1<html> 2<body bgcolor="#ffffff"> 3 4<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" 5hspace="10" align="left" /> 6 7<h1 class="head0">Chapter 5. Unix Clients</h1> 8 9<p><a name="INDEX-1"/>In <a href="ch03.html">Chapter 3</a> we showed you how to configure Windows systems 10to access shared resources on both Windows and Samba servers. This 11has probably opened up a whole new world of computing for 12you—one in which you have to run to a Windows system every time 13you want to copy a file between Unix and Windows! In this chapter, we 14will show you the "other 15side"—how to access SMB shares from your 16favorite Unix system.</p> 17 18<p>You can access SMB resources from Unix in three ways, depending on 19your version of Unix. A program included with the Samba distribution 20called <em class="emphasis">smbclient</em><a name="INDEX-2"/> can be used to connect with a share on 21the network in a manner similar to using <em class="emphasis">ftp</em> 22when transferring files to or from an FTP site.</p> 23 24<p>If your system is running Linux, you can use the 25<a name="INDEX-3"/>smbfs 26filesystem to mount SMB shares right onto your Linux filesystem, just 27as you would mount a disk partition or NFS filesystem. The SMB shares 28can then be accessed and manipulated by all programs running on the 29Linux system: command shells, desktop GUI interfaces, and application 30software.</p> 31 32<p>On some BSD-based systems, including Mac OS X, a pair of utilities 33named <em class="emphasis">smbutil</em> <a name="INDEX-4"/>and <em class="emphasis">mount_smbfs</em> 34<a name="INDEX-5"/>can be used to query SMB servers and 35mount shares.</p> 36 37<p>For other Unix variants, 38<em class="emphasis">smbsh</em><a name="INDEX-6"/> can be run to enable common shell 39commands such as <em class="emphasis">cd</em>, <em class="emphasis">ls</em>, 40<em class="emphasis">mv, wc</em>, and <em class="emphasis">grep</em> to access 41and manipulate files and directories on SMB shares. This effectively 42extends the reach of the Unix shell and utilities beyond the Unix 43filesystem and into the SMB network.</p> 44 45<p>All the Unix clients can access shares offered by either Windows 46systems or Samba servers. We have already shown you how to set up a 47share on a Samba server and could use that as an example to work 48with. But it's much more fun to use the Unix clients 49with shares served by Windows systems. So before we start covering 50the Unix clients in detail, we will take a quick detour and show you 51how to set up file shares on both Windows 95/98/Me and Windows 52NT/2000/XP systems.</p> 53 54 55<div class="sect1"><a name="samba2-CHP-5-SECT-1"/> 56 57<h2 class="head1">Sharing Files on Windows 95/98/Me</h2> 58 59<p>When <a name="INDEX-7"/><a name="INDEX-8"/>sharing files on Windows 95/98/Me, you 60can authenticate users in two different ways. 61<a name="INDEX-9"/><a name="INDEX-10"/>Share-level security is the default 62and is easy to use. However, it is not as secure and can require 63users to type in passwords when connecting to shares. User-level 64security offers a better security model and can be used if you have 65either a Samba or Windows NT/2000 server on your network performing 66user authentication.</p> 67 68<p>To configure the type of access control for your system, open the 69Control Panel, double-click the Network icon, then click the Access 70Control tab. You should see the dialog box shown in <a href="ch05.html#samba2-CHP-5-FIG-1">Figure 5-1</a>.</p> 71 72<div class="figure"><a name="samba2-CHP-5-FIG-1"/><img src="figs/sam2_0501.gif"/></div><h4 class="head4">Figure 5-1. The Access Control tab of the Windows 98 Network Control Panel window</h4> 73 74<p>Click the "Share-level access 75control" or "User-level access 76control" radio button, depending on which you want 77to use. When using user-level access control, you will also need to 78fill in the name of your workgroup or Windows NT domain. Reboot as 79requested.</p> 80 81<p>To share a folder, right-click the folder's icon and 82select Sharing . . . . This will open the Sharing tab of the 83folder's Properties dialog box. Click the 84"Shared As:" radio button, and fill 85in a name for the share (which defaults to the 86folder's name) and a description, which will be 87visible to client users. If you don't want the share 88to be visible in the Network Neighborhood view of other Windows 89clients, pick a name for the share that ends in a dollar sign 90(<tt class="literal">$</tt>).</p> 91 92<p><a href="ch05.html#samba2-CHP-5-FIG-2">Figure 5-2</a> shows what the Sharing tab of the 93folder's Properties dialog box will look like when 94using share-level security. The security settings are very simple. 95You can select a radio button for read-only access or full 96(read/write) access, or have the user's permissions 97(either read-only or read/write) depend on which password they use. 98In accordance with which you select, you will be asked to assign 99either or both of the read-only and full-access passwords for the 100share.</p> 101 102<div class="figure"><a name="samba2-CHP-5-FIG-2"/><img src="figs/sam2_0502.gif"/></div><h4 class="head4">Figure 5-2. The Sharing tab of the folder's Properties dialog, with share-level security</h4> 103 104<p>If your system is configured with user-level security, the Sharing 105tab of the folder's Properties dialog box will look 106like <a href="ch05.html#samba2-CHP-5-FIG-3">Figure 5-3</a>. As you can see, 107we've created a share named 108"DATA", and used the Add . . . 109button to create permissions that allow read-only access for all 110domain users and read/write (full access) for <tt class="literal">jay</tt>.</p> 111 112<div class="figure"><a name="samba2-CHP-5-FIG-3"/><img src="figs/sam2_0503.gif"/></div><h4 class="head4">Figure 5-3. The Sharing tab of the folder Properties dialog, with user-level security</h4> 113 114<p>When you are done specifying your settings for the share, click on 115the OK button, and the share will become available to users on 116network clients. Unless you chose a share name ending in a dollar 117sign, you can see it in the Network Neighborhood or My Network Places 118of Windows clients on the network. You can also now use the Unix 119clients described in this chapter to connect to the share.</p> 120 121 122</div> 123 124 125 126<div class="sect1"><a name="samba2-CHP-5-SECT-2"/> 127 128<h2 class="head1">Sharing Files on Windows NT/2000/XP</h2> 129 130<p>To create a file share on <a name="INDEX-11"/><a name="INDEX-12"/><a name="INDEX-13"/><a name="INDEX-14"/>Windows NT/2000/XP, you first must 131log in to the system as any member of the Administrators, Power 132Users, or Server Operators groups. Right-click the icon of a folder 133you wish to share, and click Sharing . . . in the pop-up menu. The 134Sharing tab of the folder's Properties dialog box 135will appear, as shown in <a href="ch05.html#samba2-CHP-5-FIG-4">Figure 5-4</a>. Click the 136"Share this folder" radio button.</p> 137 138<div class="figure"><a name="samba2-CHP-5-FIG-4"/><img src="figs/sam2_0504.gif"/></div><h4 class="head4">Figure 5-4. The Sharing tab of the folder's Properties dialog on Windows 2000</h4> 139 140<p>Share name: will default to the name of the folder, and you can 141change it if you want. One reason you might want to use a different 142name for the share is to make the share not appear in browse lists 143(as displayed by the Network Neighborhood, for example). This can be 144done by using a share name ending in a dollar sign 145(<tt class="literal">$</tt>). You can also add a description of the share 146in the Comment: text area. The description will appear to users of 147network clients and can help them understand the contents of the 148share.</p> 149 150<p><a name="INDEX-15"/><a name="INDEX-16"/><a name="INDEX-17"/><a name="INDEX-18"/><a name="INDEX-19"/>By clicking the Permissions button, 151you can set permissions for the share on a user-by-user basis. This 152is equivalent to the user-level security of Windows 95/98/Me file 153sharing. On Windows NT/2000/XP, Microsoft recommends that share 154permissions be set to allow full access by everyone, with the 155permissions controlled on a file-by-file basis using filesystem 156access control lists 157(<a name="INDEX-20"/>ACLs). The actual permissions given 158to network clients are a combination of the share permissions and 159file access permissions. To edit the ACL for the folder, click the 160Security tab. For more information on ACLs, see <a href="ch08.html#samba2-CHP-8-SECT-3">Section 8.3</a> in <a href="ch08.html">Chapter 8</a>.</p> 161 162<p>If you want, you can limit the number of users who can concurrently 163connect to the share using the "User 164limit:" radio button. The New Share button allows 165you to create multiple file shares for the same folder, each having 166its own name, comment, user limit, and other parameters.</p> 167 168<p>When you are done, click the OK button, and the folder will be 169accessible from clients on the network.</p> 170 171 172</div> 173 174 175 176<div class="sect1"><a name="samba2-CHP-5-SECT-3"/> 177 178<h2 class="head1">smbclient</h2> 179 180<p>The Samba Team supplies <em class="emphasis">smbclient</em><a name="INDEX-21"/> as a basic part of the Samba suite. At 181first, it might seem to be a primitive interface to the SMB network, 182but <em class="emphasis">smbclient</em> is actually a versatile tool. It 183can be used for browsing shares on servers, testing configurations, 184debugging, accessing shared printers, backing up shared data, and 185automating administrative tasks in shell scripts. And unlike 186<tt class="literal">smbfs</tt><a name="INDEX-22"/><a name="INDEX-23"/><a name="INDEX-24"/> and <em class="emphasis">smbsh</em>, 187<em class="emphasis">smbclient</em> works on all Unix variants that 188support Samba.