Difference between revisions of "Samba server"

(Samba server installation and configuration)
 
Line 1: Line 1:
===Installation====
+
===Installation===
 +
 
 
====Core packages====
 
====Core packages====
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
Line 10: Line 11:
  
 
The CIFS protocol is also required as this is one of the default Windows Server share protocol.
 
The CIFS protocol is also required as this is one of the default Windows Server share protocol.
 +
  
 
====Printer share====
 
====Printer share====
Line 15: Line 17:
 
apt-get install libcups2 cups cups-pdf
 
apt-get install libcups2 cups cups-pdf
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
 +
  
 
===Usage===
 
===Usage===
Line 22: Line 26:
 
vim  /etc/samba/smb.conf
 
vim  /etc/samba/smb.conf
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
  
 
====Service management====
 
====Service management====
Line 27: Line 32:
 
/etc/init.d/samba restart
 
/etc/init.d/samba restart
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
  
 
====Configuration check====
 
====Configuration check====
Line 33: Line 39:
 
</syntaxhighlight>
 
</syntaxhighlight>
 
The file content should appears, without any alerts.
 
The file content should appears, without any alerts.
 +
 +
  
 
===Basic share===
 
===Basic share===

Revision as of 18:44, 24 November 2013

Installation

Core packages

apt-get install samba samba-common libkrb5-3 winbind smbclient
apt-get install samba-doc samba-doc-pdf samba-tools
apt-get install cifs-utils

Samba protocol is built upon Windows File Share. All windows versions since XP implements it, including Windows Server. Latest version implements higher specifications and security.

The CIFS protocol is also required as this is one of the default Windows Server share protocol.


Printer share

apt-get install libcups2 cups cups-pdf


Usage

Edit configuration

vim  /etc/samba/smb.conf


Service management

/etc/init.d/samba restart


Configuration check

testparm -s

The file content should appears, without any alerts.


Basic share

The following configuration will make all shares available for a specific set of IP @ |or| the whole world.

vim /etc/samba/smb.conf

Edit the following content:

  • Adjust the red values and remove the ' '
#======================= Global Settings =======================
[global]
### Browsing/Identification ###
   workgroup = 'MYWORKGROUP'
   # server name. Windows = netbios ; all the world = server string
   netbios name = 'MY_SERVER'
   server string = 'MY_SERVER'
   dns proxy = no
   wins support = no

### Security ###
   # Password level
   encrypt passwords = true
   # Sync password with current computer
   passdb backend = tdbsam 
   obey pam restrictions = yes
   unix password sync = yes
   # For Unix password sync to work on a Debian GNU/Linux system
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   # allow samba user to change his password
   pam password change = yes
   # Paranoid check. To forbidden some logins
   #invalid users = vadmin

   # If guests are not allowed, they should be tagged as 'bad user' 
   map to guest = bad user

   # If guests are allowed, they should use the following account
   guest account = 'myuser'

   # Allow users who've been granted usershare privileges to create public shares
   usershare allow guests = 'yes'
   
#### Networking ####
    # allow local network and localhost only
    # comment it out to make your server “open-bar” ! 
    # Each IP or IP_range/submask must be separated by a space
    allow hosts = '192.168.1.0/24 127.0.0.1 193.12.118.194' 

#### Debugging/Accounting ####
   # This tells Samba to use a separate log file for each machine that connects
   log file = /var/log/samba/log.%m
   # Cap the size of the individual log files (in KiB).
   max log size = 1000
   # Log level in dedicated Samba log file
   log level = 3
   # log level in common Syslog (O.S log)
   syslog = 3
   # Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d

############ Misc ############
   # improve TCP connection
   # socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   # Improve file name management
   preserve case = yes
   short preserve case = no

#======================= Share Definitions =======================
[webserver]
   comment = WEB-SERVER
   path = /var/www

   # Active share
   available = yes

   # Folder rights 
   browseable = yes
   read only = no
   writeable = yes
   
   # Allow guests ?
   guest ok = yes
   public = yes

   # Files permissions
   ## new file / directories permissions
   create mask = 0777
   directory mask = 0777

   ## file / folders update
   security mask = 0777   
   directory security mask = 0777

   ## Do NOT change rights on file update
   force security mode = 0
   force directory security mode = 0

   # Do NOT follow symlinks for security reasons
   follow symlinks = no  

   # Allow user to remove read-only files
   delete readonly = yes

   # Every new file must be part of a specific group "users" to avoid conflicts
   force group = www-data

   # Do not be case sensitive to avoid Windows <> Linux conflicts
   case sensitive = no

   # hide Linux hidden files
   hide dot files = yes

   # specifics files / folder to hide
   #veto files = /.*

You have to duplicate the [webserver] section for each share. See other examples

TODO >> Join files !