses.
Select the "Enable WINS Resolution" radio button, and enter the WINS server's address in the space provided, then click the Add button. Do not enter anything in the Scope ID field.
WARNING
A bug in Windows 95/98 sometimes causes the IP address of the WINS server to disappear after the OK button is clicked. This happens only when only a primary WINS server has been specified. The workaround is to fill in the fields for both primary and secondary WINS servers, using the same IP address for each.
Unless you are using DHCP, you will need to provide the IP address of one or more DNS servers. Click the DNS tab, then click the "Enable DNS" radio button, and type the IP address of one or more DNS servers into the appropriate field, shown in Figure 3-9, to add the server's address to the top DNS Server Search Order field.
Also, provide the hostname (which is the same as the NetBIOS computer name) of the Windows 95/98/Me computer and your Internet domain. (You will need to enter the computer name again later, along with the workgroup. Make sure to enter the same name each time.) You can safely ignore the Domain Suffix Search Order field for anything related to Samba.
If you want to install an LMHOSTS file, it must be placed in your Windows installation directory (usually C:\Windows). In the same directory, Microsoft has provided a sample LMHOSTS file named lmhosts.sam, which you might want to look at for further information on the file's format.
This tab appears in Windows 98/Me, but not in Windows 95. All you need to do here is make sure the checkbox is checked, enabling NetBIOS over TCP/IP. If TCP/IP is your only protocol installed (as we recommended earlier), the selection will be grayed out, with the box checked so that you couldn't uncheck it even if you wanted to.
The final tab to look at is Bindings, as shown in Figure 3-10.
You should have a check beside Client for Microsoft Networks, indicating that it's using TCP/IP. If you have "File and printer sharing for Microsoft Networks" in the dialog, it should also be checked, as shown in Figure 3-10.
Finally, click the OK button in the TCP/IP configuration dialog, and you'll be taken back to the Network Configuration dialog. Then select the Identification tab, which will take you to the dialog box shown in Figure 3-11.
This is where you set your system's NetBIOS name (which Microsoft likes to call "computer name"). Usually, it is best to make this the same as your DNS hostname, if you are going to have one for this system. For example, if the system's DNS name is huastec.metran.cx, give the computer a NetBIOS name of huastec on this tab.
You also set your workgroup name here. In our case, it's METRAN, but if you used a different one in Chapter 2, when creating the Samba configuration file, use that instead. Just don't call it WORKGROUP (the default workgroup name) or you'll be in the same workgroup as every misconfigured Windows computer on the planet!
You can also enter a comment string for this computer. See if you can come up with some way of describing it that will remind you of what and where it is when you see the comment in a list displayed on another computer. Everyone on the network will be able to see your comment, so be careful not to include any information that might be useful to crackers.
Finally, click the OK button and follow whatever instructions Windows provides. (You might have to insert your Windows distribution CD-ROM and/or reboot.)
You have probably already given Windows a username and password by now. However, to authenticate with the Samba server, your Windows username and password must match with a valid account on the Samba server.
It is simple to add a new user and password to a Windows 95/98/Me system. Just reboot or log out, and when you are prompted for a username and password, enter your Unix username and password. (If you are using encrypted passwords, you must run smbpasswd on the Unix host to enter them into Samba's password database, if you have not already done so.) You can use this method to add as many users as you want, so as to allow more than one user to use the Windows system to gain access to the Samba shares.
If you mistakenly entered the wrong password or your Unix password changes, you can change your password on the Windows system by going to the Control Panel and double-clicking the Passwords icon. This will bring up the Passwords Properties dialog. Click the Change Passwords tab, and you will see the dialog shown in Figure 3-12. Now click the "Change Windows Password..." button, which will bring up the Change Windows Password dialog box, shown in Figure 3-13. As indicated by the text entry fields in the dialog, enter your old password, and then the new password, and again to confirm it. Click the OK button and then the Close button on the Password Properties dialog box. Reboot or log out, and use your new password when you log in again.
