dropdown menu

EXTRA - SAMBA

SAMBA:

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

SAMBA CLIENT ALL:


install SAMBA:

bos.cifs_fs.5.3.0.0.I
bos.cifs_fs.rte.5.3.0.62.U
bos.cifs_fs.smit.5.3.0.60.bff
------------

smitty cifs_fs

lscifsmnt
rmcifsmnt -f /smb_mnt
mkcifsmnt -f /mnt -d share1 -h server1 -c user1

--------------------------------------------------------------------------------
smitty cifs_fs:
first it will do in read-only, later have to come back again and set it again
If Share name is like this: \\server name\share name, it is enough to write "share name" (\\server.. not needed)

                                                        [Entry Fields]
* Pathname of mount point                             /homes/ftp/Test
  SERVER name                                        [10.10.40.10]
  User Name                                          [SSH01]
  Password                                           []
  Share name                                         [Test]        <--what has been shared on the other system
  Mount as a READ-ONLY system                        [no]          <--first it will be read-only, come back again                                                                                                        +
  uid                                                [6027083]
  gid                                                [6000116]
  Mode                                               [777]
  Domain to Authenticate against                     []            <--once on windows I had to set here: ads
  Remount now, add change to /etc/filesystems,       [Both]
                          or both
  /etc/filesystems entry will mount on start         [no]
  Mount Type name                                    []


After these the credential file has to be set as well:
smitty cifs_fs -> Credential configuration

/etc/cifs_fs/cifscred file      allows future mounting of CIFS shares with stored credentials
lscifscred                lists the server or user entries stored in the /etc/cifs_fs/cifscred file (mkcifscred, rmcifscred, chcifscred)

--------------------------------------------------------------------------------

other methods:
/usr/sbin/mkcifsmnt -t rw -f /homes/ftp/29/test -d test -h 10.10.15.24 -c SSG01 -p xyz -u 32292 -g 6000116 -x 777
mount -v cifs -n 10.10.15.24/SSG01/xyz -o uid=32292,gid=200,fmode=775 test /homes/ftp/29/test

--------------------------------------------------------------------------------
Once on Win side had to change something in order to work:
"I have changed something on the server - from "Send NTLMv2 response only. Refuse LM  NTLM" to " Send LM & NTLM - use NTLMv2 session security if negotiated" So I hope, this fixes the problem"


--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------


SAMBA SERVER ALL:


Needed ports:

netbios-ns        137/tcp           # NETBIOS Name Service
netbios-ns        137/udp           # NETBIOS Name Service
netbios-dgm       138/tcp           # NETBIOS Datagram Service
netbios-dgm       138/udp           # NETBIOS Datagram Service
netbios-ssn       139/tcp           # NETBIOS Session Service
netbios-ssn       139/udp           # NETBIOS Session Service

microsoft-ds      445/tcp           # Microsoft-DS
microsoft-ds      445/udp           # Microsoft-DS

netbios is Windows file & printer sharing

Microsoft-DS (Microsoft Directory Services) is a port used for file sharing. It was introduced with Windows 2000 and gives you the possibility to use SMB protocol (stands for Server Message Block, but is also known as Samba) directly over TCP-IP on port 445.


In www.samba.org, written this:
UDP/137    - used by nmbd
UDP/138    - used by nmbd
TCP/139    - used by smbd
TCP/445    - used by smbd

INSTALL:

/mnt/MISC/SAMBA
-rwxrwxrwx   1 root     sys        67379200 Jun 28 2005  samba-3.0.4.0.bff

smitty install:
root@aix31: /mnt/MISC/SAMBA # lslpp -l | grep -i samba
  freeware.samba.rte         3.0.4.0  COMMITTED  Samba Version 3.0.4


-------
SWAT (SAMBA Web Administartion Tool) configuration: (not necessary, only if you want it)
It is a GUI for SAMBA, a web browser is needed for SWAT, and X11 as well.

/etc/services:
swat    901/tcp

/etc/inetd.conf:
swat    stream  tcp     nowait  root    /usr/local/samba/sbin/swat      swat

in browser:
http://localhost:901
-------

SAMBA tools:

install dir: /usr/local/samba

/usr/local/samba/sbin/nmbd                <--provides netbios nameserver supports to clients (nameserver for samba)
/usr/local/samba/sbin/smbd                <--smb daemon
/usr/local/samba/sbin/smbd -b             <--shows configuration infos. i.e.: path for the config file: smbd -b|grep smb.conf
/usr/local/samba/bin/smbstatus            <--shows actual sharings and connections
/usr/local/samba/bin/testparm             <--test the smb.conf file for any typo
/usr/local/samba/bin/pdbedit -a user123   <--creates users (on AIX I created before)
/usr/local/samba/bin/smbpasswd            <--changes pw (-a: add a user who can access the shares from a client)
/usr/local/samba/bin/smbclient            <--it is an SMB client program for UNIX machines, it provides an ftp like interface,
                                          to transfer files between a windows 'server' and a unix 'client'
---------

