Samba

From campisano.org
Jump to navigation Jump to search

Samba

Install

apt-get install samba smbclient cifs-utils
systemctl stop smbd.service
systemctl stop nmbd.service

Config

  • edit /etc/samba/smb.conf file
[global]

#### Browsing/Identification ####

   bind interfaces only = yes

# workgroup/NT-domain name your Samba server will part of
   workgroup = WORKGROUP

# describe the server to the clients
   server string = %h server

# tells the NMBD component of Samba to disable its WINS Server
# you should NEVER set this to yes on more than one machine in your network
   wins support = no

# allow the host to participate in master browser elections
   local master = yes

# force a local browser election upon startup
# we need that otherwise it takes a long time before the windows network is browsable
   preferred master = yes

# prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# used by Windows NT and known as CIFS
   server min protocol = NT1

# native SMB transport encryption available in SMB version 3.0
   smb encrypt = desired

#### Debugging/Accounting ####

   log file = /var/log/samba/samba.log
   log level = 1 auth:5 winbind:5 passdb:5
   max log size = 1000

#### Authentication ####

# defines in which mode Samba will operate
   server role = standalone server

# netbios is the only available form of browsing in all windows versions except for 2000 and XP
   disable netbios = no

# a client must first "log-on" with a valid username and password
   security = user

   invalid users = root
   create mode = 0664
   directory mode = 2775

   passdb backend = tdbsam:/etc/samba/smbpasswd
   encrypt passwords = yes

# unsuccessful authentication attempts are mapped to anonymous connections
   map to guest = Bad User

# disallow users who've been granted usershare privileges to create public shares
   usershare allow guests = no

#======================= Share Definitions =======================

[public]
   path = /home/shared/network/public
   comment = public folder

   browseable = yes
   read only = no
   writable = yes

   guest ok = yes

   force user = nobody
   force group = users

[protected]
   path = /home/shared/network/protected
   comment = protected folder

   browseable = yes
   read only = no
   writable = yes

   guest ok = no

   valid users = network-user
   force user = nobody
   force group = users
  • create a system 'network-user' user
useradd -M -d /home/shared/network -s /usr/sbin/nologin -g nogroup network-user
  • create shared folders
mkdir -p /home/shared/network/public /home/shared/network/protected
chown -R nobody:users /home/shared/network
chmod -R 0775 /home/shared/network
  • create a samba network-user user and enable it
smbpasswd -a network-user
smbpasswd -e network-user
  • about default permissions on file creation and moving, needs ACL:

https://unix.stackexchange.com/questions/12842/make-all-new-files-in-a-directory-accessible-to-a-group

https://superuser.com/questions/237802/how-to-set-default-permissions-for-files-moved-or-copied-to-a-directory

start

systemctl start nmbd.service
systemctl start smbd.service

test

  • list servers
nmblookup -S '*'
  • list unprotected shared resource on server
smbclient -N -L "SERVER NAME"
  • or list protected shared resource on server
smbclient -U YOUR_USER -L "SERVER NAME"
  • list files on a shared folder
smbclient -U YOUR_USER -c ls "//SERVER NAME/SHARED_FOLDER_NAME"
Retrieved from "https://www.campisano.org/mediawiki/index.php?title=Samba&oldid=2344"