If you don't have a Change Passwords tab in the Passwords Properties window, it is because networking is not fully set up yet. Assuming you've followed all the directions given so far, you just need to reboot; when the system comes up, it will ask you to log in with a username and a password.
Now for the big moment. Your Samba server is running, and you have set up your Windows 95/98/Me client to communicate with it.
Double-click the Network Neighborhood icon on the desktop. You should see your Samba server listed as a member of the workgroup, as shown in Figure 3-14.
Double-clicking the server name will show the resources that the server is offering to the network, as shown in Figure 3-15 (in this case, the test directory).
Double-click the My Network Places icon on the desktop. You should see the test shared directory as shown in Figure 3-16.
Double-click the Entire Network icon, and you should see an icon for your workgroup, as shown in Figure 3-17.
Double-clicking the workgroup icon will bring up a window showing every computer in the workgroup, which should include your Samba server, as shown in Figure 3-18.
Double-click the Samba server's icon, and you will get a window showing its shared resources (in this case, the test directory) as shown in Figure 3-19.
If you don't see the server listed, it might be that browsing is not working correctly or maybe the server is just taking a few minutes to show up in the browse list. In either case, you can click the Start button, then select "Run...". This will give you a dialog box into which you can type the name of your server and the share name test in the Windows UNC format \\server\test, as we did in Chapter 1. This should open a window on the desktop showing the contents of the folder. If this does not work, there is likely a problem with name resolution, and you can try using the server's IP address instead of its computer name, like this:
\\172.16.1.1\test
If things still aren't right, go directly to Section 12.2 to troubleshoot what is wrong with the network.
If it works, congratulations! Try copying files to and from the server using the Windows drag-and-drop functionality. You might be pleasantly surprised how seamlessly everything works.
Configuring Windows NT is a little different than configuring Windows 95/98/Me. To use Samba with Windows NT, you will need both the Workstation service and the TCP/IP protocol. Both come standard with NT, but we'll work through installing and configuring them to make sure they are configured correctly.
This section presents the steps to follow for TCP/IP-related configuration on Windows NT to get it to cooperate with Samba. If you need more details on Windows NT network administration, refer to Craig Hunt and Robert Bruce Thompson's Windows NT TCP/IP Network Administration (O'Reilly), an excellent guide.
You should perform the following steps as the Administrator or another user in the Administrators group.
From the Control Panel, double-click the Network icon, click the Protocols tab in the Network dialog box, and look to see if you have the TCP/IP protocol installed, as shown in Figure 3-20.
If the protocol is not installed, you need to add it. Click the Add button, which will display the Select Network Protocol dialog box shown in Figure 3-21. You should immediately see the TCP/IP protocol as one of the last protocols listed.
Select TCP/IP as the protocol and confirm it. If possible, install only the TCP/IP protocol. If you see anything other than TCP/IP listed in the Protocols tab and it is not a protocol that you need, you can remove it. If you try to remove a protocol and get an error message saying that the protocol is being used by another service, you need to click the Services tab and remove that service before you can remove the protocol. For example, to remove the NWLink IPX/SPX Compatible Transport protocol, you would need to remove the Client Service for Netware first.
After installing TCP/IP, click the Services tab in the Network dialog, and check that you have a Workstation service, as shown at the end of the list in Figure 3-22.[8]
This service is actually the Microsoft Networking Client, which allows the computer to access SMB services. The Workstation service is mandatory. The service is installed by default on both Windows NT Workstation 4.0 and NT Server 4.0. If it's not there, you can install it much like TCP/IP. In this case you need to click the Add button and then select Workstation Service, as shown in Figure 3-23.
After you've installed the Workstation service, return to the Protocols tab and select the TCP/IP Protocol entry in the window. Then click the Properties button below the window. The Microsoft TCP/IP Protocol dialog will be displayed. There are five tabs in the dialog, and you will need to work with four of them:
IP Address
WINS Address
DNS
Bindings
The IP Address tab is shown in Figure 3-24.
