个人工具

“UbuntuHelp:SettingUpSamba”的版本间的差异

来自Ubuntu中文

跳转至: 导航, 搜索
 
(未显示同一用户的5个中间版本)
第1行: 第1行:
 
{{From|https://help.ubuntu.com/community/SettingUpSamba}}
 
{{From|https://help.ubuntu.com/community/SettingUpSamba}}
 
{{Languages|UbuntuHelp:SettingUpSamba}}
 
{{Languages|UbuntuHelp:SettingUpSamba}}
[[Anchor(Top)]]
+
#title Samba
== What is Samba and when do I need it? ==
+
<<Include(Tag/StyleCleanup)>>
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconSambaShares.png To make a long story short : The Samba project was started in 1992 by Andrew Tridgell. Samba is a set of tools to share files and printers with computers running Microsoft Windows. It implements the SMB network protocol, which is the heart of Windows networking.
+
<<Include(Tag/ContentCleanup)>>
 +
<<Include(Tag/TooLong)>>
 +
Please note: This article may contain information that is outdated.
 +
<<Anchor(Top)>>
 +
== What is Samba? ==
 +
https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconSambaShares.png Samba is an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file and printer sharing with Microsoft Windows, OS X, and other Unix systems.
 
Samba can be used to:
 
Samba can be used to:
* Act as a server for Windows (or Samba) clients: share folders and printers, including PDF pseudo-printers so all the computers in your network may write PDF files
+
* Act as a server for SMB clients: share folders and printers, including PDF pseudo-printers so all the computers in your network may write PDF files
 
* Act as a domain controller in a Windows network (authenticating users, etc.)
 
* Act as a domain controller in a Windows network (authenticating users, etc.)
* Do some more complex things, such as using a Windows domain controller to authenticate the users of a Linux/UN*X machine
+
* Do some more complex things, such as using a Windows domain controller to authenticate the users of a Linux/UNIX machine
More information about Samba can be found at http://www.samba.org.
+
Samba is freely available under the GNU General Public License. More information be found at http://www.samba.org.
Also see the links at the bottom of this page.
+
[[UbuntuHelp:[Top|Back to top]]]
[[Top Back to top]]
+
== Client Access - Browsing SMB shares ==
=== Do you need Samba? ===
+
The <code><nowiki>samba</nowiki></code> package is a meta-package intended to be installed on file and printer sharing servers. Clients do not need this meta-package (you are acting as a client if you need to access files on another computer). For example, installing samba is not necessary if you only need your Ubuntu system to do any of the following:
<code><nowiki>samba</nowiki></code> is a metapackage and intended to be installed on servers. Clients do not need this metapackage.  
+
* Access shared folders, drives and printers on a Windows computer (that is, act as a client with Windows servers). To do this, you only need the '''smbfs''' plugin. See [[UbuntuHelp:MountWindowsSharesPermanently|MountWindowsSharesPermanently]] for more information.
The Samba metapackage is not necessary on clients to:
+
* Access shared folders, drives and printers on a Windows computer (that is, act as a client with Windows servers), you only need the '''smbfs''' plugin. See [[UbuntuHelp:MountWindowsSharesPermanently|MountWindowsSharesPermanently]]
+
 
* Have your Windows computer use (via a network) a printer that is attached to a Linux computer.  CUPS can be configured to make the printer accessible to the network.
 
* Have your Windows computer use (via a network) a printer that is attached to a Linux computer.  CUPS can be configured to make the printer accessible to the network.
* Share directories between two Linux computers. You can use NFS or setup an FTP server on one computer and access it from other computers using an FTP client.
+
* Share directories between two Linux computers. You can use NFS or setup an [[UbuntuHelp:SSH|SSH]] server on one computer and access it from other computers using an scp or sftp client, or Places -> Connect to Server... and choose "SSH" as the service type.
==== What to install ====
+
=== Ubuntu Clients ===
===== Server =====
+
If you wish your computer to act as a Samba server (act as a file or printer server) then install, by any method, <code><nowiki>Samba</nowiki></code> (see [[UbuntuHelp:InstallingSoftware|InstallingSoftware]]).
+
<pre><nowiki>
+
sudo apt-get install samba
+
</nowiki></pre>
+
The samba package is ''not needed'' on clients. Install <code><nowiki>smbfs</nowiki></code> instead (see below).
+
===== Client =====
+
If you want to connect to a samba server (Windows server or an Ubuntu server running samba) you have two options, you can use the '''smbclient''' command or you can directly mount the samba file system via <code><nowiki>smbfs</nowiki></code>.
+
====== Command line ======
+
Ubuntu will connect to a samba server out of the box via '''smbclient'''. smbclient is a similar to an ftp connection (once connected you can use commands such as ls, cd , put, and get).
+
====== smbfs ======
+
This package allows clients to mount samba file shares allowing them to act as local disks and thus '''Most people will prefer this method'''. Install, by any method, <code><nowiki>smbfs</nowiki></code> (see [[UbuntuHelp:InstallingSoftware|InstallingSoftware]]). This will install the tools to mount samba shares.
+
<pre><nowiki>
+
sudo apt-get install smbfs
+
</nowiki></pre>
+
[[Top Back to top]]
+
=== Configuring your computer ===
+
Start the network configurator using the following menu:
+
'''System''' -> '''Administration''' -> '''Network'''
+
https://help.ubuntu.com/community/SettingUpSamba?action=AttachFile&do=get&target=PicNetworkSettings.png
+
You will need the General tab, in the middle.
+
[[Top Back to top]]
+
==== Fill in your settings: ====
+
<pre><nowiki>
+
Host Settings
+
Hostname:      <yourcomputer>
+
Domain name:    <yourdomain>
+
</nowiki></pre>
+
<pre><nowiki>
+
Windows Networking
+
Tick Enable Windows networking
+
Description:      <whateveryouwant>
+
Domain/Workgroup:  <yourdomainorworkgroup>
+
</nowiki></pre>
+
On Feisty and Gutsy, these settings are in '''System''' -> '''Administration''' -> '''Shared Folders'''
+
<pre><nowiki>
+
If you want tick WINS server  <thenameoripaddressofyourwinsserver>
+
</nowiki></pre>
+
'''Note:''' If you do not know, ask your network-administrator. Typical settings for the workgroup field are "mshome" or "workgroup".
+
The important settings here are your hostname, which should be filled in already, and the domain/workgroup. Press '''OK''' on both Windows and the first part of cooperating with Windows-machines is done.
+
You may also edit the file "/etc/samba/smb.conf" manually, and then use "/etc/init.d/samba" to stop and start the service again.
+
'''Note:''' It is possible to not include a "Windows Networking section and continue.
+
[[Top Back to top]]
+
=== Browsing Samba shares ===
+
 
Ubuntu and Gnome make it easy to access files on a Windows network share.
 
Ubuntu and Gnome make it easy to access files on a Windows network share.
Open the Computer Menu, then click on "Network". You'll see a "Windows network" icon, open it. The next window shows all the domains/workgroups found in your network. Inside each domain/workgroup you get all the computers in it (that is, those sharing something !). Double-click on a computer icon to access its shares and files. Could it be easier ?
+
Open the '''Places''' Menu, then click on '''Network'''. You will see a '''Windows network''' icon. Double-click to open it. The next window shows all the domains/workgroups found on your network. Inside each domain/workgroup you will see all the computers on the domain/workgroup with sharing enabled. Double-click on a computer icon to access its shares and files.
Before showing a computer's shares, your system may prompt you for a name and password. Fill in the form with the credentials of a valid user for the computer you are connecting to. You may additionally store that password in your keyring for convenience.
+
* If you want to be able to share folders with nautilus (the file browser), install the <code><nowiki>nautilus-share</nowiki></code> package (installed by default in Ubuntu 9.10 Desktop edition):
Note: The default installation of Samba does not synchronize passwords.  You may have to run "smbpasswd" for each user that needs to have access to his Ubuntu home directory from Microsoft Windows.
+
[[Top Back to top]]
+
== Graphical Configuration ==
+
This section is for those preferring to use graphical tools. This section should allow you to "quick start" samba shares between Ubuntu and either Ubuntu or Windows servers. The gui method, although easy, is less secure in that :
+
<ol><li>Shares are Public (ie browsable)
+
</li><li>A password is not set for shares (they can be mounted by anyone).</li></ol>
+
 
+
Be warned you are installing a service (server) and you may wish to install a firewall to help prevent undesired access. See also the manual configuration sections below to learn how to "hide" your shares from browsing and set a password for access.
+
=== Ubuntu Server ===
+
This section enables Ubuntu as a samba file server.
+
==== Sharing a Folder ====
+
To share a directory you must have permission to access the directory. Go to your home directory ( Places -> Home folder). Right click on the "Documents" directory and in the pop up menu select "Share Folder".
+
If samba is not installed you will get a pop up menu "Sharing services are not installed". Select "Install Windows networks support (SMB)" and deselect "Install Unix networks support (NFS)" -> then click "Install services".
+
If you get an error message that the samba .deb could not be found, open a terminal and update apt-get.
+
 
<pre><nowiki>
 
<pre><nowiki>
sudo apt-get update
+
sudo apt-get install nautilus-share
 
</nowiki></pre>
 
</nowiki></pre>
Then again install SMB support. Ubuntu will download and install samba. After samba is installed again Right click on the "Documents" directory and in the pop up menu select "Share Folder". You will get a pop up menu "Share Folder". Select "Windows networks (SMB)" in the pull down menu and give your share a name in the "Name" box. Unselect the "Read only" check box if you want read/write access to the share. Click the "Share" button.
+
'''Alternate:''' From the menu at the top select "Location" -> "Connect to a server". In the "Service type" pull down select "Windows share". Enter the server ip address in the "Server:" box and the share name in the "Share:" box. Click "Connect" and then "Connect" again on the second dialog box
=== Windows XP Server ===
+
'''Note:''' The default installation of Samba does not synchronize passwords. You may have to run "smbpasswd" for each user that needs to have access to his Ubuntu home directory from Microsoft Windows.
This section enables Windows XP as a samba file server.
+
=== Windows Clients (XP,Server,Vista, Win7) ===
==== Sharing a Folder ====
+
Microsoft Windows clients connect and browse through their corresponding network interface.
1. On the Windows server, browse in explorer ("My Computer") to the location of the folder you wish to share (C:\Documents and Settings for example). Next right click on the folder to share and select "Sharing ans Security...". In the pop-up dialog box click the "Sharing" tab. Click the "<u>Network Setup Wizard</u>" to configure your network to allow shares. Work your way through the wizard. Note the default workgroup is '''MSHOME'''. You may change this value if you like but all your computers should be in the same workgroup. Eventually you will be given the option to "Turn on file and printer sharing". This is the option you want, continue with the network wizard. You will have to restart your computer for the settings to take effect -> Restart Windows.
+
'''Example:''' XP clients can open '''Windows Network Neighborhood''' or '''My Network Places''' to browse available SMB shares.
2. After rebooting, again open explorer ("My Computer") and navigate to the folder you wish to share. Again right click on the folder and select "Sharing ans Security...". In the pop-up dialog box click the "Sharing" tab. In the "Network sharing and security" box, tic (select with the mouse) the "Share this folder on the network" box. Give the folder a share name. This will give read only access to Ubuntu computers via samba. To allow read/write access tic (select with the mouse) the "Allow network users to change my files" box. Click the "Apply" button and close the dialog box.
+
[[UbuntuHelp:[Top|Back to top]]]
 
