Here are in-page links to the focus areas:

• • Software RPMs and switching Samba on
• • Setting up a Samba Client
• • The Suse/openSUSE Default Shares
• • Permission to Access Suse/openSUSE Shares
• • Enhance Browsing with a Local Master Browser
• • Summary Recipes for smb.conf
• • Opening the firewall for Samba
• • Activating your changes

And just in case some of you want to explore settings related to Windows or openSUSE networking:

• • Appendix I: Network interfaces in Windows
• • Appendix II:Network interfaces in openSUSE

Sharing Printers isn't covered here. New users will find the material that's already here daunting enough. Here is a range of options to explore when you need it:

• • Samba Print Server on Suse for Linux & Windows Clients
• • Windows Print Server on Windows for Linux Clients
• • IPP Print Server on Suse for Linux & Windows Clients

About Suse's Firewall: SuSEfirewall2 was closed to Samba by default up to version 10.3. It's open by default from version 11.0. If you've been experimenting with Samba in Yast you might have "adjusted" it. I always turn it off until I get Samba going nicely on a new machine, just to cut down the number of things I have to worry about. At the end I turn it on again. Then Samba tells me straight up whether I have to adjust it. You can turn it off for now in Yast --> Security and Users --> Disable Firewall Automatic Starting --> Stop Firewall Now. You turn it on later at the same place in Yast. Firewall settings are covered later in the Tutorial.

↑↑↑↑Software RPMs and switching Samba on: The Samba packages are found in Yast --> Software Management --> Search Facility.

• • Basic packages: samba, samba-doc, yast2-samba-client, samba-client, yast2-samba-server
• • KDE3 users (but not KDE4 users) add this: kdebase3-samba
• • Gnome users add this: nautilus-share
• • If you need cifs mounts (mapped drives) add this: cifs-mount

Switching Samba on: You arrange for Samba to start at boot time by activating appropriate runlevels for the daemons nmb and smb. Open Yast --> System --> System Services (Runlevel) --> Expert Mode --> locate nmb and smb in the list. Ensure that each is toggled with the Enable button to Running=yes. Then click Finish to save and exit.

Big Tip: Sometimes I have to reboot everything including routers and modems to shake some problems loose, just like with Windows networks.

↑↑↑↑Samba's Starting Point Configuration: You can set up Samba networking in Yast. It's confusing because of all the options. Very often the nice default configuration gets changed irretrievably while fiddling in Yast, doesn't work and causes large scale hair loss. I'll display the default configuration here and show you how to restore it. Then I'll show how to change it for a SOHO LAN.

Samba is controlled by a text file called smb.conf located at /etc/samba/smb.conf. It's made up of paragraphs separated by headings enclosed in square brackets, one for the global settings and one each for a number of shares that the Suse Developers thought would be appropriate defaults. I've linked the openSUSE 11.x series smb.conf files for you to examine:

• The default smb.conf file for openSUSE 11.0 and 11.1 is on this link
• The default smb.conf file for openSUSE 11.2 is on this link

You can check these against your smb.conf file. You can open yours for viewing (i.e. no danger of changing it) with this command in a terminal in Gnome:

or if you use KDE execute this shell command

Now if it's necessary to restore it to it's pristine default state, that's easily done with one of these root-editor commands issued to open your smb.conf file for editing. For Gnome use this:

or for KDE use this

Now you can simply copy correct portions of the smb.conf files I linked for you above and paste them over any incorrect portions in the edit version of your file. The changes become permanent when you "Save". You can experiment to your heart's content because you can come back here and reinstall the defaults from the links anytime.

↑↑↑↑Setting up a Samba Client. You can't do anything useful unless Samba can "see" the network with Samba Client so this section is also about making the network visible. At this stage, if you've restored the [global] paragraph in smb.conf, it will look like one of these:

  [global] stanza for openSUSE 11.0 / 11.1

[global] stanza for openSUSE 11.2

The three commented lines beginning "logon" aren't relevant in our context. Hash marks (#) deactivate them, turning them into comments, as I've done. You can do that or just delete them.