</p> 189 190<p>In this chapter we'll focus mostly on running 191<em class="emphasis">smbclient</em> as an interactive shell, using its 192<em class="emphasis">ftp</em>-like commands to access shared directories 193on the network. Using <em class="emphasis">smbclient</em> to access 194printers and perform backups will be covered in <a href="ch10.html">Chapter 10</a>.</p> 195 196<p>A complete reference to <em class="emphasis">smbclient</em> is found in 197<a href="appc.html">Appendix C</a>.</p> 198 199 200<div class="sect2"><a name="samba2-CHP-5-SECT-3.1"/> 201 202<h3 class="head2">Listing Services</h3> 203 204<p><a name="INDEX-25"/>The <em class="emphasis">-L</em> option 205can be used with <em class="emphasis">smbclient</em> to list the resources 206on a single computer. Assuming the Samba server is configured to take 207the role of the master browser, we can obtain a list of the computers 208in the domain or workgroup like this:</p> 209 210<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L toltec</b></tt> 211added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0 212Password: 213Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5] 214 215 Sharename Type Comment 216 --------- ---- ------- 217 test Disk For testing only, please 218 IPC$ IPC IPC Service (Samba 2.2.5) 219 ADMIN$ Disk IPC Service (Samba 2.2.5) 220 221 Server Comment 222 --------- ------- 223 MAYA Windows 98 224 MIXTEC Samba 2.2.5 225 TOLTEC Samba 2.2.5 226 ZAPOTEC 227 228 Workgroup Master 229 --------- ------- 230 METRAN TOLTEC</pre></blockquote> 231 232<p>In the column labeled "Server", 233<tt class="literal">maya</tt>, <tt class="literal">mixtec</tt>, and 234<tt class="literal">zapotec</tt> are shown along with toltec, the Samba 235server. The services on <tt class="literal">toltec</tt> are listed under 236"Sharename". The IPC$ and ADMIN$ 237shares are standard Windows services that are used for network 238communication and administrative purposes, and 239<em class="filename">test</em> is the directory we added as a share in 240<a href="ch02.html">Chapter 2</a>.</p> 241 242<p>Now that we know the names of computers in the domain, we can list 243services on any of those computers. For example, here is how we would 244list the services offered by <tt class="literal">maya</tt>, a Windows 98 245workstation:</p> 246 247<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L maya</b></tt> 248added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0 249Password: 250 251 252 Sharename Type Comment 253 --------- ---- ------- 254 PRINTER$ Disk 255 HP Printer HP 932C on Maya 256 D Disk D: on Maya 257 E Disk E: on Maya 258 259 ADMIN$ Disk 260 IPC$ IPC Remote Inter Process Communication 261 262 Server Comment 263 --------- ------- 264 265 Workgroup Master 266 --------- -------</pre></blockquote> 267 268<p>A shared printer is attached to <tt class="literal">maya</tt>, so we see 269the PRINTER$ administrative service, along with the HP share for the 270printer itself. Also on <tt class="literal">maya</tt> are the D and E 271shares, which allow access across the network to 272<tt class="literal">maya</tt>'s D: and E: drives. It is 273normal for the Server and Workgroup sections to be empty when listing 274services on a Windows client.</p> 275 276 277</div> 278 279 280<div class="sect2"><a name="samba2-CHP-5-SECT-3.2"/> 281 282<h3 class="head2">Authenticating with smbclient</h3> 283 284<p><a name="INDEX-26"/>As with any other SMB client, 285<em class="emphasis">smbclient</em> needs to supply a username and 286password if it is authenticating in a domain environment or if it is 287contacting a Samba server that is set up with user-level security. In 288a workgroup environment, it will at least need a password to use when 289connecting with a password-protected resource.</p> 290 291<p>By default, <em class="emphasis">smbclient</em> uses the username of the 292user who runs it and then prompts for a password. If you are using 293<em class="emphasis">smbclient</em> a lot, you might tire of entering your 294password every time.</p> 295 296<p><em class="emphasis">smbclient</em> supports some alternate methods of 297entering a username and password. The password can be entered on the 298command line, like this:</p> 299 300<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e jayspassword</b></tt></pre></blockquote> 301 302<p>Or both the username and password can be supplied by using the 303<em class="emphasis">-U</em> option, including the username and password 304separated by a percent (<tt class="literal">%</tt>) character:</p> 305 306<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -U kelly%kellyspassword</b></tt></pre></blockquote> 307 308<p>This method is useful if you are logged in to the system under an 309account that is not Samba-enabled or you are testing your 310configuration to see how it treats another user. With either method, 311you can avoid having to enter the username and/or password each time 312you run <em class="emphasis">smbclient</em> by creating an alias for the 313command or creating a shell function or shell script. For example, 314with the <em class="emphasis">bash</em> shell, it is possible to define a 315function like this:</p> 316 317<blockquote><pre class="code">smbcl( ) 318{ 319 smbclient $* -U jay%jayspassword 320}</pre></blockquote> 321 322<p>Adding the definition to the shell's startup script 323(which would be <em class="filename">~/.bash_profile</em> for 324<em class="emphasis">bash</em>) would result in the definition affecting 325all subsequent shell invocations.</p> 326 327<p>Another method that can be used to supply both the username and 328password is to set the USER and <a name="INDEX-27"/><a name="INDEX-28"/>PASSWD environment variables. Either 329set the USER environment variable using the 330<em class="replaceable">username</em>%<em class="replaceable">password</em> 331format, or set the USER environment variable to the username, and set 332PASSWD to the user's password.</p> 333 334<p>It is also possible to create a credentials file containing the 335username on the first line and the password on the second line, like 336this:</p> 337 338<blockquote><pre class="code">username = jay 339password = jayspassword</pre></blockquote> 340 341<p>Then, <em class="emphasis">smbclient</em> is run using the 342<em class="emphasis">-A</em> option to specify the name of the file:</p> 343 344<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -A ~/.smbpw</b></tt></pre></blockquote> 345 346<a name="samba2-CHP-5-NOTE-120"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> 347<p>Of the methods we described in this section, the only one that is 348really secure is the default method of allowing 349<em class="emphasis">smbclient</em><a name="INDEX-29"/> to 350prompt for the password and typing in the password without echoing.</p> 351 352<p>If security is a concern, you definitely should avoid providing your 353password on the command line because it is very easy for 354"shoulder surfers" to obtain, as 355well as anyone who looks through your shell's 356command history.</p> 357 358<p>If you keep your Samba password in a credentials file, shell startup 359file, or shell script, make sure the file's 360permissions prohibit other users from reading or writing it. (Use an 361octal permissions mode of 0600.) Security experts never keep 362passwords in files owned by nonroot users or accessible by anyone 363other than the superuser. As part of their security policy, some 364organizations do not permit passwords to be stored in files, so you 365might want to check first before using this method.</p> 366 367<p>The authentication method that uses the USER and PASSWD environment 368variables isn't any more secure. Environment 369variables are usually set either on the command line or in one or 370more of the shell's startup files, so this method 371suffers from the same weaknesses we've just 372discussed. In addition, any program run by the user has access to the 373shell's environment variables, making a Trojan horse 374attack on the PASSWD variable really easy!</p> 375</blockquote> 376 377 378</div> 379 380 381<div class="sect2"><a name="samba2-CHP-5-SECT-3.3"/> 382 383<h3 class="head2">An Interactive smbclient Session</h3> 384 385<p><a name="INDEX-30"/>A common use for 386<em class="emphasis">smbclient</em> is to use it as an 387<em class="emphasis">ftp</em>-like shell to access SMB resources on the 388network. To begin a session, <em class="emphasis">smbclient</em> must be 389provided with the UNC of a resource (which you can find using the 390<em class="emphasis">-L</em> option) on the command line, like this:</p> 391 392<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e</b></tt> 393added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0 394Password: 395smb: \></pre></blockquote> 396 397<p>Forward slashes are accepted by <em class="emphasis">smbclient</em> for 398the share's UNC, which makes entering the UNC on the 399command line easier. Backslashes can also be used, but they must be 400quoted or escaped, and it is somewhat more difficult to type 401'<tt class="literal">\\maya\e</tt>' or <tt class="literal">\\\\maya\\e</tt>. 