Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux:samba [2008/01/29 01:18] a |
linux:samba [2009/11/10 08:38] greebo |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Samba ====== | ||
+ | |||
'' | '' | ||
// | // | ||
Line 11: | Line 13: | ||
+ | [global] | ||
+ | add machine script = / | ||
+ | |||
+ | < | ||
+ | pdbedit --pwd-must-change-time=timestamp username | ||
+ | timestamp je unix time ko mora spremenit password | ||
+ | ce das to na 0 pol bo moral spremenit | ||
+ | </ | ||
- | + | \\ | |
- | pdbedit --pwd-must-change-time=timestamp username | + | for i in `cat userlist`; |
- | timestamp je unix time ko mora spremenit password | + | \\ |
- | ce das to na 0 pol bo moral spremenit \\ | + | |
- | + | ||
smb.conf | smb.conf | ||
Line 28: | Line 35: | ||
disable netbios = yes | disable netbios = yes | ||
deadtime = 15 | deadtime = 15 | ||
+ | |||
+ | |||
+ | ===== Tips ===== | ||
+ | |||
+ | # mount -t cifs // | ||
+ | # umount /mnt # unmount file system | ||
+ | |||
+ | < | ||
+ | $ smbstatus | ||
+ | Samba version 3.0.33-3.7.el5 | ||
+ | PID | ||
+ | ------------------------------------------------------------------- | ||
+ | 32752 | ||
+ | 32733 | ||
+ | | ||
+ | |||
+ | Service | ||
+ | ------------------------------------------------------- | ||
+ | hal 32733 | ||
+ | laura 5320 wapiti | ||
+ | iTunes | ||
+ | hal 32752 | ||
+ | |||
+ | No locked files | ||
+ | </ | ||
+ | |||
+ | # smbcontrol 32733 close-share hal # close a single share instance, PID 32733 | ||
+ | # smbcontrol smbd close-share hal # nuke all clients mounting " | ||
+ | |||
+ | ===== Creating Recycle Bin for Samba storage ===== | ||
+ | |||
+ | The best option is to have a " | ||
+ | Here is an example of modifying the home directories of your users in samba configuration file | ||
+ | |||
+ | [homes] | ||
+ | comment = Home Directory | ||
+ | valid users = %S | ||
+ | browsable = no | ||
+ | guest ok = no | ||
+ | read only = no | ||
+ | vfs object = recycle | ||
+ | recycle: | ||
+ | recycle: | ||
+ | recycle: | ||
+ | |||
+ | The “vfs object” line calls in the plug-in that enables recycle bin capability. | ||
+ | |||
+ | |||
+ | ==== How can I list the currently active clients? ==== | ||
+ | The winbindd deamon can log its status to the winbind log file upon request using the signal USR2. | ||
+ | |||
+ | If debuglevel is set to 2 or above, the windbindd dameon will also print the list of clients currently active. | ||
+ | |||
+ | # killall -USR2 winbindd | ||
+ | |||
+ | The winbind log level can be set separately in the smb.conf (/ | ||
+ | |||
+ | log level = 2 winbind:3 | ||
+ | |||
+ | <note important> | ||
+ | |||
+ | # service winbind reload | ||
+ | |||
Line 37: | Line 107: | ||
Vista defaults to only send the more secure NTLMv2 protocol, which Samba (and, incidentally, | Vista defaults to only send the more secure NTLMv2 protocol, which Samba (and, incidentally, | ||
</ | </ | ||
+ | |||
+ | === smb.conf === | ||
+ | <pre> | ||
+ | # | ||
+ | |||
+ | [global] | ||
+ | |||
+ | ## Browsing/ | ||
+ | |||
+ | # Change this to the workgroup/ | ||
+ | | ||
+ | |||
+ | # server string is the equivalent of the NT Description field | ||
+ | | ||
+ | netbios name = server | ||
+ | |||
+ | # Windows Internet Name Serving Support Section: | ||
+ | # WINS Support - Tells the NMBD component of Samba to enable its WINS Server | ||
+ | wins support = yes | ||
+ | |||
+ | # WINS Server - Tells the NMBD components of Samba to be a WINS Client | ||
+ | # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both | ||
+ | ; wins server = w.x.y.z | ||
+ | |||
+ | # This will prevent nmbd to search for NetBIOS names through DNS. | ||
