diff options
Diffstat (limited to 'docs/htmldocs/using_samba/ch05.html')
| -rw-r--r-- | docs/htmldocs/using_samba/ch05.html | 1779 |
1 files changed, 0 insertions, 1779 deletions
diff --git a/docs/htmldocs/using_samba/ch05.html b/docs/htmldocs/using_samba/ch05.html deleted file mode 100644 index 07a65cd08a..0000000000 --- a/docs/htmldocs/using_samba/ch05.html +++ /dev/null @@ -1,1779 +0,0 @@ -<html> -<body bgcolor="#ffffff"> - -<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" -hspace="10" align="left" /> - -<h1 class="head0">Chapter 5. Unix Clients</h1> - -<p><a name="INDEX-1"/>In <a href="ch03.html">Chapter 3</a> we showed you how to configure Windows systems -to access shared resources on both Windows and Samba servers. This -has probably opened up a whole new world of computing for -you—one in which you have to run to a Windows system every time -you want to copy a file between Unix and Windows! In this chapter, we -will show you the "other -side"—how to access SMB shares from your -favorite Unix system.</p> - -<p>You can access SMB resources from Unix in three ways, depending on -your version of Unix. A program included with the Samba distribution -called <em class="emphasis">smbclient</em><a name="INDEX-2"/> can be used to connect with a share on -the network in a manner similar to using <em class="emphasis">ftp</em> -when transferring files to or from an FTP site.</p> - -<p>If your system is running Linux, you can use the -<a name="INDEX-3"/>smbfs -filesystem to mount SMB shares right onto your Linux filesystem, just -as you would mount a disk partition or NFS filesystem. The SMB shares -can then be accessed and manipulated by all programs running on the -Linux system: command shells, desktop GUI interfaces, and application -software.</p> - -<p>On some BSD-based systems, including Mac OS X, a pair of utilities -named <em class="emphasis">smbutil</em> <a name="INDEX-4"/>and <em class="emphasis">mount_smbfs</em> -<a name="INDEX-5"/>can be used to query SMB servers and -mount shares.</p> - -<p>For other Unix variants, -<em class="emphasis">smbsh</em><a name="INDEX-6"/> can be run to enable common shell -commands such as <em class="emphasis">cd</em>, <em class="emphasis">ls</em>, -<em class="emphasis">mv, wc</em>, and <em class="emphasis">grep</em> to access -and manipulate files and directories on SMB shares. This effectively -extends the reach of the Unix shell and utilities beyond the Unix -filesystem and into the SMB network.</p> - -<p>All the Unix clients can access shares offered by either Windows -systems or Samba servers. We have already shown you how to set up a -share on a Samba server and could use that as an example to work -with. But it's much more fun to use the Unix clients -with shares served by Windows systems. So before we start covering -the Unix clients in detail, we will take a quick detour and show you -how to set up file shares on both Windows 95/98/Me and Windows -NT/2000/XP systems.</p> - - -<div class="sect1"><a name="samba2-CHP-5-SECT-1"/> - -<h2 class="head1">Sharing Files on Windows 95/98/Me</h2> - -<p>When <a name="INDEX-7"/><a name="INDEX-8"/>sharing files on Windows 95/98/Me, you -can authenticate users in two different ways. -<a name="INDEX-9"/><a name="INDEX-10"/>Share-level security is the default -and is easy to use. However, it is not as secure and can require -users to type in passwords when connecting to shares. User-level -security offers a better security model and can be used if you have -either a Samba or Windows NT/2000 server on your network performing -user authentication.</p> - -<p>To configure the type of access control for your system, open the -Control Panel, double-click the Network icon, then click the Access -Control tab. You should see the dialog box shown in <a href="ch05.html#samba2-CHP-5-FIG-1">Figure 5-1</a>.</p> - -<div class="figure"><a name="samba2-CHP-5-FIG-1"/><img src="figs/sam2_0501.gif"/></div><h4 class="head4">Figure 5-1. The Access Control tab of the Windows 98 Network Control Panel window</h4> - -<p>Click the "Share-level access -control" or "User-level access -control" radio button, depending on which you want -to use. When using user-level access control, you will also need to -fill in the name of your workgroup or Windows NT domain. Reboot as -requested.</p> - -<p>To share a folder, right-click the folder's icon and -select Sharing . . . . This will open the Sharing tab of the -folder's Properties dialog box. Click the -"Shared As:" radio button, and fill -in a name for the share (which defaults to the -folder's name) and a description, which will be -visible to client users. If you don't want the share -to be visible in the Network Neighborhood view of other Windows -clients, pick a name for the share that ends in a dollar sign -(<tt class="literal">$</tt>).</p> - -<p><a href="ch05.html#samba2-CHP-5-FIG-2">Figure 5-2</a> shows what the Sharing tab of the -folder's Properties dialog box will look like when -using share-level security. The security settings are very simple. -You can select a radio button for read-only access or full -(read/write) access, or have the user's permissions -(either read-only or read/write) depend on which password they use. -In accordance with which you select, you will be asked to assign -either or both of the read-only and full-access passwords for the -share.</p> - -<div class="figure"><a name="samba2-CHP-5-FIG-2"/><img src="figs/sam2_0502.gif"/></div><h4 class="head4">Figure 5-2. The Sharing tab of the folder's Properties dialog, with share-level security</h4> - -<p>If your system is configured with user-level security, the Sharing -tab of the folder's Properties dialog box will look -like <a href="ch05.html#samba2-CHP-5-FIG-3">Figure 5-3</a>. As you can see, -we've created a share named -"DATA", and used the Add . . . -button to create permissions that allow read-only access for all -domain users and read/write (full access) for <tt class="literal">jay</tt>.</p> - -<div class="figure"><a name="samba2-CHP-5-FIG-3"/><img src="figs/sam2_0503.gif"/></div><h4 class="head4">Figure 5-3. The Sharing tab of the folder Properties dialog, with user-level security</h4> - -<p>When you are done specifying your settings for the share, click on -the OK button, and the share will become available to users on -network clients. Unless you chose a share name ending in a dollar -sign, you can see it in the Network Neighborhood or My Network Places -of Windows clients on the network. You can also now use the Unix -clients described in this chapter to connect to the share.</p> - - -</div> - - - -<div class="sect1"><a name="samba2-CHP-5-SECT-2"/> - -<h2 class="head1">Sharing Files on Windows NT/2000/XP</h2> - -<p>To create a file share on <a name="INDEX-11"/><a name="INDEX-12"/><a name="INDEX-13"/><a name="INDEX-14"/>Windows NT/2000/XP, you first must -log in to the system as any member of the Administrators, Power -Users, or Server Operators groups. Right-click the icon of a folder -you wish to share, and click Sharing . . . in the pop-up menu. The -Sharing tab of the folder's Properties dialog box -will appear, as shown in <a href="ch05.html#samba2-CHP-5-FIG-4">Figure 5-4</a>. Click the -"Share this folder" radio button.</p> - -<div class="figure"><a name="samba2-CHP-5-FIG-4"/><img src="figs/sam2_0504.gif"/></div><h4 class="head4">Figure 5-4. The Sharing tab of the folder's Properties dialog on Windows 2000</h4> - -<p>Share name: will default to the name of the folder, and you can -change it if you want. One reason you might want to use a different -name for the share is to make the share not appear in browse lists -(as displayed by the Network Neighborhood, for example). This can be -done by using a share name ending in a dollar sign -(<tt class="literal">$</tt>). You can also add a description of the share -in the Comment: text area. The description will appear to users of -network clients and can help them understand the contents of the -share.</p> - -<p><a name="INDEX-15"/><a name="INDEX-16"/><a name="INDEX-17"/><a name="INDEX-18"/><a name="INDEX-19"/>By clicking the Permissions button, -you can set permissions for the share on a user-by-user basis. This -is equivalent to the user-level security of Windows 95/98/Me file -sharing. On Windows NT/2000/XP, Microsoft recommends that share -permissions be set to allow full access by everyone, with the -permissions controlled on a file-by-file basis using filesystem -access control lists -(<a name="INDEX-20"/>ACLs). The actual permissions given -to network clients are a combination of the share permissions and -file access permissions. To edit the ACL for the folder, click the -Security tab. For more information on ACLs, see <a href="ch08.html#samba2-CHP-8-SECT-3">Section 8.3</a> in <a href="ch08.html">Chapter 8</a>.</p> - -<p>If you want, you can limit the number of users who can concurrently -connect to the share using the "User -limit:" radio button. The New Share button allows -you to create multiple file shares for the same folder, each having -its own name, comment, user limit, and other parameters.