Select the "Specify an IP address" radio button, and enter the computer's IP address and netmask in the space provided for the proper adapter (Ethernet card). You or your network manager should have selected an address for the client on the same subnet (LAN) as the Samba server. For example, if the server's address is 172.16.1.1 and its network mask is 255.255.255.0, you might use the address 172.16.1.13 (if it is available) for the NT workstation, along with the same netmask. If you use DHCP on your network, select the "Obtain an IP Address from a DHCP server" button instead.
The gateway field refers to a system typically known as a router. If you have routers connecting multiple networks, you should enter the IP address of the one on your subnet. In our example, the gateway happens to be the same system as the Samba server, but they do not by any means have to be the same.
Click the WINS Address tab, shown in Figure 3-25, and you can begin to enter information about name servers. Enter the address of your WINS server in the space labeled Primary WINS Server. If your Samba server is providing WINS service (in other words, you have the line wins support = yes in the smb.conf file of your Samba server), provide the Samba server's IP address here. Otherwise, provide the address of another WINS server on your network.
You probably noticed that there is a field here for the network adapter. This field must specify the Ethernet adapter on which you're running TCP/IP so that WINS will provide name service on the correct network. For example, if you have both a LAN and a dial-up adapter, make sure you have the LAN's network card specified here.
The checkboxes in the lower half of the dialog are for enabling two other methods of name resolution that Windows can incorporate into its name service. Samba doesn't require either of them, but you might want to enable them to increase the reliability or functionality of name service for your client. See Chapter 7 for further information on name resolution issues.
If you'd like to use a DNS server, select the Enable DNS for Windows Resolution checkbox. In addition, you will need to do some configuration to allow the Windows system to find the DNS server, unless you're using DHCP.
Click the tab for DNS, as shown in Figure 3-26. Enter the IP addresses for one or more DNS servers in the space provided. Also, enter the hostname (which should be the same as the NetBIOS computer name). You will enter this again later in another control panel, so make sure they match. Finally, enter the DNS domain on which this system resides. For example, if your workstation has a domain name such as metran.cx, enter it here. You can safely ignore the other options.
If you want to install an LMHOSTS file, it must be placed in the directory \system32\drivers\etc under your Windows installation directory (usually C:\WINNT). The easy way to make sure it gets to the proper location is to use the Import LMHOSTS button on the WINS Address tab. (But if you want to do it over the network, you will have to do that after file sharing is configured!) Remember to click the Enable LMHOSTS Lookup checkbox on the WINS Address tab to enable this functionality.
When you are satisfied with your settings for IP Address, WINS Address, and DNS, click OK to return to the Network dialog box.
Now click the Bindings tab, and check the bindings of network hardware, services, and protocols. Set the "Show Bindings for" field to "all services," and click all the + buttons in the tree. You should see a display similar to Figure 3-27, which shows that the NetBIOS, Server, and Workstation interface services are connected to the WINS client running TCP/IP protocol, and that the WINS client is bound to the Ethernet adapter of the local area network.
You can safely leave the default values for the remainder of the tabs in the Network dialog box. Click the OK button to complete the configuration. Once the proper files are loaded (if any), you might need to reboot for your changes to take effect.
The next thing you need to do is to give the system a NetBIOS computer name. From the Control Panel, double-click the Network icon to open the Network dialog box. The first tab in this dialog box should be the Identification tab, as illustrated in Figure 3-28.
Here, you need to identify your computer with a name and change the default workgroup to the one you specified in the smb.conf file of your Samba server. Click the Change button below the two text fields. This will open an Identification Changes dialog box, where you can set the workgroup and the computer name, as shown in Figure 3-29.
WARNING
You entered the computer name earlier as a DNS hostname while configuring TCP/IP, so be sure that the two names match. The name you set here is the NetBIOS name. You're allowed to make it different from the TCP/IP hostname, but doing so is usually not a good idea. Don't worry that Windows NT forces the computer name and the workgroup to be all capital letters; it's smart enough to figure out what you mean when it connects to the network.
In all the previous steps, you were logged into your Windows NT system as Administrator or another user in the Administrators group. To access resources on the Samba server, you will need to have a username and password that the Samba server recognizes as valid. Generally, the best way to do this is to add a user to your NT system, with the same username and password as a user on the Samba host system.