+
== Samba Client - Manual Configuration ==
=== Connect to a samba server ===
+
This section covers how to manually configure and connect to a SMB file server from an Ubuntu client. <code><nowiki>smbclient</nowiki></code> is a command line tool similar to a ftp connection while <code><nowiki>smbfs</nowiki></code> allows you to mount a SMB file share. Once a SMB share is mounted it acts similar to a local hard drive (you can access the SMB share with your file browser (nautilus, konqueror, thunar, other).
Configure your Ubuntu or Windows XP samba server as above.
+
==== Connecting to a Samba File Server from the command line ====
==== Ubuntu Client ====
+
On the Ubuntu client using the menu at the top, go to "Places" -> "Network". You will see an icon "Windows network" and should be able to browse to your shared folder. You will be asked for a password, leave it blank. Click the "Connect button.
+
Alternate : From the menu at the top select "Location" -> "Connect to a server". In the "Service type" pull down select "Windows share". Enter the server ip address in the "Server:" box and the share name in the "Share:" box. Click "Connect" and then "Connect" again on the second dialog box (no need for a password).
+
If you would like to mount your samba share using your (server) hostname rather the IP Address, edit /etc/hosts and add your samba server (syntax IP Address hostname).
+
<pre><nowiki>
+
192.168.1.100    hostname
+
</nowiki></pre>
+
Where "hostname" = the name of your samba server.
+
==== Windows XP Client ====
+
On Windows open "My Computer" and navigate to "My Network Places". Navagate to your Ubuntu server and your share will be available without a password.
+
Alternate : From the menu at the top select "Tools" -> "Map Network Drive". Select an available letter for your samba share (Default is z: ). In the "Folder:" box enter \\samba_server_ipaddress\share. Tic (Select with the mouse) the option "Reconnect at login" if you want the share to be automatically mounted when you boot Windows. Click the "Finish" box. A dialog box will appear, enter your samba user name and password. Click "OK".
+
If you would like to mount your samba share using your (server) hostname rather the IP Address, edit C:\WINDOWS\system32\drivers\etc\hosts and add your samba server (syntax IP Address hostname).
+
<pre><nowiki>
+
192.168.1.100    hostname
+
</nowiki></pre>
+
Where "hostname" = the name of your samba server.
+
[[Top Back to top]]
+
== Samba Client Manual Configuration ==
+
This section covers how to manually configure and connect to a samba file server from an Ubuntu client. <code><nowiki>smbclient</nowiki></code> is a command line tool similar to a ftp connection while <code><nowiki>smbfs</nowiki></code> allows you to mount a samba file share. Once a samba share is mounted it acts similar to a local hard drive (you can access the samba share with your file browser (nautilus, konqueror, thunar, other).  
+
=== Connecting to a Samba File Server ===
+
==== Command line ====
+
 
Connecting from the command line is similar to a ftp connection.
 
Connecting from the command line is similar to a ftp connection.
List public samba shares with  
+
List public SMB shares with
 
<pre><nowiki>
 
<pre><nowiki>
 
smbclient -L //server -U user
 
smbclient -L //server -U user
 
</nowiki></pre>
 
</nowiki></pre>
Connect to a samba share with  
+
Connect to a SMB share with
 
<pre><nowiki>
 
<pre><nowiki>
 
smbclient //server/share -U user
 
smbclient //server/share -U user
 
</nowiki></pre>
 
</nowiki></pre>
 
Enter you user password.
 
Enter you user password.
You can connect directly with  
+
You can connect directly with
 
<pre><nowiki>
 
<pre><nowiki>
 
smbclient //server/share -U user%password
 
smbclient //server/share -U user%password
第132行: 第56行:
 
</nowiki></pre>
 
</nowiki></pre>
 
Type "help" , without quotes, at the prompt for a list of available commands.
 
Type "help" , without quotes, at the prompt for a list of available commands.
[[Top Back to top]]
+
[[UbuntuHelp:[Top|Back to top]]]
==== CIFS ====
+
=== Connecting using CIFS ===
 
CIFS is included in the smbfs package and is a replacement for smbfs (I know, the terminology here is a little confusing).
 
CIFS is included in the smbfs package and is a replacement for smbfs (I know, the terminology here is a little confusing).
 
Reference : http://linux-cifs.samba.org/
 
Reference : http://linux-cifs.samba.org/
 
As above, install by any method, <code><nowiki>smbfs</nowiki></code>.
 
As above, install by any method, <code><nowiki>smbfs</nowiki></code>.
===== Allow non-root users to mount samba shares =====
+
==== Allow non-root users to mount SMB shares ====
By default only root may mount samba shares on the command line. To allow non-root users to mount samba shares you could set the SUID, but I advise you configure sudo. You should configure sudo with '''visudo'''
+
By default only root may mount SMB shares on the command line. To allow non-root users to mount SMB shares you could set the SUID, but I advise you configure sudo. You should configure sudo with '''visudo'''
You may either allow the gruop "users" to mount samba shares, or add a group, samba, and add users you wish to allow to mount samba shares to the samba group.
+
You may either allow the gruop "users" to mount SMB shares, or add a group, samba, and add users you wish to allow to mount SMB shares to the samba group.
 
<pre><nowiki>
 
<pre><nowiki>
 
sudo groupadd samba
 
sudo groupadd samba
第148行: 第72行:
 
sudo visudo
 
sudo visudo
 
</nowiki></pre>
 
</nowiki></pre>
In the "group" section add your group you wish to allow to mount samba shares
+
In the "group" section add your group you wish to allow to mount SMB shares
 
<pre><nowiki>
 
<pre><nowiki>
 
Add a line  in the "group" section :
 
Add a line  in the "group" section :
 
%admin ALL=(ALL) ALL
 
%admin ALL=(ALL) ALL
%samba  ALL=(ALL) ALL /bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifs
+
%samba  ALL=(ALL) /bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifs
 
</nowiki></pre>
 
</nowiki></pre>
Change "%samba" to "%users" if you wish to allow members of the users group to mount samba shares.
+
Change "%samba" to "%users" if you wish to allow members of the users group to mount SMB shares.
 
The following will mount the myshare folder on myserver to <code><nowiki>~/mnt</nowiki></code> (it will be in your home directory):
 
The following will mount the myshare folder on myserver to <code><nowiki>~/mnt</nowiki></code> (it will be in your home directory):
 
<pre><nowiki>
 
<pre><nowiki>
第161行: 第85行:
 
</nowiki></pre>
 
</nowiki></pre>
 
<u>Note</u>: "samba_user" = the user name on the samba server (may be different from your log-in name on the client).
 
<u>Note</u>: "samba_user" = the user name on the samba server (may be different from your log-in name on the client).
The "noexec" option prevents executable scripts running from the samba share.
+
The "noexec" option prevents executable scripts running from the SMB share.
 
You will be asked for BOTH your sudo and then your samba_user password.
 
You will be asked for BOTH your sudo and then your samba_user password.
To umount,  
+
To umount,
 
<pre><nowiki>
 
<pre><nowiki>
 
sudo umount ~/mnt
 
sudo umount ~/mnt
 
</nowiki></pre>
 
</nowiki></pre>
===== Automagically mount samba shares =====
+
==== Automagically mount SMB shares ====
 
In order to have a share mounted automatically every time you reboot, you need to do the following:
 
In order to have a share mounted automatically every time you reboot, you need to do the following:
 
With any editor, create a file containing your Windows/Samba user account details:
 
With any editor, create a file containing your Windows/Samba user account details:
 
<pre><nowiki>
 
<pre><nowiki>
gksu /etc/samba/user
+
gksu gedit /etc/samba/user
 
</nowiki></pre>
 
</nowiki></pre>
KDE users user kdesu rather then gksu.
+
KDE users must use kdesu rather than gksu and instead of Gedit they can use Kwrite as editor.
 
... it should contain two lines as follows:
 
... it should contain two lines as follows:
 
<pre><nowiki>
 
<pre><nowiki>
username = samba_user
+
username=samba_user
password = samba_user_password
+
password=samba_user_password
 
</nowiki></pre>
 
</nowiki></pre>
 
<u>Note</u>: "samba_user" = the user name on the samba server (may be different from your log-in name on the client). "samba_user_password" is the password you assigned to the samba_user on the samba server.
 
<u>Note</u>: "samba_user" = the user name on the samba server (may be different from your log-in name on the client). "samba_user_password" is the password you assigned to the samba_user on the samba server.
第189行: 第113行:
 
sudo mkdir /media/samba_share
 
sudo mkdir /media/samba_share
 
</nowiki></pre>
 
</nowiki></pre>
Now, using any editor, and add a line to /etc/fstab for your samba share as follows:
+
Now, using any editor, and add a line to /etc/fstab for your SMB share as follows:
 
<pre><nowiki>
 
<pre><nowiki>
 
sudo cp /etc/fstab /etc/fstab.bak
 
sudo cp /etc/fstab /etc/fstab.bak
 
gksu gedit /etc/fstab
 
gksu gedit /etc/fstab
 
</nowiki></pre>
 
</nowiki></pre>
Add a line for your samba share:
+
Add a line for your SMB share:
 
<pre><nowiki>
 
<pre><nowiki>
 
//myserver_ip_address/myshare  /media/samba_share  cifs  credentials=/etc/samba/user,noexec  0 0
 
//myserver_ip_address/myshare  /media/samba_share  cifs  credentials=/etc/samba/user,noexec  0 0
 
</nowiki></pre>
 
</nowiki></pre>
The share will mount automatically when you boot. The "noexec" option prevents executable scripts running from the samba share.
+
The share will mount automatically when you boot. The "noexec" option prevents executable scripts running from the SMB share.
To mount the share now, without rebooting,  
+
To mount the share now, without rebooting,
 
<pre><nowiki>
 
<pre><nowiki>
 
sudo mount /media/samba_share
 
sudo mount /media/samba_share
第210行: 第134行:
 
<pre><nowiki>
 
<pre><nowiki>
 
//myserver_ip_address/myshare  /media/samba_share  cifs  noauto,credentials=/etc/samba/user,noexec  0 0
 
//myserver_ip_address/myshare  /media/samba_share  cifs  noauto,credentials=/etc/samba/user,noexec  0 0
</nowiki></pre>  
+
</nowiki></pre>
The noexec" option prevents executable scripts running from the samba share.
+
The noexec" option prevents executable scripts running from the SMB share.
 
Edit <code><nowiki>/etc/samba/user</nowiki></code>, remove the password (leave just the samba user).
 
Edit <code><nowiki>/etc/samba/user</nowiki></code>, remove the password (leave just the samba user).
 
Now the share will NOT automatically mount when you boot and you will be asked for your samba password.
 
