Date Created: Wed 22-Sep-2010

Related Document Categories:

Get my WebSphere Application Server course here >> http://www.themiddlewareshop.com/products/


ClearCase and Samba
How to install Samba on RHEL4 for use with ClearCase

Downloaded samba from:

http://news.samba.org/releases/3.3.5/

sftp to linux

mkdir /apps/samba/
cd /apps/samba/

gunzip samba-3.3.5.tar.gz

tar -xvf samba-3.3.5.tar


=========================

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/compiling.html

=========================

/apps/samba/samba-3.3.5/source/

./configure

make

make install

=======================

Check /etc/services as per doc above

======================

vi /etc/inetd.conf

add:

netbios-ssn stream tcp nowait root /usr/local/samba/sbin/smbd smbd
netbios-ns dgram udp wait root /usr/local/samba/sbin/nmbd nmbd

======================

killall -HUP inetd

[root@localhost source]# ps -ef | grep inetd | grep -v grep
root 2608 1 0 Jun20 ? 00:00:00 xinetd -stayalive -pidfile /var/run/xinetd.pid

==================


service smb start

service winbind start

===================


smbclient -L localhost -N

Result

Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]

Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Samba Server)
ADMIN$ IPC IPC Service (Samba Server)
Anonymous login successful
Domain=[MYGROUP] OS=[Unix] Server=[Samba 3.0.10-1.4E.9]

Server Comment
--------- -------
LOCALHOST Samba Server

Workgroup Master
--------- -------
MYGROUP


====================================
To allow users to browse your temp directory from a windows machine:

Note if you want to chnage the workgrpup name, read these tips

http://compnetworking.about.com/od/windowsnetworking/qt/workgroupnaming.htm

Edit your samba config as required:

vi /etc/samba/smb.conf


[global]

# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = SAMBA


# This one is useful for people to share files
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes

[homes]
comment = Home Directories
browseable = yes
writable = yes

[vobs]
path = /vobstore01
public = yes
only guest = yes
writable = yes
printable = no

[views]
path = /viewstore01
public = yes
only guest = yes
writable = yes
printable = no


======================================

service smb restart

service winbind restart


========================================

Alter your firewall, so uses can connect to samba shares.

vi /etc/sysconfig/iptables



-A RH-Firewall-1-INPUT -p udp -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT


service iptables restart


=========================================

iptables -L


==========================================

Before fierwall chnage


Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
14182 6761K ACCEPT all -- lo any anywhere anywhere
4 240 ACCEPT icmp -- any any anywhere anywhere icmp any
0 0 ACCEPT ipv6-crypt-- any any anywhere anywhere
0 0 ACCEPT ipv6-auth-- any any anywhere anywhere
0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:ipp
62763 32M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:https
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:webcache
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9060
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:1521
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:1527
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9043
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9080
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ldap
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9061
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:9044
4 192 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:smtp
30 1440 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ftp
604 69954 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited



============


after


target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9060
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1521
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1527
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9043
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9080
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ldap
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9061
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:9044
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited



=======================


You should be able to use the following command to map a drive to the UNC path.


net use t: \\192.168.0.x\tmp to create a mapping to the samba tmp folder seen a the t-drive on the windows machine.


==========================

NOTE: If you r are using user as your security setting in SAMABA ie in the smb.conf file, you will need to add a user on Linux with the same name, or set up domain authentication using Kerberos and a Windows Domain controller.


Below you can see an image of my windows client browsing the SAMBA root and all configured above a are visible:




Users and things:

Mapping the clearcase_albd account:

If users will be working with either Windows dynamic views or Windows snapshot views, it is mandatory that the server process account (by default named clearcase_albd) be mapped over to a valid UNIX/Linux account.

This UNIX/Linux account must have access to all of the VOBs the Windows users will be accessing.

The reason for this is that the view server process on Windows runs with the identity of the clearcase_albd account. In order to write to the VOB storage, the clearcase_albd account needs access. Since the clearcase_albd account does not exist on UNIX/Linux and the user name is over the 8 character POSIX limit, a valid UNIX/Linux account must exist to perform this task.

In many environments, there is a single VOB owner account (vobadmin). Generally, we see the clearcase_albd mapped over to that user in the username map file.
For example, a typical solution to this map is:
• (For Samba version 2.x) vobadmin = clearcase_albd
• (For Samba version 3.x) vobadmin = DOMAIN\clearcase_albd

How to add a user map to samba:

# Unix users can map to different SMB User names

username map = /etc/samba/smbusers

Common User and Group Names

User Names

Rational highly recommends that your user names in both Windows and Linux/UNIX match in both case and spelling. However, this is not a requirement if you are using USER security in Samba. You can use the username map file to map the Windows user to a valid Linux/UNIX user.

Each entry in the username map file should be listed as the UNIX/Linux user name, followed by an equal sign (=), followed by one or more whitespace-separated Windows user names. Samba will expect both the client and the server user to have the same password.
An example of the entries in the username map file is, as follows:


Linux Username Windows Username
<account name> clearcase_albd
<account name> stever

so the map file will contain:

# Unix_name = SMB_name1 SMB_name2 ...
root = administrator admin
nobody = guest pcguest smbguest
vobadmin = clearcase_albd
stever = stever

=============================


Lets say you connect to a SAMBA share for the first time and you have set up user authentication on roue SAMBA configuration, you wil be propmpted with a dialog the first time you access the share. This user name and password will be saved in the /etc/samba/smbusers file and so you should not be prompted again until your Windows user password changes.

Obviously the best way is to use Domain authentication with SAMBA, however often with Windows part of a ClearCase install,this is not the case due to new VM technology and you may find that users are using Windows Terminal Services to log into a central machine, which may or may not be on a domain. I would hope that it is a stand alone domain controller and it can be used for a Domain user set-up. No body wants to have to keep Linux and Windows user name and passwords in sync.

References:
http://www-01.ibm.com/support/docview.wss?rs=0&uid=swg27005767
http://publib.boulder.ibm.com/infocenter/cchelp/v7r0m1/index.jsp?topic=/com.ibm.rational.clearcase.cc_admin.doc/topics/t_pcnfssmb_smb_samba.htm
http://www-01.ibm.com/support/docview.wss?uid=swg27011199&aid=1

Get my WebSphere Application Server course here >> http://www.themiddlewareshop.com/products/

Steve Robinson - IBM Champion 2013

About Me

Steve Robinson has been working in IT for over 20 years and has provided solutions for many large-enterprise corporate companies across the world. Steve specialises in Java and Middleware.

In January 2013, I was awarded the prestigous 'IBM Champion' accolade.


  • Linked In
  • Twitter
  • About Me
  • My Blog
  • Contact Me

Read my books?

IBM WebSphere Application Server 8.0 Administration Guide

IBM WebSphere Application Server 8.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide

WebSphere Application Server 7.0 Administration Guide

WebSphere Categories

Other Categories