Classic Samba uses its own password database containing encrypted passwords but, as file permissions relate to Unix users and groups, these are directly related to the users on the server. Active Directory users are not related to Unix users (more on this later). To add a user to classic Samba:
# smbpasswd -a myuser
New SMB password: Retype new SMB password:
Forcing Primary Group to 'Domain Users' for myuser
Forcing Primary Group to 'Domain Users' for myuser
Added user myuser.
Note that once a user has been added to Samba, Windows will require their password to be entered - even for guest shares. Adding a user-specific share, like a home directory, can be achieved with an entry in smb.conf:
[myuser]
comment = %U
home directory writable = yes
valid users = myuser
path = %H
or, more generally, using the special [homes] share, which creates a home share for each user.
When a user attempts to connect to a share, Samba looks for an explicit share definition like the one above. If none is found, but a [homes] share exists, then that will be used like a template to create the share the user requested. A suitable example is shown below; the browsable entry prevents [homes] appearing when the share is browsed.
[homes]
comment = %U
home directory writable = yes
browsable = no
Another special kind of share is [printers]. As you might expect, this allows Windows clients to use printers attached to the Samba server. It uses CUPS to spool raw print jobs, which means that the client needs to have an appropriate printer driver installed because it is this which converts the file being printed into the raw data that the printer can process. Printing requires a spool directory that has its sticky bit set:
# mkdir /var/spool/samba
# chmod 1777 /var/spool/samba
The necessary Samba configuration sets up CUPS printing and shares its printers on a [printers] share:
[global]
load printers = yes
printing = cups
printcap name = cups
[printers]
comment = Printers
path = /var/spool/samba
browsable = yes
writable = yes
printable = yes [print$]
comment = Printer Drivers
path = /usr/share/samba/print
writable = yes
The additional [print$] share is optional, but it is for Point and Print Drivers. It allows an administrator to upload printer drivers to the server so that a user installing the printer does not have to look for a driver themselves. The directory for the [print$] share should be created along with subdirectories for the architectures to be supported:
# mkdir -p /usr/share/samba/print/{COLOR,IA 64,W32ALPHA,W32MIPS,W32PPC,W32X86, WIN40,x64}
The easiest way to upload a printer driver is by an administrator user logged in to a Windows client. On Windows 7, browse to the server (eg, \\MYHOST) and then click on View Remote Printers. Press Tab to display the menu bar and then select File>Server Properties. Go to the Drivers tab and click on Add. This will start the Add Printer Driver wizard for the server.
After uploading a driver, you need to associate it with the printer: browse to the printer and open its Properties page. On its Advanced tab, select the uploaded driver from the drop-down list. A windows client can add a printer (eg, on Windows 7 go to Start > Devices and Printers > Add Printer to add a networked printer). If a driver is installed on [print$] it will install automatically, otherwise the user will need to locate and install the correct driver themselves.
We'll now take a look at the Active Directory implementation provided by Samba 4. It is best to assume that, while Samba 4 can act as either a Standalone/NT Domain Member or as an Active Directory Domain Controller, the two configurations are very different and, to some extent, incompatible.
