Using Samba in a Netware environment

Introduction

This page is a sequel to the original Samba page, and provides some information about setting up Samba to work within a Netware NDS environment.

It does not require any changes to the Netware environment, all the changes are in the Samba smb.conf configuration file.

It was originally based on Windows 95 running on the workstations, but subsequent testing shows that it can apply to Windows NT and Windows 2000 as well.

Configuring Samba

The main focus of the changes have been to change from a Windows sharing scheme to a user driven scheme.

Samba requires that the intended user of the services that Samba provides is a user within the Linux server.

One way of achieving this is to mirror the Netware user database into the Linux server - ie, each netware user is set up as a user within Linux.

The same passwords can be used, however it is not a problem if passwords are different, Samba just asks for the correct password. It is quite likely that through time passwords will drift apart anyway. There may be security advantages in using different passwords for different logins.

By mirroring the Netware user database into Linux, you end up with a single login - the Netware login is through the normal client login screen, and Samba picks up the user name from Windows.

The settings below allow all the shares to be seen through Network Neighbourhood.

A possible version of the smb.conf file is shown below :-

#================== Global Settings =====================

[global]

   workgroup = e-nor_group

   server string = Samba on Linux-2 

   hosts allow = 192.192.192.192/255.255.255.240

   security = user

   username map = /etc/samba.d/smbusers

   interfaces = 192.192.192.196/255.255.255.240 

   dns proxy = no 

   preserve case = yes
 

#====================== Share Definitions ===============

[home folder]
   comment = home folder
   path = %H/
   public = no
   writable = yes

[web folder]
   comment = web folder
   path = %H/public_html/
   public = no
   writable = yes

[Linux root]
    comment = Linux-1 root
    path = /
    public = no
    writable = yes
    valid users = root

[web]
    comment = web folder
    path = /web
    public = no
    writable = yes
    valid users = root


  

The first share provides the user`s home directory on the Linux server.

The second share points straight to the public_html folder inside each user`s home directory. The public_html folder in a user`s home directory is the one used by Apache to allow personal web pages.

The third share points to the root directory of the Linux server, and the last one points straight to the main web folder

As can be seen, security has been tightened up as well - now only the Linux root user can use the "Linux root" and the "web" shares

There is no use of any of the shares by unauthenticated users.

Also, now Samba will only talk to hosts that are defined within the 192.192.192.192 network.

In the user name map file, /etc/samba.d/smbusers, there is an entry which points the Netware user name "admin" to the Linux user called "root", so by logging into Netware as "admin", access is given on Linux as "root".

# Unix_name = SMB_name1 SMB_name2 ...

root = admin

  

It would be nice if it were possible to map drive letters to the Linux shares, but there does not seem to be a way of doing this through a Netware login script. The problem appears to be that when the Netware login script is executing, Windows does not yet have a user name, so Linux cannot authenticate it.

However it can be done through Windows Explorer - by the time that Windows gets around to setting up drive mappings, it has a known user. This is fine if users use the same pc`s all the time, but not so good if they are more mobile.

Note that by adding a Linux server to the network, there is obviously more to think about in terms of security. If security is an issue, it is doubtful whether Windows 95 is a suitable operating system for workstations.

© 2002 Ron Turner

Return to the Linux index page