Now the share will NOT automatically mount when you boot and you will be asked for your samba password.
第218行: 第142行:
 
sudo mount /media/samba_share
 
sudo mount /media/samba_share
 
</nowiki></pre>
 
</nowiki></pre>
[[Top Back to top]]
+
CIFS may cause a shutdown error.
==== SMBFS ====
+
<pre><nowiki>
<u>Note</u>: This method still works, but as outlined under the "CIFS" section above is "depreciated" (ie outdated).
+
CIFS VFS: Server not responding.
Mounting a share on the local filesystem allows you to work around programs that do not yet use GnomeVFS to browse remote shares transparently.  To mount a Samba share, first install smbfs:
+
</nowiki></pre>
 +
There is a [http://ubuntuforums.org/showthread.php?t=288534 fix in the troubleshooting section of this forum post.]
 +
[[UbuntuHelp:[Top|Back to top]]]
 +
=== Connecting using SMBFS (deprecated) ===
 +
<u>Note</u>: This method still works, but as outlined under the "CIFS" section above is "deprecated" (no longer maintained and pending removal from the kernel).
 +
Mounting a share on the local filesystem allows you to work around programs that do not yet use GnomeVFS to browse remote shares transparently.  To mount a SMB share, first install smbfs:
 
<pre><nowiki>
 
<pre><nowiki>
 
sudo apt-get update
 
sudo apt-get update
第231行: 第160行:
 
</nowiki></pre>
 
</nowiki></pre>
 
-----
 
-----
<u>Note</u>: This may be a security risk as after setting the SUID bit anyone can mount a samba share. I advise you configure sudo, as above.
+
<u>Note</u>: This may be a security risk as after setting the SUID bit anyone can mount a SMB share. I advise you configure sudo, as above.
 
The working line in /etc/sudoers is as follows (see CIFS section above):
 
The working line in /etc/sudoers is as follows (see CIFS section above):
 
<pre><nowiki>
 
<pre><nowiki>
%samba  ALL=(ALL) ALL /bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifs,/usr/bin/smbmount,/usr/bin/smbumount
+
%samba  ALL=(ALL) /bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifs,/usr/bin/smbmount,/usr/bin/smbumount
 
</nowiki></pre>
 
</nowiki></pre>
This allows any user in the samba group to mount samba shares (you will need to create a samba group and add users).
+
This allows any user in the samba group to mount SMB shares (you will need to create a samba group and add users).
 
The following will mount the myshare folder on myserver to <code><nowiki>~/mnt</nowiki></code> (it will be in your home directory):
 
The following will mount the myshare folder on myserver to <code><nowiki>~/mnt</nowiki></code> (it will be in your home directory):
 
-----
 
-----
第243行: 第172行:
 
smbmount //myserver/myshare ~/mnt
 
smbmount //myserver/myshare ~/mnt
 
</nowiki></pre>
 
</nowiki></pre>
To umount,  
+
To umount,
 
<pre><nowiki>
 
<pre><nowiki>
 
smbumount ~/mnt
 
smbumount ~/mnt
第258行: 第187行:
 
...it should contain two lines as follows:
 
...it should contain two lines as follows:
 
<pre><nowiki>
 
<pre><nowiki>
username = george
+
username=george
password = secret
+
password=secret
 
</nowiki></pre>
 
</nowiki></pre>
 
Change the permissions on the file for security:
 
Change the permissions on the file for security:
第279行: 第208行:
 
</nowiki></pre>
 
</nowiki></pre>
 
to be continued...
 
to be continued...
[[Top Back to top]]
+
==== Ubuntu Client ====
== Samba Server Manual Configuration ==
+
On the Ubuntu client using the menu at the top, go to "Places" -> "Network". You will see an icon "Windows network" and should be able to browse to your shared folder. You will be asked for a password, leave it blank. Click the "Connect button.
 +
(no need for a password).
 +
If you would like to mount your SMB share using your (server) hostname rather than the IP Address, edit /etc/hosts and add your samba server (syntax IP Address hostname).
 +
<pre><nowiki>
 +
192.168.1.100    hostname
 +
</nowiki></pre>
 +
Where "hostname" = the name of your samba server.
 +
==== Windows Client ====
 +
On Windows open "My Computer" and navigate to "My Network Places". Navigate to your Ubuntu server and your share will be available without a password.
 +
Alternate : From the menu at the top select "Tools" -> "Map Network Drive". Select an available letter for your SMB share (Default is z: ). In the "Folder:" box enter \\samba_server_ipaddress\share. Tic (Select with the mouse) the option "Reconnect at login" if you want the share to be automatically mounted when you boot Windows. Click the "Finish" box. A dialog box will appear, enter your samba user name and password. Click "OK".
 +
If you would like to mount your SMB share using your (server) hostname rather than the IP Address, edit C:\WINDOWS\system32\drivers\etc\hosts and add your samba server (syntax IP Address hostname).
 +
<pre><nowiki>
 +
192.168.1.100    hostname
 +
</nowiki></pre>
 +
Where "hostname" = the name of your samba server.
 +
[[UbuntuHelp:[Top|Back to top]]]
 +
== Samba Server Configuration - Graphical ==
 +
'''Note:''' For Ubuntu 8.04 (Hardy) and later, shared folders are created directly from the folder.  Browse to the location of the folder you would like to share, right-click the folder, and choose '''Sharing Options'''.  Click the '''Share this folder'''.
 +
This section should allow you to "quick start" SMB shares between Ubuntu and either Ubuntu or Windows servers. The gui method is easier to work with, because:
 +
<ol><li>Shares are Public (browsable in Network Places)
 +
</li><li>A password is not set for shares (they can be mounted by anyone).</li></ol>
 +
 
 +
However, remember that this is less secure.
 +
Be warned you are installing a service (server) and you may wish to install a [[UbuntuHelp:Firewall|Firewall]] management utility to help prevent undesired access. See also the manual configuration sections below to learn how to "hide" your shares from browsing and set a password for access.
 +
=== Ubuntu Server ===
 +
This section enables Ubuntu as a samba file server.
 +
==== Sharing a Folder ====
 +
To share a directory you must have permission to access the directory. Go to your home directory ( Places -> Home folder). Right click on the "Documents" directory and in the pop up menu select "Share Folder".
 +
If samba is not installed you will get a pop up menu "Sharing services are not installed". Select "Install Windows networks support (SMB)" and deselect "Install Unix networks support (NFS)" -> then click "Install services".
 +
If you get an error message that the samba .deb could not be found, open a terminal and update apt-get.
 +
<pre><nowiki>
 +
sudo apt-get update
 +
</nowiki></pre>
 +
Try again and Ubuntu will download and install samba.  Right click on the "Documents" directory and in the pop up menu select "Share Folder". You will get a pop up menu "Share Folder". Select "Windows networks (SMB)" in the pull down menu and give your share a name in the "Name" box. Unselect the "Read only" check box if you want read/write access to the share. Click the "Share" button.
 +
=== Windows XP Server ===
 +
This section enables Windows XP as a samba file server.
 +
==== Sharing a Folder ====
 +
1. On the Windows server, browse in explorer ("My Computer") to the location of the folder you wish to share (C:\Documents and Settings for example). Next right click on the folder to share and select "Sharing and Security...". In the pop-up dialog box click the "Sharing" tab. Click the "<u>Network Setup Wizard</u>" to configure your network to allow shares. Work your way through the wizard. Note the default workgroup is '''MSHOME'''. You may change this value if you like but all your computers should be in the same workgroup. Eventually you will be given the option to "Turn on file and printer sharing". This is the option you want, continue with the network wizard. You will have to restart your computer for the settings to take effect -> Restart Windows.
 +
2. After rebooting, again open explorer ("My Computer") and navigate to the folder you wish to share. Again right click on the folder and select "Sharing and Security...". In the pop-up dialog box click the "Sharing" tab. In the "Network sharing and security" box, tic (select with the mouse) the "Share this folder on the network" box. Give the folder a share name. This will give read only access to Ubuntu computers via samba. To allow read/write access tic (select with the mouse) the "Allow network users to change my files" box. Click the "Apply" button and close the dialog box.
 +
 
 +
[[UbuntuHelp:[Top|Back to top]]]
 +
== Samba Server Configuration - Manual ==
 
Configuration is performed by reading and editing '''/etc/samba/smb.conf''', the configuration file for the samba server.
 
Configuration is performed by reading and editing '''/etc/samba/smb.conf''', the configuration file for the samba server.
 
There are a few graphical tools available such as "kdenetwork-filesharing" and "Swat".
 
There are a few graphical tools available such as "kdenetwork-filesharing" and "Swat".
A fairly comprehensive graphical Samba configuration tool is available for KDE, by installing the "kdenetwork-filesharing" package. Once install, you can find it by launching the KDE Control Center. ('''Alt-F2''' and then type '''kcontrol'''). Browse to '''Internet & Network''' > '''Samba'''.  It is fairly easy to use.  
+
A fairly comprehensive graphical Samba configuration tool is available for KDE, by installing the "kdenetwork-filesharing" package. Once install, you can find it by launching the KDE Control Center. ('''Alt-F2''' and then type '''kcontrol'''). Browse to '''Internet & Network''' > '''Samba'''.  It is fairly easy to use.
A less friendly but also graphical tool is [[UbuntuHelp:Swat|Swat]], a web-based interface.
+
A less friendly but also graphical tool is [[UbuntuHelp:Swat|Swat]], a web-based interface.
 
The following tips show how to do some basic things without installing additional software, using
 
The following tips show how to do some basic things without installing additional software, using
the command line. It is not difficult, just be careful with typos.
+
the command line. It is not difficult, just be careful with typos.
 
First open a terminal: '''Applications''' > '''System Tools''' > '''Terminal''' and open the file smb.conf
 
First open a terminal: '''Applications''' > '''System Tools''' > '''Terminal''' and open the file smb.conf
 
<pre><nowiki>
 
<pre><nowiki>
第308行: 第278行:
 
If you do not know what items mean, leave them be and read the  [http://www.samba.org/samba/docs/using_samba/ch06.html relevant part in the real Samba-howto] instead of randomly changing them. It will save you trouble-shooting later.
 
If you do not know what items mean, leave them be and read the  [http://www.samba.org/samba/docs/using_samba/ch06.html relevant part in the real Samba-howto] instead of randomly changing them. It will save you trouble-shooting later.
 
=== File Sharing (Basics) ===
 
=== File Sharing (Basics) ===
The important part for us is '''File sharing'''.  Samba shares are named in brackets, [ ], and configured by adding options in the lines that follow. Most options are boolean (yes / no).  
+
The important part for us is '''File sharing'''.  Samba shares are named in brackets, [ ], and configured by adding options in the lines that follow. Most options are boolean (yes / no).
 
We need to change:
 
We need to change:
 
<pre><nowiki>
 
<pre><nowiki>
第325行: 第295行:
 
browseable = yes
 
browseable = yes
  
# By default, the home directories are exported read-only. Change next
+
# By default, the home directories are exported read-only. Change the
# parameter to 'yes' if you want to be able to write to them.
+
# next parameter to 'no' if you want to be able to write to them.
  writable = yes
+
  read only = no
 
</nowiki></pre>
 
</nowiki></pre>
 
This finishes sharing your /home folder. The last thing we need to do is fixing a user.
 
This finishes sharing your /home folder. The last thing we need to do is fixing a user.
第337行: 第307行:
 
Retype new SMB password:
 
Retype new SMB password:
 
Added user username.
 
Added user username.
 +
 +
sudo smbpasswd -e username
 +
Enabled user username.
 
</nowiki></pre>
 
</nowiki></pre>
 
NOTE: the username used here should be a real user setup on your PC/Server.
 
NOTE: the username used here should be a real user setup on your PC/Server.
第342行: 第315行:
 
<pre><nowiki>
 
<pre><nowiki>
 
sudo /etc/init.d/samba reload
 
sudo /etc/init.d/samba reload
 +
</nowiki></pre>
 +
<u>NOTE</u>: If the above command doesn't work for you, try:
 +
<pre><nowiki>
 +
sudo smbd reload
 
</nowiki></pre>
 
</nowiki></pre>
 
That's the basis of Samba file-sharing. Please leave your comments about what else is needed here.
 