+ | dns proxy = no | ||
+ | |||
+ | # What naming service and in what order should we use to resolve host names | ||
+ | # to IP addresses | ||
+ | name resolve order = lmhosts host wins bcast | ||
+ | |||
+ | #### Networking #### | ||
+ | |||
+ | # The specific set of interfaces / networks to bind to | ||
+ | # This can be either the interface name or an IP address/ | ||
+ | # interface names are normally preferred | ||
+ | | ||
+ | |||
+ | # Only bind to the named interfaces and/or networks; you must use the | ||
+ | # ' | ||
+ | # It is recommended that you enable this feature if your Samba machine is | ||
+ | # not protected by a firewall or is a firewall itself. | ||
+ | # option cannot handle dynamic or non-broadcast interfaces correctly. | ||
+ | bind interfaces only = true | ||
+ | |||
+ | ## hosts allow = 192.168.101. 127. | ||
+ | enable core files = no | ||
+ | use sendfile = yes | ||
+ | # smb ports = 445 | ||
+ | disable netbios = yes | ||
+ | |||
+ | client lanman auth = no | ||
+ | lanman auth = no | ||
+ | client ntlmv2 auth = yes | ||
+ | client plaintext auth = no | ||
+ | ## deadtime = 60 | ||
+ | ## enhanced browsing = no | ||
+ | time server = yes | ||
+ | wide links = no | ||
+ | |||
+ | |||
+ | log level = 3 | ||
+ | ## reset on zero vc = yes | ||
+ | |||
+ | ## hostname lookups = no | ||
+ | |||
+ | # host msdfs = yes | ||
+ | # msdfs root = no S | ||
+ | |||
+ | |||
+ | # Name mangling options | ||
+ | | ||
+ | short preserve case = yes | ||
+ | dos charset = CP852 | ||
+ | unix charset = UTF8 | ||
+ | |||
+ | |||
+ | #### Debugging/ | ||
+ | |||
+ | # This tells Samba to use a separate log file for each machine | ||
+ | # that connects | ||
+ | log file = / | ||
+ | |||
+ | # Cap the size of the individual log files (in KiB). | ||
+ | max log size = 1000 | ||
+ | |||
+ | # If you want Samba to only log through syslog then set the following | ||
+ | # parameter to ' | ||
+ | ; | ||
+ | |||
+ | # We want Samba to log a minimum amount of information to syslog. Everything | ||
+ | # should go to / | ||
+ | # through syslog you should set the following parameter to something higher. | ||
+ | | ||
+ | |||
+ | # Do something sensible when Samba crashes: mail the admin a backtrace | ||
+ | panic action = / | ||
+ | |||
+ | |||
+ | ####### Authentication ####### | ||
+ | |||
+ | # " | ||
+ | # in this server for every user accessing the server. See | ||
+ | # / | ||
+ | # in the samba-doc package for details. | ||
+ | | ||
+ | |||
+ | # You may wish to use password encryption. | ||
+ | # ' | ||
+ | | ||
+ | |||
+ | # If you are using encrypted passwords, Samba will need to know what | ||
+ | # password database type you are using. | ||
+ | | ||
+ | |||
+ | obey pam restrictions = yes | ||
+ | |||
+ | guest account = nobody | ||
+ | ### | ||
+ | | ||
+ | | ||
+ | |||
+ | # This boolean parameter controls whether Samba attempts to sync the Unix | ||
+ | # password with the SMB password when the encrypted SMB password in the | ||
+ | # passdb is changed. | ||
+ | unix password sync = yes | ||
+ | |||
+ | # For Unix password sync to work on a Debian GNU/Linux system, the following | ||
+ | # parameters must be set (thanks to Ian Kahan << | ||
+ | # sending the correct chat script for the passwd program in Debian Sarge). | ||
+ | | ||
+ | | ||
+ | |||
+ | # This boolean controls whether PAM will be used for password changes | ||
+ | # when requested by an SMB client instead of the program listed in | ||
+ | # ' | ||
+ | pam password change = no | ||
+ | |||
+ | # This option controls how nsuccessful authentication attempts are mapped | ||