402After connecting to the share, <em class="emphasis">smbclient</em> 403displays the <tt class="literal">smb: \></tt> prompt, waiting for a 404command to be entered. Commands are similar to those with which you 405might be familiar in <em class="emphasis">ftp</em> and are also somewhat 406similar to Unix shell commands. To get a list of 407<em class="emphasis">smbclient</em><a name="INDEX-31"/> commands, use the 408<em class="emphasis">help</em> command:</p> 409 410<blockquote><pre class="code">smb: \> <tt class="userinput"><b>help</b></tt> 411ls dir du lcd cd 412pwd get mget put mput 413rename more mask del open 414rm mkdir md rmdir rd 415prompt recurse translate lowercase print 416printmode queue cancel quit q 417exit newer archive tar blocksize 418tarmode setmode help ? history 419!</pre></blockquote> 420 421<p>Some commands in the previous list are synonyms for other commands. 422For example, the <em class="emphasis">?</em> command is a synonym for 423<em class="emphasis">help</em>. You can give this command the name of 424another command as an argument to get a concise reminder of what the 425command does and how to use it:</p> 426 427<blockquote><pre class="code">smb: \> <tt class="userinput"><b>? ls</b></tt> 428HELP ls: 429 <mask> list the contents of the current directory</pre></blockquote> 430 431<p>The term <tt class="literal"><mask></tt> refers to a file-matching 432pattern as commonly found in Unix shells and utilities. For example:</p> 433 434<blockquote><pre class="code">smb: \> <tt class="userinput"><b>ls *doc</b></tt> 435 ms-ProfPol-wp.doc A 131 Tue Dec 18 09:12:34 2002 436 smbclient.doc A 33969 Mon Dec 10 20:22:24 2002 437 smbmount.doc A 7759 Mon Dec 10 20:20:00 2002 438 439 48590 blocks of size 524288. 40443 blocks available</pre></blockquote> 440 441<p>lists all files ending in "doc" in 442the current directory on the remote system. In the listing, the 443leftmost column shows the filename. Moving left to right, we see the 444file's MS-DOS attributes, then its size, and the 445time it was last modified.</p> 446 447<p>As with any other Unix utility, <em class="emphasis">smbclient</em> has a 448working directory on the local host. It also has another current 449directory on the remote SMB share. With 450<em class="citetitle">smbclient</em>, the <em class="emphasis">cd</em> command 451is used to move around on the remote system:</p> 452 453<blockquote><pre class="code">smb: \> <tt class="userinput"><b>cd trans </b></tt> 454smb: \trans\></pre></blockquote> 455 456<p>Notice how the prompt changes to reflect the new current working 457directory. To change your current directory on the local system, use 458the <em class="emphasis">lcd</em> command:</p> 459 460<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>lcd /u/snd</b></tt> 461the local directory is now /u/snd</pre></blockquote> 462 463<p>Most of <em class="emphasis">smbclient</em>'s commands 464are for performing operations on remote files and directories. There 465is no command for listing the contents of the local directory. 466However, <em class="emphasis">smbclient</em> allows a shell escape. Any 467command preceded by an exclamation point (<tt class="literal">!</tt>) is 468interpreted as a shell command and is run in a subshell on the local 469system. For example:</p> 470 471<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>! ls -l</b></tt> 472total 16 473drwxrwxr-x 2 jay jay 4096 Jan 10 14:46 dr220-fet 474drwxrwxr-x 2 jay jay 4096 Sep 22 12:16 dr220-tube 475-rw-rw-r-- 1 jay jay 131 Jan 10 02:22 readme.txt 476drwxrwxr-x 7 jay jay 4096 Jan 10 02:19 xl1</pre></blockquote> 477 478<p>lists the contents of <em class="filename">/u/snd</em>. By using 479<em class="emphasis">smbclient</em>'s commands to operate 480on the remote system—and shell-escaped commands to operate on 481the local system—it is possible to manipulate data on both 482systems without having to exit <em class="emphasis">smbclient</em> or open 483another shell window.</p> 484 485<p><a name="INDEX-32"/><a name="INDEX-33"/>File transfer is performed using 486the <em class="emphasis">get</em> and 487<em class="emphasis">put</em><a name="INDEX-34"/><a name="INDEX-35"/> commands. The <em class="emphasis">get</em> 488command transfers a single file from the remote to the local system, 489and the <em class="emphasis">put</em> command copies a file from the local 490to the remote system. For example, the following command copies the 491file <em class="filename">readme.txt</em> to the SMB share:</p> 492 493<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>put readme.txt</b></tt> 494putting file readme.txt as \trans\readme.txt (127.9 kb/s) (average 10.7 kb/s)</pre></blockquote> 495 496<a name="samba2-CHP-5-NOTE-121"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> 497<p>Unlike <em class="emphasis">ftp</em>, <em class="emphasis">smbclient</em> does 498not have <em class="emphasis">ascii</em> and <em class="emphasis">binary</em> 499commands to set the type of the file that is being transferred. 500Before transferring a text file from a Unix system to a Windows or 501Macintosh system, you might want to use the GNU 502<em class="emphasis">unix2dos</em><a name="INDEX-36"/> command to reformat newlines in the 503file to work with the carriage return linefeed (CRLF) standard:</p> 504 505 506<blockquote><pre class="code">$ <tt class="userinput"><b>unix2dos text_file >text_file.txt</b></tt></pre></blockquote> 507 508 509<p>and then transfer the CRLF-formatted version. After transferring a 510text file from a Windows or Macintosh system to Unix, you can use the 511GNU <em class="emphasis">dos2unix</em><a name="INDEX-37"/> command to perform the inverse 512operation:</p> 513 514 515<blockquote><pre class="code">$ <tt class="userinput"><b>dos2unix text_file.txt >text_file</b></tt></pre></blockquote> 516</blockquote> 517 518<p>To transfer more than one file with a single command, you can use the 519<em class="emphasis">mget</em><a name="INDEX-38"/><a name="INDEX-39"/> and <em class="emphasis">mput</em> commands, 520which accept a list of filenames in the command line. The list can be 521provided by typing in the filenames on the command line separated by 522spaces, or the group of files can be specified with a pattern as one 523would use in Unix shell commands. The command:</p> 524 525<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget plain/*</b></tt></pre></blockquote> 526 527<p>copies all the files in the directory <em class="filename">plain</em> on 528the SMB share to the current directory on the local system. By 529default, <em class="emphasis">smbclient</em> prompts for each file, asking 530if you want to copy it:</p> 531 532<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget plain/*</b></tt> 533Get file tomm.wav? n 534Get file toml.wav? n 535Get file tomh.wav? n 536Get file snare.wav? n 537Get file rim.wav? n 538Get file handclap.wav? n 539Get file bassdrum.wav? n</pre></blockquote> 540 541<p>If you are sure you want to copy all the files, you can turn off 542prompting with the <em class="emphasis">prompt</em> command, like this:</p> 543 544<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>prompt</b></tt> 545prompting is now off</pre></blockquote> 546 547<p>By default, if you specify the name of a directory, 548<em class="emphasis">smbclient</em> will not copy the contents of the 549directory. To transfer the entire contents of directories listed in 550the <em class="emphasis">mput</em> or <em class="emphasis">mget</em> command, 551you must first use the <em class="emphasis">recurse</em> command:</p> 552 553<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>recurse</b></tt> 554directory recursion is now on</pre></blockquote> 555 556<p>After setting things up with the 557<em class="emphasis">prompt</em><a name="INDEX-40"/><a name="INDEX-41"/> and <em class="emphasis">recurse</em> 558commands, we can copy a directory like this:</p> 559 560<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget acc</b></tt> 561getting file tomm.wav of size 55494 as tomm.wav (2580.6 kb/s) (average 2087.3 kb/s) 562getting file toml.wav of size 57220 as toml.wav (2660.9 kb/s) (average 2167.6 kb/s) 563getting file tomh.wav of size 55936 as tomh.wav (2601.2 kb/s) (average 2220.8 kb/s) 564getting file snare.wav of size 22132 as snare.wav (1200.7 kb/s) (average 2123.7 kb/s) 565getting file rim.wav of size 8314 as rim.wav (1623.8 kb/s) (average 2110.8 kb/s) 566getting file handclap.wav of size 14180 as handclap.wav (1978.2 kb/s) (average 2106.2 567kb/s) 568getting file bassdrum.wav of size 6950 as bassdrum.wav (2262.3 kb/s) (average 2108.5 569kb/s)</pre></blockquote> 570 571<p><a name="INDEX-42"/>Directory recursion applies to all 572commands, so if an <em class="emphasis">ls</em> command is used while 573directory recursion is on, all files in the directory tree are 574listed. To turn directory recursion off again, simply re-enter the 575command. At the same time, you might also wish to toggle prompting 576back to its initial state:</p> 577 578<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>recurse</b></tt> 579directory recursion is now off 580smb: \trans\> <tt class="userinput"><b>prompt</b></tt> 581prompting is now on</pre></blockquote> 582 583<p>There are other <em class="emphasis">smbclient</em> commands that you 584might find useful. The <em class="emphasis">mkdir</em> command can be used 585to create a directory; <em class="emphasis">rmdir</em> removes a 586directory; <em class="emphasis">rm</em> deletes a file; and 587<em class="emphasis">rename</em> changes a file's name. 588These behave very similarly to their Unix shell counterparts. <a href="appc.html">Appendix C</a> contains a complete reference to 589<em class="emphasis">smbclient</em> and its command set.