- Samba server linux debian
- Установка
- Настройка
- Решение неполадок
- Неполадки
- Заключение
- Samba server linux debian
- 11.5.1.1. Configuring with debconf
- 11.5.1.2. Configuring Manually
- 11.5.2. Samba Client
- 11.5.2.1. The smbclient Program
- 11.5.2.2. Mounting Windows Shares
- 11.5.2.3. Printing on a Shared Printer
- Samba file sharing server
- Installation and configuration
- Sharing home directories
- Add Samba users
- Restart the Samba file sharing daemon
- Add firewall rules
- Try to access the shares (as a normal user)
- See also
Samba server linux debian
Данное краткое руководство посвящено быстрой базовой настройке Samba.
Samba — пакет программ, которые позволяют обращаться к сетевым дискам и принтерам на различных операционных системах по протоколу SMB/CIFS. Имеет клиентскую и серверную части. Является свободным программным обеспечением, выпущена под лицензией GPL.
Установка
Настройка
Добавляем пользователя в базу самбы:
# smbpasswd -a имя_пользователя
# smbpasswd -e имя_пользователя
В большинстве случаев, при домашнем использовании, все должно работать и со стандартным smb.conf.
Решение неполадок
Если при попытке создать общий ресурс через Nautilus или Konqueror Вам сообщается об ошибке :
* ‘net usershare’ returned error 255: net usershare: usershares are currently disabled
в таком случае проделайте следующее : откройте для редактирования файл /etc/samba/smb.conf и отредактируйте секцию [global] следующим образом :
[global] . usershare path = /var/lib/samba/usershare usershare max shares = 100 usershare allow guests = yes usershare owner only = False read only = No guest only = Yes guest ok = Yes .
Сохраните файл и закройте текстовый редактор. Далее создайте каталог ‘usershare’ где Samba будет хранить списки общих папок, разрешив чтение и запись
# mkdir /var/lib/samba/usershares # chown root:sambashare /var/lib/samba/usershares # chmod 1770 /var/lib/samba/usershares # usermod -a -G sambashare
Завершите сеанс и войдите в него вновь. Теперь у вас должна появиться возможность настраивать общий доступ samba, используя графический интерфейс. Например, в Dolphin вы можете нажать правую кнопку мыши на любом каталоге и предоставить для него общий доступ в сети.
Неполадки
Находим следующую строку в smb.conf
; name resolve order = lmhosts host wins bcast
раскомментируем и изменяем на
name resolve order = lmhosts wins bcast host
local master = Yes browseable = yes
Если хотим, чтобы мы были видны в локальной сети
Если у вас возникли проблемы при доступе к защищенному паролем общему ресурсу на Windows попробуйте добавить
[global] # THE LANMAN FIX client lanman auth = yes client ntlmv2 auth = no
Заключение
# Примерный рабочий smb.conf workgroup = WORKGROUP server string = Samba Server [global] server string = Samba Server usershare path = /var/lib/samba/usershare usershare max shares = 100 usershare allow guests = yes usershare owner only = False read only = No guest only = Yes guest ok = Yes [printers] comment = All Printers path = /var/spool/samba read only = Yes guest ok = Yes printable = Yes browseable = Yes
''read only = No'' возможно правильнее всего вынести из [global] в отдельную шару, в данном случае [music]. Но в этом случае, шары созданные через файловый мененджер и не прописанные непосредственно в smb.conf станут доступны только для чтения
Samba server linux debian
DOCUMENTATION Going further
The Samba server is extremely configurable and versatile, and can address a great many different use cases matching very different requirements and network architectures. This book only focuses on the use case where Samba is used as a standalone server, but it can also be an NT4 Domain Controller or a full Active Directory Domain Controller, or a simple member of an existing domain (which could be managed by a Windows server).
The samba package contains all the necessary manual pages and in /usr/share/doc/samba/examples/ a wealth of commented example files. If you are looking for a more comprehensive documentation, you may check the Samba website.
TOOL Authenticating with a Windows Server
Winbind gives system administrators the option of using a Windows server as an authentication server. Winbind also integrates cleanly with PAM and NSS. This allows setting up Linux machines where all users of a Windows domain automatically get an account.
More information can be found in the /usr/share/doc/libpam-winbind/examples/pam_winbind/ directory of the libpam-winbind package.
11.5.1.1. Configuring with debconf
The package sets up a minimal configuration during the initial installation in /etc/samba/smb.conf by plainly copying /usr/share/samba/smb.conf . So you should really run dpkg-reconfigure samba-common to adapt it:
On first installation the only piece of required information is the name of the workgroup where the Samba server will belong (the answer is FALCOTNET in our case).
In case of a package update (from the old stable Debian version) or if the SMB server has already been configured to use a WINS server ( wins server ), the package also proposes identifying the WINS server from the information provided by the DHCP daemon. The Falcot Corp administrators rejected this option, since they intend to use the Samba server itself as the WINS server.
