1
00:00:00,000 --> 00:00:18,400
Hey everyone and welcome back. So in the previous nugget we had just ended by pointing at the

2
00:00:18,400 --> 00:00:24,400
location of our SAMBA configuration file. Now this file is super-duper important, it's

3
00:00:24,399 --> 00:00:30,320
where we're going to control pretty much everything with respect to our SAMBA server. So what we're

4
00:00:30,320 --> 00:00:35,119
going to do in this nugget right here is to explore what we can find within this configuration

5
00:00:35,119 --> 00:00:40,560
file and then make some changes and we shall do a little bit of testing. So with that said,

6
00:00:40,560 --> 00:00:46,320
how about we dive in directly to this file and see what we can see then. So what I'll do here is

7
00:00:46,320 --> 00:00:52,560
I'll clear my screen and I'll go directly to this file. So I'll cd into the xa directory,

8
00:00:52,560 --> 00:00:57,920
like I say I now should have this SAMBA directory. If you're on an older system, remember this may

9
00:00:57,920 --> 00:01:05,439
be an xa-smb as opposed to SAMBA. But for me, if I do an ls, we can see I actually do have this

10
00:01:05,439 --> 00:01:12,159
smb.conf file. So what I will do here is I'll say sudo nano smb.conf. Remember we're in the xa

11
00:01:12,159 --> 00:01:17,200
directory so we want to have super user privileges to be able to modify this. I will just type in

12
00:01:17,200 --> 00:01:24,400
my password right now and as we can see here, this is the main SAMBA configuration file. Now one

13
00:01:24,400 --> 00:01:30,159
thing to note, we have seen so many times before when we happen to see this hashtag or the pound

14
00:01:30,159 --> 00:01:36,960
symbol, whatever you like to say, this happens to mean that we are dealing with a comment, i.e. we can

15
00:01:36,960 --> 00:01:42,320
prepend some type of sentence with the comment and it's going to have no actual effect on the

16
00:01:42,319 --> 00:01:47,199
configuration file itself. This is purely annotation, which is what we see right here. Now as we're

17
00:01:47,199 --> 00:01:53,039
going to see here, when we scroll on down, you are going to notice these particular headings,

18
00:01:53,039 --> 00:01:59,759
things like global. Now these actually denote different actual sections. Okay, so we can see

19
00:01:59,759 --> 00:02:06,000
here this is for global settings. When we have a new section, it is going to be defined by these

20
00:02:06,000 --> 00:02:11,280
square brackets. So global settings, these are the server's main settings, the primary settings,

21
00:02:11,280 --> 00:02:16,800
if you will. Now some things that you're going to see right here is, for example, the work group. So

22
00:02:16,800 --> 00:02:23,039
this is the option here and this happens to be the value. Now the value here is just called

23
00:02:23,039 --> 00:02:28,879
work group and capital letters. This is the default value that we're going to be using. Now if you

24
00:02:28,879 --> 00:02:35,439
happen to be using things like Windows systems, users automatically are dumped into a work group,

25
00:02:35,439 --> 00:02:40,479
simply called work group and capital letters. And when we are talking about a work group,

26
00:02:40,479 --> 00:02:46,239
all we're talking about is a group of computers on a network that happen to share the same type

27
00:02:46,239 --> 00:02:51,839
of resources. Maybe they want to have access to the same printers or to the same folders. We define

28
00:02:51,839 --> 00:02:57,359
this as a work group, i.e. a collection of those computers. Now this work group here, like I say,

29
00:02:57,359 --> 00:03:02,639
is going to be important when we want to actually be communicating with different systems such as

30
00:03:02,639 --> 00:03:08,959
Windows systems. Now we can also see the server string value. This is ultimately how we can

31
00:03:08,960 --> 00:03:15,840
provide a description of the actual server itself. So we can see here this percentage H. What this is

32
00:03:15,840 --> 00:03:22,319
going to act like is going to act like a variable value i.e. it's not going to be presented as

33
00:03:22,319 --> 00:03:28,240
percentage H. It's actually going to be populated with the server's actual host name. So whatever

34
00:03:28,240 --> 00:03:33,520
the host name of that server is, this is going to specify it right here. And then we can actually

35
00:03:33,600 --> 00:03:39,920
see here within brackets a little description that this is a SAMBA server on Ubuntu. Now again,

36
00:03:39,920 --> 00:03:45,360
if you want to be dealing with Windows, you may actually encounter Wins, which is the Windows

37
00:03:45,360 --> 00:03:50,400
Internet naming service. Although realistically, I can't really imagine that you would find much

38
00:03:50,400 --> 00:03:56,719
use for this. But nevertheless, if you do, you can uncomment this to allow for Wins support. So we

39
00:03:56,719 --> 00:04:02,800
can see here, as we know, we can just remove the hashtag and suddenly the configuration is active.