That's the basis of Samba file-sharing. Please leave your comments about what else is needed here.
 
- Can/should the SMB password be different from the user's system password? MartinSpacek - 2007-11-19
 
- Can/should the SMB password be different from the user's system password? MartinSpacek - 2007-11-19
[[Top Back to top]]
+
[[UbuntuHelp:[Top|Back to top]]]
 
=== File Sharing (Advanced) ===
 
=== File Sharing (Advanced) ===
 
We started with the base of Samba file-sharing. The above-mentioned items should be enough to get you started. Next we will add details that you might or might not need.
 
We started with the base of Samba file-sharing. The above-mentioned items should be enough to get you started. Next we will add details that you might or might not need.
==== If you have more the one network card ====
+
==== If you have more than one network card ====
If you have more the one network card (or interface) then you have to define where you want Samba to run. In smb.conf under the [global] section, add:
+
If you have more than one network card (or interface) then you have to define where you want Samba to run. In smb.conf under the [global] section, add:
 
<pre><nowiki>
 
<pre><nowiki>
"interfaces = 127.0.0.1, 192.168.0.31/24"
+
interfaces = 127.0.0.1, 192.168.0.31/24
"bind interfaces only = yes"
+
bind interfaces only = yes
 
</nowiki></pre>
 
</nowiki></pre>
 
The first address (127.0.0.1), is a loopback network connection (it's your own machine).
 
The first address (127.0.0.1), is a loopback network connection (it's your own machine).
第359行: 第336行:
 
You can limit which IP address can connect to your Samba server adding these lines:
 
You can limit which IP address can connect to your Samba server adding these lines:
 
<pre><nowiki>
 
<pre><nowiki>
"hosts allow = 127.0.0.1, 192.168.0.31, 192.168.0.32"
+
hosts allow = 127.0.0.1, 192.168.0.31, 192.168.0.32
"hosts deny = 0.0.0.0/0"
+
hosts deny = 0.0.0.0/0
 
</nowiki></pre>
 
</nowiki></pre>
 
The loopback address must be present in the first line. The second line deny access from all IP address not in the first line.
 
The loopback address must be present in the first line. The second line deny access from all IP address not in the first line.
[[Top Back to top]]
+
[[UbuntuHelp:[Top|Back to top]]]
 
==== Private and public shares in same config ====
 
==== Private and public shares in same config ====
 
First you'll want to set this up in the [global] section of your smb.conf
 
First you'll want to set this up in the [global] section of your smb.conf
第379行: 第356行:
 
         comment = Private Share
 
         comment = Private Share
 
         path = /path/to/share/point
 
         path = /path/to/share/point
         browseable = no  
+
         browseable = no
 
         read only = no
 
         read only = no
 
</nowiki></pre>
 
</nowiki></pre>
第394行: 第371行:
 
</nowiki></pre>
 
</nowiki></pre>
 
Again, <code><nowiki>path</nowiki></code> is the path to the directory that you want to share out.  <code><nowiki>read only = no</nowiki></code> will allow users to write to this share.  <code><nowiki>guest only = yes</nowiki></code> and <code><nowiki>guest ok = yes</nowiki></code> will allow guest logins and also force users to login as guests.  '''The user you specified with <code><nowiki>guest account</nowiki></code> in the [global] section must have write permissions on <code><nowiki>/path/to/share/point</nowiki></code> in order to write files to the share.'''
 
Again, <code><nowiki>path</nowiki></code> is the path to the directory that you want to share out.  <code><nowiki>read only = no</nowiki></code> will allow users to write to this share.  <code><nowiki>guest only = yes</nowiki></code> and <code><nowiki>guest ok = yes</nowiki></code> will allow guest logins and also force users to login as guests.  '''The user you specified with <code><nowiki>guest account</nowiki></code> in the [global] section must have write permissions on <code><nowiki>/path/to/share/point</nowiki></code> in order to write files to the share.'''
'''Note:''' When Windows attempts to access a Samba share it will use the current Windows user name and password.  The <code><nowiki>map to guest = bad user</nowiki></code> trick above allows access to the public share only if you give Samba an incorrect user name.  If you give it a valid user name, but a bad password, the login will fail and Windows will give you a password prompt when you try to access the share.  If you have the same user name for your Windows machine and your Ubuntu machine, you could be unwittingly giving the Samba server a valid user name, but invalid password.  To resolve this you will either have to change the Windows user name, or to remove that user name from the Samba password file with <code><nowiki>sudo smbpasswd -x [username]</nowiki></code>.
+
'''Note:''' When Windows attempts to access a SMB share it will use the current Windows user name and password.  The <code><nowiki>map to guest = bad user</nowiki></code> trick above allows access to the public share only if you give Samba an incorrect user name.  If you give it a valid user name, but a bad password, the login will fail and Windows will give you a password prompt when you try to access the share.  If you have the same user name for your Windows machine and your Ubuntu machine, you could be unwittingly giving the Samba server a valid user name, but invalid password.  To resolve this you will either have to change the Windows user name, or to remove that user name from the Samba password file with <code><nowiki>sudo smbpasswd -x [username]</nowiki></code>.
 
'''Note:''' The above uses <code><nowiki>security = user</nowiki></code>.  To access the private shares you will have to make sure the user exists in smbpasswd.  These users must also already exist as normal users on your machine.  You add users to smbpasswd simply by running <code><nowiki>sudo smbpasswd -a [username]</nowiki></code> and giving a password.
 
'''Note:''' The above uses <code><nowiki>security = user</nowiki></code>.  To access the private shares you will have to make sure the user exists in smbpasswd.  These users must also already exist as normal users on your machine.  You add users to smbpasswd simply by running <code><nowiki>sudo smbpasswd -a [username]</nowiki></code> and giving a password.
[[Top Back to top]]
+
==== Setting permissions ====
 +
To set permissions of newly created documents / files edit /etc/samba/smb.conf and in the [global] section add :
 +
<pre><nowiki>
 +
create mask = 0644
 +
directory mask = 0755
 +
</nowiki></pre>
 +
[[UbuntuHelp:[Top|Back to top]]]
 
== Sharing CUPS Printers ==
 
== Sharing CUPS Printers ==
 
=== Graphical Configuration ===
 
=== Graphical Configuration ===
==== Setup Ubuntu Print Server =====
+
==== Setup Ubuntu Print Server ====
1. In your menu go to System -> Administration -> Printing
+
<ol><li>In your menu go to System -> Administration -> Printing
2. Under "Local Printers" on the left, select the printer you wish to share. Select the "Policies" tab on the right and make sure the "Shared" box is checked off.
+
</li><li>Under "Local Printers" on the left, select the printer you wish to share. Select the "Policies" tab on the right and make sure the "Shared" box is selected.</li></ol>
  
==== Ubuntu Client ====
+
===== Ubuntu Client =====
1. Again go to System -> Administration -> Printing
+
<ol><li>Again go to System -> Administration -> Printing
2. Click "New Printer" in the upper right. In the next menu select "Windows Printer via SAMBA". Now enter your Ubuntu Samba Print Server (set up as above) IP address in the box on the left titled "smb://". Click the "Browse" button.
+
</li><li>Click "New Printer" in the upper right. In the next menu select "Windows Printer via SAMBA". Now enter your Ubuntu Samba Print Server (set up as above) IP address in the box on the left titled "smb://". Click the "Browse" button.
3. Select the printer in the "SMB Browser" window (Click on the little arrows). Once you have selected your printer, check the "Authentication required" and enter your samba user name and password. Then click the "Verify" button. You should see confirmation that the share is available.
+
</li><li>Select the printer in the "SMB Browser" window (Click on the little arrows). Once you have selected your printer, check the "Authentication required" and enter your samba user name and password. Then click the "Verify" button. You should see confirmation that the share is available.
4. Click the "Forward" button and install the drivers for your printer as you would for any other printer.
+
</li><li>Click the "Forward" button and install the drivers for your printer as you would for any other printer.</li></ol>
  
==== Windows Client ====
+
===== Windows Client =====
1. Go to control panel -> Printers
+
<ol><li>Go to Control Panel -> Printers
2. Click "Add a printer" on the upper left.  The printer wizard will start -> click forward. Select Network Printer and click "Next". Select "Browse for a printer" (Top button) and click "Next". In the next window, navigate to your Ubuntu Samba Print Server and click "Next". Continue with the printer and driver installation.
+
</li><li>Click "Add a printer" on the upper left.  The printer wizard will start -> click forward. Select Network Printer and click "Next". Select "Browse for a printer" (Top button) and click "Next". In the next window, navigate to your Ubuntu Samba Print Server and click "Next". Continue with the printer and driver installation.</li></ol>
  
[[Top Back to top]]
+
For more information, see [[UbuntuHelp:NetworkPrintingFromWinXP|NetworkPrintingFromWinXP]].
 +
[[UbuntuHelp:[Top|Back to top]]]
 
=== Manual Server Configuration ===
 
=== Manual Server Configuration ===
 
If You would like to share Your printers make the following changes to Samba:
 
If You would like to share Your printers make the following changes to Samba:
第457行: 第441行:
 
sudo /etc/init.d/samba reload
 
sudo /etc/init.d/samba reload
 
</nowiki></pre>
 
</nowiki></pre>
[[Top Back to top]]
+
[[UbuntuHelp:[Top|Back to top]]]
 
== Securing Samba ==
 
== Securing Samba ==
 
This section was started to give some general advise on security considerations and is not an exhaustive review of samba security.
 
This section was started to give some general advise on security considerations and is not an exhaustive review of samba security.
=== /etc/samba/smb.conf ===
+
==== /etc/samba/smb.conf ====
1. Networking Section - use "hosts allow" and "hosts deny"
+
* Networking Section - use "hosts allow" and "hosts deny"
 
+
 
<pre><nowiki>
 
<pre><nowiki>
 
# hosts allow = 127.0.0.1 192.168.1.0/24
 
# hosts allow = 127.0.0.1 192.168.1.0/24
hostal allow = 127.0.0.1 192.168.1.1 192.168.1.2
+
hosts allow = 127.0.0.1 192.168.1.1 192.168.1.2
 
hosts deny = 0.0.0.0/0
 
hosts deny = 0.0.0.0/0
 
</nowiki></pre>
 
</nowiki></pre>
 
hosts deny 0.0.0.0/0 = all others.
 
hosts deny 0.0.0.0/0 = all others.
2. Shares.
+
* Shares
 
+
* When defining a share, consider the following options :
When defining a share, consider the following options :
+
 
<ol><li>browseable = no ~ Shares will not show up when browsing your network.
 
<ol><li>browseable = no ~ Shares will not show up when browsing your network.
 
</li><li>users = user1 user2 ~ List of users able to access the share</li></ol>
 
</li><li>users = user1 user2 ~ List of users able to access the share</li></ol>
  
When setting up a samba share, you can limit the users who have access to your share
+
When setting up a Samba share, you can limit the users who have access to your share
 
<pre><nowiki>
 
<pre><nowiki>
 
[private]
 
[private]
第482行: 第464行:
 
         browseable = no
 
         browseable = no
 
         read only = no
 
         read only = no
         users = user1 user2 user3
+
         valid users = user1 user2 user3
 
</nowiki></pre>
 
</nowiki></pre>
 
Now only samba users user1, user2, and user3 will have access to the share "private".
 