PROCESS OF SAMBA CONFIGURATION:


0. check ports: a 137,138,139,445 (if needed firewall opening)
rpcinfo, telnet

1. check where is smb.conf:
/usr/local/samba/sbin/smbd -b               <--shows version of SAMBA etc.,and the path to smb.conf

2. edit smb.conf:

/usr/local/samba/lib/smb.conf (it is a link to /etc/samba/smb.conf)

Create a similar entry:

[samba_share]                               <--use this name for connection
        comment = share test                <--anything can be written here
        path = /home/samba_share            <--path of the dir what we want to share
        read only = no
        guest ok = yes
        read list = user123                 <--users who will be able to read it (space separated)
        write list = user123                <--users who will be able to write to it (space separated)

Important:
-check owner,rights of the given directory (in the path)
-after chacnging the conf file, daemons have to be restarted in order changes be refreshed

-----------
this is good for read only:
[samba_share]
   comment = share test
   path = /home/samba_share
   read only = no
   guest ok = yes
-----------


3.SAMBA user creation:
/usr/local/samba/bin/smbpasswd -a user123                  <-- -a: add user as well

Same user has to be created, to what we gave in the conf file

For root we can create one:
/usr/local/samba/bin/smbpasswd -a root
(root passw is needed)

4. testing smb.conf:
/usr/local/samba/bin/testparm                              <--test the smb.conf file for any typo (default conf file)

testing not the default conf file:
/usr/local/samba/bin/testparm /etc/samba/smb.conf

5. starting daemons:
/usr/local/samba/sbin/smbd -D                              <-- -D: handling it as daemon (this is the default)
/usr/local/samba/sbin/nmbd -D

6. connecting to SAMBA:

LOCALLY (AIX):
/usr/local/samba/bin/smbclient //localhost/samba_share     <--samba_share: which has been created in conf file

password is what has been created with smbpasswd for the user
if not root user, than check permissions of the conf file (if needed give read permission)

another way: /usr/local/samba/bin/smbclient -U% -L localhost

REMOTELY (WINDOWS):
(tools->map network drive->choose a drive)
the command: \\10.10.101.78\samba_share                    <--it will map that directory

"Connect using a different username": If on Windows and AIX users are identical this is not needed.
If user/pw created in SAMBA is different of the actual windows user/pw, then here we can give the SAMBA user/pw.

7. Checks, tests:
/usr/local/samba/bin/smbstatus                             <--shows connections (if we could connect)

/usr/local/samba/bin/smbclient -L 10.10.101.78             <--shows which shares are available on a given host


!!!2 different SAMBA version (rpm and a fileset one) should no be installed at the same time (daemons did not started for me)!!!!

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------


I had this error:
(Samba was installed from rpm and it was started from inetd.)

# smbclient -L localhost -U <user>
added interface ip=10.10.10.8 bcast=10.10.35.31 nmask=255.255.255.224
session request to LOCALHOST failed (Call returned zero bytes (EOF)
)
session request to *SMBSERVER failed (Call returned zero bytes (EOF)
)



1. check samba logs (I turned this on)
  vi /etc/inetd.conf: netbios-ssn stream tcp nowait root /usr/sbin/smbd -l /var/log/samba.log smbd
  refresh -s inetd
(probably in syslog you can find where it is logging)

2. cat samba.log
  ...
  [2012/10/11 09:20:11, 0] tdb/tdbutil.c:tdb_log(531)
  tdb(/etc/secrets.tdb): rec_free_read bad magic 0x2f73616d at offset=812    <--shows problems with /etc/secrets.tdb
  [2012/10/11 09:20:11, 0] passdb/machine_sid.c:pdb_generate_sam_sid(163)
  pdb_generate_sam_sid: Failed to store generated machine SID.
  [2012/10/11 09:20:11, 0] smbd/server.c:main(793)
  ERROR: Samba cannot create a SAM SID.