All you need to do to browse workstations is change "WORKGROUP" to the name of your workgroup, add the netBIOS name (e.g. for me it's dell112) and add a line to tell Samba how to resolve names on the LAN (the name resolve order parameter, see below). The workgroup name can be anything sensible, provided it's the same on all workstations (Windows, Mac and Linux). In this tutorial it's SWERDNA, Simply edit/exchange this line:

for these three (but change 'SWERDNA' to suit):

Now you reinitialise Samba's smb and nmb daemons with these shell commands issued as root (su to root first): rcnmb restart to restart nmb and then rcsmb restart to restart smb. You should now be able to browse into Suse and Windows file servers by drilling down from the address smb:/ entered in Konqueror or either of smb:/ or network:/// entered in Nautilus. You may have to wait a while, cup of tea perhaps or a reboot just like in Windows, for the changes to take effect. You might not be able to read/write the shares without further permission information, which is covered later in this Tutorial, but you should be now able to see them.

↑↑↑↑The Suse/openSUSE Default Shares: There are four different file shares pre-defined in the default Samba configuration file for Suse/openSUSE, labelled [homes], [profiles], [users] and [groups]. You can turn these shares on and off with Yast.

Warnings before you begin regarding Yast's Network Services modules:

• • Stay away from the Windows Domain module. You have a workgroup, not a domain. Opening the module will likely change your Samba configuration file to the point where you might need to restore the originally-installed default smb.conf.
• • When in Yast's Samba Server module, don't click anything to do with the firewall. It should be switched off for the time being. There's a firewall configuration module covered later in this tutorial. If you use the Samba Server module you should check/re-configure the firewall as per my later instructions.

Returning to Yast's Network Services modules: Open samba Server. New users should be careful what they click. Here's the screenshot:

The names in the "Name" column are the names in square brackets in smb.conf. To toggle a share on/off, highlight it and press the Toggle Status button. Avoid all other changes unless you know what you're doing.

Don't activate "Allow users to share ......" unless you understand Usershares which aren't discussed in this Tutorial. That button has nothing to do with the shares we're discussing here.

You can highlight shares and Delete them but if you think you might reinstate them later you should just toggle them off for the time being.

Note: username/password authentication will be required to access openSUSE's default shares from other computers. See later.

[homes] Users' Roaming Shares: This share allows access with full read/write permissions to users logged onto either Windows or Linux clients on the LAN. You need to supply your Linux username and Samba password to access the share. It's called "roaming" because you can roam around the LAN and access your home on the server from all computers.

In Windows you can sometimes see the share as an icon named for your Linux username. Whether you see the icon depends on your transaction history with the server earlier that session. If you can see it, drill down into the share. If you can't see it then use an address like this in the Windows network browser: \\dell112\linux_username.

On the linux client you do not initially see the share as an icon as you sometimes do in Windows. Instead you always address the share in your browser by its netBIOS name; e.g. smb://dell112/linux_username. You can use the IP address instead of "dell112" in the address line. This is a fine share for users who like to keep their work on one server but access it from many machines.

[users] Sharing the /home Directories to all Users: This share exposes the whole of the directories under /home on the server to users on the LAN who can supply any valid Linux username + Samba Password pair.

Users can see other users' directories and have read/write access to their own directories. This is a lower security share that the [homes] share. Users on both Windows and Linux clients must authenticate (supply a correct username/Samba password). You can address these shares by drilling down in your network browser or by using the network addresses like smb://dell112/users or smb://dell112/users/a_username and also smb://192.168.1.2/...etc... Of course, Windows has a slightly different version of this addressing too (e.g. \\dell112\users\john etc etc).

[profiles] Network Profiles Service: As it's structured, this is intended for special attribute mapping. I won't discuss it in this primer and suggest that you turn it off in Yast's Samba Server module.

[groups] A Share for all Users: This share is accessible to all users. You must create the directory, groups, specified by the path parameter. Create it as root under the directory /home.

It will be a read-only share, great for sharing media or other archival files. If you want it to be a writable share you need to change the permissions on /home/groups from drwxr-xr-x to drwxrwxrwx. You can do that with the shell command sudo chmod 777 /home/groups.

