Difference between revisions of "Samba"
(13 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
See http://ubuntuguide.org/wiki/Dapper#Samba_Server | See http://ubuntuguide.org/wiki/Dapper#Samba_Server | ||
− | == NT_STATUS_LOGON_FAILURE error == | + | == Creating a mount mountable by a non-root user == |
+ | * Add the following line to /etc/fstab: | ||
+ | <pre> | ||
+ | //montana/andrew /home/andrew/net/montana cifs credentials=/etc/samba/auth.montana.andrew,noauto,user 0 0 | ||
+ | </pre> | ||
+ | * Create the directory '''/home/andrew/net/montana''' and ensure it is owned by '''andrew''' (otherwise mount.cifs will refuse to mount it) | ||
+ | * Create /etc/samba/auth.montana.andrew (with perms ''rw-------'') as: | ||
+ | <pre> | ||
+ | username=andrew | ||
+ | password=passwordgoeshere | ||
+ | </pre> | ||
+ | * '''chmod u+s /sbin/*mount.cifs''' | ||
+ | |||
+ | == NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error == | ||
Ensure you've added a valid samba user using (as documented in the ubuntu guide): | Ensure you've added a valid samba user using (as documented in the ubuntu guide): | ||
<pre> | <pre> | ||
− | sudo smbpasswd -a | + | sudo smbpasswd -a local_username |
+ | </pre> | ||
+ | |||
+ | == tree connect failed: NT_STATUS_ACCESS_DENIED error == | ||
+ | If you get this when attempting to run '''smbclient -L''', check you don't have any "valid users" entries in smb.conf which are not associated with a share. | ||
+ | |||
+ | == Managing Users == | ||
+ | === Persistent Storage === | ||
+ | The default Ubuntu samba installation uses a tdbsam (Trivial DB for Samba) backend, which stores password information in a binary DB file /var/lib/samba/passdb.tdb. This can be changed by modifying the setting | ||
+ | <pre> | ||
+ | passdb backend = tdbsam | ||
+ | </pre> | ||
+ | Valid options are '''Plain Text''', '''smbpasswd''', '''tdbsam''', '''ldapsam''', '''ldapsam_compat''', '''xmlsam''', '''mysqlsam''' and '''pgsqlsam'''. | ||
+ | |||
+ | === Adding users === | ||
+ | To add a samba password for an existing local user | ||
+ | <pre> | ||
+ | sudo smbpasswd -a local_username | ||
+ | </pre> | ||
+ | If necessary, one or more remote usernames can be mapped to a local username. Firstly, add to '''smb.conf''': | ||
+ | <pre> | ||
+ | username map = /etc/samba/smbusers | ||
+ | </pre> | ||
+ | Then, create a map of entries in '''/etc/samba/smbusers''' containing entries of the form: | ||
+ | <pre> | ||
+ | local_username = remote_username | ||
+ | </pre> | ||
+ | Note, however, that samba usernames are not case sensitive, so entries in '''smbusers''' to simply map case differences are not needed. | ||
+ | |||
+ | To add a user to the sambauser group, first create the group: | ||
+ | <pre> | ||
+ | sudo addgroup --system sambauser | ||
+ | </pre> | ||
+ | Then add the user to it: | ||
+ | <pre> | ||
+ | sudo adduser local_user sambauser | ||
+ | </pre> | ||
+ | |||
+ | === Listing samba users === | ||
+ | <pre> | ||
+ | sudo pdbedit -L | ||
+ | </pre> | ||
+ | |||
+ | === Deleting samba users === | ||
+ | <pre> | ||
+ | sudo smbpasswd -x local_username | ||
+ | </pre> | ||
+ | Note that, when installed, samba creates samba users for all local users. This may not be desirable, in which case they can be removed using the script below. It may be worth keeping the "nobody" account active, for guest users. | ||
+ | <pre> | ||
+ | for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done | ||
+ | </pre> | ||
+ | |||
+ | == File Permissions == | ||
+ | To edit a file from a linux client on a linux server as a non-root client user, the following must all be true: | ||
+ | |||
+ | * UNIX user (on server) associated with client specified samba user must have UNIX permission to edit the file | ||
+ | * Samba share must have one of: | ||
+ | ** read only = no | ||
+ | ** read only = yes & writelist contains samba user | ||
+ | ** read only = yes & writelist contains "@unixgroup" and UNIX user (on server) associated with client specified samba user is a member of @unixgroup | ||
+ | * Client smbfs must have fmask=777, or specify uid=clientuser (or fmask=775 and gid=clientgroup, where client user is a member of client group) | ||
+ | |||
+ | == Printing == | ||