</p> - -<p>When you are done, click the OK button, and the folder will be -accessible from clients on the network.</p> - - -</div> - - - -<div class="sect1"><a name="samba2-CHP-5-SECT-3"/> - -<h2 class="head1">smbclient</h2> - -<p>The Samba Team supplies <em class="emphasis">smbclient</em><a name="INDEX-21"/> as a basic part of the Samba suite. At -first, it might seem to be a primitive interface to the SMB network, -but <em class="emphasis">smbclient</em> is actually a versatile tool. It -can be used for browsing shares on servers, testing configurations, -debugging, accessing shared printers, backing up shared data, and -automating administrative tasks in shell scripts. And unlike -<tt class="literal">smbfs</tt><a name="INDEX-22"/><a name="INDEX-23"/><a name="INDEX-24"/> and <em class="emphasis">smbsh</em>, -<em class="emphasis">smbclient</em> works on all Unix variants that -support Samba.</p> - -<p>In this chapter we'll focus mostly on running -<em class="emphasis">smbclient</em> as an interactive shell, using its -<em class="emphasis">ftp</em>-like commands to access shared directories -on the network. Using <em class="emphasis">smbclient</em> to access -printers and perform backups will be covered in <a href="ch10.html">Chapter 10</a>.</p> - -<p>A complete reference to <em class="emphasis">smbclient</em> is found in -<a href="appc.html">Appendix C</a>.</p> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-3.1"/> - -<h3 class="head2">Listing Services</h3> - -<p><a name="INDEX-25"/>The <em class="emphasis">-L</em> option -can be used with <em class="emphasis">smbclient</em> to list the resources -on a single computer. Assuming the Samba server is configured to take -the role of the master browser, we can obtain a list of the computers -in the domain or workgroup like this:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L toltec</b></tt> -added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0 -Password: -Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5] - - Sharename Type Comment - --------- ---- ------- - test Disk For testing only, please - IPC$ IPC IPC Service (Samba 2.2.5) - ADMIN$ Disk IPC Service (Samba 2.2.5) - - Server Comment - --------- ------- - MAYA Windows 98 - MIXTEC Samba 2.2.5 - TOLTEC Samba 2.2.5 - ZAPOTEC - - Workgroup Master - --------- ------- - METRAN TOLTEC</pre></blockquote> - -<p>In the column labeled "Server", -<tt class="literal">maya</tt>, <tt class="literal">mixtec</tt>, and -<tt class="literal">zapotec</tt> are shown along with toltec, the Samba -server. The services on <tt class="literal">toltec</tt> are listed under -"Sharename". The IPC$ and ADMIN$ -shares are standard Windows services that are used for network -communication and administrative purposes, and -<em class="filename">test</em> is the directory we added as a share in -<a href="ch02.html">Chapter 2</a>.</p> - -<p>Now that we know the names of computers in the domain, we can list -services on any of those computers. For example, here is how we would -list the services offered by <tt class="literal">maya</tt>, a Windows 98 -workstation:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L maya</b></tt> -added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0 -Password: - - - Sharename Type Comment - --------- ---- ------- - PRINTER$ Disk - HP Printer HP 932C on Maya - D Disk D: on Maya - E Disk E: on Maya - - ADMIN$ Disk - IPC$ IPC Remote Inter Process Communication - - Server Comment - --------- ------- - - Workgroup Master - --------- -------</pre></blockquote> - -<p>A shared printer is attached to <tt class="literal">maya</tt>, so we see -the PRINTER$ administrative service, along with the HP share for the -printer itself. Also on <tt class="literal">maya</tt> are the D and E -shares, which allow access across the network to -<tt class="literal">maya</tt>'s D: and E: drives. It is -normal for the Server and Workgroup sections to be empty when listing -services on a Windows client.</p> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-3.2"/> - -<h3 class="head2">Authenticating with smbclient</h3> - -<p><a name="INDEX-26"/>As with any other SMB client, -<em class="emphasis">smbclient</em> needs to supply a username and -password if it is authenticating in a domain environment or if it is -contacting a Samba server that is set up with user-level security. In -a workgroup environment, it will at least need a password to use when -connecting with a password-protected resource.</p> - -<p>By default, <em class="emphasis">smbclient</em> uses the username of the -user who runs it and then prompts for a password. If you are using -<em class="emphasis">smbclient</em> a lot, you might tire of entering your -password every time.</p> - -<p><em class="emphasis">smbclient</em> supports some alternate methods of -entering a username and password. The password can be entered on the -command line, like this:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e jayspassword</b></tt></pre></blockquote> - -<p>Or both the username and password can be supplied by using the -<em class="emphasis">-U</em> option, including the username and password -separated by a percent (<tt class="literal">%</tt>) character:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -U kelly%kellyspassword</b></tt></pre></blockquote> - -<p>This method is useful if you are logged in to the system under an -account that is not Samba-enabled or you are testing your -configuration to see how it treats another user. With either method, -you can avoid having to enter the username and/or password each time -you run <em class="emphasis">smbclient</em> by creating an alias for the -command or creating a shell function or shell script. For example, -with the <em class="emphasis">bash</em> shell, it is possible to define a -function like this:</p> - -<blockquote><pre class="code">smbcl( ) -{ - smbclient $* -U jay%jayspassword -}</pre></blockquote> - -<p>Adding the definition to the shell's startup script -(which would be <em class="filename">~/.bash_profile</em> for -<em class="emphasis">bash</em>) would result in the definition affecting -all subsequent shell invocations.</p> - -<p>Another method that can be used to supply both the username and -password is to set the USER and <a name="INDEX-27"/><a name="INDEX-28"/>PASSWD environment variables. Either -set the USER environment variable using the -<em class="replaceable">username</em>%<em class="replaceable">password</em> -format, or set the USER environment variable to the username, and set -PASSWD to the user's password.</p> - -<p>It is also possible to create a credentials file containing the -username on the first line and the password on the second line, like -this:</p> - -<blockquote><pre class="code">username = jay -password = jayspassword</pre></blockquote> - -<p>Then, <em class="emphasis">smbclient</em> is run using the -<em class="emphasis">-A</em> option to specify the name of the file:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -A ~/.smbpw</b></tt></pre></blockquote> - -<a name="samba2-CHP-5-NOTE-120"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> -<p>Of the methods we described in this section, the only one that is -really secure is the default method of allowing -<em class="emphasis">smbclient</em><a name="INDEX-29"/> to -prompt for the password and typing in the password without echoing.</p> - -<p>If security is a concern, you definitely should avoid providing your -password on the command line because it is very easy for -"shoulder surfers" to obtain, as -well as anyone who looks through your shell's -command history.</p> - -<p>If you keep your Samba password in a credentials file, shell startup -file, or shell script, make sure the file's -permissions prohibit other users from reading or writing it. (Use an -octal permissions mode of 0600.) Security experts never keep -passwords in files owned by nonroot users or accessible by anyone -other than the superuser. As part of their security policy, some -organizations do not permit passwords to be stored in files, so you -might want to check first before using this method.</p> - -<p>The authentication method that uses the USER and PASSWD environment -variables isn't any more secure. Environment -variables are usually set either on the command line or in one or -more of the shell's startup files, so this method -suffers from the same weaknesses we've just -discussed. In addition, any program run by the user has access to the -shell's environment variables, making a Trojan horse -attack on the PASSWD variable really easy!