Samba

From campisano.org
Jump to navigation Jump to search

Samba

Install

apt-get install samba smbclient cifs-utils
systemctl stop smbd.service
systemctl stop nmbd.service

Config

from https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server#Creating_a_Basic_authenticated_access_smb.conf_File

  • edit /etc/samba/smb.conf file
[global]

#### Browsing/Identification ####

  bind interfaces only = yes

# workgroup/NT-domain name your Samba server will part of
  workgroup = WORKGROUP

# describe the server to the clients
  server string = %h server

# tells the NMBD component of Samba to enable its WINS Server
# you should NEVER set this to yes on more than one machine in your network
  wins support = yes

# determine naming services to use and in what order to resolve host names to IP addresses
  name resolve order = wins bcast

# allow the host to participate in master browser elections
  local master = yes

# force a local browser election upon startup
# we need that otherwise it takes a long time before the windows network is browsable
  preferred master = yes

# prevent nmbd to search for NetBIOS names through DNS.
  dns proxy = no

# used by Windows NT and known as CIFS
  server min protocol = NT1

# native SMB transport encryption available in SMB version 3.0
  smb encrypt = desired

#### Debugging/Accounting ####

  log file = /var/log/samba/samba.log
  log level = 1 auth:5 winbind:5 passdb:5
  max log size = 1000

#### Authentication ####

# defines in which mode Samba will operate
  server role = standalone server

# netbios is the only available form of browsing in all windows versions except for 2000 and XP
  disable netbios = no

# a client must first "log-on" with a valid username and password
  security = user

  invalid users = root
  create mode = 0664
  directory mode = 2775

  passdb backend = tdbsam:/etc/samba/smbpasswd

# unsuccessful authentication attempts are mapped to anonymous connections
  map to guest = Bad User

# disallow users who've been granted usershare privileges to create public shares
  usershare allow guests = no

#======================= Share Definitions =======================

[network]
  path = /home/shared/network
  comment = protected folder

  browseable = yes
  read only = no
  writable = yes

  guest ok = no

  valid users = network-user
  force user = nobody
  force group = users
  • create a system 'network-user' user
useradd -M -d /home/shared/network -s /usr/sbin/nologin -g nogroup network-user
  • create shared folders
mkdir -p /home/shared/network/public /home/shared/network/protected
chown -R nobody:users /home/shared/network
chmod -R 0775 /home/shared/network
  • create a samba network-user user and enable it
smbpasswd -a network-user
smbpasswd -e network-user
  • about default permissions on file creation and moving, needs ACL:

https://unix.stackexchange.com/questions/12842/make-all-new-files-in-a-directory-accessible-to-a-group

https://superuser.com/questions/237802/how-to-set-default-permissions-for-files-moved-or-copied-to-a-directory

start

systemctl start nmbd.service
systemctl start smbd.service

test

  • list servers
nmblookup -S '*'
  • list unprotected shared resource on server
smbclient -N -L "SERVER NAME"
  • or list protected shared resource on server
smbclient -U YOUR_USER -L "SERVER NAME"
  • list files on a shared folder
smbclient -U YOUR_USER -c ls "//SERVER NAME/SHARED_FOLDER_NAME"
Retrieved from "https://www.campisano.org/mediawiki/index.php?title=Samba&oldid=2840"