Running Linux, 5th Edition - Matthias Kalle Dalheimer [306]
Smart administrators make a practice of documenting their Samba configuration file. This can be particularly beneficial at a later date when it may be necessary to remember why certain parameters were set. Unfortunately, the practice of documenting the smb.conf file is at variance with the way Samba works. The file is reread frequently by smbd, so the larger the file becomes because of your documentation, the greater the system impact may be. The solution to this dilemma is to always use a master file in which all parameters are documented as required, then use this command:
linux:~ # testparm -s smb.conf.master > smb.conf
The resulting smb.conf file will be stripped of all comments and contain only those parameters that are not at the default setting. It will be as small as possible while implementing the settings specified. Be warned, though, that the resulting file will be stripped of macros and you may need to edit the file to put them back. For example, include = /etc/samba/%m.conf will be rendered as include=/etc/samba/.conf.
Starting the Samba server
Samba essentially consists of three daemons , of which two are always needed:
nmbd
Handles all name registration and resolution requests. It is the primary vehicle involved in network browsing. It handles all UDP-based protocols. The nmbd daemon should be the first command started as part of the Samba startup process.
smbd
Handles all TCP/IP-based connection services for file- and print-based operations. It also manages local authentication. It should be started immediately following the startup of nmbd.
winbindd
This daemon should be started when Samba is a member of a Windows NT4 or ADS domain. It is also needed when Samba has trust relationships with another domain. The winbindd daemon checks the smb.conf file for the presence of the idmap uid and idmap gid parameters to obtain the values that can be used to map Windows SIDs. The range specified must not conflict with already used on the system. Where no idmap uid or gid ranges are specified winbindd will not perform Windows SID mapping and will be capable only of performing user authentication.
You can choose to start smbd, winbindd, and nmbd either as daemons or from inetd . Don't try to do both! You wouldn't want two sets of these daemons competing for traffic and stepping on each other.
For intermittently used services where a few users connect sporadically, it might be appropriate to run the services from inetd or xinetd, which you can do by putting them in inetd.conf. However, most administrators just start the services as daemons either from the command line or in /etc/rc.local. The main advantage of the second method, starting smbd and nmbd as standalone daemons, is that they will respond slightly more quickly to an initial connection request.
See the manpages for details on the command-line options. Take particular care to read the bit about what user you need to have to start Samba. Samba is best run as the root user. It will switch to the effective user ID of the user who is accessing Samba resources, but it also needs to be able to run with root privilege for operations that under Linux can be performed only by root, such as adding users and groups. Samba Version 3.0.11 and later permit this right and privilege to be assigned to a non-root account—however, smbd must run as root to be able to do this.
When Samba has been packaged by an operating system vendor, the startup process is typically a custom feature of its integration into the platform as a whole. Please refer to your operating system platform administration manuals for specific information pertaining to correct management of Samba startup.
Starting Samba from inetd.conf. To make sure Samba will run as a service, start by looking at your /etc/services file. What is defined at port 139/tcp? If nothing is defined, add a line such as this:
netbios-ssn 139/tcp
Similarly for port 137/udp,