freemode.net

Solaris + Samba + WinXP    [ Software ]

Got a chance to set up Samba on my SunBlade 100 at work running Solaris 8, since I'm doing perl scripting and need a more convenient way to move files back and forth than pulling up a command prompt and using PuTTY to SCP files over my miniswitch.   All I need is an SMB/CIFS share, I don't need to join it to a domain or act as a PDC and service logon requests from Microsoft clients spanning two decades, or pull up winbindd for appliance-style authentication (thank gawd).

It's fairly straightforward.   But even though I've been doing this dance in one form or another for the past five years, I completely forgot about setting up the smbpasswd file until I started googling for an all-too-familiar "The account is not authorized to log in from this station" error.

Anyway, here's what I had to do - would've been faster if I had remembered all the pieces to start with.

* Downloaded the samba-2.2.8a, popt-1.7, readline-4.3, and ncurses-5.3 packages from iBiblio's (AKA metalab.unc.edu) sunfreeware.com archive at ftp://metalab.unc.edu/pub/packages/solaris.   I already had the gcc compiler packages installed from that site, so I didn't need to grab the libgcc package.

* Installed the packages using my pkginst.sh script:

#!/bin/sh
#
# /usr/local/bin/pkginst.sh - script to automate package installation
DEST=/tmp/pkgadd.$$
RM=/usr/bin/rm
GZIP=/usr/bin/gzip
PKGADD=/usr/sbin/pkgadd
# Sanity testing
if [ -x $RM -a -x $GZIP -a -x $PKGADD ]; then
$RM -rf $DEST && $GZIP -cd $1 > $DEST && $PKGADD -d $DEST && $RM $DEST
else
echo "Could not locate one or more of the following:\n"
echo "$RM"
echo "$GZIP"
echo "$PKGADD"
fi
# eof

* Copied the "simple" smb.conf from /usr/local/samba/doc/samba/examples/simple/smb.conf to /usr/local/samba/lib/smb.conf (bleargh, this is why per-application install directories suck)

* Edited the smb.conf file:

[global]
printing = bsd
printcap name = /etc/printcap
load printers = no
guest account = pcguest
security = user
hosts allow = 10.1.21. 10.1.22.
encrypt passwords = yes
log file = /usr/local/samba/log.%m
lock directory = /usr/local/samba/var/locks
share modes = yes

[homes]
comment = Home Directories
browseable = no
read only = no
create mode = 0750

* Copied the samba.server init script from /usr/local/samba/doc/samba/packaging/Solaris/samba.server to /etc/init.d, and did a 'chown root:sys; chmod 744' on it

* Set up the rc.d links:

# cd /etc
# ln -s ../init.d/samba.server rc2.d/S92samba
# ln -s ../init.d/samba.server rc3.d/S92samba
# ln -s ../init.d/samba.server rc0.d/K92samba
# ln -s ../init.d/samba.server rc1.d/K92samba
# ln -s ../init.d/samba.server rcS.d/K92samba

* Set up the smbpasswd file

# cd /usr/local/samba/private
# touch smbpasswd
# ../bin/smbpasswd -a mylocalusername
[ password dialog ]

I even remembered to open up the ipfilter rules a bit to allow the SMB/CIFS traffic into the SunBlade:

pass in quick on eri0 proto udp from 10.1.21.0/24 to any port = 137
pass in quick on eri0 proto udp from 10.1.21.0/24 to any port = 138
pass in quick on eri0 proto tcp from 10.1.21.0/24 to any port = 139
pass in quick on eri0 proto tcp from 10.1.21.0/24 to any port = 445

pass in quick on eri0 proto udp from 10.1.22.0/24 to any port = 137
pass in quick on eri0 proto udp from 10.1.22.0/24 to any port = 138
pass in quick on eri0 proto tcp from 10.1.22.0/24 to any port = 139
pass in quick on eri0 proto tcp from 10.1.22.0/24 to any port = 445

And wallah! I was finally able to map a drive from my WinXP laptop to the home share on my Solaris box.   No more pesky "Error 5: Access denied" from running a "net view \\solaris-box-ip-addy" or password encryption headaches.   At least for the moment.

Posted by edobbs at July 24, 2003 08:14 PM