TIP
The directions in this section assume that your network is set up as a workgroup. If you have already set up your network as a domain, as we describe in Chapter 4, you do not need to follow the instructions here for adding a local user on the Windows NT client system. Simply log on to the domain from the client using a username and password in Samba's smbpasswd account database, and continue with the next section, Section 3.3.4.
To add a new user, open the Start menu, navigate through the Programs submenu to Administrative Tools (Common), and select User Manager for Domains. Click the User menu and select the first item, Add User..., shown in Figure 3-30.
This brings up the New User dialog box shown in Figure 3-31.
Fill it out as shown, using the username and password that were added in the previous chapter, and make sure that only the checkbox labeled Password Never Expires is checked. (This is not the default!) Click the Add button to add the user, and then click the Close button. You should now see your new account added to the list in the User Manager dialog box.
Now open the Start menu, select Shut Down, and select the "Close all programs and log on as a different user?" radio button. Click the Yes button, then log in as the user you just added.
Now for the big moment. Your Samba server is running, and you have set up your NT client to communicate with it. Double-click the Network Neighborhood icon on the desktop, and you should see your Samba server listed as a member of the workgroup, as shown in Figure 3-32.
Double-clicking the server name will show the resources that the server is offering to the network, as shown in Figure 3-33. In this case, the test directory and the default printer are offered to the Windows NT workstation.
If you don't see the server listed, don't panic. Select Run... from the Start menu. A dialog box appears that allows you to type the name of your server and its share directory in Windows format. For example, you would enter \\toltec\test, as shown in Figure 3-34, and use your server's hostname instead of "toltec".
This will work even if browsing services are not set up right, which is a common problem. You can also work around a name-service problem by entering the server's IP Address (such as 172.16.1.1 in our example) instead of the Samba server's hostname, as shown in Figure 3-35. Go back and check your configuration, and if things still aren't right, go to Section 12.2 to troubleshoot what is wrong with the network.
If it works, congratulations! Try copying files to and from the server by dragging their icons to and from the folder on the Samba share. You might be pleasantly surprised how seamlessly everything works.
Although Windows 2000 is based on NT technology and is similar to Windows NT in many respects, configuring it for use with Samba is quite different.
You should perform the following steps as the Administrator or another user in the Administrators group.
Go to the Control Panel and double-click the Network and Dial-up Connections icon. You should see at least one Local Area Connection icon. If there is more than one, identify the one that corresponds to the network adapter that is connected to your Samba network. Right-click the Local Area Connection icon, and click the Properties button. (Or double-click the Local Area Connection icon, and then click the Properties button in the dialog box that comes up.) You should now be looking at the Local Area Connection Properties dialog box, as shown in Figure 3-36.
First of all, you might want to click the Configure button under the field for the network adapter, to make sure you see the message "This device is working properly" in the Device status window. If there is a problem, make sure to correct it before continuing. You should also see the message "Use this device (enable)" in the Device usage field of the dialog box. Make sure to set it this way if it is not already. Click OK or Cancel to get back to the Local Area Connection Properties dialog box.
You should see at least the following two components:
Client for Microsoft Networks
Internet Protocol (TCP/IP)
If you do not see either Client for Microsoft Networks or Internet Protocol (TCP/IP) in your list, you will need to add them. For either, the method is to click the Install... button, click the type of component (Client or Protocol), and then click the Add... button. Next, click the component you want to add, and click the OK button. You should see the component added to the list with the others.
Some components should be removed if you see them in the list:
NetBEUI Protocol
NWLink NetBIOS
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol
Client Service for Netware
If you see anything other than TCP/IP listed as a protocol, and it is not a protocol that you need, you can remove it. Uninstall NetBEUI, unless you are sure you need it, and the other three if you do not need to support Netware. If you try to remove a protocol and get an error message saying that the protocol is being used by another service, you need to remove that service before you can remove the protocol. For example, to remove the NWLink IPX/SPX Compatible Transport Protocol, you would need to remove the Client Service for Netware first.