Now only samba users user1, user2, and user3 will have access to the share "private".
=== Firewall ===
+
==== Firewall ====
Configure your firewall (iptables) to limit access to your server. Samba uses ports  
+
Configure your firewall (iptables) to limit access to your server. Samba uses ports
 
* UDP ports 137 and 138
 
* UDP ports 137 and 138
 
* TCP ports 139 and 445
 
* TCP ports 139 and 445
[[Top Back to top]]
+
[[UbuntuHelp:[Top|Back to top]]]
== Troubleshooting Samba ==
+
== Troubleshooting ==
A common problem when attempting to access a Samba share from a Windows computer is "System Error 53" after attempting to "Net Use".
+
* The first thing you should do, before looking into your conf files, is ensure that the directory you are sharing actually exists.
The first thing you should do, before looking into your conf files, is ensure that the directory you are sharing actually exists.
+
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html
If you are having problems with Samba users, look into the command <code><nowiki>pdbedit</nowiki></code>
+
* Problems with Samba users?
This is a very excellent and in-depth guide to Samba troubleshooting.  http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch12_:_Samba_Security_and_Troubleshooting
+
http://www.samba.org/samba/docs/man/manpages-3/pdbedit.8.html
[[Top Back to top]]
+
== See Also ==
== Tips / Permissions ==
+
Samba permissions are sometimes a little tricks.
+
=== Server side ===
+
1. The name of your samba share is the word on the [ ]
+
 
+
[private] = share name of "private".
+
[secret] = share name of "secret".
+
2. To be able to mount the samba share, samba users on the server must have permission to access the directory.
+
 
+
If <code><nowiki>/path/to/share/point</nowiki></code> in "path = /path/to/share/point" is owned by root.root with permissions of 770 , only root will be able to mount the share.
+
[[Top Back to top]]
+
=== Client side ===
+
1. If you do not user a credentials file, do not forget to specify your samba_user at the time of mounting ( -o username=samba_user ).
+
2. Permissions on a samba share depend on the ''Server''.  
+
 
+
'''Linux servers''' will honor full Linux permissions.
+
'''Windows shares''' do not support Linux permissions. Set permissions at the time of mounting the samba share with the options file_mode=660 and dir_mode=770 (these are permissions and not umask values):
+
<pre><nowiki>
+
file_mode=arg
+
          If the server does not support the CIFS Unix extensions  this  over‐
+
          rides the default file mode.
+
 
+
dir_mode=arg
+
          If  the  server does not support the CIFS Unix extensions this over‐
+
          rides the default mode for directories.
+
</nowiki></pre>
+
These options will be used for all files and directories on the (Windows) samba share and can not be changed.
+
3. Permissions of new files on the samba share are set by your umask.
+
4. To mount your samba shares via (server) hostname rather then IP Address, add an entry for your server in /etc/hosts (C:\WINDOWS\system32\drivers\etc\hosts for Windows).
+
 
+
[[Top Back to top]]
+
== Links ==
+
 
* [[UbuntuHelp:SettingUpSambaPDC|SettingUpSambaPDC]]
 
* [[UbuntuHelp:SettingUpSambaPDC|SettingUpSambaPDC]]
* http://www.Samba.org/  The Samba web site
+
* [[UbuntuHelp:ActiveDirectoryHowto|ActiveDirectoryHowto]]
* http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/   900+ pg pdf document, seems to be updated daily
+
* http://www.samba.org/  The Samba web site
* http://us1.samba.org/samba/docs/using_samba/toc.html "Using Samba", by Ts, Eckstein, and Collier-Brown (O'Reilly)
+
* http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/
* http://ubuntuforums.org/showthread.php?t=2389 "HOW TO: Setup Samba Over A Linux Network." (Ubuntu Forums)
+
* http://us1.samba.org/samba/docs/using_samba/toc.html
* http://ubuntuguide.org/wiki/Ubuntu_Edgy#Samba_Server  Samba Server: How to install Samba Server,  How to add network users,  How to share group folders with read/write permissions, etc.
+
* http://ubuntuguide.org/wiki/Ubuntu:Jaunty#Samba_File_Sharing
* http://doc.gwos.org/index.php/Share_files_using_Samba "How to share files using Samba (the more secure way)"
+
* http://www.linuxhomenetworking.com/wiki/index.php/Main_Page (chapters: 10,11,12)
* http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch12_:_Samba_Security_and_Troubleshooting "Samba Troubleshooting on linuxhomenetworking.com"
+
[[UbuntuHelp:[Top|Back to top]]]
[[Top Back to top]]
+
----
== Comments ==
+
[[category:CategoryNetworking]]
From: -- DamienNozay [[DateTime(2006-06-17T12:21:58Z)]]::
+
use this to leave a comment:
+
<pre><nowiki>
+
From: @ SIG@::
+
<your comment>
+
</nowiki></pre>
+
* {i} no space between `@` and `SIG` (escaped here)
+
* {i} see [[UbuntuWiki:HelpOnPageCreation#variablesubstitution]]
+
From WouterdeVries Sat Dec 4 19:42:39 +0000 2004::
+
From: Wouter de Vries
+
Date: Sat, 04 Dec 2004 19:42:39 +0000
+
Subject: shares-admin
+
Message-ID: <20041204194239+0000@https://www.ubuntuLinux.org>
+
You could say something about shares-admin, which lets you add shares to the Samba server.
+
From MaartenJongepier Tue Dec 28 17:06:24 +0000 2004::
+
From: Maarten Jongepier
+
Date: Tue, 28 Dec 2004 17:06:24 +0000
+
Subject: smb:// protocol
+
Message-ID: <20041228170624+0000@https://www.ubuntuLinux.org>
+
You doesn't always need Samba, isn't is? You can also use smb://Windows-compu/share. That works too I thought
+
Not much here about how to use a Windows printer from Linux.  I figured out how to get my Ubuntu machine to access the USB printer (HP LaserJet 1012) on my Windows XP machine, so I'll post that here (at least I will be able to find this when I forget how I did it).
+
1.  Installed the HP LaserJet 1012 on the XP box using the CD that came with the printer.
+
2.  Shared the printer as "LJ1012" (or whatever you want to call it).
+
3.  Created a user named "Guest" (with no password) and added that user under the Security tab for the printer.
+
4.  On Ubuntu, from the command line, entered: sudo adduser cupsys shadow (this is absolutely KEY!!!)
+
5.  Downloaded the best driver (HP-LaserJet_1012-pxl1010.ppd) from Linuxprinting.org and copied to /usr/share/cups/model/foomatic-ppds/HP/
+
6.  In Firefox, went to localhost:631 (for Cups)
+
7.  Add Printer - when prompted, logged in as the primary user (my name, not root), with my usual password.  This (plus step 4) gets around the problem of there not being a 'root' account in Ubuntu.
+
8.  Chose Windows Printer (Samba) from Add Printer dialogs (way at the bottom of the list).
+
9.  Used the network address smb://guest@WINMACHINE/LJ1012
+
 
+
10.  Using the Gnome printer applet, adjusted the paper size to US Letter (applet sometimes freezes, but does not seem to do any harm).
+
What a PITA, but it WORKED.  This printer is a great buy.
+
From dturnbull Mon Mar 28 07:53:18 +0100 2005::
+
From: dturnbull
+
Date: Mon, 28 Mar 2005 07:53:18 +0100
+
Subject: Bleh, had to edit printers.conf
+
Message-ID: <20050328075318+0100@https://www.ubuntuLinux.org>
+
I wanted to use the printer on a Windows system and had no luck with the GUI or the HTTP configuration interfaces.  I ended up editing /etc/cups/printers.conf and changing (for example)
+
<pre><nowiki>
+
DeviceURI smb://WARRIOR/R300
+
</nowiki></pre>
+
to
+
<pre><nowiki>
+
DeviceURI smb://GUEST@WARRIOR/R300
+
</nowiki></pre>
+
After that everything else was configurable from the Gnome GUI.  This was in Hoary preview.
+
From NickIrvine Thu Apr 7 14:03:47 +0100 2005::
+
From: Nick Irvine
+
Date: Thu, 07 Apr 2005 14:03:47 +0100
+
Subject: Addition to text
+
Message-ID: <20050407140347+0100@https://www.ubuntuLinux.org>
+
When the text mentions using smbpasswd, it should be noted that the user added as username has to exist as a Linux user as well.
+
From:me::
+
What about encrypt passwords = no ?  Windows is setup not to use network passwords by default so I think creating a network user is not right.
+
From:JonJ Mon Aug 28 2006 ::
+
Regarding "Mounting a Samba share", how can this be done if you don't want the share mounted at boot, but would rather each user be authenticated when they try to connect, either by 'mount' at command line, or by clicking the drive in nautilus? With an fstab line like
+
//pc/share /media/data smbfs user,noauto,rw 0 0
+
The problem seems to be that only the user who owns the mount directory /media/data can mount it, even if permissions are set to 777. Simply "Browsing Samba shares" is not as good an option, because you can't open / save files to the share in oowriter for example.
+
[[Top Back to top]]
+
[[category:CategoryDocumentation]] [[category:CategoryCleanup]]
+
== Active Directory Integrated File Server ==
+
=== Purpose of Document ===
+
The purpose of this document is to provide a guide to configuring Samba on Ubuntu to act as a file server in a Windows environment integrated into Active Directory. The goal is to create a file server that is as close to a one to one replacement for a Microsoft Windows file server as possible from the client's perspective.
+
[[Top Back to top]]
+
=== Background ===
+
It is important to keep in mind that the Samba developers have to play detective to try to basically reverse engineer the Microsoft implementation of the SMB protocol. The end result is that there are occasional issues that must be worked around if a bug fix does not exist. With the instructions below, expected behavior should be acceptable in most corporate environments.
+
Samba allows for a great deal of flexibility in how shares behave on a per-share basis. It is outside the scope of this document to cover each configuration setting and how they behave. It would be very beneficial to first read the smb.conf documentation found at the Samba web page. There are quite a few settings in the documentation, but getting a general feel of what they are and what they do will help in understanding this document and how you can take a step beyond by changing settings for your own tastes and environment.
+
[[Top Back to top]]
+
=== Prerequisites ===
+
This document is written based on Edgy 6.10, and the original author has also successfully configured Dapper 6.06 using almost these exact steps. Note that security updates need to be enabled for not only the '''main''' repository, but for the '''universe''' repository as well (as now documented below). If this is not done, any security updates for the '''main''' (supported) packages create failed dependencies for the relevant '''universe''' packages. If all packages listed are installed correctly, either 6.10 or 6.06 should behave the same.
+
Here is the list of prerequisites specific to this document:
+
* Ubuntu 6.10 Server default installation
+
* Windows 2003 Native Domain (mixed-mode not tested, but may work)
+
* Ample hard drive space to accommodate packages and shares
+
* Proper IP DNS settings configured so that internal names can be resolved
+
* root account enabled and all actions performed as root
+
[[Top Back to top]]
+
=== Installation ===
+
In order to make this guide easier to understand, I'll make the following assumptions:
+
* domain name: DOMAIN
+
* full domain: DOMAIN.LOCAL
+
* domain admin account: jsmith
+
* backup user account: backup1
+
* share name: common
+
* primary domain controller: PDC1
+
* file server name: SMB1
+
* primary subnet: 192.168.1.0/24
+
* remote subnet: 192.168.0.0/24
+
Simply substitute your own domain and user information in the steps below.
+
1 Edit /etc/apt/sources.list to uncomment the Universe section:
+
<pre><nowiki>
+
vi /etc/apt/sources.list
+
deb http://us.archive.ubuntu.com/ubuntu/ edgy universe
+
deb-src http://us.archive.ubuntu.com/ubuntu/ edgy universe
+
deb http://security.ubuntu.com/ubuntu edgy-security universe
+
deb-src http://security.ubuntu.com/ubuntu edgy-security universe
+
</nowiki></pre>
+
2 Update apt packages.
+
<pre><nowiki>
+
apt-get update
+
</nowiki></pre>
+
3 Install the necessary packages.
+
<pre><nowiki>
+
apt-get install krb5-user winbind samba acl attr
+
</nowiki></pre>
+
4 Set file system to mount with ACL and Extended DOS attributes enabled.
+
<pre><nowiki>
+
vi /etc/fstab
+
<main file system> / ext3 defaults,acl,user_xattr,errors=remount-ro 0 1
+
</nowiki></pre>
+
5 Reboot.
+
<pre><nowiki>
+
shutdown -r now
+
</nowiki></pre>
+
6 Create Samba directory and shares. Repeat for all desired shares.
+
<pre><nowiki>
+
mkdir /share
+
chmod 770 /share
+
mkdir /share/common
+
chmod 770 /share/common
+
</nowiki></pre>
+
7 Edit /etc/krb5.conf to match the following:
+
<pre><nowiki>
+
[logging]
+
default = FILE:/var/log/krb5libs.log
+
kdc = FILE:/var/log/krb5kdc.log
+
admin_server = FILE:/var/log/kadmind.log
+
 