40
00:04:02,800 --> 00:04:06,880
But for now, we don't want to do such a thing. If we scroll on down, we can see information

41
00:04:06,880 --> 00:04:12,320
relating to how we actually want to log connections coming in to our SAMBA server,

42
00:04:12,320 --> 00:04:18,160
as well as the size of each log. We can see here this is 1000 kilobytes. But if we keep scrolling

43
00:04:18,160 --> 00:04:25,519
on down, and there is a lot to scroll through, we will eventually come to our share definitions here.

44
00:04:25,519 --> 00:04:31,840
Now here is one thing we want to note here. You see these semicolons here on the very left hand side.

45
00:04:31,839 --> 00:04:38,959
These actually also denote comments, which is quite unique, because as we know, the hashtag symbol

46
00:04:38,959 --> 00:04:44,959
is how we comment out particular things, i.e. make sure it is not active. But notice we can also

47
00:04:44,959 --> 00:04:51,279
comment out configurations with this semicolon right here. Now the difference really is that we

48
00:04:51,279 --> 00:04:57,279
want to be using the hashtag for actual comments, i.e. descriptions of what a particular configuration

49
00:04:57,279 --> 00:05:04,479
is going to do. When we want to comment out i.e. to make an act of a particular configuration itself,

50
00:05:04,479 --> 00:05:10,639
we want to prepend it with the semicolon instead. So we can see here, all of this here happens to be

51
00:05:11,279 --> 00:05:16,959
inactive. The stuff that is got the hashtag is just general descriptions that we don't want to be

52
00:05:16,959 --> 00:05:23,439
interpreted as commands. And the actual configurations themselves here, which are written in the correct

53
00:05:23,439 --> 00:05:29,040
syntax, they are actually still an active and not taking effect because they have been commented

54
00:05:29,040 --> 00:05:35,199
with the semicolons. The semicolon is for commenting configurations, and the hashtag is for commenting

55
00:05:35,199 --> 00:05:40,959
actual descriptions that we don't want to be active. Now with respect to this section here called

56
00:05:40,959 --> 00:05:47,120
Homes, this is all about really the simplification of being able to share users home directories,

57
00:05:47,120 --> 00:05:53,680
because as we will find out, there actually is a difference between a SAMBA user and the actual

58
00:05:53,680 --> 00:05:58,720
Linux user account on the system. We'll talk about this a little bit later. Understand though that

59
00:05:58,720 --> 00:06:06,000
these Linux users, just like my IPv0 account, actually have home directories on their systems,

60
00:06:06,000 --> 00:06:12,480
and this particular section relates to simply the sharing of users' particular home directories.

61
00:06:12,480 --> 00:06:18,000
Now throughout this configuration file, we're going to see particular settings such as the comment

62
00:06:18,000 --> 00:06:23,200
setting. This is just going to provide you a way to describe the share that you happen to be

63
00:06:23,200 --> 00:06:28,160
sharing out. In this case here, we can see that the comment is going to say home directories, because

64
00:06:28,160 --> 00:06:33,759
really, this section here, Homes, is all about sharing out users' home directories. So the comment

65
00:06:33,759 --> 00:06:40,720
here is pretty descriptive. We also have additional settings such as the browsable setting, which is

66
00:06:40,720 --> 00:06:46,240
in this case set to no. However, if this was configured to be yes, this would make the share

67
00:06:46,240 --> 00:06:52,320
discoverable to clients who are actually just querying the server for available shares, whereas

68
00:06:52,320 --> 00:06:58,640
when it is set to no, the client actually has to note in advance and be explicit about trying to

69
00:06:58,640 --> 00:07:04,080
find this particular share. So really, if you just want people to easily find the share, then you

70
00:07:04,080 --> 00:07:10,000
would want to make the browsable setting set to yes. If you want to be a little bit more secure,

71
00:07:10,000 --> 00:07:14,959
and hide the share, i.e. make sure that the person knows what they're looking for and have them