</p> 590 591<p>To exit <em class="emphasis">smbclient</em>, use the 592<em class="emphasis">exit</em> or <em class="emphasis">quit</em> command:</p> 593 594<a name="INDEX-43"/><blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>quit </b></tt></pre></blockquote> 595 596 597</div> 598 599 600<div class="sect2"><a name="samba2-CHP-5-SECT-3.4"/> 601 602<h3 class="head2">Programming with smbclient</h3> 603 604<p><a name="INDEX-44"/>The <em class="emphasis">-c</em> option 605<em class="emphasis">of smbclient</em> allows a list of commands to be 606passed on the command line. To copy the file 607<em class="filename">\\maya\e\trans\readme.txt</em> to 608<em class="filename">/u/snd/readme.txt</em>, we might use the command:</p> 609 610<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -c "lcd /u/snd; cd trans; get readme.txt" -A ~/.smbpw</b></tt></pre></blockquote> 611 612<p>Everything that <em class="emphasis">smbclient</em> needs to know to 613perform the operation has been specified in the command. There is no 614interactive session, so a command such as this can be placed inside a 615shell script or a program in some other programming language.</p> 616 617<p>By using <em class="emphasis">smbclient</em> in this manner, it is 618possible to create customized commands using shell functions, scripts 619or aliases. For example, suppose we wanted a command to print a short 620listing of files in a shared directory, showing just the names of the 621files. Using a <em class="emphasis">bash</em> function, we could define a 622command <em class="emphasis">smbls</em> as follows:</p> 623 624<blockquote><pre class="code">smbls( ) 625{ 626 share=`echo $1 | cut -d '/' -f '1-4'` 627 dir=`echo $1 | cut -d '/' -f '5-'` 628 smbclient $share -c "cd $dir; ls" -A ~/.smbpw | \ 629 grep "^ " | cut -d ' ' -f 3 - | sort 630}</pre></blockquote> 631 632<p>After defining this function, we can use <em class="emphasis">smbls</em> 633like this:</p> 634 635<blockquote><pre class="code">$ <tt class="userinput"><b>smbls //maya/e</b></tt> 636CD-images 637lectures 638ms-ProfPol-wp.doc 639profile-map 640readme.txt 641RECYCLED 642smbclient.doc 643smbmount.doc 644smbsh.txt 645trans 646$ <tt class="userinput"><b>smbls //maya/e/lectures</b></tt> 647. 648.. 649lecture1.mp3 650lecture2.mp3 651lecture3.mp3 652lecture4.mp3 653lecture5.mp3 654lecture6.mp3 655lecture7.mp3 656lecture8.mp3 657lecture9.mp3</pre></blockquote> 658 659<p>Another use for <em class="emphasis">smbclient</em> in scripts is 660performing administrative tasks. Suppose a group of users on Windows 661clients are sharing a set of files as part of a project on which they 662are working. Instead of expecting them to coordinate making daily 663backups, we could write a script that copies the share to the Samba 664server and run the script nightly as a cron job. The directory on the 665Samba server could be shared as well, allowing any of the users to 666retrieve a backup file on their own, without having to bother an 667administrator.</p> 668 669 670</div> 671 672 673<div class="sect2"><a name="samba2-CHP-5-SECT-3.5"/> 674 675<h3 class="head2">Backups with smbclient</h3> 676 677<p>A major use of <em class="emphasis">smbclient</em><a name="INDEX-45"/><a name="INDEX-46"/> is to create and restore backups of 678SMB file shares. The backup files <em class="emphasis">smbclient</em> 679writes are in tar format, making them easy to work with and portable 680among all Unix versions. Using <em class="emphasis">smbclient</em> on a 681Unix server to run network backups can result in a more centralized 682and easily managed solution for providing data integrity because both 683SMB shares and NFS filesystems can be backed up on the same system.</p> 684 685<p>You can use <em class="emphasis">smbclient</em> to perform backups in two 686ways. When backing up an entire share, the simplest method is to use 687the <em class="emphasis">-Tc</em> option on the command line:</p> 688 689<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -Tc >maya-e.tar</b></tt></pre></blockquote> 690 691<p>This will create a tar archive of the <em class="filename">\\maya\e</em> 692share in the file <em class="filename">maya-e.tar</em>. By using the 693<em class="emphasis">-D</em> option, it is possible to back up a directory 694in the share, rather than the whole share:</p> 695 696<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -D trans -Tc >maya-e.tar</b></tt></pre></blockquote> 697 698<p>This causes <em class="emphasis">smbclient</em> to change its working 699directory to the <em class="filename">trans</em> directory of the 700<em class="filename">\\maya\e</em> share before starting the backup. It is 701also possible to use 702<em class="emphasis">smbclient</em>'s 703<em class="emphasis">tar</em> command in interactive mode, like this:</p> 704 705<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e </b></tt> 706added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0 707Password: 708smb: \> <tt class="userinput"><b>cd trans</b></tt> 709smb: \trans\> <tt class="userinput"><b>tarmode full hidden system quiet</b></tt> 710smb: \trans\> <tt class="userinput"><b>tar c maya-e-trans.tar</b></tt></pre></blockquote> 711 712<p>With the previous code, only the <em class="emphasis">trans</em> 713subdirectory in the <em class="emphasis">\\maya\e</em> share will be 714backed up, using the settings specified in the 715<em class="emphasis">tarmode</em> command. To have this type of backup run 716automatically from a script, use the <em class="emphasis">-c</em> option:</p> 717 718<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -c "cd trans; tarmode full hidden \</b></tt> 719<tt class="userinput"><b> system quiet; tar >maya-e-trans.tar"</b></tt></pre></blockquote> 720 721<p>Using either the <em class="emphasis">-T</em> command-line option or 722<em class="emphasis">smbclient</em>'s 723<em class="emphasis">tar</em> command, additional options can be supplied. 724It is necessary to specify either the <em class="emphasis">c</em> option 725to create a backup archive or the <em class="emphasis">x</em> option to 726extract (restore) one.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> </p> 727 728<p>The other options can be appended to the option string 729and are explained in the section on <em class="emphasis">smbclient</em> in 730<a href="appc.html">Appendix C</a>. They allow you to create incremental 731backups, specify which files to include or exclude from the backup, 732and specify a few other miscellaneous settings. For example, suppose 733we wish to create an incremental backup of a share and reset the 734archive bit on the files to set things up for the next incremental 735backup. Instead of using the interactive commands:</p> 736 737<blockquote><pre class="code">smb: \> <tt class="userinput"><b>tarmode inc reset quiet</b></tt> 738smb: \> <tt class="userinput"><b>tar c backup.tar</b></tt></pre></blockquote> 739 740<p>we could either use the interactive command:</p> 741 742<blockquote><pre class="code">smb: \> <tt class="userinput"><b>tar cgaq backup.tar</b></tt></pre></blockquote> 743 744<p>or specify the <em class="emphasis">-Tcgaq</em> option on the 745<em class="emphasis">smbclient</em> command line.</p> 746 747<p>Your best strategy for using <em class="emphasis">smbclient</em> for 748network backups depends on your local configuration. If you have only 749a few Windows systems sharing a small amount of data, you might 750create a script containing <em class="emphasis">smbclient -Tc</em> 751commands to back up each share to a separate tar file, placing the 752files in a directory that is included with regular backups of the 753Unix system. If you have huge SMB shares on your network, you might 754prefer to write the backup directly to a tape drive. You can do this 755with <em class="emphasis">smbclient</em> just as you would with a Unix 756<em class="emphasis">tar</em> command:</p> 757 758<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/d -A samba-domain-pw -Tc >/dev/tape</b></tt></pre></blockquote> 759 760<p>After you have become more familiar with 761<em class="emphasis">smbclient</em> and have an automated backup system in 762place, you might find that using Samba has dramatically decreased 763your anxiety regarding the integrity of your 764network's data. The authors of this book are 765experienced Unix system administrators, and we highly recommend 766having a backup strategy that has been carefully planned, 767implemented, and most importantly, <em class="emphasis">tested and known to work 768as it is supposed to</em>.</p> 769 770 771</div> 772 773 774</div> 775 776 777 778<div class="sect1"><a name="samba2-CHP-5-SECT-4"/> 779 780<h2 class="head1">smbfs</h2> 781 782<p>On Linux, the <a name="INDEX-47"/>smbfs filesystem can be used to mount 783SMB shares onto the Linux filesystem in a manner similar to mounting 784disk partitions on NFS filesystems. The result is so transparent that 785users on the Linux system might never be aware that they are 786accessing files through a Windows or Samba server. Files and 787directories appear as any other files or directories on the local 788Linux system, although there are a few differences in behavior 789relating to ownership and permissions.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a></p> 790 791<p>Although smbfs is based on the Samba code, it is not itself part of 792the Samba distribution. Instead, it is included with Linux as a 793standard part of the Linux filesystem support.</p> 794 795<p>The <em class="emphasis">smbmount</em> and 796<em class="emphasis">smbmnt</em><a name="INDEX-48"/> programs are part of the Samba 797distribution and are needed on the client to mount smbfs filesystems. 