Samba is a magical tool that allows *nix and Windows machines to coexist in some forms of peace. It’s particularly helpful when you want to share files across platforms. I’ve maintained Samba servers at work and at home for nearly a decade now and I don’t pretend to understand it.
Over the years, I’ve come to view Samba as the poster child for cargo cult system administration. I suspect most people Google for their problem and apply whatever magic totem fixes it, without really understanding what’s actually going on. They share this knowledge and perpetuate the magical configuration. Allow me to do the same.
For one of the applications we support at my current job, our normal cluster configuration is a Linux file server with Windows execute nodes. The server provides anonymous read/write access to the execute nodes and forces the user server-side. (It’s a closed environment, so this is just a lot simpler.) During a recent project, we were doing a customer’s first foray into the cloud. We started from a configuration that we used for another customer running the same application. Oh, but this customer uses RHEL 6 servers, so we switched the setup from the RHEL 5 images we had been using.
Crap. That broke it. For some reason, the clients couldn’t write to the file server. After a late night of frantic effort (this was a project with a short timeline), we found we needed to add the following lines:
guest account = rap map to guest valid users = rap, @rap force group = rap guest ok = yes
That seemed to solve the problem. Apparently there were some changes between the versions of Samba in RHEL 5 and 6. But then we discovered that hosts would start to write and then become unable to access the share. So we added the following:
writeable = yes guest only = yes acl check permissions = False
Oh, but then it turns out that sharing a directory over both Samba and NFS can cause weird timestamp issues. After some experimentation, we found it was necessary to stop using oplocks:
kernel oplocks = no oplocks = no level2 oplocks = no
So here’s our final, working config. Cargo cult away!
[global] workgroup = WORKGROUP netbios name = Samba encrypt passwords = yes security = share log level = 2 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 kernel oplocks = no oplocks = no level2 oplocks = no max xmit = 65535 dead time = 15 getwd cache = yes printcap name = /etc/printcap use sendfile = yes guest account = rap map to guest = Bad User [rap] comment = File Share path=/vol/smb/rap force user = rap valid users = rap, @rap force group = rap read only = no writeable = yes browseable = yes public = yes guest ok = yes guest only = yes acl check permissions = False