Tuesday, January 15, 2013

Connecting Linux Shares to a Windows Network

Introduction

This is a basic level tutorial for Linux novices who are wrestling with their new operating system trying to get it to share directories on their Home network instead of serving up "Access Denied" to Windows. I am assuming that your level knowledge is at or near zero here, much like mine was about a week ago.

After a long struggle with usernames, groups and all of that wonderful stuff, I just succeeded in connecting several Linux directories to an existing Windows network so that files can be copied back and forth from Windows. Linux still cannot see the Windows shares, but that will have to be figured out the next time I have a couple days to kill. I am not worried about that part as I do not use the Linux box for much besides htpc.

My computers run Windows XP and have a network already in place that has been working fine for years using DHCP and a router without anything fancy. I consider this the typical home network scenario although many folks these days use wireless routers. I did not change anything on my Windows boxes and you won't either. Note: Due to massive retardation in Windows 7, the following instructions will not suffice for that OS. I was unable to network Linux with Windows 7 after many hours trying.

The only missing link on my network for several days was the Linux box, but now everything is more or less okay.

Keep in mind that Linux is designed from the ground up with security in mind, in fact this is the number one bragging point for Linux for decades, so usability takes a back seat. What I want to do is disable the security as much as possible and make usability the driver in this vehicle.

The following is a very simple and not secure example of smb.conf that will let you access your Linux box from your Windows box via the network. I do not need the heavy security of Linux due to having a hardware firewall in my router and certain other factors. If this is your scenario as well, then read on, otherwise you're in for a long ride, better put your seat belt on and browse another tutorial besides this one.

Here's a little tip for Windows users that will really save them some time. When you are testing your Linux shares in Windows Explorer, remember, all you have to do is click on "My Network Places," click on the window on your right, and keep that window in focus. Then, anytime you make changes over on your Linux box and want to see if you can now access the shares or not, all you have to do is hit F5 for a refresh and Windows will update its network info. Then click on each share to see whether you gain access. No, you do not need to reboot Windows or exit out of Windows Explorer or anything else that wastes time. I learned this through trial and error. Again, I made no changes to Windows or to the router.

After installing Linux Mint for the first time, you need to download Samba in order to network. Either enter the text commands to apt-get if you prefer the command line interface or else use the Package Manager and search for Samba and let it do the installing for you. I prefer the Package Manager myself because it requires just a few clicks and you're done. I like the Package Manager and think it's a great idea and too bad Windows XP didn't have one.

Use the File Manager to browse over to your /etc directory. I can usually find mine by clicking on "File System" in the left area. Next, click on a directory called samba. Once you're in /etc/samba, right-click on smb.conf and choose "Open as Administrator." After entering your password, your text editor, Pluma in Linux Mint, will load and you can modify the file.

Adjust the "server string" and the "user" and "group" to your own scenario. I just made up ones for this example. Your path may be different as well. This is just an example that provides the basic idea. Workgroup is very important. You must go into Windows to find out what your workgroup is called. Click on Start | Control Panel | System | Computer Name. In Windows XP, that is where you find out what your workgroup is, or if you don't have one set, that is where you set it. However, server string and netbios name are different. You can make them up, call them whatever you want. Workgroup must be legit though and exactly match what Windows is looking for. I don't know whether case is important but I would match case too if it were me.

I have found through trial and error that it is a good idea to include "bcast" and "lmhosts" in your "name resolve order." I think including these will allow your Linux box to access your Windows box. If you remove bcast and lmhosts, as I once did as an experiment, then your Windows can find your Linux box but not vice versa. It may be that setting the netbios name is important too, I don't know but I made that change about the same time and now I have two-way sharing, which is what everybody wants.
[global]
workgroup = WORKGROUP
server string = thelinuxboxofigor
netbios name = igoroystershell
security = share
name resolve order = hosts wins bcast lmhosts

[Downloads]
path = /home/igor/Downloads
force user = igor
force group = thelinuxbox
read only = no
guest ok = yes
available = yes
browsable = yes
public = yes
writable = yes

[Music]
path = /media/sda1/music
force user = igor
force group = thelinuxbox
read only = no
guest ok = yes
available = yes
browsable = yes
public = yes
writable = yes

You can add additional directories besides just Music and Downloads. Just copy, paste, and modify as needed. Comment out the other stuff because it may interfere with sharing. Remember, Linux is all about the security. In this example security is not our friend. We just want things to work, security can come later.