This is a fairly secure share, accessible only by members of the Samba user database. Files that you create across the network in the [groups] share are owned by you.

That's all for the default shares supplied with smb.conf. You wouldn't normally leave open all four of the shares discussed above. Use Yast to toggle to off mode those shares that you don't use.

Alternatively, you can make custom shares if you wish. There are facilities within the file managers (Nautilus, Konqueror and Dolphin) for creating shares on-the-fly; these are open to "guests" and don't require the user to authenticate. I have also cataloged a series of customised shares and a range of security measures in an advanced tutorial on Samba shares elsewhere on this site.

↑↑↑↑Permission to Access Suse/openSUSE Default Shares: All of the shares discussed here require that the file server where they reside has users added to the Samba user database. You can only add users into the Samba user database if they already exist as Linux users on the server.

To check who's already in the database, run this terminal command: sudo pdbedit -L.

To add members. e.g. william, issue this command in a terminal: sudo smbpasswd -a william.

To remove members. e.g. william, issue this command: sudo smbpasswd -x william.

↑↑↑↑Enhance Browsing with a Local Master Browser: Many report that creating a Local Master Browser (LMB) radically enhances browsing on the SOHO workgroup. The LMB's job is to collate the name and address pairs {netBIOS name,IP address} for workstations and serve them to the other LAN members. Add these two lines into the [global] paragraph of the Samba configuration file, smb.conf, to create the LMB:

After rebooting all machines and waiting for a time for the effects to settle in, browsing should be significantly enhanced. Each Linux computer can be set to be a Local Master Browser.

Optional enhancement: You can set one Local Master in the LAN to be stronger yet by making it the "Preferred Master". This is entirely optional and is for advanced users. If you are in doubt, leave it. The Preferred Master forces an election to ensure it will be the Browse Master. A computer that is designated "Preferred Master" is either the only Linux machine on the LAN or if there are several Linux computers, it is a community resource that is always on, like a group document server at work or a family printer server at home.

The recipe for Preferred Master is to use the following three lines in the place of the two mentioned just above:

Guidelines: You should make each Linux machine a Local Master. A special machine may optionally be designated the Preferred Master. Only one Preferred Master is allowed on each SOHO LAN.

↑↑↑↑Summary Recipes for smb.conf: There are many ways to change Samba's configuration. It's hard to remember what smb.conf should look like or did look like before changes were made. So here are a few recipes for the [global] parameters in smb.conf based on Local Master Browser techniques. Remember, smb.conf is a text file. At the outset you should back it up with this shell command:

Then you can edit it with either of these commands:

Above for KDE, below for Gnome.

And you can compare and make changes based on these recommended templates for the [global] parameters (follow the links):

• Local Master Browser and Preferred Master Browser concurrently
  [recommended if you have a single Linux workstation on the LAN or if you have a Linux server that is always on]
• Local Master Browser but not the Preferred Master
  [recommended if you have two or more Linux workstations and there's no reason to prefer one as an LMB]
• In the lap of the gods
  [recommended if you can't decide, don't know what to do or don't want an LMB]

Two final comments:
(1) It's OK not to have a "Preferred Master" on the LAN (i.e. to have II or III).
(2) I've changed the default a bit to better accommodate printing and Usershares although I don't discuss that here.

↑↑↑↑Opening the Firewall for Samba

There are several GUI tools in Yast for the firewall. Some are better than others. The following methods are the best in my experience. It's a two step process for openSUSE 11.1 and 11.2 and three steps for openSUSE 11.0.

Step 1: Place the network interfaces in the External Zone

You treat your interfaces as if everything external to an individual workstation is suspect, including your local LAN. Consequently you prevent all contacts except those that you specifically authorise. Hence the interfaces are placed into the External Zone. Go to Yast --> Security and Users --> Firewall --> Interfaces. Check and if necessary change zones for your network interfaces to External Zone.

Step 2: "Allowed Services" for Samba

Open Yast --> Security and Users --> Firewall. Select Allowed Services from the list in the left column. Make sure the panel is set to External Zone in the drop-down list in the top portion.