</p> -</blockquote> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-3.3"/> - -<h3 class="head2">An Interactive smbclient Session</h3> - -<p><a name="INDEX-30"/>A common use for -<em class="emphasis">smbclient</em> is to use it as an -<em class="emphasis">ftp</em>-like shell to access SMB resources on the -network. To begin a session, <em class="emphasis">smbclient</em> must be -provided with the UNC of a resource (which you can find using the -<em class="emphasis">-L</em> option) on the command line, like this:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e</b></tt> -added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0 -Password: -smb: \></pre></blockquote> - -<p>Forward slashes are accepted by <em class="emphasis">smbclient</em> for -the share's UNC, which makes entering the UNC on the -command line easier. Backslashes can also be used, but they must be -quoted or escaped, and it is somewhat more difficult to type -'<tt class="literal">\\maya\e</tt>' or <tt class="literal">\\\\maya\\e</tt>. -After connecting to the share, <em class="emphasis">smbclient</em> -displays the <tt class="literal">smb: \></tt> prompt, waiting for a -command to be entered. Commands are similar to those with which you -might be familiar in <em class="emphasis">ftp</em> and are also somewhat -similar to Unix shell commands. To get a list of -<em class="emphasis">smbclient</em><a name="INDEX-31"/> commands, use the -<em class="emphasis">help</em> command:</p> - -<blockquote><pre class="code">smb: \> <tt class="userinput"><b>help</b></tt> -ls dir du lcd cd -pwd get mget put mput -rename more mask del open -rm mkdir md rmdir rd -prompt recurse translate lowercase print -printmode queue cancel quit q -exit newer archive tar blocksize -tarmode setmode help ? history -!</pre></blockquote> - -<p>Some commands in the previous list are synonyms for other commands. -For example, the <em class="emphasis">?</em> command is a synonym for -<em class="emphasis">help</em>. You can give this command the name of -another command as an argument to get a concise reminder of what the -command does and how to use it:</p> - -<blockquote><pre class="code">smb: \> <tt class="userinput"><b>? ls</b></tt> -HELP ls: - <mask> list the contents of the current directory</pre></blockquote> - -<p>The term <tt class="literal"><mask></tt> refers to a file-matching -pattern as commonly found in Unix shells and utilities. For example:</p> - -<blockquote><pre class="code">smb: \> <tt class="userinput"><b>ls *doc</b></tt> - ms-ProfPol-wp.doc A 131 Tue Dec 18 09:12:34 2002 - smbclient.doc A 33969 Mon Dec 10 20:22:24 2002 - smbmount.doc A 7759 Mon Dec 10 20:20:00 2002 - - 48590 blocks of size 524288. 40443 blocks available</pre></blockquote> - -<p>lists all files ending in "doc" in -the current directory on the remote system. In the listing, the -leftmost column shows the filename. Moving left to right, we see the -file's MS-DOS attributes, then its size, and the -time it was last modified.</p> - -<p>As with any other Unix utility, <em class="emphasis">smbclient</em> has a -working directory on the local host. It also has another current -directory on the remote SMB share. With -<em class="citetitle">smbclient</em>, the <em class="emphasis">cd</em> command -is used to move around on the remote system:</p> - -<blockquote><pre class="code">smb: \> <tt class="userinput"><b>cd trans </b></tt> -smb: \trans\></pre></blockquote> - -<p>Notice how the prompt changes to reflect the new current working -directory. To change your current directory on the local system, use -the <em class="emphasis">lcd</em> command:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>lcd /u/snd</b></tt> -the local directory is now /u/snd</pre></blockquote> - -<p>Most of <em class="emphasis">smbclient</em>'s commands -are for performing operations on remote files and directories. There -is no command for listing the contents of the local directory. -However, <em class="emphasis">smbclient</em> allows a shell escape. Any -command preceded by an exclamation point (<tt class="literal">!</tt>) is -interpreted as a shell command and is run in a subshell on the local -system. For example:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>! ls -l</b></tt> -total 16 -drwxrwxr-x 2 jay jay 4096 Jan 10 14:46 dr220-fet -drwxrwxr-x 2 jay jay 4096 Sep 22 12:16 dr220-tube --rw-rw-r-- 1 jay jay 131 Jan 10 02:22 readme.txt -drwxrwxr-x 7 jay jay 4096 Jan 10 02:19 xl1</pre></blockquote> - -<p>lists the contents of <em class="filename">/u/snd</em>. By using -<em class="emphasis">smbclient</em>'s commands to operate -on the remote system—and shell-escaped commands to operate on -the local system—it is possible to manipulate data on both -systems without having to exit <em class="emphasis">smbclient</em> or open -another shell window.</p> - -<p><a name="INDEX-32"/><a name="INDEX-33"/>File transfer is performed using -the <em class="emphasis">get</em> and -<em class="emphasis">put</em><a name="INDEX-34"/><a name="INDEX-35"/> commands. The <em class="emphasis">get</em> -command transfers a single file from the remote to the local system, -and the <em class="emphasis">put</em> command copies a file from the local -to the remote system. For example, the following command copies the -file <em class="filename">readme.txt</em> to the SMB share:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>put readme.txt</b></tt> -putting file readme.txt as \trans\readme.txt (127.9 kb/s) (average 10.7 kb/s)</pre></blockquote> - -<a name="samba2-CHP-5-NOTE-121"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> -<p>Unlike <em class="emphasis">ftp</em>, <em class="emphasis">smbclient</em> does -not have <em class="emphasis">ascii</em> and <em class="emphasis">binary</em> -commands to set the type of the file that is being transferred. -Before transferring a text file from a Unix system to a Windows or -Macintosh system, you might want to use the GNU -<em class="emphasis">unix2dos</em><a name="INDEX-36"/> command to reformat newlines in the -file to work with the carriage return linefeed (CRLF) standard:</p> - - -<blockquote><pre class="code">$ <tt class="userinput"><b>unix2dos text_file >text_file.txt</b></tt></pre></blockquote> - - -<p>and then transfer the CRLF-formatted version. After transferring a -text file from a Windows or Macintosh system to Unix, you can use the -GNU <em class="emphasis">dos2unix</em><a name="INDEX-37"/> command to perform the inverse -operation:</p> - - -<blockquote><pre class="code">$ <tt class="userinput"><b>dos2unix text_file.txt >text_file</b></tt></pre></blockquote> -</blockquote> - -<p>To transfer more than one file with a single command, you can use the -<em class="emphasis">mget</em><a name="INDEX-38"/><a name="INDEX-39"/> and <em class="emphasis">mput</em> commands, -which accept a list of filenames in the command line. The list can be -provided by typing in the filenames on the command line separated by -spaces, or the group of files can be specified with a pattern as one -would use in Unix shell commands. The command:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget plain/*</b></tt></pre></blockquote> - -<p>copies all the files in the directory <em class="filename">plain</em> on -the SMB share to the current directory on the local system. By -default, <em class="emphasis">smbclient</em> prompts for each file, asking -if you want to copy it:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget plain/*</b></tt> -Get file tomm.wav? n -Get file toml.wav? n -Get file tomh.wav? n -Get file snare.wav? n -Get file rim.wav? n -Get file handclap.wav? n -Get file bassdrum.wav? n</pre></blockquote> - -<p>If you are sure you want to copy all the files, you can turn off -prompting with the <em class="emphasis">prompt</em> command, like this:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>prompt</b></tt> -prompting is now off</pre></blockquote> - -<p>By default, if you specify the name of a directory, -<em class="emphasis">smbclient</em> will not copy the contents of the -directory. To transfer the entire contents of directories listed in -the <em class="emphasis">mput</em> or <em class="emphasis">mget</em> command, -you must first use the <em class="emphasis">recurse</em> command:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>recurse</b></tt> -directory recursion is now on</pre></blockquote> - -<p>After setting things up with the -<em class="emphasis">prompt</em><a name="INDEX-40"/><a name="INDEX-41"/> and <em class="emphasis">recurse</em> -commands, we can copy a directory like this:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget acc</b></tt> -getting file tomm.wav of size 55494 as tomm.wav (2580.6 kb/s) (average 2087.3 kb/s) -getting file toml.wav of size 57220 as toml.wav (2660.9 kb/s) (average 2167.6 kb/s) -getting file tomh.wav of size 55936 as tomh.wav (2601.2 kb/s) (average 2220.8 kb/s) -getting file snare.wav of size 22132 as snare.wav (1200.7 kb/s) (average 2123.7 kb/s) -getting file rim.wav of size 8314 as rim.wav (1623.8 kb/s) (average 2110.8 kb/s) -getting file handclap.wav of size 14180 as handclap.wav (1978.2 kb/s) (average 2106.2 -kb/s) -getting file bassdrum.wav of size 6950 as bassdrum.wav (2262.3 kb/s) (average 2108.5 -kb/s)</pre></blockquote> - -<p><a name="INDEX-42"/>Directory recursion applies to all -commands, so if an <em class="emphasis">ls</em> command is used while -directory recursion is on, all files in the directory tree are -listed. To turn directory recursion off again, simply re-enter the -command. At the same time, you might also wish to toggle prompting -back to its initial state:</p> - -<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>recurse</b></tt> -directory recursion is now off -smb: \trans\> <tt class="userinput"><b>prompt</b></tt> -prompting is now on</pre></blockquote> - -<p>There are other <em class="emphasis">smbclient</em> commands that you -might find useful. The <em class="emphasis">mkdir</em> command can be used -to create a directory; <em class="emphasis">rmdir</em> removes a -directory; <em class="emphasis">rm</em> deletes a file; and -<em class="emphasis">rename</em> changes a file's name. -These behave very similarly to their Unix shell counterparts. <a href="appc.html">Appendix C</a> contains a complete reference to -<em class="emphasis">smbclient</em> and its command set.