+ | # to anonymous connections | ||
+ | map to guest = bad user | ||
+ | |||
+ | ########## Domains ########### | ||
+ | |||
+ | os level = 69 | ||
+ | |||
+ | # Is this machine able to authenticate users. Both PDC and BDC | ||
+ | # must have this setting enabled. If you are the BDC you must | ||
+ | # change the ' | ||
+ | # | ||
+ | | ||
+ | local master = yes | ||
+ | |||
+ | # Domain Master specifies Samba to be the Domain Master Browser. If this | ||
+ | # machine will be configured as a BDC (a secondary logon server), you | ||
+ | # must set this to ' | ||
+ | | ||
+ | preferred master = yes | ||
+ | |||
+ | |||
+ | # | ||
+ | # The following setting only takes effect if ' | ||
+ | # It specifies the location of the user's profile directory | ||
+ | # from the client point of view) | ||
+ | # The following required a [profiles] share to be setup on the | ||
+ | # samba server (see below) | ||
+ | ; logon path = \\%N\profiles\%U | ||
+ | # Another common choice is storing the profile in the user's home directory | ||
+ | # | ||
+ | logon path = \\server\%U\.winprofile | ||
+ | #logon path = \\%L\profiles\%U | ||
+ | |||
+ | logon drive = H: | ||
+ | # | ||
+ | logon home = \\server\%U | ||
+ | |||
+ | logon script = logon.cmd | ||
+ | |||
+ | # This allows Unix users to be created on the domain controller via the SAMR | ||
+ | # RPC pipe. The example command creates a user account with a disabled Unix | ||
+ | # password; please adapt to your needs | ||
+ | add user script = / | ||
+ | add machine script = / | ||
+ | |||
+ | ########## Printing ########## | ||
+ | |||
+ | # If you want to automatically load your printer list rather | ||
+ | # than setting them up individually then you'll need this | ||
+ | load printers = no | ||
+ | show add printer wizard = no | ||
+ | |||
+ | # lpr(ng) printing. You may wish to override the location of the | ||
+ | # printcap file | ||
+ | | ||
+ | ; | ||
+ | | ||
+ | |||
+ | # CUPS printing. | ||
+ | # cupsys-client package. | ||
+ | ; | ||
+ | ; | ||
+ | |||
+ | ############ | ||
+ | |||
+ | # Using the following line enables you to customise your configuration | ||
+ | # on a per machine basis. The %m gets replaced with the netbios name | ||
+ | # of the machine that is connecting | ||
+ | ; | ||
+ | |||
+ | # Most people will find that this option gives better performance. | ||
+ | # See smb.conf(5) and / | ||
+ | # for details | ||
+ | # You may want to add the following on a Linux system: | ||
+ | | ||
+ | |||
+ | # The following parameter is useful only if you have the linpopup package | ||
+ | # installed. The samba maintainer and the linpopup maintainer are | ||
+ | # working to ease installation and configuration of linpopup and samba. | ||
+ | ; | ||
+ | |||
+ | # Some defaults for winbind (make sure you're not using the ranges | ||
+ | # for something else.) | ||
+ | ; idmap uid = 10000-20000 | ||
+ | ; idmap gid = 10000-20000 | ||
+ | ; | ||
+ | |||
+ | # The following was the default behaviour in sarge, | ||
+ | # but samba upstream reverted the default because it might induce | ||
+ | # performance issues in large organizations. | ||
+ | # See Debian bug #368251 for some of the consequences of *not* | ||
+ | # having this setting and smb.conf(5) for details. | ||
+ | ; | ||
+ | ; | ||
+ | |||
+ | # Setup usershare options to enable non-root users to share folders | ||
+ | # with the net usershare command. | ||
+ | |||
+ | # Maximum number of usershare. 0 (default) means that usershare is disabled. | ||
+ | ; | ||
+ | |||
+ | # Allow users who've been granted usershare privileges to create | ||
+ | # public shares, not just authenticated ones | ||
