This section tells you how to give access to files on a Linux host operating system to Windows guest systems on a VMware host−only or NAT network. The material here goes with section 10.3, which explains how to access files with the Windows guest system. If you have a Windows host system, skip ahead to section 10.2.
VMware Workstation for Linux comes with SAMBA, a server that allows Windows machines to access Linux filesystems using the SMB/CIFS protocol. Aside from a small extension to allow multiple servers on the same host, there’s nothing particularly special about VMware’s version. One of the most important things to know is that the vmware−config.pl script can automatically create a configuration file for host−only or NAT networks and add users to the SAMBA password file. This feature can save you a lot of time: Since SAMBA has several million configuration parameters, it can take a while to get down to the right subset.
The easiest way to create a SAMBA configuration file and start the server is to run vmware−config.pl and answer y to the question about whether to automatically configure your system to allow your virtual machines
to access the Linux host’s filesystem. By answering yes, you create a /etc/vmware/vmnet1/smb directory containing the configuration files (for NAT networking, the directory is /etc/vmware/vmnet8/smb).
The vmware−config.pl script also asks whether to add any users. If you do, the username you provide must be one that already exists on your host system. For each new user, VMware creates a new entry with a new password in the SAMBA password file. This is not the same as your /etc/passwd file. The usernames identify valid users on your system, but the passwords are completely independent. See section 10.1.1 for more information on the password file. If you aren’t interested in SAMBA server details, skip to section 10.3 to attach the newly shared filesystem to your Windows guest system.
10.1.1 The SAMBA Server Side
The SAMBA server side consists of two daemons: smbd, which handles the actual work of serving data, and nmbd, a NetBIOS−over−IP nameserver. In VMware, they’re called vmware−smbd and vmware−nmbd; you’ll find them in the same place as the rest of the VMware binaries. The main SAMBA configuration file for both daemons, found in /etc/vmware/vmnet1/smb or /etc/vmware/vmnet8/smb, is smb.conf.
The configuration file has several sections. This first contains a set of global parameters denoted with [global]
(the brackets [] denote a section in the configuration file). The vmware−config.pl script determines the socket address, interfaces, and bind interfaces only settings.
The socket address parameter identifies the IP address of the host machine’s network interface—in the case here, VMware’s host−only or NAT interface. The interfaces parameter marks out a subnet for the servers to monitor. The last parameter says that the servers should respond only to instructions coming from requests listed by the interfaces parameter. This interfaces parameter is important because it blocks any access from outside networks. Here is an example:
socket address = 172.16.144.1
interfaces = 172.16.144.0/255.255.255.0
Aside from [global], all other sections of the smb.conf file correspond to network shares. There are two sections with special meanings: [homes] and [printers], for sharing a dynamic number of home directories and printers. Refer to page 183 for [homes] and page 187 for [printers].
SAMBA User Management
For Windows guest operating systems to communicate with the SAMBA server, they must log in with a username and password. Two lines in the server’s smb.conf [global] section control how users send passwords to the server. By default, they are
security = user
encrypt passwords = yes
The security parameter sets the type of access control. The user setting is the only setting that makes much sense with the VMware version of SAMBA. The user specification instructs SAMBA to match usernames that Windows clients send with the ones in the host machine’s /etc/passwd file.
Now that the server knows about usernames, it needs to know how to verify the passwords that Windows clients send. The encrypt passwords parameter controls the way that the host asks the guest to send a password.
Because Windows passwords have a different encryption scheme than Unix passwords, you can’t use the same password transmission scheme between Unix and Windows. Therefore, when you set encrypt passwords to yes, SAMBA uses an auxiliary password file.
This file, /etc/vmware/vmnet1/smb/private/smbpasswd holds not just encrypted passwords, but also some other assorted information for smbd. This file looks slightly like the /etc/passwd file on your Linux host; it also works in conjunction with the regular system password file. The following sections describe some common administrative commands.
Adding and Deleting Users
To allow a user to log in from a Windows guest system and give them write access to their home directory from that guest system, you must give them an entry in the SMB password file. To add the user username with the password passwd, use the command
vmware−smbpasswd vmnet1 −a username passwd
If username isn’t in your /etc/passwd file or map, you’ll get an error: username must be a valid user on your host system.
To remove a SAMBA user, edit the smbpasswd file, and delete the line corresponding to the user.
Changing a Password
To change the user’s password in the SMB password file, run
vmware−smbpasswd vmnet1 username passwd
You can remove the password entirely with the −n option, but be sure that no other machine on your network has access to the SMB server. Remember that the VMware host system can talk to its own host−only
interface, so if you have other users on your host machine, you might want to either remove access to the host in your configuration or forget about removing passwords altogether.
Disabling and Enabling Users
To disable a user, run
vmware−smbpasswd vmnet1 −d username
To reenable access, use −e instead of −d.
Sharing SMB Password Files
If you set up more than one host−only or NAT network and also have more than one vmware−smbd running (which means you’ll have more than one smb.conf file), you can use the same SMB password file for all of the vmware−smbd processes. Find the line in each of your smb.conf files that reads something like this:
smb passwd file = /etc/vmware/vmnet1/smb/private/smbpasswd
To share one smbpasswd file, set this line in all of your smb.conf files to the same thing.
SAMBA Filesharing Management
Two sections in a VMware−configured smb.conf file control filesystem access to clients: namely, [homes]
and [HostFS]. The [homes] section controls access to home directories and looks like this:
[homes]
comment = Home directories browseable = no
writable = yes
This special section maps usernames to home directories upon log−in. When a user logs in, smbd looks up that username in the system /etc/passwd file, finds the user’s home directory, and offers the directory to the client as a share. The last setting (writable) in the lines above allows you to turn off write permission if you don’t particularly trust your guest system.
The [HostFS] section gives your guest system access to the rest of your host’s filesystem. By default, it looks like this:
[HostFS]
comment = VMware host filesystem path = /
public = no writeable = yes printable = no
There are a few things to note here. The first is that the path parameter specifies where in the host filesystem to begin; in this case, it’s /, meaning all files and directories on the host. You can make the parameter more restrictive (for example, /data/blah), or if you want to add more sections with more specific path components, just copy the section with a new path parameter and change HostFS to a new name of your choice.
(Do you see the disparity between the writeable keyword here and writable in the [homes] section? As far as smbd is concerned, they’re synonymous.)
More on SAMBA
Though this chapter covers many issues relevant to VMware’s Linux SMB server, it really only scratches the surface of what SAMBA can do. In particular, you can do a lot with the smbclient program in the regular distribution if you have a Windows host and a Unix guest system. SAMBA can act as a WINS server (if, for example, you want to connect the guests in a host−only network over NAT to a bigger network); it also has several network browsing capabilities, can communicate over SSL, and has extensive access restriction configuration options. To learn more about SAMBA, visit http://www.samba.org/ and look at the documentation and pointers there.