</p> - -<p>To exit <em class="emphasis">smbclient</em>, use the -<em class="emphasis">exit</em> or <em class="emphasis">quit</em> command:</p> - -<a name="INDEX-43"/><blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>quit </b></tt></pre></blockquote> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-3.4"/> - -<h3 class="head2">Programming with smbclient</h3> - -<p><a name="INDEX-44"/>The <em class="emphasis">-c</em> option -<em class="emphasis">of smbclient</em> allows a list of commands to be -passed on the command line. To copy the file -<em class="filename">\\maya\e\trans\readme.txt</em> to -<em class="filename">/u/snd/readme.txt</em>, we might use the command:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -c "lcd /u/snd; cd trans; get readme.txt" -A ~/.smbpw</b></tt></pre></blockquote> - -<p>Everything that <em class="emphasis">smbclient</em> needs to know to -perform the operation has been specified in the command. There is no -interactive session, so a command such as this can be placed inside a -shell script or a program in some other programming language.</p> - -<p>By using <em class="emphasis">smbclient</em> in this manner, it is -possible to create customized commands using shell functions, scripts -or aliases. For example, suppose we wanted a command to print a short -listing of files in a shared directory, showing just the names of the -files. Using a <em class="emphasis">bash</em> function, we could define a -command <em class="emphasis">smbls</em> as follows:</p> - -<blockquote><pre class="code">smbls( ) -{ - share=`echo $1 | cut -d '/' -f '1-4'` - dir=`echo $1 | cut -d '/' -f '5-'` - smbclient $share -c "cd $dir; ls" -A ~/.smbpw | \ - grep "^ " | cut -d ' ' -f 3 - | sort -}</pre></blockquote> - -<p>After defining this function, we can use <em class="emphasis">smbls</em> -like this:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbls //maya/e</b></tt> -CD-images -lectures -ms-ProfPol-wp.doc -profile-map -readme.txt -RECYCLED -smbclient.doc -smbmount.doc -smbsh.txt -trans -$ <tt class="userinput"><b>smbls //maya/e/lectures</b></tt> -. -.. -lecture1.mp3 -lecture2.mp3 -lecture3.mp3 -lecture4.mp3 -lecture5.mp3 -lecture6.mp3 -lecture7.mp3 -lecture8.mp3 -lecture9.mp3</pre></blockquote> - -<p>Another use for <em class="emphasis">smbclient</em> in scripts is -performing administrative tasks. Suppose a group of users on Windows -clients are sharing a set of files as part of a project on which they -are working. Instead of expecting them to coordinate making daily -backups, we could write a script that copies the share to the Samba -server and run the script nightly as a cron job. The directory on the -Samba server could be shared as well, allowing any of the users to -retrieve a backup file on their own, without having to bother an -administrator.</p> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-3.5"/> - -<h3 class="head2">Backups with smbclient</h3> - -<p>A major use of <em class="emphasis">smbclient</em><a name="INDEX-45"/><a name="INDEX-46"/> is to create and restore backups of -SMB file shares. The backup files <em class="emphasis">smbclient</em> -writes are in tar format, making them easy to work with and portable -among all Unix versions. Using <em class="emphasis">smbclient</em> on a -Unix server to run network backups can result in a more centralized -and easily managed solution for providing data integrity because both -SMB shares and NFS filesystems can be backed up on the same system.</p> - -<p>You can use <em class="emphasis">smbclient</em> to perform backups in two -ways. When backing up an entire share, the simplest method is to use -the <em class="emphasis">-Tc</em> option on the command line:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -Tc >maya-e.tar</b></tt></pre></blockquote> - -<p>This will create a tar archive of the <em class="filename">\\maya\e</em> -share in the file <em class="filename">maya-e.tar</em>. By using the -<em class="emphasis">-D</em> option, it is possible to back up a directory -in the share, rather than the whole share:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -D trans -Tc >maya-e.tar</b></tt></pre></blockquote> - -<p>This causes <em class="emphasis">smbclient</em> to change its working -directory to the <em class="filename">trans</em> directory of the -<em class="filename">\\maya\e</em> share before starting the backup. It is -also possible to use -<em class="emphasis">smbclient</em>'s -<em class="emphasis">tar</em> command in interactive mode, like this:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e </b></tt> -added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0 -Password: -smb: \> <tt class="userinput"><b>cd trans</b></tt> -smb: \trans\> <tt class="userinput"><b>tarmode full hidden system quiet</b></tt> -smb: \trans\> <tt class="userinput"><b>tar c maya-e-trans.tar</b></tt></pre></blockquote> - -<p>With the previous code, only the <em class="emphasis">trans</em> -subdirectory in the <em class="emphasis">\\maya\e</em> share will be -backed up, using the settings specified in the -<em class="emphasis">tarmode</em> command. To have this type of backup run -automatically from a script, use the <em class="emphasis">-c</em> option:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -c "cd trans; tarmode full hidden \</b></tt> -<tt class="userinput"><b> system quiet; tar >maya-e-trans.tar"</b></tt></pre></blockquote> - -<p>Using either the <em class="emphasis">-T</em> command-line option or -<em class="emphasis">smbclient</em>'s -<em class="emphasis">tar</em> command, additional options can be supplied. -It is necessary to specify either the <em class="emphasis">c</em> option -to create a backup archive or the <em class="emphasis">x</em> option to -extract (restore) one.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> </p> - -<p>The other options can be appended to the option string -and are explained in the section on <em class="emphasis">smbclient</em> in -<a href="appc.html">Appendix C</a>. They allow you to create incremental -backups, specify which files to include or exclude from the backup, -and specify a few other miscellaneous settings. For example, suppose -we wish to create an incremental backup of a share and reset the -archive bit on the files to set things up for the next incremental -backup. Instead of using the interactive commands:</p> - -<blockquote><pre class="code">smb: \> <tt class="userinput"><b>tarmode inc reset quiet</b></tt> -smb: \> <tt class="userinput"><b>tar c backup.tar</b></tt></pre></blockquote> - -<p>we could either use the interactive command:</p> - -<blockquote><pre class="code">smb: \> <tt class="userinput"><b>tar cgaq backup.tar</b></tt></pre></blockquote> - -<p>or specify the <em class="emphasis">-Tcgaq</em> option on the -<em class="emphasis">smbclient</em> command line.</p> - -<p>Your best strategy for using <em class="emphasis">smbclient</em> for -network backups depends on your local configuration. If you have only -a few Windows systems sharing a small amount of data, you might -create a script containing <em class="emphasis">smbclient -Tc</em> -commands to back up each share to a separate tar file, placing the -files in a directory that is included with regular backups of the -Unix system. If you have huge SMB shares on your network, you might -prefer to write the backup directly to a tape drive. You can do this -with <em class="emphasis">smbclient</em> just as you would with a Unix -<em class="emphasis">tar</em> command:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/d -A samba-domain-pw -Tc >/dev/tape</b></tt></pre></blockquote> - -<p>After you have become more familiar with -<em class="emphasis">smbclient</em> and have an automated backup system in -place, you might find that using Samba has dramatically decreased -your anxiety regarding the integrity of your -network's data. The authors of this book are -experienced Unix system administrators, and we highly recommend -having a backup strategy that has been carefully planned, -implemented, and most importantly, <em class="emphasis">tested and known to work -as it is supposed to</em>.</p> - - -</div> - - -</div> - - - -<div class="sect1"><a name="samba2-CHP-5-SECT-4"/> - -<h2 class="head1">smbfs</h2> - -<p>On Linux, the <a name="INDEX-47"/>smbfs filesystem can be used to mount -SMB shares onto the Linux filesystem in a manner similar to mounting -disk partitions on NFS filesystems. The result is so transparent that -users on the Linux system might never be aware that they are -accessing files through a Windows or Samba server. Files and -directories appear as any other files or directories on the local -Linux system, although there are a few differences in behavior -relating to ownership and permissions.