To remove a component, click the component in the list, click the Uninstall button, and then click Yes in the dialog box that pops up. In some cases, Windows might need to reboot to put the change into effect.
Next to each client, service, or protocol listed in the window in the Local Area Connections Properties dialog box, you will see a checkbox. Make sure the checkbox is checked for both Client for Microsoft Networks and Internet Protocol (TCP/IP). The check marks indicate the networking components are bound to the network adapter shown at the top of the dialog box.
Now click Internet Protocol (TCP/IP), and then click Properties to open the Internet Protocol (TCP/IP) Properties dialog box, shown in Figure 3-37.
If you are using DHCP on your network to assign IP addresses dynamically, select the "Obtain IP address automatically" radio button. Otherwise, select the "Use the following address:" radio button, and fill in the computer's IP address and netmask in the spaces provided. You or your network manager should have selected an address for the client on the same subnet (LAN) as the Samba server. For example, if the server's address is 172.16.1.1 and its network mask is 255.255.255.0, you might use the address 172.16.1.14, if it is available, along with the same netmask. You can also fill in the IP address of the default gateway.
In the lower part of the dialog box, click the "Use the following DNS server addresses:" radio button, and fill in the IP address of your DNS server.
Now click the Advanced... button to bring up the Advanced TCP/IP Settings dialog box, and then click the WINS tab.
Enter the address of your WINS server in the space labeled "WINS addresses, in order of use:". If your Samba server is providing WINS service (in other words, you have the line wins service = yes in the smb.conf file of your Samba server), provide the Samba server's IP address here. Otherwise, provide the address of another WINS server on your network.
Near the bottom of the dialog box, select the radio button labeled "Enable NetBIOS over TCP/IP". Figure 3-38 shows what your Advanced TCP/IP Settings dialog box should look like at this point.
If you want to install an LMHOSTS file, it must be placed in the \system32\drivers\etc directory under your Windows installation directory (usually C:\WINNT ). The easy way to make sure it gets to the proper location is to use the Import LMHOSTS... button on the WINS Address tab. (But if you want to do it over the network, you will have to do that after file sharing is configured!) Remember to click the Enable LMHOSTS Lookup checkbox on the WINS Address tab to enable this functionality.
When you are satisfied with your settings for IP Address, WINS Address, and DNS, click the OK buttons in each open dialog box to complete the configuration. Windows might need to load some files from the Windows 2000 distribution CD-ROM, and you might need to reboot for your changes to take effect.
From the Control Panel, double-click the System icon to open the System Properties dialog box. Click the Network Identification tab, and your System Properties dialog box will look similar to Figure 3-39.
To give your system computer a name and a workgroup, click the Properties button, which will bring up the Identification Changes dialog box, as in Figure 3-40.
You need to identify your computer with a name and change the workgroup to the one you specified in the smb.conf file of your Samba server. Don't worry that Windows forces the computer name and the workgroup to be all capital letters; it's smart enough to figure out what you mean when it connects to the network.
Click the More... button to bring up the DNS Suffix and NetBIOS Computer Name dialog box, shown in Figure 3-41.
Enter the DNS domain name of this computer in the text field labeled Primary DNS Suffix for this computer:, and then click OK. You should now see the FQDN of this system underneath the label "Full computer name:". Click the OK button and then reboot when requested to put your configuration changes into effect. Once again, log in using your administrative account.
WARNING
There have been reports of authentication problems with Samba when a username on a Windows 2000 system is the same as its computer name.
So far, you have been logged into your Windows 2000 system as a user in the Administrators group. To access resources on the Samba server, you will need a username and password that the Samba server recognizes as valid. If your administrative account has such a username and password, you can use it, but you might want to access your system and the network from a nonadministrative user account instead.
WARNING
The directions in this section assume that your network is set up as a workgroup. If you have already set up your network as a domain, as we describe in Chapter 4, you do not need to follow the instructions here for adding a local user on the Windows 2000 client system. Simply log on to the domain from the client using a username and password in Samba's smbpasswd account database, and continue with the next section, Section 3.4.6.