72
00:07:14,959 --> 00:07:20,160
specify the name of that particular share, we'd want to set the value to, in this case what we have

73
00:07:20,160 --> 00:07:26,560
here, the value no. Now we can see here we have the option read only. In this case here, this is set

74
00:07:26,560 --> 00:07:32,879
to yes. This would mean that the documents within that particular share could actually be read,

75
00:07:32,879 --> 00:07:38,720
i.e. if you happen to have a text file, someone browsing this share could read that text file,

76
00:07:38,720 --> 00:07:44,400
but they could not modify that text file or write to that text file. It is, as we can see here,

77
00:07:44,400 --> 00:07:50,400
read only. So again, if we keep scrolling on down, we can see here, for example, this one is all

78
00:07:50,400 --> 00:07:56,000
commented out, but now below we can actually see the printers section. So this would be if we want

79
00:07:56,000 --> 00:08:01,120
to share out particular printing ability. We can see here the comment denotes this is for all

80
00:08:01,120 --> 00:08:08,000
printers. Is this browsable? No, we have to know about it. And the path here, this specifies

81
00:08:08,000 --> 00:08:13,600
the actual directory location of the share itself. Should this actually be printable?

82
00:08:13,600 --> 00:08:17,920
Well, within the printer share, this does make sense to have this at the value yes,

83
00:08:17,920 --> 00:08:22,639
which is what we can see here. This is going to allow for this share to be printable. We can see

84
00:08:22,639 --> 00:08:29,439
the guest okay option, which means that is this share available to be accessed by a guest account?

85
00:08:29,439 --> 00:08:35,519
In this case here, we say no. And we can also see this option to create a mask. This is ultimately

86
00:08:35,519 --> 00:08:41,679
talking about permissions, i.e. how we can control particular access to this share. Now,

87
00:08:41,679 --> 00:08:45,600
we'll actually get to look at this in a little bit more detail very, very shortly. But for now,

88
00:08:45,600 --> 00:08:50,639
understand that when we're talking about mass creation, we're talking about permissions. But

89
00:08:50,639 --> 00:08:55,439
for now, what I want to do is I want to scroll down here and I want to actually create my own

90
00:08:55,439 --> 00:09:00,960
little share. Okay, so what I'm going to do is I'm going to define this share using my square

91
00:09:00,960 --> 00:09:06,000
bracket. So I'll just call this maybe let's just say public blah. Okay, it doesn't actually matter

92
00:09:06,000 --> 00:09:10,960
the name of the share. This is how this share is going to be presented. So when someone looks for

93
00:09:10,960 --> 00:09:15,840
this share, it's going to see it as public blah. So whatever you name it in here, this is what is

94
00:09:15,840 --> 00:09:22,000
going to be visible. And I will say comments. I'll just say just testing some share stuff. Now,

95
00:09:22,000 --> 00:09:27,920
the path I want to specify what directory that I actually plan to share here. So what I will do

96
00:09:27,919 --> 00:09:32,879
here is I'll just say forward slash and I'll just call this one public blah. Now, one thing to note

97
00:09:32,879 --> 00:09:38,399
here is that this name does not have to match this name. I'm just matching it to keep things simple,

98
00:09:38,399 --> 00:09:45,279
but this can be any directory you so wish. And what I will say is guest okay, which is equal to

99
00:09:45,279 --> 00:09:51,679
the value. Yes, IE we do not have to have a user account to access this particular share. And I

100
00:09:51,759 --> 00:09:58,959
will say read only and I'll make that the value no IE the share that I'm going to be sharing out

101
00:09:58,959 --> 00:10:03,759
people browsing this share can actually modify it. They can actually write within this directory

102
00:10:03,759 --> 00:10:10,000
and modify files within this directory. So check this out. I want to share this particular directory

103
00:10:10,000 --> 00:10:16,079
public blah. But as it stands right now, if I save this file and I go to the root directory CD

104
00:10:16,160 --> 00:10:21,759
roots, and I do an LS, we do not actually have this particular directory. So what I want to do

105
00:10:21,759 --> 00:10:26,080
is to make this directory has to exist, of course, if I want to share it. So I will say

106
00:10:26,080 --> 00:10:31,840
pseudo MK, forward slash and the directory is going to be called public blah. And I will type