+
[libdefaults]
+
ticket_lifetime = 24000
+
default_realm = DOMAIN.LOCAL
+
dns_lookup_realm = true
+
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
+
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
+
 
+
[realms]
+
DOMAIN.LOCAL = {
+
  kdc = PDC1
+
  admin-server = PDC1
+
  default_domain = DOMAIN.LOCAL
+
}
+
 
+
[domain_realm]
+
.domain.local = DOMAIN.LOCAL
+
domain.local = DOMAIN.LOCAL
+
 
+
[kdc]
+
profile = /var/kerberos/krb5kdc/kdc.conf
+
 
+
[appdefaults]
+
pam = {
+
  debug = false
+
  ticket_lifetime = 36000
+
  renew_lifetime = 36000
+
  forwardable = true
+
  krb4_convert = false
+
}
+
</nowiki></pre>
+
8 Edit /etc/samba/smb.conf to match the following:
+
<pre><nowiki>
+
#Global Settings
+
 
+
[global]
+
 
+
# Settings
+
 
+
        kernel oplocks = yes
+
        client use spnego = yes
+
        server signing = auto
+
        client signing = auto
+
        template shell = /bin/bash
+
        nt acl support = yes
+
        change notify timeout = 0
+
 
+
# Share Behavior
+
 
+
        inherit permissions = yes
+
        inherit acls = yes
+
        map acl inherit = yes
+
        acl compatibility = auto
+
        dos filemode = yes
+
        dos filetimes = yes
+
        dos filetime resolution = yes
+
        map archive = yes
+
        map system = no
+
        map hidden = no
+
        ea support = yes
+
        force create mode = 0760
+
 
+
# Domain Settings
+
 
+
        workgroup = DOMAIN
+
        server string = SMB1
+
        os level = 0
+
        preferred master = no
+
        announce as = NT Server
+
        announce version = 4.9
+
        browse list = yes
+
        domain master = no
+
        local master = no
+
        enhanced browsing = yes
+
        idmap uid = 16777216-33554431
+
        idmap gid = 16777216-33554431
+
        winbind use default domain = no
+
        winbind enum groups = yes
+
        winbind enum users = yes
+
        winbind separator = +
+
        realm = DOMAIN.LOCAL
+
 
+
# Security
+
 
+
        hosts allow = 192.168.1. 192.168.0. 127.
+
        security = ads
+
        password server = *
+
        encrypt passwords = yes
+
 
+
# Printers
+
 
+
        printcap name = /etc/printcap
+
        load printers = yes
+
        printing = cups
+
        cups options = raw
+
 
+
# Logging
+
 
+
        log file = /var/log/samba/%m.log
+
        log level = 3
+
        max log size = 500
+
 
+
# Network Settings
+
 
+
        remote announce = 192.168.0.
+
        disable netbios = no
+
        netbios name = SMB1
+
 
+
 
+
# Network Shares
+
 
+
[common]
+
        comment = comments on the share
+
        path = /share/common
+
        guest ok = no
+
        read only = no
+
        writeable = yes
+
        create mask = 0760
+
        directory mask = 0760
+
        acl group control = yes
+
        store dos attributes = yes
+
</nowiki></pre>
+
9 Edit /etc/nsswitch.conf to match the following:
+
<pre><nowiki>
+
passwd:        compat winbind
+
group:          compat winbind
+
shadow:        compat
+
 
+
hosts:          files dns wins
+
networks:      files
+
 
+
protocols:      db files
+
services:      db files
+
ethers:        db files
+
rpc:            db files
+
 
+
netgroup:      nis
+
</nowiki></pre>
+
10 Edit /etc/pam.d/common-account to match the following:
+
<pre><nowiki>
+
account sufficient      pam_winbind.so
+
account required        pam_unix.so
+
</nowiki></pre>
+
11 Edit /etc/pam.d/common-auth to match the following:
+
<pre><nowiki>
+
auth    sufficient      pam_winbind.so
+
auth    required        pam_unix.so nullok_secure use_first_pass
+
</nowiki></pre>
+
12 Edit /etc/pam.d/common-password to match the following;
+
<pre><nowiki>
+
password required      pam_unix.so nullok obscure min=4 max=50 md5
+
</nowiki></pre>
+
13 Edit /etc/pam.d/common-session to match the following:
+
<pre><nowiki>
+
session required        pam_unix.so
+
session optional        pam_foreground.so
+
session required        pam_mkhomedir.so umask=0022 skel=/etc/skel
+
</nowiki></pre>
+
14 Initialize Kerberos.
+
<pre><nowiki>
+
+
</nowiki></pre>
+
15 Join your Samba server to the domain.
+
<pre><nowiki>
+
net ads join -U [email protected]
+
</nowiki></pre>
+
16 Reboot
+
<pre><nowiki>
+
shutdown -r now
+
</nowiki></pre>
+
17 Copy all files and folders to their proper shares. You can use whatever method you wish, however note that the shares are NOT accessible via Samba yet (permissions).
+
18 Configure permissions for all files and folders. Repeat for all shares and appropriate groups/permissions. Even if you plan to backup the shares using some other method (eg: local rsync), you most likely want to run the "group" commands below so that domain admins and domain users have access to the shares.
+
<pre><nowiki>
+
setfacl -R -m group:"DOMAIN+domain admins":rwx /share
+
setfacl -R -m group:"DOMAIN+domain users":rwx /share/common
+
setfacl -R -m user:"DOMAIN+backup1":rwx /share
+
setfacl -R -m user:"DOMAIN+backup1":rwx /share/common
+
</nowiki></pre>
+
19 Configure DOS Extended attributes for all files and folder to have archive bit set
+
<pre><nowiki>
+
/usr/bin/find /share/ -name '*' -exec setfattr -n user.DOSATTRIB -v \"0x20\" {} \;
+
</nowiki></pre>
+
20 Perform initial full backup.
+
21 Configure backup software to do incremental backups and reset archive bit.
+
22 Create a cron to set the archive bit for certain files.
+
<pre><nowiki>
+
touch /var/spool/cron/crontabs/root
+
chmod 700 /var/spool/cron/crontabs/root
+
vi /var/spool/cron/crontabs/root
+
(scheduled time) /usr/bin/find /share/ -name '*' -mtime 0 -exec setfattr -n user.DOSATTRIB -v \"0x20\" {} \;
+
</nowiki></pre>
+
=== Installation Notes ===
+
While the reboots are not necessary, it is an easy and expedient way to apply the configuration changes. It does guarantee that the proper services will be restarted in the correct order to minimize the opportunity for failure.
+
The reason for the cron to manipulate the archive bit is that some programs such as Microsoft Word and some database applications will modify files but the archive bit will not be set. This is important if your backup software relies on the archive bit to know what files to copy. If your backup software relies stricly on date last modified, this is not an issue. The cron job sets the archive bit for files modified within the last 24 hours. If you need this functionality, allow at least one hour for this to run before your backup software kicks off. I have heard that the latest Samba packages (3.0.23d as of this writing) fix this archive bit issue. I have not tested this theory. Currently, Ubuntu packages use Samba 3.0.22.
+
You can have more than one user or group configured with ACL permissions. Setting permissions to rwx is the same as full control. You should provide full controll (rwx) to the domain account your backup software uses as in step 18.
+
With this configuration, you should be able to have nested groups. I have heard some people have trouble with this. I currently believe this to be a corruption of Active Directory that causes improper group membership to be reported to Samba.
+
If you have multiple subnets (i.e. remote offices), you MUST put them in the hosts allow section. If you do not, they will be denied access. If your Samba server is having problems resolving the name of the primary domain controller, you can add a line to /etc/hosts in order to manually resolve the address.
+
These instructions are valid as of 1/1/2007 with all security patches applied via apt-get upgrade. Since the package '''krb5-user''' is outside the scope of regular security patches of the '''main''' branch, the longevity of this guide cannot be guaranteed. As can be seen with 6.06, security upgrades can break the installation process if you are not careful. Regardless, if you can install all packages listed successfully, these instructions should work properly.
+
[[Top Back to top]]
+
=== Basic Debugging Commands ===
+
True debugging is well outside the scope of this document, however the following commands will get you started and looking in the right direction.
+
==== Kerberos Issues ====
+
To get a list valid kerberos tickets, use the command:
+
<pre><nowiki>
+
klist
+
</nowiki></pre>
+
The detail itself is outside the scope of this document, however '''klist''' will tell you if you have a valid kerberos ticket, what it believes to be the default principal, and where it is looking for the ticket cache.
+
==== Domain Issues ====
+
To test to see if the local machine is joined to the domain, use the command:
+
<pre><nowiki>
+
net ads testjoin
+
</nowiki></pre>
+
You should get back "Join is OK" if all is well.
+
[[Top Back to top]]
+
=== Configuring ===
+
All necessary configuration for basic operation is provide in the installation guide. You can tweak settings further using the smb.conf documentation found on the Samba web page. Read the documentation carefully before making changes. Some settings may not do what you think they will based on the name.
+
[[Top Back to top]]
+
=== Adding Shares ===
+
Copying the template above in the smb.conf and pasting it in with the proper share name and path settings is all that is needed to create new shares. Alternatively, you can use the web based tool swat to add and manipulate shares. If I get time, I will add documentation here how to do that.
+
[[Top Back to top]]
+
=== Security ===
+
The hosts allow setting prevents computers outside authorized subnets from accessing shares. You can get even more fine grained and use specific IP addresses if your environment calls for it. There are scripts that have been written that allow access logs to be dumped to a mysql database to track who accesses files. I am in the process of testing this and will write documentation on it when I get the time.
+
[[Top Back to top]]
+
=== Backups ===
+
You can use any backup software you want. This configuration has been tested and validated to work with Computer Associates Brightstor ARCserve Backup 11.5 SP1. Theoretically, any software should work. You could also use the rsync utility.
+
[[Top Back to top]]
+
=== Final Thoughts ===
+
Samba can be a great way to cut licensing costs as there is no per-user licensing fee. It also allows a high level of per-share flexibility. Being able to store access logs in a mysql database can be great for quickly answering questions from management. I do not know what implications this could have on regulations such as Sarbanes-Oxley. Such questions are outside the scope of this document and outside my knowledge.
+
Please feel free to correct any mistakes found here.
+
[[Top Back to top]]
+
  
 
[[category:UbuntuHelp]]
 
[[category:UbuntuHelp]]

2010年5月20日 (四) 00:11的最新版本

Geographylogo.png 文章出处: 

https://help.ubuntu.com/community/SettingUpSamba

Geographylogo.png 点击翻译: 

English  • 中文

请不要直接编辑翻译本页,本页将定期与来源同步。


  1. title Samba

<<Include(Tag/StyleCleanup)>> <<Include(Tag/ContentCleanup)>> <<Include(Tag/TooLong)>> Please note: This article may contain information that is outdated. <<Anchor(Top)>>

What is Samba?

