How can I set up file sharing so that Windows PCs can access the same files and folders as the K12LTSP clients?

Samba is the software tool used to share files and folders on a Linux system so that Windows PCs? can access them.

These instructions will work for Red Hat Linux 9 (which is currently being used as the base for K12LTSP.)

To configure Samba on a Red Hat Linux system:

• Log on as root (either on a client station or the console, it doesn't really matter.)
• Go to the "Red Hat" menu (usually on the bottom left corner of the screen on the panel, and it looks like the Red Hat hat logo.)
• Select "System Settings" -> "Server Settings" -> "Samba Server"
• go to the "Preferences" menu, and select "Server Settings"
• Enter the workgroup name for "Workgroup", i.e., "K12LTSP"
• Enter the description, i.e. "Hickman K12LTSP server"
• Click on the "Security" tab
• Change "Encrypted Passwords" to "Yes".
• Click ""OK
• Select "File" -> "Quit"

Now, all the users need to be added as Samba users. This can be done, one by one, in the Samba Server configuration tool:

• Go to the "Preferences" menu
• Select "Samba Users"
• Click "Add..."
• Select the user account you wish to add to Samba from the "Unix user" drop-down list
• Type in the same name for the Windows user name
• Enter the user's password. For the lab computer "guest" accounts, the password is "redhat" (unless otherwise marked on the label on the monitor.)

This must be done whenever a new user account is created, and the user is supposed to be able to access file shares. Printer shares are discussed elsewhere.

The root shell magic to do this for all the "guestXX" logins is:

  grep "^guest" /etc/passwd \
  ":awk -F: '{print $1}' \
  ":xargs -n1 -i smbpasswd -a "{}" "redhat"

Line by line, first, we select all the lines from /etc/passwd that start with "guest" (with the grep command), split the line into columns seperated by the ":" character, and only give us the first column (the awk command), and then process each login through smbpasswd (the xargs and smbpasswd command).

By default, the "homes" share will be already defined, even though it does not show up as a listed share in the "Samba Server" configuration tool. At this point, if this is the only file share we wish to define, we can safely quit the "Samba Server" configuration tool.

Printing shares are automagically defined for Samba by the CUPS printing system. Any printers configured in CUPS will be shared by Samba.

Now, we need to start up the Samba Server and also set it to start at the next boot time. To do this:

• Log on as root (as above)
• Go to the "Red Hat" menu -> "System Settings" -> "Server Settings" -> "Services"
• On the list in the left-hand pane of the Services window, scroll down until you see "smb"
• Click on the empty checkbox to enable "smb" for the current runlevel at next boot. Because we were just configuring Samba, Red Hat was nice enough to start it up for us already. We know this because in the bottom-right pane of the Services, we are told that the two programs used for Samba (smbd and nmbd) are both running.
• Select "File" -> "Save Changes" to make sure these changes are saved.
• Select "File" -> "Quit"

At this point, when a student logs on to a Windows PC using the same login and password as on the LTSP system, she will be able to see a folder on the Server with her name, and all her documents will be inside there.

Unfortunately, she will also (potentially) see all the dotfiles and other things that we may not want her to be able to touch. To prevent any files starting with a period (".") from being seen or touched by a Windows PC, we need to manually edit the Samba configuration.

As root, open an editor and edit /etc/samba/smb.conf (the Samba configuration file). Scroll down until you see a block that looks like:

  homes
    comment  Home Directories
    browseable  no
    writeable  yes
    valid users  %S
    create mode  0664
    directory mode  0775

At the end of this, you want to add this line:

    veto files  /.?*/

Save the changes to /etc/samba/smb.conf and then use the "Services" tool to restart smb.

To make it so that Samba will only share files and printers to computers "inside" the LTSP lab, we need to make another manual edit to the Samba configuration file. Open /etc/samba/smb.conf in a text editor as root, and look for the word "interfaces". You should find a line like this:

  ;   interfaces  192.168.12.2/24 192.168.13.2/24

And add these two lines after it:

  interfaces  192.168.0.0/24 127.0.0.0/8
  bind interfaces only  yes

Finally, we need to adjust the settings on the Windows PCs? so that they'll understand how to talk to the LTSP server for the file and printer shares.

• Start the PC in Windows 98
• Go to Start -> Settings -> Control Panels and then open "Network"
• Change "Primary Network Login" to "Client for Microsoft Networks"
• Click "OK." You will need to have Windows setup files on hand (or a Windows 98 CD), so that Windows can install the files it needs for this change.

When the Windows PC is rebooted, it will present an "Enter Network Password" prompt. At this point, you can either use a specific user login, or the "guestXX" login and password labeled on the monitor of the PC.

See WindowsPrinting for installing printers on Windows clients.

This will hide user-specific configuration files and directories from any Windows PC, whether or not the Windows PC is configured to show hidden files.

It is important to note here that most of the manual edits to the samba configuration file would not be necessary with a working Webmin installation. Webmin makes it possible to make very advanced configuration changes via a web interface, without needing to edit configuration files manually.