107
00:10:31,840 --> 00:10:40,080
in my password to allow this. And then I'm going to say pseudo CH mod 777 public blah. Now, what I've

108
00:10:40,080 --> 00:10:46,400
done here is I've basically given full read, write access and execute access, by the way,

109
00:10:46,400 --> 00:10:52,160
to absolutely everyone within this public blah directory. Now, the reason why I've done this

110
00:10:52,160 --> 00:10:57,360
is because this happens to be a quite common convention with respect to managing permissions

111
00:10:57,360 --> 00:11:03,600
on Samba. The reason why is because we actually have the file system permissions, and we actually

112
00:11:03,600 --> 00:11:09,600
have the Samba permissions. Now, the file system permissions were the permissions that I just

113
00:11:09,600 --> 00:11:17,279
specified there, I said 777 IE, I'm going to have no restrictions via the file system instead.

114
00:11:17,279 --> 00:11:22,720
What I want to do to make things more manageable is I want to have the restrictions actually

115
00:11:22,720 --> 00:11:28,080
controlled by the Samba server itself. Now, the reason why I've made this so permissible,

116
00:11:28,080 --> 00:11:33,759
i.e. to allow everything is that if I happen to have very specific Samba limitations,

117
00:11:33,759 --> 00:11:39,200
whereby particular users were allowed access and other ones were not, that could actually clash

118
00:11:39,759 --> 00:11:45,040
with the native file system permissions. In fact, the native file system permissions would

119
00:11:45,040 --> 00:11:50,560
override the Samba permissions, and I don't want to do that. I want to have control directly via

120
00:11:50,560 --> 00:11:56,639
Samba. So all I do here is I just make this very permissible, i.e. allow everything, and I will

121
00:11:56,639 --> 00:12:02,960
lock down the access as necessary, just using my Samba configurations. So this is something you

122
00:12:02,960 --> 00:12:09,279
will see fairly often. So now, what I want to do here is I want to test that my Samba configurations

123
00:12:09,279 --> 00:12:14,559
were indeed valid. Now, we do actually have a particular command that can do such a thing.

124
00:12:14,559 --> 00:12:20,639
What I can do here is say test perm, and we can see here it's going to load the config files from

125
00:12:20,639 --> 00:12:27,679
this configuration. And if I hit enter, we can actually see all the definitions of our configurations

126
00:12:27,679 --> 00:12:34,000
right here. So we see this. Now, notice that I don't have any errors popping up. This tells me that

127
00:12:34,000 --> 00:12:39,759
the configurations that I happen to have set here are valid. So what I want to do here is I want to

128
00:12:39,759 --> 00:12:48,639
restart my Samba service. So I'll say sudo system CTL, and I will restart SMBD. And I also want to

129
00:12:48,639 --> 00:12:58,080
restart NMBD. So now if I happen to say sudo system CTL, and I say status of SMBD, I can see that

130
00:12:58,160 --> 00:13:05,120
the Samba SMBD is indeed running. Everything seems to be okay. And if I check NMBD, I can see the

131
00:13:05,120 --> 00:13:12,240
Samba NMBD is indeed also running. Now, there are some particular tools that we can use to query

132
00:13:12,240 --> 00:13:18,639
information about the status of our Samba server. So as we can see here, my server name happens to be

133
00:13:18,639 --> 00:13:23,200
called system. This is the name of the server that happens to be running the Samba service. So what I

134
00:13:23,200 --> 00:13:30,240
can actually do is I can say NMB look up, and I can look up the name of that particular server,

135
00:13:30,240 --> 00:13:36,160
which is called system. And as we can see here, we have made that particular query looking for

136
00:13:36,160 --> 00:13:42,080
this particular name system, and it has returned to us the IP address of the server. Now, this happens

137
00:13:42,080 --> 00:13:48,240
to be my own server, my own IP address. But clients who are using this service could do the same

138
00:13:48,320 --> 00:13:54,320
thing as well. They could look up the name of the Samba server using this look up tool and quickly

139
00:13:54,320 --> 00:14:01,120
find the IP address using this particular command. Remember also, we had this default work group,

140
00:14:01,120 --> 00:14:06,560
just simply called a work group. What I could do is say NMB look up, and I could say a work group,

141
00:14:06,560 --> 00:14:12,720
which is in capital letters, if I hit enter. So this is displaying all of the computers within