Now look at the drop-down list under the heading Service to Allow. Select Samba Server. Click the Add button and it will appear in the panel below the heading Service to Allow. Repeat the procedure to insert Netbios Server as a service in the panel. Repeat the procedure once again for openSUSE 11.1 and 11.2 and insert Samba Client in the panel [Note that 'Samba Client' is not available in openSUSE 11.0 and a different procedure is used for 11.0 (see next para)].

Step 3: Samba Client for openSUSE 11.0 alone (not for openSUSE 11.1 or 11.2)

Open Yast --> Security and Users --> Firewall. Select Broadcast from the list in the left column. The Broadcast configurator in the screenshot opens.

You set for Broadcast replies in the lower part titled Accepting the Broadcast Reply. There are three possible configurations, listed below:

Type 1 is where the firewall is closed to Broadcast replies. It must be changed.

Type 2 accept Broadcasts from all networks. See the screenshot to the right. This allows Samba and is acceptable in most cases. It's recommended for normal users. If there's an entry different from the screenshot, highlight it and select the button to delete it. If/when it's empty, click the Add button. 0/0 will appear in a network dialogue. Click Add again and the panel will appear as in the screenshot. Click Next to exit.

↑↑↑↑Activating Your Changes: Often you have to restart your network to make network changes active. You can restart the Samba daemons (nmbd and smbd) with these commands in this order (NB: su to root first):

Network changes take a while to "seep" around your network. Maybe 5-10 minutes. I find rebooting helps in extreme cases, or a beer/coffee/orangejuice.

When you change the firewall in Yast, it should auto reactivate. This case-sensitive command will reactivate it too (su to root first):

Big Tip: Sometimes I have to reboot everything including routers and modems to shake some problems loose, just like with Windows networks.

End of story

I use the Official Samba-3 HowTo & Reference Guide
List of ports for Samba:according to the Samba team.

Hope this Tutorial makes life a bit easier for you.

Swerdna: June 16 2006. Last update 17 January 2010

APPENDICES: If you're curious about your network settings..

↑↑↑↑Appendix I: Network Interfaces in Windows: Network interfaces are configured automatically in Windows for DHCP. You can check the fundamental networking assignments by opening a command promptlocated at Start --> All programs --> Accessories --> Command prompt and entering ipconfig/all:

Note the "host name", AKA "Full computer name". In my case I assigned "acerxp". That's also the netBIOS name used in Samba networking. It's what you see in the Network Browsers.

Next, "DHCP enabled" is "yes", means that the DHCP server (in the router) is assigning an IP address to this network card.

The next line shows the actual IP address (192.168.1.7) assigned by the DHCP server. Then comes the IP address of the "gateway" to the internet (192.168.1.1). In the case of the simple SOHO LAN it is the same as the router which connects to the internet (see the final line - 192.168.1.1). That's a quick tour of what you should see.

If you're happy with these settings you can skip the next two screenshots because that's where you can change the various settings.

More on network names: Continue the tour by R-click on the "My Computer" icon and select Properties --> Computer Name (WinXP/Vista) or Network ID (Win 2000)

The names for the computer and workgroup are found via the "My computer" Icon on the Start menu.R-click My Computer --> Properties --> Computer Name (WinXP) or Network ID (Win 2000). The pic on the left (Pic 2) should open up.

Once again you see the "Full computer name" or netBIOS name which I set to acerxp and also the "Workgroup Name" which I chose to be SWERDNA. There's no option but upper case.

Either or both of the "Full computer name" and the "Workgroup" can be altered here if you wish - just click the "Change" button. A screen where you can change acerxp or SWERDNA will open up. It's simple so I don't show it. Note that all workstations in the LAN must have the same workgroup name (e.g. SWERDNA) and must have different/unique netBIOS names (e.g. winxp).

Windows IP addressing: You can continue the tour from Control Panel --> Network Connections --> R-click Local Area Connection --> Properties --> Internet Protocol (TCPIP) --> Properties. This will open the panel for the network interface:

"Obtain IP address automatically" is the default. That allows an IP address to be assigned by a DHCP server, e.g. in your broadband modem or your router.