+ | * Get the CUPS Windows printer drivers from http://www.cups.org/windows/ and copy the 4 following files from the download to /usr/share/cups/printers: | ||
+ | ** cups6.inf | ||
+ | ** cups6.ini | ||
+ | ** cupsps6.dll | ||
+ | ** cupsui6.dll | ||
+ | |||
+ | * Get the 4 following files from '''C:\WINDOWS\system32\spool\drivers\w32x86\3''' on a windows box with MS PS drivers installed and copy to /usr/share/cups/printers: | ||
+ | ** ps5ui.dll | ||
+ | ** pscript5.dll | ||
+ | ** pscript.hlp | ||
+ | ** pscript.ntf | ||
+ | |||
+ | * Run | ||
+ | <pre> | ||
+ | sudo cupsaddsmb -H alaska -U andrew -v -a | ||
</pre> | </pre> | ||
+ | |||
+ | == Automounting == | ||
+ | <pre>wajig install autofs</pre> | ||
+ | Edit /etc/auto.master to uncomment the smb entry |
Latest revision as of 04:53, 12 March 2010
See http://ubuntuguide.org/wiki/Dapper#Samba_Server
Contents
Creating a mount mountable by a non-root user
- Add the following line to /etc/fstab:
//montana/andrew /home/andrew/net/montana cifs credentials=/etc/samba/auth.montana.andrew,noauto,user 0 0
- Create the directory /home/andrew/net/montana and ensure it is owned by andrew (otherwise mount.cifs will refuse to mount it)
- Create /etc/samba/auth.montana.andrew (with perms rw-------) as:
username=andrew password=passwordgoeshere
- chmod u+s /sbin/*mount.cifs
NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error
Ensure you've added a valid samba user using (as documented in the ubuntu guide):
sudo smbpasswd -a local_username
tree connect failed: NT_STATUS_ACCESS_DENIED error
If you get this when attempting to run smbclient -L, check you don't have any "valid users" entries in smb.conf which are not associated with a share.
Managing Users
Persistent Storage
The default Ubuntu samba installation uses a tdbsam (Trivial DB for Samba) backend, which stores password information in a binary DB file /var/lib/samba/passdb.tdb. This can be changed by modifying the setting
passdb backend = tdbsam
Valid options are Plain Text, smbpasswd, tdbsam, ldapsam, ldapsam_compat, xmlsam, mysqlsam and pgsqlsam.
Adding users
To add a samba password for an existing local user
sudo smbpasswd -a local_username
If necessary, one or more remote usernames can be mapped to a local username. Firstly, add to smb.conf:
username map = /etc/samba/smbusers
Then, create a map of entries in /etc/samba/smbusers containing entries of the form:
local_username = remote_username
Note, however, that samba usernames are not case sensitive, so entries in smbusers to simply map case differences are not needed.
To add a user to the sambauser group, first create the group:
sudo addgroup --system sambauser
Then add the user to it:
sudo adduser local_user sambauser
Listing samba users
sudo pdbedit -L
Deleting samba users
sudo smbpasswd -x local_username
Note that, when installed, samba creates samba users for all local users. This may not be desirable, in which case they can be removed using the script below. It may be worth keeping the "nobody" account active, for guest users.
for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done
File Permissions
To edit a file from a linux client on a linux server as a non-root client user, the following must all be true:
- UNIX user (on server) associated with client specified samba user must have UNIX permission to edit the file
- Samba share must have one of:
- read only = no
- read only = yes & writelist contains samba user
- read only = yes & writelist contains "@unixgroup" and UNIX user (on server) associated with client specified samba user is a member of @unixgroup
- Client smbfs must have fmask=777, or specify uid=clientuser (or fmask=775 and gid=clientgroup, where client user is a member of client group)
Printing
- Get the CUPS Windows printer drivers from http://www.cups.org/windows/ and copy the 4 following files from the download to /usr/share/cups/printers:
- cups6.inf
- cups6.ini
- cupsps6.dll
- cupsui6.dll
- Get the 4 following files from C:\WINDOWS\system32\spool\drivers\w32x86\3 on a windows box with MS PS drivers installed and copy to /usr/share/cups/printers:
- ps5ui.dll
- pscript5.dll
- pscript.hlp
- pscript.ntf
- Run
sudo cupsaddsmb -H alaska -U andrew -v -a
Automounting
wajig install autofs
Edit /etc/auto.master to uncomment the smb entry