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a></p> - -<p>Although smbfs is based on the Samba code, it is not itself part of -the Samba distribution. Instead, it is included with Linux as a -standard part of the Linux filesystem support.</p> - -<p>The <em class="emphasis">smbmount</em> and -<em class="emphasis">smbmnt</em><a name="INDEX-48"/> programs are part of the Samba -distribution and are needed on the client to mount smbfs filesystems. -Samba must be compiled with the <tt class="literal">--with-smbmount</tt> -configure option to make sure these programs are compiled. They refer -to <em class="filename">smb.conf</em> for information they need regarding -the local system and network configuration, so you will need a -working <em class="filename">smb.conf</em><a name="INDEX-49"/><a name="INDEX-50"/> -file on the system, even if it is not acting as a Samba server. - <a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/></p> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-4.1"/> - -<h3 class="head2">Mounting an smbfs Filesystem</h3> - -<p>The <em class="emphasis">smbmount</em><a name="INDEX-54"/> command is used to mount an smbfs -filesystem into the Linux filesystem. The basic usage is:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>smbmount </b></tt><em class="replaceable">Share-UNC mount-point</em><tt class="userinput"><b> -o </b></tt><em class="replaceable">options</em></pre></blockquote> - -<p>Replace <em class="replaceable">Share-UNC</em> with the UNC for the SMB -share, and <em class="replaceable">mount-point</em> with the full path -to the directory in the Linux filesystem to use as the mount point. -The <em class="replaceable">options</em> argument is used to set the -exact manner in which the share is mounted. Let's -look at an example of a <em class="emphasis">smbmount</em> command:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>smbmount //maya/e /smb/e \</b></tt> -<tt class="userinput"><b> -o "credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775"</b></tt></pre></blockquote> - -<p>Here we are mounting share <em class="filename">\\maya\e</em> from a -Windows 98 system on the mount point <em class="filename">/smb/e</em> on -the Linux system.</p> - -<a name="samba2-CHP-5-NOTE-122"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> -<p>If your Linux kernel doesn't include smbfs support, -you will get the error message:</p> - -<blockquote><pre class="code">ERROR: smbfs filesystem not supported by the kernel</pre></blockquote> - - -<p>In this case, you must configure and compile a new kernel to include -support for smbfs. When smbfs is installed, and an SMB share is -mounted, you can run the command:</p> - - -<blockquote><pre class="code">$ <tt class="userinput"><b>cat /proc/filesystems</b></tt></pre></blockquote> - -<p>and see a line that looks like:</p> - -<blockquote><pre class="code">nodev smbfs</pre></blockquote> - - -<p>in the command's output.</p> -</blockquote> - -<p>The mount point must exist before <em class="emphasis">smbmount</em> is -run and can be created using the <em class="emphasis">mkdir</em> command:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /smb/e</b></tt></pre></blockquote> - -<p>The argument to the <em class="emphasis">-o</em> option might look a -little complex. It is a comma-separated list of -<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em> -pairs. The <tt class="literal">credentials</tt> key is set to the name of -the credentials file, which is used to give -<em class="emphasis">smbmount</em> a valid username and password with -which to authenticate while connecting to the share. The format is -identical to that used by <em class="emphasis">smbclient</em> (as -explained in the previous section), so you can use the same -credentials file for both clients. If you want, you can use the -<em class="replaceable">key</em>=<em class="replaceable">value</em> pair -<tt class="literal">username</tt>=<em class="replaceable">name</em>%<em class="replaceable">password</em> -to specify the username and password directly in the -<em class="emphasis">smbmount</em> command, although this is considerably -less secure.</p> - -<a name="samba2-CHP-5-NOTE-123"/><blockquote class="note"><h4 class="objtitle">TIP</h4> -<p>The <em class="emphasis">smbmount</em> command accepts the same -authentication methods as <em class="emphasis">smbclient</em>. The -comments in the section on <em class="emphasis">smbclient</em> regarding -supplying passwords on the command line—and keeping passwords -in files and environment variables—also apply here.</p> -</blockquote> - -<p>The rest of the options tell <em class="emphasis">smbmount</em> how to -translate between the SMB filesystem and the Unix filesystem, which -differ in their handling of ownership and permissions. The -<em class="emphasis">uid</em> and <em class="emphasis">gid</em> options specify -the owner and group to be assigned to all directories and files in -the mounted share.</p> - -<p>The <em class="emphasis">fmask</em><a name="INDEX-55"/> and -<em class="emphasis">dmask</em><a name="INDEX-56"/> options specify -<a name="INDEX-57"/>bitmasks for -permissions of files and directories, respectively. These bitmasks -are logically ANDed with whatever permissions are granted by the -server to create the effective permissions on the client Unix system. -On the server side, the permissions granted depend on the -server's operating system. For a Windows 95/98/Me -server using share-mode security, the MS-DOS read-only attribute can -be set on individual files and directories and combined with the Full -Access or Read Only permissions on the share as a whole. In -user-level security mode, Windows 95/98/Me can have ACL-like -permissions applied to the entire share, as discussed in <a href="ch04.html">Chapter 4</a>. Windows NT/2000/XP support ACLs on individual -files and directories, with Full Control, Change, or Read permissions -that can be applied to the entire share. If the server is a Samba -server, the permissions are whatever is defined by the Samba share -and the local Unix system for the individual files and directories. -In every case, the permissions applied to the share act to further -limit access, beyond what is specified for the individual files and -directories.</p> - -<a name="samba2-CHP-5-NOTE-124"/><blockquote class="note"><h4 class="objtitle">TIP</h4> -<p>You might think that the <em class="emphasis">fmask</em> and -<em class="emphasis">dmask</em> permission masks can be used only to -reduce the effective permissions on files and directories, but this -is not always the case. For example, suppose that a file is being -shared by a Windows 95/98/Me server using share-mode security and -that some number of users have been given the Full Access password -for the share. If the share is mounted with -<em class="emphasis">smbmount</em> using an <em class="emphasis">fmask</em> of -666, read/write permissions are granted on the Unix system not only -for the owner, but for everyone else on the Unix system as well!</p> -</blockquote> - -<p>After mounting the <em class="filename">\\maya\d</em> share to -<em class="filename">/smb/e</em>, here is what the contents of -<em class="filename">/smb/e</em> look like:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>cd /smb/e ; ls -l</b></tt> -total 47 -drwxrwxr-x 1 jay jay 512 Jan 8 20:21 CD-images -drwxrwxr-x 1 jay jay 512 Jan 6 21:50 lectures --rw-rw-r-- 1 jay jay 131 Dec 18 09:12 ms-ProfPol-wp.doc --rw-rw-r-- 1 jay jay 59 Dec 18 09:12 profile-map --rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt -drwxrwxr-x 1 jay jay 512 Feb 4 2002 RECYCLED --rw-rw-r-- 1 jay jay 33969 Dec 10 20:22 smbclient.doc --rw-rw-r-- 1 jay jay 7759 Dec 10 20:20 smbmount.doc --rw-rw-r-- 1 jay jay 1914 Dec 10 20:17 smbsh.txt -drwxrwxr-x 1 jay jay 512 Jan 10 03:54 trans</pre></blockquote> - -<p>For the most part, the files and directories contained in the mounted -smbfs filesystem will work just like any others, except for -limitations imposed by the nature of SMB networking. For example, not -even the superuser can perform the operation:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>chown root lectures</b></tt> -chown: changing ownership of 'lectures': Operation not permitted</pre></blockquote> - -<p>because SMB shares do not intrinsically support the idea of -ownership. Some odd behaviors can result from this. For example, the -command:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>chmod 777 readme.txt</b></tt></pre></blockquote> - -<p>does not produce an error message, although nothing has been changed. -The file <em class="filename">readme.txt</em> still has permissions set to -664:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>ls -l readme.txt</b></tt> --rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt</pre></blockquote> - -<p>Aside from little things such as these, the mounted smbfs filesystem -can be used in conjunction with virtually any application, and you -might be pleasantly surprised at how nicely it integrates with your -Linux-based computing environment. You can even create symbolic links -in the Unix filesystem, pointing to files and directories inside SMB -shares. However, unless the server is a Samba server that supports -Unix CIFS extensions, you will not be able to create a symbolic link -inside the mounted smbfs filesystem.