You are at liberty to select the second option to "Use the following IP address" and enter an IP address selected by you into the entry bars provided.

The DNS settings refer to the translation of IP addresses to domain names that make more sense that integers to humans e.g. swerdna.net.au. These "Domain Name Servers" are provided by ISPs.

"Obtain DNS server addresses automatically" would be selected by default. The data are generally fed down through your hardware modem or router. If the name resolution is poor you may select the second DNS option and explicitly enter addresses of DNS servers as in the screenshot.

↑↑↑↑Appendix II: Network Interfaces in openSUSE: The settings here are for interfaces set up using openSUSE's defaults (set up by a DHCP server). Yours might be different. The alternative options are in another Tutorial.

The GUI for checking or configuring Network Interfaces in Yast by selecting Yast --> Network Devices --> Network Cards. In openSUSE 10.3 and 11 you'll open a panel with 4 tabs that together define the broad network settings:

The Overview Tab, Pic 4, in this case shows Suse's defaults. Note that my Asustek on-the-board interface is set for DHCP, it's called eth0 and it starts automatically at boot.

The Global Options Tab, Pic 5, is more interesting. "Network Setup Method" is where you choose between "Network Manager" and the "Traditional ifup" (Command Line) method for controlling the interface. You should use ifup if the computer and its environment are static, e.g. a SOHO LAN. GUI Network Managers are useful for switching between wireless networks e.g. when roaming.

IPv6 relates to Internet browsing, not Samba. My advice is this: don't enable IPv6 for Suse up to and including version 10.3. Thereafter it's OK to enable IPv6.

The Hostname/DNS Tab, Pic 6: Enter your chosen computer name into "hostname" (e.g. dell112). This is the Linux network name, very similar to the Windows netBIOS name. Later when we set the Linux netBIOS name, you should re-use the same name there for consistency. The hostname/netBIOS name must be unique to each workstation.

Workgroup: enter the the workgroup name (e.g. swerdna) into the slot for "Domain Name". Use the same workgroup name for all workstations in the LAN. Make sure to checkmark "Change hostname via DHCP" and to allow the hostname to be written to the file /etc/hosts

In Windows workstations you had the option to add your chosen Name Servers (see Pic 3). That option exists in here as well although I don't go into it further. To add these see "Manually set Gateway & Name Resolution" in my tutorial on configuring network interfaces. It's quite simple.

The Routing Tab is a non-event when DHCP is used because the DHCP server is the gateway. I've linked Pic 7 for the Routing tab for you to view off-page. If you chose to add Name Servers in Pic 6 with DHCP addressing or if you choose static IP addressing you should enter gateway data (e.g. 192.168.1.1) under the Routing tab -- but for Suse and its DHCP defaults the gateway is blank.

If you're using versions of Suse before openSUSE 10.3 you might be confused to see your Network Settings GUI is different from the screenshots that I've shown. I've left the screenshots from an earlier version of this Tutorial for you to look at. You may need to L-click the image in Firefox to get full size.

Check Settings for DHCP: You can now reactivate the "Overview" tab (Pic 4) and highlight and "Configure" the Network Interface, in my case the AsusTek built-in LAN port. When you use Suse's defaults the configuration GUI that pops up is pre-configured hopefully correctly for DHCP addressing and there should be nothing for you to do. I've linked in the screenshots of the three tabs that become available for your information. I've noted on the screenshot's that you should generally activate interfaces at boot time and also make sure the interface is set to obtain an IP address by using DHCP.

↑↑↑↑Check Your Linux IP Address: Recall that in Windows you can see your IP address and other facets of the working network by issuing the DOS command ipconfig/all at the command prompt (See Pic 1). Well the same goes for Suse. Open a terminal, become root user with the command su and then issue the command ifconfig. Here's the dialogue (shortened by me):

I've highlighted in red the hostname, dell112, the shell commands, su and ifconfig, and the card's IP address, 192.168.1.2/255.255.255.0. If you also issue the extra command route, you should see the IP address of the router as (in my example) 192.168.1.1/255.255.255.0.