Recipe 23.2. Building a Simple Anonymous Samba File Server for Windows

23.2.1 Problem

You have a Windows LAN, and you want reliable file sharing without spending a mint on a Windows server license, or having to upgrade hardware. Name resolution, TCP/IP, and Client for Microsoft Networks are installed and working, and all hosts can ping each other by either hostname or IP address. You don't want to hassle with passwords and permissions and all those dreadful things. You just want a nice, wide-open, anonymous file server so your users can store and retrieve files easily.

23.2.2 Solution

Install Samba on a Linux machine designated to be the file server. Then create file shares on the Samba server. Windows clients must all be members of the same workgroup—in this chapter, the imaginatively named "workgroup." The Windows clients must have TCP/IP networking and Client for Microsoft Networks installed and working.

If you install Samba from sources, there is a single source tarball, samba-latest.tar.gz, which you can get from http://www.samba.org.

RPM users need samba, samba-client, and samba-doc for the server.

Debian users need samba, samba-common, smbclient, and samba-doc.

After installation, create a directory on the Samba box to store your shared files, and populate it with some files for testing:

# mkdir -m 777 /sharedstuff

Then configure Samba for anonymous access. Back up your original /etc/samba/smb.conf, and replace it with this:

[global]

   workgroup = workgroup

   netbios name = windbag

   server string = anonymous lan file server

   security = share

   browseable = yes

   hosts allow = 192.168.1.

   

[share1]

   path = /sharedstuff

   comment = testfiles

   read only = No

   guest ok = Yes

Substitute your own workgroup name and subnet. The netbios name can be anything you want, up to 15 characters; this is what appears in Network Neighborhood/My Network Places. The share name must be no more than 12 characters.

Save and close smb.conf, then check for syntax errors with the following command:

$ testparm

It should not report any errors. If it does, check for typos and incorrect command syntax.

Now restart Samba, using:

# /etc/init.d/samba restart

On Red Hat or Fedora, use:

# /etc/init.d/smb restart

Always check your init.d filenames.

Now test to see if it's working. On the Samba server, run this command to list the shares on the server. Hit Return when it asks you for a password, because there is no password:

$ smbclient -L windbag

Password:

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.5-Debian]

   

        Sharename       Type      Comment

        ---------       ----      -------

        share1          Disk      testfiles

        IPC$            IPC       IPC Service (anonymous lan file server)

        ADMIN$          IPC       IPC Service (anonymous lan file server)

Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.5-Debian]

   

        Server               Comment

        ---------            -------

        WINDBAG              anonymous lan file server

   

        Workgroup            Master

        ---------            -------

        WORKGROUP            WINDBAG

The available shares are listed under "Sharename." IPC$ and ADMIN$ are administrative share protocols; they are not file shares.

If your Samba server is connected to the LAN, your other hosts will also be listed under "Server."

Open Network Neighborhood/My Network Places on a Windows PC, and your Windows users will see "workgroup," "windbag," and "share1" on windbag. They can now easily fetch files from the share and store files on the share.

23.2.3 Discussion

It may take a few minutes for Samba to broadcast itself to your network. If Network Neighborhood appears empty at first visit, give it a couple of minutes.

This is an insecure setup. Using the hosts allow directive limits access to your local subnet, so there is a smidgen of protection from evil outside influences. But the files on the share are wide open, and anyone can read, change, or delete them. This is the type of setup a lot of users like, so here it is.

You can create a read-only share, so that users can fetch but not upload documents, with the writeable = no directive or the read only = yes directive in smb.conf, whichever you prefer.

Share directives override global directives, and both override the defaults, which are listed in smb.conf(5).

Your share names, which are enclosed in square brackets, can be no more than 12 characters, including spaces. Anything longer than that will cause errors in Windows 95/98/ME and Linux. [global], [homes], and [printers] are reserved share names with special meanings. Otherwise, share names can be anything you want.

Here are descriptions of some of the directives in smb.conf:

netbios name = windbag

This is the computer name that will appear in Network Neighborhood. Using the hostname keeps it simple, but you may use any name you like, up to 15 characters.

server string = anonymous LAN file server

Make this anything you want; it should be descriptive enough to tell users what the server is for.

security = share

A single password applies to the entire share, so anyone who knows the password can get in. If there is no password, anyone can access the share. In this recipe, there is no password.

browseable = yes

This allows shares to be listed in LAN browsers such as Network Neighborhood and LinNeighborhood.

23.2.4 See Also

• smb.conf(5), an indispensible reference

• Chapters 2 and 12 of The Official Samba-3 HOWTO and Reference Guide (http://samba.org or the samba-doc package)