In addition, you want to make sure your /etc/hosts file looks something like this:

127.0.0.1 localhost
127.0.1.1 thelinuxboxofigor.WORKGROUP
127.0.1.1 thelinuxboxofigor

Note that the above settings not only configure your network. They will also prevent an annoying little error message when you try to sudo anything, that is, run things from the Terminal command line as an administrator.
Also, /etc/hostname should have the name of your box, that is, the word that comes after your username and the ampersand when you open up a Terminal. If you open up a Terminal, you will immediately see what I am talking about.

The next thing to do, maybe the most important, is to set permissions for the directories you wish to share. Make them wide open to everybody with read/write access. Also click on Share permissions and then Windows. It is not enough setting permissions for a directory. You also have to allow permissions for all the parent directories as well or else it won't work, the folders won't permit access on the Network! I didn't realize this was so, but trial and error showed that it was on my network.

Taking these steps will allow easy access to the Linux box without the annoying "Access Denied" errors. Some day I'm going to think about allowing access to the Windows shares from Linux, but for now I am respecting a truce between Linux and me, so that I can evacuate the wounded personnel from the battlefield. Update: I think the above config will permit two-way sharing on the network. Mine is working both ways now. Knock on wood.

Addendum

There may be other files that could use modification for networking but I don't remember any off hand. I modified so many things over the course of my journey, and it all becomes a blur after a while, but hopefully this tutorial will help me remember.

If you are a novice then I would recommend learning about /etc/fstab as it contains some pretty important controls that can effect performance and security, though I doubt whether it effects networking. My fstab looks like this based upon my research:

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#
proc /proc proc nodev,noexec,nosuid 0 0
# / was on /dev/sda1 during installation
UUID=blah-de-blah / ext4 errors=remount-ro,noatime 0 1
# /home was on /dev/sda6 during installation
UUID=blah-de-blah /home ext4 defaults,noatime 0 2
# swap was on /dev/sda5 during installation
UUID=blah-de-blah none swap sw 0 0
tmpfs /tmp tmpfs nodev,nosuid,size=2G,noatime,mode=1777 0 0
tmpfs /var/lock tmpfs nodev,nosuid,size=128M,noatime,mode=1777 0 0
tmpfs /var/run tmpfs nodev,nosuid,size=512M,noatime,mode=1777 0 0

"noatime" kills the Linux process that keeps track of how much each file is accessed. I don't care about such statistics, although a network admin for a big company might. UUID is better than using labels because it makes the OS more agile in accepting new drives. The last digit at the end of each line controls the priority of each file system to fsck when it is checking for errors. So boot is highest priority at 1, followed by the rest. I have set tmpfs to use a maximum of two gigs of RAM instead of swapping out to /tmp on the hard drive, because Linux does not need that, it has plenty of memory on my box. Don't really see the need for a swapfile in modern times, but Linux is an old OS and grew up in the time when memory was measured in megabytes or even kilobytes--as did I. Based upon my reading over at the wonderful and superb Arch Linux documentation goldmine, I've determined that /tmp, /var/lock, and /var/run can be converted to tmpfs, thus conserving I/O to the hard drive and using memory instead. When one has 4 gigabytes of RAM, one wishes to use it. Whether these mods really affect system responsiveness, I have not determined, but I find it interesting that the latest version of Fedora (18) sets /tmp to be tmpfs by default. Really I do not know why all the other distros don't follow suit.

No comments:

techlorebyigor is my personal journal for ideas & opinions