798Samba must be compiled with the <tt class="literal">--with-smbmount</tt> 799configure option to make sure these programs are compiled. They refer 800to <em class="filename">smb.conf</em> for information they need regarding 801the local system and network configuration, so you will need a 802working <em class="filename">smb.conf</em><a name="INDEX-49"/><a name="INDEX-50"/> 803file on the system, even if it is not acting as a Samba server. 804 <a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/></p> 805 806 807<div class="sect2"><a name="samba2-CHP-5-SECT-4.1"/> 808 809<h3 class="head2">Mounting an smbfs Filesystem</h3> 810 811<p>The <em class="emphasis">smbmount</em><a name="INDEX-54"/> command is used to mount an smbfs 812filesystem into the Linux filesystem. The basic usage is:</p> 813 814<blockquote><pre class="code"># <tt class="userinput"><b>smbmount </b></tt><em class="replaceable">Share-UNC mount-point</em><tt class="userinput"><b> -o </b></tt><em class="replaceable">options</em></pre></blockquote> 815 816<p>Replace <em class="replaceable">Share-UNC</em> with the UNC for the SMB 817share, and <em class="replaceable">mount-point</em> with the full path 818to the directory in the Linux filesystem to use as the mount point. 819The <em class="replaceable">options</em> argument is used to set the 820exact manner in which the share is mounted. Let's 821look at an example of a <em class="emphasis">smbmount</em> command:</p> 822 823<blockquote><pre class="code"># <tt class="userinput"><b>smbmount //maya/e /smb/e \</b></tt> 824<tt class="userinput"><b> -o "credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775"</b></tt></pre></blockquote> 825 826<p>Here we are mounting share <em class="filename">\\maya\e</em> from a 827Windows 98 system on the mount point <em class="filename">/smb/e</em> on 828the Linux system.</p> 829 830<a name="samba2-CHP-5-NOTE-122"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> 831<p>If your Linux kernel doesn't include smbfs support, 832you will get the error message:</p> 833 834<blockquote><pre class="code">ERROR: smbfs filesystem not supported by the kernel</pre></blockquote> 835 836 837<p>In this case, you must configure and compile a new kernel to include 838support for smbfs. When smbfs is installed, and an SMB share is 839mounted, you can run the command:</p> 840 841 842<blockquote><pre class="code">$ <tt class="userinput"><b>cat /proc/filesystems</b></tt></pre></blockquote> 843 844<p>and see a line that looks like:</p> 845 846<blockquote><pre class="code">nodev smbfs</pre></blockquote> 847 848 849<p>in the command's output.</p> 850</blockquote> 851 852<p>The mount point must exist before <em class="emphasis">smbmount</em> is 853run and can be created using the <em class="emphasis">mkdir</em> command:</p> 854 855<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /smb/e</b></tt></pre></blockquote> 856 857<p>The argument to the <em class="emphasis">-o</em> option might look a 858little complex. It is a comma-separated list of 859<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em> 860pairs. The <tt class="literal">credentials</tt> key is set to the name of 861the credentials file, which is used to give 862<em class="emphasis">smbmount</em> a valid username and password with 863which to authenticate while connecting to the share. The format is 864identical to that used by <em class="emphasis">smbclient</em> (as 865explained in the previous section), so you can use the same 866credentials file for both clients. If you want, you can use the 867<em class="replaceable">key</em>=<em class="replaceable">value</em> pair 868<tt class="literal">username</tt>=<em class="replaceable">name</em>%<em class="replaceable">password</em> 869to specify the username and password directly in the 870<em class="emphasis">smbmount</em> command, although this is considerably 871less secure.</p> 872 873<a name="samba2-CHP-5-NOTE-123"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 874<p>The <em class="emphasis">smbmount</em> command accepts the same 875authentication methods as <em class="emphasis">smbclient</em>. The 876comments in the section on <em class="emphasis">smbclient</em> regarding 877supplying passwords on the command line—and keeping passwords 878in files and environment variables—also apply here.</p> 879</blockquote> 880 881<p>The rest of the options tell <em class="emphasis">smbmount</em> how to 882translate between the SMB filesystem and the Unix filesystem, which 883differ in their handling of ownership and permissions. The 884<em class="emphasis">uid</em> and <em class="emphasis">gid</em> options specify 885the owner and group to be assigned to all directories and files in 886the mounted share.</p> 887 888<p>The <em class="emphasis">fmask</em><a name="INDEX-55"/> and 889<em class="emphasis">dmask</em><a name="INDEX-56"/> options specify 890<a name="INDEX-57"/>bitmasks for 891permissions of files and directories, respectively. These bitmasks 892are logically ANDed with whatever permissions are granted by the 893server to create the effective permissions on the client Unix system. 894On the server side, the permissions granted depend on the 895server's operating system. For a Windows 95/98/Me 896server using share-mode security, the MS-DOS read-only attribute can 897be set on individual files and directories and combined with the Full 898Access or Read Only permissions on the share as a whole. In 899user-level security mode, Windows 95/98/Me can have ACL-like 900permissions applied to the entire share, as discussed in <a href="ch04.html">Chapter 4</a>. Windows NT/2000/XP support ACLs on individual 901files and directories, with Full Control, Change, or Read permissions 902that can be applied to the entire share. If the server is a Samba 903server, the permissions are whatever is defined by the Samba share 904and the local Unix system for the individual files and directories. 905In every case, the permissions applied to the share act to further 906limit access, beyond what is specified for the individual files and 907directories.</p> 908 909<a name="samba2-CHP-5-NOTE-124"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 910<p>You might think that the <em class="emphasis">fmask</em> and 911<em class="emphasis">dmask</em> permission masks can be used only to 912reduce the effective permissions on files and directories, but this 913is not always the case. For example, suppose that a file is being 914shared by a Windows 95/98/Me server using share-mode security and 915that some number of users have been given the Full Access password 916for the share. If the share is mounted with 917<em class="emphasis">smbmount</em> using an <em class="emphasis">fmask</em> of 918666, read/write permissions are granted on the Unix system not only 919for the owner, but for everyone else on the Unix system as well!</p> 920</blockquote> 921 922<p>After mounting the <em class="filename">\\maya\d</em> share to 923<em class="filename">/smb/e</em>, here is what the contents of 924<em class="filename">/smb/e</em> look like:</p> 925 926<blockquote><pre class="code">$ <tt class="userinput"><b>cd /smb/e ; ls -l</b></tt> 927total 47 928drwxrwxr-x 1 jay jay 512 Jan 8 20:21 CD-images 929drwxrwxr-x 1 jay jay 512 Jan 6 21:50 lectures 930-rw-rw-r-- 1 jay jay 131 Dec 18 09:12 ms-ProfPol-wp.doc 931-rw-rw-r-- 1 jay jay 59 Dec 18 09:12 profile-map 932-rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt 933drwxrwxr-x 1 jay jay 512 Feb 4 2002 RECYCLED 934-rw-rw-r-- 1 jay jay 33969 Dec 10 20:22 smbclient.doc 935-rw-rw-r-- 1 jay jay 7759 Dec 10 20:20 smbmount.doc 936-rw-rw-r-- 1 jay jay 1914 Dec 10 20:17 smbsh.txt 937drwxrwxr-x 1 jay jay 512 Jan 10 03:54 trans</pre></blockquote> 938 939<p>For the most part, the files and directories contained in the mounted 940smbfs filesystem will work just like any others, except for 941limitations imposed by the nature of SMB networking. For example, not 942even the superuser can perform the operation:</p> 943 944<blockquote><pre class="code"># <tt class="userinput"><b>chown root lectures</b></tt> 945chown: changing ownership of 'lectures': Operation not permitted</pre></blockquote> 946 947<p>because SMB shares do not intrinsically support the idea of 948ownership. Some odd behaviors can result from this. For example, the 949command:</p> 950 951<blockquote><pre class="code"># <tt class="userinput"><b>chmod 777 readme.txt</b></tt></pre></blockquote> 952 953<p>does not produce an error message, although nothing has been changed. 954The file <em class="filename">readme.txt</em> still has permissions set to 955664:</p> 956 957<blockquote><pre class="code"># <tt class="userinput"><b>ls -l readme.txt</b></tt> 958-rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt</pre></blockquote> 959 960<p>Aside from little things such as these, the mounted smbfs filesystem 961can be used in conjunction with virtually any application, and you 962might be pleasantly surprised at how nicely it integrates with your 963Linux-based computing environment. You can even create symbolic links 964in the Unix filesystem, pointing to files and directories inside SMB 965shares. However, unless the server is a Samba server that supports 966Unix CIFS extensions, you will not be able to create a symbolic link 967inside the mounted smbfs filesystem.