+ | | ||
+ | |||
+ | # | ||
+ | |||
+ | # Un-comment the following (and tweak the other settings below to suit) | ||
+ | # to enable the default home directory shares. | ||
+ | # user's home directory as \\server\username | ||
+ | [homes] | ||
+ | | ||
+ | | ||
+ | |||
+ | # By default, the home directories are exported read-only. Change the | ||
+ | # next parameter to ' | ||
+ | | ||
+ | |||
+ | # File creation mask is set to 0700 for security reasons. If you want to | ||
+ | # create files with group=rw permissions, | ||
+ | | ||
+ | |||
+ | # Directory creation mask is set to 0700 for security reasons. If you want to | ||
+ | # create dirs. with group=rw permissions, | ||
+ | | ||
+ | |||
+ | # By default, \\server\username shares can be connected to by anyone | ||
+ | # with access to the samba server. | ||
+ | # to make sure that only " | ||
+ | # This might need tweaking when using external authentication schemes | ||
+ | valid users = %S | ||
+ | |||
+ | ; uporabniki ne rabijo nic delat | ||
+ | ; z Maildir direktorijem | ||
+ | hide files = / | ||
+ | |||
+ | |||
+ | # Un-comment the following and create the netlogon directory for Domain Logons | ||
+ | # (you need to configure Samba to act as a domain controller too.) | ||
+ | [netlogon] | ||
+ | | ||
+ | path = / | ||
+ | guest ok = yes | ||
+ | read only = yes | ||
+ | share modes = no | ||
+ | | ||
+ | | ||
+ | # If you have problems, try adding the following line | ||
+ | acl check permissions = no | ||
+ | |||
+ | |||
+ | # Un-comment the following and create the profiles directory to store | ||
+ | # users profiles (see the "logon path" option above) | ||
+ | # (you need to configure Samba to act as a domain controller too.) | ||
+ | # The path below should be writable by all users so that their | ||
+ | # profile directory may be created the first time they log on | ||
+ | ;[profiles] | ||
+ | ; | ||
+ | ; path = / | ||
+ | ; guest ok = no | ||
+ | ; | ||
+ | ; | ||
+ | ; | ||
+ | # read only = No | ||
+ | # store dos attributes = Yes | ||
+ | # printable = no | ||
+ | # hide files = / | ||
+ | |||
+ | #[printers] | ||
+ | # | ||
+ | # | ||
+ | # path = / | ||
+ | # | ||
+ | # guest ok = no | ||
+ | # read only = yes | ||
+ | # | ||
+ | |||
+ | # Windows clients look for this share name as a source of downloadable | ||
+ | # printer drivers | ||
+ | [print$] | ||
+ | | ||
+ | path = / | ||
+ | | ||
+ | read only = yes | ||
+ | guest ok = no | ||
+ | # Uncomment to allow remote administration of Windows print drivers. | ||
+ | # Replace ' | ||
+ | # members of. | ||
+ | ; write list = root, @ntadmin | ||
+ | |||
+ | # A sample share for sharing your CD-ROM with others. | ||
+ | ;[cdrom] | ||
+ | ; | ||
+ | ; read only = yes | ||
+ | ; | ||
+ | ; path = /cdrom | ||
+ | ; guest ok = yes | ||
+ | |||
+ | # The next two parameters show how to auto-mount a CD-ROM when the | ||
+ | # cdrom share is accesed. For this to work /etc/fstab must contain | ||
+ | # an entry like this: | ||
+ | # | ||
+ | # / | ||
+ | # | ||
+ | # The CD-ROM gets unmounted automatically after the connection to the | ||
+ | # | ||
+ | # If you don't want to use auto-mounting/ | ||
+ | # is mounted on /cdrom | ||
+ | # | ||
+ | ; | ||
+ | ; | ||
+ | |||
+ | [$homes] | ||
+ | | ||
+ | path = /home | ||
+ | guest ok = no | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | #csc policy = disable | ||
+ | |||
+ | |||
+ | |||
+ | #vfs objects = recycle | ||
+ | # recycle: | ||
+ | # recycle: | ||
+ | # recycle: | ||
+ | # recycle: | ||
+ | # recycle: | ||
+ | # recycle: | ||
+ | # recycle: | ||
+ | # #hide files = / | ||
+ | # #veto files = / | ||
+ | </ | ||