3. stop samba
  vi /etc/inetd.conf -> comment lines smbd, nmbd
  refresh -s inetd

4. remove /etc/secrets.tdb
  mv /etc/secrets.tdb /etc/secrets.tdb.old

5. start samba
  vi /etc/inetd.conf -> uncomment smbd, nmbd lines
  refresh -s inetd

6. test login
  # smbclient -L localhost -U <user>
  added interface ip=10.10.10.8 bcast=10.10.35.31 nmask=255.255.255.224
  Password:


--------------------------------------------------------------------------------

I had this "error":

# smbstatus

Samba version 2.2.7
Service      uid      gid      pid     machine
----------------------------------------------

Failed to open byte range locking database
ERROR: Failed to initialise locking database
Can't initialise locking module - exiting



This is not an error after first successful login it will be OK.
I did: smbclient -L localhost -U <user>
After that: smbstatus

Samba version 2.2.7
Service      uid      gid      pid     machine
----------------------------------------------

No locked files

--------------------------------------------------------------------------------


19 comments:

Samiindin said...

there is two share drive on the smb.conf file one share is working another one is not working, we are getting error like below

Samba:/ #/usr/local/samba/bin/smbclient //Samba/Sharedrive -U
WARNING: no network interfaces found
Password:
Domain=[MYER] OS=[Unix] Server=[Samba 3.0.30]
tree connect failed: NT_STATUS_ACCESS_DENIED

Anonymous said...

Hi,

I am facing errors while mountig a windows share on AIX host (6100-04-03)

lslpp -L| grep -i smb
bos.cifs_fs.rte 6.1.4.2 C F Runtime for SMBFS
bos.cifs_fs.smit 6.1.4.1 C F SMIT Interface for SMBFS


I tried usig both smit cifs_fs and mkcifsmnt. But getting the same error. Please help

There was an error connecting the share or the server. Make sure the lsdev command shows that device nsmb0 is in the Available state. Also make sure that the share name, user name and password are accurate.

nsmb0 is available ad the username,password and share name are correct. I am able to access the windows share through run prompt.

aix said...

Hi, you did not write anything about the error...

Anonymous said...

The error is

There was an error connecting the share or the server. Make sure the lsdev command shows that device nsmb0 is in the Available state. Also make sure that the share name, user name and password are accurate.

aix said...

Did you check if firewall does not block necessary ports for Samba? (port 137-139 and 445). Also share name (or domain name) should be given at AIX side, please check that one as well-

Unknown said...

Hi,
I am getting nobody where I authenticate my smb with AD...
Samba version 2.2.7
Service uid gid pid machine
----------------------------------------------
IPC$ nobody nobody 991234 lp-e4115b3cd0a5 (10.6.60.51) Fri Jul 5 13:03:24 2013

No locked files

aix said...

No idea, IBM could help in this case.

Unknown said...

Hi,

can anybody tell how to patch the Samba Version 3.3.12 on AIX with steps. I am not able to patch the Samba Server on AIX.

Unknown said...

i have aix OS with given below filesets installed in aix 7.1.
--------------------------------------------------------------
samba.base 3.3.12.0 C F Samba for AIX
samba.license 3.3.12.0 C F Samba for AIX
samba.man.en_US 3.3.12.0 C F Samba for AIX

How can i update these filesets to 3.6 version

aix said...

I found this link: http://www.perzl.org/aix/index.php?n=Main.Samba

Anonymous said...

Hi,

I had a directory exported via samba.. But when I try to create files under this, its getting created with nobody ownership. Any fix to this issue?

Anonymous said...

Hi,
The files in the samba share is not view able in the windows machine. I've checked for all files and directory permissions in the AIX server, everything seems to be fine. Could you please help?

Anonymous said...

Anyone knows how to mount a Windows Server 2008 R2 share in AIX when in Windows the only NTLMSSP protocol is allowed?
In Linux it is enough to specify "sec=ntlmssp" and it works. But in AIX there is no "sec=" option at all (mount -v cifs // /sbin/helpers/mount_cifs )

Maybe it is exactly this setting "Send LM & NTLM - use NTLMv2 session security if negotiated" ? or "Send NTLMv2 response only. Refuse LM NTLM" ?

Anonymous said...

Hello,

this should fix the problem in some cases
http://nixaid.com/ntlmssp-aix-cifs/

Anonymous said...

how to refresh samba service after adding file systems to an existing/running samba ?

Anonymous said...

I am unable to mount CIFS file system on aix server when NetBIOS over tcpip on windows share is disabled .

Anonymous said...

Please ask windows team to follow all the below steps(error because of version compatibility from AIX to Windows)
The CIFS server must support SMB version 1
All network communications are on TCP port 139--use of port 445 is not supported
The server must allow NetBIOS requests
Support for NTLMv1 authentication must be enabled in the CIFS server
Packet signing must not be required--it must either be optional or disabled
The CIFS server must not require Unicode support
SPN target name validation must be disabled

aix said...

Thx for these steps.

Info Tech said...

how can i get an old AIX Samba version 3.3.12 as *.bff?