Difference between revisions of "Samba"
(9 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
See http://ubuntuguide.org/wiki/Dapper#Samba_Server | See http://ubuntuguide.org/wiki/Dapper#Samba_Server | ||
+ | |||
+ | == Creating a mount mountable by a non-root user == | ||
+ | * Add the following line to /etc/fstab: | ||
+ | <pre> | ||
+ | //montana/andrew /home/andrew/net/montana cifs credentials=/etc/samba/auth.montana.andrew,noauto,user 0 0 | ||
+ | </pre> | ||
+ | * Create the directory '''/home/andrew/net/montana''' and ensure it is owned by '''andrew''' (otherwise mount.cifs will refuse to mount it) | ||
+ | * Create /etc/samba/auth.montana.andrew (with perms ''rw-------'') as: | ||
+ | <pre> | ||
+ | username=andrew | ||
+ | password=passwordgoeshere | ||
+ | </pre> | ||
+ | * '''chmod u+s /sbin/*mount.cifs''' | ||
== NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error == | == NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error == | ||
Line 6: | Line 19: | ||
sudo smbpasswd -a local_username | sudo smbpasswd -a local_username | ||
</pre> | </pre> | ||
+ | |||
+ | == tree connect failed: NT_STATUS_ACCESS_DENIED error == | ||
+ | If you get this when attempting to run '''smbclient -L''', check you don't have any "valid users" entries in smb.conf which are not associated with a share. | ||
== Managing Users == | == Managing Users == | ||
Line 12: | Line 28: | ||
<pre> | <pre> | ||
passdb backend = tdbsam | passdb backend = tdbsam | ||
− | <pre> | + | </pre> |
Valid options are '''Plain Text''', '''smbpasswd''', '''tdbsam''', '''ldapsam''', '''ldapsam_compat''', '''xmlsam''', '''mysqlsam''' and '''pgsqlsam'''. | Valid options are '''Plain Text''', '''smbpasswd''', '''tdbsam''', '''ldapsam''', '''ldapsam_compat''', '''xmlsam''', '''mysqlsam''' and '''pgsqlsam'''. | ||
− | |||
=== Adding users === | === Adding users === | ||
Line 30: | Line 45: | ||
</pre> | </pre> | ||
Note, however, that samba usernames are not case sensitive, so entries in '''smbusers''' to simply map case differences are not needed. | Note, however, that samba usernames are not case sensitive, so entries in '''smbusers''' to simply map case differences are not needed. | ||
+ | |||
+ | To add a user to the sambauser group, first create the group: | ||
+ | <pre> | ||
+ | sudo addgroup --system sambauser | ||
+ | </pre> | ||
+ | Then add the user to it: | ||
+ | <pre> | ||
+ | sudo adduser local_user sambauser | ||
+ | </pre> | ||
=== Listing samba users === | === Listing samba users === | ||
Line 44: | Line 68: | ||
for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done | for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done | ||
</pre> | </pre> | ||
+ | |||
+ | == File Permissions == | ||
+ | To edit a file from a linux client on a linux server as a non-root client user, the following must all be true: | ||
+ | |||
+ | * UNIX user (on server) associated with client specified samba user must have UNIX permission to edit the file | ||
+ | * Samba share must have one of: | ||
+ | ** read only = no | ||
+ | ** read only = yes & writelist contains samba user | ||
+ | ** read only = yes & writelist contains "@unixgroup" and UNIX user (on server) associated with client specified samba user is a member of @unixgroup | ||
+ | * Client smbfs must have fmask=777, or specify uid=clientuser (or fmask=775 and gid=clientgroup, where client user is a member of client group) | ||
+ | |||
+ | == Printing == | ||
+ | * Get the CUPS Windows printer drivers from http://www.cups.org/windows/ and copy the 4 following files from the download to /usr/share/cups/printers: | ||
+ | ** cups6.inf | ||
+ | ** cups6.ini | ||
+ | ** cupsps6.dll | ||
+ | ** cupsui6.dll | ||
+ | |||
+ | * Get the 4 following files from '''C:\WINDOWS\system32\spool\drivers\w32x86\3''' on a windows box with MS PS drivers installed and copy to /usr/share/cups/printers: | ||