</p> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-4.2"/> - -<h3 class="head2">Mounting smbfs Filesystems Automatically</h3> - -<p><a name="INDEX-58"/>As with other types of -filesystems, an smbfs filesystem can be mounted automatically during -system bootup by creating an entry for it in -<em class="filename">/etc/fstab</em>. The format for the entry is as -follows:</p> - -<blockquote><pre class="code"><em class="replaceable">Share-UNC mount-point</em> smbfs <em class="replaceable">options</em> 0 0</pre></blockquote> - -<p>Replace <em class="replaceable">Share-UNC</em> with the UNC of the -share (using the forward slash format), and replace -<em class="replaceable">mount-point</em> with the name of the directory -in the Linux filesystem on which the share will be mounted. In place -of <em class="replaceable">options</em>, simply use the string that you -used with the <em class="emphasis">-o</em> flag in the -<em class="emphasis">smbmount</em> command.</p> - -<p>Once you have found the arguments to use with the -<em class="emphasis">smbmount</em> command to mount the share the way you -like it, it is a very simple matter to create the entry for -<em class="filename">/etc/fstab</em>. The <em class="emphasis">smbmount</em> -command we used to mount the share <em class="filename">\\maya\e</em> on -<em class="filename">/smb/e</em> would translate to this -<em class="filename">/etc/fstab</em> entry:</p> - -<blockquote><pre class="code">//maya/e /smb/e smbfs -credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775 0 0 - -<i class="lineannotation">(Please note that this should all go on one line.)</i></pre></blockquote> -<a name="samba2-CHP-5-NOTE-125"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> -<p>If you make a mistake in modifying -<em class="filename">/etc/fstab</em><a name="INDEX-59"/><a name="INDEX-60"/>, your system might not -reboot properly, and you might be forced to boot into single-user -mode to fix the problem. Before you edit -<em class="filename">/etc/fstab</em>, be sure to make a backup copy of it, -and be prepared to recover your system if anything goes wrong.</p> -</blockquote> - -<p>Once the entry has been added, the system will automatically mount -the share when booting. Or, the system administrator can manually -mount or unmount the share with commands such as these:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>mount /smb/e</b></tt> -# <tt class="userinput"><b>umount /smb/e</b></tt></pre></blockquote> - -<a name="samba2-CHP-5-NOTE-126"/><blockquote class="note"><h4 class="objtitle">TIP</h4> -<p>It is possible to use <em class="emphasis">mount</em> and -<em class="emphasis">umount</em> by giving them the UNC for the share -using forward slashes, as in our <em class="filename">/etc/fstab</em> -entry. However, be careful about this. A share might be listed more -than once in <em class="filename">/etc/fstab</em> so that it can be -mounted at more than one place in the Linux filesystem. If you use -the UNC to specify the share you wish to mount or unmount, you might -cause it to be mounted or unmounted at another mount point from the -one you intended.</p> -</blockquote> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-4.3"/> - -<h3 class="head2">Common smbmount Options</h3> - -<p><a href="ch05.html#samba2-CHP-5-TABLE-1">Table 5-1</a> lists -<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em> -pairs that can be used with the <em class="emphasis">-o</em> option of -<em class="emphasis">smbmount</em> or in the options field of the -<em class="filename">/etc/fstab</em> entry for the smbfs filesystem. See -the <em class="emphasis">smbmount</em> manual page for a complete list of -options.</p> - -<a name="samba2-CHP-5-TABLE-1"/><h4 class="head4">Table 5-1. smbmount options</h4><table border="1"> - - - - -<tr> -<th> -<p>Key</p> -</th> -<th> -<p>Value</p> -</th> -<th> -<p>Function</p> -</th> -</tr> - - -<tr> -<td> -<p><tt class="literal">username</tt></p> -</td> -<td> -<p>string</p> -</td> -<td> -<p>Provides the username, and optionally the password and workgroup, for -authentication.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">password</tt></p> -</td> -<td> -<p>string</p> -</td> -<td> -<p>Provides the share or domain password, if it hasn't -been supplied by another means.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">credentials</tt></p> -</td> -<td> -<p>string</p> -</td> -<td> -<p>Name of file containing the username and password.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">uid</tt></p> -</td> -<td> -<p>string or numeric</p> -</td> -<td> -<p>User ID to apply to all files and directories of the mounted share.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">gid</tt></p> -</td> -<td> -<p>string or numeric</p> -</td> -<td> -<p>Group ID to apply to all files and directories of the mounted share.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">fmask</tt></p> -</td> -<td> -<p>numeric</p> -</td> -<td> -<p>Permissions to apply to files. Default is based on current umask.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">dmask</tt></p> -</td> -<td> -<p>numeric</p> -</td> -<td> -<p>Permissions to apply to directories. Default is based on current -umask.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">debug</tt></p> -</td> -<td> -<p>numeric</p> -</td> -<td> -<p>Debug level.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">workgroup</tt></p> -</td> -<td> -<p>string</p> -</td> -<td> -<p>Name of workgroup of remote server.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">guest</tt></p> -</td> -<td> -<p>(none)</p> -</td> -<td> -<p>Suppresses password prompt.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">ro</tt></p> -</td> -<td> -<p>(none)</p> -</td> -<td> -<p>Mount read-only.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">rw</tt></p> -</td> -<td> -<p>(none)</p> -</td> -<td> -<p>Mount read/write. This is the default.</p> -</td> -</tr> -<tr> -<td> -<p><tt class="literal">ttl</tt></p> -</td> -<td> -<p>numeric</p> -</td> -<td> -<p>Amount of time to cache the contents of directories. Defaults to 1000 -ms <a name="INDEX-62"/>.</p> -</td> -</tr> - -</table> - - -</div> - - -</div> - - - -<div class="sect1"><a name="samba2-CHP-5-SECT-5"/> - -<h2 class="head1">smbsh</h2> - -<p>The <em class="emphasis">smbsh</em><a name="INDEX-63"/> program is part of the Samba suite and -works on some, but not all, Unix variants.<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> Effectively, it adds a wrapper around the -user's command shell, enabling it and common Unix -utilities to work on files and directories in SMB shares, in addition -to files and directories in the local Unix filesystem. From the -user's perspective, the effect is that of a -simulated mount of the SMB shares onto the Unix filesystem.</p> - -<p><em class="emphasis">smbsh</em> works by running the shell and programs -run from it in an environment in which calls to the standard C -library are redirected to the -<em class="emphasis">smbwrapper</em><a name="INDEX-64"/> library, which has support for -operating on SMB shares. This redirection can work only if the -program being run is dynamically linked. Fortunately, modern Unix -versions ship with most common utilities linked dynamically rather -than statically.</p> - -<a name="samba2-CHP-5-NOTE-127"/><blockquote class="note"><h4 class="objtitle">TIP</h4> -<p>To determine whether a program is dynamically or statically linked, -try using the <em class="emphasis">file</em> command.</p> -</blockquote> - -<p>To use <em class="emphasis">smbsh</em>, your Samba installation must be -configured using the configure option -<tt class="literal">--with-smbwrapper</tt>.</p> - -<p>If you have a number of Unix systems with the same host operating -system and architecture and don't want to bother -with a full Samba installation, you can simply move the following -files to the other systems:</p> - -<blockquote><pre class="code">/usr/local/samba/bin/smbsh -/usr/local/samba/bin/smbwrapper.so -/usr/local/samba/lib/smb.conf</pre></blockquote> - -<p>Make sure that <em class="filename">/usr/local/samba/bin</em> is in your -shell's search path. The -<em class="filename">smb.conf</em><a name="INDEX-65"/><a name="INDEX-66"/> file is -needed only for <em class="emphasis">smbsh</em> to determine the workgroup -or domain and does not need to be as elaborate as your Samba -server's configuration file.