142
00:14:12,720 --> 00:14:17,919
the default work group within my local network. I have a bunch of laptops connected here as well

143
00:14:18,000 --> 00:14:23,039
as family members who are also connected to the same network. Using this look up, we can actually

144
00:14:23,039 --> 00:14:28,959
see all the private IP addresses here that happen to be in use. Now, as it transpires, I happen to

145
00:14:28,959 --> 00:14:35,919
be using virtual box on my own Windows system. Now, my Windows system is on the same network as

146
00:14:35,919 --> 00:14:42,559
this virtual machine right here. What I want to do is I want to see if that share that I shared on my

147
00:14:42,559 --> 00:14:48,959
Linux machine, my Samba server is actually available to me as a Windows user on my local

148
00:14:48,959 --> 00:14:54,559
Windows machine. Because like I say, we have shared it out using Samba. Now, the first thing

149
00:14:54,559 --> 00:14:59,919
that I'm going to do right here is I'm going to go down and I'm going to search for turn Windows

150
00:14:59,919 --> 00:15:08,639
features on or off and click this. And I want to click SMB one slash CIFS file sharing support.

151
00:15:08,639 --> 00:15:14,720
Now, when I click OK, this is going to enable this feature. And once you do so, you may have to

152
00:15:14,720 --> 00:15:19,840
restart your system to have the changes take effect. Next, I will open up my control panel.

153
00:15:19,840 --> 00:15:25,919
I will then go into network and internet. I will go to network and sharing center. I will go to

154
00:15:25,919 --> 00:15:32,000
change advanced sharing settings. And what I want to do is I want to turn on network discovery.

155
00:15:32,000 --> 00:15:37,200
And I will click turn on automatic setup of network connected devices. If you haven't got that

156
00:15:37,200 --> 00:15:42,720
setting, then you want to turn that on and then save the changes. Once you have your Samba server

157
00:15:42,720 --> 00:15:49,840
configured and the network discovery on, as well as turning on the Windows feature for SMB 1.0,

158
00:15:49,840 --> 00:15:55,280
what should happen is that when you go to your file explorer, once you click network, you should

159
00:15:55,280 --> 00:16:01,920
actually see the Linux server on the network. So I can see here system, which is the name of my

160
00:16:02,000 --> 00:16:08,319
Linux server. If I double click this, notice here, I actually have the share called public

161
00:16:08,319 --> 00:16:13,519
blank. If I highlight over it, you can see the description or the comment saying just testing

162
00:16:13,519 --> 00:16:19,519
some share stuff. If I go into this directory, what I could do is I could create a new folder

163
00:16:19,519 --> 00:16:26,480
and just call this test 123. And within test 123, I create a new text documents and just call this

164
00:16:26,480 --> 00:16:33,200
hello. And if I open it up and just say hello, this is just some test and I will save this.

165
00:16:33,200 --> 00:16:38,159
If I now go back to my virtual machine right here and I do an LS, we can see within the public

166
00:16:38,159 --> 00:16:43,440
blood directory. If I go into this directory and do an LS once again, we can see the name of the

167
00:16:43,440 --> 00:16:48,720
folder we created on the Windows system, which is being shared. If I do an LS, we can cat this

168
00:16:48,720 --> 00:16:53,840
particular file. We can actually see the contents of this file. And if I wanted to modify it, I could

169
00:16:53,840 --> 00:17:01,200
say sudo nano, go into hello.txt and I could just say adding some stuff via the Linux system.

170
00:17:01,200 --> 00:17:07,840
And I'll save you and exit out. If I minimize this, go back to my Windows and I open the file here.

171
00:17:07,840 --> 00:17:13,600
We can actually see here the modifications have taken place here because the file has been shared

172
00:17:13,600 --> 00:17:19,600
across the network, even though the computers in one case are using a Linux operating system.

173
00:17:19,599 --> 00:17:25,599
And the other happens to be using a Windows operating system. Collaboration, as we can see here,

174
00:17:25,599 --> 00:17:32,159
is still absolutely possible. And this really is the power of using Samba. So that is us for

175
00:17:32,159 --> 00:17:36,719
our basic Samba configuration. We want to be looking at authentication and password a little

176
00:17:36,719 --> 00:17:41,039
bit more closely. And that is what we're going to be doing in the very next nugget. So I hope

177
00:17:41,039 --> 00:17:44,480
it's been informative for you and I'd like to thank you for viewing.