IconsPage?action=AttachFile&do=get&target=IconSambaShares.png Samba is an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file and printer sharing with Microsoft Windows, OS X, and other Unix systems. Samba can be used to:

  • Act as a server for SMB clients: share folders and printers, including PDF pseudo-printers so all the computers in your network may write PDF files
  • Act as a domain controller in a Windows network (authenticating users, etc.)
  • Do some more complex things, such as using a Windows domain controller to authenticate the users of a Linux/UNIX machine

Samba is freely available under the GNU General Public License. More information be found at http://www.samba.org. [[UbuntuHelp:[Top|Back to top]]]

Client Access - Browsing SMB shares

The samba package is a meta-package intended to be installed on file and printer sharing servers. Clients do not need this meta-package (you are acting as a client if you need to access files on another computer). For example, installing samba is not necessary if you only need your Ubuntu system to do any of the following:

  • Access shared folders, drives and printers on a Windows computer (that is, act as a client with Windows servers). To do this, you only need the smbfs plugin. See MountWindowsSharesPermanently for more information.
  • Have your Windows computer use (via a network) a printer that is attached to a Linux computer. CUPS can be configured to make the printer accessible to the network.
  • Share directories between two Linux computers. You can use NFS or setup an SSH server on one computer and access it from other computers using an scp or sftp client, or Places -> Connect to Server... and choose "SSH" as the service type.

Ubuntu Clients

Ubuntu and Gnome make it easy to access files on a Windows network share. Open the Places Menu, then click on Network. You will see a Windows network icon. Double-click to open it. The next window shows all the domains/workgroups found on your network. Inside each domain/workgroup you will see all the computers on the domain/workgroup with sharing enabled. Double-click on a computer icon to access its shares and files.

  • If you want to be able to share folders with nautilus (the file browser), install the nautilus-share package (installed by default in Ubuntu 9.10 Desktop edition):
sudo apt-get install nautilus-share

Alternate: From the menu at the top select "Location" -> "Connect to a server". In the "Service type" pull down select "Windows share". Enter the server ip address in the "Server:" box and the share name in the "Share:" box. Click "Connect" and then "Connect" again on the second dialog box Note: The default installation of Samba does not synchronize passwords. You may have to run "smbpasswd" for each user that needs to have access to his Ubuntu home directory from Microsoft Windows.

Windows Clients (XP,Server,Vista, Win7)

Microsoft Windows clients connect and browse through their corresponding network interface. Example: XP clients can open Windows Network Neighborhood or My Network Places to browse available SMB shares. [[UbuntuHelp:[Top|Back to top]]]

Samba Client - Manual Configuration

This section covers how to manually configure and connect to a SMB file server from an Ubuntu client. smbclient is a command line tool similar to a ftp connection while smbfs allows you to mount a SMB file share. Once a SMB share is mounted it acts similar to a local hard drive (you can access the SMB share with your file browser (nautilus, konqueror, thunar, other).

Connecting to a Samba File Server from the command line

Connecting from the command line is similar to a ftp connection. List public SMB shares with 

smbclient -L //server -U user

Connect to a SMB share with 

smbclient //server/share -U user

Enter you user password. You can connect directly with 

smbclient //server/share -U user%password

but your password will show on the screen (less secure). Once connected you will get a prompt that looks like this : 

smb: \>

Type "help" , without quotes, at the prompt for a list of available commands. [[UbuntuHelp:[Top|Back to top]]]

Connecting using CIFS

CIFS is included in the smbfs package and is a replacement for smbfs (I know, the terminology here is a little confusing). Reference : http://linux-cifs.samba.org/ As above, install by any method, smbfs.

Allow non-root users to mount SMB shares

By default only root may mount SMB shares on the command line. To allow non-root users to mount SMB shares you could set the SUID, but I advise you configure sudo. You should configure sudo with visudo You may either allow the gruop "users" to mount SMB shares, or add a group, samba, and add users you wish to allow to mount SMB shares to the samba group. 

sudo groupadd samba
sudo adduser user samba

Change "user" to the username you wish to add to the samba group. 

sudo visudo

In the "group" section add your group you wish to allow to mount SMB shares 

Add a line  in the "group" section :
%admin ALL=(ALL) ALL
%samba   ALL=(ALL) /bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifs

Change "%samba" to "%users" if you wish to allow members of the users group to mount SMB shares. The following will mount the myshare folder on myserver to ~/mnt (it will be in your home directory): 

mkdir ~/mnt
sudo mount -t cifs //myserver_ip_address/myshare ~/mnt -o username=samb_user,noexec

Note: "samba_user" = the user name on the samba server (may be different from your log-in name on the client). The "noexec" option prevents executable scripts running from the SMB share. You will be asked for BOTH your sudo and then your samba_user password. To umount, 

sudo umount ~/mnt

Automagically mount SMB shares

In order to have a share mounted automatically every time you reboot, you need to do the following: With any editor, create a file containing your Windows/Samba user account details: 

gksu gedit /etc/samba/user

KDE users must use kdesu rather than gksu and instead of Gedit they can use Kwrite as editor. ... it should contain two lines as follows: 

username=samba_user
password=samba_user_password

Note: "samba_user" = the user name on the samba server (may be different from your log-in name on the client). "samba_user_password" is the password you assigned to the samba_user on the samba server. Save the file and exit gedit. Change the permissions on the file for security: 

sudo chmod 0400 /etc/samba/user # permissions of 0400 = read only

Now create a directory where you want to mount your share (e.g. /media/samba_share): 

sudo mkdir /media/samba_share

Now, using any editor, and add a line to /etc/fstab for your SMB share as follows: 

sudo cp /etc/fstab /etc/fstab.bak
gksu gedit /etc/fstab

Add a line for your SMB share: 

//myserver_ip_address/myshare  /media/samba_share  cifs  credentials=/etc/samba/user,noexec  0 0

The share will mount automatically when you boot. The "noexec" option prevents executable scripts running from the SMB share. To mount the share now, without rebooting, 

sudo mount /media/samba_share

You can unmount the share with : 

sudo umount /media/samba_share

If you wish to increase security at the expense of convenience, use this line in /etc/fstab 

//myserver_ip_address/myshare  /media/samba_share  cifs  noauto,credentials=/etc/samba/user,noexec  0 0

The noexec" option prevents executable scripts running from the SMB share. Edit /etc/samba/user, remove the password (leave just the samba user). Now the share will NOT automatically mount when you boot and you will be asked for your samba password. Mount the share with : 

sudo mount /media/samba_share

CIFS may cause a shutdown error. 

CIFS VFS: Server not responding.

There is a fix in the troubleshooting section of this forum post. [[UbuntuHelp:[Top|Back to top]]]

Connecting using SMBFS (deprecated)

Note: This method still works, but as outlined under the "CIFS" section above is "deprecated" (no longer maintained and pending removal from the kernel). Mounting a share on the local filesystem allows you to work around programs that do not yet use GnomeVFS to browse remote shares transparently. To mount a SMB share, first install smbfs: 

sudo apt-get update
sudo apt-get install smbfs

To allow non root accounts to mount shares, change the permissions on the smbmnt program thus: 

sudo chmod u+s /usr/bin/smbmnt /usr/bin/smbumount

Note: This may be a security risk as after setting the SUID bit anyone can mount a SMB share. I advise you configure sudo, as above. The working line in /etc/sudoers is as follows (see CIFS section above): 

%samba   ALL=(ALL) /bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifs,/usr/bin/smbmount,/usr/bin/smbumount

This allows any user in the samba group to mount SMB shares (you will need to create a samba group and add users). The following will mount the myshare folder on myserver to ~/mnt (it will be in your home directory): 

mkdir ~/mnt
smbmount //myserver/myshare ~/mnt

To umount, 

smbumount ~/mnt

In order to have a share mounted automatically every time you reboot, you need to do the following: Open a shell as root 

sudo -s

Create a file containing your Windows/Samba user account details: 

vi /etc/samba/user

...it should contain two lines as follows: 

username=george
password=secret

Change the permissions on the file for security: 

chmod 0600 /etc/samba/user

Now create a directory where you want to mount your share (e.g. /mnt/data): 

mkdir /mnt/data

Now edit the file system table (/etc/fstab) and add a line as follows: 

//server/share   /mnt/data   smbfs   credentials=/etc/samba/user,rw,uid=bob   0   0

...where 'bob' is the non-root user you log into ubuntu with, 'server' is the name or address of the Windows machine and 'share' is the name of the share. To mount the share now, just use the following command as root. It will mount automatically on subsequent reboots. 

mount /mnt/data

to be continued...

Ubuntu Client

On the Ubuntu client using the menu at the top, go to "Places" -> "Network". You will see an icon "Windows network" and should be able to browse to your shared folder. You will be asked for a password, leave it blank. Click the "Connect button. (no need for a password). If you would like to mount your SMB share using your (server) hostname rather than the IP Address, edit /etc/hosts and add your samba server (syntax IP Address hostname). 

192.168.1.100    hostname

Where "hostname" = the name of your samba server.

Windows Client

On Windows open "My Computer" and navigate to "My Network Places". Navigate to your Ubuntu server and your share will be available without a password. Alternate : From the menu at the top select "Tools" -> "Map Network Drive". Select an available letter for your SMB share (Default is z: ). In the "Folder:" box enter \\samba_server_ipaddress\share. Tic (Select with the mouse) the option "Reconnect at login" if you want the share to be automatically mounted when you boot Windows. Click the "Finish" box. A dialog box will appear, enter your samba user name and password. Click "OK". If you would like to mount your SMB share using your (server) hostname rather than the IP Address, edit C:\WINDOWS\system32\drivers\etc\hosts and add your samba server (syntax IP Address hostname). 

192.168.1.100    hostname

Where "hostname" = the name of your samba server. [[UbuntuHelp:[Top|Back to top]]]

Samba Server Configuration - Graphical

Note: For Ubuntu 8.04 (Hardy) and later, shared folders are created directly from the folder. Browse to the location of the folder you would like to share, right-click the folder, and choose Sharing Options. Click the Share this folder. This section should allow you to "quick start" SMB shares between Ubuntu and either Ubuntu or Windows servers. The gui method is easier to work with, because:

  1. Shares are Public (browsable in Network Places)
  2. A password is not set for shares (they can be mounted by anyone).

However, remember that this is less secure. Be warned you are installing a service (server) and you may wish to install a Firewall management utility to help prevent undesired access. See also the manual configuration sections below to learn how to "hide" your shares from browsing and set a password for access.

Ubuntu Server

This section enables Ubuntu as a samba file server.