</p> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-5.1"/> - -<h3 class="head2">An Interactive Session with smbsh</h3> - -<p><a name="INDEX-67"/>To start <em class="emphasis">smbsh</em>, -simply type in the <em class="emphasis">smbsh</em> command at the shell -prompt. You will be prompted for a username and password with which -to authenticate on the SMB network:</p> - -<blockquote><pre class="code">$ <tt class="userinput"><b>smbsh</b></tt> -Username: davecb -Password: -smbsh$</pre></blockquote> - -<p>While working within the <em class="emphasis">smbsh</em> shell, you have a -virtual <em class="filename">/smb</em> directory. This does not actually -exist in the Unix filesystem and is supported within -<em class="emphasis">smbsh</em> only to help organize the SMB shares in a -structure familiar to Unix users. You can list the contents of the -<em class="filename">/smb</em> virtual directory and get a list of -workgroups in the local network, which are also presented as virtual -directories:</p> - -<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd /smb ; ls</b></tt> -ZOOL PLANK BACIL</pre></blockquote> - -<p>You can change your working directory to one of the workgroup virtual -directories, and listing one of them will show the computers in the -workgroup:</p> - -<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd ZOOL ; ls</b></tt> -ANTILLES DODO MILO SEAL -ARGON HANGGLIDE OSTRICH SPARTA -BALLET INFUSION PLAQUE THEBES -CHABLIS JAZ PRAETORIAN TJ -COBRA KIKO RAYOPCI TRANCE -COUGUR MACHINE-HEADPCI RUMYA VIPERPCI -CRUSTY MATHUMA SCOT</pre></blockquote> - -<p>Likewise, you can change your current directory to, and list the -contents of, a computer virtual directory, and then you can see a -listing of shares offered by that computer:</p> - -<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd scot ; ls</b></tt> -ADMIN$ davecb nc np2s pl -ace dhcp-mrk03 np nps xp -cl ep np2 opcom</pre></blockquote> - -<p>This is the lowest level of -<em class="emphasis">smbsh</em>'s virtual directory -system. Once you <em class="emphasis">cd</em> into a share, you are within -the SMB share on the remote computer:</p> - -<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd davecb ; ls</b></tt> -Mail mkanalysis_dirs.idx -SUNWexplo nfs.ps -Sent nsmail -allsun.html projects.txt -bin sumtimex</pre></blockquote> - -<p>Once in a remote share, most of the Unix shell utilities will work, -and you can operate on files and directories much as you would on any -Unix system. You can even create symbolic links in the Unix -filesystem pointing to files and directories in the SMB share. -However, attempts to create symbolic links in the SMB share will fail -unless the share is being served by Samba with support for Unix CIFS -extensions.</p> - - -</div> - - -</div> - - - -<div class="sect1"><a name="samba2-CHP-5-SECT-6"/> - -<h2 class="head1">smbutil and mount_smbfs</h2> - -<p>The <em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em> -programs provide SMB client functionality for FreeBSD, Darwin, and -Mac OS X. Neither of the programs is part of the Samba distribution; -however, we are including them to give you a little additional -support in case you have BSD-related Unix systems on your network.</p> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-6.1"/> - -<h3 class="head2">smbutil</h3> - -<p>The <em class="emphasis">smbutil</em><a name="INDEX-68"/> program provides functionality similar -to some of the Samba suite's command-line utilities. -It can be used to list the shares available on an SMB server or -perform NetBIOS name lookups.</p> - -<p>The first argument given to <em class="emphasis">smbutil</em> is one of a -number of subcommands and is usually followed by arguments specific -to the subcommand. For example, to list the resources offered by a -server, use the <em class="emphasis">view</em> subcommand, and enter your -server password when prompted:</p> - -<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //vamana</b></tt> -Password: -Share Type Comment -------------------------------------------------------------- -public disk -SS2500 printer Stylus Scan 2500 -IPC$ pipe IPC Service (Samba 2.2.5) -ADMIN$ disk IPC Service (Samba 2.2.5) -leonvs disk User Home Directories - -5 shares listed from 5 available</pre></blockquote> - -<p>If you wish to connect to the server with a username that differs -from that on your client, you can specify it on the command line by -preceding the name of the server with the username and using an at -sign (<tt class="literal">@</tt>) as a separator:</p> - -<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs@vamana</b></tt></pre></blockquote> - -<p>You can also include the password after the username, using a colon -(:) as a separator, to avoid being prompted for -it:</p> - -<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs:leonspassword@vamana</b></tt></pre></blockquote> - -<p>Typing your password in the open like this is strongly discouraged. -It's a little better if you use an encrypted -password, which you can generate using -<em class="emphasis">smbutil</em>'s -<em class="emphasis">crypt</em> subcommand:</p> - -<blockquote><pre class="code">% <tt class="userinput"><b>smbutil crypt leonspassword</b></tt> -$$1625a5723293f0710e5faffcfc6</pre></blockquote> - -<p>This can then be used in place of a clear-text password. However, the -encryption is not particularly strong and will foil only the most -casual inspection. As noted earlier, the only reasonably secure -method of providing a password is to be prompted for it.</p> - -<p>While starting up, <em class="emphasis">smbutil</em> reads the file -<em class="filename">.nsmbrc</em><a name="INDEX-69"/> in the user's home -directory. Also, the file -<em class="filename">/usr/local/etc/nsmb.conf</em><a name="INDEX-70"/><a name="INDEX-71"/> is read, and directives in that file -override those in users' -<em class="filename">~/.nsmbrc</em> files. This is to allow administrators -to apply mandatory settings to all users. Directives can be placed in -this file using the section and parameter format similar to that of -the Samba configuration file. A list of common configuration -parameters is given in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p> - -<p>For example, to keep your password in your -<em class="filename">~/.nsmbrc</em> file, you can create an entry in the -file such as the following:</p> - -<blockquote><pre class="code">[VAMANA:LEONVS] - password=$$1625a5723293f0710e5faffcfc6</pre></blockquote> - -<p>The section heading in brackets specifies the SMB -server's NetBIOS name and the username to which the -subsequent parameter settings apply. (The hostname and username -should be supplied in uppercase characters.) Section headings can -also consist of just a hostname or can contain a share name as a -third element for specifying parameters applicable to a single share. -Finally, if a <tt class="literal">[default]</tt> section is present, the -settings in it apply to all connections.</p> - -<p>The following example <em class="filename">.nsmbrc</em> shows some of the -other parameters you might use:</p> - -<blockquote><pre class="code">[default] - username=leonvs - # NetBIOS name server - nbns=192.168.1.3 - -[VAMANA] - # server IP address - addr=192.168.1.6 - workgroup=TEST - -[VAMANA:LEONVS] - password=$$1625a5723293f0710e5faffcfc6</pre></blockquote> - -<p>Another thing you can do with <em class="emphasis">smbutil</em> is -<a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/>translate between IP addresses or DNS -names and -<a name="INDEX-75"/>NetBIOS -names. For example, the <em class="emphasis">status</em> subcommand takes -an IP address or DNS hostname as an argument and returns the -corresponding SMB server's NetBIOS name and -workgroup:</p> - -<blockquote><pre class="code">% <tt class="userinput"><b>smbutil status 192.168.1.6</b></tt> -Workgroup: TEST -Server: VAMANA</pre></blockquote> - -<p>The <em class="emphasis">lookup</em> subcommand returns the IP address -associated with a given NetBIOS hostname. A NetBIOS name server can -be optionally specified with the <em class="emphasis">-w</em> argument:</p> - -<blockquote><pre class="code">% <tt class="userinput"><b>smbutil lookup -w 192.168.1.3 VAMANA</b></tt> -Got response from 192.168.1.3 -IP address of VAMANA: 192.168.1.6</pre></blockquote> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-6.2"/> - -<h3 class="head2">mount_smbfs</h3> - -<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-76"/> program performs essentially the same -function as <em class="emphasis">smbmount</em> on Linux. It mounts an SMB -share on a directory in the local filesystem. The SMB share can then -be accessed just like any other directory, subject to some behavioral -differences noted earlier in <a href="ch05.html#samba2-CHP-5-SECT-4.1">Section 5.4.1</a>.