Date Created: Wed 22-Sep-2010

Related Document Categories:

Get my WebSphere Application Server course here >> http://www.themiddlewareshop.com/products/


    ClearCase and Samba
    How to install Samba on RHEL4 for use with ClearCase

    Downloaded samba from:

    http://news.samba.org/releases/3.3.5/

    sftp to linux

    mkdir /apps/samba/
    cd /apps/samba/

    gunzip samba-3.3.5.tar.gz

    tar -xvf samba-3.3.5.tar


    =========================

    http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html

    =========================

    /apps/samba/samba-3.3.5/source/

    ./configure

    make

    make install

    =======================

    Check /etc/services as per doc above

    ======================

    vi /etc/inetd.conf

    add:

    netbios-ssn stream tcp nowait root /usr/local/samba/sbin/smbd smbd
    netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd

    ======================

    killall -HUP inetd

    [root@localhost source]# ps -ef | grep inetd | grep -v grep
    root 2608 1 0 Jun20 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid

    ==================


    service smb start

    service winbind start

    ===================


    smbclient -L localhost -N

    Result

    Anonymous login successful
    Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]

    Sharename Type Comment
    --------- ---- -------
    IPC$ IPC IPC Service (Samba Server)
    ADMIN$ IPC IPC Service (Samba Server)
    Anonymous login successful
    Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]

    Server Comment
    --------- -------
    LOCALHOST Samba Server

    Workgroup Master
    --------- -------
    MYGROUP


    ====================================
    To allow users to browse your temp directory from a windows machine:

    Note if you want to chnage the workgrpup name, read these tips

    http://compnetworking.about.com/od/windowsnetworking/qt/workgroupnaming.htm

    Edit your samba config as required:

    vi /etc/samba/smb.conf


    [global]

    # workgroup = NT-Domain-Name or Workgroup-Name
    workgroup = SAMBA


    # This one is useful for people to share files
    [tmp]
    comment = Temporary file space
    path = /tmp
    read only = no
    public = yes

    [homes]
    comment = Home Directories
    browseable = yes
    writable = yes

    [vobs]
    path = /vobstore01
    public = yes
    only guest = yes
    writable = yes
    printable = no

    [views]
    path = /viewstore01
    public = yes
    only guest = yes
    writable = yes
    printable = no


    ======================================

    service smb restart

    service winbind restart


    ========================================

    Alter your firewall, so uses can connect to samba shares.

    vi /etc/sysconfig/iptables



    -A RH-Firewall-1-INPUT -p udp -m udp --dport 137 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 138 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT


    service iptables restart


    =========================================

    iptables -L


    ==========================================

    Before fierwall chnage


    Chain RH-Firewall-1-INPUT (2 references)
    pkts bytes target prot opt in out source destination
    14182 6761K ACCEPT all -- lo any anywhere anywhere
    4 240 ACCEPT icmp -- any any anywhere anywhere icmp any
    0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere
    0 0 ACCEPT ipv6-auth-- any any anywhere anywhere
    0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:5353
    0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipp
    62763 32M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:https
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:webcache
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9060
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:1521
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:1527
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9043
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9080
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ldap
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9061
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9044
    4 192 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:smtp
    30 1440 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http
    0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ftp
    604 69954 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited



    ============


    after


    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp any
    ACCEPT ipv6-crypt-- anywhere anywhere
    ACCEPT ipv6-auth-- anywhere anywhere
    ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
    ACCEPT udp -- anywhere anywhere udp dpt:ipp
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9060
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1521
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1527
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9043
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9080
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ldap
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9061
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9044
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
    ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
    ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
    REJECT all -- anywhere anywhere reject-with icmp-host-prohibited



    =======================


    You should be able to use the following command to map a drive to the UNC path.


    net use t: \\192.168.0.x\tmp to create a mapping to the samba tmp folder seen a the t-drive on the windows machine.


    ==========================

    NOTE: If you r are using user as your security setting in SAMABA ie in the smb.conf file, you will need to add a user on Linux with the same name, or set up domain authentication using Kerberos and a Windows Domain controller.


    Below you can see an image of my windows client browsing the SAMBA root and all configured above a are visible:




    Users and things:

    Mapping the clearcase_albd account:

    If users will be working with either Windows dynamic views or Windows snapshot views, it is mandatory that the server process account (by default named clearcase_albd) be mapped over to a valid UNIX/Linux account.

    This UNIX/Linux account must have access to all of the VOBs the Windows users will be accessing.

    The reason for this is that the view server process on Windows runs with the identity of the clearcase_albd account. In order to write to the VOB storage, the clearcase_albd account needs access. Since the clearcase_albd account does not exist on UNIX/Linux and the user name is over the 8 character POSIX limit, a valid UNIX/Linux account must exist to perform this task.

    In many environments, there is a single VOB owner account (vobadmin). Generally, we see the clearcase_albd mapped over to that user in the username map file.
    For example, a typical solution to this map is:
    • (For Samba version 2.x) vobadmin = clearcase_albd
    • (For Samba version 3.x) vobadmin = DOMAIN\clearcase_albd

    How to add a user map to samba:

    # Unix users can map to different SMB User names

    username map = /etc/samba/smbusers

    Common User and Group Names

    User Names

    Rational highly recommends that your user names in both Windows and Linux/UNIX match in both case and spelling. However, this is not a requirement if you are using USER security in Samba. You can use the username map file to map the Windows user to a valid Linux/UNIX user.

    Each entry in the username map file should be listed as the UNIX/Linux user name, followed by an equal sign (=), followed by one or more whitespace-separated Windows user names. Samba will expect both the client and the server user to have the same password.
    An example of the entries in the username map file is, as follows:


    Linux UsernameWindows Username
    <account name> clearcase_albd
    <account name>stever

    so the map file will contain:

    # Unix_name = SMB_name1 SMB_name2 ...
    root = administrator admin
    nobody = guest pcguest smbguest
    vobadmin = clearcase_albd
    stever = stever

    =============================


    Lets say you connect to a SAMBA share for the first time and you have set up user authentication on roue SAMBA configuration, you wil be propmpted with a dialog the first time you access the share. This user name and password will be saved in the /etc/samba/smbusers file and so you should not be prompted again until your Windows user password changes.

    Obviously the best way is to use Domain authentication with SAMBA, however often with Windows part of a ClearCase install,this is not the case due to new VM technology and you may find that users are using Windows Terminal Services to log into a central machine, which may or may not be on a domain. I would hope that it is a stand alone domain controller and it can be used for a Domain user set-up. No body wants to have to keep Linux and Windows user name and passwords in sync.

    References:
    http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg27005767
    http://publib.boulder.ibm.com/infocenter/cchelp/v7r0m1/index.jsp?topic=/com.ibm.rational.clearcase.cc_admin.doc/topics/t_pcnfssmb_smb_samba.htm
    http://www-01.ibm.com/support/docview.wss?uid=swg27011199&aid=1

Get my WebSphere Application Server course here >> http://www.themiddlewareshop.com/products/

Steve Robinson - IBM Champion 2013

About Me

Steve Robinson has been working in IT for over 20 years and has provided solutions for many large-enterprise corporate companies across the world. Steve specialises in Java and Middleware.

In January 2013, I was awarded the prestigous 'IBM Champion' accolade.


Read my books?

IBM WebSphere Application Server 8.0 Administration Guide

IBM WebSphere Application Server 8.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide

WebSphere Categories

Other Categories