Sharing a Folder

To share a directory you must have permission to access the directory. Go to your home directory ( Places -> Home folder). Right click on the "Documents" directory and in the pop up menu select "Share Folder". If samba is not installed you will get a pop up menu "Sharing services are not installed". Select "Install Windows networks support (SMB)" and deselect "Install Unix networks support (NFS)" -> then click "Install services". If you get an error message that the samba .deb could not be found, open a terminal and update apt-get. 

sudo apt-get update

Try again and Ubuntu will download and install samba. Right click on the "Documents" directory and in the pop up menu select "Share Folder". You will get a pop up menu "Share Folder". Select "Windows networks (SMB)" in the pull down menu and give your share a name in the "Name" box. Unselect the "Read only" check box if you want read/write access to the share. Click the "Share" button.

Windows XP Server

This section enables Windows XP as a samba file server.

Sharing a Folder

1. On the Windows server, browse in explorer ("My Computer") to the location of the folder you wish to share (C:\Documents and Settings for example). Next right click on the folder to share and select "Sharing and Security...". In the pop-up dialog box click the "Sharing" tab. Click the "Network Setup Wizard" to configure your network to allow shares. Work your way through the wizard. Note the default workgroup is MSHOME. You may change this value if you like but all your computers should be in the same workgroup. Eventually you will be given the option to "Turn on file and printer sharing". This is the option you want, continue with the network wizard. You will have to restart your computer for the settings to take effect -> Restart Windows. 2. After rebooting, again open explorer ("My Computer") and navigate to the folder you wish to share. Again right click on the folder and select "Sharing and Security...". In the pop-up dialog box click the "Sharing" tab. In the "Network sharing and security" box, tic (select with the mouse) the "Share this folder on the network" box. Give the folder a share name. This will give read only access to Ubuntu computers via samba. To allow read/write access tic (select with the mouse) the "Allow network users to change my files" box. Click the "Apply" button and close the dialog box.

[[UbuntuHelp:[Top|Back to top]]]

Samba Server Configuration - Manual

Configuration is performed by reading and editing /etc/samba/smb.conf, the configuration file for the samba server. There are a few graphical tools available such as "kdenetwork-filesharing" and "Swat". A fairly comprehensive graphical Samba configuration tool is available for KDE, by installing the "kdenetwork-filesharing" package. Once install, you can find it by launching the KDE Control Center. (Alt-F2 and then type kcontrol). Browse to Internet & Network > Samba. It is fairly easy to use. A less friendly but also graphical tool is Swat, a web-based interface. The following tips show how to do some basic things without installing additional software, using the command line. It is not difficult, just be careful with typos. First open a terminal: Applications > System Tools > Terminal and open the file smb.conf 

sudo nano -w /etc/samba/smb.conf

How to Save: To save in nano use "CTRL-O", then "CTRL-X". Tip: Replacing nano with gedit gives you a nice graphical editor. The file *smb.conf* is divided in several sections: 

Global Settings
Debugging/Accounting
Authentication
Printing
File sharing
Misc
Share Definitions

Comments may start with either a # or a ;

Global Settings

Let's start with Global Settings. Here you will see several lines, which you can also see in the graphical networktool like workgroup and wins server. If you changed everything to your liking already then you can skip this section, if not change to what you need. If you do not know what items mean, leave them be and read the relevant part in the real Samba-howto instead of randomly changing them. It will save you trouble-shooting later.

File Sharing (Basics)

The important part for us is File sharing. Samba shares are named in brackets, [ ], and configured by adding options in the lines that follow. Most options are boolean (yes / no). We need to change: 

[homes]
comment = Home Directories
browseable = no

# By default, the home directories are exported read-only. Change next
# parameter to 'yes' if you want to be able to write to them.
  writable = no

This describes your /home folder. Usually you want to share this folder in a home-environment, because these are the files you want to share. To do so, make the following changes: 

[homes]
comment = Home Directories
browseable = yes

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
   read only = no

This finishes sharing your /home folder. The last thing we need to do is fixing a user. Add users who can access your shares with the 'smbpasswd' command. 

sudo  smbpasswd -a username

New SMB password:
Retype new SMB password:
Added user username.

sudo smbpasswd -e username
Enabled user username.

NOTE: the username used here should be a real user setup on your PC/Server. Reload Samba for every change to users/passwords or 'smb.conf' 

sudo /etc/init.d/samba reload

NOTE: If the above command doesn't work for you, try: 

sudo smbd reload

That's the basis of Samba file-sharing. Please leave your comments about what else is needed here. - Can/should the SMB password be different from the user's system password? MartinSpacek - 2007-11-19 [[UbuntuHelp:[Top|Back to top]]]

File Sharing (Advanced)

We started with the base of Samba file-sharing. The above-mentioned items should be enough to get you started. Next we will add details that you might or might not need.

If you have more than one network card

If you have more than one network card (or interface) then you have to define where you want Samba to run. In smb.conf under the [global] section, add: 

interfaces = 127.0.0.1, 192.168.0.31/24
bind interfaces only = yes

The first address (127.0.0.1), is a loopback network connection (it's your own machine). The second address (192.168.0.31), is the address of the card you want Samba to run on, the second number (24) is the subnet default for a CLASS-C network. It may vary depending on your network. With "bind interfaces only" you limit which interfaces on a machine will serve SMB requests. You can limit which IP address can connect to your Samba server adding these lines: 

hosts allow = 127.0.0.1, 192.168.0.31, 192.168.0.32
hosts deny = 0.0.0.0/0

The loopback address must be present in the first line. The second line deny access from all IP address not in the first line. [[UbuntuHelp:[Top|Back to top]]]

Private and public shares in same config

First you'll want to set this up in the [global] section of your smb.conf 

[global]
        security = user
        encrypt passwords = true
        map to guest = bad user
        guest account = nobody

security = user restricts logins to users on your server. encrypt passwords = true is necessary for most modern versions of Windows to login to your shares. map to guest = bad user will map login attempts with bad user names to the guest account you specify with guest account = nobody. That is, if you attempt to login to the share with a user name not set up with smbpasswd the you will be logged in as the user nobody. Next the private share 

[private]
        comment = Private Share
        path = /path/to/share/point
        browseable = no
        read only = no

If browsable is set to no the share will not show up on graphical browsers such a "My Network Places" on Windows or Places -> Network on Ubuntu. path is the path to the directory that you want to share out. browseable = no will have the share not show up when users browse the network. read only = no will let you, as an authenticated user, write to the share. Finally, the public share 

[public]
        comment = Public Share
        path = /path/to/share/point
        read only = no
        guest only = yes
        guest ok = yes

Again, path is the path to the directory that you want to share out. read only = no will allow users to write to this share. guest only = yes and guest ok = yes will allow guest logins and also force users to login as guests. The user you specified with guest account in the [global] section must have write permissions on /path/to/share/point in order to write files to the share. Note: When Windows attempts to access a SMB share it will use the current Windows user name and password. The map to guest = bad user trick above allows access to the public share only if you give Samba an incorrect user name. If you give it a valid user name, but a bad password, the login will fail and Windows will give you a password prompt when you try to access the share. If you have the same user name for your Windows machine and your Ubuntu machine, you could be unwittingly giving the Samba server a valid user name, but invalid password. To resolve this you will either have to change the Windows user name, or to remove that user name from the Samba password file with sudo smbpasswd -x [username]. Note: The above uses security = user. To access the private shares you will have to make sure the user exists in smbpasswd. These users must also already exist as normal users on your machine. You add users to smbpasswd simply by running sudo smbpasswd -a [username] and giving a password.

Setting permissions

To set permissions of newly created documents / files edit /etc/samba/smb.conf and in the [global] section add : 

create mask = 0644
directory mask = 0755

[[UbuntuHelp:[Top|Back to top]]]

Sharing CUPS Printers

Graphical Configuration

Setup Ubuntu Print Server

  1. In your menu go to System -> Administration -> Printing
  2. Under "Local Printers" on the left, select the printer you wish to share. Select the "Policies" tab on the right and make sure the "Shared" box is selected.
Ubuntu Client
  1. Again go to System -> Administration -> Printing
  2. Click "New Printer" in the upper right. In the next menu select "Windows Printer via SAMBA". Now enter your Ubuntu Samba Print Server (set up as above) IP address in the box on the left titled "smb://". Click the "Browse" button.
  3. Select the printer in the "SMB Browser" window (Click on the little arrows). Once you have selected your printer, check the "Authentication required" and enter your samba user name and password. Then click the "Verify" button. You should see confirmation that the share is available.
  4. Click the "Forward" button and install the drivers for your printer as you would for any other printer.
Windows Client
  1. Go to Control Panel -> Printers
  2. Click "Add a printer" on the upper left. The printer wizard will start -> click forward. Select Network Printer and click "Next". Select "Browse for a printer" (Top button) and click "Next". In the next window, navigate to your Ubuntu Samba Print Server and click "Next". Continue with the printer and driver installation.

For more information, see NetworkPrintingFromWinXP. [[UbuntuHelp:[Top|Back to top]]]

Manual Server Configuration

If You would like to share Your printers make the following changes to Samba: If not already done create the Samba-user You want the share to be used by. In smb.conf uncomment and change the lines ending up with the following configuration: 


# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
   load printers = yes

# [...] // Some BSD printing stuff, do not edit if You do not need to

# CUPS printing.  See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
   printing = cups
   printcap name = cups

and in the Share Definitions section append and/or modify the [printers] part ending up like this: 

# ======================= Share Definitions =======================
# [...] // File and Folder sharing, do not edit if You do not need to

[printers]
   comment = All Printers
   browseable = no
   path = /tmp
   printable = yes
   public = yes
   writable = no
   create mode = 0700
   printcap name = /etc/printcap
   print command = /usr/bin/lpr -P%p -r %s
   printing = cups

Some explanation what is done: the [printers] part defines the default-behavior for all the printers that are mentioned in "printcap name". A sort of template how to create shares for these printers. This template is applied if "load printers" is set to true. For more detailed explanation refer to the Samba documentation. And do not forget to reload Samba: 

sudo /etc/init.d/samba reload

[[UbuntuHelp:[Top|Back to top]]]

Securing Samba

This section was started to give some general advise on security considerations and is not an exhaustive review of samba security.

/etc/samba/smb.conf

  • Networking Section - use "hosts allow" and "hosts deny"
# hosts allow = 127.0.0.1 192.168.1.0/24
hosts allow = 127.0.0.1 192.168.1.1 192.168.1.2
hosts deny = 0.0.0.0/0

hosts deny 0.0.0.0/0 = all others.

  • Shares
  • When defining a share, consider the following options :
  1. browseable = no ~ Shares will not show up when browsing your network.
  2. users = user1 user2 ~ List of users able to access the share

When setting up a Samba share, you can limit the users who have access to your share 

[private]
        comment = Private Share
        path = /path/to/share/point
        browseable = no
        read only = no
        valid users = user1 user2 user3

Now only samba users user1, user2, and user3 will have access to the share "private".

Firewall

Configure your firewall (iptables) to limit access to your server. Samba uses ports

  • UDP ports 137 and 138
  • TCP ports 139 and 445

[[UbuntuHelp:[Top|Back to top]]]

Troubleshooting

  • The first thing you should do, before looking into your conf files, is ensure that the directory you are sharing actually exists.

http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/diagnosis.html

  • Problems with Samba users?

http://www.samba.org/samba/docs/man/manpages-3/pdbedit.8.html

See Also

[[UbuntuHelp:[Top|Back to top]]]

取自“https://wiki.ubuntu.org.cn/index.php?title=UbuntuHelp:SettingUpSamba&oldid=139362