</p> 968 969 970</div> 971 972 973<div class="sect2"><a name="samba2-CHP-5-SECT-4.2"/> 974 975<h3 class="head2">Mounting smbfs Filesystems Automatically</h3> 976 977<p><a name="INDEX-58"/>As with other types of 978filesystems, an smbfs filesystem can be mounted automatically during 979system bootup by creating an entry for it in 980<em class="filename">/etc/fstab</em>. The format for the entry is as 981follows:</p> 982 983<blockquote><pre class="code"><em class="replaceable">Share-UNC mount-point</em> smbfs <em class="replaceable">options</em> 0 0</pre></blockquote> 984 985<p>Replace <em class="replaceable">Share-UNC</em> with the UNC of the 986share (using the forward slash format), and replace 987<em class="replaceable">mount-point</em> with the name of the directory 988in the Linux filesystem on which the share will be mounted. In place 989of <em class="replaceable">options</em>, simply use the string that you 990used with the <em class="emphasis">-o</em> flag in the 991<em class="emphasis">smbmount</em> command.</p> 992 993<p>Once you have found the arguments to use with the 994<em class="emphasis">smbmount</em> command to mount the share the way you 995like it, it is a very simple matter to create the entry for 996<em class="filename">/etc/fstab</em>. The <em class="emphasis">smbmount</em> 997command we used to mount the share <em class="filename">\\maya\e</em> on 998<em class="filename">/smb/e</em> would translate to this 999<em class="filename">/etc/fstab</em> entry:</p> 1000 1001<blockquote><pre class="code">//maya/e /smb/e smbfs 1002credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775 0 0 1003 1004<i class="lineannotation">(Please note that this should all go on one line.)</i></pre></blockquote> 1005<a name="samba2-CHP-5-NOTE-125"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> 1006<p>If you make a mistake in modifying 1007<em class="filename">/etc/fstab</em><a name="INDEX-59"/><a name="INDEX-60"/>, your system might not 1008reboot properly, and you might be forced to boot into single-user 1009mode to fix the problem. Before you edit 1010<em class="filename">/etc/fstab</em>, be sure to make a backup copy of it, 1011and be prepared to recover your system if anything goes wrong.</p> 1012</blockquote> 1013 1014<p>Once the entry has been added, the system will automatically mount 1015the share when booting. Or, the system administrator can manually 1016mount or unmount the share with commands such as these:</p> 1017 1018<blockquote><pre class="code"># <tt class="userinput"><b>mount /smb/e</b></tt> 1019# <tt class="userinput"><b>umount /smb/e</b></tt></pre></blockquote> 1020 1021<a name="samba2-CHP-5-NOTE-126"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 1022<p>It is possible to use <em class="emphasis">mount</em> and 1023<em class="emphasis">umount</em> by giving them the UNC for the share 1024using forward slashes, as in our <em class="filename">/etc/fstab</em> 1025entry. However, be careful about this. A share might be listed more 1026than once in <em class="filename">/etc/fstab</em> so that it can be 1027mounted at more than one place in the Linux filesystem. If you use 1028the UNC to specify the share you wish to mount or unmount, you might 1029cause it to be mounted or unmounted at another mount point from the 1030one you intended.</p> 1031</blockquote> 1032 1033 1034</div> 1035 1036 1037<div class="sect2"><a name="samba2-CHP-5-SECT-4.3"/> 1038 1039<h3 class="head2">Common smbmount Options</h3> 1040 1041<p><a href="ch05.html#samba2-CHP-5-TABLE-1">Table 5-1</a> lists 1042<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em> 1043pairs that can be used with the <em class="emphasis">-o</em> option of 1044<em class="emphasis">smbmount</em> or in the options field of the 1045<em class="filename">/etc/fstab</em> entry for the smbfs filesystem. See 1046the <em class="emphasis">smbmount</em> manual page for a complete list of 1047options.</p> 1048 1049<a name="samba2-CHP-5-TABLE-1"/><h4 class="head4">Table 5-1. smbmount options</h4><table border="1"> 1050 1051 1052 1053 1054<tr> 1055<th> 1056<p>Key</p> 1057</th> 1058<th> 1059<p>Value</p> 1060</th> 1061<th> 1062<p>Function</p> 1063</th> 1064</tr> 1065 1066 1067<tr> 1068<td> 1069<p><tt class="literal">username</tt></p> 1070</td> 1071<td> 1072<p>string</p> 1073</td> 1074<td> 1075<p>Provides the username, and optionally the password and workgroup, for 1076authentication.</p> 1077</td> 1078</tr> 1079<tr> 1080<td> 1081<p><tt class="literal">password</tt></p> 1082</td> 1083<td> 1084<p>string</p> 1085</td> 1086<td> 1087<p>Provides the share or domain password, if it hasn't 1088been supplied by another means.</p> 1089</td> 1090</tr> 1091<tr> 1092<td> 1093<p><tt class="literal">credentials</tt></p> 1094</td> 1095<td> 1096<p>string</p> 1097</td> 1098<td> 1099<p>Name of file containing the username and password.</p> 1100</td> 1101</tr> 1102<tr> 1103<td> 1104<p><tt class="literal">uid</tt></p> 1105</td> 1106<td> 1107<p>string or numeric</p> 1108</td> 1109<td> 1110<p>User ID to apply to all files and directories of the mounted share.</p> 1111</td> 1112</tr> 1113<tr> 1114<td> 1115<p><tt class="literal">gid</tt></p> 1116</td> 1117<td> 1118<p>string or numeric</p> 1119</td> 1120<td> 1121<p>Group ID to apply to all files and directories of the mounted share.</p> 1122</td> 1123</tr> 1124<tr> 1125<td> 1126<p><tt class="literal">fmask</tt></p> 1127</td> 1128<td> 1129<p>numeric</p> 1130</td> 1131<td> 1132<p>Permissions to apply to files. Default is based on current umask.</p> 1133</td> 1134</tr> 1135<tr> 1136<td> 1137<p><tt class="literal">dmask</tt></p> 1138</td> 1139<td> 1140<p>numeric</p> 1141</td> 1142<td> 1143<p>Permissions to apply to directories. Default is based on current 1144umask.</p> 1145</td> 1146</tr> 1147<tr> 1148<td> 1149<p><tt class="literal">debug</tt></p> 1150</td> 1151<td> 1152<p>numeric</p> 1153</td> 1154<td> 1155<p>Debug level.</p> 1156</td> 1157</tr> 1158<tr> 1159<td> 1160<p><tt class="literal">workgroup</tt></p> 1161</td> 1162<td> 1163<p>string</p> 1164</td> 1165<td> 1166<p>Name of workgroup of remote server.</p> 1167</td> 1168</tr> 1169<tr> 1170<td> 1171<p><tt class="literal">guest</tt></p> 1172</td> 1173<td> 1174<p>(none)</p> 1175</td> 1176<td> 1177<p>Suppresses password prompt.</p> 1178</td> 1179</tr> 1180<tr> 1181<td> 1182<p><tt class="literal">ro</tt></p> 1183</td> 1184<td> 1185<p>(none)</p> 1186</td> 1187<td> 1188<p>Mount read-only.</p> 1189</td> 1190</tr> 1191<tr> 1192<td> 1193<p><tt class="literal">rw</tt></p> 1194</td> 1195<td> 1196<p>(none)</p> 1197</td> 1198<td> 1199<p>Mount read/write. This is the default.</p> 1200</td> 1201</tr> 1202<tr> 1203<td> 1204<p><tt class="literal">ttl</tt></p> 1205</td> 1206<td> 1207<p>numeric</p> 1208</td> 1209<td> 1210<p>Amount of time to cache the contents of directories. Defaults to 1000 1211ms <a name="INDEX-62"/>.</p> 1212</td> 1213</tr> 1214 1215</table> 1216 1217 1218</div> 1219 1220 1221</div> 1222 1223 1224 1225<div class="sect1"><a name="samba2-CHP-5-SECT-5"/> 1226 1227<h2 class="head1">smbsh</h2> 1228 1229<p>The <em class="emphasis">smbsh</em><a name="INDEX-63"/> program is part of the Samba suite and 1230works on some, but not all, Unix variants.<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> Effectively, it adds a wrapper around the 1231user's command shell, enabling it and common Unix 1232utilities to work on files and directories in SMB shares, in addition 1233to files and directories in the local Unix filesystem. From the 1234user's perspective, the effect is that of a 1235simulated mount of the SMB shares onto the Unix filesystem.</p> 1236 1237<p><em class="emphasis">smbsh</em> works by running the shell and programs 1238run from it in an environment in which calls to the standard C 1239library are redirected to the 1240<em class="emphasis">smbwrapper</em><a name="INDEX-64"/> library, which has support for 1241operating on SMB shares. This redirection can work only if the 1242program being run is dynamically linked. Fortunately, modern Unix 1243versions ship with most common utilities linked dynamically rather 1244than statically.</p> 1245 1246<a name="samba2-CHP-5-NOTE-127"/><blockquote class="note"><h4 class="objtitle">TIP</h4> 1247<p>To determine whether a program is dynamically or statically linked, 1248try using the <em class="emphasis">file</em> command.</p> 1249</blockquote> 1250 1251<p>To use <em class="emphasis">smbsh</em>, your Samba installation must be 1252configured using the configure option 1253<tt class="literal">--with-smbwrapper</tt>.</p> 1254 1255<p>If you have a number of Unix systems with the same host operating 1256system and architecture and don't want to bother 1257with a full Samba installation, you can simply move the following 1258files to the other systems:</p> 1259 1260<blockquote><pre class="code">/usr/local/samba/bin/smbsh 1261/usr/local/samba/bin/smbwrapper.so 1262/usr/local/samba/lib/smb.conf</pre></blockquote> 1263 1264<p>Make sure that <em class="filename">/usr/local/samba/bin</em> is in your 1265shell's search path. The 1266<em class="filename">smb.conf</em><a name="INDEX-65"/><a name="INDEX-66"/> file is 1267needed only for <em class="emphasis">smbsh</em> to determine the workgroup 1268or domain and does not need to be as elaborate as your Samba 1269server's configuration file.