To add a new user, open the Control Panel, and double-click the Users and Passwords icon to open the Users and Passwords dialog box, shown in Figure 3-42.
The first thing to do is make sure the checkbox labeled "Users must enter a user name and password to use this computer." is checked. Next, click the Add... button to bring up the first dialog box of the User Wizard, shown in Figure 3-43.
Fill out the fields, using the username of a valid user account on the Samba host, and then click the Next > button to enter and confirm the user's password. This password must be the same as the user's password on the Samba host. If you are using encrypted passwords, make sure this username and password are the same as what you used when you ran the smbpasswd program. Click the Next > button, which brings up the final dialog box, shown in Figure 3-44.
Pick a group for the user (the default Standard User should do), and click the Finish button. You should now see your new account added to the list in the Users and Passwords dialog box. Click the OK button to complete the process.
Now return to the Users and Passwords control panel window, click the Advanced tab, then click on the Advanced button. Click the Users folder in the left side of the Local Users and Groups window that appears, and then double-click the account you just added in the right side of the window. In the Properties window that opens, click the checkbox labeled Password never expires. You are done! Click the OK buttons in all the dialog boxes, and close all open windows.
Open the Start menu, select Shut Down, and select Log off username from the drop-down menu. Click the OK button, then log on with the username and password you just added.
Now for the big moment. Your Samba server is running, and you have set up your Windows 2000 client to communicate with it. Double-click the My Network Places icon on the desktop, and then double-click the Computers Near Me icon to browse the workgroup. You should see your Samba server listed as a member of the workgroup, as shown in Figure 3-45.
Double-clicking the server name will show the resources that the server is offering to the network, as shown in Figure 3-46.
In this case, the test directory and the default printer are offered to the Windows 2000 workstation. If you don't see the server listed, don't panic. Select Run from the Start menu. A dialog box appears that allows you to type the name of your server and its share directory in Windows format. For example, you would enter \\toltec\test, as shown in Figure 3-47, and use your server's hostname instead of "toltec".
This will work even if browsing services are not set up right, which is a common problem. You can also work around a name-service problem by entering the server's IP address (such as 172.16.1.1 in our example) instead of the Samba server's hostname, as shown in Figure 3-48.
If things still aren't right, go directly to Section 12.2 to troubleshoot what is wrong with the network.
If it works, congratulations! Try copying files to and from the server. You will be pleasantly surprised how seamlessly everything works. Now that you've finished setting up the Samba server and its clients, you can proceed to the next chapter.
Although Windows XP is very similar to Windows 2000, it has a very different user interface, and there are a number of subtle differences. For example, getting to the Control Panel is different than in any previous version of Windows—one must click the Control Panel item from the Start menu (there is no Settings item in the Start menu in XP). By default, XP will display the Control Panel in Category View mode. If you see this, click the Switch to Classic View item in the upper-left corner of the window. All of our directions are for using the Control Panel in Classic View mode.
You should perform the following steps as the Administrator or another user in the Administrators group.
Go to the Control Panel and double-click the Network and Dial-up Connections icon. You should see at least one Local Area Connection icon. If there is more than one, identify the one that corresponds to the network adapter that is connected to your Samba network. Right-click the Local Area Connection icon and click the Properties button. (Or double-click the Local Area Connection icon and then click the Properties button in the dialog box that comes up.) You should now be looking at the Local Area Connection Properties dialog box, as shown in Figure 3-49.
First of all, you might want to click the Configure button under the field for the network adapter to make sure you see the message "This device is working properly" in the Device status window. If there is a problem, make sure to correct it before continuing. You should also see the message "Use this device (enable)" in the Device usage field of the dialog box. Make sure to set it this way if it is not already. Click OK or Cancel to close this dialog box, then reopen the Local Area Connection Properties dialog box.
You should see at least the following two components:
Client for Microsoft Networks
Internet Protocol (TCP/IP)
If you do not see either Client for Microsoft Networks or Internet Protocol (TCP/IP) in your list, you will need to add them. For either, the method is to click the Install... button, click the type of component (Client or Protocol), and then click the Add... button. Next, click the component you want to add, and click the OK button. You should see the component added to the list with the others.