</p> - -<p>The command synopsis for <em class="emphasis">mount_smbfs</em> is:</p> - -<blockquote><pre class="code">mount_smbfs <em class="replaceable">[options]</em> <em class="replaceable">Share-UNC</em> <em class="replaceable">mount-point</em></pre></blockquote> - -<p>where <em class="replaceable">Share-UNC</em> is of the form:</p> - -<blockquote><pre class="code">//[<em class="replaceable">workgroup</em>;][<em class="replaceable">username</em>[:<em class="replaceable">password</em>]@]<em class="replaceable">server</em>[/<em class="replaceable">share</em>]</pre></blockquote> - -<p>For example:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs '//TEST;leonvs:$$1625a5723293f0710e5faffcfc6@vamana/leonvs' /</b></tt> -\<tt class="userinput"><b>Volumes/leonvs</b></tt></pre></blockquote> - -<p>The ownership and permissions of the mount point determine the -default ownership and permissions for files and directories in the -mounted share. These can be modified with command-line arguments, -like this:</p> - -<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs -u leonvs -g admin -f 0750 -d 0755 //leonvs@vamana/leonvs </b></tt> -\<tt class="userinput"><b>/Volumes/leonvs</b></tt></pre></blockquote> - -<p>In this example, the files and directories in the mounted share will -be owned by the user leonvs and the group admin, with files and -directories having permissions 750 and 755, respectively. (As usual, -the permissions are specified in the octal format used by the Unix -<em class="emphasis">chmod</em> command.)</p> - -<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-77"/><a name="INDEX-78"/> command -also makes use of settings in -<em class="filename">/usr/local/etc/nsmb.conf</em> and -<em class="filename">~/.nsmbrc</em>, as described earlier. A list of -common configuration parameters and command-line options is provided -in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p> - -<a name="samba2-CHP-5-TABLE-2"/><h4 class="head4">Table 5-2. Common smbutil and mount_smbfs options</h4><table border="1"> - - - - -<tr> -<th> -<p>Command-line option</p> -</th> -<th> -<p>Configuration file parameter</p> -</th> -<th> -<p>Description</p> -</th> -</tr> - - -<tr> -<td> -<p><tt class="literal">-I</tt> <em class="replaceable">hostname</em></p> -</td> -<td> -<p><tt class="literal">addr</tt></p> -</td> -<td> -<p>Avoid NetBIOS name resolution and connect to the server using the -specified DNS hostname or IP address.</p> -</td> -</tr> -<tr> -<td> -<p>-N</p> -</td> -<td> -<p><em class="emphasis">none</em></p> -</td> -<td> -<p>Do not prompt for a password.</p> -</td> -</tr> -<tr> -<td> -<p>-R <em class="replaceable">count</em></p> -</td> -<td> -<p><tt class="literal">retry_count</tt></p> -</td> -<td> -<p>Number of times to retry connection before giving up.</p> -</td> -</tr> -<tr> -<td> -<p>-T <em class="replaceable">seconds</em></p> -</td> -<td> -<p><tt class="literal">timeout</tt></p> -</td> -<td> -<p>Timeout, in seconds, per connection request.</p> -</td> -</tr> -<tr> -<td> -<p>-U <em class="replaceable">username</em></p> -</td> -<td> -<p><tt class="literal">username</tt></p> -</td> -<td> -<p>Username to use for authentication. Defaults to Unix username.</p> -</td> -</tr> -<tr> -<td> -<p>-W <em class="replaceable">workgroup</em></p> -</td> -<td> -<p><tt class="literal">workgroup</tt></p> -</td> -<td> -<p>Name of workgroup of remote server.</p> -</td> -</tr> -<tr> -<td> -<p>-d <em class="replaceable">mode</em></p> -</td> -<td> -<p><em class="emphasis">none</em></p> -</td> -<td> -<p>Permissions to apply to directories in the mounted share. Defaults to -the same as the file permissions, plus an execute (search) bit -whenever the read bit is set.</p> -</td> -</tr> -<tr> -<td> -<p>-f <em class="replaceable">mode</em></p> -</td> -<td> -<p><em class="filename">none</em></p> -</td> -<td> -<p>Permissions to apply to files in the mounted share. Defaults to the -same as the permissions set on the directory used as the mount point.</p> -</td> -</tr> -<tr> -<td> -<p>-g <em class="replaceable">group</em></p> -</td> -<td> -<p><em class="emphasis">none</em></p> -</td> -<td> -<p>Name or numeric GID to apply to all files and directories in the -mounted share. Defaults to the group of the directory used as the -mount point.</p> -</td> -</tr> -<tr> -<td> -<p>-n <em class="replaceable">long</em></p> -</td> -<td> -<p><em class="emphasis">none</em></p> -</td> -<td> -<p>Disable support for long filenames. Restrict filenames to 8.3 naming -standard.</p> -</td> -</tr> -<tr> -<td> -<p>-u <em class="replaceable">username</em></p> -</td> -<td> -<p><em class="emphasis">none</em></p> -</td> -<td> -<p>Username or numeric UID to apply as the owner of all files and -directories in the mounted share. Defaults to the owner of the -directory used as the mount point.</p> -</td> -</tr> -<tr> -<td> -<p>-w <em class="replaceable">hostname</em></p> -</td> -<td> -<p><tt class="literal">nbns</tt></p> -</td> -<td> -<p>Hostname or IP address of the NetBIOS name server.</p> -</td> -</tr> -<tr> -<td> -<p><em class="emphasis">none</em></p> -</td> -<td> -<p><tt class="literal">password</tt></p> -</td> -<td> -<p>Password to use for authentication.</p> -</td> -</tr> - -</table> - - -</div> - - -<div class="sect2"><a name="samba2-CHP-5-SECT-6.3"/> - -<h3 class="head2">Mac OS X</h3> - -<p><a name="INDEX-79"/>In addition to -<em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em>, OS -X includes a graphical interface to the functionality they provide. -To use this interface, open the Go menu and select the Connect to -Server . . . menu item. Instead of using a UNC, specify the share in -the form of a Uniform Resource Identifier (URI) with a prefix of -<tt class="literal">smb://</tt> entered in the Address field, as shown in -<a href="ch05.html#samba2-CHP-5-FIG-5">Figure 5-5</a>.</p> - -<div class="figure"><a name="samba2-CHP-5-FIG-5"/><img src="figs/sam2_0505.gif"/></div><h4 class="head4">Figure 5-5. OS X Connect to Server dialog</h4> - -<p>You can specify a server, share, workgroup, username, and password -(optionally encrypted with <em class="emphasis">smbutil crypt</em>) in the -URI, in the same format as the UNC argument to -<em class="emphasis">mount_smbfs</em>. If you don't -specify a share name in the URI, you will be shown a window that lets -you choose from a list of shares available to mount. See <a href="ch05.html#samba2-CHP-5-FIG-6">Figure 5-6</a>.</p> - -<div class="figure"><a name="samba2-CHP-5-FIG-6"/><img src="figs/sam2_0506.gif"/></div><h4 class="head4">Figure 5-6. Selecting a share to mount</h4> - -<p>Only guest-accessible shares will show up in the list until -you've authenticated. After pressing the -Authenticate button, you'll be prompted for a -workgroup, username, and password, as shown in <a href="ch05.html#samba2-CHP-5-FIG-7">Figure 5-7</a>. You'll also see this dialog -if you provide a share name in the URI, but not a username and -password.<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a></p> - -<div class="figure"><a name="samba2-CHP-5-FIG-7"/><img src="figs/sam2_0507.gif"/></div><h4 class="head4">Figure 5-7. Client authentication</h4> - -<p>As usual for Mac OS X, shares are mounted under -<em class="filename">/Volumes</em>, but show up in the root of the Finder -hierarchy.</p> - -<p>If you have a WINS server on your network, you can provide the -server's IP address in the Directory Access -application, or by using the <tt class="literal">wins</tt> -<tt class="literal">server</tt> parameter in -<em class="filename">/etc/smb.conf</em>.</p> - -<p>If you don't know the name of a server to which you -wish to connect, you can look for it in the browse list, using the -graphical frontend to the <em class="emphasis">nmblookup</em> command -provided with Samba. Click the downward-pointing arrow in the Connect -to Server . . . dialog box to show a hierarchical, column-based view -of available workgroups and servers, similar to that shown in <a href="ch05.html#samba2-CHP-5-FIG-8">Figure 5-8</a>. If your client is also acting as an SMB file -server, it won't show up in its own browse -list.<a name="INDEX-80"/></p> - -<div class="figure"><a name="samba2-CHP-5-FIG-8"/><a name="INDEX-81"/><img src="figs/sam2_0508.gif"/></div><h4 class="head4">Figure 5-8. Browsing the network</h4> - - -</div> - - -</div> - -<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> An alternative to extracting -the tar archive directly to the SMB share is to use the Unix -system's <em class="emphasis">tar</em> command to extract -it to a directory on the Unix server, then copy the desired file(s) -to a shared directory. This allows a greater amount of control over -the restoration process, as when correcting for an accidental file -deletion or reverting a set of files to a previous condition.</p> -<a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Samba Versions -2.2.4 and later have support for Unix CIFS extensions developed by -Hewlett-Packard, which add full support for Unix ownership, group, -and permissions in smbfs filesystems when shared between two Samba -systems. You will also need a recent version of smbfs in your Linux -kernel.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> At the -time of this writing, <em class="emphasis">smbsh</em> does not work on -HP/UX or Linux. However, Linux support might return in the -future.</p> <a name="FOOTNOTE-4"/> <p><a href="#FNPTR-4">[4]</a> If you've previously -stored your authentication information in a Keychain, you will -instead be prompted for your Keychain password.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html> |