</p> 1270 1271 1272<div class="sect2"><a name="samba2-CHP-5-SECT-5.1"/> 1273 1274<h3 class="head2">An Interactive Session with smbsh</h3> 1275 1276<p><a name="INDEX-67"/>To start <em class="emphasis">smbsh</em>, 1277simply type in the <em class="emphasis">smbsh</em> command at the shell 1278prompt. You will be prompted for a username and password with which 1279to authenticate on the SMB network:</p> 1280 1281<blockquote><pre class="code">$ <tt class="userinput"><b>smbsh</b></tt> 1282Username: davecb 1283Password: 1284smbsh$</pre></blockquote> 1285 1286<p>While working within the <em class="emphasis">smbsh</em> shell, you have a 1287virtual <em class="filename">/smb</em> directory. This does not actually 1288exist in the Unix filesystem and is supported within 1289<em class="emphasis">smbsh</em> only to help organize the SMB shares in a 1290structure familiar to Unix users. You can list the contents of the 1291<em class="filename">/smb</em> virtual directory and get a list of 1292workgroups in the local network, which are also presented as virtual 1293directories:</p> 1294 1295<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd /smb ; ls</b></tt> 1296ZOOL PLANK BACIL</pre></blockquote> 1297 1298<p>You can change your working directory to one of the workgroup virtual 1299directories, and listing one of them will show the computers in the 1300workgroup:</p> 1301 1302<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd ZOOL ; ls</b></tt> 1303ANTILLES DODO MILO SEAL 1304ARGON HANGGLIDE OSTRICH SPARTA 1305BALLET INFUSION PLAQUE THEBES 1306CHABLIS JAZ PRAETORIAN TJ 1307COBRA KIKO RAYOPCI TRANCE 1308COUGUR MACHINE-HEADPCI RUMYA VIPERPCI 1309CRUSTY MATHUMA SCOT</pre></blockquote> 1310 1311<p>Likewise, you can change your current directory to, and list the 1312contents of, a computer virtual directory, and then you can see a 1313listing of shares offered by that computer:</p> 1314 1315<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd scot ; ls</b></tt> 1316ADMIN$ davecb nc np2s pl 1317ace dhcp-mrk03 np nps xp 1318cl ep np2 opcom</pre></blockquote> 1319 1320<p>This is the lowest level of 1321<em class="emphasis">smbsh</em>'s virtual directory 1322system. Once you <em class="emphasis">cd</em> into a share, you are within 1323the SMB share on the remote computer:</p> 1324 1325<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd davecb ; ls</b></tt> 1326Mail mkanalysis_dirs.idx 1327SUNWexplo nfs.ps 1328Sent nsmail 1329allsun.html projects.txt 1330bin sumtimex</pre></blockquote> 1331 1332<p>Once in a remote share, most of the Unix shell utilities will work, 1333and you can operate on files and directories much as you would on any 1334Unix system. You can even create symbolic links in the Unix 1335filesystem pointing to files and directories in the SMB share. 1336However, attempts to create symbolic links in the SMB share will fail 1337unless the share is being served by Samba with support for Unix CIFS 1338extensions.</p> 1339 1340 1341</div> 1342 1343 1344</div> 1345 1346 1347 1348<div class="sect1"><a name="samba2-CHP-5-SECT-6"/> 1349 1350<h2 class="head1">smbutil and mount_smbfs</h2> 1351 1352<p>The <em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em> 1353programs provide SMB client functionality for FreeBSD, Darwin, and 1354Mac OS X. Neither of the programs is part of the Samba distribution; 1355however, we are including them to give you a little additional 1356support in case you have BSD-related Unix systems on your network.</p> 1357 1358 1359<div class="sect2"><a name="samba2-CHP-5-SECT-6.1"/> 1360 1361<h3 class="head2">smbutil</h3> 1362 1363<p>The <em class="emphasis">smbutil</em><a name="INDEX-68"/> program provides functionality similar 1364to some of the Samba suite's command-line utilities. 1365It can be used to list the shares available on an SMB server or 1366perform NetBIOS name lookups.</p> 1367 1368<p>The first argument given to <em class="emphasis">smbutil</em> is one of a 1369number of subcommands and is usually followed by arguments specific 1370to the subcommand. For example, to list the resources offered by a 1371server, use the <em class="emphasis">view</em> subcommand, and enter your 1372server password when prompted:</p> 1373 1374<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //vamana</b></tt> 1375Password: 1376Share Type Comment 1377------------------------------------------------------------- 1378public disk 1379SS2500 printer Stylus Scan 2500 1380IPC$ pipe IPC Service (Samba 2.2.5) 1381ADMIN$ disk IPC Service (Samba 2.2.5) 1382leonvs disk User Home Directories 1383 13845 shares listed from 5 available</pre></blockquote> 1385 1386<p>If you wish to connect to the server with a username that differs 1387from that on your client, you can specify it on the command line by 1388preceding the name of the server with the username and using an at 1389sign (<tt class="literal">@</tt>) as a separator:</p> 1390 1391<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs@vamana</b></tt></pre></blockquote> 1392 1393<p>You can also include the password after the username, using a colon 1394(:) as a separator, to avoid being prompted for 1395it:</p> 1396 1397<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs:leonspassword@vamana</b></tt></pre></blockquote> 1398 1399<p>Typing your password in the open like this is strongly discouraged. 1400It's a little better if you use an encrypted 1401password, which you can generate using 1402<em class="emphasis">smbutil</em>'s 1403<em class="emphasis">crypt</em> subcommand:</p> 1404 1405<blockquote><pre class="code">% <tt class="userinput"><b>smbutil crypt leonspassword</b></tt> 1406$$1625a5723293f0710e5faffcfc6</pre></blockquote> 1407 1408<p>This can then be used in place of a clear-text password. However, the 1409encryption is not particularly strong and will foil only the most 1410casual inspection. As noted earlier, the only reasonably secure 1411method of providing a password is to be prompted for it.</p> 1412 1413<p>While starting up, <em class="emphasis">smbutil</em> reads the file 1414<em class="filename">.nsmbrc</em><a name="INDEX-69"/> in the user's home 1415directory. Also, the file 1416<em class="filename">/usr/local/etc/nsmb.conf</em><a name="INDEX-70"/><a name="INDEX-71"/> is read, and directives in that file 1417override those in users' 1418<em class="filename">~/.nsmbrc</em> files. This is to allow administrators 1419to apply mandatory settings to all users. Directives can be placed in 1420this file using the section and parameter format similar to that of 1421the Samba configuration file. A list of common configuration 1422parameters is given in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p> 1423 1424<p>For example, to keep your password in your 1425<em class="filename">~/.nsmbrc</em> file, you can create an entry in the 1426file such as the following:</p> 1427 1428<blockquote><pre class="code">[VAMANA:LEONVS] 1429 password=$$1625a5723293f0710e5faffcfc6</pre></blockquote> 1430 1431<p>The section heading in brackets specifies the SMB 1432server's NetBIOS name and the username to which the 1433subsequent parameter settings apply. (The hostname and username 1434should be supplied in uppercase characters.) Section headings can 1435also consist of just a hostname or can contain a share name as a 1436third element for specifying parameters applicable to a single share. 1437Finally, if a <tt class="literal">[default]</tt> section is present, the 1438settings in it apply to all connections.</p> 1439 1440<p>The following example <em class="filename">.nsmbrc</em> shows some of the 1441other parameters you might use:</p> 1442 1443<blockquote><pre class="code">[default] 1444 username=leonvs 1445 # NetBIOS name server 1446 nbns=192.168.1.3 1447 1448[VAMANA] 1449 # server IP address 1450 addr=192.168.1.6 1451 workgroup=TEST 1452 1453[VAMANA:LEONVS] 1454 password=$$1625a5723293f0710e5faffcfc6</pre></blockquote> 1455 1456<p>Another thing you can do with <em class="emphasis">smbutil</em> is 1457<a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/>translate between IP addresses or DNS 1458names and 1459<a name="INDEX-75"/>NetBIOS 1460names. For example, the <em class="emphasis">status</em> subcommand takes 1461an IP address or DNS hostname as an argument and returns the 1462corresponding SMB server's NetBIOS name and 1463workgroup:</p> 1464 1465<blockquote><pre class="code">% <tt class="userinput"><b>smbutil status 192.168.1.6</b></tt> 1466Workgroup: TEST 1467Server: VAMANA</pre></blockquote> 1468 1469<p>The <em class="emphasis">lookup</em> subcommand returns the IP address 1470associated with a given NetBIOS hostname. A NetBIOS name server can 1471be optionally specified with the <em class="emphasis">-w</em> argument:</p> 1472 1473<blockquote><pre class="code">% <tt class="userinput"><b>smbutil lookup -w 192.168.1.3 VAMANA</b></tt> 1474Got response from 192.168.1.3 1475IP address of VAMANA: 192.168.1.6</pre></blockquote> 1476 1477 1478</div> 1479 1480 1481<div class="sect2"><a name="samba2-CHP-5-SECT-6.2"/> 1482 1483<h3 class="head2">mount_smbfs</h3> 1484 1485<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-76"/> program performs essentially the same 1486function as <em class="emphasis">smbmount</em> on Linux. It mounts an SMB 1487share on a directory in the local filesystem. The SMB share can then 1488be accessed just like any other directory, subject to some behavioral 1489differences noted earlier in <a href="ch05.html#samba2-CHP-5-SECT-4.1">Section 5.4.1</a>.</p> 1490 1491<p>The command synopsis for <em class="emphasis">mount_smbfs</em> is:</p> 1492 1493<blockquote><pre class="code">mount_smbfs <em class="replaceable">[options]</em> <em class="replaceable">Share-UNC</em> <em class="replaceable">mount-point</em></pre></blockquote> 1494 1495<p>where <em class="replaceable">Share-UNC</em> is of the form:</p> 1496 1497<blockquote><pre class="code">//[<em class="replaceable">workgroup</em>;][<em class="replaceable">username</em>[:<em class="replaceable">password</em>]@]<em class="replaceable">server</em>[/<em class="replaceable">share</em>]</pre></blockquote> 1498 1499<p>For example:</p> 1500 1501<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs '//TEST;leonvs:$$1625a5723293f0710e5faffcfc6@vamana/leonvs' /</b></tt> 1502\<tt class="userinput"><b>Volumes/leonvs</b></tt></pre></blockquote> 1503 1504<p>The ownership and permissions of the mount point determine the 1505default ownership and permissions for files and directories in the 1506mounted share. These can be modified with command-line arguments, 1507like this:</p> 1508 1509<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs -u leonvs -g admin -f 0750 -d 0755 //leonvs@vamana/leonvs </b></tt> 1510\<tt class="userinput"><b>/Volumes/leonvs</b></tt></pre></blockquote> 1511 1512<p>In this example, the files and directories in the mounted share will 1513be owned by the user leonvs and the group admin, with files and 1514directories having permissions 750 and 755, respectively. (As usual, 1515the permissions are specified in the octal format used by the Unix 1516<em class="emphasis">chmod</em> command.)