11.5.1.2. Configuring Manually
11.5.1.2.1. Changes to smb.conf
The requirements at Falcot require other options to be modified in the /etc/samba/smb.conf configuration file. The following excerpts summarize the changes that were effected in the [global] section.
[. ] [global] ## Browsing/Identification ### # Change this to the workgroup/NT-domain name your Samba server will part of workgroup = FALCOTNET [. ] # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable its WINS Server wins support = yes [. ] ####### Authentication ####### # Server role. Defines in which mode Samba will operate. Possible # values are "standalone server", "member server", "classic primary # domain controller", "classic backup domain controller", "active # directory domain controller". # # Most people will want "standalone server" or "member server". # Running as "active directory domain controller" will require first # running "samba-tool domain provision" to wipe databases and create a # new domain. server role = standalone server obey pam restrictions = yes [. ] # "security = user" is always a good idea. This will require a Unix account # in this server for every user accessing the server. security = user [. ]
Indicates that Samba should act as a Netbios name server (WINS) for the local network. This option had been removed from the default configuration in Buster and must be added manually if desired.
This is the default value for this parameter; however, since it is central to the Samba configuration, filling it explicitly is recommended. Each user must authenticate before accessing any share.
11.5.1.2.2. Adding Users
Each Samba user needs an account on the server; the Unix accounts must be created first, then the user needs to be registered in Samba’s database. The Unix step is done quite normally (using adduser for instance).
Adding an existing user to the Samba database is a matter of running the smbpasswd -a user command; this command asks for the password interactively.
A user can be deleted with the smbpasswd -x user command. A Samba account can also be temporarily disabled (with smbpasswd -d user ) and re-enabled later (with smbpasswd -e user ).
11.5.2. Samba Client
The client features in Samba allow a Linux machine to access Windows shares and shared printers. The required programs are available in the cifs-utils and smbclient packages.
11.5.2.1. The smbclient Program
The smbclient program queries SMB servers. It accepts a -U user option, for connecting to the server under a specific identity. smbclient //server/share accesses the share in an interactive way similar to the command-line FTP client. smbclient -L server lists all available (and visible) shares on a server.
11.5.2.2. Mounting Windows Shares
The mount command allows mounting a Windows share into the Linux filesystem hierarchy (with the help of mount.cifs provided by cifs-utils ).
Example 11.21. Mounting a Windows share
mount -t cifs //arrakis/shared /shared \ -o credentials=/etc/smb-credentials
username = user password = password
Other options can be specified on the command-line; their full list is available in the mount.cifs (1) manual page. Two options in particular can be interesting: uid and gid allow forcing the owner and group of files available on the mount, so as not to restrict access to root.
//server/shared /shared cifs credentials=/etc/smb-credentials
11.5.2.3. Printing on a Shared Printer
CUPS is an elegant solution for printing from a Linux workstation to a printer shared by a Windows machine. When the smbclient is installed, CUPS allows installing Windows shared printers automatically.
Enter the name that will uniquely identify this printer. Then enter the description and location of the printer. Those are the strings that will be shown to end users to help them identify the printers.
Indicate the manufacturer/model of the printer, or directly provide a working printer description file (PPD).
Samba file sharing server
This is a minimal Samba setup to let other machines access files on a Debian machine.
Installation and configuration
- Install the samba and samba-client packages
- Configure the Samba server by editing the configuration file /etc/samba/smb.conf
In the [global] section, set the name of the workgroup. You will need to specify the workgroup name when connecting from a Windows machine.
[global] . workgroup = EXAMPLE
page cleanup/reorganization in progress below this point
Sharing home directories
Locate the home share definition:
In that section you may enable read-write access to the home directories:
To share files in some other path on the system, add another share definition such as:
[ourfiles] comment = Some useful files read only = no path = /path_to_our_files guest ok = no
See smb.conf man page for details.
Add Samba users
Samba uses it’s own password system so users need to be added by root. Note that the users have to exist in /etc/passwd
# smbpasswd -a me # smbpasswd -a you
You will be prompted for a password for each of those users.
To list existing Samba users:
Restart the Samba file sharing daemon
Add firewall rules
Allow access from machines in the local LAN:
iptables -A INPUT -p udp --dport 137 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT iptables -A INPUT -p udp --dport 138 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp --dport 139 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT iptables -A INPUT -p tcp --dport 445 -s 192.168.1.0/24 -m state --state NEW -j ACCEPT
Try to access the shares (as a normal user)
Try locally first, then from another machine on the network which also installed samba client. When prompted, use the password entered when adding the user to Samba.
$ smbclient -U you //ourmachine/you
To access our shared(!) share:
$ smbclient //ourmachine/ourfiles