Difference between revisions of "Samba/Tips and tricks"

From ArchWiki
Jump to navigation Jump to search
(Block certain file extensions on samba share: Moved to Samba)
(Discovering network shares: Move to Samba)
Line 81: Line 81:
   writable = yes
   writable = yes
== Discovering network shares ==
If nothing is known about other systems on the local network, and automated tools such as [[Samba#smbnetfs|smbnetfs]] are not available, the following methods allow one to manually probe for Samba shares.
1. First, install {{Pkg|nmap}} and {{Pkg|smbclient}} using [[pacman]]:
# pacman -S nmap smbclient
2. {{ic|nmap}} checks which ports are open:
# nmap -p 139 -sT 192.168.1.*
In this case, a scan on the 192.168.1.* IP address range and port 139 has been performed, resulting in:
|$ nmap -sT 192.168.1.*
|Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-02-15 11:45 PHT
Interesting ports on
(The 1661 ports scanned but not shown below are in state: closed)
'''139/tcp  open  netbios-ssn'''
5000/tcp open  UPnP
Interesting ports on
(The 1662 ports scanned but not shown below are in state: closed)
6000/tcp open  X11
Nmap run completed -- 256 IP addresses (2 hosts up) scanned in 7.255 seconds
The first result is another system; the second happens to be the client from where this scan was performed.
3. Now that systems with port 139 open are revealed, use {{ic|nmblookup}} to check for NetBIOS names:
|$ nmblookup -A
|Looking up status of
        PUTER          <00> -        B <ACTIVE>
        HOMENET        <00> - <GROUP> B <ACTIVE>
        PUTER          <03> -        B <ACTIVE>
        '''PUTER          <20> -        B <ACTIVE>'''
        HOMENET        <1e> - <GROUP> B <ACTIVE>
        USERNAME        <03> -        B <ACTIVE>
        HOMENET        <1d> -        B <ACTIVE>
        MSBROWSE        <01> - <GROUP> B <ACTIVE>
Regardless of the output, look for '''<20>''', which shows the host with open services.
4. Use {{ic|smbclient}} to list which services are shared on ''PUTER''. If prompted for a password, pressing enter should still display the list:
|$ smbclient -L \\PUTER
Sharename      Type      Comment
---------      ----      -------
MY_MUSIC        Disk
PRINTER$        Disk
PRINTER        Printer
IPC$            IPC      Remote Inter Process Communication
Server              Comment
---------            -------
Workgroup            Master
---------            -------
HOMENET              PUTER
This shows which folders are shared and can be mounted locally. See: [[#Accessing shares]]
== Remote control of Windows computer ==
== Remote control of Windows computer ==

Revision as of 12:10, 14 September 2015

Merge-arrows-2.pngThis article or section is a candidate for merging with Samba.Merge-arrows-2.png

Notes: I cannot see any reason why this section must be separate from the main article. (Discuss in Talk:Samba/Tips and tricks#)

Share files without a username and password

Edit /etc/samba/smb.conf and add the following line:

map to guest = Bad User

After this line:

security = user

Restrict the shares data to a specific interface replace:

;   interfaces =


interfaces = lo eth0
bind interfaces only = true

Optionally edit the account that access the shares, edit the following line:

;   guest account = nobody

For example:

   guest account = pcguest

And do something in the likes of:

# useradd -c "Guest User" -d /dev/null -s /bin/false pcguest

Then setup a "" password for user pcguest.

The last step is to create share directory (for write access make writable = yes):

[Public Share]
path = /path/to/public/share
available = yes
browsable = yes
public = yes
writable = no
Note: Make sure the guest also has permission to visit /path, /path/to and /path/to/public, according to http://unix.stackexchange.com/questions/13858/do-the-parent-directorys-permissions-matter-when-accessing-a-subdirectory

Sample Passwordless Configuration

This is the configuration I use with samba 4 for easy passwordless filesharing with family on a home network. Change any options needed to suit your network (workgroup and interface). I'm restricting it to the static IP I have on my ethernet interface, just delete that line if you do not care which interface is used.


   workgroup = WORKGROUP

   server string = Media Server

   security = user
   map to guest = Bad User

   log file = /var/log/samba/%m.log

   max log size = 50

   interfaces =

   dns proxy = no 

   path = /shares
   public = yes
   only guest = yes
   writable = yes

   path = /media/storage
   public = yes
   only guest = yes
   writable = yes

Remote control of Windows computer

Samba offers a set of tools for communication with Windows. These can be handy if access to a Windows computer through remote desktop is not an option, as shown by some examples.

Send shutdown command with a comment:

$ net rpc shutdown -C "comment" -I IPADDRESS -U USERNAME%PASSWORD

A forced shutdown instead can be invoked by changing -C with comment to a single -f. For a restart, only add -r, followed by a -C or -f.

Stop and start services:


To see all possible net rpc command:

$ net rpc

Samba 4.* : Password Complexity

Samba 4 requires strong password when adding new user with pdbedit. If you want to disable the complexity check, just use the follwing command:

# samba-tool domain passwordsettings set --complexity=off

Build Samba without CUPS

Just build without cups installed. From the Samba Wiki:

Samba has built-in support [for CUPS] and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time.

Of course, modifications to the PKGBUILD will also be necessary: libcups will have to be removed from the depends and makedepends arrays and other references to cups and printing will need to be deleted. In the case of the 4.1.9-1 PKGBUILD, 'other references' includes lines 169, 170 and 236:

    mkdir -p ${pkgdir}/usr/lib/cups/backend
    ln -sf /usr/bin/smbspool ${pkgdir}/usr/lib/cups/backend/smb
  install -d -m1777 ${pkgdir}/var/spool/samba