Difference between revisions of "Samba/Tips and tricks"

From ArchWiki
Jump to: navigation, search
(Block certain file extensions on samba share: Moved to Samba)
(Discovering network shares: Move to Samba)
Line 81: Line 81:
 
   writable = yes
 
   writable = yes
 
</nowiki>}}
 
</nowiki>}}
 
== Discovering network shares ==
 
If nothing is known about other systems on the local network, and automated tools such as [[Samba#smbnetfs|smbnetfs]] are not available, the following methods allow one to manually probe for Samba shares.
 
 
1. First, install {{Pkg|nmap}} and {{Pkg|smbclient}} using [[pacman]]:
 
# pacman -S nmap smbclient
 
 
2. {{ic|nmap}} checks which ports are open:
 
# nmap -p 139 -sT 192.168.1.*
 
 
In this case, a scan on the 192.168.1.* IP address range and port 139 has been performed, resulting in:
 
{{hc
 
|$ nmap -sT 192.168.1.*
 
|Starting nmap 3.78 ( http://www.insecure.org/nmap/ ) at 2005-02-15 11:45 PHT
 
Interesting ports on 192.168.1.1:
 
(The 1661 ports scanned but not shown below are in state: closed)
 
PORT    STATE SERVICE
 
'''139/tcp  open  netbios-ssn'''
 
5000/tcp open  UPnP
 
 
Interesting ports on 192.168.1.5:
 
(The 1662 ports scanned but not shown below are in state: closed)
 
PORT    STATE SERVICE
 
6000/tcp open  X11
 
 
Nmap run completed -- 256 IP addresses (2 hosts up) scanned in 7.255 seconds
 
}}
 
 
The first result is another system; the second happens to be the client from where this scan was performed.
 
 
3. Now that systems with port 139 open are revealed, use {{ic|nmblookup}} to check for NetBIOS names:
 
{{hc
 
|$ nmblookup -A 192.168.1.1
 
|Looking up status of 192.168.1.1
 
        PUTER          <00> -        B <ACTIVE>
 
        HOMENET        <00> - <GROUP> B <ACTIVE>
 
        PUTER          <03> -        B <ACTIVE>
 
        '''PUTER          <20> -        B <ACTIVE>'''
 
        HOMENET        <1e> - <GROUP> B <ACTIVE>
 
        USERNAME        <03> -        B <ACTIVE>
 
        HOMENET        <1d> -        B <ACTIVE>
 
        MSBROWSE        <01> - <GROUP> B <ACTIVE>
 
}}
 
 
Regardless of the output, look for '''<20>''', which shows the host with open services.
 
 
4. Use {{ic|smbclient}} to list which services are shared on ''PUTER''. If prompted for a password, pressing enter should still display the list:
 
{{hc
 
|$ smbclient -L \\PUTER
 
|<nowiki>
 
Sharename      Type      Comment
 
---------      ----      -------
 
MY_MUSIC        Disk
 
SHAREDDOCS      Disk
 
PRINTER$        Disk
 
PRINTER        Printer
 
IPC$            IPC      Remote Inter Process Communication
 
 
Server              Comment
 
---------            -------
 
PUTER
 
 
Workgroup            Master
 
---------            -------
 
HOMENET              PUTER
 
</nowiki>}}
 
 
This shows which folders are shared and can be mounted locally. See: [[#Accessing shares]]
 
  
 
== Remote control of Windows computer ==
 
== Remote control of Windows computer ==

Revision as of 12:10, 14 September 2015

Merge-arrows-2.pngThis article or section is a candidate for merging with Samba.Merge-arrows-2.png

Notes: I cannot see any reason why this section must be separate from the main article. (Discuss in Talk:Samba/Tips and tricks#)

Share files without a username and password

Edit /etc/samba/smb.conf and add the following line:

map to guest = Bad User

After this line:

security = user

Restrict the shares data to a specific interface replace:

;   interfaces = 192.168.12.2/24 192.168.13.2/24

with:

interfaces = lo eth0
bind interfaces only = true

Optionally edit the account that access the shares, edit the following line:

;   guest account = nobody

For example:

   guest account = pcguest

And do something in the likes of:

# useradd -c "Guest User" -d /dev/null -s /bin/false pcguest

Then setup a "" password for user pcguest.

The last step is to create share directory (for write access make writable = yes):

[Public Share]
path = /path/to/public/share
available = yes
browsable = yes
public = yes
writable = no
Note: Make sure the guest also has permission to visit /path, /path/to and /path/to/public, according to http://unix.stackexchange.com/questions/13858/do-the-parent-directorys-permissions-matter-when-accessing-a-subdirectory

Sample Passwordless Configuration

This is the configuration I use with samba 4 for easy passwordless filesharing with family on a home network. Change any options needed to suit your network (workgroup and interface). I'm restricting it to the static IP I have on my ethernet interface, just delete that line if you do not care which interface is used.

/etc/samba/smb.conf
[global]

   workgroup = WORKGROUP

   server string = Media Server

   security = user
   map to guest = Bad User

   log file = /var/log/samba/%m.log

   max log size = 50


   interfaces = 192.168.2.194/24


   dns proxy = no 


[media]
   path = /shares
   public = yes
   only guest = yes
   writable = yes

[storage]
   path = /media/storage
   public = yes
   only guest = yes
   writable = yes

Remote control of Windows computer

Samba offers a set of tools for communication with Windows. These can be handy if access to a Windows computer through remote desktop is not an option, as shown by some examples.

Send shutdown command with a comment:

$ net rpc shutdown -C "comment" -I IPADDRESS -U USERNAME%PASSWORD

A forced shutdown instead can be invoked by changing -C with comment to a single -f. For a restart, only add -r, followed by a -C or -f.

Stop and start services:

$ net rpc service stop SERVICENAME -I IPADDRESS -U USERNAME%PASSWORD

To see all possible net rpc command:

$ net rpc

Samba 4.* : Password Complexity

Samba 4 requires strong password when adding new user with pdbedit. If you want to disable the complexity check, just use the follwing command:

# samba-tool domain passwordsettings set --complexity=off

Build Samba without CUPS

Just build without cups installed. From the Samba Wiki:

Samba has built-in support [for CUPS] and defaults to CUPS if the development package (aka header files and libraries) could be found at compile time.

Of course, modifications to the PKGBUILD will also be necessary: libcups will have to be removed from the depends and makedepends arrays and other references to cups and printing will need to be deleted. In the case of the 4.1.9-1 PKGBUILD, 'other references' includes lines 169, 170 and 236:

    mkdir -p ${pkgdir}/usr/lib/cups/backend
    ln -sf /usr/bin/smbspool ${pkgdir}/usr/lib/cups/backend/smb
  install -d -m1777 ${pkgdir}/var/spool/samba