If you see anything other than TCP/IP listed as a protocol, and it is not a protocol that you need, you can remove it. If NetBEUI appears in the list, uninstall it if you possibly can. Also uninstall any Netware-related components if you do not need to support Netware. If you try to remove a protocol and get an error message saying that the protocol is being used by another service, you need to remove that service before you can remove the protocol. For example, to remove the NWLink IPX/SPX Compatible Transport Protocol, you would need to remove the Client Service for Netware first.
To remove a component, click the component in the list, click the Uninstall button, and then click Yes in the dialog box that pops up. In some cases, Windows might need to reboot to put the change into effect.
Next to each client, service, or protocol listed in the window in the Local Area Connections Properties dialog box, you will see a checkbox. Make sure the checkbox is checked for both Client for Microsoft Networks and Internet Protocol (TCP/IP). The check marks indicate that the networking components are bound to the network adapter shown at the top of the dialog box.
Now click Internet Protocol (TCP/IP) and then click Properties to open the Internet Protocol (TCP/IP) Properties dialog box, shown in Figure 3-50.
If you are using DHCP on your network to assign IP addresses dynamically, select the "Obtain IP address automatically" radio button. Otherwise, select the "Use the following address:" radio button, and fill in the computer's IP address and netmask in the spaces provided. You or your network manager should have selected an address for the client on the same subnet (LAN) as the Samba server. For example, if the server's address is 172.16.1.1 and its network mask is 255.255.255.0, you might use the address 172.16.1.12 (if it is available) along with the same netmask. You can also fill in the IP address of the default gateway.
In the lower part of the dialog box, click the "Use the following DNS server addresses:" radio button, and fill in the IP address of your DNS server.
Now click the Advanced... button to bring up the Advanced TCP/IP Settings dialog box, and then click the WINS tab.
Enter the address of your WINS server in the space labeled "WINS addresses, in order of use:". If your Samba server is providing WINS service (in other words, you have the line wins support = yes in the smb.conf file of your Samba server), provide the Samba server's IP address here. Otherwise, provide the address of another WINS server on your network.
Near the bottom of the dialog box, select the radio button labeled Enable NetBIOS over TCP/IP. Figure 3-51 shows what your Advanced TCP/IP Settings dialog box should look like at this point.
If you want to install an LMHOSTS file, it must be placed in the \system32\drivers\etc directory under your Windows installation directory (usually C:\WINNT ). The easy way to make sure it gets to the proper location is to use the Import LMHOSTS... button on the WINS Address tab. (But if you want to do it over the network, you will have to do that after file sharing is configured!) Remember to click the Enable LMHOSTS Lookup checkbox on the WINS Address tab to enable this functionality.
When you are satisfied with your settings for IP Address, WINS Address, and DNS, click the OK buttons in each open dialog box (and the Close button in the Local Area Connection Properties dialog box) to complete the configuration. Windows might need to load some files from the Windows XP distribution CD-ROM, and you might need to reboot for your changes to take effect.
From the Control Panel, double-click the System icon to open the System Properties dialog box. Click the Computer Name tab, and your System Properties dialog box will look similar to Figure 3-52.
To give your system computer a name and a workgroup, click the Change... button, which will bring up the Computer Name Changes dialog box, as in Figure 3-53.
You need to identify your computer with a name and change the workgroup to the one you specified in the smb.conf file of your Samba server. Don't worry that Windows forces the workgroup to be all capital letters; it's smart enough to figure out what you mean when it connects to the network.
Click the More... button to bring up the DNS Suffix and NetBIOS Computer Name dialog box, shown in Figure 3-54.
Enter the DNS domain name of this computer in the text field labeled Primary DNS Suffix for this computer:, and then click OK. You should now see the FQDN of this system underneath the label Full computer name: in the Computer Name Changes dialog box. Click the OK button and then reboot when requested to put your configuration changes into effect. Once again, log in using your administrative account.