+ | ** ps5ui.dll | ||
+ | ** pscript5.dll | ||
+ | ** pscript.hlp | ||
+ | ** pscript.ntf | ||
+ | |||
+ | * Run | ||
+ | <pre> | ||
+ | sudo cupsaddsmb -H alaska -U andrew -v -a | ||
+ | </pre> | ||
+ | |||
+ | == Automounting == | ||
+ | <pre>wajig install autofs</pre> | ||
+ | Edit /etc/auto.master to uncomment the smb entry |
Latest revision as of 04:53, 12 March 2010
See http://ubuntuguide.org/wiki/Dapper#Samba_Server
Contents
Creating a mount mountable by a non-root user
- Add the following line to /etc/fstab:
//montana/andrew /home/andrew/net/montana cifs credentials=/etc/samba/auth.montana.andrew,noauto,user 0 0
- Create the directory /home/andrew/net/montana and ensure it is owned by andrew (otherwise mount.cifs will refuse to mount it)
- Create /etc/samba/auth.montana.andrew (with perms rw-------) as:
username=andrew password=passwordgoeshere
- chmod u+s /sbin/*mount.cifs
NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error
Ensure you've added a valid samba user using (as documented in the ubuntu guide):
sudo smbpasswd -a local_username
tree connect failed: NT_STATUS_ACCESS_DENIED error
If you get this when attempting to run smbclient -L, check you don't have any "valid users" entries in smb.conf which are not associated with a share.
Managing Users
Persistent Storage
The default Ubuntu samba installation uses a tdbsam (Trivial DB for Samba) backend, which stores password information in a binary DB file /var/lib/samba/passdb.tdb. This can be changed by modifying the setting
passdb backend = tdbsam
Valid options are Plain Text, smbpasswd, tdbsam, ldapsam, ldapsam_compat, xmlsam, mysqlsam and pgsqlsam.
Adding users
To add a samba password for an existing local user
sudo smbpasswd -a local_username
If necessary, one or more remote usernames can be mapped to a local username. Firstly, add to smb.conf:
username map = /etc/samba/smbusers
Then, create a map of entries in /etc/samba/smbusers containing entries of the form:
local_username = remote_username
Note, however, that samba usernames are not case sensitive, so entries in smbusers to simply map case differences are not needed.
To add a user to the sambauser group, first create the group:
sudo addgroup --system sambauser
Then add the user to it:
sudo adduser local_user sambauser
Listing samba users
sudo pdbedit -L
Deleting samba users
sudo smbpasswd -x local_username
Note that, when installed, samba creates samba users for all local users. This may not be desirable, in which case they can be removed using the script below. It may be worth keeping the "nobody" account active, for guest users.
for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done
File Permissions
To edit a file from a linux client on a linux server as a non-root client user, the following must all be true:
- UNIX user (on server) associated with client specified samba user must have UNIX permission to edit the file
- Samba share must have one of:
- read only = no
- read only = yes & writelist contains samba user
- read only = yes & writelist contains "@unixgroup" and UNIX user (on server) associated with client specified samba user is a member of @unixgroup
- Client smbfs must have fmask=777, or specify uid=clientuser (or fmask=775 and gid=clientgroup, where client user is a member of client group)
Printing
- Get the CUPS Windows printer drivers from http://www.cups.org/windows/ and copy the 4 following files from the download to /usr/share/cups/printers:
- cups6.inf
- cups6.ini
- cupsps6.dll
- cupsui6.dll
- Get the 4 following files from C:\WINDOWS\system32\spool\drivers\w32x86\3 on a windows box with MS PS drivers installed and copy to /usr/share/cups/printers:
- ps5ui.dll
- pscript5.dll
- pscript.hlp
- pscript.ntf
- Run
sudo cupsaddsmb -H alaska -U andrew -v -a
Automounting
wajig install autofs
Edit /etc/auto.master to uncomment the smb entry