• Home
• TheWeb
• Linux
• Microsoft
• SiteMap
• OpenSource
• Musings
• Recipes

This tutorial is about getting openSUSE 10, 11 and Windows workstations communicating on the same workgroup at home or in a small business where they all share a connection to the internet.

Here are in-page links to the focus areas:

• • Network interfaces in Windows
• • Network interfaces in openSUSE
• • Initialise Samba for SOHO LAN (Workgroup)
• • Setting up a Samba Client
• • The Suse/openSUSE Default Shares
• • Permission to Access Suse/openSUSE Shares
• • Enhance Browsing with a Local Master Browser
• • Summary Recipes for smb.conf
• • Firewalls on individual workstations
• • Activating your changes

IP addressing: There are two options. The IP address of the network interface can be determined by you (fixed addressing) or automatically (dynamic addressing) from addresses served by a DHCP server. The DHCP server is most often in a hardware device such as a router or broadband modem. The Windows and openSUSE defaults are for dynamic addressing and that's what we'll use in this LAN primer. There's a comprehensive tutorial on the options and intricacies for configuring network interfaces elsewhere on this site.

Sharing Printers isn't covered here. New users will find the material that's already here daunting enough. Here is a range of options to explore when you need it:

• • Samba Print Server on Suse for Linux & Windows Clients
• • Windows Print Server on Windows for Linux Clients
• • IPP Print Server on Suse for Linux & Windows Clients

About Suse's Firewall: SuSEfirewall2 was closed to Samba by default up to version 10.3. It's open by default from version 11.0. If you've been experimenting with Samba in Yast you might have "adjusted" it. I always turn it off until I get Samba going nicely on a new machine, just to cut down the number of things I have to worry about. At the end I turn it on again. Then Samba tells me straight up whether I have to adjust it. You can turn it off for now in Yast --> Security and Users --> Disable Firewall Automatic Starting --> Stop Firewall Now. You turn it on later at the same place in Yast. Firewall settings are covered later in the Tutorial.

↑↑↑↑Network Interfaces in Windows: Network interfaces are configured automatically in Windows for DHCP. You can check the fundamental networking assignments by opening a command promptlocated at Start --> All programs --> Accessories --> Command prompt and entering ipconfig/all:

Note the "host name", AKA "Full computer name". In my case I assigned "acerxp". That's also the netBIOS name used in Samba networking. It's what you see in the Network Browsers.

Next, "DHCP enabled" is "yes", means that the DHCP server (in the router) is assigning an IP address to this network card.

The next line shows the actual IP address (192.168.1.7) assigned by the DHCP server. Then comes the IP address of the "gateway" to the internet (192.168.1.1). In the case of the simple SOHO LAN it is the same as the router which connects to the internet (see the final line - 192.168.1.1). That's a quick tour of what you should see.

If you're happy with these settings you can skip the next two screenshots because that's where you can change the various settings.

More on network names: Continue the tour by R-click on the "My Computer" icon and select Properties --> Computer Name (WinXP/Vista) or Network ID (Win 2000)

The names for the computer and workgroup are found via the "My computer" Icon on the Start menu.R-click My Computer --> Properties --> Computer Name (WinXP) or Network ID (Win 2000). The pic on the left (Pic-2) should open up.

Once again you see the "Full computer name" or netBIOS name which I set to acerxp and also the "Workgroup Name" which I chose to be SWERDNA. There's no option but upper case.

Either or both of the "Full computer name" and the "Workgroup" can be altered here if you wish - just click the "Change" button. A screen where you can change acerxp or SWERDNA will open up. It's simple so I don't show it. Note that all workstations in the LAN must have the same workgroup name (e.g. SWERDNA) and must have different/unique netBIOS names (e.g. winxp).

Windows IP addressing: You can continue the tour from Control Panel --> Network Connections --> R-click Local Area Connection --> Properties --> Internet Protocol (TCPIP) --> Properties. This will open the panel for the network interface:

"Obtain IP address automatically" is the default. That allows an IP address to be assigned by a DHCP server, e.g. in your broadband modem or your router.

You are at liberty to select the second option to "Use the following IP address" and enter an IP address selected by you into the entry bars provided.

The DNS settings refer to the translation of IP addresses to domain names that make more sense that integers to humans e.g. swerdna.net.au. These "Domain Name Servers" are provided by ISPs.

"Obtain DNS server addresses automatically" would be selected by default. The data are generally fed down through your hardware modem or router. If the name resolution is poor you may select the second DNS option and explicitly enter addresses of DNS servers as in the screenshot.

↑↑↑↑Network Interfaces in openSUSE: The settings here are for interfaces set up using openSUSE's defaults (set up by a DHCP server). Yours might be different. The alternative options are in another Tutorial.

The GUI for checking or configuring Network Interfaces in Yast by selecting Yast --> Network Devices --> Network Cards. In openSUSE 10.3 and 11 you'll open a panel with 4 tabs that together define the broad network settings:

The Overview Tab, Pic 4, in this case shows Suse's defaults. Note that my Asustek on-the-board interface is set for DHCP, it's called eth0 and it starts automatically at boot.

The Global Options Tab, Pic 5, is more interesting. "Network Setup Method" is where you choose between "Network Manager" and the "Traditional ifup" (Command Line) method for controlling the interface. You should use ifup if the computer and its environment are static, e.g. a SOHO LAN. GUI Network Managers are useful for switching between wireless networks e.g. when roaming.

IPv6 relates to Internet browsing, not Samba. My advice is this: don't enable IPv6 for Suse up to and including version 10.3. Thereafter it's OK to enable IPv6.

The Hostname/DNS Tab, Pic 6: Enter your chosen computer name into "hostname" (e.g. dell103). This is the Linux network name, very similar to the Windows netBIOS name. Later when we set the Linux netBIOS name, you should re-use the same name there for consistency. The hostname/netBIOS name must be unique to each workstation.

Workgroup: enter the the workgroup name (e.g. swerdna) into the slot for "Domain Name". Use the same workgroup name for all workstations in the LAN. Make sure to checkmark "Change hostname via DHCP" and to allow the hostname to be written to the file /etc/hosts

In Windows workstations you had the option to add your chosen Name Servers (see Pic 3). That option exists in here as well although I don't go into it further. To add these see "Manually set Gateway & Name Resolution" in my tutorial on configuring network interfaces. It's quite simple.

The Routing Tab is a non-event when DHCP is used because the DHCP server is the gateway. I've linked Pic 7 for the Routing tab for you to view off-page. If you chose to add Name Servers in Pic 6 with DHCP addressing or if you choose static IP addressing you should enter gateway data (e.g. 192.168.1.1) under the Routing tab -- but for Suse and its DHCP defaults the gateway is blank.

If you're using versions of Suse before openSUSE 10.3 you might be confused to see your Network Settings GUI is different from the screenshots that I've shown. I've left the screenshots from an earlier version of this Tutorial for you to look at. You may need to L-click the image in Firefox to get full size.

Check Settings for DHCP: You can now reactivate the "Overview" tab (Pic 4) and highlight and "Configure" the Network Interface, in my case the AsusTek built-in LAN port. When you use Suse's defaults the configuration GUI that pops up is pre-configured hopefully correctly for DHCP addressing and there should be nothing for you to do. I've linked in the screenshots of the three tabs that become available for your information. I've noted on the screenshot's that you should generally activate interfaces at boot time and also make sure the interface is set to obtain an IP address by using DHCP.

↑↑↑↑Check Your Linux IP Address: Recall that in Windows you can see your IP address and other facets of the working network by issuing the DOS command ipconfig/all at the command prompt (See Pic 1). Well the same goes for Suse. Open a terminal, become root user with the command su and then issue the command ifconfig. Here's the dialogue (shortened by me):

I've highlighted in red the hostname, dell103, the shell commands, su and ifconfig, and the card's IP address, 192.168.1.2/255.255.255.0. If you also issue the extra command route, you should see the IP address of the router as (in my example) 192.168.1.1/255.255.255.0.

↑↑↑↑Initialise Samba for SOHO LAN (Workgroup): I install more than the default packages for a decent Samba experience. They're found in Yast --> Software Management --> Search Facility. You can install Gnome enhancements in KDE and vice-versa.

• • Base packages: samba, samba-client, libsmb-client, yast2-samba-client, yast2-samba-server, samba-doc
• • KDE users: kdebase3-samba
• • Gnome users: nautilus-share
• • For mapping/mounting network drives: cifs_mount & pam-cifs

You arrange for Samba to start at boot time by activating appropriate runlevels for the daemons nmb and smb. Open Yast --> System --> System Services (Runlevel) --> Expert Mode --> locate nmb and smb in the list. Ensure that each is toggled to Running=yes and that each has runlevels 3 and 5 activated.

↑↑↑↑Samba's Starting Point Configuration: You can set up Samba networking in Yast. It's confusing because of all the options. Very often the nice default configuration gets changed irretrievably while fiddling in Yast, doesn't work and causes large scale hair loss. I'll display the default configuration here and show you how to restore it. Then I'll show how to change it for a SOHO LAN.

Samba is controlled by a text file called smb.conf located at /etc/samba/smb.conf. It's made up of paragraphs separated by headings enclosed in square brackets, one for the global settings and one each for a number of shares that the Suse Developers thought would be appropriate defaults. I've linked the openSUSE 10.2/10.3/11.0 default smb.conf file for you to examine.

You can check that against your smb.conf file. You can open yours for viewing (i.e. no danger of changing it) with this command in a terminal in Gnome:

or if you use KDE execute this shell command

Now if it's necessary to restore it to it's pristine default state, that's easily done with one of these root-editor commands issued to open your smb.conf file for editing. For Gnome use this:

or for KDE use this

Now you can simply copy correct portions of the default file I linked for you and paste them over any incorrect portions in the edit version of your file. The changes become permanent when you "Save". You can experiment to your heart's content because you can come back here and reinstall the defaults from the link anytime.

↑↑↑↑Setting up a Samba Client. This is really still part of the general initialisation of Samba. You can't do anything useful unless Samba can "see" the network with samba Client. At this stage, if you've restored the [global] paragraph in smb.conf, it will look like this:

The three commented lines beginning "logon" aren't relevant in our context. Hash marks (#) deactivate them, turning them into comments, as I've done. You can do that or just delete them.

All you need to do to browse workstations is change "WORKGROUP" to the name you've chosen, in this tutorial it's SWERDNA, and to add the netBIOS name (e.g. for me it's dell103) to smb.conf. Simply edit/exchange this line:

for these three:

Now you reinitialise Samba's smb and nmb daemons with these shell commands issued as root (su to root first): rcnmb restart to restart nmb and then rcsmb restart to restart smb. You should now be able to browse into Suse and Windows file servers by drilling down from the address smb:/ entered in Konqueror or either of smb:/ or network:/// entered in Nautilus. You may have to wait a while, cup of tea perhaps or a reboot just like in Windows, for the changes to take effect. You might not be able to read/write the shares without further permission information, which is covered later in this Tutorial, but you should be now able to see them.

↑↑↑↑The Suse/openSUSE Default Shares: There are four different file shares pre-defined in the default Samba configuration file for Suse/openSUSE, labelled [homes], [profiles], [users] and [groups]. You can turn these shares on and off with Yast.

Warnings before you begin regarding Yast's Network Services modules:

• • Stay away from the Windows Domain module. You have a workgroup, not a domain. Opening the module will likely change your Samba configuration file to the point where you might need to restore the originally-installed default smb.conf.
• • When in Yast's Samba Server module, don't click anything to do with the firewall. It should be switched off for the time being. There's a firewall configuration module covered later in this tutorial. If you use the Samba Server module you should check/re-configure the firewall as per my later instructions.

Returning to Yast's Network Services modules: Open samba Server. New users should be careful what they click. Here's the screenshot:

The names in the "Name" column are the names in square brackets in smb.conf. To toggle a share on/off, highlight it and press the Toggle Status button. Avoid all other changes unless you know what you're doing.

Don't activate "Allow users to share ......" unless you understand Usershares which aren't discussed in this Tutorial. That button has nothing to do with the shares we're discussing here.

You can highlight shares and Delete them but if you think you might reinstate them later you should just toggle them off for the time being.

[homes] Users' Roaming Shares: This share allows access with full read/write permissions to users logged onto either Windows or Linux clients on the LAN. You need to supply your Linux username and Samba password to access the share. It's called "roaming" because you can roam around the LAN and access your home on the server from all computers.

In Windows you can sometimes see the share as an icon named for your Linux username. Whether you see the icon depends on your transaction history with the server earlier that session. If you can see it, drill down into the share. If you can't see it then use an address like this in the Windows network browser: \\dell103\linux_username.

On the linux client you do not initially see the share as an icon as you sometimes do in Windows. Instead you always address the share in your browser by its netBIOS name; e,g, smb://dell103/linux_username. You can use the IP address instead of "dell103" in the address line. This is a fine share for users who like to keep their work on one server but access it from many machines.

[users] Sharing the /home Directories to all Users: This share exposes the whole of the directories under /home on the server to users on the LAN who can supply any valid Linux username + Samba Password pair.

Users can see other users' directories and have read/write access to their own directories. This is a lower security share that the [homes] share. Users on both Windows and Linux clients must authenticate (supply a correct username/Samba password). You can address these shares by drilling down in your network browser or by using the network addresses like smb://dell103/users or smb://dell103/users/a_username and also smb://192.168.1.2/...etc... Of course, Windows has a slightly different version of this addressing too (e.g. \\dell103\users\john etc etc).

[profiles] Network Profiles Service: As it's structured, this is intended for special attribute mapping. I won't discuss it in this primer and suggest that you turn it off in Yast's Samba Server module.

[groups] A Share for all Users: This share is accessible to all users. You must create the directory, groups, specified by the path parameter. Create it as root under the directory /home.

It will be a read-only share, great for sharing media or other archival files. If you want it to be a writable share you need to change the permissions on /home/groups from drwxr-xr-x to drwxrwxrwx. You can do that with the shell command sudo chmod 777 /home/groups.

This is a fairly secure share, accessible only by members of the Samba user database. Files that you create across the network in the [groups] share are owned by you.

That's all for the default shares supplied with smb.conf. You wouldn't normally leave open all four of the shares discussed above. Use Yast to toggle to off mode those shares that you don't use. You can edit these shares or create entirely different shares with the GUI text editors I mentioned earlier, initiated by kdesu or gnomesu. You can also create nil-security shares on-the-fly with a R-click in Konqueror or Nautilus as described in the Tutorial HowTo Configure Shares on a Linux File Server in a SOHO LAN.

↑↑↑↑Permission to Access Suse/openSUSE Default Shares: All of the shares discussed here require that the file server where they reside has users added to the Samba user database. You can only add users into the Samba user database if they already exist as Linux users on the server.

To check who already exist in the Samba user database you issue this command in a terminal: sudo pdbedit -L.

To add members. e.g. william, issue this command in a terminal: sudo smbpasswd -a william.

To remove members. e.g. William, issue this command: sudo smbpasswd -x william.

↑↑↑↑Enhance Browsing with a Local Master Browser: This addition is optional. Many report that creating a Local Master Browser radically enhances browsing on the SOHO workgroup. The LMB's job is to collate the name and address pairs {netBIOS name,IP address} for workstations and serve them to the other LAN members. You benefit by putting the LMB in a workstation that's nearly always on; e.g. a file server or a print server. There can only be one LMB per workgroup.

Add these three lines into the [global] paragraph of the Samba configuration file, smb.conf, of the designated LMB:

and add this single line into the [global] paragraphs of the other Linux workstations:

After rebooting all machines or waiting for a time for the effects to settle in, browsing should be significantly enhanced.

↑↑↑↑Summary Recipes for smb.conf: There are many ways to change Samba's configuration. It's hard to remember what smb.conf should look like or did look like before changes were made. So here are a few recipes for the [global] parameters in smb.conf based on Local Master Browser techniques. Remember, smb.conf is a text file. At the outset you should back it up with this shell command:

Then you can edit it with either of these commands:

Above for KDE, below for Gnome.

And you can compare and make changes based on these recommended templates for the [global] parameters (follow the links):

• Local Master Browser and Preferred Master Browser concurrently
• Local Master Browser but not the Preferred Master
• In the lap of the gods

I've changed the default a bit to better accommodate printing and Usershares although I don't discuss that here. If you have a single Linux workstation with or without shares, I recommend I. For two or more Linux workstations where there's no reason to choose between them, I recommend II for both. For two or more Linux workstations where one is a dedicated server, I recommend I for the dedicated server and II for the rest. If you just don't know what to do, or you don't want to use the LMB setup, I recommend III.

↑↑↑↑Configure SuSEfirewall2 for Samba: Once Samba shares are visible, browseable and where required, writeable, you can turn Suse's firewall back on by going to Yast --> Security and Users --> Firewall. The firewall GUI will open at the Startup Configuration panel. Activate "Enable Firewall Automatic Starting" and "Start Firewall Now". Select Interfaces on the LHS and highlight your network interface on the RHS, then "Change" it to the External Zone.

The firewall disallowed Samba by default prior to version 11.0; so for 10.0 to 10.3 inclusive you will need this section. After that, for 11.0+, I recommend you turn the firewall on and see if Samba works OK both for looking in from a Windows or a Linux client and for looking out from the server at the rest of the LAN. If it's OK then you don't need to adjust the firewall.

I always have to adjust my firewall settings, even in 11.0 because the ports allowed by the Suse team differ slightly from those recommended by the Samba team. In addition I also allow a "Trusted" network IP range, simply because for me the network gets finicky if I don't. There are three places where you can adjust the firewall in Yast (in the Firewall GUI, in the Samba Server GUI and in the SysConfig GUI). I like the SysConfig GUI because it's all there in one place. That's what I show below.

Samba uses TCP ports 135, 139 and 445 and also UDP ports 137 and 138. If you wish to share a folder then Samba Server needs passage for broadcast packets. Finally you should allow your network. In my case 192.168.1.x is the "Trusted Network". You must discover and use your IP range.

Open the firewall configuration GUI at Yast -> System -> Sysconfig Editor -> Network -> Firewall -> SuSEfirewall2

Locate FW_SERVICES_EXT_TCP and allow additional ports 135, 139 and 445.

You might see the terms microsoft-ds (synonym for 445) and netbios-ssn (synonym for 139). Use numeric values for consistency and use all three.

Locate FW_SERVICES_EXT_UDP and allow additional ports 137 and 138.

You might see the terms netbios-dgm (synonym for 138) and netbios-ns (synonym for 137). Use numeric values for consistency.

Locate FW_ALLOW_FW_BROADCAST_EXT and allow Samba Server to broadcast by naming the Samba UDP ports: 137 138.

If you see the synonyms netbios-ns netbios-dgm, replace them with the numeric values.

Locate FW_TRUSTED_NETS and allow LAN traffic with e.g. 192.168.1.0/24 (NB: This is an example - discover and use your own IP range.)

Theoretically you may either allow the ports as in Pics B. C and D -- or allow a trusted net as in E. In practice I find it works much better with both.

When these are all entered, click Next etc to save and exit the firewall configuration GUI.

Warning: If you go into the Yast GUI module Yast --> Network Services --> Samba after you have configured the firewall, you may find that Samba is inexplicably blocked. It's a bug. Sometimes Yast's Samba module will block the paths through the firewall unasked. Simply re-check the settings in Pics B, C and D directly above.

↑↑↑↑Activating Your Changes: When you alter a Samba networking setting or a firewall setting, you usually have to restart the programmes that are affected by the alterations before they become effective. You can restart the Samba daemons (nmbd and smbd) with these commands in this order (NB: su to root first):

Network changes take a while to "seep" around your network. Maybe 5-10 minutes. I find rebooting helps in extreme cases, or a beer/coffee/orangejuice.

When you change the firewall in Yast, it should auto reactivate but Fabio has reported a need to restart the firewall. This case-sensitive command will do that (su to root first):

Big Tip: Sometimes I have to reboot everything including routers and modems to shake some problems loose, just like with Windows networks.

There it is.

End of story

I use the Official Samba-3 HowTo & Reference Guide

Hope this Tutorial makes life a bit easier for you.

Swerdna: June 16 2006. Last update 09 August 08