Samba
From ArchWiki
i18n |
---|
Česky |
Dansk |
Deutsch |
English |
Español |
Italiano |
Română |
Русский |
Türkçe |
简体中文 |
正體中文 |
Samba is a re-implementation of the SMB/CIFS networking protocol, it facilitates file and printer sharing between Linux and Windows systems or Linux-to-Linux systems as an alternative to Nfs. Samba is easily configured and operation is very straight-forward.
Contents |
Installation
To install the Samba server, install the samba package:
# pacman -S samba
A daemon is installed with the package and it must be started for Samba to begin working. Samba typically uses FAM to monitor the file-system for changes, yet Gamin has almost completely replaced FAM as of recent, mainly because the latter is poorly maintained and generally an inferior, unpopular choice.
To install Gamin:
# pacman -S gamin
If using FAM, start the fam daemon before samba. Gamin does not need a daemon since it automatically starts when needed.
Without rebooting, FAM and Samba can be started with the commands:
# /etc/rc.d/fam start # /etc/rc.d/samba start
Add fam and samba to the DAEMONS line in rc.conf to automatically start the daemons at boot.
Note: Before Starting samba the file /etc/samba/smb.conf must be created, see Configuration Below.
Configuration
smb.conf
As root, copy the default Samba configuration file to /etc/samba/smb.conf:
# cp /etc/samba/smb.conf.default /etc/samba/smb.conf
Open smb.conf and edit it to suit your needs. The default file creates a share for each user's home directory. It also creates a share for printers.
SWAT: Samba Web Administration Tool
SWAT is a facility that is part of the Samba suite. The main executable is called swat and is invoked by the internetworking super daemon, inetd.
There are many and varied opinions regarding the usefulness of SWAT. No matter how hard one tries to produce the perfect configuration tool, it remains an object of personal taste. However, SWAT is a very useful tool that allows Web-based configuration of Samba. It has a wizard that may help to get Samba configured quickly, it has context-sensitive help on each smb.conf parameter, it provides for monitoring of current state of connection information, and it allows network-wide MS Windows network password management.
To use SWAT, first install xinetd:
# pacman -Sy xinetd
Edit /etc/xinetd.d/swat using your favorite text editor. To enable SWAT, change the disable = yes line to disable = no.
Additionally, edit /etc/hosts.allow if remote administration is needed.
The web interface can be accessed on port 901 by default,
http://localhost:901/
Adding users
To log into a Samba share you'll need to add a user:
# smbpasswd -a <user>
The user must already have a account on the server. If the user does not exist you will recieve the error:
Failed to modify password entry for user "<user>"
You can add a new user to the system with adduser.
Accessing Samba shares
KDE and Gnome have the ability to browse Samba shares. You therefore do not need any additional packages if using either of these DEs. If however you plan to use the share solely from a shell, you will need an additional package.
Accessing a Samba share from Gnome or KDE
From a Nautilus/Dolphin/Konqueror window, hit Ctrl+L or go to the "Go" menu and select "Location..." -- both actions will allow you to type in the "Go to:" blank. Enter smb://servername/share and press enter.
For a GUI in the KDE System Settings you have to install the kdenetwork-filesharing package from [extra].
Accessing a Samba share from the shell
You can use smbclient to browse shares from the shell:
$ smbclient -L <hostname> -U%
will list any public shares on the server.
To manually mount a share from the shell:
# mount.cifs //<hostname>/<share> <mount_point> -o user=<username>,password=<password>
To allow a normal user to mount and unmount a Samba share you can add setuid root to /sbin/mount.cifs. An alternative is to use the smbnetfs package.
Adding a share to fstab
You can add a line to fstab like this:
//<hostname>/<share> <mount_point> cifs credentials=<credentials_file>,rw,user,noauto 0 0
Since fstab is readable by all users, one should not store their Samba password in this file. In this case, use a credentials file that is only readable by root. This is a simple text file that contains:
username=<username> password=<password>
The user option of the fstab line allows the owner of the <mount_point> to mount and unmount the share. The noauto option disables mounting at boot.
If you are adding a Samba share to fstab, you should also add the netfs daemon to rc.conf, somewhere after the network daemon. The netfs daemon will mount network partitions at boot and, more importantly, unmount network partitions at shutdown. Even if you are using the noauto option in fstab you should add the netfs daemon. Without it any network share that is mounted when you shutdown will cause the network daemon to wait for the connection to time out, considerably extending your shutdown time.
