Difference between revisions of "Samba"

From Briki
Jump to: navigation, search
 
(8 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 
See http://ubuntuguide.org/wiki/Dapper#Samba_Server
 
See http://ubuntuguide.org/wiki/Dapper#Samba_Server
 +
 +
== Creating a mount mountable by a non-root user ==
 +
* Add the following line to /etc/fstab:
 +
<pre>
 +
//montana/andrew /home/andrew/net/montana cifs credentials=/etc/samba/auth.montana.andrew,noauto,user 0 0
 +
</pre>
 +
* Create the directory '''/home/andrew/net/montana''' and ensure it is owned by '''andrew''' (otherwise mount.cifs will refuse to mount it)
 +
* Create /etc/samba/auth.montana.andrew (with perms ''rw-------'') as:
 +
<pre>
 +
username=andrew
 +
password=passwordgoeshere
 +
</pre>
 +
* '''chmod u+s /sbin/*mount.cifs'''
  
 
== NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error ==
 
== NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error ==
Line 6: Line 19:
 
sudo smbpasswd -a local_username
 
sudo smbpasswd -a local_username
 
</pre>
 
</pre>
 +
 +
== tree connect failed: NT_STATUS_ACCESS_DENIED error ==
 +
If you get this when attempting to run '''smbclient -L''', check you don't have any "valid users" entries in smb.conf which are not associated with a share.
  
 
== Managing Users ==
 
== Managing Users ==
Line 29: Line 45:
 
</pre>
 
</pre>
 
Note, however, that samba usernames are not case sensitive, so entries in '''smbusers''' to simply map case differences are not needed.
 
Note, however, that samba usernames are not case sensitive, so entries in '''smbusers''' to simply map case differences are not needed.
 +
 +
To add a user to the sambauser group, first create the group:
 +
<pre>
 +
sudo addgroup --system sambauser
 +
</pre>
 +
Then add the user to it:
 +
<pre>
 +
sudo adduser local_user sambauser
 +
</pre>
  
 
=== Listing samba users ===
 
=== Listing samba users ===
Line 43: Line 68:
 
for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done
 
for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done
 
</pre>
 
</pre>
 +
 +
== File Permissions ==
 +
To edit a file from a linux client on a linux server as a non-root client user, the following must all be true:
 +
 +
* UNIX user (on server) associated with client specified samba user must have UNIX permission to edit the file
 +
* Samba share must have one of:
 +
** read only = no
 +
** read only = yes & writelist contains samba user
 +
** read only = yes & writelist contains "@unixgroup" and UNIX user (on server) associated with client specified samba user is a member of @unixgroup
 +
* Client smbfs must have fmask=777, or specify uid=clientuser (or fmask=775 and gid=clientgroup, where client user is a member of client group)
 +
 +
== Printing ==
 +
* Get the CUPS Windows printer drivers from http://www.cups.org/windows/ and copy the 4 following files from the download to /usr/share/cups/printers:
 +
** cups6.inf
 +
** cups6.ini
 +
** cupsps6.dll
 +
** cupsui6.dll
 +
 +
* Get the 4 following files from '''C:\WINDOWS\system32\spool\drivers\w32x86\3''' on a windows box with MS PS drivers installed and copy to /usr/share/cups/printers:
 +
** ps5ui.dll
 +
** pscript5.dll
 +
** pscript.hlp
 +
** pscript.ntf
 +
 +
* Run
 +
<pre>
 +
sudo cupsaddsmb -H alaska -U andrew -v -a
 +
</pre>
 +
 +
== Automounting ==
 +
<pre>wajig install autofs</pre>
 +
Edit /etc/auto.master to uncomment the smb entry

Latest revision as of 04:53, 12 March 2010

See http://ubuntuguide.org/wiki/Dapper#Samba_Server

Creating a mount mountable by a non-root user

  • Add the following line to /etc/fstab:
//montana/andrew /home/andrew/net/montana cifs credentials=/etc/samba/auth.montana.andrew,noauto,user 0 0
  • Create the directory /home/andrew/net/montana and ensure it is owned by andrew (otherwise mount.cifs will refuse to mount it)
  • Create /etc/samba/auth.montana.andrew (with perms rw-------) as:
username=andrew
password=passwordgoeshere
  • chmod u+s /sbin/*mount.cifs

NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error

Ensure you've added a valid samba user using (as documented in the ubuntu guide):

sudo smbpasswd -a local_username

tree connect failed: NT_STATUS_ACCESS_DENIED error

If you get this when attempting to run smbclient -L, check you don't have any "valid users" entries in smb.conf which are not associated with a share.

Managing Users

Persistent Storage

The default Ubuntu samba installation uses a tdbsam (Trivial DB for Samba) backend, which stores password information in a binary DB file /var/lib/samba/passdb.tdb. This can be changed by modifying the setting

passdb backend = tdbsam

Valid options are Plain Text, smbpasswd, tdbsam, ldapsam, ldapsam_compat, xmlsam, mysqlsam and pgsqlsam.

Adding users

To add a samba password for an existing local user

sudo smbpasswd -a local_username

If necessary, one or more remote usernames can be mapped to a local username. Firstly, add to smb.conf:

username map = /etc/samba/smbusers

Then, create a map of entries in /etc/samba/smbusers containing entries of the form:

local_username = remote_username

Note, however, that samba usernames are not case sensitive, so entries in smbusers to simply map case differences are not needed.

To add a user to the sambauser group, first create the group:

sudo addgroup --system sambauser

Then add the user to it:

sudo adduser local_user sambauser

Listing samba users

sudo pdbedit -L

Deleting samba users

sudo smbpasswd -x local_username

Note that, when installed, samba creates samba users for all local users. This may not be desirable, in which case they can be removed using the script below. It may be worth keeping the "nobody" account active, for guest users.

for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done

File Permissions

To edit a file from a linux client on a linux server as a non-root client user, the following must all be true:

  • UNIX user (on server) associated with client specified samba user must have UNIX permission to edit the file
  • Samba share must have one of:
    • read only = no
    • read only = yes & writelist contains samba user
    • read only = yes & writelist contains "@unixgroup" and UNIX user (on server) associated with client specified samba user is a member of @unixgroup
  • Client smbfs must have fmask=777, or specify uid=clientuser (or fmask=775 and gid=clientgroup, where client user is a member of client group)

Printing

  • Get the CUPS Windows printer drivers from http://www.cups.org/windows/ and copy the 4 following files from the download to /usr/share/cups/printers:
    • cups6.inf
    • cups6.ini
    • cupsps6.dll
    • cupsui6.dll
  • Get the 4 following files from C:\WINDOWS\system32\spool\drivers\w32x86\3 on a windows box with MS PS drivers installed and copy to /usr/share/cups/printers:
    • ps5ui.dll
    • pscript5.dll
    • pscript.hlp
    • pscript.ntf
  • Run
sudo cupsaddsmb -H alaska -U andrew -v -a

Automounting

wajig install autofs

Edit /etc/auto.master to uncomment the smb entry