[CentOS] Easiest way to get samba up and working for Windows users?

Mon Feb 23 21:52:50 UTC 2009
Les Mikesell <lesmikesell at gmail.com>

Noob Centos Admin wrote:
> 
> 
>     probably not the answer you want to hear but...
>     swat is supposed to be the tool for simple administration.
> 
> 
> I was afraid of that. By the time I gave up and completed the task 
> manually, I was thinking maybe it might be easier to write my own script 
> to repeat all those useradd, gpasswd -a, smbpasswd and nano smb.conf :(

Is there a windows domain or AD in this picture somewhere?  If so, point 
samba authentication there and don't worry about separate passwords.
> 
> No worries about that one, I only edit conf files on my CentOS box using 
> nano. The closest to using Windows for this is to manage my servers are 
> SSH through putty, and writing long php scripts to be uploaded.

If you want something nicer, run freenx on the server and the NX client 
from www.nomachine.com for your windows box.  That lets you connect to a 
complete GUI desktop remotely and conveniently.

> For a single common to everybody share it was easy of course. In fact, 
> for something like that, I'll do away with bothering everybody with a 
> login and simply make a single login everybody shares for filesharing.
> 
> It's when I have 8 people  who have to share aaa, then a sub group B 
> have to share bbb, then a subgroup C have to share ccc, then a subgroup 
> of people from B+C need to share ddd and so forth that it becomes 
> untenable to do everything by hand and the tools at the moment just dont 
> cut it.

Not that complicated.  Just create groups as needed and add the 
appropriate users to each group (independently, don't worry about which 
are sub-groups of others).

Then the samba shares look like:

[aaa-share]
    comment = aaa workspace
    path = /path/to/aaa-share
    public = no
    valid users = @aaa
    writable = yes
    printable = no
    force create mode = 0775
    force directory mode = 775
    force group = aaa

You might want some other mode, just make sure it is group-read/write. 
Then you can cut/paste those, substituting the appropriate groups, and 
do an initial chgrp -R and chmod -R of the top directories to make sure 
they have the right starting ownership and modes.

> Except of course webmin doesn't actually create the smbuser correctly. 
> Maybe it has to do with how I use it, but maybe again like CentOS's 
> tool, that particular functionality is actually broken.

If you use smb authentication against a domain controller, all you have 
to do is create the linux users with the same login name.  With winbind 
you might not even have to do that, but then I don't know how you 
control the groups.

-- 
   Les Mikesell
    lesmikesell at gmail.com