Installing and Configuring Samba on Open Enterprise Server 2
Novell Cool Solutions: AppNote
By Joe Harmon
Digg This -
Posted: 27 Sep 2007
- Configuring LUM
- Configuring Universal Passwords
- Configuring Samba
- eDirectory Rights
- Testing Samba Access
You can install Samba during the installation or after the installation of OES 2. Either way the process is pretty much the same. I will walk you through installing Samba after the installation of OES 2 since there are a few more steps.
- Launch Yast2 from the Computer button and then select OES Install and Configuration from the Open Enterprise Server Group.
- This will bring up a list of patterns to install. Under the OES Services section you should see a pattern called Novell Samba. Select that pattern and choose Accept.
Note: You will be configuring Samba using iManager 2.7 from OES 2. If you do not already have this installed on another OES 2 server, or if you desire to run it locally on this server then choose the Novell iManager pattern as well. Since I already have it installed I will only be choosing samba.
- After the packages have been installed it should automatically launch the OES 2 configuration screen. If it doesn't launch this configuration screen then you probably chose the Software Management component in Yast rather than the OES Install and Configuration option. If you installed Samba during the initial installation of OES 2 then you will probably not see the red text shown below because you already provided the admin password during the installation. If you are installing after OES 2 as been install then you will need to provide this password to complete the configuration. To do so click on the Novell Samba link.
- When prompted, put in the password for you admin user.
- You configuration should now be complete. You can change the LDAP server to another server in the drop down list if you have one, however since I am running LDAP locally I will just keep it at the default. Click Next and then Next again to finish the configuration. You should receive a message that the configuration is complete.
Important: The LUM configuration is not required. If your users are not already LUM enabled when you Samba enable the user, they will be automatically LUM enabled with the default Samba group. If you want the users to have a different group for rights management then make sure you LUM enable them to the desired group before they are Samba enabled.
One thing to keep in mind with Samba on OES 2 is that it is not the same exact Samba that comes with SLES 10 SP1. The Samba on OES 2 includes components for eDirectory integration and therefore is configured using iManager rather than Yast. Samba on OES 2 also requires LUM (Linux User Management) and UP (Universal Password) to be configured for each user.
- Let's start out by launching iManager from a browser. This can be done by placing http://ServerIPorDNS/nps in the URL field of the browser. You will need to replace ServerIPorDNS with your servers IP address or DNS name. Login with an admin or admin equivalent user.
Note: It is assumed at this point that you have also installed iManager 2.7 on one or more OES 2 server. If you do not have it installed, then follow the steps above for installing Samba, but choose iManager instead.
- We need to first make sure that the eDirectory users are LUM enabled by going to the Linux User Management section and clicking on Enable Users for Linux.
- Click on the browse button (looks like an magnifying glass) and choose the desired user(s) to be Linux enabled. You can also select multiple of users by holding down the SHIFT key and clicking once to start the selection and a second time to end finish the selection. As you choose them they will be placed in a section labeled Selected Object.
- Your users should now show up in the in the list of selected user. Click Next to continue.
- You have several options for setting up a Linux group. The easiest option would probably be to use an existing eDirectory group if you already have one setup. Since this is a new deployment I am going to create a new Linux enabled group. I do so by entering in the desired group name and context.
- Now we need to select the UNIX Workstation object(s). This is the Unix object that represents your server. If the users are going to be accessing multiple servers you will need to select the object associated with that server. I have four servers in this cluster and therefore will select all four UNIX Workstation objects.
- This last screen just explains that the following users will be enabled against the selected UNIX Workstation objects and that the primary group will be their Linux enabled group. Click Finish.
Configuring Universal Passwords
You can either create your own password policy or use the default password policy that has been created for Samba. Since there is already a default Samba password policy, I will use that one.
- Start out by going to iManager and selecting Password Policies under the Passwords section.
- You should see a default password policy labeled Samba Default Password Policy. Edit that policy by clicking on the policy itself.
- 3.Go to the policy assignment tab and assign the given policy to a user or container. Click OK when finished.
- As an administrator you have the option of setting the password manually for individual users by going to Passwords and clicking on Set Universal Password, but it is not necessary. Once the policy has been assigned to a user or container, all the user(s) should have to do is to login though through NCP (example: Novell Client) or using LDAP (example: iManager) and it will automatically attempt to synchronize the eDirectory password to the Universal Password. If the Universal Password doesn't exist but the eDirectory password does exist, then they system will synchronize the two passwords to be the same as the eDirectory password. If the Universal Password does exist, but it doesn't match the eDirectory password or if the eDirectory password doesn't match the new policy assignment then the password will expire and the user will be prompted to enter in a new password.
Note: You will not be able to add any users to the Samba configuration until their Universal Password has been set.
Now that all of the prerequisites are out of the way, we are ready to configure Samba. This again is configured through iManager for OES 2. Do not configure this using Yast. Remember that OES 2 is an add on product to SLES 10 SP1 and has separate configurations for the components that shipped with the product. That doesn't mean that you can't use the Samba configuration with SLES 10 SP1, but rather that it will not have the OES components (like eDirectory authentication) if you use the SLES configuration.
- Within iManager, go to File Protocols and select Samba.
- Select the appropriate server for which you are configuring Samba. Verify that the service Status is running.
- Click on the Shares tab and add any desired share(s) by clicking on New. Put in the Share Name and the Path to the volume. In my example I have created an NSS volume called DATA.
- Now click on the Users tab and add the appropriate users to the list.
Note: If you do not set the users Universal Password yourself, you will have to wait until the users logs in before you can add them as a Samba user. This is due to the fact that Universal Password is a requirement Samba access. If it is not set you will receive the following error: Could not Samba enable the user for group, NETBIOSNAME-W-SambaUserGroup. Received an error when checking for a universal password. Error: Cannot continue because the user does not appear to have a universal password.
You need to make sure that the user(s) you are assigning access to your share have eDirectory rights to that volume or folder. You can do this using the Novell Client, ConsoleOne, or iManager. Since I am already in iManager I will use it to assign the rights. If you are sure that the user(s) already has eDirectory rights then you can skip to the Testing Samba Access section.
- Within iManager, go to Files and Folders and click on Properties.
- Select the appropriate volume or folder.
- Click on Rights and add the appropriate users to the list. Assign the desired rights and click OK.
Testing Samba Access
Testing Samba from Linux
- Go to the OES 2 server and double click on the home directory icon located on the desktop.
- Once the window is open, click on the button that looks like a piece of paper with a pencil. This will reveal a Location field. In the location field put in the following url: smb://username@IPaddress where username is the name of the user that has rights to that volume, and IPaddress is the IP address of your server. If you don't see anything then it may be an issue with your firewall on the OES 2 server. One quick test is to disable the firewall and see if you get the same results. If you are then able to see the shares with the firewall disabled, you can open specific ports in the firewall by following TID #3755552.
Testing Samba from Windows
- Open up Windows Explorer and type in \\IPaddress\ in the Location field, where IPaddress is the IP address of the OES 2 server. If you get a prompt for the Novell Client login, then the Novell Client is intercepting the information. In that case you can try going to \\sambaname\ where sambaname is the name of the samba server.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com