Samba: Difference between revisions

From miki
Jump to navigation Jump to search
(→‎Mount as User: allow_utime, umask not supported)
Line 11: Line 11:


== Samba Client ==
== Samba Client ==
=== Linux ===
* To mount a samba share in Linux (see [http://en.opensuse.org/SDB:Access_to_Windows_Shares]):
* To mount a samba share in Linux (see [http://en.opensuse.org/SDB:Access_to_Windows_Shares]):
{{lp2|<source lang="bash">
{{lp2|<source lang="bash">
Line 23: Line 24:
//mnemosyne/backup /net/mnemosyne/backuprw cifs username=backup,uid=999,gid=124
//mnemosyne/backup /net/mnemosyne/backuprw cifs username=backup,uid=999,gid=124
</pre>}}
</pre>}}

=== Windows ===
Use the <code>net use</code> command to mount network samba share.
<source lang=bash>
net use G: \\localserver\beq06659 /USER:WORKGROUP\beq06659 # Better specify domain name to override any corporate domain
</source>

'''{{red|CAREFUL CORPORATE USER}}''' If you get the following error message although you are giving the correct password, you might need to specify the user '''DOMAIN''' as well (as specified in <tt>/etc/samba/smb.conf</tt>).

<pre>
The specified network password is not correct.
</pre>


== Samba Server ==
== Samba Server ==

Revision as of 09:30, 17 May 2013

This page is part of the Linux Disk Management pages.

References

Packages

In Ubuntu, install the packages samba and smbfs.

Samba Client

Linux

  • To mount a samba share in Linux (see [1]):
$ mkdir -p /windows/winshare
$ mount -t cifs //winmachine/testshare /windows/winshare
$ mount -t cifs -o username=user,password=secret //winmachine/testshare /windows/winshare
$ sudo mount -t cifs -o username=baddreams,uid=1000,gid=124 //phoenix/D$ /net/phoenix/d
  • Or make it an entry in /etc/fstab. Note that gid=124 refers to group sambashare.
//mnemosyne/backup /net/mnemosyne/backuprw	cifs	username=backup,uid=999,gid=124

Windows

Use the net use command to mount network samba share.

net use G: \\localserver\beq06659 /USER:WORKGROUP\beq06659           # Better specify domain name to override any corporate domain

CAREFUL CORPORATE USER If you get the following error message although you are giving the correct password, you might need to specify the user DOMAIN as well (as specified in /etc/samba/smb.conf).

The specified network password is not correct.

Samba Server

Installation

(From [2])

  • Install Samba
sudo apt-get install samba smbfs
  • Edit the configuration file /etc/samba/smb.conf
    • Uncomment the line security = user, and add link to smbusers file
security = user
username map = /etc/samba/smbusers             # ... does not seems mandatory though
  • Add the user
sudo smbpasswd -a beq06659
  • Create the user mapping file that maps samba user to linux user in file /etc/samba/smbusers:
<linuxuser>="<sambauser>"
  • Uncomment the section corresponding to the shares you want to enable:
[homes]
   comment = Home Directories
   browseable = no
 
[c]
   comment = Windows Drive C
   browseable = yes
   path = /win/c
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700

[d]
   comment = Windows Drive D
   browseable = yes
   path = /win/d
   printable = no
   guest ok = no
   read only = yes
   create mask = 0700
  • Don't forget to open the ports on your firewall !!!
  • Restart the samba daemon
sudo /etc/init.d/smbd restart

Server Firewall Settings

The following ports must be opened ([3], [4]):

Service Port Prot Description
netbios-ns 137 UDP NetBIOS Name Service
netbios-dgm 138 UDP NetBIOS Datagram Service
netbios-ssn 139 TCP NetBIOS Session Service
microsoft-ds 445 TCP Microsoft Directory Service

As advised here, port 135/tcp[1] is better left closed (was already exploited by worms), without causing defect.

Share without user/password

Reference: [5].

The idea is to open up the samba shares to all computers on a private network (by restricting network interfaces).

  • Edit /etc/samba/smb.conf. Set interfaces to lo and
interfaces = lo eth1
bind interfaces only = true
  • Make sure that security is set to share (not user), and that guest account is enabled:
security = share
...
guest account = nobody
  • Create a share accessible to guest users:
[Guest Share]
    comment = Guest access share
    path = /path/to/dir/to/share
    browseable = yes
    read only = yes
    guest ok = yes
  • Test that configuration is good with testparm:
testparm
  • Restart samba:
sudo /etc/init.d/samba reload

Mount as User

To mount a samba share as a regular user (i.e. without sudo), the following conditions must be met:

  • /bin/mount, /bin/umount, /sbin/mount.cifs, /sbin/umount.cifs must be setuid (sudo chmod +s ...)
  • share point must be owned by the user (chown username mountpoint).
    • May be optional, but does not hurt, set group of mount point to sambashare, and verify that the user is in that group
  • mount spec in fstab must contain the option user (or users to let any user unmount).
    • It seems that option suid should be present as well, but does not seem to do anything good to me.
//mnemosyne/public /net/mnemosyne/publicrw	cifs	noauto,users,guest	0 0
//mnemosyne/public /net/mnemosyne/public	cifs	noauto,users,ro,guest,suid 	0 0

References

  1. DCE RPC, i.e. Distributed Computing Environment and Remote Procedure Call