</p> 1517 1518<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-77"/><a name="INDEX-78"/> command 1519also makes use of settings in 1520<em class="filename">/usr/local/etc/nsmb.conf</em> and 1521<em class="filename">~/.nsmbrc</em>, as described earlier. A list of 1522common configuration parameters and command-line options is provided 1523in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p> 1524 1525<a name="samba2-CHP-5-TABLE-2"/><h4 class="head4">Table 5-2. Common smbutil and mount_smbfs options</h4><table border="1"> 1526 1527 1528 1529 1530<tr> 1531<th> 1532<p>Command-line option</p> 1533</th> 1534<th> 1535<p>Configuration file parameter</p> 1536</th> 1537<th> 1538<p>Description</p> 1539</th> 1540</tr> 1541 1542 1543<tr> 1544<td> 1545<p><tt class="literal">-I</tt> <em class="replaceable">hostname</em></p> 1546</td> 1547<td> 1548<p><tt class="literal">addr</tt></p> 1549</td> 1550<td> 1551<p>Avoid NetBIOS name resolution and connect to the server using the 1552specified DNS hostname or IP address.</p> 1553</td> 1554</tr> 1555<tr> 1556<td> 1557<p>-N</p> 1558</td> 1559<td> 1560<p><em class="emphasis">none</em></p> 1561</td> 1562<td> 1563<p>Do not prompt for a password.</p> 1564</td> 1565</tr> 1566<tr> 1567<td> 1568<p>-R <em class="replaceable">count</em></p> 1569</td> 1570<td> 1571<p><tt class="literal">retry_count</tt></p> 1572</td> 1573<td> 1574<p>Number of times to retry connection before giving up.</p> 1575</td> 1576</tr> 1577<tr> 1578<td> 1579<p>-T <em class="replaceable">seconds</em></p> 1580</td> 1581<td> 1582<p><tt class="literal">timeout</tt></p> 1583</td> 1584<td> 1585<p>Timeout, in seconds, per connection request.</p> 1586</td> 1587</tr> 1588<tr> 1589<td> 1590<p>-U <em class="replaceable">username</em></p> 1591</td> 1592<td> 1593<p><tt class="literal">username</tt></p> 1594</td> 1595<td> 1596<p>Username to use for authentication. Defaults to Unix username.</p> 1597</td> 1598</tr> 1599<tr> 1600<td> 1601<p>-W <em class="replaceable">workgroup</em></p> 1602</td> 1603<td> 1604<p><tt class="literal">workgroup</tt></p> 1605</td> 1606<td> 1607<p>Name of workgroup of remote server.</p> 1608</td> 1609</tr> 1610<tr> 1611<td> 1612<p>-d <em class="replaceable">mode</em></p> 1613</td> 1614<td> 1615<p><em class="emphasis">none</em></p> 1616</td> 1617<td> 1618<p>Permissions to apply to directories in the mounted share. Defaults to 1619the same as the file permissions, plus an execute (search) bit 1620whenever the read bit is set.</p> 1621</td> 1622</tr> 1623<tr> 1624<td> 1625<p>-f <em class="replaceable">mode</em></p> 1626</td> 1627<td> 1628<p><em class="filename">none</em></p> 1629</td> 1630<td> 1631<p>Permissions to apply to files in the mounted share. Defaults to the 1632same as the permissions set on the directory used as the mount point.</p> 1633</td> 1634</tr> 1635<tr> 1636<td> 1637<p>-g <em class="replaceable">group</em></p> 1638</td> 1639<td> 1640<p><em class="emphasis">none</em></p> 1641</td> 1642<td> 1643<p>Name or numeric GID to apply to all files and directories in the 1644mounted share. Defaults to the group of the directory used as the 1645mount point.</p> 1646</td> 1647</tr> 1648<tr> 1649<td> 1650<p>-n <em class="replaceable">long</em></p> 1651</td> 1652<td> 1653<p><em class="emphasis">none</em></p> 1654</td> 1655<td> 1656<p>Disable support for long filenames. Restrict filenames to 8.3 naming 1657standard.</p> 1658</td> 1659</tr> 1660<tr> 1661<td> 1662<p>-u <em class="replaceable">username</em></p> 1663</td> 1664<td> 1665<p><em class="emphasis">none</em></p> 1666</td> 1667<td> 1668<p>Username or numeric UID to apply as the owner of all files and 1669directories in the mounted share. Defaults to the owner of the 1670directory used as the mount point.</p> 1671</td> 1672</tr> 1673<tr> 1674<td> 1675<p>-w <em class="replaceable">hostname</em></p> 1676</td> 1677<td> 1678<p><tt class="literal">nbns</tt></p> 1679</td> 1680<td> 1681<p>Hostname or IP address of the NetBIOS name server.</p> 1682</td> 1683</tr> 1684<tr> 1685<td> 1686<p><em class="emphasis">none</em></p> 1687</td> 1688<td> 1689<p><tt class="literal">password</tt></p> 1690</td> 1691<td> 1692<p>Password to use for authentication.</p> 1693</td> 1694</tr> 1695 1696</table> 1697 1698 1699</div> 1700 1701 1702<div class="sect2"><a name="samba2-CHP-5-SECT-6.3"/> 1703 1704<h3 class="head2">Mac OS X</h3> 1705 1706<p><a name="INDEX-79"/>In addition to 1707<em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em>, OS 1708X includes a graphical interface to the functionality they provide. 1709To use this interface, open the Go menu and select the Connect to 1710Server . . . menu item. Instead of using a UNC, specify the share in 1711the form of a Uniform Resource Identifier (URI) with a prefix of 1712<tt class="literal">smb://</tt> entered in the Address field, as shown in 1713<a href="ch05.html#samba2-CHP-5-FIG-5">Figure 5-5</a>.</p> 1714 1715<div class="figure"><a name="samba2-CHP-5-FIG-5"/><img src="figs/sam2_0505.gif"/></div><h4 class="head4">Figure 5-5. OS X Connect to Server dialog</h4> 1716 1717<p>You can specify a server, share, workgroup, username, and password 1718(optionally encrypted with <em class="emphasis">smbutil crypt</em>) in the 1719URI, in the same format as the UNC argument to 1720<em class="emphasis">mount_smbfs</em>. If you don't 1721specify a share name in the URI, you will be shown a window that lets 1722you choose from a list of shares available to mount. See <a href="ch05.html#samba2-CHP-5-FIG-6">Figure 5-6</a>.</p> 1723 1724<div class="figure"><a name="samba2-CHP-5-FIG-6"/><img src="figs/sam2_0506.gif"/></div><h4 class="head4">Figure 5-6. Selecting a share to mount</h4> 1725 1726<p>Only guest-accessible shares will show up in the list until 1727you've authenticated. After pressing the 1728Authenticate button, you'll be prompted for a 1729workgroup, username, and password, as shown in <a href="ch05.html#samba2-CHP-5-FIG-7">Figure 5-7</a>. You'll also see this dialog 1730if you provide a share name in the URI, but not a username and 1731password.<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a></p> 1732 1733<div class="figure"><a name="samba2-CHP-5-FIG-7"/><img src="figs/sam2_0507.gif"/></div><h4 class="head4">Figure 5-7. Client authentication</h4> 1734 1735<p>As usual for Mac OS X, shares are mounted under 1736<em class="filename">/Volumes</em>, but show up in the root of the Finder 1737hierarchy.</p> 1738 1739<p>If you have a WINS server on your network, you can provide the 1740server's IP address in the Directory Access 1741application, or by using the <tt class="literal">wins</tt> 1742<tt class="literal">server</tt> parameter in 1743<em class="filename">/etc/smb.conf</em>.</p> 1744 1745<p>If you don't know the name of a server to which you 1746wish to connect, you can look for it in the browse list, using the 1747graphical frontend to the <em class="emphasis">nmblookup</em> command 1748provided with Samba. Click the downward-pointing arrow in the Connect 1749to Server . . . dialog box to show a hierarchical, column-based view 1750of available workgroups and servers, similar to that shown in <a href="ch05.html#samba2-CHP-5-FIG-8">Figure 5-8</a>. If your client is also acting as an SMB file 1751server, it won't show up in its own browse 1752list.<a name="INDEX-80"/></p> 1753 1754<div class="figure"><a name="samba2-CHP-5-FIG-8"/><a name="INDEX-81"/><img src="figs/sam2_0508.gif"/></div><h4 class="head4">Figure 5-8. Browsing the network</h4> 1755 1756 1757</div> 1758 1759 1760</div> 1761 1762<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> An alternative to extracting 1763the tar archive directly to the SMB share is to use the Unix 1764system's <em class="emphasis">tar</em> command to extract 1765it to a directory on the Unix server, then copy the desired file(s) 1766to a shared directory. This allows a greater amount of control over 1767the restoration process, as when correcting for an accidental file 1768deletion or reverting a set of files to a previous condition.</p> 1769<a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Samba Versions 17702.2.4 and later have support for Unix CIFS extensions developed by 1771Hewlett-Packard, which add full support for Unix ownership, group, 1772and permissions in smbfs filesystems when shared between two Samba 1773systems. You will also need a recent version of smbfs in your Linux 1774kernel.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> At the 1775time of this writing, <em class="emphasis">smbsh</em> does not work on 1776HP/UX or Linux. However, Linux support might return in the 1777future.</p> <a name="FOOTNOTE-4"/> <p><a href="#FNPTR-4">[4]</a> If you've previously 1778stored your authentication information in a Keychain, you will 1779instead be prompted for your Keychain password.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html> 1780