Tips and tricks
Share files for your LAN without user and password
Edit /etc/samba/smb.conf and change the following line:
security = user
to
security = share
If you want to restrict the shares data to a specific interface replace:
; interfaces = 192.168.12.2/24 192.168.13.2/24
with:
interfaces = lo eth0 bind interfaces only = true
(changing eth0 to the local network you want share with.)
If you want to edit the account that access the shares, edit the following line:
; guest account = nobody
The last step is to create share directory (for write access make writable = yes):
[Public Share] path = /path/to/public/share available = yes browsable = yes public = yes writable = no
Sample configuration file
The configuration that worked for one user:
[global] workgroup = WORKGROUP server string = Samba Server netbios name = PC_NAME security = share ; the line below is important! If you have permission issues make sure the user here is the same as the user of the folder you want to share guest account = mark username map = /etc/samba/smbusers name resolve order = hosts wins bcast wins support = no
[public] comment = Public Share path = /path/to/public/share available = yes browsable = yes public = yes writable = no
Discovering network shares
If nothing is known about other systems on the local network, and automated tools such as smbnetfs are not available, the following methods allow one to manually probe for Samba shares. See also: Windows Network Share.
1. First, install nmap and smbclient using pacman:
# pacman -S nmap smbclient
2. nmap checks which ports are open:
# nmap -sT 192.168.1.*
In this case, a scan on the 192.168.1.* IP address range has been performed, resulting in:
Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-02-15 11:45 PHT Interesting ports on 192.168.1.1: (The 1661 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 139/tcp open netbios-ssn 5000/tcp open UPnP Interesting ports on 192.168.1.5: (The 1662 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 6000/tcp open X11 Nmap run completed -- 256 IP addresses (2 hosts up) scanned in 7.255 seconds
The first result is another system; the second happens to be the client from where this scan was performed.
3. Now that systems with port 139 open are revealed, use nmblookup to check for NetBIOS names:
Looking up status of 192.168.1.1 PUTER <00> - B <ACTIVE> HOMENET <00> - <GROUP> B <ACTIVE> PUTER <03> - B <ACTIVE> PUTER <20> - B <ACTIVE> HOMENET <1e> - <GROUP> B <ACTIVE> USERNAME <03> - B <ACTIVE> HOMENET <1d> - B <ACTIVE> MSBROWSE <01> - <GROUP> B <ACTIVE>
Regardless of the output, look for <20>, which shows the host with open services.
4. Use smbclient to list which services are shared on PUTER. If prompted for a password, pressing enter should still display the list:
Sharename Type Comment --------- ---- ------- MY_MUSIC Disk SHAREDDOCS Disk PRINTER$ Disk PRINTER Printer IPC$ IPC Remote Inter Process Communication Server Comment --------- ------- PUTER Workgroup Master --------- ------- HOMENET PUTER
This shows which folders are shared and can be mounted locally. See: #Accessing Samba shares
Troubleshooting
Trouble accessing a password-protected share from Windows
If you are having trouble accessing a password protected share from Windows, try adding this to /etc/samba/smb.conf:[1]
[global] # lanman fix client lanman auth = yes client ntlmv2 auth = no
Getting a dialog box up takes a long time
I had a problem that it took ~30 seconds to get a password dialog box up when trying to connect from both Windows XP/Windows 7. Analyzing the error.log on the server I saw:
[2009/11/11 06:20:12, 0] printing/print_cups.c:cups_connect(103) Unable to connect to CUPS server localhost:631 - Interrupted system call
I don't have any printer connected to this server, so I added this to the global section:
load printers = no printing = bsd disable spoolss = yes printcap name = /dev/null
Not sure if all of them are necessary, but at least it works now.
Changes in Samba version 3.4.0
Major enhancements in Samba 3.4.0 include:
The default passdb backend has been changed to 'tdbsam'! That breaks existing setups using the 'smbpasswd' backend without explicit declaration!
If you would like to stick to the 'smbpasswd' backend try changing this in /etc/samba/smb.conf:
passdb backend = smbpasswd
or convert your smbpasswd entries using:
sudo pdbedit -i smbpasswd -e tdbsam
Error: Value too large for defined data type
With some applications you could get this error whith every attempt to open a file mounted in smbfs/cifs:
Value too large for defined data type
The solution[2] is to add this options to your smbfs/cifs mount options (in /etc/fstab for example):
,nounix,noserverino
It works on Arch Linux up-to-date (2009-12-02)