AIX > Storage > Servers

SAMBA and AIX 6.1


While Samba has been around since 1992, IBM is now delivering a precompiled version of Samba on the expansion pack delivered with AIX 6.1. As a reminder, Samba is a set of programs that allows clients to access server file systems and printers using the Common Internet File System (CIFS) and the Server Message Block (SMB) protocols. Samba runs on most varieties of UNIX, Linux and many other platforms. It’s available free of charge according to the rules of the GNU Public License and can be downloaded from the Samba Web site. In this article, I’ll provide a more technical detail on configuring Samba using version 3.0.24.0. For some basic information, read “Primer on Samba.”

Samba allows clients and servers to exchange messages and data and enables UNIX systems to act as file and print servers for client systems. These clients can use Windows systems or other UNIX systems, but the services provided to them will appear as Windows file and print services. The SMB protocol runs on top of the NetBIOS (basic input/output system) over TCP/IP (NBT) protocol. NBT uses the following two TCP/IP ports so these must be accessible through any firewalls:

  • Port 137 Name service—Provides NetBIOS browsing information and name resolution.
  • Port 139 Session service—Provides file and print shares.
  • You may also need to provide access to port 145.

There are two daemons that will need to be started in order for Samba to run: smbd and nmbd; smbd handles the actual sharing of files and printers. It also takes care of authentication and authorization for SMB clients. The smbd daemon handles both share mode and user mode authentication. Share mode is where there is one password for the whole share while in user mode each user has his or her own username and password, and access is granted on an individual basis. Needless to say, the user mode is seen as more secure. nmbd supports NetBIOS Name Service and Windows Internet Name Service (WINS) and assists with network browsing.

Installing Samba from the IBM Expansion Kit

Use install or smit to install the modules for Samba from the expansion CD; this should have been ordered for you when you ordered AIX, but if you don’t have the expansion pack you can order it from IBM. After you install the code, you should see the following output from an lslpp -l | grep samba:

  samba.base       3.0.24.0  COMMITTED  Samba for AIX
  samba.license    3.0.24.0  COMMITTED  Samba for AIX
  samba.man.en_US  3.0.24.0  COMMITTED  Samba for AIX
  samba.base       3.0.24.0  COMMITTED  Samba for AIX

At this point, samba is installed with certain defaults. It expects the configuration file (smb.conf) to be in /usr/local/etc and will put the password file it uses into /var/private/smbpasswd. Once samba is installed, the filesystems need to be created that will be shared out. In this case, I’m going to share out /jlshare, so I created it as follows:

/usr/sbin/mklv -y'lvjlshare' -t'jfs2' datavg 8 hdisk3
crfs -v jfs2 -d lvjlshare -m /jlshare -A yes
  chown Jaqui.staff /jlshare
  chmod 777 /jlshare
  mount /jlshare
  chown Jaqui.staff /jlshare
  chmod 777 /jlshare
  chmod g+t jlshare

The commands above create the filesystem on hdisk3; they ensure the permissions and ownership are setup, and the sticky bit is turned on so only the owner can delete a file her or she created. In this basic setup, I’m adding users to the samba password file using the same name as the UNIX username. There are many other options to do this, but I’m using one of the simpler methods. So I’ve used smbpasswd to create the password file in /var/private/smbpasswd as follows:

smbpasswd -a jaqui

At this point, I need to create the smb.conf file to define what is being shared. I normally create this file directly, but there is a Web interface called SWAT (Samba Web Administration Tool) that allows you to configure Samba remotely, using a Web browser. It’s possible to share printers, files and directories, and to do so using four different security mechanisms. In the example below, I chose to use user-based security as it ensures each user has his or her own password, and it makes it much easier to remove access from one user.

There are two key sections in the smb.conf. The first is the global section where you define global parameters and the second is the section where the various shares get defined. Appendix 1 is an example of the configuration file I used. In the global section, I’ve defined the workgroup name and determined where the log file will be stored (/usr/local/logs/samba/), as well as some other global settings. Since samba can produce very large logs I recommend the log directory be its own filesystem, and you should use “max log size” to limit the size of the logs. There are also two lines commented out (hosts allow and deny). These can be used to limit access to specific IP addresses or subnets as required.

The second part of the configuration file is the share definition itself. In this example I’ve called the share jlshare and the path on the server will be /jlshare, but they do not have to match. I’ve also defined a create and directory mask to ensure the permissions are set correctly when the users create files or directories. Once the configuration file is created then it should be syntax checked with testparm.

# testparm /usr/local/etc/smb.conf
Load smb config files from /usr/local/etc/smb.conf
Processing section "[jlshare]"
Loaded services file OK.
WARNING: lock directory /var/locks should have permissions 0755 for browsing to work
Server role: ROLE_STANDALONE
Press "Enter" to see a dump of your service definitions.

If you hit enter it dumps out the contents of the smb.conf file it’s using. The file above passed syntax checking, I’d go ahead and start samba and then use smbclient to test access. Appendix 2 consists of a script to start the NMB and SMB daemons to get Samba up and running. Once Samba is up and running, you can use smbclient from the host to check out the functions. smbclient is a simple SMB client, with an interface similar to that of the FTP utility. It can be used from a UNIX system to connect to a remote SMB share, transfer files,and send files to remote print shares (printers).

Login as a valid user (jaqui in my case), and try replacing 1.2.3.4 with the server IP for samba. The command below will list the server and what shares it supports.

$ smbclient -L 1.2.3.4
Password: Domain=GANDALF] OS=[Unix] Server=[Samba 3.0.24]

  Sharename  Type  Comment
  ---------  ----  -------
  jlshare    Disk  Shared data
  IPC$       IPC   IPC Service (Fileshare on (gandalf))
Domain=[GANDALF] OS=[Unix] Server=[Samba 3.0.24]

  Server     Comment
  ---------  -------
  Workgroup  Master
  ---------  -------
  SAMBA1     GANDALF

The command below will connect to a specific share and will allow you to perform ftp like functions:

$ smbclient //1.2.3.4/jlshare
Password: Domain=[GANDALF] OS=[Unix] Server=[Samba 3.0.24]
smb: \> ls
  .            D   0  Mon Dec 29 12:56:54 2008
  ..           D   0  Wed Dec 31 09:02:04 2008
  lost+found   D   0  Wed Dec 17 16:26:37 2008
  jaqui        D   0  Mon Dec 22 12:05:44 2008
smb: \> quit

Post Testing

Once you’re sure Samba is working correctly, you can try and connect to the share from your PC by mapping it as a network drive. The key thing to remember is the share will be accessed as \\1.2.3.4\jlshare.

Samba is a very useful tool, which allows UNIX servers to share out files and printers to Windows and UNIX/Linux systems. In the example above, I used the IBM precompiled version of Samba 3.0.24 from the expansion pack that comes with AIX 6.1, and set up Samba with a simple share for a directory. It’s possible to share home directories and printers as well as to provide more complex services that are beyond the scope of this article. In the meantime, you can use Samba to make files available to PCs as if they were regular network drives. This is a very efficient way to centralize file storage on a robust and secure system such as AIX.

 

Jaqui Lynch is an independent consultant, focusing on enterprise architecture, performance and delivery on Power Systems with AIX and Linux.


comments powered by Disqus

Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

A Brave New World of Information Archiving

IBM unveils new information-retention strategy and solution-portfolio offerings

A Real-World Example of Boot from SAN

Lockheed Martin tests IBM technology for availability.

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters