Наши партнеры








Книги по Linux (с отзывами читателей)

Библиотека сайта rus-linux.net

Chapter 3. Configuring Windows Clients

Configuring Windows to use your new Samba server is really quite simple. SMB is Microsoft's native language for resource sharing on a local area network, so much of the installation and setup on the Windows client side have been taken care of already.

Windows Networking Concepts

Windows is different from Unix in many ways, including how it supports networking. Before we get into the hands-on task of clicking our way through the dialog boxes to configure each version of Windows, we need to provide you with a common foundation of networking technologies and concepts that apply to the entire family of Windows operating systems.

For each Windows version, these are the main issues we will be dealing with:

In addition, some minor issues involving communication and coordination between Windows and Unix are different among Windows versions.

One can go crazy thinking about the ways in which Unix is different from Windows, or the ways in which members of the Windows family are different from each other in underlying technology, behavior, or appearance. For now let's just focus on their similarities and see if we can find some common ground.

Components

Unix systems historically have been monolithic in nature, requiring recompilation or relinking to create a kernel with a customized feature set. However, modern versions have the ability to load or unload device drivers or various other operating-system features as modules while the system is running, without even needing to reboot.

Windows allows for configuration by installing or uninstalling components. As far as networking goes, components can be one of three things:[1]

  • Protocols

  • Clients

  • Services

Since Samba works using the TCP/IP protocol, of course we'll want to have that installed. In some cases, we also will want to find protocols to uninstall. For example, if Netware protocol (IPX/SPX) is not required on the network, it might as well be removed.

NetBEUI protocol should be removed if possible. Having NetBEUI running at the same time as NetBIOS over TCP/IP causes the system to look for services under two different protocols, only one of which is likely to be in use. When Windows is configured with one or more unused protocols, 30-second delays will result when Windows tries to communicate with the unused protocol. Eventually, it times out and tries another one, until it finds one that works. This fruitless searching results in terrible performance.

The other two items in the list, client and service components, are pretty much what you'd expect. Client components perform tasks related to connecting with network servers, and service components are for making the local system into a server of resources on the network. In Chapter 1 we told you that SMB systems can act as both clients and servers, offering resources on the network at the same time they request resources. In accordance with that, it is possible to install a component for SMB client services and, separately, a service component that allows file and printer shares on the local system to be accessible from other systems on the network.

IP Address

Just like any Unix system (or any other system that is using TCP/IP), your Windows systems will need an IP address. If you are using DHCP on your network, you can configure Windows to obtain its IP address automatically by using a DHCP server. Otherwise, you will need to assign a static IP address manually along with a netmask.[2]

If you are on a private network where you have the authority to assign your own IP addresses, you can select from addresses in one of three ranges:[3]

  • 10.0.0.1 through 10.255.255.254

  • 172.16.0.1 through 172.31.255.254

  • 192.168.0.1 through 192.168.255.254

These address ranges are reserved for private networks not directly connected to the Internet. For more information on using these private network addresses, see RFC 1918.

If you're not maintaining your own separate network, see your system administrator for some available addresses on your network, as well as for the proper netmask to use.

You should also be prepared to enter the IP address of the default gateway for the network. In some networks, the default gateway is the system or router that connects the LAN to the Internet. In other cases, the default gateway connects a subnet into a larger departmental or enterprise network.

Name Resolution

Name resolution is the function of translating human-friendly hostnames, such as hopi, or fully qualified domain names (FQDNs), such as mixtec.metran.cx, into IP addresses, such as 172.16.1.11 or 172.16.1.7.

Unix systems can perform name resolution using an /etc/hosts file at the minimum, and more commonly can also incorporate services such as DNS (Domain Name System) and NIS (Network Information Service). Thus, name resolution is not necessarily performed by one isolated part of the operating system or one daemon, but is a system that can have a number of dispersed parts (although the name service switch, with its /etc/nsswitch.conf configuration file, helps to tie them together).

Although the specific implementation is different, name resolution in Windows is also performed by querying a number of resources, some of which are similar (or even identical) to their Unix counterparts.

Broadcast name resolution

On the other hand, there is one way in which Windows is not at all similar to Unix. If a Windows workstation is set up with no WINS name server, it will use the broadcast method of name resolution, as described in Chapter 1,[4] probably resulting in a very busy network. And even if you provide name servers for your Windows system to use, it might still resort to broadcast name resolution if it is unsuccessful at querying the name servers. For this reason, we recommend that you provide multiple reliable name servers for your Windows computers on the network.

If that weren't enough to get you interested in setting up WINS and DNS servers, broadcast name resolution is usually limited to working on the local subnet because routers are usually configured not to forward broadcast packets to other networks.

LMHOSTS

All Windows versions support a backup method of name resolution, in the form of a file called LMHOSTS [5] that contains a lookup table of computer names and IP addresses. This exists for "historical purposes," and is a rather awkward method of name resolution because it requires the administrator (i.e., you!) to keep copies of LMHOSTS up to date on every single Windows system on the network. To be fully effective, LMHOSTS would have to be updated every time a new system were added to (or removed from) the network. Of course, there might be ways to automate that process, but a better option would be simply to run a WINS name server that is intentionally designed to solve that specific problem.

There are perhaps a couple of reasons why you might want to bother with LMHOSTS files. In rare situations, there might be no WINS server on the network. Or maybe a WINS server exists, but it's unreliable. In both cases, if the Windows system has a valid LMHOSTS file, it can help to avoid your network bogging down from those dreaded broadcast name queries.

The format of the LMHOSTS file is simple and similar to the /etc/hosts file with which you might be familiar from running Unix systems. Here are the contents of a sample LMHOSTS file:

172.16.1.1      toltec
172.16.1.2      aztec
172.16.1.3      mixtec
172.16.1.4      zapotec
172.16.1.5      huastec
172.16.1.6      maya
172.16.1.7      olmec
172.16.1.8      chichimec
172.16.1.11     hopi
172.16.1.12     zuni
172.16.1.13     dine
172.16.1.14     pima
172.16.1.15     apache
172.16.1.21     inca
172.16.1.22     qero

As you can see, the format is like that of /etc/hosts, except that instead of an FQDN (e.g., toltec.metran.cx), only a NetBIOS computer name (toltec) is given. One way to create an LMHOSTS file for your Windows systems is to copy a /etc/hosts file and edit out the parts you don't need. This will work great if your network doesn't have a DNS (or NIS) name server and the Unix system is dependent on /etc/hosts for its own name service. But if your Unix system is querying a DNS server (which is the most frequent case on anything larger than the very smallest networks), you would be better advised to look in the DNS server's configuration files for your source of computer names and IP addresses.

If you do not have administrative access to your network's DNS server, you might be able to use tools such as nslookup, nmap, and dig to query the server and obtain the information you need.

DNS

The DNS is responsible for translating human-readable, Internet-style hostnames such as pima.metran.cx or sales.oreilly.com into IP addresses.

On your first reading of this section, you might be wondering what a section on DNS is doing in a book about NetBIOS and SMB networking. Remember, we told you that Windows can use more than WINS (NetBIOS Name Service) in its strategy for performing name resolution. Because DNS is also able to supply IP addresses for simple hostnames (which are usually the same as NetBIOS computer names), it can be helpful to configure Windows to know about a DNS server on your network. This is slightly more important for newer Windows versions than older ones, and more so for Windows NT/2000/XP than for Windows 95/98/Me, because nowadays Microsoft is focusing more on TCP/IP as the standard protocol and DNS as the primary name service.

To find the address of your DNS server, look at the file /etc/resolv.conf on your Samba server or any other Unix system on the local network that is using DNS. It looks like the following:

#resolv.conf 
domain metran.cx
nameserver 127.0.0.1 
nameserver 172.16.1.53

In this example, the first name server in the list is 127.0.0.1, which indicates that the Samba server is also a DNS server for this LAN.[6] In that case, you would use its network IP address (not 127.0.0.1, its localhost address) for your DNS server when configuring Windows. Otherwise, use the other addresses you find in the lines beginning with nameserver. Try to select ones on your own network. Any name servers listed in /etc/resolv.conf should work, but you'll get better performance by using a server nearby.

All versions of Windows can be configured to know of multiple domain name servers, and you might wish to take advantage of this for increased reliability. If the first domain name server does not respond, Windows can try others in its list.

Passwords

Unix systems use username and password pairs to authenticate users either on a local system or in an NIS domain. Windows NT/2000/XP are very similar; a user supplies his username and password to log on to the local system or to a Windows domain.

When the SMB network is set up as a workgroup, things are different. There is no domain to log on to, although shares on the network can be password-protected. In this case, one password is associated with each password-protected share, rather than with individual users.

Samba's default user-level authentication in a workgroup is different from that of Windows. To access shares on the Samba host, users are required to supply a valid username and password for an account on the Samba host. This will be discussed in more detail in Chapter 9.

An unfortunate complication arises with passwords. In the first release of Windows 95 and in Windows NT 4.0 with Service Pack 2 (SP2) or less, as well as in all previous versions of Windows, passwords are allowed to be sent over the network in plain text. But in Windows 95 with the network redirector update,[7]

Windows NT 4.0 SP3 or later, and all subsequent releases of Windows, a registry setting must be modified to enable plain-text passwords. These more modern versions of Windows prefer to send encrypted passwords, and if you are working with one of them (and don't want to have to modify the registry), you must have the line:

encrypt passwords = yes

in the [global] section of your smb.conf file. In addition, you must run the command:

# smbpasswd -a username

for each user on the Samba host to add their passwords to Samba's collection of encrypted passwords. We showed you how to do this in Chapter 2.

If your first attempt to access a Samba share results in a dialog box asking for a password for IPC$, as shown in Figure 3-1, it is probably because you neglected either or both of these two steps, and the Samba server did not recognize the encrypted password that the Windows system sent to it. Another possible dialog box that might come up is the one shown in Figure 3-2, which was presented by a Windows 2000 client.

Figure 3-1. Windows 98 asking for IPC$ password

Figure 3-2. Windows 2000 logon error dialog

The rest of this chapter is divided into four sections. The first section covers setting up Windows 95/98/Me computers, and the rest of the sections cover Windows NT 4.0, Windows 2000, and Windows XP individually. Each section roughly parallels the order in which we've introduced networking concepts in this section. You need to read only the section that applies to the Windows version with which you are working, and once you have finished reading it, you can continue at the beginning of the next chapter where we will start covering more advanced Samba features and networking issues.

TIP

Keep in mind that we are continuing our example from Chapter 2, in which we are setting up a very simple prototype network using a workgroup that has very lax security. After you have the basics working, we recommend you continue with later chapters to learn how to implement both better security and a Samba domain.

Setting Up Windows 95/98/Me Computers

The Windows 95/98/Me operating systems are very similar to each other, and as far as this chapter is concerned, it is possible to treat them with a common set of directions.

Setting Up the Network

Samba uses TCP/IP to communicate with clients on the network, so you will need to make sure there is support for TCP/IP on each Windows client. Unlike Unix operating systems, Windows does not necessarily have support for TCP/IP installed. However, when Windows is installed on a computer with a network card or a network card is added to a system already running Windows, TCP/IP support is installed by default, along with the Client for Microsoft Networks, which supports SMB file and printer sharing.

To make sure both services are installed on your Windows system, double-click the Network icon in the Control Panel to open the Network dialog box, as shown in Figure 3-3.

Figure 3-3. The Windows 95/98/Me Network dialog

You should see at least the Client for Microsoft Networks component installed on the system, and hopefully a networking device (preferably an Ethernet card) bound to the TCP/IP protocol. If there is only one networking hardware device, you'll see the TCP/IP protocol listed below the device to which it is bound, as shown in Figure 3-1.

You might also see "File and printer sharing for Microsoft Networks," which is used to make the system into a server. In addition, you might see NetBEUI or Novell Networking. Definitely remove NetBEUI unless you are sure you need it, and if you don't have any Novell servers on your network, you can remove Novell (IPX/SPX) as well. To remove a service, simply click its name and then click the Remove button.

Adding TCP/IP

If you don't see TCP/IP listed, you'll need to install the protocol.

You can add the protocol by inserting the Windows distribution CD-ROM in your CD-ROM drive and clicking the Add button below the component window. Indicate that you wish to add a protocol by selecting Protocol and clicking "Add..." on the following dialog box, which should look similar to Figure 3-4.

Figure 3-4. Selecting a component type

After that, select manufacturer Microsoft, then protocol TCP/IP, as shown in Figure 3-3, then click OK. After doing so, you will be returned to the network dialog. Click OK to close the dialog box, and Windows will install the necessary components from the CD-ROM and request that the system be rebooted. Go ahead and reboot the system, and you're set.

If Client for Microsoft Networks is not in the list, you can add it similarly. The only significant difference is that you are adding a client instead of a protocol, so make sure to select "Client" rather than "Protocol" when asked.

Setting the Computer Name and Workgroup

Finally, click the OK button in the TCP/IP configuration dialog, and you'll be taken back to the Network Configuration dialog. Then select the Identification tab, which will take you to the dialog box shown in Figure 3-11.

Figure 3-11. The Identification tab

This is where you set your system's NetBIOS name (which Microsoft likes to call "computer name"). Usually, it is best to make this the same as your DNS hostname, if you are going to have one for this system. For example, if the system's DNS name is huastec.metran.cx, give the computer a NetBIOS name of huastec on this tab.

You also set your workgroup name here. In our case, it's METRAN, but if you used a different one in Chapter 2, when creating the Samba configuration file, use that instead. Just don't call it WORKGROUP (the default workgroup name) or you'll be in the same workgroup as every misconfigured Windows computer on the planet!

You can also enter a comment string for this computer. See if you can come up with some way of describing it that will remind you of what and where it is when you see the comment in a list displayed on another computer. Everyone on the network will be able to see your comment, so be careful not to include any information that might be useful to crackers.

Finally, click the OK button and follow whatever instructions Windows provides. (You might have to insert your Windows distribution CD-ROM and/or reboot.)

Username and Password

You have probably already given Windows a username and password by now. However, to authenticate with the Samba server, your Windows username and password must match with a valid account on the Samba server.

It is simple to add a new user and password to a Windows 95/98/Me system. Just reboot or log out, and when you are prompted for a username and password, enter your Unix username and password. (If you are using encrypted passwords, you must run smbpasswd on the Unix host to enter them into Samba's password database, if you have not already done so.) You can use this method to add as many users as you want, so as to allow more than one user to use the Windows system to gain access to the Samba shares.

If you mistakenly entered the wrong password or your Unix password changes, you can change your password on the Windows system by going to the Control Panel and double-clicking the Passwords icon. This will bring up the Passwords Properties dialog. Click the Change Passwords tab, and you will see the dialog shown in Figure 3-12. Now click the "Change Windows Password..." button, which will bring up the Change Windows Password dialog box, shown in Figure 3-13. As indicated by the text entry fields in the dialog, enter your old password, and then the new password, and again to confirm it. Click the OK button and then the Close button on the Password Properties dialog box. Reboot or log out, and use your new password when you log in again.

Figure 3-12. The Password Properties dialog

Figure 3-13. The Change Windows Password dialog

Accessing the Samba Server from Windows Me

Double-click the My Network Places icon on the desktop. You should see the test shared directory as shown in Figure 3-16.

Figure 3-16. My Network Places on Windows Me

Double-click the Entire Network icon, and you should see an icon for your workgroup, as shown in Figure 3-17.

Figure 3-17. Entire Network window, showing the Metran workgroup

Double-clicking the workgroup icon will bring up a window showing every computer in the workgroup, which should include your Samba server, as shown in Figure 3-18.

Figure 3-18. Computers in Metran workgroup

Double-click the Samba server's icon, and you will get a window showing its shared resources (in this case, the test directory) as shown in Figure 3-19.

Figure 3-19. View of shares on the Toltec server

If you don't see the server listed, it might be that browsing is not working correctly or maybe the server is just taking a few minutes to show up in the browse list. In either case, you can click the Start button, then select "Run...". This will give you a dialog box into which you can type the name of your server and the share name test in the Windows UNC format \\server\test, as we did in Chapter 1. This should open a window on the desktop showing the contents of the folder. If this does not work, there is likely a problem with name resolution, and you can try using the server's IP address instead of its computer name, like this:

\\172.16.1.1\test

If things still aren't right, go directly to Section 12.2 to troubleshoot what is wrong with the network.

If it works, congratulations! Try copying files to and from the server using the Windows drag-and-drop functionality. You might be pleasantly surprised how seamlessly everything works.

Setting Up Windows NT 4.0 Computers

Configuring Windows NT is a little different than configuring Windows 95/98/Me. To use Samba with Windows NT, you will need both the Workstation service and the TCP/IP protocol. Both come standard with NT, but we'll work through installing and configuring them to make sure they are configured correctly.

Basic Configuration

This section presents the steps to follow for TCP/IP-related configuration on Windows NT to get it to cooperate with Samba. If you need more details on Windows NT network administration, refer to Craig Hunt and Robert Bruce Thompson's Windows NT TCP/IP Network Administration (O'Reilly), an excellent guide.

You should perform the following steps as the Administrator or another user in the Administrators group.

Configuring TCP/IP

After you've installed the Workstation service, return to the Protocols tab and select the TCP/IP Protocol entry in the window. Then click the Properties button below the window. The Microsoft TCP/IP Protocol dialog will be displayed. There are five tabs in the dialog, and you will need to work with four of them:

WINS Address tab

Click the WINS Address tab, shown in Figure 3-25, and you can begin to enter information about name servers. Enter the address of your WINS server in the space labeled Primary WINS Server. If your Samba server is providing WINS service (in other words, you have the line wins support = yes in the smb.conf file of your Samba server), provide the Samba server's IP address here. Otherwise, provide the address of another WINS server on your network.

Figure 3-25. The WINS Address tab

You probably noticed that there is a field here for the network adapter. This field must specify the Ethernet adapter on which you're running TCP/IP so that WINS will provide name service on the correct network. For example, if you have both a LAN and a dial-up adapter, make sure you have the LAN's network card specified here.

The checkboxes in the lower half of the dialog are for enabling two other methods of name resolution that Windows can incorporate into its name service. Samba doesn't require either of them, but you might want to enable them to increase the reliability or functionality of name service for your client. See Chapter 7 for further information on name resolution issues.

If you'd like to use a DNS server, select the Enable DNS for Windows Resolution checkbox. In addition, you will need to do some configuration to allow the Windows system to find the DNS server, unless you're using DHCP.

DNS tab

Click the tab for DNS, as shown in Figure 3-26. Enter the IP addresses for one or more DNS servers in the space provided. Also, enter the hostname (which should be the same as the NetBIOS computer name). You will enter this again later in another control panel, so make sure they match. Finally, enter the DNS domain on which this system resides. For example, if your workstation has a domain name such as metran.cx, enter it here. You can safely ignore the other options.

Figure 3-26. The DNS tab

Adding a User

In all the previous steps, you were logged into your Windows NT system as Administrator or another user in the Administrators group. To access resources on the Samba server, you will need to have a username and password that the Samba server recognizes as valid. Generally, the best way to do this is to add a user to your NT system, with the same username and password as a user on the Samba host system.

TIP

The directions in this section assume that your network is set up as a workgroup. If you have already set up your network as a domain, as we describe in Chapter 4, you do not need to follow the instructions here for adding a local user on the Windows NT client system. Simply log on to the domain from the client using a username and password in Samba's smbpasswd account database, and continue with the next section, Section 3.3.4.

To add a new user, open the Start menu, navigate through the Programs submenu to Administrative Tools (Common), and select User Manager for Domains. Click the User menu and select the first item, Add User..., shown in Figure 3-30.

Figure 3-30. User Manager for Domains window

This brings up the New User dialog box shown in Figure 3-31.

Figure 3-31. The New User dialog

Fill it out as shown, using the username and password that were added in the previous chapter, and make sure that only the checkbox labeled Password Never Expires is checked. (This is not the default!) Click the Add button to add the user, and then click the Close button. You should now see your new account added to the list in the User Manager dialog box.

Now open the Start menu, select Shut Down, and select the "Close all programs and log on as a different user?" radio button. Click the Yes button, then log in as the user you just added.

Connecting to the Samba Server

Now for the big moment. Your Samba server is running, and you have set up your NT client to communicate with it. Double-click the Network Neighborhood icon on the desktop, and you should see your Samba server listed as a member of the workgroup, as shown in Figure 3-32.

Figure 3-32. The Windows NT Network Neighborhood

Double-clicking the server name will show the resources that the server is offering to the network, as shown in Figure 3-33. In this case, the test directory and the default printer are offered to the Windows NT workstation.

Figure 3-33. Shares offered by the Toltec server

If you don't see the server listed, don't panic. Select Run... from the Start menu. A dialog box appears that allows you to type the name of your server and its share directory in Windows format. For example, you would enter \\toltec\test, as shown in Figure 3-34, and use your server's hostname instead of "toltec".

Figure 3-34. Opening a shared directory, using the server's NetBIOS name in the UNC

This will work even if browsing services are not set up right, which is a common problem. You can also work around a name-service problem by entering the server's IP Address (such as 172.16.1.1 in our example) instead of the Samba server's hostname, as shown in Figure 3-35. Go back and check your configuration, and if things still aren't right, go to Section 12.2 to troubleshoot what is wrong with the network.

Figure 3-35. Opening a shared directory, using the server's IP address in the UNC

If it works, congratulations! Try copying files to and from the server by dragging their icons to and from the folder on the Samba share. You might be pleasantly surprised how seamlessly everything works.

Setting Up Windows 2000 Computers

Although Windows 2000 is based on NT technology and is similar to Windows NT in many respects, configuring it for use with Samba is quite different.

You should perform the following steps as the Administrator or another user in the Administrators group.

Networking Components

Go to the Control Panel and double-click the Network and Dial-up Connections icon. You should see at least one Local Area Connection icon. If there is more than one, identify the one that corresponds to the network adapter that is connected to your Samba network. Right-click the Local Area Connection icon, and click the Properties button. (Or double-click the Local Area Connection icon, and then click the Properties button in the dialog box that comes up.) You should now be looking at the Local Area Connection Properties dialog box, as shown in Figure 3-36.

Figure 3-36. Windows 2000 Local Area Connection Properties dialog

First of all, you might want to click the Configure button under the field for the network adapter, to make sure you see the message "This device is working properly" in the Device status window. If there is a problem, make sure to correct it before continuing. You should also see the message "Use this device (enable)" in the Device usage field of the dialog box. Make sure to set it this way if it is not already. Click OK or Cancel to get back to the Local Area Connection Properties dialog box.

You should see at least the following two components:

If you do not see either Client for Microsoft Networks or Internet Protocol (TCP/IP) in your list, you will need to add them. For either, the method is to click the Install... button, click the type of component (Client or Protocol), and then click the Add... button. Next, click the component you want to add, and click the OK button. You should see the component added to the list with the others.

Some components should be removed if you see them in the list:

If you see anything other than TCP/IP listed as a protocol, and it is not a protocol that you need, you can remove it. Uninstall NetBEUI, unless you are sure you need it, and the other three if you do not need to support Netware. If you try to remove a protocol and get an error message saying that the protocol is being used by another service, you need to remove that service before you can remove the protocol. For example, to remove the NWLink IPX/SPX Compatible Transport Protocol, you would need to remove the Client Service for Netware first.

To remove a component, click the component in the list, click the Uninstall button, and then click Yes in the dialog box that pops up. In some cases, Windows might need to reboot to put the change into effect.

Configuring TCP/IP

Now click Internet Protocol (TCP/IP), and then click Properties to open the Internet Protocol (TCP/IP) Properties dialog box, shown in Figure 3-37.

Figure 3-37. Internet Protocol (TCP/IP) Properties dialog

Computer and Workgroup Names

From the Control Panel, double-click the System icon to open the System Properties dialog box. Click the Network Identification tab, and your System Properties dialog box will look similar to Figure 3-39.

Figure 3-39. System Properties dialog, showing Network Identification tab

To give your system computer a name and a workgroup, click the Properties button, which will bring up the Identification Changes dialog box, as in Figure 3-40.

Figure 3-40. Identification Changes dialog

You need to identify your computer with a name and change the workgroup to the one you specified in the smb.conf file of your Samba server. Don't worry that Windows forces the computer name and the workgroup to be all capital letters; it's smart enough to figure out what you mean when it connects to the network.

Click the More... button to bring up the DNS Suffix and NetBIOS Computer Name dialog box, shown in Figure 3-41.

Figure 3-41. DNS Suffix and NetBIOS Computer Name dialog

Enter the DNS domain name of this computer in the text field labeled Primary DNS Suffix for this computer:, and then click OK. You should now see the FQDN of this system underneath the label "Full computer name:". Click the OK button and then reboot when requested to put your configuration changes into effect. Once again, log in using your administrative account.

WARNING

There have been reports of authentication problems with Samba when a username on a Windows 2000 system is the same as its computer name.

Adding a Samba-Enabled User

So far, you have been logged into your Windows 2000 system as a user in the Administrators group. To access resources on the Samba server, you will need a username and password that the Samba server recognizes as valid. If your administrative account has such a username and password, you can use it, but you might want to access your system and the network from a nonadministrative user account instead.

WARNING

The directions in this section assume that your network is set up as a workgroup. If you have already set up your network as a domain, as we describe in Chapter 4, you do not need to follow the instructions here for adding a local user on the Windows 2000 client system. Simply log on to the domain from the client using a username and password in Samba's smbpasswd account database, and continue with the next section, Section 3.4.6.

To add a new user, open the Control Panel, and double-click the Users and Passwords icon to open the Users and Passwords dialog box, shown in Figure 3-42.

Figure 3-42. Users and Passwords dialog

The first thing to do is make sure the checkbox labeled "Users must enter a user name and password to use this computer." is checked. Next, click the Add... button to bring up the first dialog box of the User Wizard, shown in Figure 3-43.

Figure 3-43. Adding a new user

Fill out the fields, using the username of a valid user account on the Samba host, and then click the Next > button to enter and confirm the user's password. This password must be the same as the user's password on the Samba host. If you are using encrypted passwords, make sure this username and password are the same as what you used when you ran the smbpasswd program. Click the Next > button, which brings up the final dialog box, shown in Figure 3-44.

Figure 3-44. Specifying a group for the new user

Pick a group for the user (the default Standard User should do), and click the Finish button. You should now see your new account added to the list in the Users and Passwords dialog box. Click the OK button to complete the process.

Now return to the Users and Passwords control panel window, click the Advanced tab, then click on the Advanced button. Click the Users folder in the left side of the Local Users and Groups window that appears, and then double-click the account you just added in the right side of the window. In the Properties window that opens, click the checkbox labeled Password never expires. You are done! Click the OK buttons in all the dialog boxes, and close all open windows.

Open the Start menu, select Shut Down, and select Log off username from the drop-down menu. Click the OK button, then log on with the username and password you just added.

Connecting to the Samba Server

Now for the big moment. Your Samba server is running, and you have set up your Windows 2000 client to communicate with it. Double-click the My Network Places icon on the desktop, and then double-click the Computers Near Me icon to browse the workgroup. You should see your Samba server listed as a member of the workgroup, as shown in Figure 3-45.

Figure 3-45. The Computers Near Me window, showing computers in the workgroup

Double-clicking the server name will show the resources that the server is offering to the network, as shown in Figure 3-46.

Figure 3-46. Shares offered by the Toltec server

In this case, the test directory and the default printer are offered to the Windows 2000 workstation. If you don't see the server listed, don't panic. Select Run from the Start menu. A dialog box appears that allows you to type the name of your server and its share directory in Windows format. For example, you would enter \\toltec\test, as shown in Figure 3-47, and use your server's hostname instead of "toltec".

Figure 3-47. Opening a shared directory, using the server's NetBIOS name in the UNC

This will work even if browsing services are not set up right, which is a common problem. You can also work around a name-service problem by entering the server's IP address (such as 172.16.1.1 in our example) instead of the Samba server's hostname, as shown in Figure 3-48.

Figure 3-48. Opening a shared directory, using the server's IP address in the UNC

If things still aren't right, go directly to Section 12.2 to troubleshoot what is wrong with the network.

If it works, congratulations! Try copying files to and from the server. You will be pleasantly surprised how seamlessly everything works. Now that you've finished setting up the Samba server and its clients, you can proceed to the next chapter.

Setting Up Windows XP Computers

Although Windows XP is very similar to Windows 2000, it has a very different user interface, and there are a number of subtle differences. For example, getting to the Control Panel is different than in any previous version of Windows—one must click the Control Panel item from the Start menu (there is no Settings item in the Start menu in XP). By default, XP will display the Control Panel in Category View mode. If you see this, click the Switch to Classic View item in the upper-left corner of the window. All of our directions are for using the Control Panel in Classic View mode.

You should perform the following steps as the Administrator or another user in the Administrators group.

Networking Components

Go to the Control Panel and double-click the Network and Dial-up Connections icon. You should see at least one Local Area Connection icon. If there is more than one, identify the one that corresponds to the network adapter that is connected to your Samba network. Right-click the Local Area Connection icon and click the Properties button. (Or double-click the Local Area Connection icon and then click the Properties button in the dialog box that comes up.) You should now be looking at the Local Area Connection Properties dialog box, as shown in Figure 3-49.

Figure 3-49. The Local Area Connection Properties dialog

First of all, you might want to click the Configure button under the field for the network adapter to make sure you see the message "This device is working properly" in the Device status window. If there is a problem, make sure to correct it before continuing. You should also see the message "Use this device (enable)" in the Device usage field of the dialog box. Make sure to set it this way if it is not already. Click OK or Cancel to close this dialog box, then reopen the Local Area Connection Properties dialog box.

You should see at least the following two components:

If you do not see either Client for Microsoft Networks or Internet Protocol (TCP/IP) in your list, you will need to add them. For either, the method is to click the Install... button, click the type of component (Client or Protocol), and then click the Add... button. Next, click the component you want to add, and click the OK button. You should see the component added to the list with the others.

If you see anything other than TCP/IP listed as a protocol, and it is not a protocol that you need, you can remove it. If NetBEUI appears in the list, uninstall it if you possibly can. Also uninstall any Netware-related components if you do not need to support Netware. If you try to remove a protocol and get an error message saying that the protocol is being used by another service, you need to remove that service before you can remove the protocol. For example, to remove the NWLink IPX/SPX Compatible Transport Protocol, you would need to remove the Client Service for Netware first.

To remove a component, click the component in the list, click the Uninstall button, and then click Yes in the dialog box that pops up. In some cases, Windows might need to reboot to put the change into effect.