WARNING
There have been reports of authentication problems with Samba when a username on a Windows XP system is the same as its computer name.
So far, you have been logged into your Windows XP system as a user in the Administrators group. To access resources on the Samba server, you will need to have a username and password that the Samba server recognizes as valid. If your administrative account has such a username and password, you can use it, but you might want to access your system and the network from a nonadministrative user account instead.
TIP
The directions in this section assume that your network is set up as a workgroup. If you have already set up your network as a domain, as we describe in Chapter 4, you do not need to follow the instructions here for adding a local user on the Windows XP client system. Simply log on to the domain from the client using a username and password in Samba's smbpasswd account database, and continue with the next section, Section 3.5.5.
To add a new user, open the Control Panel, and double-click the Users Accounts icon to open the User Accounts window, shown in Figure 3-55.
Click the Create a new account task, which will bring up the window shown in Figure 3-56. Enter the username, then click the Next > button.
Click the radio button labeled "Limited", as shown in Figure 3-57.
Click the Create Account button, and you will see the username you added next to a picture at the bottom of the User Accounts window. We still need to assign a password to the account. Click the account to bring up the "What do you want to change about username's account?" window, and then click Create a password. Enter the password, and enter it again to confirm it.
This password must be the same as the user's password on the Samba host. If you are using encrypted passwords, make sure this username and password are the same as what you used when you ran the smbpasswd program. Click the Create Password button, and you're done adding the account.
Now open the Start menu and click the Log Off button. In the Log Off Windows dialog box that pops up, again click the Log Off button. When Windows displays the login screen, click the user you just added, and type in the password to log in.
Now for the big moment. Your Samba server is running, and you have set up your Windows XP client to communicate with it. In the Start menu, select My Computer[9] to open the My Computer window. Click My Network Places, in the Other Places box in the left part of the window. You should see a folder icon for the test directory, as shown in Figure 3-58.
Now click View workgroup computers in the Network Tasks box at the left of the window. You should see your Samba server listed as a member of the workgroup. Double-click its icon, and you will see a window that looks like Figure 3-59.
If you don't see the server listed in the workgroup, don't panic. Select Run... from the Start menu. A dialog box appears that allows you to type the name of your server and its share directory in Windows format. For example, you would enter \\toltec\test, as shown in Figure 3-60, and use your server's hostname instead of "toltec".
This will work even if browsing services are not set up right, which is a common problem. You can also work around a name-service problem by entering the server's IP Address (such as 172.16.1.1 in our example) instead of the Samba server's hostname, as shown in Figure 3-61.
If things still aren't right, go directly to Section 12.2 to troubleshoot what is wrong with the network.
If it works, congratulations! Try copying files to and from the server by dragging their icons to and from the Samba server's test folder. You might be pleasantly surprised how seamlessly everything works.
[1] We are intentionally omitting device drivers because they are hardware-specific, and we assume you are getting installation directions from the manufacturer.
[2] Make sure to use the same netmask as all other systems on the network. You can find the netmask in use by checking with Unix or Windows systems that have already been configured.
[3] Keep in mind that IP addresses ending in .0 are reserved for network addresses and that ones ending in .255 are for broadcast addresses. These should never be assigned to any system on the network.
[4] To be more explicit about this, the system will identify itself to the network as a b-node rather than an h-node.
[5] We put the names of the LMHOSTS and HOSTS files in uppercase for additional clarity—to remind you that we are referring to the files on Windows rather than on Unix, and because that's the way we see them in other books on Windows. The case of the letters in the two names actually does not matter.
[6] The address 127.0.0.1 is known as the localhost address and always refers to itself. For example, if you type ping 127.0.0.1 on a Unix server, you should always get a response, because you're pinging the host itself.
[7] This update is supplied in various update packages issued by Microsoft.
[8] Notice how in Windows NT, some clients are called "services"! In these directions, we will conform to Microsoft's terminology.
[9] If there is a My Network Places item in the Start menu at this point, you can save yourself a little time and just click that. If you don't see it, don't worry; it will appear automatically later.