Friday, August 19, 2011

Samba Sharing

Before recently putting together the openSUSE server I showed in the last post, I had the desktop set up as a slightly more humble home server. The RAID card and array were set up in it and it was running openSUSE 11.3, just one step down from what the server's running now. One of the basic functions of my server is to share the RAID array with the other computers in my house. I have terabytes of movies and television ripped from my discs into Xvids that take up a lot of space. I used to have a WDTV Live that streamed everything off my server but while I was at my last duty station in Maryland I decided to start watching more Hulu which I couldn't do from my WDTV Live, plus I thought it would be cool to browse the net from the couch. I purchased a Logitech Revue but found out that most sites block Google TV devices, and that it was just all around not very powerful for surfing the web and such, so I purchased the components for the HTPC and put it together, first trying Ubuntu and XBMC, and then eventually switching to Windows.

My server has to be able to share the RAID array with the HTPC, as well as my wife's laptop and mine too, as well as both the desktops. It houses not just my movie and TV collection but our family photos, videos and documents as well, not to mention my vast library of RAW photos from my Nikon D700. Now before you start preaching about how a RAID array does not guarantee data safety I'll tell you that all important documents, videos and photos are backed up onto two separate external HDDs, one attached to the server and one attached to desktop 2. I use RSync for that function and I'll talk more about that in a later post.

My point is that the server has to be able to share all that information securely and efficiently over our wireless network. Those of you who have some computer experience will know that Linux and Windows do not automatically get along when it comes to sharing files. Linux's open source nature is awesome when it comes to reading other file systems and handshaking with other OS's, but Microsoft likes to make things difficult by being proprietary with their code. The answer is Samba. Samba is a daemon (background program) that works in virtually all Linux distros. It makes it possible for a Linux machine to become part of a workgroup and share files and directories with Windows machines. On my last server I had Samba up and running with a guest only share of my RAID array, meaning no username or password were necessary to log on. I wanted this server to require both a username and password, but I thought that with only minor tweaking my /etc/samba/smb.conf file would run samba just the same on my new system. I was dead wrong.

Samba uses a configuration file called smb.conf to know how to set up shares in Linux. I thought by simply transferring it to the new system and tweaking it a little to include security features it would be up and running in no time flat. I initially configured Samba using Yast (openSUSE's configuration tool, stands for "Yet Another Setup Tool"), mostly to configure openSUSE to start Samba during bootup, then I copied the smb.conf file into /etc/samba, taking care to backup the original. I edited out the guest only and guest options from the share and reset the source to it's new home at /srv, hopped on my desktop and opened up the Network. Nothing. Couldn't even see the system at all.

Then I thought to myself "DOH, I haven't set up any users for Samba." I'm not sure why I thought that would help not being able to see the system but it was a necessary step. First I created a new group of users within openSUSE using "groupadd Samba". I then created two new users in group Samba using "useradd -G Samba 'username'". We'll call them Jack and Jill. Jack was my logon and I changed the owner of the the RAID drive using "chown -R Jack /srv", then I changed the permissions of /srv using "chmod -R 750 /srv" which makes it so that Jack can read, write and execute files from /srv, Jill (and anyone else in group Samba) can read and execute files on /srv, and anyone else (not in group Samba) can't do jack, pun intended. Then I went ahead and added each of the users to the Samba user list by using "smbpasswd -a Jack" and ditto for Jill. With my users all ready to go I tried accessing again and was once more stymied, no Server showed up.

After literally beating my brain against the wall for what seemed like forever but was in reality about three hours, I stumbled onto a site that mentioned something interesting in regard to Samba and openSUSE 11.4. Apparently as of 11.4, Novell's AppArmor defaults to quashing Samba unless told to do otherwise. Here's how you do it: Start up yast, select "AppArmor Control Panel" then "Configure Profile Modes" and the "Set profile modes [Configure]" In the Profile Mode Configuration screen, set usr.sbin.nmbd and usr.sbin.smbd for "complain" instead of "enforce". BAM, problem solved. Checked my desktop and sure enough there was the Server. Logged into both users just to check and sure enough had no problems.

Hope somebody followed along and found this useful. If you know how I could have done this better or have suggestions then be sure to leave a comment! Tomorrow I have quite the story to tell about RAID array extension, partition growth and file system errors. Stay tuned!

No comments:

Post a Comment