Samba
Jump to navigation
Jump to search
This page is part of the Linux Disk Management pages.
References
- http://en.opensuse.org/SDB:Access_to_Windows_Shares
- See local documentation at /usr/share/doc/packages/samba/htmldocs (requires package samba documentation)
Packages
In Ubuntu, install the packages samba and smbfs.
Samba Client
- To mount a samba share in Linux (see [1]):
$ mkdir -p /windows/winshare
$ mount -t cifs //winmachine/testshare /windows/winshare
$ mount -t cifs -o username=user,password=secret //winmachine/testshare /windows/winshare
$ sudo mount -t cifs -o username=baddreams,uid=1000,gid=124 //phoenix/D$ /net/phoenix/d
- Or make it an entry in /etc/fstab. Note that gid=124 refers to group sambashare.
//mnemosyne/backup /net/mnemosyne/backuprw cifs username=backup,uid=999,gid=124
Samba Server
Installation
(From [2])
- Install Samba
sudo apt-get install samba smbfs
- Edit the configuration file /etc/samba/smb.conf
- Uncomment the line security = user, and add link to smbusers file
security = user
username map = /etc/samba/smbusers # ... does not seems mandatory though
- Add the user
sudo smbpasswd -a beq06659
- Create the user mapping file that maps samba user to linux user in file /etc/samba/smbusers:
<linuxuser>="<sambauser>"
- Uncomment the section corresponding to the shares you want to enable:
[homes]
comment = Home Directories
browseable = no
[c]
comment = Windows Drive C
browseable = yes
path = /win/c
printable = no
guest ok = no
read only = yes
create mask = 0700
[d]
comment = Windows Drive D
browseable = yes
path = /win/d
printable = no
guest ok = no
read only = yes
create mask = 0700
- Don't forget to open the ports on your firewall !!!
- Restart the samba daemon
sudo /etc/init.d/smbd restart
Server Firewall Settings
The following ports must be opened ([3], [4]):
| Service | Port | Prot | Description |
|---|---|---|---|
| netbios-ns | 137 | UDP | NetBIOS Name Service |
| netbios-dgm | 138 | UDP | NetBIOS Datagram Service |
| netbios-ssn | 139 | TCP | NetBIOS Session Service |
| microsoft-ds | 445 | TCP | Microsoft Directory Service |
As advised here, port 135/tcp[1] is better left closed (was already exploited by worms), without causing defect.
Reference: [5].
The idea is to open up the samba shares to all computers on a private network (by restricting network interfaces).
- Edit /etc/samba/smb.conf. Set interfaces to lo and
interfaces = lo eth1
bind interfaces only = true
- Make sure that security is set to share (not user), and that guest account is enabled:
security = share
...
guest account = nobody
- Create a share accessible to guest users:
[Guest Share]
comment = Guest access share
path = /path/to/dir/to/share
browseable = yes
read only = yes
guest ok = yes
- Test that configuration is good with testparm:
testparm
- Restart samba:
sudo /etc/init.d/samba reload
Mount as User
To mount a samba share as a regular user (i.e. without sudo), the following conditions must be met:
/bin/mount,/bin/umount,/sbin/mount.cifs,/sbin/umount.cifsmust be setuid (sudo chmod +s ...)- share point must be owned by the user (
chown username mountpoint).- May be optional, but does not hurt, set group of mount point to sambashare, and verify that the user is in that group
- mount spec in fstab must contain the option user (or users to let any user unmount).
- It seems that option suid should be present as well, but does not seem to do anything good to me.
//mnemosyne/public /net/mnemosyne/publicrw cifs noauto,users,guest,allow_utime=22,umask=002 0 0 //mnemosyne/public /net/mnemosyne/public cifs noauto,users,ro,guest,allow_utime=22,umask=002,suid 0 0
References
- ↑ DCE RPC, i.e. Distributed Computing Environment and Remote Procedure Call