Samba: Difference between revisions

This page is part of the Linux Disk Management pages.

References

• http://en.opensuse.org/SDB:Access_to_Windows_Shares
• See local documentation at /usr/share/doc/packages/samba/htmldocs (requires package samba documentation)

Packages

In Ubuntu, install the packages samba and smbfs.

Samba Client

• To mount a samba share in Linux (see [1]):

$ mkdir -p /windows/winshare
$ mount -t cifs //winmachine/testshare /windows/winshare
$ mount -t cifs -o username=user,password=secret //winmachine/testshare /windows/winshare
$ sudo mount -t cifs -o username=baddreams,uid=1000,gid=124 //phoenix/D$ /net/phoenix/d

• Or make it an entry in /etc/fstab. Note that gid=124 refers to group sambashare.

//mnemosyne/backup /net/mnemosyne/backuprw	cifs	username=backup,uid=999,gid=124

Samba Server

Installation

(From [2])

• Install Samba

sudo apt-get install samba smbfs

• Edit the configuration file /etc/samba/smb.conf
  • Uncomment the line security = user, and add link to smbusers file

security = user
username map = /etc/samba/smbusers             # ... does not seems mandatory though

• Add the user

sudo smbpasswd -a beq06659

• Create the user mapping file that maps samba user to linux user in file /etc/samba/smbusers:

<linuxuser>="<sambauser>"

• Uncomment the section corresponding to the shares you want to enable:

[homes]
   comment = Home Directories
   browseable = no
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

• Don't forget to open the ports on your firewall !!!
• Restart the samba daemon

sudo /etc/init.d/smbd restart

Server Firewall Settings

The following ports must be opened ([3], [4]):

As advised here, port 135/tcp^[1] is better left closed (was already exploited by worms), without causing defect.

Share without user/password

Reference: [5].

The idea is to open up the samba shares to all computers on a private network (by restricting network interfaces).

• Edit /etc/samba/smb.conf. Set interfaces to lo and

interfaces = lo eth1
bind interfaces only = true

• Make sure that security is set to share (not user), and that guest account is enabled:

security = share
...
guest account = nobody

• Create a share accessible to guest users:

[Guest Share]
    comment = Guest access share
    path = /path/to/dir/to/share
    browseable = yes
    read only = yes
    guest ok = yes

• Test that configuration is good with testparm:

testparm

• Restart samba:

sudo /etc/init.d/samba reload

Mount as User

To mount a samba share as a regular user (i.e. without sudo), the following conditions must be met:

• /bin/mount, /bin/umount, /sbin/mount.cifs, /sbin/umount.cifs must be setuid (sudo chmod +s ...)
• share point must be owned by the user (chown username mountpoint).
  • May be optional, but does not hurt, set group of mount point to sambashare, and verify that the user is in that group
• mount spec in fstab must contain the option user (or users to let any user unmount).
  • It seems that option suid should be present as well, but does not seem to do anything good to me.

//mnemosyne/public /net/mnemosyne/publicrw	cifs	noauto,users,guest	0 0
//mnemosyne/public /net/mnemosyne/public	cifs	noauto,users,ro,guest,suid 	0 0

References